CompTIA Security+ SY0-701 Cert Guide 2024 PDF

Summary

This study guide contains information about the CompTIA Security+ certification exam, focusing on security concepts and architecture. It covers various aspects of security, including threat actors, vulnerabilities, and mitigation techniques.

Full Transcript

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
CompTIA Security+
SY0-701 Cert Guide
Companion Website and Pearson Test Prep Access Code
Access interactive study tools on this book’s companion website, including practice
test software, review exercises, Key Term flash card application, a study planner, and
more!
To access the companion website, simply follow these steps:
1. Go to www.pearsonitcertification.com/register.

2. Enter the print book ISBN: 9780138293086.

3. Answer the security question to validate your purchase.

4. Go to your account page.

5. Click on the Registered Products tab.

6. Under the book listing, click on the Access Bonus Content link.

When you register your book, your Pearson Test Prep practice test access code will
automatically be populated with the book listing under the Registered Products tab.
You will need this code to access the practice test that comes with this book. You can
redeem the code at PearsonTestPrep.com. Simply choose Pearson IT Certifica-
tion as your product group and log into the site with the same credentials you used
to register your book. Click the Activate New Product button and enter the access
code. More detailed instructions on how to redeem your access code for both the
online and desktop versions can be found on the companion website.
If you have any issues accessing the companion website or obtaining your Pearson
Test Prep practice test access code, you can contact our support team by going to
pearsonitp.echelp.org.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 This page intentionally left blank

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
CompTIA® Security+
SY0-701 Cert Guide

Lewis Heuermann

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
CompTIA® Security+ SY0-701 Cert Guide GM K12, Early Career
Lewis Heuermann and Professional
Copyright © 2024 by Pearson Education, Inc. Learning
Hoboken, New Jersey Soo Kang
All rights reserved. No part of this book shall be reproduced, stored in a retrieval
system, or transmitted by any means, electronic, mechanical, photocopying, record- Director, ITP Product
ing, or otherwise, without written permission from the publisher. No patent liability Management
is assumed with respect to the use of the information contained herein. Although
every precaution has been taken in the preparation of this book, the publisher and Brett Bartow
author assume no responsibility for errors or omissions. Nor is any liability assumed
for damages resulting from the use of the information contained herein. Executive Editor
Please contact us with concerns about any potential bias at Nancy Davis
https://www.pearson.com/report-bias.html.
Development Editor
ISBN-13: 978-0-13-829308-6
ISBN-10: 0-13-829308-2 Ellie C. Bru
Library of Congress Cataloging-in-Publication Data: 2024931504
Managing Editor
$PrintCode
Sandra Schroeder
Trademarks
Senior Project Editor
All terms mentioned in this book that are known to be trademarks or service marks
have been appropriately capitalized. Pearson IT Certification cannot attest to the Tonya Simpson
accuracy of this information. Use of a term in this book should not be regarded as
affecting the validity of any trademark or service mark. Copy Editor
Kitty Wilson
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as pos- Indexer
sible, but no warranty or fitness is implied. The information provided is on an “as is”
basis. The author and the publisher shall have neither liability nor responsibility to Timothy Wright
any person or entity with respect to any loss or damages arising from the informa-
tion contained in this book. Proofreader
Barbara Mack
Special Sales
For information about buying this title in bulk quantities, or for special sales opportuni- Technical Editor
ties (which may include electronic versions; custom cover designs; and content particular Chris Crayton
to your business, training goals, marketing focus, or branding interests), please contact
our corporate sales department at [email protected] or (800) 382-3419. Publishing Coordinator
For government sales inquiries, please contact [email protected]. Cindy Teeters
For questions about sales outside the U.S., please contact [email protected].
All terms mentioned in this book that are known to be trademarks or service marks Cover Designer
have been appropriately capitalized. Pearson IT Certification cannot attest to the Chuti Prasertsith
accuracy of this information. Use of a term in this book should not be regarded as
affecting the validity of any trademark or service mark. Compositor
Microsoft and/or its respective suppliers make no representations about the suitability codeMantra
of the information contained in the documents and related graphics published as part
of the services for any purpose. All such documents and related graphics are provided
“as is” without warranty of any kind. Microsoft and/or its respective suppliers hereby
disclaim all warranties and conditions with regard to this information, including all
warranties and conditions of merchantability, whether express, implied or statutory,
fitness for a particular purpose, title and non-infringement. In no event shall Microsoft
and/or its respective suppliers be liable for any special, indirect or consequential dam-
ages or any damages whatsoever resulting from loss of use, data or profits, whether in
an action of contract, negligence or other tortious action, arising out of or in connec-
tion with the use or performance of information available from the services.
The documents and related graphics contained herein could include technical inac-
curacies or typographical errors. Changes are periodically added to the information
herein. Microsoft and/or its respective suppliers may make improvements and/or
changes in the product(s) and/or the program(s) described herein at any time. Partial
screenshots may be viewed in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft Corporation
in the U.S.A. and other countries. Screenshots and icons reprinted with permission
from the Microsoft Corporation. This book is not sponsored or endorsed by or af-
filiated with the Microsoft Corporation.
Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
Contents at a Glance

Introduction xxxix

Part I: General Security Concepts
CHAPTER 1 Comparing and Contrasting the Various Types of Controls 3
CHAPTER 2 Summarizing Fundamental Security Concepts 15
CHAPTER 3 Understanding Change Management’s Security Impact 37
CHAPTER 4 Understanding the Importance of Using Appropriate Cryptographic
Solutions 53

Part II: Threats, Vulnerabilities, and Mitigations
CHAPTER 5 Comparing and Contrasting Common Threat Actors and
Motivations 95
CHAPTER 6 Understanding Common Threat Vectors and Attack Surfaces 105
CHAPTER 7 Understanding Various Types of Vulnerabilities 127
CHAPTER 8 Understanding Indicators of Malicious Activity 149
CHAPTER 9 Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171

