CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021)

Preview (31 of 579 Pages)

100%

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 1 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 2 preview image

Loading page ...

DownloadedfromStudyXY.comWw+StudyXY==as.Za\Rr'BE\StudyLAnythingThisContentHasbeenPoste10nStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontribu:ors.|6)www.studyxy.com

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 3 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 4 preview image

Loading page ...

onExamVouchers*

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 5 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 6 preview image

Loading page ...

Security+®ReviewGuideFifthEdition

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 7 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 8 preview image

Loading page ...

Security+®ReviewGuideFifthEditionJamesMichaelStewartCusmex

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 9 preview image

Loading page ...

Copyright©2021byJohnWiley&Sons,Inc.,Indianapolis,IndianaPublishedsimultaneouslyinCanadaISBN:978-1-119-73538-0ISBN:978-1-119-73542-7(ebk)ISBN:978-1-119-73536-6(ebk)Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permissions.LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thisworkissoldwiththeunderstandingthatthepublisherisnoengagedinrenderinglegal,accounting,orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.ThefactthatanorganizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialatbooksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wLey.com.LibraryofCongressControlNumber:2020950195TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CompTIAandSecurity+areregisteredtrademarksofCompTIAProperties,LLC.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.Study

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 10 preview image

Loading page ...

ToCatharineReneeStewart:Youaremyallandmyeverything,Iloveyou.+StudyXY

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 11 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 12 preview image

Loading page ...

AcknowledgmentsThankstoallthoseatSybex/WileywhocontinuetoallowmetodowhatIenjoymost—impartknowledgetoothers.ThankstoKenyonBrown,acquisitionseditor,andthewholeSybexcrewforprofessionaljugglingservicessupremelyrendered.Thankstomyprojecteditor,KellyTalbot,mytechnicaleditor,BuzzMurphy,andmymanagingeditor,ChristineO°Connor.Tomywonderwomanofawife,Cathy,andmyamazingkids,SlaydeandRemi—youmakelifeexcitingandsweet!Tomymom,Johnnie:thanksforyourloveandconsistentsupport.ToMark:goawayorIshalltauntyouasecondtime!Finally,asalways,toElvis:isthepluralofElvis...ElvisesorElvi?—JamesMichaelStewartStudyXY

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 13 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 14 preview image

Loading page ...

AbouttheAuthorJamesMichaelStewarthasbeenworkingwithcomputersandtechnologysince1983(althoughofficiallyasacareersince1994).HisworkfocusesonInternettechnologies,professionalcertifications,andITsecurity.Forover20years,Michaelhasbeenteachingjobskillandcertificationfocusedcourses,suchasCISSP,CEH,CHFI,andSecurity+.MichaelhascontributedtomanySecurity+focusedmaterials,includingexamprepara-tionguides,practiceexams,DVDvideoinstruction,andcourseware.Inaddition,Michaelhasco-authorednumerousbooksonothersecurityandITcertificationandadministrationtopics,includingbeinganauthorontheCISSPStudyGuide9thEdition.Hehasdevelopedcertificationcoursewareandtrainingmaterialsandpresentedthesematerialsintheclass-room.Heholdsnumerouscertifications,includingCEH,CHFI,ECSA,ECIH,CND,CySA+,PenTest+,CASP+,Security+,Network+,A+,CISSP,CISM,andCFR.Michaelgraduatedin1992fromtheUniversityofTexasatAustinwithabachelor’sdegreeinphilosophy.Despitehisdegree,hiscomputerknowledgeisself-acquired,basedonseat-of-the-pants,hands-on,“streetsmarts”experience.YoucanreachMichaelbyemailatmichael@impactonline.com.

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 15 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 16 preview image

Loading page ...

