CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt

BIRMINGHAM—MUMBAI

CompTIA Security+: SY0-601 Certification Guide

Second Edition

Copyright © 2020 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha

Acquisition Editor: Rahul Nair

Senior Editor: Arun Nadar

Content Development Editor: Pratik Andrade

Technical Editor: Yoginee Marathe

Copy Editor: Safis Editing

Project Coordinator: Neil Dmello

Proofreader: Safis Editing

Indexer: Safis Editing

Production Designer: Shantanu Zagade

First published: September 2018

Second Edition published December 2020, updated November 2021

Production reference: 5050623

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80056-424-4

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Fully searchable for easy access to vital information

Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Ian Neil is one of the world's top trainers of Security+. He is able to break down information into manageable chunks so that people with no background knowledge can gain the skills required to become certified. He has recently worked for the US Army in Europe and designed a Security+ course that catered to people from all backgrounds (not just IT professionals), with an extremely successful pass rate. He is an MCT, MCSE, A+, Network+, Security+, CASP, and RESILIA practitioner, who, over the past 23 years, has worked with high-end training providers and was one of the first technical trainers to train Microsoft internal staff when they opened their Bucharest Office in 2006.

About the reviewers

Crystal Voiles is an IT specialist with more than 30 years of IT experience ranging from help desk support, desktop support, system administration, and cyber security support.

For the last 10 years, she has served as a cyber security specialist, managing several cyber security tools, including Assured Compliance Assessment Solution (ACAS), Host-Based Security System (HBSS), Tanium, System Center Configuration Manager (SCCM), and Enterprise Mission Assurance Support Service (eMASS).

Currently serving as the Information Systems Security Manager (ISSM) for a small medical organization responsible for coordination and execution of security policies and controls, as well as assessing vulnerabilities within a medical company. She is responsible for data and network security processing, security systems management, and security violation investigations. She manages backup and security systems, employee training for approximately 900 end user accounts, security planning measures, and recovery of data in disaster testing situations.

Her certifications include Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), Security +, Microsoft Certified Professional (MCP), SCCM, and ITIL Foundations.

Rebecca Moffitt is an experienced information security and risk consultant with 8 years of experience in the industry.

Rebecca joined QA in October of 2018, and since then has been working as a cyber security technical specialist. Her areas of training have been primarily related to cyber security, information security, information assurance, and risk management. She most recently obtained her CISM via ISACA, and her CSRM via PECB. She is a certified Information Security Management Systems Lead Implementer and is proficient in ISO 27001, 27002, 27005, and has knowledge of ISO 31000, 27035, and 19011, as well as various cyber, information, and risk frameworks.

Rebecca is passionate about her profession and has spent time working with the younger generations, raising their awareness of the field of cyber/information security and sparking enthusiasm in them about a potential career in cyber security.

On a personal level, Rebecca is Canadian. The country lifestyle is rooted within her. She loves all things related to the East Coast lifestyle: kitchen parties, country music, and fiddleheads.

I would like to thank my family always, for their continual love and support.

- Rebecca Moffitt

Sunil Gupta is an experienced computer programmer and cybersecurity expert and consults in Information Technology with a focus on cybersecurity. He is an invited speaker for, and a member of, many key organizations.

Sunil has helped many organizations around the Globe, including Barclays Bank; Aviation College Qatar (QATAR); Ethiopian Airlines; Telecom Authority Tanzania; NCB Bank (Saudi Arabia); Accenture (India); Afghan Wireless (Afghanistan); and many more.

Currently, he teaches online over 60,000 students in more than 170 countries and some of his best work has been published by major publishing houses. Some of his best courses include: End-to-End Penetration Testing with Kali Linux and Threat and Vulnerability Assessment for Enterprises.