Part III: Security Architecture
CHAPTER 10 Comparing and Contrasting Security Implications of Different
Architecture Models 189
CHAPTER 11 Applying Security Principles to Secure Enterprise Infrastructure 223
CHAPTER 12 Comparing and Contrasting Concepts and Strategies to Protect
Data 271
CHAPTER 13 Understanding the Importance of Resilience and Recovery in Security
Architecture 287

Part IV: Security Operations
CHAPTER 14 Applying Common Security Techniques to Computing Resources 305
CHAPTER 15 Understanding the Security Implications of Hardware, Software, and
Data Asset Management 345
CHAPTER 16 Understanding Various Activities Associated with Vulnerability
Management 357

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
vi CompTIA Security+ SY0-701 Cert Guide

CHAPTER 17 Understanding Security Alerting and Monitoring Concepts and
Tools 381
CHAPTER 18 Modifying Enterprise Capabilities to Enhance Security 409
CHAPTER 19 Implementing and Maintaining Identity and Access Management 435
CHAPTER 20 Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
CHAPTER 21 Understanding Appropriate Incident Response Activities 489
CHAPTER 22 Using Data Sources to Support an Investigation 509

Part V: Security Program Management and Oversight
CHAPTER 23 Summarizing Elements of Effective Security Governance 529
CHAPTER 24 Understanding Elements of the Risk Management Process 557
CHAPTER 25 Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
CHAPTER 26 Summarizing Elements of Effective Security Compliance 599
CHAPTER 27 Understanding Types and Purposes of Audits and Assessments 617
CHAPTER 28 Implementing Security Awareness Practices 631

Part VI: Final Preparation
CHAPTER 29 Final Preparation 647
APPENDIX A Answers to the “Do I Know This Already?” Quizzes and Review
Questions 649
Index 693

Online elements
APPENDIX B Study Planner
GLOSSARY OF KEY TERMS

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
Table of Contents

Introduction xxxix

Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Review Key Topics 11
Define Key Terms 12
Review Questions 12
Chapter 2 Summarizing Fundamental Security Concepts 15
“Do I Know This Already?” Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
viii CompTIA Security+ SY0-701 Cert Guide

Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Review Key Topics 32
Define Key Terms 33
Review Questions 33
Chapter 3 Understanding Change Management’s Security Impact 37
“Do I Know This Already?” Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents ix

Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Review Key Topics 49
Define Key Terms 49
Review Questions 49
Chapter 4 
Understanding the Importance of Using Appropriate Cryptographic
Solutions 53
“Do I Know This Already?” Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
x CompTIA Security+ SY0-701 Cert Guide

Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Third-Party 89
Root of Trust 89
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Review Key Topics 90
Define Key Terms 91
Review Questions 91

Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 
Comparing and Contrasting Common Threat Actors and
Motivations 95
“Do I Know This Already?” Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xi

Chapter Review Activities 102
Review Key Topics 102
Define Key Terms 102
Review Questions 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
“Do I Know This Already?” Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122
Pretexting 122
Watering Hole Attack 122
Brand Impersonation 123
Typosquatting 123

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xii CompTIA Security+ SY0-701 Cert Guide

Chapter Review Activities 123
Review Key Topics 123
Define Key Terms 124
Review Questions 124
Chapter 7 Understanding Various Types of Vulnerabilities 127
“Do I Know This Already?” Quiz 127
Foundation Topics 130
Application 130
Memory Injection 130
Buffer Overflow 131
Race Conditions 132
Malicious Update 132
Operating System (OS)–Based 133
Web-Based 133
Structured Query Language Injection (SQLi) Vulnerabilities 133
Cross-Site Scripting (XSS) Vulnerabilities 134
Hardware 134
Firmware 134
End-of-Life (EOL) 134
Legacy 135
Virtualization 135
Virtual Machine (VM) Escape 135
Resource Reuse 135
Cloud Specific 136
Other “Cloud”-Based Concerns 140
Supply Chain 141
Service Provider 141
Hardware Provider 141
Software Provider 142
Cryptographic 142
Misconfiguration 142
Mobile Device 142
Side Loading 143
Jailbreaking 143

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xiii

Zero-Day Vulnerabilities 143
Chapter Review Activities 145
Review Key Topics 145
Define Key Terms 145
Review Questions 146
Chapter 8 Understanding Indicators of Malicious Activity 149
“Do I Know This Already?” Quiz 149
Foundation Topics 152
Malware Attacks 152
Ransomware 152
Trojans 153
Worms 154
Spyware 154
Bloatware 155
Virus 155
Keylogger 155
You Can’t Save Every Computer from Malware! 156
Logic Bomb 157
Rootkit 157
Physical Attacks 158
Brute-Force Attacks 159
Radio Frequency Identification (RFID) Cloning 159
Environmental 159
Network Attacks 160
Distributed Denial-of-Service (DDoS) Attacks 160
Domain Name System (DNS) Attacks 160
Wireless Attacks 160
On-Path Attacks 161
Credential Replay 161
Malicious Code 161
Application Attacks 162
Injection 162
Buffer Overflow 162
Replay 162

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xiv CompTIA Security+ SY0-701 Cert Guide

Privilege Escalation 162
Forgery 163
Directory Traversal 163
Cryptographic Attacks 163
Downgrade 163
Collision 163
Birthday 164
Password Attacks 164
Password Spraying 165
Brute-Force Attacks 165
Indicators 165
Account Lockout 166
Concurrent Session Usage 166
Blocked Content 166
Impossible Travel 166
Resource Consumption 166
Resource Inaccessibility 166
Out-of-Cycle Logging 167
Published/Documented Indicators 167
Missing Logs 167
Chapter Review Activities 167
Review Key Topics 167
Define Key Terms 168
Review Questions 168
Chapter 9 
Understanding the Purpose of Mitigation Techniques Used to Secure
the Enterprise 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Segmentation 175
Access Control 175
Access Control Lists (ACLs) 175
Permissions 176
Windows Permissions 176
Linux Permissions 177