AbouttheTechnicalEditorGeorge(Buzz)Murphy,CISSP,CCSP,SSCP,CASP,isapublicspeaker,corporatetrainer,author,andcybersecurityevangelist.AformerDelltechnologytrainingexecutiveandU.S.ArmyITnetworkingsecurityinstructor,hehasaddressedaudiencesatnationalconferences,internationalcorporationsandmajoruniversities.Hehastrainednetworkandcybersecu-rityoperatorsfortheU.S.militarybranches,U.S.governmentsecurityagencies,theFederalReserveBank,SandiaNationalLaboratory,JetPropulsionLaboratory,OakRidgeNationalLaboratory,andNASA.AsamilitarydatacentermanagerinEurope,Buzzhasheldtop-secretsecurityclearancesinbothUSandNATOintelligenceandthroughtheyearshasearnedmorethan30ITandcybersecuritycertificationsfromCompTIA,(ISC)?,PMI,Microsoft,andotherindustrycertificationorganizations.Buzzhasauthoredorbeenthetechnicaleditoronnumerousbooksonawiderangeoftopicsincludingnetworkengineering,industrialcontroltechnology,ITsecurity,andmore,includingvariouseditionsofCASP:CompTIAAdvancedSecurityPractitionerStudyGuide,CompTIASecurity+StudyGuide,SSCP:SystemsSecurityPractitionerStudyGuide,andCCFP:CertifiedCyberForensicsProfessionalCertificationGuide.

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 17 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 18 preview image

Loading page ...

ContentsataGlanceIntroductionxixChapter1Threats,Attacks,andVulnerabilities1Chapter2ArchitectureandDesign123Chapter3Implementation245Chapter4OperationsandIncidentResponse375Chapter5Governance,Risk,andCompliance441AppendixAnswerstoReviewQuestions499Index519+StudyXY

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 19 preview image

Loading page ...

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 20 preview image

Loading page ...

ContentsIntroductionxixChapter1Threats,Attacks,andVulnerabilities11.1Compareandcontrastdifferenttypesofsocialengineeringtechniques.51.2Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack.201.3Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks.371.4Givenascenario,analyzepotentialindicatorsassociatedwithnetworkattacks.571.5Explaindifferentthreatactors,vectors,andintelligencesources.801.6Explainthesecurityconcernsassociatedwithvarioustypesofvulnerabilities.911.7Summarizethetechniquesusedinsecurityassessments.991.8Explainthetechniquesusedinpenetrationtesting.109ReviewQuestions118Chapter2ArchitectureandDesign1232.1Explaintheimportanceofsecurityconceptsinanenterpriseenvironment.1282.2Summarizevirtualizationandcloudcomputingconcepts.1392.3Summarizesecureapplicationdevelopment,deployment,andautomationconcepts.1522.4Summarizeauthenticationandauthorizationdesignconcepts.1672.5Givenascenario,implementcybersecurityresilience.1832.6Explainthesecurityimplicationsofembeddedandspecializedsystems.1962.7Explaintheimportanceofphysicalsecuritycontrols.2082.8Summarizethebasicsofcryptographicconcepts.220ReviewQuestions240Chapter3Implementation2453.1Givenascenario,implementsecureprotocols.2483.2Givenascenario,implementhostorapplicationsecuritysolutions.2623.3Givenascenario,implementsecurenetworkdesigns.280StudyXY

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 21 preview image

Loading page ...

xviiiContents3.4Givenascenario,installandconfigurewirelesssecuritysettings.3043.5Givenascenario,implementsecuremobilesolutions.3153.6Givenascenario,applycybersecuritysolutionstothecloud.3303.7Givenascenario,implementidentityandaccountmanagementcontrols.3363.8Givenascenario,implementauthenticationandauthorizationsolutions.3443.9Givenascenario,implementpublickeyinfrastructure.355ReviewQuestions370Chapter4OperationsandIncidentResponse3754.1Givenascenario,usetheappropriatetooltoassessorganizationalsecurity.3774.2Summarizetheimportanceofpolicies,processes,andproceduresforincidentresponse.3984.3Givenanincident,utilizeappropriatedatasourcestosupportaninvestigation.4094.4Givenanincident,applymitigationtechniquesorcontrolstosecureanenvironment.4184.5Explainthekeyaspectsofdigitalforensics.422ReviewQuestions435Chapter5Governance,Risk,andCompliance4415.1Compareandcontrastvarioustypesofcontrols.4435.2Explaintheimportanceofapplicableregulations,standards,orframeworksthatimpactorganizationalsecurityposture.4465.3Explaintheimportanceofpoliciestoorganizationalsecurity.4565.4Summarizeriskmanagementprocessesandconcepts.4695.5Explainprivacyandsensitivedataconceptsinrelationtosecurity.486ReviewQuestions494AppendixAnswerstoReviewQuestions499Chapter1:Threats,Attacks,andVulnerabilities500Chapter2:ArchitectureandDesign505Chapter3:Implementation508Chapter4:OperationsandIncidentResponse511Chapter5:Governance,Risk,andCompliance514Index519StudyXY

