CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)
1st Edition
Published on 9. April 2021
1123 pages
978-1-260-46401-6 (ISBN)
Available for download
Description
This fully updated study guide covers every topic on the current version of the CompTIA Security+ examGet complete coverage of all objectives included on the CompTIA Security+ exam SY0-601 from this comprehensive resource. Written by a team of leading information security experts, this authoritative guide fully addresses the skills required to perform essential security functions and to secure hardware, systems, and software. You ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.Covers all exam domains, including:Threats, Attacks, and VulnerabilitiesArchitecture and DesignImplementationOperations and Incident ResponseGovernance, Risk, and ComplianceOnline content includes:250 practice exam questionsTest engine that provides full-length practice exams and customizable quizzes by chapter or by exam domain
More details
Other editions
Additional editions
Wm. Arthur Conklin | Greg White
CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)
Book
05/2021
6th Edition
McGraw-Hill Education
€60.00
Article exhausted; check different version
Content
- Intro
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents
- Preface
- Acknowledgments
- Introduction
- Objective Map: Exam SY0-601
- Part I Threats, Attacks, and Vulnerabilities
- Chapter 1 Social Engineering Techniques
- Social Engineering Methods
- Tools
- Phishing
- Smishing
- Vishing
- Spam
- Spam over Instant Messaging (SPIM)
- Spear Phishing
- Dumpster Diving
- Shoulder Surfing
- Pharming
- Tailgating
- Eliciting Information
- Whaling
- Prepending
- Identity Fraud
- Invoice Scams
- Credential Harvesting
- Reconnaissance
- Hoax
- Impersonation
- Third-Party Authorization
- Contractors/Outside Parties
- Online Attacks
- Defenses
- Watering Hole Attack
- Typosquatting
- Pretexting
- Influence Campaigns
- Principles (Reasons for Effectiveness)
- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency
- Defenses
- Chapter Review
- Questions
- Answers
- Chapter 2 Type of Attack Indicators
- Malware
- Ransomware
- Trojans
- Worms
- Potentially Unwanted Programs
- Fileless Viruses
- Command and Control
- Bots
- Crypto-malware
- Logic Bombs
- Spyware
- Keyloggers
- Remote-Access Trojans (RATs)
- Rootkit
- Backdoors
- Password Attacks
- Spraying
- Dictionary
- Brute Force
- Rainbow Tables
- Plaintext/Unencrypted
- Physical Attacks
- Malicious Universal Serial Bus (USB) Cable
- Malicious Flash Drives
- Card Cloning
- Skimming
- Adversarial Artificial Intelligence (AI)
- Tainted Training Data for Machine Learning (ML)
- Security of Machine Learning Algorithms
- Supply-Chain Attacks
- Cloud-Based vs. On-Premises Attacks
- Cryptographic Attacks
- Birthday
- Collision
- Downgrade
- Chapter Review
- Questions
- Answers
- Chapter 3 Application Attack Indicators
- Privilege Escalation
- Cross-Site Scripting
- Injection Attacks
- Structured Query Language (SQL)
- Dynamic-Link Library (DLL)
- Lightweight Directory Access Protocol (LDAP)
- Extensible Markup Language (XML)
- Pointer/Object Dereference
- Directory Traversal
- Buffer Overflow
- Race Condition
- Time of Check/Time of Use
- Improper Error Handling
- Improper Input Handling
- Replay Attacks
- Session Replay
- Integer Overflow
- Request Forgery
- Server-Side Request Forgery
- Cross-Site Request Forgery
- Application Programming Interface (API) Attacks