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xv

Best Practices 177
Application Allow List 178
Isolation 179
Patching 180
Encryption 181
Monitoring 182
Least Privilege 182
Configuration Enforcement 182
Decommissioning 183
Hardening Techniques 183
Encryption 183
Installation of Endpoint Protection 184
Host-Based Firewall 184
Host-Based Intrusion Prevention System (HIPS) 184
Disabling Ports/Protocols 184
Default Password Changes 185
Removal of Unnecessary Software 185
Chapter Review Activities 185
Review Key Topics 185
Define Key Terms 186
Review Questions 186

Part III: Security Architecture
Chapter 10 
Comparing and Contrasting Security Implications of Different
Architecture Models 189
“Do I Know This Already?” Quiz 189
Foundation Topics 193
Architecture and Infrastructure Concepts 193
Cloud 193
Responsibility Matrix 193
Hybrid Considerations 194
Third-Party Vendors 195
Infrastructure as Code (IaC) 195
Serverless 196
Microservices 197

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xvi CompTIA Security+ SY0-701 Cert Guide

Network Infrastructure 197
Physical Isolation 198
Air-Gapped 198
Logical Segmentation 198
Software-Defined Network (SDN) 199
On-premises 201
Centralized Versus Decentralized 201
Centralized Systems 201
Decentralized Systems 202
Containerization 202
Virtualization 206
Security Implications 206
IoT 208
Industrial Control Systems (ICS)/Supervisory Control and Data
Acquisition (SCADA) 210
Real-Time Operating System (RTOS) 213
Embedded Systems 214
High Availability 214
Considerations 215
Availability 215
Resilience 215
Cost 216
Responsiveness 216
Scalability 216
Ease of Deployment 216
Risk Transference 217
Ease of Recovery 217
Patch Availability 217
Inability to Patch 218
Power 218
Compute 218
Chapter Review Activities 219
Review Key Topics 219
Define Key Terms 219
Review Questions 220

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xvii

Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure 223
“Do I Know This Already?” Quiz 223
Foundation Topics 226
Infrastructure Considerations 226
Device Placement 226
Security Zones 226
Attack Surface 227
Connectivity 228
Failure Modes 228
Device Attribute 229
Active vs. Passive 229
Inline vs. Tap/Monitor 229
Network Appliances 230
Jump Servers 230
Proxy Servers 230
Intrusion Prevention System (IPS)/Intrusion Detection System (IDS) 233
Load Balancer 234
Sensors 235
Port Security 235
802.1X and EAP 236
IEEE 802.1X 239
Firewall Types 239
Web Application Firewall (WAF) 243
Unified Threat Management (UTM) 245
Next-Generation Firewall (NGFW) 246
Hardware vs. Software 247
Layer 4/Layer 7 248
Secure Communication/Access 249
Virtual Private Network (VPN) 249
Remote Access 251
Tunneling 254
Transport Layer Security (TLS) 254
Internet Protocol Security (IPsec) 257
IKEv1 Phase 1 257

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xviii CompTIA Security+ SY0-701 Cert Guide

IKEv1 Phase 2 261
IKEv2 264
Software-Defined Wide Area Network (SD-WAN) 265
Secure Access Service Edge (SASE) 265
Selection of Effective Controls 266
Chapter Review Activities 266
Review Key Topics 266
Define Key Terms 267
Review Questions 268
Chapter 12 
Comparing and Contrasting Concepts and Strategies to Protect
Data 271
“Do I Know This Already?” Quiz 271
Foundation Topics 274
Data Types 274
Data Classifications 275
General Data Considerations 276
Data States 276
Data at Rest 277
Data in Transit 277
Data in Use 278
Data Sovereignty 278
Geolocation 278
Methods to Secure Data 279
Geographic Restrictions 279
Encryption 279
Hashing 279
Masking 281
Tokenization 281
Obfuscation 281
Segmentation 281
Permission Restrictions 282
Chapter Review Activities 283
Review Key Topics 283
Define Key Terms 284
Review Questions 284

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xix

Chapter 13 
Understanding the Importance of Resilience and Recovery in
Security Architecture 287
“Do I Know This Already?” Quiz 287
Foundation Topics 291
High Availability 291
Key Components 291
Cloud Environments 291
Site Considerations 292
Platform Diversity 294
Multi-Cloud System 294
Continuity of Operations 294
Capacity Planning 295
Testing 296
Tabletop Exercises 296
Failover 297
Simulations 298
Parallel Processing 299
Backups 299
Power 301
Uninterruptible Power Supply (UPS) 301
Generators 301
Chapter Review Activities 302
Review Key Topics 302
Define Key Terms 302
Review Questions 303

Part IV: Security Operations
Chapter 14 
Applying Common Security Techniques to Computing
Resources 305
“Do I Know This Already?” Quiz 305
Foundation Topics 309
Secure Baselines 309
Inventory Assessment 309
Vulnerability Scanning 309
Minimum Configuration Standards 310

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xx CompTIA Security+ SY0-701 Cert Guide