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 22 preview image

Loading page ...

@®IntroductionTheSecurity+certificationprogramwasdevelopedbytheComputerTechnologyIndustryAssociation(CompTIA)toprovideanindustry-widemeansofcertifyingthecompetencyofcomputerservicetechniciansinthebasicsofcomputersecurity.TheSecurity+certificationisgrantedtothosewhohaveattainedthelevelofknowledgeandsecurityskillsthatshowabasiccompetencyinthesecurityneedsofbothpersonalandcorporatecomputingenviron-ments.CompTIA’sexamobjectivesareperiodicallyupdatedtokeeptheirexamsapplicabletothemostrecentdevelopments.Themostrecentupdate,labeledSY0-601,occurredinlate2020.WhatIsSecurity+Certification?TheSecurity+certificationwascreatedtoofferanintroductorystepintothecomplexworldofITsecurity.YouneedtopassonlyasingleexamtobecomeSecurity+certified.How-ever,obtainingthiscertificationdoesn’tmeanyoucanproviderealisticsecurityservicestoacompany.Infact,thisisjustthefirststeptowarddevelopinganddemonstratingreal-worldsecurityknowledgeandexperience.ByobtainingSecurity+certification,youshouldbeabletoacquiremoresecurityexperienceinordertopursuemorecomplexandin-depthsecurity&knowledgeandcertification.¢IfyouhavefurtherquestionsaboutthescopeoftheexamsorrelatedCompTIApro-grams,aswellastoconfirmthelatestpricingfortheexam,refertotheCompTIAwebsiteatwww.comptia.org.Fordetailsontheexamregistrationprocedures,pleasevisitwww.vue.com.IsThisBookforYou?CompTIASecurity+®ReviewGuide:ExamSY0-601isdesignedtobeasuccinct,portableexamreferencebookandreviewguide.Itcanbeusedinconjunctionwithamoretypicalstudyguide,suchasWiley’sCompTIASecurity+StudyGuide:SY0-601,withapracticequestionsresource,suchasWiley’sCompTIASecurity+PracticeTests:ExamSY0-601,withcomputer-basedtraining(CBT)coursewareandaclassroom/labenvironment,orasanexamreviewforthosewhodon’tfeeltheneedformoreextensive(and/orexpensive)testprepara-tion.Itismygoaltoidentifythosetopicsonwhichyoucanexpecttobetestedandtopro-videsufficientcoverageofthesetopics.Perhapsyou'vebeenworkingwithinformationtechnologiesforyears.ThethoughtofpayinglotsofmoneyforaspecializedITexam-preparationcourseprobablydoesn’tsoundappealing.Whatcantheyteachyouthatyoudon’talreadyknow,right?Becareful,though—manyexperiencednetworkadministratorshavewalkedconfidentlyintothetestcenteronlytowalksheepishlyoutofitafterfailinganITexam.Afteryou'vefinishedreadingthis®

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 23 preview image

Loading page ...

