Security Essentials, Study Guide
Organized to follow the textbook on a chapter-by-chapter basis, providing questions to help the student review the material presented in the chapter. Pages can be printed on demand for assignment, or students can complete their assignments online using embedded form fields and then print or e-mail the responses for grading.
Access Workbook activities by clicking the Resources icon on the left hand menu in the viewer.Table of Contents
Abbreviated Contents
Security Essentials, Study Guide
- Front Matter
- Chapter Review
- 1 - Introduction to Information Security
- 2 - Threats, Attacks, and Vulnerabilities
- 3 - Security Evaluation
- 4 - Managing User Security
- 5 - Physical Security
- 6 - Device Security
- 7 - Application Development and Security
- 8 - Mobile Devices and Embedded Systems
- 9 - Introduction to Cryptography
- 10 - Public Key Infrastructure
- 11 - Command-Line Interface Management
- 12 - Secure Network Design
- 13 - Secure Network Administration
- 14 - Wireless Network Security
- 15 - Cloud Computing
- 16 - Governance, Risk, and Compliance
- 17 - Incident Response and Digital Forensics
- 18 - Business Continuity and Disaster Recovery
- 19 - Employment and Soft Skills
- CompTIA Security+ Reference Guide
- Instructions for Using the CompTIA Security+ Reference Guide
- ATV-1.1A Phishing
- ATV-1.1B Smishing
- ATV-1.1C Vishing
- ATV-1.1D Spam
- ATV-1.1E Spam over Internet Messaging (SPIM)
- ATV-1.1F Spear Phishing
- ATV-1.1G Dumpster Diving
- ATV-1.1H Shoulder Surfing
- ATV-1.1I Pharming
- ATV-1.1J Tailgating
- ATV-1.1K Eliciting Information
- ATV-1.1L Whaling
- ATV-1.1M Prepending
- ATV-1.1N Identity Fraud
- ATV-1.1O Invoice Scams
- ATV-1.1P Credential Harvesting
- ATV-1.1Q Reconnaissance
- ATV-1.1R Hoax
- ATV-1.1S Impersonation
- ATV-1.1T Watering Hole Attack
- ATV-1.1U Typo Squatting
- ATV-1.1V Influence Campaigns
- ATV-1.1W Principles (Reasons for Effectiveness)
- ATV-1.2A Malware
- ATV-1.2B Password Attacks
- ATV-1.2C Physical Attacks
- ATV-1.2D Adversarial Artificial Intelligence (AI)
- ATV-1.2E Supply Chain Attacks
- ATV-1.2F Cloud-Based vs. On-Premises Attacks
- ATV-1.2G Cryptographic Attacks
- ATV-1.3A Privilege Escalation
- ATV-1.3B Cross-Site Scripting (XSS)
- ATV-1.3C Injections
- ATV-1.3D Pointer/Object Dereference
- ATV-1.3E Directory Traversal
- ATV-1.3F Buffer Overflow
- ATV-1.3G Race Conditions
- ATV-1.3H Error Handling
- ATV-1.3I Improper Input Handling
- ATV-1.3J Replay Attacks
- ATV-1.3K Integer Overflow
- ATV-1.3L Request Forgeries
- ATV-1.3M Application Programming Interface (API) Attacks
- ATV-1.3N Resource Exhaustion
- ATV-1.3O Memory Leak
- ATV-1.3P Secure Sockets Layer (SSL) Stripping
- ATV-1.3Q Driver Manipulation
- ATV-1.3R Pass the Hash
- ATV-1.4A Wireless
- ATV-1.4B Man in the Middle
- ATV-1.4C Man in the Browser
- ATV-1.4D Layer 2 Attacks
- ATV-1.4E Domain Name System (DNS)
- ATV-1.4F Distributed Denial of Service (DDoS)
- ATV-1.4G Malicious Code or Script Execution
- ATV-1.5A Actors and Threats
- ATV-1.5B Attributes of Actors
- ATV-1.5C Vectors
- ATV-1.5D Threat Intelligence Sources
- ATV-1.5E Research Sources
- ATV-1.6A Cloud-Based vs. On-Premises Vulnerabilities
- ATV-1.6B Zero-Day
- ATV-1.6C Weak Configurations
- ATV-1.6D Third-Party Risks
- ATV-1.6E Improper or Weak Patch Management
- ATV-1.6F Legacy Platforms
- ATV-1.6G Impacts
- ATV-1.7A Threat Hunting
- ATV-1.7B Vulnerability Scans
- ATV-1.7C Syslog/Security Information Event Management (SIEM)
- ATV-1.7D Security Orchestration, Automation, and Response (SOAR)