Documentation 310
Deployment 310
Ongoing Maintenance 311
Hardening Targets 311
Wireless Devices 315
Mobile Solutions 318
Mobile Device Management 318
MDM Security Feature Concerns: Application and Content
Management 320
MDM Security Feature Concerns: Remote Wipe, Geofencing,
Geolocation, Screen Locks, Passwords and PINs, and Full Device
Encryption 322
Deployment Models 325
Secure Implementation of BYOD, CYOD, and COPE 326
Connection Methods 328
Secure Implementation Best Practices 330
Wireless Security Settings 331
Wi-Fi Protected Access 3 (WPA3) 332
Remote Authentication Dial-In User Service (RADIUS)
Federation 332
Cryptographic Protocols 334
Authentication Protocols 335
Application Security 336
Input Validations 337
Secure Cookies 337
Static Code Analysis 338
Code Signing 339
Sandboxing 340
Monitoring 340
Chapter Review Activities 341
Review Key Topics 341
Define Key Terms 342
Review Questions 342

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxi

Chapter 15 
Understanding the Security Implications of Hardware, Software, and
Data Asset Management 345
“Do I Know This Already?” Quiz 345
Foundation Topics 348
Acquisition/Procurement Process 348
Assignment/Accounting 350
Monitoring/Asset Tracking 350
Inventory 351
Enumeration 351
Disposal/Decommissioning 351
Sanitization 352
Destruction 352
Certification 353
Data Retention 353
Chapter Review Activities 354
Review Key Topics 354
Define Key Terms 354
Review Questions 354
Chapter 16 
Understanding Various Activities Associated with Vulnerability
Management 357
“Do I Know This Already?” Quiz 357
Foundation Topics 360
Identification Methods 360
Vulnerability Scan 360
Application Security 362
Threat Feed 364
Open-Source Intelligence (OSINT) 364
Proprietary/Third-Party 364
Information-Sharing Organization 364
Dark Web 365
Penetration Testing 366
Responsible Disclosure Program 366
Bug Bounty Program 367
System/Process Audit 367

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxii CompTIA Security+ SY0-701 Cert Guide

Analysis 367
Confirmation 368
Prioritize 368
Common Vulnerability Scoring System (CVSS) 368
Practical Utility 370
Common Vulnerability Enumeration (CVE) 370
Vulnerability Classification 370
Exposure Factor 371
Environmental Variables 372
Industry/Organizational Impact 372
Risk Tolerance 372
Vulnerability Response and Remediation 374
Patching 374
Insurance 374
Segmentation 374
Compensating Controls 375
Exceptions and Exemptions 375
Validation of Remediation 376
Rescanning 376
Audit 376
Verification 376
Reporting 377
Chapter Review Activities 378
Review Key Topics 378
Define Key Terms 379
Review Questions 379
Chapter 17 
Understanding Security Alerting and Monitoring Concepts and
Tools 381
“Do I Know This Already?” Quiz 381
Foundation Topics 383
Monitoring and Computing Resources 383
Activities 386
Log Aggregation 386
Alerting 388
Scanning 389

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxiii

Reporting 390
Archiving 391
Alert Response and Remediation/Validation 392
Tools 392
Security Content Automation Protocol (SCAP) 393
Benchmarks 395
Agents/Agentless 397
Security Information and Event Management (SIEM) 397
NetFlow 399
Antivirus Software 400
Data Loss Prevention (DLP) 401
Simple Network Management Protocol (SNMP) Traps 401
Vulnerability Scanners 403
Chapter Review Activities 405
Review Key Topics 405
Define Key Terms 406
Review Questions 406
Chapter 18 
Modifying Enterprise Capabilities to Enhance Security 409
“Do I Know This Already?” Quiz 409
Foundation Topics 413
Firewall 413
Rules 414
Access Lists 415
Ports/Protocols 416
Screened Subnet 417
IDS/IPS 418
Trends 419
Signatures 419
Web Filter 421
Operating System Security 423
Implementation of Secure Protocols 424
DNS Filtering 427
Email Security 427
File Integrity Monitoring 429

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxiv CompTIA Security+ SY0-701 Cert Guide

DLP 429
Network Access Control (NAC) 430
Endpoint Detection and Response (EDR)/Extended Detection and Response
(XDR) 430
User Behavior Analytics 431
Chapter Review Activities 432
Review Key Topics 432
Define Key Terms 433
Review Questions 433
Chapter 19 
Implementing and Maintaining Identity and Access
Management 435
“Do I Know This Already?” Quiz 435
Foundation Topics 439
Provisioning/De-provisioning User Accounts 439
Permission Assignments and Implications 439
Identity Proofing 441
Federation 441
Single Sign-On (SSO) 443
Lightweight Directory Access Protocol (LDAP) 443
OAuth 444
Security Assertion Markup Language 446
Interoperability 448
Attestation 449
Access Controls 450
Role-Based Access Control 450
Rule-Based Access Control 451
Mandatory Access Control 451
Discretionary Access Control 452
Attribute-Based Access Control (ABAC) 454
Time-of-Day Restrictions 455
Least Privilege 456
Multifactor Authentication (MFA) 456
Implementations 457
Biometrics 457
Hard and Soft Authentication Keys 457

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxv

Security Keys 458
Factors 459
Something You Know 459
Something You Have 459
Something You Are 460
Somewhere You Are 461
Password Concepts 461
Password Best Practices 461
Password Managers 464
Passwordless 465
Privileged Access Management Tools 465
Just-in-Time Permissions 466
Password Vaulting 466
Ephemeral Credentials 466
Chapter Review Activities 467
Review Key Topics 467
Define Key Terms 468
Review Questions 468
Chapter 20 
Understanding the Importance of Automation and Orchestration
Related to Secure Operations 471
“Do I Know This Already?” Quiz 471
Foundation Topics 474
Use Cases of Automation and Scripting 474
User Provisioning 474
Resource Provisioning 477
Guard Rails 477
Security Groups 477
Ticket Creation and Escalation 477
Continuous Integration and Testing 478
Integrations and Application Programming Interfaces (APIs) 479
Benefits 480
Efficiency/Time Saving 480
Enforcing Baselines 480
Standard Infrastructure Configurations 481
Scaling in a Secure Manner 481

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxvi CompTIA Security+ SY0-701 Cert Guide