xxIntroductionbook,youshouldhaveaclearideaofhowyourunderstandingofthetechnologiesinvolvedmatchesupwiththeexpectationsoftheSecurity+testcrafters.Mygoalistohelpyouunder-standnewtechnologiesthatyoumightnothavethoroughlyimplementedorexperiencedyetaswellasgiveyouaperspectiveonsolutionsthatmightlieoutsideofyourcurrentcareerpath.Orperhapsyou'rerelativelynewtotheworldofIT,drawntoitbythepromiseofchal-lengingworkandhighersalaries.You'vejustwadedthroughan800-pagestudyguideortakenaweeklongclassatalocaltrainingcenter.Lotsofinformationtokeeptrackof,isn’tthere?Well,byorganizingthisbookaccordingtoCompTIA’sexamobjectives,andbybreakinguptheinformationintoconcise,manageablepieces,IhavecreatedwhatIthinkisthehandiestexamreviewguideavailable.Throwitinyourbackpackorobtainthedigitalversionandcarryitaroundwithyou.Asyoureadthroughthisbook,you'llbeabletoquicklyidentifythoseareasinwhichyouhaveconfidentknowledgeandthosethatrequireamorein-depthreview.HowIsThisBookOrganized?ThisbookisorganizedaccordingtotheofficialobjectiveslistpreparedbyCompTIAfortheSecurity+exam.Thechapterscorrespondtothefivemajordomainsofobjectiveandtopic&groupings.Theexamisweightedacrossthesefivetopicalareasordomainsasfollows:%hd=1.0Threats,Attacks,andVulnerabilities(24%)h=2.0ArchitectureandDesign(21%)=3.0Implementation(25%)=4.0OperationsandIncidentResponse(16%)=5.0Governance,Risk,andCompliance(14%)-_ThepreviousSY0-501versionofSecurity+wasorganizedaroundsixdomains.p:TEWithineachchapter,alloftheexamobjectivesfromeachdomainareaddressedinturnandinorderaccordingtotheofficialexamobjectivesdirectlyfromCompTIA.Inadditiontoadiscussionofeachobjective,everychapterincludestwoadditionalspecificfeatures:ExamEssentialsandReviewQuestions.ExamEssentialsAttheendofeachsubdomainobjectivesection,you'regivenalistoftopicsthatyoushouldexplorefullybeforetakingthetest.Includedinthe“ExamEssentials”sectionsarenotationsofthekeyinformationyoushouldhaveabsorbedfromthatsection.Theseitemsrepresenttheminimalknowledgeyoushouldretainfromeachchaptersection.Study®

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 24 preview image

Loading page ...

@®IntroductionxxiReviewQuestionsThisfeatureendseverychapterandprovides20questionstohelpyougaugeyourmasteryofthechapter.Foreachquestionyougetwrong,takethetimetoresearchwhytherightansweriscorrectandwhyyourwronganswerwasincorrect.Thishelpsyoulearnwhatyoudon’tknowsoyoucanmoreeffectivelyhandlesimilarquestionsinthefuture.Thisbookwasnotdesignedtobereadcovertocover,butyouarewelcometodoso.TheorganizationisbaseddirectlyonthatprovidedbyCompTIAinitsofficialCertificationExamObjective’slist.Thisorganizationisnotnecessarilyalwaysidealfortheorderoftopicsorthegroupingoftopics.However,thisorganizationwaschosentomakeitaseasyaspos-sibletolocatematerialrelatedtospecificobjectiveitems.Ifyouneedtoreadaboutaspecifictopicandknowwhereitisontheobjectivelist,thenyoucanquicklylocateitinthepagesofthisbook.Firstlocatethechapter,thentherelevanttop-levelheading,andthenthespecificheadingwhetheritisone,two,orthreeheadinglevelsbelowthat.Ifatopicisincludedmorethanonceintheobjectives,itisusuallycoveredonce(andusu-allyatitsfirstoccurrence),andthenthislocationisreferencedundertheotherheadingloca-tionswhereitappearsagain.Asyougooverthematerialinthebook,youarealsogoingtodiscoverthatCompTIAdidnotincludeallrelevantconceptsorkeywordsforaparticulartopic.Whenneeded,weaddedorexpandedcoveragewithintheobjectiveheadingstoincludefoundational,background,orrelevantmaterial.ThereareevenafewoccurrenceswhereatopicwasPsdividedintomultipleobjectivesandthenthoseobjectsspreadacrossmultiplesections.p&Thesearetreatedlikerepeats,wherefullcoverageisincludedinthefirstinstanceofthefirst¢topicandreferencesbacktothiscoverageareplacedundertheotherrelatedheadings.Forexample,“cardcloning”and“skimming”arethesamething,soitiscoveredunder“cardcloning,”andareferencetothatcoverageislistedunder“skimming.”InteractiveOnlineLearningEnvironmentandTestBankWe'veincludedseveraladditionaltest-preparationfeaturesontheinteractiveonlinelearningenvironment.Thesetoolswillhelpyouretainvitalexamcontentaswellasprepareyoutositfortheactualexams.omGotowww.wiley.com/go/sybextestpreptoregisterandgainaccessto&thisinteractiveonlinelearningenvironmentandtestbankwithstudytools.®