- ATV-1.8A Penetration Testing
- ATV-1.8B Passive and Active Reconnaissance
- ATV-1.8C Exercise Types
- AD-2.1A Configuration Management
- AD-2.1B Data Sovereignty
- AD-2.1C Data Protection
- AD-2.1D Hardware Security Module (HSM)
- AD-2.1E Geographical Considerations
- AD-2.1F Cloud Access Security Broker (CASB)
- AD-2.1G Response and Recovery Controls
- AD-2.1H Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Inspection
- AD-2.1I Hashing
- AD-2.1J API Considerations
- AD-2.1K Site Resiliency
- AD-2.1L Deception and Disruption
- AD-2.2A Cloud Models
- AD-2.2B Cloud Service Providers
- AD-2.2C Managed Service Provider (MSP)/ Managed Security Service Provider (MSSP)
- AD-2.2D On-Premises vs. Off-Premises
- AD-2.2E Fog Computing
- AD-2.2F Edge Computing
- AD-2.2G Thin Client
- AD-2.2H Containers
- AD-2.2I Micro-Services/API
- AD-2.2J Infrastructure as Code
- AD-2.2K Serverless Architecture
- AD-2.2L Services Integration
- AD-2.2M Resource Policies
- AD-2.2N Transit Gateway
- AD-2.2O Virtualization
- AD-2.3A Environment
- AD-2.3B Provisioning and Deprovisioning
- AD-2.3C Integrity Measurement
- AD-2.3D Secure Coding Techniques
- AD-2.3E Open Web Application Security Project (OWASP)
- AD-2.3F Software Diversity
- AD-2.3G Automation/Scripting
- AD-2.3H Elasticity
- AD-2.3I Scalability
- AD-2.3J Version Control
- AD-2.4A Authentication Methods
- AD-2.4B Biometrics
- AD-2.4C Multifactor Authentication (MFA) Factors and Attributes
- AD-2.4D Authentication, Authorization, and Accounting (AAA)
- AD-2.4E Cloud vs. On-Premises Requirements
- AD-2.5A Redundancy
- AD-2.5B Replication
- AD-2.5C On-Premises vs. Cloud
- AD-2.5D Backup Types
- AD-2.5E Non-Persistence
- AD-2.5F High Availability
- AD-2.5G Restoration Order
- AD-2.5H Diversity
- AD-2.6A Embedded Systems
- AD-2.6B Supervisory Control and Data Acquisition (SCADA)/Industrial Control System (ICS)
- AD-2.6C Internet of Things (IoT)
- AD-2.6D Specialized
- AD-2.6E Voice over IP (VoIP)
- AD-2.6F Heating, Ventilation, Air-Conditioning (HVAC)
- AD-2.6G Drones/AVs
- AD-2.6H Multifunction Printer (MFP)
- AD-2.6I Real-Time Operating System (RTOS)
- AD-2.6J Surveillance Systems
- AD-2.6K System on a Chip (SoC)
- AD-2.6L Communication Considerations
- AD-2.6M Constraints
- AD-2.7A Bollards/Barricades
- AD-2.7B Mantraps
- AD-2.7C Badges
- AD-2.7D Alarms
- AD-2.7E Signage
- AD-2.7F Cameras
- AD-2.7G Closed-Circuit Television (CCTV)
- AD-2.7H Industrial Camouflage
- AD-2.7I Personnel
- AD-2.7J Locks
- AD-2.7K USB Data Blocker
- AD-2.7L Lighting
- AD-2.7M Fencing
- AD-2.7N Fire Suppression
- AD-2.7O Sensors
- AD-2.7P Drones/UAV
- AD-2.7Q Visitor Logs
- AD-2.7R Faraday Cages
- AD-2.7S Air Gap
- AD-2.7T Demilitarized Zone (DMZ)
- AD-2.7U Protected Cable Distribution
- AD-2.7V Secure Areas
- AD-2.7W Secure Data Destruction
- AD-2.8A Digital Signatures
- AD-2.8B Key Length
- AD-2.8C Key Stretching
- AD-2.8D Salting
- AD-2.8E Hashing
- AD-2.8F Key Exchange
- AD-2.8G Elliptical-Curve Cryptography (ECC)
- AD-2.8H Perfect Forward Secrecy (PFS)
- AD-2.8I Quantum
- AD-2.8J Post-Quantum
- AD-2.8K Ephemeral
- AD-2.8L Modes of Operation
- AD-2.8M Blockchain
- AD-2.8N Cipher Suites
- AD-2.8O Symmetric vs. Asymmetric
- AD-2.8P Lightweight Cryptography
- AD-2.8Q Steganography
- AD-2.8R Homomorphic Encryption
- AD-2.8S Common Use Cases
- AD-2.8T Limitations
- IMP-3.1A Protocols
- IMP-3.1B Use Cases
- IMP-3.2A Endpoint Protection
- IMP-3.2B Boot Integrity
- IMP-3.2C Database
- IMP-3.2D Application Security
- IMP-3.2E Hardening
- IMP-3.2F Self-Encrypting Drive (SED)/ Full Disk Encryption (FDE)