His cybersecurity certifications include SSCP Certification (Systems Security Certified Practitioner), Bug Bounty Program Certification, and more.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Preface

Objectives for the CompTIA Security+ 601 exam

Section 1: Security Aims and Objectives

Chapter 1: Understanding Security Fundamentals

Security Fundamentals

CIA Triad Concept

Least Privilege

Defense in Depth Model

Comparing Control Types

Managerial Controls

Operational Controls

Technical Controls

Deterrent Controls

Detective Controls

Corrective Controls

Compensating Controls

Preventative Controls

Access Controls

Discretionary Access Control

Mandatory Access Control

Role-Based Access Control

Rule-Based Access Control

Attribute-Based Access Control

Group-Based Access Control

Linux-Based Access Control

Physical Security Controls

Perimeter Security

Building Security

Device Protection

Understanding Digital Forensics

Five-Minute Practical

Collection of Evidence

Cloud Forensics

Review Questions

Chapter 2: Implementing Public Key Infrastructure

PKI Concepts

Certificate Hierarchy

Certificate Trust

Certificate Validity

Certificate Management Concepts

Types of Certificates

Asymmetric and Symmetric Encryption

Encryption Explained

Digital Signatures Explained

Cryptography Algorithms and Their Characteristics

Symmetric Algorithms

Asymmetric Algorithms

Symmetric versus Asymmetric Analogy

Lightweight Cryptography

XOR Encryption

Key Stretching Algorithms

Salting Passwords

Cipher Modes

Stream versus Block Cipher Analogy

Modes of Operation

Quantum Computing

Blockchain and the Public Ledger

Hashing and Data Integrity

Comparing and Contrasting the Basic Concepts of Cryptography

Asymmetric – PKI

Symmetric Algorithm – Modes of Operation

Hashing Algorithms

Crypto Service Provider

Crypto Module

Data Protection

Basic Cryptographic Terminologies

Obfuscation

Pseudo-Random Number Generator

Nonce

Perfect Forward Secrecy

Security through Obscurity

Collision

Steganography

Homomorphic Encryption

Diffusion

Implementation Decisions

Common Use Cases for Cryptography

Supporting Confidentiality

Supporting Integrity

Supporting Non-Repudiation

Supporting Obfuscation

Low-Power Devices

High Resiliency

Supporting Authentication

Resource versus Security Constraints

Practical Exercises

Practical Exercise 1 – Building a Certificate Server

Practical Exercise 2 – Encrypting Data with EFS and Stealing Certificates

Practical Exercise 3 – Revoking the EFS Certificate

Review Questions

Chapter 3: Investigating Identity and Access Management

Understanding Identity and Access Management Concepts

Identity Types

Account Types

Authentication Types

Security Tokens and Devices

Certificate-Based Authentication

Implementing Authentication and Authorization Solutions

Authentication Management

Authentication Protocols

Authentication, Authorization, and Accounting (AAA) Servers

Access Control Schemes

Summarizing Authentication and Authorization Design Concepts

Directory Services

Cloud versus On-Premises Authentication

On-Premises

In the Cloud

Common Account Management Policies

Account Creation

Employees Moving Departments

Account Recertification

Account Maintenance

Account Monitoring

Security Information and Event Management

Practical Exercise – Password Policy

Review Questions

Chapter 4: Exploring Virtualization and Cloud Concepts

Overview of Cloud Computing

Implementing Different Cloud Deployment Models

Understanding Cloud Service Models

Infrastructure as a Service (IaaS)

Software as a Service (SaaS)

Platform as a Service (PaaS)

Security as a Service (SECaaS)

Anything as a Service (XaaS)

Understanding Cloud Computing Concepts

Understanding Cloud Storage Concepts

Selecting Cloud Security Controls

High Availability Access Zones

Resource Policies

Secret Management

Integration and Auditing

Storage

Networks

Compute

Solutions

Exploring the Virtual Network Environments

Review Questions

Section 2: Monitoring the Security Infrastructure

Chapter 5: Monitoring, Scanning, and Penetration Testing

Penetration Testing Concepts

Rules of Engagement (ROE)

Network Exploitation Techniques

Passive and Active Reconnaissance

Reconnaissance Tools

Exercise Types

Vulnerability Scanning Concepts

Credentialed versus Non-Credentialed Scans

Intrusive versus Non-Intrusive Vulnerability Scans

Other Types of Scans That Can Be Performed

Penetration Testing versus Vulnerability Scanning

Syslog/Security Information and Event Management

Security Orchestration, Automation, and Response

Threat Hunting

Review Questions

Chapter 6: Understanding Secure and Insecure Protocols

Introduction to Protocols

Insecure Protocols and Their Use Cases

Secure Protocols and Their Use Cases

Additional Use Cases and Their Protocols

Subscription Services and Their Protocols

Routing and Its Protocols

Switching and Its Protocols

Active Directory (Directory Services) and Its Protocols

Review Questions

Chapter 7: Delving into Network and Security Concepts

Installing and Configuring Network Components

Firewall

Network Address Translation Gateway

Router

Access Control List – Network Devices

Switch

Tap/Port Mirror

Aggregation Switches

Honeypot

Honeyfile

Fake Telemetry

Proxy Server

Jump Servers

Load Balancer

Remote Access Capabilities

IPSec

VPN Concentrator

Split Tunneling

Remote Support

Secure Network Architecture Concepts

Software-Defined Network

Network Segmentation

Intrusion Prevention System

Intrusion Detection System

Modes of Operation

Sensor/Collector

Monitoring Data

Network Access Control

Domain Name System

DNS Poisoning

DNS Sinkhole

Network Reconnaissance and Discovery

Exploitation Frameworks

Forensic Tools

IP Addressing

IP Schema

IP Version 4

Subnet Mask

CIDR Mask

Network Address Allocation

IP Version 6 Addressing

Review Questions

Chapter 8: Securing Wireless and Mobile Solutions

Implementing Wireless Security

Wireless Access Point Controllers

Securing Access to Your WAP

Wireless Bandwidth/Band Selection

Wireless Channels

Wireless Antenna Types

Wireless Coverage

Wireless – Open System Authentication

Wireless Encryption

Wireless Captive Portals

Wireless Attacks

Wireless Authentication Protocols

Deploying Mobile Devices Securely

Mobile Device Management

Bring Your Own Device

Choose Your Own Device

Corporate-Owned Personally-Enabled

Mobile Device Connection Methods

Mobile Device Management Concepts

Device Management

Device Protection

Device Data

Mobile Device Enforcement and Monitoring

Review Questions

Section 3: Protecting the Security Environment

Chapter 9: Identifying Threats, Attacks, and Vulnerabilities

Virus and Malware Attacks

Social Engineering Attacks

Threat Actors

Advanced Attacks

Password Attacks

Physical Attacks

On-Path Attacks

Network Attacks

Application/Programming Attacks

Hijacking-Related Attacks

Driver Manipulation

Cryptographic Attacks

Security Concerns with Various Type of Vulnerabilities

Cloud vs. On-Premises Vulnerabilities

Third-Party Risks

Review Questions

Chapter 10: Governance, Risk, and Compliance

Risk Management Processes and Concepts

Risk Types

Risk Management Strategies

Risk Analysis

Calculating Loss

Disasters

Business Impact Analysis Concepts

Threat Actors, Vectors, and Intelligence Concepts

Threat Actors

Attack Vectors

Threat Intelligence Sources

Research Sources

The Importance of Policies for Organizational Security

Personnel

Diversity of Training Techniques

Third-Party Risk Management

Data

Credential Policies

Organizational Policies

Regulations, Standards, and Legislation

Key Frameworks

Benchmarks/Secure Configuration Guides

Privacy and Sensitive Data Concepts

Data Sovereignty

Legal implications

Geographic considerations

Organizational Consequences of Privacy Breaches

Notifications of Breaches

Data Types

Privacy-Enhancing Technologies

Data Roles and Responsibilities

Information Life Cycle

Impact Assessment

Terms of Agreement

Privacy Notice

Review Questions

Chapter 11: Managing Application Security

Implementing Host or Application Security

Boot Integrity

Endpoint Protection

Databases

Application Security

Hardening

Full Disk Encryption (FDE)

Self-Encrypting Drives (SEDs)

Understanding the Security Implications of Embedded and Specialist Systems

Internet of Things (IoT)

Real-Time Operating System (RTOS)

Multifunctional Printers (MFPs)

Surveillance Systems

System on a Chip (SoC)

Heating, Ventilation, and Air Conditioning (HVAC)

Specialized Devices

Embedded Systems

Supervisory Control and Data Acquisition (SCADA)

Industrial Control System

Communication Considerations

Constraints

Understanding Secure Application Development, Deployment, and Automation

Software Diversity

Elasticity

Scalability

Environment

Automation/Scripting

Provisioning and Deprovisioning

Version Control

Integrity Measurement

Secure Coding Techniques

Open Web Application Security Project (OWASP)