- Resource Exhaustion
- Memory Leak
- Secure Sockets Layer (SSL) Stripping
- Driver Manipulation
- Shimming
- Refactoring
- Pass the Hash
- Chapter Review
- Questions
- Answers
- Chapter 4 Network Attack Indicators
- Wireless
- Evil Twin
- Rogue Access Point
- Bluesnarfing
- Bluejacking
- Disassociation
- Jamming
- Radio Frequency Identification (RFID)
- Near Field Communication (NFC)
- Initialization Vector (IV)
- On-path Attack
- Layer 2 Attacks
- Address Resolution Protocol (ARP) Poisoning
- Media Access Control (MAC) Flooding
- MAC Cloning
- Domain Name System (DNS)
- Domain Hijacking
- DNS Poisoning
- Universal Resource Locator (URL) Redirection
- Domain Reputation
- Distributed Denial-of-Service (DDoS)
- Network
- Application
- Operational Technology (OT)
- Malicious Code and Script Execution
- PowerShell
- Python
- Bash
- Macros
- Visual Basic for Applications (VBA)
- Chapter Review
- Questions
- Answers
- Chapter 5 Threat Actors, Vectors, and Intelligence Sources
- Actors and Threats
- Advanced Persistent Threats (APTs)
- Insider Threats
- State Actors
- Hacktivists
- Script Kiddies
- Criminal Syndicates
- Hackers
- Shadow IT
- Competitors
- Attributes of Actors
- Internal/External
- Level of Sophistication/Capability
- Resources/Funding
- Intent/Motivation
- Vectors
- Direct Access
- Wireless
- Supply Chain
- Social Media
- Removable Media
- Cloud
- Threat Intelligence Sources
- Open Source Intelligence (OSINT)
- Closed/Proprietary
- Vulnerability Databases
- Public/Private Information Sharing Centers
- Dark Web
- Indicators of Compromise
- Automated Indicator Sharing (AIS)
- Structured Threat Information Expression (STIX) / Trusted Automated Exchange of Intelligence Information (TAXII)
- Predictive Analysis
- Threat Maps
- File/Code Repositories
- Research Sources
- Vendor Websites
- Vulnerability Feeds
- Conferences
- Academic Journals
- Requests for Comment (RFCs)
- Local Industry Groups
- Social Media
- Threat Feeds
- Adversary Tactics, Techniques, and Procedures (TTPs)
- Chapter Review
- Questions
- Answers
- Chapter 6 Vulnerabilities
- Cloud-based vs. On-premises Vulnerabilities
- Zero Day
- Weak Configurations
- Open Permissions
- Unsecure Root Accounts
- Errors
- Weak Encryption
- Unsecure Protocols
- Default Settings
- Open Ports and Services
- Third-Party Risks
- Vendor Management
- Supply Chain
- Outsourced Code Development
- Data Storage
- Improper or Weak Patch Management
- Firmware
- Operating System (OS)
- Applications
- Legacy Platforms
- Impacts
- Data Loss
- Data Breaches
- Data Exfiltration
- Identity Theft
- Financial
- Reputation
- Availability Loss
- Chapter Review
- Questions
- Answers
- Chapter 7 Security Assessments
- Threat Hunting
- Intelligence Fusion
- Threat Feeds
- Advisories and Bulletins
- Maneuver
- Vulnerability Scans
- False Positives
- False Negatives
- Log Reviews
- Credentialed vs. Non-Credentialed
- Intrusive vs. Non-Intrusive
- Application
- Web Application
- Network
- Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
- Configuration Review
- Syslog/Security Information and Event Management (SIEM)
- Review Reports
- Packet Capture
- Data Inputs
- User Behavior Analysis
- Sentiment Analysis
- Security Monitoring
- Log Aggregation
- Log Collectors
- Security Orchestration, Automation, and Response (SOAR)
- Chapter Review
- Questions
- Answers
- Chapter 8 Penetration Testing
- Penetration Testing
- Known Environment