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 25 preview image

Loading page ...

xiiIntroductionSampleTestsInthissection,you'llfindthechaptertests,whichpresentallthereviewquestionsfromtheendofeachchapter,aswellastwomoreuniquepracticetestsof90questionseach.Usethesequestionstotestyourknowledgeofthestudyguidematerial.ElectronicFlashcardsQuestionsareprovidedindigitalflashcardformat(aquestionfollowedbyasinglecorrectanswer).Youcanusetheflashcardstoreinforceyourlearningandprovidelast-minutetestprepbeforetheexam.GlossaryofTermsinPDFWehaveincludedaveryusefulglossaryoftermsinPDFformatsoyoucaneasilyreaditonanycomputer.Ifyouhavetotravelandbrushuponanykeyterms,youcandosowiththisusefulresource.MostCompTIAexamscanbetakenin-personataPearsonVuetestingfacilityorviaanonlineexamportal.Youcanelectwhichtestdeliverymethodyouwanttousewhenyoureg-isterforyourexamatvue.com.Herearesomegeneraltipsfortakingyourexamsuccessfully:=BringtwoformsofIDwithyou.OnemustbeaphotoID,suchasadriverslicense.The&othercanbeamajorcreditcardorapassport.Bothformsmustincludeasignature.%*=Arriveearlyattheexamcentersoyoucanrelaxandreviewyourstudymaterials.Beconnectedearlyifyouaretakinganonlineexam.Being15minutesearlyisusu-allyplenty.=Readthequestionscarefully.Don’tbetemptedtojumptoanearlyconclusion.Makesureyouknowexactlywhatthequestionisasking.=Readeachquestiontwice,readtheansweroptions,andthenreadthequestionagainbeforeselectingananswer.=Youcanmoveforwardandbackwardthroughtheexam,butonlyonequestionatatime.OnlyafterreachingtheReviewPageafterthelastquestioncanyoujumparoundamongthequestionsatrandom.=Don’tleaveanyunansweredquestions.Unansweredquestionsgiveyounoopportunityforguessingcorrectlyandscoringmorepoints.=Watchyourclock.Ifyouhavenotseenyourlastquestionwhenyouhavefiveminutesleft,guessattheremainingquestions.=Therewillbequestionswithmultiplecorrectresponses.Whenthereismorethanonecorrectanswer,amessageonthescreenwillpromptyoutoeither“Choosetwo”or“Chooseallthatapply.”Besuretoreadthemessagesdisplayedsoyouknowhowmanycorrectanswersyoumustchoose.Study|®|

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 26 preview image

Loading page ...