Employee Retention 481
Reaction Time 482
Workforce Multiplier 482
Other Considerations 482
Complexity 482
Cost 483
Single Point of Failure 483
Technical Debt 483
Ongoing Supportability 484
Chapter Review Activities 485
Review Key Topics 485
Define Key Terms 486
Review Questions 486
Chapter 21 Understanding Appropriate Incident Response Activities 489
“Do I Know This Already?” Quiz 489
Foundation Topics 493
Process 493
Preparation 494
Detection 495
Analysis 496
Containment 496
Eradication 496
Recovery 497
Lessons Learned 497
Training 497
Testing 498
The Anatomy of a Tabletop Exercise 499
The Intricacies of Simulation Exercises 499
Mock Example of a Tabletop Exercise 500
Root Cause Analysis 501
Threat Hunting 502
Digital Forensics 502
Legal Hold 503
Chain of Custody 503

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxvii

Acquisition 503
Reporting 505
Preservation 505
E-Discovery 506
Chapter Review Activities 506
Review Key Topics 506
Define Key Terms 506
Review Questions 507
Chapter 22 Using Data Sources to Support an Investigation 509
“Do I Know This Already?” Quiz 509
Foundation Topics 512
Log Data 512
Firewall Logs 513
Application Logs 513
Endpoint Logs 515
OS-Specific Security Logs 515
IPS/IDS Logs 517
Network Logs 518
Metadata 518
Data Sources 521
Vulnerability Scans 522
Automated Reports 522
Dashboards 523
Packet Captures 525
Chapter Review Activities 525
Review Key Topics 525
Define Key Terms 526
Review Questions 526

Part V: Security Program Management and Oversight
Chapter 23 Summarizing Elements of Effective Security Governance 529
“Do I Know This Already?” Quiz 529
Foundation Topics 532
Guidelines 532
Policies 532

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxviii CompTIA Security+ SY0-701 Cert Guide

Acceptable Use 533
Information Security Policies 533
Business Continuity 535
Disaster Recovery 535
Incident Response 535
Software Development Lifecycle (SDLC) 536
Change Management 536
Standards 536
Password Standards 537
Access Control Standards 538
Physical Security Standards 539
Encryption Standards 539
Procedures 541
Change Management 541
Onboarding and Offboarding 542
Playbooks 542
External Considerations 543
Regulatory 543
Legal 544
Industry 544
Local/Regional 544
National 545
Global 545
Monitoring and Revision 545
Types of Governance Structures 546
Boards 546
Committees 547
Government Entities 547
Centralized/Decentralized 548
Centralized Governance 548
Decentralized Governance 548
Roles and Responsibilities for Systems and Data 549
Owners 549
Controllers 550

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxix

Processors 551
Custodians/Stewards 552
Chapter Review Activities 553
Review Key Topics 553
Define Key Terms 553
Review Questions 554
Chapter 24 Understanding Elements of the Risk Management Process 557
“Do I Know This Already?” Quiz 557
Foundation Topics 561
Risk Identification 561
Risk Assessment 562
Ad Hoc 562
Recurring 562
One-time 562
Continuous 562
Risk Analysis 563
Qualitative Risk Assessment 565
Quantitative Risk Assessment 565
Probability 567
Data-Driven Decision Making 568
Risk Prioritization 568
Financial Planning 568
Scenario Analysis 568
Communication and Reporting 568
Continuous Monitoring and Adjustment 568
Likelihood 569
Risk Categorization 569
Decision-Making Frameworks 569
Resource Allocation 569
Sensitivity Analysis 569
Stakeholder Communication 569
Exposure Factor 570
Impact 571

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxx CompTIA Security+ SY0-701 Cert Guide

Risk Register 572
Key Risk Indicators (KRIs) 572
Risk Owners 572
Risk Threshold 572
Risk Tolerance 574
Risk Appetite 574
Expansionary 574
Conservative 575
Neutral 575
Risk Management Strategies 575
Risk Transfer 576
Risk Acceptance 576
Risk Avoidance 576
Risk Mitigation 576
Risk Reporting 577
Business Impact Analysis 578
Recovery Time Objective (RTO) 579
Recovery Point Objective (RPO) 579
Mean Time to Repair (MTTR) 579
Mean Time Between Failures (MTBF) 580
Chapter Review Activities 582
Review Key Topics 582
Define Key Terms 582
Review Questions 583
Chapter 25 
Understanding the Processes Associated with Third-Party Risk
Assessment and Management 585
“Do I Know This Already?” Quiz 585
Foundation Topics 588
Vendor Assessment 588
Penetration Testing 589
Right-to-Audit Clause 589
Evidence of Internal Audits 590
Independent Assessments 590
Supply Chain Analysis 591

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxxi

Vendor Selection 591
Due Diligence 592
Conflict of Interest 592
Agreement Types 593
Vendor Monitoring 594
Questionnaires 594
Rules of Engagement 595
Chapter Review Activities 595
Review Key Topics 595
Define Key Terms 596
Review Questions 596
Chapter 26 Summarizing Elements of Effective Security Compliance 599
“Do I Know This Already?” Quiz 599
Foundation Topics 602
Compliance Reporting 602
Internal Reporting 603
External Reporting 603
Consequences of Non-compliance 603
Fines 603
Sanctions 604
Reputational Damage 604
Loss of License 604
Contractual Impacts 605
Compliance Monitoring 605
Due Diligence/Care 605
Attestation and Acknowledgment 607
Internal and External 608
Automation 608
Privacy 609
Legal Implications 609
Data Subject 611
Controller vs. Processor 611
Ownership 612

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxxii CompTIA Security+ SY0-701 Cert Guide