- Unknown Environment
- Partially Known Environment
- Rules of Engagement
- Lateral Movement
- Privilege Escalation
- Persistence
- Cleanup
- Bug Bounty
- Pivoting
- Passive and Active Reconnaissance
- Drones
- War Flying
- War Driving
- Footprinting
- OSINT
- Exercise Types
- Red Team
- Blue Team
- White Team
- Purple Team
- Chapter Review
- Questions
- Answers
- Part II Architecture and Design
- Chapter 9 Enterprise Security Architecture
- Configuration Management
- Diagrams
- Baseline Configuration
- Standard Naming Conventions
- Internet Protocol (IP) Schema
- Data Sovereignty
- Data Protection
- Data Loss Prevention (DLP)
- Masking
- Encryption
- At Rest
- In Transit/Motion
- In Processing
- Tokenization
- Rights Management
- Geographical Considerations
- Response and Recovery Controls
- Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Inspection
- Hashing
- API Considerations
- Site Resiliency
- Hot Sites
- Warm Sites
- Cold Sites
- Deception and Disruption
- Honeypots
- Honeyfiles
- Honeynets
- Fake Telemetry
- DNS Sinkhole
- Chapter Review
- Questions
- Answers
- Chapter 10 Virtualization and Cloud Security
- Cloud Models
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
- Anything as a Service (XaaS)
- Level of Control in the Hosting Models
- Public
- Community
- Private
- Hybrid
- Cloud Service Providers
- Managed Service Provider (MSP) / Managed Security Service Provider (MSSP)
- On-Premises vs. Off-Premises
- Fog Computing
- Edge Computing
- Thin Client
- Containers
- Microservices/API
- Infrastructure as Code
- Software-Defined Networking (SDN)
- Software-Defined Visibility (SDV)
- Serverless Architecture
- Services Integration
- Resource Policies
- Transit Gateway
- Virtualization
- Type I
- Type II
- Virtual Machine (VM) Sprawl Avoidance
- VM Escape Protection
- Chapter Review
- Questions
- Answers
- Chapter 11 Secure Application Development, Deployment, and Automation Concepts
- Environment
- Development
- Test
- Staging
- Production
- Quality Assurance (QA)
- Provisioning and Deprovisioning
- Integrity Measurement
- Secure Coding Techniques
- Normalization
- Stored Procedures
- Obfuscation/Camouflage
- Code Reuse and Dead Code
- Server-Side vs. Client-Side Execution and Validation
- Memory Management
- Use of Third-Party Libraries and Software Development Kits (SDKs)
- Data Exposure
- Open Web Application Security Project (OWASP)
- Software Diversity
- Compilers
- Binaries
- Automation/Scripting
- Automated Courses of Action
- Continuous Monitoring
- Continuous Validation
- Continuous Integration
- Continuous Delivery
- Continuous Deployment
- Elasticity
- Scalability
- Version Control
- Chapter Review
- Questions
- Answers
- Chapter 12 Authentication and Authorization
- Authentication Methods
- Directory Services
- Federation
- Attestation
- Technologies
- Smart Card Authentication
- Biometrics
- Fingerprint
- Retina
- Iris
- Facial
- Voice
- Vein
- Gait Analysis
- Efficacy Rates
- False Acceptance
- False Rejection
- Crossover Error Rate
- Multifactor Authentication (MFA) Factors and Attributes
- Factors
- Attributes
- Authentication, Authorization, and Accounting (AAA)
- Cloud vs. On-premises Requirements
- Chapter Review
- Questions
- Answers
- Chapter 13 Cybersecurity Resilience
- Redundancy
- Geographic Dispersal
- Disk
- Network
- Power
- Replication
- Storage Area Network (SAN)
- VM
- On-premises vs. Cloud
- Backup Types
- Full
- Incremental
- Snapshot
- Differential
- Tape
- Disk
- Copy
- Network Attached Storage (NAS)
- Storage Area Network (SAN)
- Cloud
- Image
- Online vs. Offline
- Distance Considerations
- Nonpersistence
- Revert to Known State
- Last Known-Good Configuration
- Live Boot Media
- High Availability
- Scalability
- Restoration Order
- Diversity
- Technologies
- Vendors
- Crypto
- Controls
- Chapter Review
- Questions
- Answers
- Chapter 14 Embedded and Specialized Systems
- Embedded Systems
- Raspberry Pi
- Field Programmable Gate Arrays (FPGAs)
- Arduino
- Supervisory Control and Data Acquisition (SCADA) / Industrial Control System (ICS)
- Facilities
- Industrial
- Manufacturing
- Energy
- Logistics
- Internet of Things (IoT)
- Sensors
- Smart Devices
- Wearables
- Facility Automation
- Weak Defaults
- Specialized Systems
- Medical Systems
- Vehicle Systems
- Aircraft Systems
- Smart Meters
- Voice over IP (VoIP)
- Heating, Ventilation, Air Conditioning (HVAC)
- Drones
- Multifunction Printers (MFPs)
- Real-time Operating Systems (RTOSs)
- Surveillance Systems
- System on a Chip (SoC)
- Communication Considerations
- 5G
- Narrow-Band Radio
- Baseband Radio
- Subscriber Identity Module (SIM) Cards
- Zigbee
- Constraints
- Power
- Compute
- Network
- Cryptographic Functions
- Inability to Patch
- Authentication
- Range
- Cost
- Implied Trust
- Chapter Review
- Questions
- Answers
- Chapter 15 Physical Security Controls
- Bollards/Barricades
- Access Control Vestibules
- Badges
- Alarms
- Signage
- Cameras
- Motion Recognition
- Object Detection
- Closed-Circuit Television (CCTV)
- Industrial Camouflage
- Personnel
- Guards
- Robot Sentries
- Reception
- Two-Person Integrity/Control
- Locks
- Biometrics
- Electronic
- Physical
- Cable Locks
- USB Data Blocker
- Lighting
- Fencing
- Fire Suppression
- Sensors
- Motion Detection
- Noise Detection
- Proximity Reader
- Moisture Detection
- Cards
- Temperature
- Drones
- Visitor Logs
- Faraday Cages
- Air Gap
- Screened Subnet
- Protected Cable Distribution
- Secure Areas
- Air Gap
- Vault
- Safe
- Hot and Cold Aisles
- Secure Data Destruction
- Burning
- Shredding
- Pulping
- Pulverizing
- Degaussing
- Purging
- Third-Party Solutions
- Chapter Review
- Questions
- Answers
- Chapter 16 Cryptographic Concepts
- General Cryptographic Concepts
- Fundamental Methods
- Digital Signatures
- Key Length
- Key Stretching
- Salting
- Hashing
- Key Exchange
- Elliptic Curve Cryptography
- Perfect Forward Secrecy
- Quantum Cryptography
- Post-Quantum Era
- Ephemeral Keys
- Modes of Operation
- Authenticated
- Counter
- Unauthenticated
- Blockchain
- Cipher Suites
- Block
- Stream
- Symmetric vs. Asymmetric
- Lightweight Cryptography
- Steganography
- Homomorphic Encryption
- Common Use Cases
- Low-Power Devices
- Low-Latency Operations
- High-Resiliency Systems
- Support for Confidentiality
- Support for Integrity
- Support for Obfuscation
- Supporting Authentication
- Support for Nonrepudiation
- Limitations
- Speed
- Size
- Weak Keys
- Time
- Longevity
- Predictability
- Reuse
- Entropy
- Computational Overhead
- Resource vs. Security Constraints
- Weak/Deprecated Algorithms
- Chapter Review
- Questions
- Answers
- Part III Implementation
- Chapter 17 Secure Protocols
- Protocols
- Domain Name System Security Extensions (DNSSEC)
- SSH
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Secure Real-time Transport Protocol (SRTP)
- Lightweight Directory Access Protocol over SSL (LDAPS)
