Security + SY0-501 Student Guide.pdf - Becoming a CompTIA Certified IT Professional is Easy It\u2019s also the best way to reach greater professional

Security + SY0-501 Student Guide.pdf - Becoming a CompTIA...

This preview shows page 1 out of 652 pages.

Unformatted text preview: Becoming a CompTIA Certified IT Professional is Easy It’s also the best way to reach greater professional opportunities and rewards. Why Get CompTIA Certified? Growing Demand Higher Salaries Verified Strengths Universal Skills Labor estimates predict some technology fields will experience growth of over 20% by the year 2020.* CompTIA certification qualifies the skills required to join this workforce. IT professionals with certifications on their resume command better jobs, earn higher salaries and have more doors open to new multi‐ industry opportunities. 91% of hiring managers indicate CompTIA certifications are valuable in validating IT expertise, making certification the best way to demonstrate your competency and knowledge to employers.** CompTIA certifications are vendor neutral—which means that certified professionals can proficiently work with an extensive variety of hardware and software found in most organizations. Learn more about what the exam covers by reviewing the following: Purchase a voucher at a Pearson VUE testing center or at CompTIAstore.com. Exam objectives for key study points. Register for your exam at a Pearson VUE testing center: Sample questions for a general overview of what to expect on the exam and examples of question format. Visit pearsonvue.com/CompTIA to find the closest testing center to you. Visit online forums, like LinkedIn, to see what other IT professionals say about CompTIA exams. Congratulations on your CompTIA certification! Make sure to add your certification to your resume. Check out the CompTIA Certification Roadmap to plan your next career move. Schedule the exam online. You will be required to enter your voucher number or provide payment information at registration. Take your certification exam. Learn more: Certification.CompTIA.org/securityplus * Source: CompTIA 9th Annual Information Security Trends study: 500 U.S. IT and Business Executives Responsible for Security ** Source: CompTIA Employer Perceptions of IT Training and Certification © 2015 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 02190‐Nov2015 Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM CompTIA® Security+® (Exam SY0-501) Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM CompTIA® Security+® (Exam SY0-501) Part Number: 093027 Course Edition: 1.2 Acknowledgements PROJECT TEAM Authors Technical Reviewer Media Designer Content Editor Pamela J. Taylor Belton Myers, Security+, CISSP Brian Sullivan Peter Bauer Jason Nufryk Logical Operations wishes to thank the Logical Operations Instructor Community, and in particular James Gross, Al Wills, and Ahmad Ismaiel,. for their instructional and technical expertise during the creation of this course. Notices DISCLAIMER While Logical Operations, Inc. takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. The name used in the data files for this course is that of a fictitious company. Any resemblance to current or future companies is purely coincidental. We do not believe we have used anyone's name in creating this course, but if we have, please notify us and we will change the name in the next revision of the course. Logical Operations is an independent provider of integrated training solutions for individuals, businesses, educational institutions, and government agencies. The use of screenshots, photographs of another entity's products, or another entity's product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by nor any affiliation of such entity with Logical Operations. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the "External Sites"). Logical Operations is not responsible for the availability of, or the content located on or through, any External Site. Please contact Logical Operations if you have any concerns regarding such links or External Sites. TRADEMARK NOTICES Logical Operations and the Logical Operations logo are trademarks of Logical Operations, Inc. and its affiliates. ® ® CompTIA Security+ is a registered trademark of CompTIA, Inc. in the United States and other countries. The other CompTIA products and services discussed or described may be trademarks or registered trademarks of CompTIA, Inc. ® ® Microsoft Windows is a registered trademark of Microsoft Corporation in the United States and other countries. The other Microsoft products and services discussed or described may be trademarks or registered trademarks of Microsoft Corporation. All other product and service names used may be common law or registered trademarks of their respective proprietors. Copyright © 2018 Logical Operations, Inc. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without express written permission of Logical Operations, 3535 Winton Place, Rochester, NY 14623, 1-800-456-4677 in the United States and Canada, 1-585-350-7000 in all other countries. Logical Operations’ World Wide Web site is located at . This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and conditions of the owner. Do not make illegal copies of books or software. If you believe that this book, related materials, or any other Logical Operations materials are being reproduced or transmitted without permission, please call 1-800-456-4677 in the United States and Canada, 1-585-350-7000 in all other countries. Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM CompTIA® Security+® (Exam SY0-501) Lesson 1: Identifying Security Fundamentals................... 1 Topic A: Identify Information Security Concepts..............................2 Topic B: Identify Basic Security Controls......................................... 8 Topic C: Identify Basic Authentication and Authorization Concepts..................................................................................14 Topic D: Identify Basic Cryptography Concepts............................. 