Data Inventory and Retention 612
Right to Be Forgotten 613
Chapter Review Activities 613
Review Key Topics 613
Define Key Terms 614
Review Questions 614
Chapter 27 Understanding Types and Purposes of Audits and Assessments 617
“Do I Know This Already?” Quiz 617
Foundation Topics 620
Attestation 620
Internal 621
External 622
Penetration Testing 623
Chapter Review Activities 628
Review Key Topics 628
Define Key Terms 629
Review Questions 629
Chapter 28 Implementing Security Awareness Practices 631
“Do I Know This Already?” Quiz 631
Foundation Topics 634
Phishing 634
Anomalous Behavior Recognition 635
User Guidance and Training 638
Reporting and Monitoring 641
Development 642
Execution 642
Chapter Review Activities 643
Review Key Topics 643
Define Key Terms 643
Review Questions 644

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Table of Contents xxxiii

Part VI: Final Preparation
Chapter 29 Final Preparation 647
Hands-on Activities 647
Suggested Plan for Final Review and Study 648
Summary 648
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review
Questions 649
Index 693

Online Elements
Appendix B Study Planner
Glossary of Key Terms

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxxiv CompTIA Security+ SY0-701 Cert Guide

About the Author

Lewis Heuermann, CISSP, PMP, is a Navy submarine veteran and seasoned
cybersecurity consultant who combines his extensive practical experience with deep
academic insight to make cybersecurity accessible to all learners. His diverse back-
ground includes roles in systems and network engineering, network defense analysis,
and cyber risk management. As a professor, he has developed and taught courses in
cybersecurity and data analytics, utilizing tools like Python, SQL, Power BI, and
Tableau. Lewis also holds several key IT certifications.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Dedication xxxv

Dedication

To Katie, my loving wife, whose unwavering support and encouragement have been my constant.
Your ability to keep me caffeinated and focused during those long-day and late-night writing
sessions has been nothing short of miraculous. You were the one who finally convinced me to stop
saying “One day…” when I talked about writing a book and instead say “Today….”
To Dominique, thank you for being a steadfast presence during all those early years of countless
nights I spent on the phone troubleshooting network and server issues. Your patience, encourage-
ment, and understanding during those challenging years played a significant role in my journey.
And to my wonderful children: When people tell you that you “can’t,” it just means they couldn’t.
Keep pushing and keep learning because “can’t” never could do anything.
—Lewis

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxxvi CompTIA Security+ SY0-701 Cert Guide

Acknowledgments

I extend my heartfelt thanks to the Pearson team, whose collective efforts have been
instrumental in bringing this book to fruition. Ellie, your remarkable skill in making
all the pieces of this complex puzzle fit seamlessly together is truly amazing. Chris,
your meticulous attention to detail has elevated the quality of this work beyond my
wildest imagination. Kitty, your sharp copyediting eye and expert grammar makes
the pages sing!
Nancy, you have been the foundation of our team, guiding us with kindness, support,
and an unwavering commitment to our collective goal. You saw something in me
early and helped turn my dream into a reality. To all of my many mentors over the
years, thank you for taking the time to slowly explain things to me when you didn’t
have the time to slow down. Each of you has contributed to this journey in unique
and meaningful ways, and for that, I am eternally grateful.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 About the Technical Reviewer xxxvii

About the Technical Reviewer

Chris Crayton is a technical consultant, trainer, author, and industry-leading
technical editor. He has worked as a computer technology and networking instruc-
tor, information security director, network administrator, network engineer, and
PC specialist. Chris has authored several print and online books on PC repair,
CompTIA A+, CompTIA Security+, and Microsoft Windows. He has also served as
technical editor and content contributor on numerous technical titles for several of
the leading publishing companies. He holds numerous industry certifications, has
been recognized with many professional and teaching awards, and has served as a
state-level SkillsUSA final competition judge. Chris tech edited and contributed to
this book to make it better for students and those wishing to better their lives.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xxxviii CompTIA Security+ SY0-701 Cert Guide

We Want to Hear from You!
As the reader of this book, you are our most important critic and commentator. We
value your opinion and want to know what we’re doing right, what we could do
better, what areas you’d like to see us publish in, and any other words of wisdom
you’re willing to pass our way.
We welcome your comments. You can email or write to let us know what you did or
didn’t like about this book—as well as what we can do to make our books better.
Please note that we cannot help you with technical problems related to the topic of this book.
When you write, please be sure to include this book’s title and author as well as your
name and email address. We will carefully review your comments and share them
with the author and editors who worked on the book.
Email: [email protected]

Reader Services
Register your copy of CompTIA Security+ SY0-701 Cert Guide for convenient
access to downloads, updates, and corrections as they become available. To start
the registration process, go to www.pearsonitcertification.com/register and log in
or create an account*. Enter the product ISBN 9780138293086 and click Submit.
When the process is complete, you will find any available bonus content under
Registered Products.
*Be sure to check the box that you would like to hear from us to receive exclusive
discounts on future editions of this product.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Introduction xxxix

Introduction

Welcome to CompTIA Security+ SY0-701 Cert Guide. The CompTIA Security+
certification is widely accepted as one of the first security certifications you should
attempt to attain in your information technology (IT) career. The CompTIA Secu-
rity+ certification exam is designed to be a vendor-neutral exam that measures your
knowledge of industry-standard technologies and methodologies. It acts as a great
stepping stone to other vendor-specific certifications and careers. We developed this
book to be something you can study from for the exam and keep on your bookshelf
for later use as a security resource.
We would like to note that it would not be possible to cover all security concepts
in depth in a single book. However, the Security+ exam objectives are looking for a
basic level of computer, networking, and organizational security knowledge. Keep
this in mind while reading through this text and remember that the main goal of this
text is to help you pass the Security+ exam, not to have an encyclopedic knowledge
of everything security—though you might get there someday!
As you read through this book, you will begin building your foundational knowledge,
gaining hands-on familiarity and the know-how to pass the CompTIA Security+ exam.
Good luck on the exam!

Goals and Methods
The number-one goal of this book is to help you pass the SY0-701 version of the
CompTIA Security+ certification exam. To that effect, we have filled this book and
practice exams with hundreds of questions/answers and explanations, including two
full practice exams. The exams are located in Pearson Test Prep practice test soft-
ware, in a custom test environment. These tests are meant to check your knowledge
and prepare you for the real exam.
The CompTIA Security+ certification exam requires familiarity with computer
security theory and hands-on knowledge. To aid you in understanding the Security+
certification objectives, this book uses the following methods:
Opening topics list: This list defines the topics covered in the chapter.
Foundation Topics: This is the heart of the chapter, explaining various topics
from a theory-based standpoint as well as from a hands-on perspective. This
section of each chapter includes in-depth descriptions, tables, and figures that
are geared toward helping you build your knowledge so that you can pass the
exam. Each chapter covers a full objective from the CompTIA Security+ exam
blueprint.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xl CompTIA Security+ SY0-701 Cert Guide

Key Topics: The Key Topic icons indicate important figures, tables, and lists
of information that you should know for the exam. They are interspersed
throughout the chapter and are listed in table format at the end of the chapter.
Key Terms: Key terms without definitions are listed at the end of each
chapter. See whether you can define them and then check your work against
the definitions provided in the glossary.
Review Questions: These questions and answers with explanations are meant
to gauge your knowledge of the subjects covered in the chapter. If an answer
to a question doesn’t come readily to you, be sure to review the corresponding
portion of the chapter.
Practice Exams: Practice exams are included in the Pearson Test Prep prac-
tice test software. These exams test your knowledge and skills in a realistic
testing environment. Take them after you have read through the entire book.
Gain a thorough understanding of each one before moving on to the next one.

Who Should Read This Book?
This book is for anyone who wants to start or advance a career in computer security.
Readers of this book may range from persons taking a Security+ course to individu-
als already in the field who want to keep their skills sharp or perhaps retain their job
due to a company policy mandating that they take the Security+ exam. Some infor-
mation assurance professionals who work for the Department of Defense (DoD) or
have privileged access to DoD systems are required to become Security+ certified as
per DoD directive 8570.01-Manual.
This book is also designed for people who plan on taking additional security-related
certifications after the CompTIA Security+ exam. The book is designed in such a
way to offer an easy transition to future certification studies.
Although not a prerequisite, it is recommended that CompTIA Security+ candi-
dates have at least two years of IT administration experience, with an emphasis on
hands-on and technical security concepts. The CompTIA Network+ certification is
also recommended as a prerequisite. Before you begin your Security+ studies, you
are expected to understand computer topics such as how to install operating systems
and applications and networking topics such as how to configure IP addressing and
what a VLAN is. This book shows you how to secure these technologies and protect
against possible exploits and attacks. Generally, for people looking to enter the IT
field, the CompTIA Security+ certification is attained after the A+ and Network+
certifications.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Introduction xli

CompTIA Security+ Exam Topics
If you haven’t downloaded the Security+ certification exam objectives from the
CompTIA website (https://certification.comptia.org), do so now. Save the PDF file
and print it out as well. It’s a big document, and you should review it carefully. Use
the blueprint’s exam objectives list and acronyms list to aid in your studies while you
use this book.
The following tables are excerpts from the exam objectives document. Table I-1 lists
the CompTIA Security+ domains and each domain’s percentage of the exam.

Table I-1 CompTIA Security+ Exam Domains
Domain Exam Topic % of Exam
1.0 General Security Concepts 12%
2.0 Threats, Vulnerabilities, and Mitigations 22%
3.0 Security Architecture 18%
4.0 Security Operations 28%
5.0 Security Program Management and Oversight 20%

The Security+ domains are further broken down into individual objectives. Table I-2
lists the CompTIA Security+ exam objectives and their related chapters in this book.
It does not list the bullets and sub-bullets for each objective.

Table I-2 CompTIA Security+ Exam Objectives
Objective Chapter(s)
1.1 Compare and contrast various types of security controls. 1
1.2 Summarize fundamental security concepts. 2
1.3 Explain the importance of change management processes and the impact 3
to security.
1.4 Explain the importance of using appropriate cryptographic solutions. 4
2.1 Compare and contrast common threat actors and motivations. 5
2.2 Explain common threat vectors and attack surfaces. 6
2.3 Explain various types of vulnerabilities. 7
2.4 Given a scenario, analyze indicators of malicious activity. 8

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xlii CompTIA Security+ SY0-701 Cert Guide

Objective Chapter(s)
2.5 Explain the purpose of mitigation techniques used to secure the 9
enterprise.
3.1 Compare and contrast security implications of different architecture 10
models.
3.2 Given a scenario, apply security principles to secure enterprise 11
infrastructure.
3.3 Compare and contrast concepts and strategies to protect data. 12
3.4 Explain the importance of resilience and recovery in security architecture. 13
4.1 Given a scenario, apply common security techniques to computing 14
resources.
4.2 Explain the security implications of proper hardware, software, and data 15
asset management.
4.3 Explain various activities associated with vulnerability management. 16
4.4 Explain security alerting and monitoring concepts and tools. 17
4.5 Given a scenario, modify enterprise capabilities to enhance security. 18
4.6 Given a scenario, implement and maintain identity and access 19
management.
4.7 Explain the importance of automation and orchestration related to secure 20
operations.
4.8 Explain appropriate incident response activities. 21
4.9 Given a scenario, use data sources to support an investigation. 22
5.1 Summarize elements of effective security governance. 23
5.2 Explain elements of the risk management process. 24
5.3 Explain the processes associated with third-party risk assessment and 25
management.
5.4 Summarize elements of effective security compliance. 26
5.5 Explain types and purposes of audits and assessments. 27
5.6 Given a scenario, implement security awareness practices. 28