Introductionxxiii=Questionsneedingonlyasinglecorrectanswerwilluseradiobuttonstoselectananswer,whereasthoseneedingtwoormoreanswerswillusecheckboxes.=Whenansweringmultiple-choicequestionsyou'renotsureabout,useaprocessofelim-inationtogetridoftheobviouslyincorrectanswersfirst.Doingsowillimproveyouroddsifyouneedtomakeaneducatedguess.=Trytoexpandyourperspectivefromyourowndirectexperience.Oftenthewritersoftheexamquestionsarefromlargeenterprises;ifyouonlyconsideranswersinlightofasmallcompany,militarybranch,orasanindividual,youmightnotdeterminethecorrectanswer.=Youcanmarkorflagaquestiontoindicateyouwanttoreviewitagainbeforeendingtheexam.FlaggedquestionswillbehighlightedontheReviewpage.However,youmustcompleteyourreviewbeforeyourexamtimeexpires.=Manyexamquestionswillcombineconceptsandtermsfrommultipletopics/domainstomakethequestionmorechallenging.Attempttofigureoutthecoreconceptbeingfocusedon.Often,theansweroptionswillprovideguidanceastothefocusofthequestion,especiallyifthequestiontextitselfisnotdirectandobviousenough.=Forthelatestpricingontheexamsandupdatestotheregistrationprocedures,visitCompTIA’swebsiteatwww.comptia.org.®Performance-BasedQuestions®CompTIAhasbeguntoincludeperformance-based(scenario-based)questionsonitsexams.Thesedifferfromthetraditionalmultiple-choicequestionsinthatthecandidateisexpectedtoperformataskorseriesoftasks.Taskscouldincludefillinginablank,answeringques-tionsbasedonavideooranimage,reorganizingasetintoanorder,placinglabelsonadiagram,fillinginfieldsbasedonagivensituationorsetofconditions,orsettingtheconfig-urationonanetworksecuritymanagementdevice.Don’tbesurprisedifyouarepresentedwithascenarioandaskedtocompleteatask.Theperformance-basedquestionsaredesignedtobemorechallengingthanstandardmultiple-choicequestionsandthusarealsoworthmorepoints.Takethetimetoanswerthesecarefully.Foranofficialdescriptionofperfor-mance-basedquestionsfromCompTIA,visitwww.comptia.org/blog/what-is-a-performance-based-question-(Note:thefinaldashisneeded;youcanalsosearchtofindthispagewiththephrase“WhatIsAPerformance-BasedQuestion?”)andwww.comptia.org/testing/testing-options/about-comptia-performance-exams/performance-based-questions-explained(thissecondlinkisfromtheComp-TIASecurity+informationpage,soyoucanfollowitfromthereinsteadoftypingitin).ExamSpecificsTheSecurity+SY0-601examconsistsofupto90questionswithatimeallotmentof90minutesfortheexamitself.Additionaltimeisprovidedforthepre-examelements,suchastheNDA,copyrightdisclosures,andthepost-examsurvey.IfyouweretobeassignedonlyStudy

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 27 preview image

Loading page ...

@®xxivIntroductionmultiple-choicequestions,thenyouwouldhavethemaximumof90questions.Ifyouareassignedperformance-basedquestions(whichismostlikely),thenyouwillhavefewerthan90totalquestions.Itisfairlycommontohave5or6performance-basedquestionsandabout70multiple-choicequestions,foratotalof75orsoquestions.However,youcouldbeassigned8ormoreperformance-basedquestionswithabout50multiple-choiceques-tions,foratotalof55questions.Youwillknowexactlyhowmanyquestionsyouhavebeenassignedintotaloncethefirstquestionisdisplayedonthescreen,byreadingthe“1outof##”linelocatedinthetopcorner.Youwilldiscoverhowmanyperformance-basedquestionsyouwereassignedonlybyworkingthroughallofthequestionsandcountingthemasyouencounterthem.Usuallymostperformance-basedquestionsarelocatedasthefirstofyourquestions,butCompTIAcouldpositiononeortwoelsewhereinyourtestbank.Topass,youmustscoreatleast750pointsonascaleof100-900(effectively81.25%).Atthecompletionofyourtest,youwillreceiveaprintoutofyourtestresults.Thisreportwillshowyourscoreandtheobjectivetopicsaboutwhichyoumissedaquestion.Thisprintoutwillseemoddlylong,evenifyoupass,asmanymultiple-choicequestionscoverfourtopics,sogettingonequestionwrongcouldaddfourlinesoftopicstothislist.»AlthoughthereisnoclearstatementfromCompTIA,thereseemtobesomejorquestionsontheexamthatareincludedforevaluationpurposesbutdonotcounttowardyourscore.ThesequestionsarelikelyontopicsnotcurrentlylistedintheSY0-601objectiveslist,andtheywillappearatrandomwithin&yourexamandwillnotbemarkedinanyway.&oo»Thesedetailsaresubjecttochange.Forcurrentinformation,pleaseconsultthejorCompTIAwebsite:www.comptia.org.TheSecurity+ExamObjectivesTheexamobjectiveswereusedasthestructureofthisbook.Iusetheobjectivelist’sorderandorganizationthroughoutthebook.Eachdomainiscoveredinonechapter.Eachobjective,subobjective(i.e.,bulletedtopic),andsub-subobjective(i.e.,second-levelbulletedtopic)isaheadingwithinachapter.Inthetext,Ireferencelocationsoftopicsbytheirsectionorobjectivenumber(suchassection2.3)andtheheadingofthecontent(suchas“QualityAssurance(QA)”).Thefirstnumberofanobjectivesectionisthisbook’schapternumber,andthesecondnumberisthetop-levelheadingwithinthechapter.Ifyouwouldlikeacopyoftheofficialexamobjectives,thenpleasevisitcomptia.org,selectSecurity+fromtheCertificationsmenu,andthenscrolldowntolocatetheGetPractice®