21 Lesson 2: Analyzing Risk.............................................. 31 Topic A: Analyze Organizational Risk........................................... 32 Topic B: Analyze the Business Impact of Risk................................40 Lesson 3: Identifying Security Threats...........................51 Topic A: Identify Types of Attackers............................................. 52 Topic B: Identify Social Engineering Attacks.................................. 57 Topic C: Identify Malware............................................................. 66 Topic D: Identify Software-Based Threats..................................... 76 Topic E: Identify Network-Based Threats...................................... 88 Topic F: Identify Wireless Threats............................................... 109 Topic G: Identify Physical Threats............................................... 120 Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM | CompTIA® Security+® (Exam SY0-501) | Lesson 4: Conducting Security Assessments....................... 125 Topic A: Identify Vulnerabilities............................................................ 126 Topic B: Assess Vulnerabilities............................................................. 132 Topic C: Implement Penetration Testing............................................... 140 Lesson 5: Implementing Host and Software Security........... 149 Topic A: Implement Host Security......................................................... 150 Topic B: Implement Cloud and Virtualization Security........................... 167 Topic C: Implement Mobile Device Security...........................................178 Topic D: Incorporate Security in the Software Development Lifecycle.... 189 Lesson 6: Implementing Network Security...........................199 Topic A: Configure Network Security Technologies............................... 200 Topic B: Secure Network Design Elements............................................ 215 Topic C: Implement Secure Networking Protocols and Services............. 223 Topic D: Secure Wireless Traffic............................................................243 Lesson 7: Managing Identity and Access............................. 255 Topic A: Implement Identity and Access Management...........................256 Topic B: Configure Directory Services................................................... 269 Topic C: Configure Access Services...................................................... 275 Topic D: Manage Accounts................................................................... 289 Lesson 8: Implementing Cryptography................................303 Topic A: Identify Advanced Cryptography Concepts.............................. 304 Topic B: Select Cryptographic Algorithms............................................. 314 Topic C: Configure a Public Key Infrastructure...................................... 323 Topic D: Enroll Certificates................................................................... 338 Topic E: Back Up and Restore Certificates and Private Keys................... 350 Topic F: Revoke Certificates..................................................................356 Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM | CompTIA® Security+® (Exam SY0-501) | Lesson 9: Implementing Operational Security..................... 363 Topic A: Evaluate Security Frameworks and Guidelines......................... 364 Topic B: Incorporate Documentation in Operational Security.................370 Topic C: Implement Security Strategies.................................................378 Topic D: Manage Data Security Processes............................................. 386 Topic E: Implement Physical Controls................................................... 400 Lesson 10: Addressing Security Incidents........................... 409 Topic A: Troubleshoot Common Security Issues................................... 410 Topic B: Respond to Security Incidents................................................. 421 Topic C: Investigate Security Incidents..................................................428 Lesson 11: Ensuring Business Continuity............................ 437 Topic A: Select Business Continuity and Disaster Recovery Processes... 438 Topic B: Develop a Business Continuity Plan......................................... 445 Appendix A: Mapping Course Content to CompTIA® Security+® (Exam SY0-501)..........................................................................455 Appendix B: Linux Essentials.............................................................. 457 Topic A: An Introduction to Linux......................................................... 458 Topic B: Enter Shell Commands............................................................ 461 Topic C: Configure System Services...................................................... 478 Topic D: Monitor System Logs.............................................................. 483 Topic E: Configure Security-Enhanced Linux (SELinux)..........................491 Topic F: Implement Basic System Security............................................. 493 Topic G: Secure User Accounts............................................................. 498 Appendix C: Log File Essentials...........................................................505 Topic A: Collect Data from Network-Based Intelligence Sources........... 506 Topic B: Collect Data from Host-Based Intelligence Sources................. 516 Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM | Table of Contents | | CompTIA® Security+® (Exam SY0-501) | Topic C: Use Commmon Tools to Analyze Logs.................................... 524 Appendix D: Programming Essentials................................................. 537 Topic A: Object-Oriented Programming Fundamentals......................... 538 Topic B: Data Structures....................................................................... 543 Topic C: Conditional Statements and Loops.......................................... 547 Solutions............................................................................................ 555 Glossary............................................................................................. 