About This E-Book EPUB is an open, industry-standard format for e-books However, support for EPUB and its many features varies across reading devices and applications Use your device or app settings to customize the presentation to your liking Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site Many titles include programming code or configuration examples To optimize the presentation of these elements, view the e-book in singlecolumn, landscape mode and adjust the font size to the smallest setting In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link Click the link to view the print-fidelity code image To return to the previous page viewed, click the Back button on your device or app CompTIA® Security+ SY0-501 Cert Guide Fourth Edition David L Prowse CompTIA® Security+ SY0-501 Cert Guide Fourth Edition Copyright © 2018 by Pearson Education, Inc All rights reserved No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher No patent liability is assumed with respect to the use of the information contained herein Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions Nor is any liability assumed for damages resulting from the use of the information contained herein ISBN-13: 978-0-7897-5899-6 ISBN-10: 0-7897-5899-7 Library of Congress Control Number: 2017951236 Printed in the United States of America 17 Editor-in-Chief Mark Taub Product Line Manager Brett Bartow Acquisitions Editor Michelle Newcomb Development Editor Eleanor Bru Managing Editor Sandra Schroeder Senior Project Editor Tonya Simpson Copy Editor Bill McManus Indexer Ken Johnson Proofreader Paula Lowell Technical Editor Chris Crayton Publishing Coordinator Vanessa Evans Cover Designer Chuti Prasertsith Compositor Studio Galou Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Pearson IT Certification cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark CompTIA is a registered trademark of CompTIA, Inc Chapter opener image copyright Charlie Edwards/Photodisc/Getty Images Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published as part of the services for any purpose All such documents and related graphics are provided “as is” without warranty of any kind Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-infringement In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from the services The documents and related graphics contained herein could include technical inaccuracies or typographical errors Changes are periodically added to the information herein Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time Partial screenshots may be viewed in full within the software version specified Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A and other countries Screenshots and icons reprinted with permission from the Microsoft Corporation This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information provided is on an “as is” basis The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419 For government sales inquiries, please contact governmentsales@pearsoned.com For questions about sales outside the U.S., please contact intlcs@pearson.com Contents at a Glance Introduction CHAPTER Introduction to Security CHAPTER Computer Systems Security Part I CHAPTER Computer Systems Security Part II CHAPTER OS Hardening and Virtualization CHAPTER Application Security CHAPTER Network Design Elements CHAPTER Networking Protocols and Threats CHAPTER Network Perimeter Security CHAPTER Securing Network Media and Devices CHAPTER 10 Physical Security and Authentication Models CHAPTER 11 Access Control Methods and Models CHAPTER 12 Vulnerability and Risk Assessment CHAPTER 13 Monitoring and Auditing CHAPTER 14 Encryption and Hashing Concepts CHAPTER 15 PKI and Encryption Protocols CHAPTER 16 Redundancy and Disaster Recovery CHAPTER 17 Social Engineering, User Education, and Facilities Security CHAPTER 18 Policies and Procedures CHAPTER 19 Taking the Real Exam Practice Exam I: SY0-501 Glossary Index Elements Available Online View Recommended Resources Real-World Scenarios Table of Contents Introduction Chapter Introduction to Security Foundation Topics Security 101 The CIA of Computer Security The Basics of Information Security Think Like a Hacker Threat Actor Types and Attributes Chapter Review Activities Review Key Topics Define Key Terms Review Questions Answers and Explanations Chapter Computer Systems Security Part I Foundation Topics Malicious Software Types Viruses Worms Trojan Horses Ransomware Spyware Rootkits Spam Summary of Malware Threats Delivery of Malware Via Software, Messaging, and Media Botnets and Zombies Code Snippets Code Snippets ... click the Back button on your device or app CompTIA Security+ SY0- 501 Cert Guide Fourth Edition David L Prowse CompTIA Security+ SY0- 501 Cert Guide Fourth Edition Copyright © 2018 by Pearson... Foundation Topics Public Key Infrastructure Certificates SSL Certificate Types Single-Sided and Dual-Sided Certificates Certificate Chain of Trust Certificate Formats Certificate Authorities Web of Trust... the Exam Preparation Checklist Tips for Taking the Real Exam Beyond the CompTIA Security+ Certification Practice Exam 1: SY0- 501 Answers to Practice Exam Answers with Explanations Glossary Index