- File Transfer Protocol, Secure (FTPS)
- SSH File Transfer Protocol (SFTP)
- Simple Network Management Protocol, Version 3 (SNMPv3)
- Hypertext Transfer Protocol over SSL/TLS (HTTPS)
- IPSec
- Post Office Protocol (POP) / Internet Message Access Protocol (IMAP)
- Use Cases
- Voice and Video
- Time Synchronization
- E-mail and Web
- File Transfer
- Directory Services
- Remote Access
- Domain Name Resolution
- Routing and Switching
- Network Address Allocation
- Subscription Services
- Chapter Review
- Questions
- Answers
- Chapter 18 Host and Application Security
- Endpoint Protection
- Antivirus
- Anti-Malware
- Endpoint Detection and Response (EDR)
- DLP
- Next-Generation Firewall (NGFW)
- Host-based Intrusion Detection System (HIDS)
- Host-based Intrusion Prevention System (HIPS)
- Host-based Firewall
- Boot Integrity
- Boot Security/Unified Extensible Firmware Interface (UEFI)
- Measured Boot
- Boot Attestation
- Database
- Tokenization
- Salting
- Hashing
- Application Security
- Input Validations
- Secure Cookies
- Hypertext Transfer Protocol (HTTP) Headers
- Code Signing
- Allow List
- Block List/Deny List
- Secure Coding Practices
- Static Code Analysis
- Dynamic Code Analysis
- Fuzzing
- Hardening
- Open Ports and Services
- Registry
- Disk Encryption
- OS
- Patch Management
- Third-Party Updates
- Auto-Update
- Self-Encrypting Drive (SED)/Full Disk Encryption (FDE)
- Opal
- Hardware Root of Trust
- Trusted Platform Module (TPM)
- Sandboxing
- Chapter Review
- Questions
- Answers
- Chapter 19 Secure Network Design
- Load Balancing
- Active/Active
- Active/Passive
- Scheduling
- Virtual IP
- Persistence
- Network Segmentation
- Virtual Local Area Network (VLAN)
- Screened Subnet (Previously Known as Demilitarized Zone)
- East-West Traffic
- Extranet
- Intranet
- Zero Trust
- Virtual Private Network (VPN)
- Always On
- Split Tunnel vs. Full Tunnel
- Remote Access vs. Site-to-Site
- IPSec
- SSL/TLS
- HTML5
- Layer 2 Tunneling Protocol (L2TP)
- DNS
- Network Access Control (NAC)
- Agent and Agentless
- Out-of-Band Management
- Port Security
- Broadcast Storm Prevention
- Bridge Protocol Data Unit (BPDU) Guard
- Loop Prevention
- Dynamic Host Configuration Protocol (DHCP) Snooping
- Media Access Control (MAC) Filtering
- Network Appliances
- Jump Servers
- Proxy Servers
- Network-based Intrusion Detection System (NIDS)/Network-based Intrusion Prevention System (NIPS)
- HSM
- Sensors
- Collectors
- Aggregators
- Firewalls
- Access Control List (ACL)
- Route Security
- Quality of Service (QoS)
- Implications of IPv6
- Port Spanning/Port Mirroring
- Port Taps
- Monitoring Services
- File Integrity Monitors
- Chapter Review
- Questions
- Answers
- Chapter 20 Wireless Security
- Cryptographic Protocols
- Wi-Fi Protected Access 2 (WPA2)
- Wi-Fi Protected Access 3 (WPA3)
- Counter Mode/CBC-MAC Protocol (CCMP)
- Simultaneous Authentication of Equals (SAE)
- Authentication Protocols
- Extensible Authentication Protocol (EAP)
- Protected Extensible Authentication Protocol (PEAP)
- EAP-FAST
- EAP-TLS
- EAP-TTLS
- IEEE 802.1X
- Remote Authentication Dial-in User Service (RADIUS) Federation
- Methods
- Pre-shared Key (PSK) vs. Enterprise vs. Open
- Wi-Fi Protected Setup (WPS)
- Captive Portals
- Installation Considerations
- Site Surveys
- Heat Maps
- Wi-Fi Analyzers
- Channel Overlays
- Wireless Access Point (WAP) Placement
- Controller and Access Point Security
- Chapter Review
- Questions