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 28 preview image

Loading page ...

IntroductionxvQuestionsandExamObjectivesheading.HereyoucanprovideyourcontactinformationandyouwillgainaccesstobothaPDFcopyoftheexamobjectivesaswellassomepracticequestions.aExamobjectivesaresubjecttochangeatanytimewithoutpriornoticeand&atCompTIAsolediscretion.PleasevisittheSecurity+CertificationpageofCompTIA'swebsite(www.comptia.org)foralinktothemostcurrentexamobjectives.Onceyouobtaintheexamobjectives,youshouldnoticethatattheendofthedocumentarefourpagesofacronyms.Iincludedeachandeveryoneofthoseacronymsinthetextofthisbook.Besureyouunderstandboththeacronymsaswellasthespelledoutversionsoftheseterms.HowtoContactthePublisherIfyoubelieveyou'vefoundamistakeinthisbook,pleasebringittoourattention.AtJohnWiley&Sons,weunderstandhowimportantitistoprovideourcustomerswithaccuratecontent,butevenwithourbesteffortsanerrormayoccur.Tosubmityourpossibleerrata,pleaseemailittoourCustomerServiceTeamatNnwileysupport@wiley.comwiththesubjectline“PossibleBookErrataSubmission.”p&Anyedits,updates,andcorrectionstothisbookwillbepostedonlineonthebook's@informationpageundertheheadingErrata.Toaccessthispage,visitwiley.com,searchfor“SY0-601ReviewGuide,”thenselectthetitleofthisbook“CompTIASecurity+ReviewGuide:ExamSY0-601.”Study!|®|

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 29 preview image

Loading page ...

|#|®

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 30 preview image

Loading page ...

ChapterThreats,Attacks,1andVulnerabilitiesCOMPTIASECURITY+EXAMOBJECTIVESCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:v1.1Compareandcontrastdifferenttypesofsocialengineeringtechniques.PhishingSmishingVishingSpamSpamoverinstantmessaging(SPIM)SpearphishingDumpsterdivingShouldersurfingPharmingTailgatingElicitinginformationWhalingPrependingIdentityfraudInvoicescamsCredentialharvestingReconnaissanceHoaxImpersonationWateringholeattack

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021) - Page 31 preview image

Loading page ...

TyposquattingPretextingInfluencecampaignsPrinciples(reasonsforeffectiveness)v1.2Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack.MalwarePasswordattacksPhysicalattacksAdversarialartificialintelligence(Al)Supply-chainattacksCloud-basedvs.on-premisesattacksCryptographicattacksv1.3Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks.PrivilegeescalationCross-sitescriptingInjectionsPointer/objectdereferenceDirectorytraversalBufferoverflowsRaceconditionsErrorhandlingImproperinputhandlingReplayattackIntegeroverflowRequestforgeriesApplicationprogramminginterface(API)attacksResourceexhaustion

Preview Mode

This document has 579 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

Company

Explore

Study Tools

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021)

Study Now!

Document Details

Related Documents

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

CompTIA Security+ Review Guide: Exam SY060, 5th Edition (2021)