Review Questions

Chapter 12: Dealing with Incident Response Procedures

Incident Response Procedures

Response and Recovery Controls

Disaster Recovery Exercises

Attack Frameworks

Stakeholder Management

Continuity of Operations Planning (COOP)

Utilizing Data Sources to Support Investigations

Vulnerability Scan Output

SIEM Dashboards

Log Files

Log Managers

journalctl

NXLog

Bandwidth Monitors

Metadata

Network Monitoring

Protocol Analyzer Output

Knowing How to Apply Mitigation Techniques or Controls to Secure an Environment

Reconfigure Endpoint Security Solutions

Application Approved List

Application Block List/Deny List

Quarantine

Configuration Management

Isolation

Containment

Segmentation

Security Orchestration, Automation, and Response (SOAR)

Implementing Cybersecurity Resilience

Redundancy

Review Questions

Section 4: Mock Tests

Chapter 13: Mock Exam 1

Mock Exam 1 Solutions

Chapter 14: Mock Exam 2

Mock Exam 2 Solutions

Chapter Review Solutions

Other Books You May Enjoy

Preface

This book will help you to understand security fundamentals, ranging from the CIA triad to identity and access management. This book describes network infrastructure and how it is evolving with the implementation of virtualization and different cloud models and their storage. You will learn how to secure devices and applications that are used by a company.

Who this book is for

This book is designed for anyone who is seeking to pass the CompTIA Security+ SY0-601 exam. It is a stepping-stone for anyone who wants to become a security professional or move into cybersecurity.

What this book covers

Chapter 1, Understanding Security Fundamentals, covers some security fundamentals that will be expanded upon in later chapters.

Chapter 2, Implementing Public Key Infrastructure, goes into the different encryption types and teaches how certificates are issued and used.

Chapter 3, Investigating Identity and Access Management, looks at different types of authentication. We will look at the concepts of identity and access management.

Chapter 4, Exploring Virtualization and Cloud Concepts, gets you acquainted with various cloud models and cloud security, looking at their deployment and storage environments.

Chapter 5, Monitoring, Scanning, and Penetration Testing, looks at penetration testing, exercise types, scanning, threat hunting, and SIEM systems.

Chapter 6, Understanding Secure and Insecure Protocols, looks at when to use certain secure protocols.

Chapter 7, Delving into Network and Security Concepts, looks at network components, remote access, and network reconnaissance tools.

Chapter 8, Securing Wireless and Mobile Solutions, looks at wireless solutions and secure mobile solutions.

Chapter 9, Identifying Threats, Attacks, and Vulnerabilities, explores attacks and vulnerabilities, taking each type of attack in turn and identifying its unique characteristics. This chapter is probably the most heavily tested module in the Security+ exam.

Chapter 10, Governance, Risk, and Compliance, looks at risk management and regulations, as well as frameworks.

Chapter 11, Managing Application Security, looks at application development and security.

Chapter 12, Dealing with Incident Response Procedures, covers disaster recovery preparation and recovery methods in practice.

Chapter 13, Mock Exam 1, includes mock questions, along with explanations, which will help assess whether you're ready for the test.

Chapter 14, Mock Exam 2, includes more mock questions, along with explanations, which will help assess whether you're ready for the test.

To get the most out of this book

This certification guide assumes no prior knowledge of the product. You need to understand the information fully to become certified.

Additional online resources

You can find further exam support and extra practice resources on the author's website at www.securityplus.training. Additional materials include exam guidance, study flashcards, performance-based questions, and mock exams.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781800564244_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: The problem that arises is that strcpy cannot limit the size of characters being copied.

A block of code is set as follows:

  int fun (char data [256]) {

  int I

  char tmp [64], strcpy (tmp, data);

  }

Any command-line input or output is written as follows:

  Set-ExecutionPolicy Restricted

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: The SSID is still enabled. The administrator should check the box next to Disable Broadcast SSID.

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

You can leave a review on Amazon using the following link: https://packt.link/r/9781800564244.

For more information about Packt, please visit packt.com.

Objectives for the CompTIA Security+ 601 exam

Listed below are the exam objectives for the CompTIA 601 exam and the relevant chapters in the book where the information is located. There is a comprehensive index to help you find a particular exam topic. Additional resources for the exam can be found at www.securityplus.training.