- Answers
- Chapter 21 Secure Mobile Solutions
- Connection Methods and Receivers
- Cellular
- Wi-Fi
- Bluetooth
- NFC
- Infrared
- USB
- Point-to-Point
- Point-to-Multipoint
- Global Positioning System (GPS)
- RFID
- Mobile Device Management (MDM)
- Application Management
- Content Management
- Remote Wipe
- Geofencing
- Geolocation
- Screen Locks
- Push Notification Services
- Passwords and PINs
- Biometrics
- Context-Aware Authentication
- Containerization
- Storage Segmentation
- Full Device Encryption
- Mobile Devices
- MicroSD Hardware Security Module (HSM)
- MDM/Unified Endpoint Management (UEM)
- Mobile Application Management (MAM)
- SEAndroid
- Enforcement and Monitoring
- Third-Party Application Stores
- Rooting/Jailbreaking
- Sideloading
- Custom Firmware
- Carrier Unlocking
- Firmware OTA Updates
- Camera Use
- SMS/Multimedia Message Service (MMS)/Rich Communication Services (RCS)
- External Media
- USB On-The-Go (USB OTG)
- Recording Microphone
- GPS Tagging
- Wi-Fi Direct/Ad Hoc
- Tethering
- Hotspot
- Payment Methods
- Deployment Models
- Bring Your Own Device (BYOD)
- Corporate-Owned, Personally Enabled (COPE)
- Choose Your Own Device (CYOD)
- Corporate-Owned
- Virtual Desktop Infrastructure (VDI)
- Chapter Review
- Questions
- Answers
- Chapter 22 Implementing Cloud Security
- Cloud Security Controls
- High Availability Across Zones
- Resource Policies
- Secrets Management
- Integration and Auditing
- Storage
- Network
- Compute
- Solutions
- CASB
- Application Security
- Next-Generation Secure Web Gateway (SWG)
- Firewall Considerations in a Cloud Environment
- Cloud-Native Controls vs. Third-Party Solutions
- Chapter Review
- Questions
- Answers
- Chapter 23 Identity and Account Management Controls
- Identity
- Identity Provider (IdP)
- Attributes
- Certificates
- Tokens
- SSH Keys
- Smart Cards
- Account Types
- User Account
- Shared and Generic Accounts/Credentials
- Guest Accounts
- Service Accounts
- Account Policies
- Password Complexity
- Password History
- Password Reuse
- Time of Day
- Network Location
- Geofencing
- Geotagging
- Geolocation
- Time-based Logins
- Access Policies
- Account Permissions
- Account Audits
- Impossible Travel Time/Risky Login
- Lockout
- Disablement
- Chapter Review
- Questions
- Answers
- Chapter 24 Implement Authentication and Authorization
- Authentication Management
- Password Keys
- Password Vaults
- TPM
- HSM
- Knowledge-based Authentication
- Authentication
- EAP
- Challenge-Handshake Authentication Protocol (CHAP)
- Password Authentication Protocol (PAP)
- 802.1X
- RADIUS
- Single Sign-On (SSO)
- Security Assertion Markup Language (SAML)
- Terminal Access Controller Access Control System Plus (TACACS+)
- OAuth
- OpenID
- Kerberos
- Access Control Schemes
- Attribute-Based Access Control (ABAC)
- Role-Based Access Control
- Rule-Based Access Control
- MAC
- Discretionary Access Control (DAC)
- Conditional Access
- Privileged Access Management
- File System Permissions
- Chapter Review
- Questions
- Answers
- Chapter 25 Public Key Infrastructure
- Public Key Infrastructure (PKI)
- Key Management
- Certificate Authority (CA)
- Intermediate CA
- Registration Authority (RA)
- Certificate Revocation List (CRL)
- Certificate Attributes
- Online Certificate Status Protocol (OCSP)
- Certificate Signing Request (CSR)
- CN
- Subject Alternative Name (SAN)
- Expiration
- Types of Certificates
- Wildcard Certificates
