SØG - mellem flere end 8 millioner bøger:

Søg på: Titel, forfatter, forlag - gerne i kombination.
Eller blot på isbn, hvis du kender dette.
Hjælp

Viser: CompTIA Security+ SY0-601 Exam Cram

CompTIA Security+ SY0-601 Exam Cram, 6. udgave

CompTIA Security+ SY0-601 Exam Cram

Martin Weiss
(2020)
Sprog: Engelsk
Cisco Press
495,00 kr.
Denne titel er udgået og kan derfor ikke bestilles. Vi beklager.
Porto kan blive tilføjet, se takster her
Denne bog erstatter CompTIA Security+ SY0-501 Exam Cram, 5. udgave

Detaljer om varen

  • 6. Udgave
  • Paperback: 752 sider
  • Udgiver: Cisco Press (December 2020)
  • ISBN: 9780136798675

CompTIA® Security+ SY0-601 Exam Cram, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time practice and feedback with two complete exams.

Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!

  • Assess the different types of attacks, threats, and vulnerabilities organizations face
  • Understand security concepts across traditional, cloud, mobile, and IoT environments
  • Explain and implement security controls across multiple environments
  • Identify, analyze, and respond to operational needs and security incidents
  • Understand and explain the relevance of concepts related to governance, risk, and compliance

Exclusive State-of-the-Art Web-based Test Engine with Practice Questions

Make sure you're 100% ready for the real exam!

  • Detailed explanations of correct and incorrect answers
  • Multiple test modes
  • Random questions and order of answers
  • Coverage of each current Security+ exam objective
Introduction
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. xxvii
Part I: Attacks, Threats, and Vulnerabilities 1
CHAPTER 1: Social Engineering Techniques..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 3 The Social Engineer..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 4 Phishing and Related Attacks..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6 Principles of Influence (Reasons for Effectiveness).
.
.
.
.
.
.
. 10 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 14
CHAPTER 2: Attack Basics..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 15 Malware.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 16 Physical Attacks..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 26 Adversarial Artificial Intelligence (AI)..
.
.
.
.
.
.
.
.
.
.
. 27 Password Attacks.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 28 Downgrade Attacks..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 31 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 34
CHAPTER 3: Application Attacks..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 35 Race Conditions..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 36 Improper Software Handling..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37 Resource Exhaustion..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37 Overflows..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 38 Code Injections.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 39 Driver Manipulation..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 40 Request Forgeries..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 41 Directory Traversal..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 44 Replay Attack..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 45 Secure Sockets Layer (SSL) Stripping..
.
.
.
.
.
.
.
.
.
.
. 45 Application Programming Interface (API) Attacks..
.
.
.
.
.
.
. 47 Pass-the-Hash Attack.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 49 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 52
CHAPTER 4: Network Attacks..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 53 Wireless.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 54 On-Path Attack.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 58 Layer 2 Attacks.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 59 Domain Name System (DNS) Attacks..
.
.
.
.
.
.
.
.
.
.
. 62 Denial of Service.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 64 Malicious Code and Script Execution..
.
.
.
.
.
.
.
.
.
.
. 68 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 71
CHAPTER 5: Threat Actors, Vectors, and Intelligence Sources.
.
.
.
.
.
.
.
.
. 73 Threat Actor Attributes..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 74 Threat Actor Types..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 75 Vectors..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 80 Threat Intelligence and Research Sources..
.
.
.
.
.
.
.
.
.
. 81 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 87
CHAPTER 6: Vulnerabilities..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 89 Cloud-Based vs. On-Premises.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 90 Zero-Day.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 90 Weak Configurations.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 91 Third-Party Risks..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 95 Impacts..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 96 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 98
CHAPTER 7: Security Assessment Techniques..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 99 Vulnerability Scans..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 100 Threat Assessment..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 103 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 110
CHAPTER 8: Penetration Testing Techniques..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 111 Testing Methodology.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 112 Team Exercises..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 118 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 120
Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 123 Configuration Management..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 124 Data Confidentiality..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 126 Deception and Disruption..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 139 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 143
CHAPTER 10: Virtualization and Cloud Computing..
.
.
.
.
.
.
.
.
.
.
.
.
. 145 Virtualization..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 145 On-Premises vs. Off-Premises.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 154 Cloud Models.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 155 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 164
CHAPTER 11: Secure Application Development, Deployment, and Automation..
.
.
. 165 Application Environment..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 166 Integrity Measurement..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 168 Change Management and Version Control..
.
.
.
.
.
.
.
.
.
. 169 Secure Coding Techniques..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 170 Automation and Scripting..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 180 Scalability and Elasticity.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 184 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 187
CHAPTER 12: Authentication and Authorization Design.
.
.
.
.
.
.
.
.
.
.
.
. 189 Identification and Authentication, Authorization, and Accounting (AAA)..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 189 Multifactor Authentication..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 190 Single Sign-on..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 192 Authentication Technologies.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 195 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 204
CHAPTER 13: Cybersecurity Resilience..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 205 Redundancy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 205 Backups..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 214 Defense in Depth..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 221 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 224
CHAPTER 14: Embedded and Specialized Systems.
.
.
.
.
.
.
.
.
.
.
.
.
. 225 Embedded Systems..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 225 SCADA and ICS.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 227 Smart Devices and IoT..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 229 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 238
CHAPTER 15: Physical Security Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 239 Perimeter Security..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 239 Internal Security..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 243 Equipment Security.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 246 Environmental Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 249 Secure Data Destruction..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 255 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 259
CHAPTER 16: Cryptographic Concepts.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 261 Cryptosystems..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 262 Use of Proven Technologies and Implementation..
.
.
.
.
.
.
. 272 Steganography..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 273 Cryptography Use Cases..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 274 Cryptography Constraints..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 276 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 277
Part III: Implementation 279
CHAPTER 17: Secure Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 281 Secure Web Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 282 Secure File Transfer Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 286 Secure Email Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 287 Secure Internet Protocols.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 288 Secure Protocol Use Cases..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 293 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 305
CHAPTER 18: Host and Application Security Solutions..
.
.
.
.
.
.
.
.
.
.
.
. 307 Endpoint Protection..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 308 Firewalls and HIPS/HIDS Solutions..
.
.
.
.
.
.
.
.
.
. 308 Anti-Malware and Other Host Protections.
.
.
.
.
.
.
.
. 310 Application Security..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 318 Hardware and Firmware Security..
.
.
.
.
.
.
.
.
.
.
.
.
. 322 Operating System Security..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 330 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 338
CHAPTER 19: Secure Network Design..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 339 Network Devices and Segmentation..
.
.
.
.
.
.
.
.
.
.
.
. 340 Security Devices and Boundaries.
.
.
.
.
.
.
.
.
.
.
.
.
. 347 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 369
CHAPTER 20: Wireless Security Settings..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 371 Access Methods..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 372 Wireless Cryptographic Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
. 373 Authentication Protocols..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 377 Wireless Access Installations.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 379 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 387
CHAPTER 21: Secure Mobile Solutions.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 389 Communication Methods.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 389 Mobile Device Management Concepts.
.
.
.
.
.
.
.
.
.
.
. 393 Enforcement and Monitoring..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 405 Deployment Models..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 412 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 420
CHAPTER 22: Cloud Cybersecurity Solutions..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 421 Cloud Workloads..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 422 Third-Party Cloud Security Solutions..
.
.
.
.
.
.
.
.
.
.
. 428 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 431
CHAPTER 23: Identity and Account Management Controls..
.
.
.
.
.
.
.
.
.
. 433 Account Types..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 433 Account Management..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 435 Account Policy Enforcement..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 441 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 448
CHAPTER 24: Authentication and Authorization Solutions..
.
.
.
.
.
.
.
.
.
.
. 449 Authentication..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 450 Access Control..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 466 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 472
CHAPTER 25: Public Key Infrastructure..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 473 What Next?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 489
Part IV: Operations and Incident Response 491
CHAPTER 26: Organizational Security..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 493 Shell and Script Environments..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 494 Network Reconnaissance and Discovery.
.
.
.
.
.
.
.
.
.
.
. 496 Packet Capture and Replay.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 502 Password Crackers..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 504 Forensics and Data Sanitization..
.
.
.
De oplyste priser er inkl. moms
Om Polyteknisk Boghandel
Vore forlag
Kontakt
Medarbejdere 
Om returret
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik 
Find pensumliste
FAQ for studerende
Pensumlistegaranti 
Sortiment og levering
Kompendier(for undervisere)
E-mærke certificeret
Trustpilot = Fremragende
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927

Polyteknisk Boghandel

har gennem mere end 50 år været studieboghandlen på DTU og en af Danmarks førende specialister i faglitteratur.

 

Vi lagerfører et bredt udvalg af bøger, ikke bare inden for videnskab og teknik, men også f.eks. ledelse, IT og meget andet.

Læs mere her


Fysisk eller digital bog?

Ud over trykte bøger tilbyder vi tre forskellige typer af digitale bøger:

 

Vital Source Bookshelf: En velfungerende ebogsplatform, hvor bogen downloades til din computer og/eller mobile enhed.

 

Du skal bruge den gratis Bookshelf software til at læse læse bøgerne - der er indbygget gode værktøjer til f.eks. søgning, overstregning, notetagning mv. I langt de fleste tilfælde vil du samtidig have en sideløbende 1825 dages online adgang. Læs mere om Vital Source bøger

 

Levering: I forbindelse med købet opretter du et login. Når du har installeret Bookshelf softwaren, logger du blot ind og din bog downloades automatisk.

 

 

Adobe ebog: Dette er Adobe DRM ebøger som downloades til din lokale computer eller mobil enhed.

 

For at læse bøgerne kræves særlig software, som understøtter denne type. Softwaren er gratis, men du bør sikre at du har rettigheder til installere software på den maskine du påtænker at anvende den på. Læs mere om Adobe DRM bøger

 

Levering: Et download link sendes pr email umiddelbart efter købet.

 


Ibog: Dette er en online bog som kan læses på udgiverens website. 

Der kræves ikke særlig software, bogen læses i en almindelig browser.

 

Levering: Vores medarbejder sender dig en adgangsnøgle pr email.

 

Vi gør opmærksom på at der ikke er retur/fortrydelsesret på digitale varer.