CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.
This edition comes with a Pearson Test Prep Practice Test access code that is delivered upon product registration. Follow the instructions in the book's introduction to register your product.
Covers the critical information needed to score higher on your Security+ SY0-701 exam!
- General security concepts
- Threats, vulnerabilities, and mitigations
- Security architecture
- Security operations
- Security program management and oversight
Prepare for your exam with Pearson Test Prep
- Realistic practice questions and answers
- Comprehensive reporting and feedback
- Customized testing in study, practice exam, or flash card modes
- Complete coverage of CompTIA Security+ SY0-701 exam objectives
Table of Contents:
Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi
Part 1: General Security Concepts 1
CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3
Nature of Controls.. . . . . . . . . . . . . . . . . . . 3
Functional Use of Controls.. . . . . . . . . . . . . . . . 4
What Next?.. . . . . . . . . . . . . . . . . . . . . . 9
CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11
Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12
Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13
Authentication, Authorization, and Accounting (AAA).. . . . . . . 13
Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14
Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15
Physical Security. . . . . . . . . . . . . . . . . . . . 18
Video Surveillance. . . . . . . . . . . . . . . . . . . 20
Deception and Disruption Technology. . . . . . . . . . . . 23
What Next?.. . . . . . . . . . . . . . . . . . . . . 26
CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27
Change Management. . . . . . . . . . . . . . . . . . 28
Business Processes Impacting Security Operations. . . . . . . . 28
Technical Implications.. . . . . . . . . . . . . . . . . . 31
Documentation. . . . . . . . . . . . . . . . . . . . 35
Version Control.. . . . . . . . . . . . . . . . . . . . 36
What Next?.. . . . . . . . . . . . . . . . . . . . . 38
CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39
Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40
Encryption. . . . . . . . . . . . . . . . . . . . . . 43
Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55
What Next?.. . . . . . . . . . . . . . . . . . . . . 80
Part 2: Threats, Vulnerabilities, and Mitigations 81
CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83
Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84
Motivations.. . . . . . . . . . . . . . . . . . . . . 90
What Next?.. . . . . . . . . . . . . . . . . . . . . 96
CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97
Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98
What Next?.. . . . . . . . . . . . . . . . . . . . . 114
CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115
Application. . . . . . . . . . . . . . . . . . . . . . 116
Operating System-Based.. . . . . . . . . . . . . . . . . 118
Web-Based. . . . . . . . . . . . . . . . . . . . . . 119
Hardware. . . . . . . . . . . . . . . . . . . . . . 120
Virtualization.. . . . . . . . . . . . . . . . . . . . . 121
Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122
Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123
Cryptographic.. . . . . . . . . . . . . . . . . . . . 125
Misconfiguration. . . . . . . . . . . . . . . . . . . . 126
Mobile Device.. . . . . . . . . . . . . . . . . . . . 127
Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127
What Next?.. . . . . . . . . . . . . . . . . . . . . 130
CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131
Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132
Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138
Network Attacks.. . . . . . . . . . . . . . . . . . . . 139
Application Attacks.. . . . . . . . . . . . . . . . . . . 148
Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153
Password Attacks. . . . . . . . . . . . . . . . . . . . 154
Indicators of Malicious Activity. . . . . . . . . . . . . . . 156
What Next?.. . . . . . . . . . . . . . . . . . . . . 160
CHAPTER 9 Mitigation Techniques for Securing the Enterprise.. . . . . 161
Segmentation.. . . . . . . . . . . . . . . . . . . . . 162
Access Control.. . . . . . . . . . . . . . . . . . . . 162
Application Allow List.. . . . . . . . . . . . . . . . . . 164
Isolation. . . . . . . . . . . . . . . . . . . . . . . 165
Patching.. . . . . . . . . . . . . . . . . . . . . . 165
What Next?.. . . . . . . . . . . . . . . . . . . . . 176
Part 3: Security Architecture 177
CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179
Architecture and Infrastructure Concepts. . . . . . . . . . . 180
Considerations.. . . . . . . . . . . . . . . . . . . . 201
What Next?.. . . . . . . . . . . . . . . . . . . . . 209
CHAPTER 11: Enterprise Architecture Security Principles.. . . . . . . . . 211
Infrastructure Considerations.. . . . . . . . . . . . . . . 212
Secure Communication/Access.. . . . . . . . . . . . . . . 224
Selection of Effective Controls.. . . . . . . . . . . . . . . 228
What Next?.. . . . . . . . . . . . . . . . . . . . . 232
CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233
Data Types. . . . . . . . . . . . . . . . . . . . . . 234
Data Classifications.. . . . . . . . . . . . . . . . . . . 237
General Data Considerations.. . . . . . . . . . . . . . . 238
Methods to Secure Data. . . . . . . . . . . . . . . . . 240
What Next?.. . . . . . . . . . . . . . . . . . . . . 246
CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247
High Availability.. . . . . . . . . . . . . . . . . . . . 248
Site Considerations.. . . . . . . . . . . . . . . . . . . 249
Platform Diversity. . . . . . . . . . . . . . . . . . . 251
Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252
Continuity of Operations.. . . . . . . . . . . . . . . . . 252
Capacity Planning. . . . . . . . . . . . . . . . . . . 253
Testing.. . . . . . . . . . . . . . . . . . . . . . . 254
Backups.. . . . . . . . . . . . . . . . . . . . . . . 255
Power.. . . . . . . . . . . . . . . . . . . . . . . 261
What Next?.. . . . . . . . . . . . . . . . . . . . . 264
Part 4: Security Operations 265
CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267
Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268
Hardening Targets.. . . . . . . . . . . . . . . . . . . 270
Wireless Devices. . . . . . . . . . . . . . . . . . . . 278
Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281
Wireless Security Settings.. . . . . . . . . . . . . . . . 285
Application Security.. . . . . . . . . . . . . . . . . . 289
Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290
Monitoring.. . . . . . . . . . . . . . . . . . . . . 291
What Next?.. . . . . . . . . . . . . . . . . . . . . 293
CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295
Acquisition/Procurement Process.. . . . . . . . . . . . . . 296
Assignment/Accounting.. . . . . . . . . . . . . . . . . 297
Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299
Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300
What Next?.. . . . . . . . . . . . . . . . . . . . . 305
CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307
Identification Methods. . . . . . . . . . . . . . . . . . 308
Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316
Vulnerability Response and Remediation.. . . . . . . . . . . 322
Validation of Remediation.. . . . . . . . . . . . . . . . 325
Reporting. . . . . . . . . . . . . . . . . . . . . . 326
What Next?.. . . . . . . . . . . . . . . . . . . . . 328
CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329
Monitoring Computing Resources.. . . . . . . . . . . . . 330
Activities.. . . . . . . . . . . . . . . . . . . . . . 332
Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336
What Next?.. . . . . . . . . . . . . . . . . . . . . 347
CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349
Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350
IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354
Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357
Operating System Security.. . . . . . . . . . . . . . . . 361
Implementation of Secure Protocols.. . . . . . . . . . . . . 363
DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366
Email Security.. . . . . . . . . . . . . . . . . . . . 367
File Integrity Monitoring. . . . . . . . . . . . . . . . . 369
Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370
Network Access Control (NAC).. . . . . . . . . . . . . . 371
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372
User Behavior Analytics.. . . . . . . . . . . . . . . . . 373
What Next?.. . . . . . . . . . . . . . . . . . . . . 375
CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377
Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378
Permission Assignments and Implications. . . . . . . . . . . 379
Identity Proofing.. . . . . . . . . . . . . . . . . . . 381
Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382
Interoperability. . . . . . . . . . . . . . . . . . . . 385
Attestation.. . . . . . . . . . . . . . . . . . . . . . 385
Access Controls.. . . . . . . . . . . . . . . . . . . . 386
Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388
Password Concepts.. . . . . . . . . . . . . . . . . . . 395
Privileged Access Management Tools. . . . . . . . . . . . . 397
What Next?.. . . . . . . . . . . . . . . . . . . . . 400
CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401
Use Cases of Automation and Scripting.. . . . . . . . . . . . 402
Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405
Other Considerations.. . . . . . . . . . . . . . . . . . 406
What Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409
Incident Response Process.. . . . . . . . . . . . . . . . 410
Training and Testing.. . . . . . . . . . . . . . . . . . 411
Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412
Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413
Digital Forensics. . . . . . . . . . . . . . . . . . . . 414
What Next?.. . . . . . . . . . . . . . . . . . . . . 417
CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419
Log Data.. . . . . . . . . . . . . . . . . . . . . . 419
Data Sources.. . . . . . . . . . . . . . . . . . . . . 421
What Next?.. . . . . . . . . . . . . . . . . . . . . 423
Part 5: Security Program Management and Oversight 425
CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427
Governing Framework. . . . . . . . . . . . . . . . . . 428
Policies.. . . . . . . . . . . . . . . . . . . . . . . 433
Standards.. . . . . . . . . . . . . . . . . . . . . . 445
Procedures.. . . . . . . . . . . . . . . . . . . . . . 447
Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452
External Considerations. . . . . . . . . . . . . . . . . 453
Roles and Responsibilities for Systems and Data.. . . . . . . . . 460
What Next?.. . . . . . . . . . . . . . . . . . . . . 464
CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465
Risk Identification. . . . . . . . . . . . . . . . . . . 466
Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466
Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468
Risk Register.. . . . . . . . . . . . . . . . . . . . . 472
Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474
Risk Management Strategies. . . . . . . . . . . . . . . . 475
Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477
Business Impact Analysis.. . . . . . . . . . . . . . . . . 478
What Next?.. . . . . . . . . . . . . . . . . . . . . 483
CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485
Third-Party Risk Management.. . . . . . . . . . . . . . . 486
What Next?.. . . . . . . . . . . . . . . . . . . . . 494
CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495
Compliance Reporting and Monitoring.. . . . . . . . . . . . 496
Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501
What Next?.. . . . . . . . . . . . . . . . . . . . . 507
CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509
Audits and Assessments.. . . . . . . . . . . . . . . . . 510
Penetration Testing.. . . . . . . . . . . . . . . . . . . 513
What Next?.. . . . . . . . . . . . . . . . . . . . . 523
CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525
Security Awareness.. . . . . . . . . . . . . . . . . . . 526
What Next?.. . . . . . . . . . . . . . . . . . . . . 550
Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551
Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603
9780138225575, TOC, 7/3/2024
About the Author :
Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology “trenches,” handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, SANS.org GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success.
Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavor—a seductive romance novel where love and cybersecurity collide in a high-stakes adventure.