- Subject Alternative NameSAN
- Code-Signing Certificates
- Self-Signed Certificates
- Machine/Computer
- User
- Root
- Domain Validation
- Extended Validation
- Certificate Formats
- KEY
- Distinguished Encoding Rules (DER)
- Privacy-Enhanced Mail (PEM)
- Personal Information Exchange (PFX)
- CER
- P12
- P7B
- Concepts
- Online vs. Offline CA
- Stapling
- Pinning
- Trust Model
- Key Escrow
- Certificate Chaining
- Chapter Review
- Questions
- Answers
- Part IV Operations and Incident Response
- Chapter 26 Tools/Assess Organizational Security
- Network Reconnaissance and Discovery
- tracert/traceroute
- nslookup/dig
- ipconfig/ifconfig
- nmap
- ping/pathping
- hping
- netstat
- netcat
- IP Scanners
- arp
- route
- curl
- theHarvester
- sn1per
- scanless
- dnsenum
- Nessus
- Cuckoo
- File Manipulation
- head
- tail
- cat
- grep
- chmod
- logger
- Shell and Script Environments
- SSH
- PowerShell
- Python
- OpenSSL
- Packet Capture and Replay
- Tcpreplay
- Tcpdump
- Wireshark
- Forensics
- dd
- memdump
- WinHex
- FTK Imager
- Autopsy
- Exploitation Frameworks
- Password Crackers
- Data Sanitization
- Chapter Review
- Questions
- Answers
- Chapter 27 Incident Response Policies, Processes, and Procedures
- Incident Response Plans
- Incident Response Process
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
- Exercises
- Tabletop
- Walkthroughs
- Simulations
- Attack Frameworks
- MITRE ATT&CK
- The Diamond Model of Intrusion Analysis
- Cyber Kill Chain
- Stakeholder Management
- Communication Plan
- Disaster Recovery Plan
- Business Continuity Plan
- Continuity of Operation Planning (COOP)
- Incident Response Team
- Retention Policies
- Chapter Review
- Questions
- Answers
- Chapter 28 Investigations
- Vulnerability Scan Output
- SIEM Dashboards
- Sensor
- Sensitivity
- Trends
- Alerts
- Correlation
- Log Files
- Network
- System
- Application
- Security
- Web
- DNS
- Authentication
- Dump Files
- VoIP and Call Managers
- Session Initiation Protocol (SIP) Traffic
- Syslog/Rsyslog/Syslog-ng
- Journalctl
- NXLog
- Bandwidth Monitors
- Metadata
- Mobile
- Web
- File
- NetFlow/sFlow
- IPFIX
- Protocol Analyzer Output
- Chapter Review
- Questions
- Answers
- Chapter 29 Mitigation Techniques and Controls
- Reconfigure Endpoint Security Solutions
- Application Approved List
- Application Blocklist/Deny List
- Quarantine
- Configuration Changes
- Firewall Rules
- MDM
- DLP
- Content Filter/URL Filter
- Update or Revoke Certificates
- Isolation
- Containment
- Segmentation
- Secure Orchestration, Automation, and Response (SOAR)
- Runbooks
- Playbooks
- Chapter Review
- Questions
- Answers
- Chapter 30 Digital Forensics
- Documentation/Evidence
- Legal Hold
- Video
- Admissibility
- Chain of Custody
- Timelines of Sequence of Events
- Tags
- Reports
- Event Logs
- Interviews
- Acquisition
- Order of Volatility
- Disk
- Random-Access Memory (RAM)
- Swap/Pagefile
- Operating System (OS)
- Device
- Firmware
- Snapshot
- Cache
- Network
- Artifacts
- On-premises vs. Cloud
- Right to Audit Clauses
- Regulatory/Jurisdiction
- Data Breach Notification Laws
- Integrity
- Hashing
- Checksums
- Provenance
- Preservation
- E-Discovery
- Data Recovery
- Nonrepudiation
- Strategic Intelligence/Counterintelligence
- Chapter Review
- Questions
- Answers
- Part V Governance, Risk, and Compliance
- Chapter 31 Security Controls
- Security Controls
- Categories
- Managerial
- Operational
- Technical
- Control Types
- Preventative
