CompTIA security+ : review guide /

Stewart, James Michael,

CompTIA security+ : review guide / James Michael Stewart. - xxxv, 245 pages : illustrations ; 24 cm. + 1 CD-ROM (4 3/4 in.)

Includes index.

Introduction -- 1. Systems Security -- 1.1. Differentiate among various systems security threats. -- 1.2. Explain the security risks pertaining to system hardware and peripherals. -- 1.3. Implement OS hardening practices and procedures to achieve workstation and server security. -- 1.4. Carry out the appropriate procedures to establish application security. -- 1.5. Implement security applications. -- 1.6. Explain the purpose and application of virtualization technology. -- 2. Network Infrastructure -- 2.1. Differentiate between the different ports & protocols, their respective threats and mitigation techniques. -- 2.2. Distinguish between network design elements and components. -- 2.3. Determine the appropriate use of network security tools to facilitate network security. -- 2.4. Apply the appropriate network tools to facilitate network security. -- 2.5. Explain the vulnerabilities and mitigations associated with network devices. -- 2.6. Explain the vulnerabilities and mitigations associated with various transmission media. -- 2.7. Explain the vulnerabilities and implement mitigations associated with wireless networking. -- xvi 3. Access Control -- 3.1. Identify and apply industry best practices for access control methods. -- 3.2. Explain common access control models and the differences between each. -- 3.3. Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges. -- 3.4. Apply appropriate security controls to file and print resources. -- 3.5. Compare and implement logical access control methods. -- 3.6. Summarize the various authentication models and identify the components of each. -- 3.7. Deploy various authentication models and identify the components of each. -- 802.1x -- 3.8. Explain the difference between identification and authentication (identity proofing). -- 3.9. Explain and apply physical access security methods. -- 4. Assessments and Audits -- 4.1. Conduct risk assessments and implement risk mitigation. -- 4.2.Carry out vulnerability assessments using common tools. -- 4.3. Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. -- 4.4. Use monitoring tools on systems and networks and detect security-related anomalies. -- xviii 4.5. Compare and contrast various types of monitoring methodologies. -- 4.6. Execute proper logging procedures and evaluate the results. -- 4.7. Conduct periodic audits of system security settings. -- 5. Cryptography -- 5.1. Explain general cryptography concepts. -- 5.2. Explain basic hashing concepts and map various algorithms to appropriate applications. -- 5.3. Explain basic encryption concepts and map various algorithms to appropriate applications. -- 3DES -- 5.4. Explain and implement protocols. -- 5.5. Explain core concepts of public key cryptography. -- 5.6. Implement PKI and certificate management. -- xx 6. Organizational Security -- 6.1. Explain redundancy planning and its components. -- 6.2. Implement disaster recovery procedures. -- 6.3. Differentiate between and execute appropriate incident response procedures. -- 6.4. Identify and explain applicable legislation and organizational policies. -- 6.5. Explain the importance of environmental controls. -- 6.6. Explain the concept of and how to reduce the risks of social engineering.

This review guide is broken into six parts, each one corresponding to one of the six domain areas of the Security+ exam: systems security, network infrastructure, access control, assessments and audits, cryptography, and organizational security. You'll find this book to be essential reading if you are studying for Security+ certification and want to get up to speed on the most recent security topics. The CD-ROM contains more than 120 review questions, two bonus exams, electronic flashcards, and a searchable key term database.



Electronic data processing personnel--Certification.
Computer networks--Examinations--Study guides.
Computer technicians--Certification--Study guides.

QA76.3 / .S747 2009

005.8 ST.S 2009 G.C / 23