585 Index.................................................................................................. 623 Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM About This Course CompTIA® Security+® (Exam SY0-501) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. You can also take this course to prepare for the CompTIA Security+ certification examination. In this course, you will build on your knowledge of and professional experience with security fundamentals, networks, and organizational security as you acquire the specific skills required to implement basic security services on any type of computer network. This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-501) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today's job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your computer security skill set so that you can confidently perform your duties in any security-related role. Course Description Target Student This course is targeted toward the information technology (IT) professional who has networking and administrative skills in Windows®-based Transmission Control Protocol/ Internet Protocol (TCP/IP) networks; familiarity with other operating systems, such as macOS®, Unix, or Linux; and who wants to further a career in IT by acquiring foundational knowledge of security topics; preparing for the CompTIA Security+ certification examination; or using Security+ as the foundation for advanced security certifications or career roles. Course Prerequisites To ensure your success in this course, you should possess basic Windows user skills and a fundamental understanding of computer and networking concepts. You can obtain this level of skills and knowledge by taking one of the following Logical Operations courses: • Using Microsoft® Windows® 10 • Microsoft® Windows® 10 Transition from Windows® 7 CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months’ experience in networking, including configuring security parameters, are strongly recommended. Students can obtain this level of skill and knowledge by taking any of the following CHOICE courses: • CompTIA® A+®: A Comprehensive Approach (Exams 220-901 and 220-902) • CompTIA® Network+® (Exam N10-006) Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM | CompTIA® Security+® (Exam SY0-501) | Additional introductory courses or work experience in application development and programming, or in network and operating system administration for any software platform or system, are helpful but not required. For instance, to gain experience with managing Windows Server® 2016, you could take any or all of the following CHOICE courses: • Microsoft® Windows® Server 2016: Install, Store, and Compute • Microsoft® Windows® Server 2016: Networking • Microsoft® Windows® Server 2016: Identity Course Objectives In this course, you will implement information security across a variety of different contexts. You will: • Identify the fundamental components of information security. • Analyze risk. • Identify various threats to information security. • Conduct security assessments to detect vulnerabilities. • Implement security for hosts and software. • Implement security for networks. • Manage identity and access. • Implement cryptographic solutions in the organization. • Implement security at the operational level. • Address security incidents. • Ensure the continuity of business operations in the event of an incident. The CHOICE Home Screen Logon and access information for your CHOICE environment will be provided with your class experience. The CHOICE platform is your entry point to the CHOICE learning experience, of which this course manual is only one part. On the CHOICE Home screen, you can access the CHOICE Course screens for your specific courses. Visit the CHOICE Course screen both during and after class to make use of the world of support and instructional resources that make up the CHOICE experience. Each CHOICE Course screen will give you access to the following resources: • Classroom: A link to your training provider's classroom environment. • eBook: An interactive electronic version of the printed book for your course. • Files: Any course files available to download. • Checklists: Step-by-step procedures and general guidelines you can use as a reference during and after class. • Spotlights: Brief animated videos that enhance and extend the classroom learning experience. • Assessment: A course assessment for your self-assessment of the course content. • Social media resources that enable you to collaborate with others in the learning community using professional communications sites such as LinkedIn or microblogging tools such as Twitter. Depending on the nature of your course and the components chosen by your learning provider, the CHOICE Course screen may also include access to elements such as: • LogicalLABS, a virtual technical environment for your course. • Various partner resources related to the courseware. • Related certifications or credentials. • A link to your training provider's website. • Notices from the CHOICE administrator. • Newsletters and other communications from your learning provider. Licensed For Use Only By: JCSE JCA JCSE.JCA Apr 12 2018 10:27AM | About This Course | | CompTIA® Security+® (Exam SY0-501) | • Mentoring services. Visit your CHOICE Home screen often to connect, communicate, and extend your learning experience! How to Use This Book As You Learn This book is divided into lessons and topics, covering a subject or a set of related subjects. In most cases, lessons are arranged in order of increasing proficiency. The results-oriented topics include relevant and supporting information you need to master the content. Each topic has various types of activities designed to enable you to solidify your understanding of the informational material presented in the course. Information is provided for reference and reflection to facilitate understanding and practice. Data files for various activities as well as other supporting files for the course are available by download from the CHOICE Course screen. In addition to sam...
View Full Document

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture