Golaround

1. Security+ Guide to Network Security Fundamentals. Expertly curated help for Security+ Guide to Network Security Fundamentals. Plus easy-to-understand solutions written by experts for thousands of other textbooks. *You will get your 1st month of Bartleby for FREE when you bundle with these textbooks where solutions are available.
2. This best-selling guide provides a complete, practical, up-to-date introduction to network and computer security, with coverage mapped to the new CompTIA.
3. Read or Download Here Lab Manual for Security+ Guide.

1. Security+ Guide To Network Security Fundamentals 5th Edition Pdf Download
2. Security+ Guide To Network Security Fundamentals 5th Edition Download Pc
3. Security+ Guide To Network Security Fundamentals 5th Edition Download Free

CompTIA Security+ Guide to Network Security Fundamentals (with CertBlaster Printed Access Card). CompTIA Security+ Guide to Network Security Fundamentals. Ciampa, Mark. 5TH EDITION Item may show signs of shelf wear. Pages may include limited notes and highlighting. May include supplemental or companion materials if.

Test Bank for CompTIA Security+ Guide to Network Security Fundamentals, 5th Edition, Mark Ciampa, ISBN-10: 1305093917, ISBN-13: 9781305093911

This is not an original TEXT BOOK (or Solution Manual or original eBook). You are buying Test Bank. A Test Bank is collection of test questions tailored to the contents of an individual text book. Test bank may contains the following types of questions: multiple choice, true/false, fill in the blank, matching, essay/short answer, and free-response questions. Please download sample for your confidential. All orders are safe, secure and confidential.

Part I: INTRODUCTION.
1. Introduction to Security.
Part II: THREATS.
2. Malware and Social Engineering Attacks.
3. Application and Networking-Based Attacks.
Part III: BASIC SECURITY.
4. Host, Application, and Data Security.
Part IV: CRYPTOGRAPHY.
5. Basic Cryptography.
6. Advanced Cryptography.
Part V: NETWORK SECURITY.
7. Network Security.
8. Administering a Secure Network.
Part VI: MOBILE SECURITY.
9. Wireless Network Security.
10. Mobile Device Security.
Part VII: ACCESS CONTROL AND IDENTITY MANAGEMENT.
11. Access Control Fundamentals.
12. Authentication and Account Management.
Part VIII: COMPLIANCE & OPERATIONAL SECURITY.
13. Business Continuity.
14. Risk Mitigation.
15. Vulnerability Assessment and Third Party Integration.

Description

This top-selling study guide helps candidates prepare for exam SY0-301 and certification as a CompTIA Security+ administrator. Inside the new, CompTIA Authorized edition, you'll find complete coverage of all Security+ exam objectives, loads of real-world examples, and a CD packed with cutting-edge exam prep tools. The book covers key exam topics such as general security concepts, infrastructure security, the basics of cryptography, and much more.

• Provides 100% coverage of all exam objectives for the new CompTIA Security+ exam SY0-301 including:
  • Network security
  • Compliance and operational security
  • Threats and vulnerabilities
  • Application, data and host security
  • Access control and identity management
  • Cryptography
• Covers key topics such as general security concepts, communication and infrastructure security, the basics of cryptography, operational security, and more
• Offers practical examples and insights drawn from the real world
• Includes a CD with two practice exams, all chapter review questions, electronic flashcards, and more

Obtain your Security+ certification and jump-start your career. It's possible with the kind of thorough preparation you'll receive from CompTIA Security+ Study Guide, 5th Edition.

Table of Contents

Foreword xxv

Introduction xxix

Assessment Test l

Chapter 1 Measuring and Weighing Risk 1

Risk Assessment 2

Computing Risk Assessment 3

Acting on Your Risk Assessment 5

Risks Associated with Cloud Computing 7

Risks Associated with Virtualization 8

Developing Policies, Standards, and Guidelines 9

Implementing Policies 9

Incorporating Standards 10

Following Guidelines 11

Business Policies 12

Understanding Control Types, False Positives, and Change andIncident Management 16

Summary 18

Exam Essentials 19

Review Questions 20

Answers to Review Questions 24

Chapter 2 Infrastructure and Connectivity 27

Mastering TCP/IP 29

Working with the TCP/IP Suite 30

IPv4 vs. IPv6 33

Understanding Encapsulation 34

Working with Protocols and Services 35

Distinguishing between Security Topologies 41

Setting Design Goals 41

Creating Security Zones 43

Working with Newer Technologies 48

Working with Business Requirements 53

Understanding Infrastructure Security 53

Working with Hardware Components 53

Working with Software Components 55

Understanding the Different Network Infrastructure Devices56

Firewalls 56

Hubs 61

Modems 62

Remote Access Services 62

Routers 63

Switches 65

Load Balancers 66

Telecom/PBX Systems 66

Virtual Private Networks 68

Web Security Gateway 69

Spam Filters 69

Understanding Remote Access 70

Using Point-to-Point Protocol 70

Working with Tunneling Protocols 71

Summary 72

Exam Essentials 73

Review Questions 74

Answers to Review Questions 78

Chapter 3 Protecting Networks 81

Monitoring and Diagnosing Networks 83

Network Monitors 83

Intrusion Detection Systems 84

Understanding Intrusion Detection Systems 85

Working with a Network-Based IDS 89

Working with a Host-Based IDS 93

Working with NIPS 95

Utilizing Honeypots 96

Understanding Protocol Analyzers 97

Securing Workstations and Servers 98

Securing Internet Connections 100

Working with Ports and Sockets 101

Working with Email 102

Working with the Web 103

Working with File Transfer Protocol 108

Understanding Network Protocols 110

Summary 112

Exam Essentials 112

Review Questions 114

Answers to Review Questions 118

Chapter 4 Threats and Vulnerabilities 121

Understanding Software Exploitation 123

Surviving Malicious Code 131

Viruses 132

Trojan Horses 139

Logic Bombs 140

Worms 140

Antivirus Software 141

Calculating Attack Strategies 143

Understanding Access Attack Types 144

Recognizing Modification and Repudiation Attacks 146

Identifying Denial-of-Service and Distributed Denial-of-ServiceAttacks 147

Recognizing Botnets 149

Recognizing Common Attacks 150

Backdoor Attacks 150

Spoofing Attacks 151

Pharming Attacks 152

Phishing and Spear Phishing Attacks 152

Man-in-the-Middle Attacks 153

Replay Attacks 154

Password-Guessing Attacks 154

Privilege Escalation 155

Identifying TCP/IP Security Concerns 160

Recognizing TCP/IP Attacks 160

Summary 166

Exam Essentials 167

Review Questions 169

Answers to Review Questions 173

Chapter 5 Access Control and Identity Management 175

Access Control Basics 177

Identification vs. Authentication 177

Authentication (Single Factor) and Authorization 178

Multifactor Authentication 178

Operational Security 180

Tokens 180

Potential Authentication and Access Problems 181

Authentication Issues to Consider 182

Understanding Remote Access Connectivity 184

Using the Point-to-Point Protocol 184

Working with Tunneling Protocols 185

Working with RADIUS 186

TACACS/TACACS+/XTACACS 187

VLAN Management 187

Understanding Authentication Services 189

LDAP 189

Kerberos 189

Single Sign-On Initiatives 189

Understanding Access Control 191

Mandatory Access Control 192

Discretionary Access Control 192

Role-Based Access Control 193

Rule-Based Access Control 193

Implementing Access Control Best Practices 193

Smart Cards 193

Access Control Lists 195

Trusted OS 196

Secure Router Configuration 197

Summary 198

Exam Essentials 198

Review Questions 200

Answers to Review Questions 204

Chapter 6 Educating and Protecting the User 207

Understanding Security Awareness and Training 209

Communicating with Users to Raise Awareness 210

Providing Education and Training 210

Training Topics 211

Classifying Information 217

Public Information 218

Private Information 219

Information Access Controls 221

Complying with Privacy and Security Regulations 226

The Health Insurance Portability and Accountability Act 226

The Gramm-Leach-Bliley Act 227

The Computer Fraud and Abuse Act 227

The Family Educational Rights and Privacy Act 228

The Computer Security Act of 1987 228

The Cyberspace Electronic Security Act 228

The Cyber Security Enhancement Act 229

The Patriot Act 229

Familiarizing Yourself with International Efforts 229

Understanding Social Engineering 230

Types of Social Engineering Attacks 231

What Motivates an Attack? 233

Social Engineering Attack Examples 233

Summary 237

Exam Essentials 237

Review Questions 239

Answers to Review Questions 243

Chapter 7 Operating System and Application Security245

Hardening the Operating System 247

The Basics of OS Hardening 247

Hardening Filesystems 253

Updating Your Operating System 255

Application Hardening 256

Fuzzing 256

Cross-Site Request Forgery 257

Application Configuration Baselining 257

Application Patch Management 257

Making Your Network More Secure Through Hardening 258

Working with Data Repositories 264

Directory Services 264

Databases and Technologies 266

Injection Problems 267

SQL Injection 267

LDAP Injection 268

XML Injection 268

Directory Traversal/Command Injection 269

Host Security 269

Antimalware 269

Host Software Baselining 274

Mobile Devices 275

Best Practices for Security 276

URL Filtering 276

Content Inspection 277

Malware Inspection 278

Data Loss Prevention 280

Data Encryption 280

Hardware-Based Encryption Devices 281

Attack Types to Be Aware Of 282

Session Hijacking 282

Header Manipulation 282

Summary 283

Exam Essentials 284

Review Questions 285

Answers to Review Questions 289

Chapter 8 Cryptography Basics 291

An Overview of Cryptography 293

Understanding Non-mathematical Cryptography 293

Understanding Mathematical Cryptography 296

Working with Passwords 298

Understanding Quantum Cryptography 299

Uncovering the Myth of Unbreakable Codes 300

Understanding Cryptographic Algorithms 302

The Science of Hashing 302

Working with Symmetric Algorithms 304

Working with Asymmetric Algorithms 307

Wi-Fi Encryption 309

Using Cryptographic Systems 309

Confidentiality 310

Integrity 310

Digital Signatures 311

Authentication 312

Non-repudiation 314

Access Control 314

Key Features 315

Understanding Cryptography Standards and Protocols 315

The Origins of Encryption Standards 316

Public-Key Infrastructure X.509/Public-Key CryptographyStandards 320

X.509 321

SSL and TLS 321

Certificate Management Protocols 323

Security+ Guide To Network Security Fundamentals 5th Edition Pdf Download

Secure Multipurpose Internet Mail Extensions 323

Secure Electronic Transaction 324

Secure Shell 325

Pretty Good Privacy 325

HTTP Secure 327

Secure HTTP 327

IP Security 327

Tunneling Protocols 330

Federal Information Processing Standard 330

Summary 331

Exam Essentials 331

Review Questions 333

Answers to Review Questions 337

Chapter 9 Cryptography Implementation 339

Using Public Key Infrastructure 340

Using a Certificate Authority 341

Working with Registration Authorities and Local RegistrationAuthorities 342

Implementing Certificates 344

Understanding Certificate Revocation 347

Implementing Trust Models 348

Preparing for Cryptographic Attacks 355

Ways to Attack Cryptographic Systems 356

Three Types of Cryptographic Attacks 357

Understanding Key Management and the Key Life Cycle 358

Methods for Key Generation 359

Storing and Distributing Keys 361

Using Key Escrow 363

Identifying Key Expiration 364

Revoking Keys 364

Suspending Keys 364

Recovering and Archiving Keys 365

Renewing Keys 366

Destroying Keys 367

Identifying Key Usage 368

Summary 368

Exam Essentials 369

Review Questions 370

Answers to Review Questions 374

Chapter 10 Physical and Hardware-Based Security 375

Implementing Access Control 376

Physical Barriers 376

Security Zones 382

Partitioning 384

Biometrics 386

Maintaining Environmental and Power Controls 386

Environmental Monitoring 387

Power Systems 388

EMI Shielding 389

Hot and Cold Aisles 391

Fire Suppression 392

Fire Extinguishers 392

Fixed Systems 393

Summary 394

Exam Essentials 394

Review Questions 395

Answers to Review Questions 399

Chapter 11 Security and Vulnerability in the Network401

Network Security Threats 403

Penetration Testing 404

Vulnerability Scanning 405

Ethical Hacking 407

Assessment Types and Techniques 408

Secure Network Administration Principles 409

Rule-Based Management 410

Security+ Guide To Network Security Fundamentals 5th Edition Download Pc

Port Security 410

Working with 802.1X 411

Flood Guards and Loop Protection 411

Preventing Network Bridging 411

Log Analysis 412

Mitigation and Deterrent Techniques 412

Manual Bypassing of Electronic Controls 412

Monitoring System Logs 413

Security Posture 419

Reporting 420

Detection/Prevention Controls 420

Summary 421

Exam Essentials 421

Review Questions 422

Answers to Review Questions 426

Chapter 12 Wireless Networking Security 429

Working with Wireless Systems 430

IEEE 802.11x Wireless Protocols 430

WEP/WAP/WPA/WPA2 432

Wireless Transport Layer Security 434

Understanding Mobile Devices 435

Wireless Access Points 436

Extensible Authentication Protocol 441

Lightweight Extensible Authentication Protocol 442

Protected Extensible Authentication Protocol 443

Wireless Vulnerabilities to Know 443

Summary 448

Exam Essentials 448

Review Questions 450

Answers to Review Questions 454

Chapter 13 Disaster Recovery and Incident Response455

Understanding Business Continuity 456

Undertaking Business Impact Analysis 457

Utilities 458

High Availability 460

Disaster Recovery 464

Incident Response Policies 479

Understanding Incident Response 480

Succession Planning 487

Reinforcing Vendor Support 487

Service-Level Agreements 487

Code Escrow Agreements 489

Summary 490

Exam Essentials 491

Review Questions 492

Answers to Review Questions 496

Chapter 14 Security-Related Policies and Procedures 499

Policies You Must Have 500

Data Loss/Theft Policies 500

Least Privilege 501

Separation of Duties 502

Time of Day Restrictions 502

Mandatory Vacations and Job Rotation 504

Policies You Should Have 504

Human Resource Policies 504

Certificate Policies 508

Security Controls for Account Management 510

User and Group Role Management 510

Users with Multiple Accounts/Roles 512

Auditing 512

Account Policy Enforcement 519

Summary 521

Exam Essentials 522

Review Questions 523

Answers to Review Questions 527

Chapter 15 Security Administration 529

Security Administrator’s Troubleshooting Guide 530

Getting Started 531

Creating a Home Lab 531

In the Workplace 532

Which OS Should You Use? 533

Creating a Security Solution 533

Access Control Issues 534

Security+ Guide To Network Security Fundamentals 5th Edition Download Free

Accountability Concerns 534

Auditing 535

Authentication Schemes 536

Authentication Factors 536

Mutual Authentication 537

Authentication Protection 538

Backup Management 538

Baselining Security 539

Certificate Management 540

Communications Security 541

Preauthentication 541

Remote Control/Remote Shell 542

Virtual Private Networks 543

Directory Services Protection 543

Disaster Planning 544

Documenting Your Environment 545

Email Issues 545

File-Sharing Basics 547

Working with IDSs and Honey Pots 548

Incident Handling 548

Internet Common Sense 549

Key Management Conventions 550

Preventing Common Malicious Events 551

Constructing a Line of Defense 552

Types of Attacks 553

Antivirus Protection 554

Making Stronger Passwords 555

Managing Personnel 557

Keeping Physical Security Meaningful 558

Securing the Infrastructure 560

Working with Security Zones 562

Social Engineering Risks 562

System Hardening Basics 563

Securing the Wireless Environment 565

Summary 566

Appendix A About the Companion CD 567

What You’ll Find on the CD 568

Sybex Test Engine 568

Electronic Flashcards 568

PDF of the Glossary 568

System Requirements 569

Using the CD 569

Troubleshooting 570

Customer Care 570

Glossary 571

Index 613

Author Information

Emmett Dulaney is an associate professor at Anderson University. He has written several certification books on Windows, Security, IT project management, and UNIX, and is coauthor of two of Sybex's leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide. He is also a well-known certification columnist for Redmond magazine and CertCities.com.

Downloads

Errata

Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.

Learn more about