- IMP-3.2G Hardware Root of Trust
- IMP-3.2H Trusted Platform Module (TPM)
- IMP-3.2I Sandboxing
- IMP-3.3A Load Balancing
- IMP-3.3B Network Segmentation
- IMP-3.3C Virtual Private Network (VPN)
- IMP-3.3D DNS
- IMP-3.3E Network Access Control (NAC)
- IMP-3.3F Out-of-Band Management
- IMP-3.3G Port Security
- IMP-3.3H Network Appliances
- IMP-3.3I Access Control List (ACL)
- IMP-3.3J Route Security
- IMP-3.3K Quality of Service (QoS)
- IMP-3.3L Implications of IPv6
- IMP-3.3M Port Spanning/Port Mirroring
- IMP-3.3N Monitoring Services
- IMP-3.3O File Integrity Monitors
- IMP-3.4A Cryptographic Protocols
- IMP-3.4B Authentication Protocols
- IMP-3.4C Methods
- IMP-3.4D Installation Considerations
- IMP-3.5A Connection Methods and Receivers
- IMP-3.5B Mobile Device Management (MDM)
- IMP-3.5C Mobile Devices
- IMP-3.5D Enforcement and Monitoring
- IMP-3.5E Deployment Models
- IMP-3.6A Cloud Security Controls
- IMP-3.6B Solutions
- IMP-3.6C Cloud-Native Controls vs. Third-Party Solutions
- IMP-3.7A Identity
- IMP-3.7B Account Types
- IMP-3.7C Account Policies
- IMP-3.8A Authentication Management
- IMP-3.8C Access Control Schemes
- IMP-3.9A Public Key Infrastructure (PKI)
- IMP-3.9B Types of Certificates
- IMP-3.9C Certificate Formats
- IMP-3.9D Concepts
- OIR-4.1A Network Reconnaissance and Discovery
- OIR-4.1B File Manipulation
- OIR-4.1C Script Environments
- OIR-4.1C Shell and Packet Capture and Replay
- OIR-4.1D Packet Capture and Replay
- OIR-4.1EForensics
- OIR-4.1F Exploitation Frameworks
- OIR-4.1G Password Crackers
- OIR-4.1H Data Sanitization
- OIR-4.2A Incident Response Plans
- OIR-4.2B Incident Response Process
- OIR-4.2C Exercises
- OIR-4.2D Attack Frameworks
- OIR-4.2E Stakeholder Management
- OIR-4.2F Communication Plan
- OIR-4.2G Disaster Recovery Plan
- OIR-4.2H Business Continuity Plan
- OIR-4.2I Continuity of Operation Planning (COOP)
- OIR-4.2J Incident Response Team
- OIR-4.2K Retention Policies
- OIR-4.3A Vulnerability Scan Output
- OIR-4.3B SIEM Dashboards
- OIR-4.3C Log Files
- OIR-4.3D syslog/rsyslog/syslog-ng
- OIR-4.3E journalctl
- OIR-4.3F nxlog
- OIR-4.3G Retention
- OIR-4.3H Bandwidth Monitors
- OIR-4.3I Metadata
- OIR-4.3J Netflow/sflow
- OIR-4.3K Protocol Analyzer Output
- OIR-4.4A Reconfigure Endpoint Security Solutions
- OIR-4.4B Configuration Changes
- OIR-4.4C Isolation
- OIR-4.4D Containment
- OIR-4.4E Segmentation
- OIR-4.4F Secure Orchestration, Automation, and Response (SOAR)
- OIR-4.5A Documentation/Evidence
- OIR-4.5B Acquisition
- OIR-4.5C On-Premises vs. Cloud
- OIR-4.5D Integrity
- OIR-4.5E Preservation
- OIR-4.5F E-Discovery
- OIR-4.5G Data Recovery
- OIR-4.5H Nonrepudiation
- OIR-4.5I Strategic Intelligence/ Counterintelligence
- GRC-5.1A Category
- GRC-5.1B Control Type
- GRC-5.2A Regulations, Standards, and Legislation
- GRC-5.2B Key Frameworks
- GRC-5.2C Benchmark/Secure Configuration Guides
- GRC-5.3A Personnel
- GRC-5.3B Diversity of Training Techniques
- GRC-5.3C Third-Party Risk Management
- GRC-5.3D Data
- GRC-5.3E Credential Policies
- GRC-5.3F Organizational Policies
- GRC-5.4A Risk Types
- GRC-5.4B Risk Management Strategies
- GRC-5.4C Risk Analysis
- GRC-5.4D Disasters
- GRC-5.4E Business Impact Analysis
- GRC-5.5A Organizational Consequences of Privacy Breaches
- GRC-5.5B Notifications of Breaches
- GRC-5.5C Data Types
- GRC-5.5D Privacy Enhancing Technologies
- GRC-5.5E Roles and Responsibilities
- GRC-5.5F Information Life Cycle
- GRC-5.5G Impact Assessment
- GRC-5.5H Terms of Agreement
- GRC-5.5I Privacy Notice