TY - BOOK AU - Stewart,James Michael TI - CompTIA security+ : : review guide SN - 9780470404843 AV - QA76.3 .S747 2009 U1 - 005.8 ST.S 2009 G.C PY - 2009/// CY - Indianapolis, Indiana : PB - Wiley Publishing KW - Electronic data processing personnel KW - Certification KW - Computer networks KW - Examinations KW - Study guides KW - Computer technicians N1 - Includes index; Introduction -- 1. Systems Security -- 1.1. Differentiate among various systems security threats. -- 1.2. Explain the security risks pertaining to system hardware and peripherals. -- 1.3. Implement OS hardening practices and procedures to achieve workstation and server security. -- 1.4. Carry out the appropriate procedures to establish application security. -- 1.5. Implement security applications. -- 1.6. Explain the purpose and application of virtualization technology. -- 2. Network Infrastructure -- 2.1. Differentiate between the different ports & protocols, their respective threats and mitigation techniques. -- 2.2. Distinguish between network design elements and components. -- 2.3. Determine the appropriate use of network security tools to facilitate network security. -- 2.4. Apply the appropriate network tools to facilitate network security. -- 2.5. Explain the vulnerabilities and mitigations associated with network devices. -- 2.6. Explain the vulnerabilities and mitigations associated with various transmission media. -- 2.7. Explain the vulnerabilities and implement mitigations associated with wireless networking. -- xvi 3. Access Control -- 3.1. Identify and apply industry best practices for access control methods. -- 3.2. Explain common access control models and the differences between each. -- 3.3. Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges. -- 3.4. Apply appropriate security controls to file and print resources. -- 3.5. Compare and implement logical access control methods. -- 3.6. Summarize the various authentication models and identify the components of each. -- 3.7. Deploy various authentication models and identify the components of each. -- 802.1x -- 3.8. Explain the difference between identification and authentication (identity proofing). -- 3.9. Explain and apply physical access security methods. -- 4. Assessments and Audits -- 4.1. Conduct risk assessments and implement risk mitigation. -- 4.2.Carry out vulnerability assessments using common tools. -- 4.3. Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. -- 4.4. Use monitoring tools on systems and networks and detect security-related anomalies. -- xviii 4.5. Compare and contrast various types of monitoring methodologies. -- 4.6. Execute proper logging procedures and evaluate the results. -- 4.7. Conduct periodic audits of system security settings. -- 5. Cryptography -- 5.1. Explain general cryptography concepts. -- 5.2. Explain basic hashing concepts and map various algorithms to appropriate applications. -- 5.3. Explain basic encryption concepts and map various algorithms to appropriate applications. -- 3DES -- 5.4. Explain and implement protocols. -- 5.5. Explain core concepts of public key cryptography. -- 5.6. Implement PKI and certificate management. -- xx 6. Organizational Security -- 6.1. Explain redundancy planning and its components. -- 6.2. Implement disaster recovery procedures. -- 6.3. Differentiate between and execute appropriate incident response procedures. -- 6.4. Identify and explain applicable legislation and organizational policies. -- 6.5. Explain the importance of environmental controls. -- 6.6. Explain the concept of and how to reduce the risks of social engineering N2 - This review guide is broken into six parts, each one corresponding to one of the six domain areas of the Security+ exam: systems security, network infrastructure, access control, assessments and audits, cryptography, and organizational security. You'll find this book to be essential reading if you are studying for Security+ certification and want to get up to speed on the most recent security topics. The CD-ROM contains more than 120 review questions, two bonus exams, electronic flashcards, and a searchable key term database ER -