- Detective
- Corrective
- Deterrent
- Compensating
- Physical
- Chapter Review
- Questions
- Answers
- Chapter 32 Regulations, Standards, and Frameworks
- Regulations, Standards, and Legislation
- General Data Protection Regulation (GDPR)
- National, Territory, or State Laws
- Payment Card Industry Data Security Standard (PCI DSS)
- Key Frameworks
- Center for Internet Security (CIS)
- National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/Cybersecurity Framework (CSF)
- International Organization for Standardization (ISO) 27001/27002/27701/31000
- SSAE SOC 2 Type I/II
- Cloud Security Alliance
- Benchmarks and Secure Configuration Guides
- Platform/Vendor-Specific Guides
- Chapter Review
- Questions
- Answers
- Chapter 33 Organizational Policies
- Personnel
- Acceptable Use Policy
- Job Rotation
- Mandatory Vacation
- Separation of Duties
- Least Privilege
- Clean Desk Space
- Background Checks
- Nondisclosure Agreement (NDA)
- Social Media Analysis
- Onboarding
- Offboarding
- User Training
- Diversity of Training Techniques
- Third-Party Risk Management
- Vendors
- Supply Chain
- Business Partners
- Service Level Agreement (SLA)
- Memorandum of Understanding (MOU)
- Measurement Systems Analysis (MSA)
- Business Partnership Agreement (BPA)
- End of Life (EOL)
- End of Service Life (EOSL)
- NDA
- Data
- Classification
- Governance
- Retention
- Credential Policies
- Personnel
- Third Party
- Devices
- Service Accounts
- Administrator/Root Accounts
- Organizational Policies
- Change Management
- Change Control
- Asset Management
- Chapter Review
- Questions
- Answers
- Chapter 34 Risk Management
- Risk Types
- External
- Internal
- Legacy Systems
- Multiparty
- IP Theft
- Software Compliance/Licensing
- Risk Management Strategies
- Acceptance
- Avoidance
- Transference
- Mitigation
- Risk Analysis
- Risk Register
- Risk Matrix/Heat Map
- Risk Control Assessment
- Risk Control Self-Assessment
- Risk Awareness
- Inherent Risk
- Residual Risk
- Control Risk
- Risk Appetite
- Regulations That Affect Risk Posture
- Risk Assessment Types
- Likelihood of Occurrence
- Impact
- Asset Value
- Single-Loss Expectancy (SLE)
- Annualized Loss Expectancy (ALE)
- Annualized Rate of Occurrence (ARO)
- Disasters
- Environmental
- Person-made
- Internal vs. External
- Business Impact Analysis
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Mean Time to Repair (MTTR)
- Mean Time Between Failures (MTBF)
- Functional Recovery Plans
- Single Point of Failure
- Disaster Recovery Plan (DRP)
- Mission-Essential Functions
- Identification of Critical Systems
- Site Risk Assessment
- Chapter Review
- Questions
- Answers
- Chapter 35 Privacy
- Organizational Consequences of Privacy Breaches
- Reputation Damage
- Identity Theft
- Fines
- IP Theft
- Notifications of Breaches
- Escalation
- Public Notifications and Disclosures
- Data Types
- Classifications
- Personally Identifiable Information (PII)
- Privacy-Enhancing Technologies
- Data Minimization
- Data Masking
- Tokenization
- Anonymization
- Pseudo-Anonymization
- Roles and Responsibilities
- Data Owners
- Data Controller
- Data Processor
- Data Custodian/Steward
- Data Privacy Officer (DPO)
- Information Lifecycle
- Impact Assessment
- Terms of Agreement
- Privacy Notice
- Chapter Review
- Questions
- Answers
- Part VI Appendixes and Glossary
- Appendix A OSI Model and Internet Protocols
- Appendix B About the Online Content
- Glossary
- Index