Companion Website
Register this book to get access to the Pearson Test Prep practice test software and
other study materials, as well as additional bonus content. Check this site regularly
for new and updated postings written by the author that provide further insight into
the more troublesome topics on the exam. Be sure to check the box indicting that
you would like to hear from us to receive updates and exclusive discounts on future
editions of this product or related products.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Introduction xliii

To access the companion website, follow these steps:
Step 1. Go to www.pearsonitcertification.com/register and log in or create a
new account.
Step 2. On your Account page, tap or click the Registered Products tab and
then tap or click the Register Another Product link.
Step 3. Enter this book’s ISBN: 9780138293086.
Step 4. Answer the challenge question to provide proof of book ownership.
Step 5. Tap or click the Access Bonus Content link for this book to go to the
page where your downloadable content is available.

NOTE Please note that many of our companion content files can be very large,
especially image and video files.

If you are unable to locate the files for this title by following the preceding steps,
please visit http://www.pearsonitcertification.com/contact and select the Site
Problems/Comments option. Our customer service representatives will assist you.

How to Access the Pearson Test Prep (PTP) App
You have two options for installing and using the Pearson Test Prep application: a
web app and a desktop app. To use the Pearson Test Prep application, start by
finding the registration code that comes with the book. You can find the code in
these ways:
You can get your access code by registering the print ISBN (9780138293086)
on pearsonitcertification.com/register. Make sure to use the print book ISBN,
regardless of whether you purchased an eBook or the print book. After you
register the book, your access code will be populated on your account page
under the Registered Products tab. Instructions for how to redeem the code
are available on the book’s companion website by clicking the Access Bonus
Content link.
Premium Edition: If you purchase the Premium Edition eBook and Practice
Test directly from the Pearson IT Certification website, the code will be popu-
lated on your account page after purchase. Just log in at pearsonitcertification.
com, click Account to see details of your account, and click the digital
purchases tab.

NOTE After you register your book, your code can always be found in your account
under the Registered Products tab.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
xliv CompTIA Security+ SY0-701 Cert Guide

Once you have the access code, to find instructions about both the PTP web app
and the desktop app, follow these steps:
Step 1. Open this book’s companion website as shown earlier in this Introduction
under the heading, “Companion Website.”
Step 2. Click the Practice Test Software button.
Step 3. Follow the instructions listed there for both installing the desktop app
and using the web app.

Note that if you want to use the web app only at this point, just navigate to
pearsontestprep.com, log in using the same credentials used to register your book
or purchase the Premium Edition, and register this book’s practice tests using the
registration code you just found. The process should take only a couple of minutes.

Customizing Your Exams
When you are in the exam settings screen, you can choose to take exams in one of
three modes:
Study mode
Practice Exam mode
Flash Card mode

Study mode enables you to fully customize an exam and review answers as you are
taking the exam. This is typically the mode you use first to assess your knowledge
and identify information gaps. Practice Exam mode locks certain customization
options in order to present a realistic exam experience. Use this mode when you are
preparing to test your exam readiness. Flash Card mode strips out the answers and
presents you with only the question stem. This mode is great for late-stage prepa-
ration, when you really want to challenge yourself to provide answers without the
benefit of seeing multiple-choice options. This mode does not provide the detailed
score reports that the other two modes provide, so it is not the best mode for
helping you identify knowledge gaps.
In addition to these three modes, you will be able to select the source of your
questions. You can choose to take exams that cover all of the chapters, or you can
narrow your selection to just a single chapter or the chapters that make up specific
parts in the book. All chapters are selected by default. If you want to narrow your
focus to individual chapters, simply deselect all the chapters and then select only
those on which you wish to focus in the Objectives area.
There are several other customizations you can make to your exam from the exam
settings screen, such as the time allowed for taking the exam, the number of ques-
tions served up, whether to randomize questions and answers, whether to show the
Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Introduction xlv

number of correct answers for multiple-answer questions, and whether to serve up
only specific types of questions. You can also create custom test banks by selecting
only questions that you have marked or questions on which you have added notes.

Updating Your Exams
If you are using the online version of the Pearson Test Prep software, you should al-
ways have access to the latest version of the software as well as the exam data. If you
are using the Windows desktop version, every time you launch the software, it will
check to see if there are any updates to your exam data and automatically download
any changes made since the last time you used the software. This requires that you
be connected to the Internet at the time you launch the software.
Sometimes, due to a number of factors, the exam data might not fully download
when you activate your exam. If you find that figures or exhibits are missing, you
might need to manually update your exams.
To update a particular exam you have already activated and downloaded, simply
select the Tools tab and click the Update Products button. Again, this is only an
issue with the desktop Windows application.
If you wish to check for updates to the Windows desktop version of the Pearson
Test Prep exam engine software, simply select the Tools tab and click the Update
Application button. Doing so enables you to ensure that you are running the latest
version of the software engine.

Figure Credits
Cover: greenbutterfly/Shutterstock
Figure 2-2: Kyryl Gorlov/123RF
Figure 2-3: Aliaksandr Karankevich/123RF
Figure 2-5: rewelda/Shutterstock
Figure 8-1: WannaCry ransomware
Figure 10-1: Amazon Web Services, Inc
Figures 11-2, 11-9, 19-2, 19-6, 19-9, 22-2–22-4: Microsoft Corporation
Figures 14-2, 14-3: Cisco Systems, Inc
Figure 19-7: Robert Koczera/123RF
Figure 22-1: MaxBelkov
Figure 22-5: Google LLC
Figure 22-6: Tenable®, Inc
Figure 22-7: LogRhythm, Inc

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 This page intentionally left blank

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
This chapter covers the following topics related to Objective 1.1 (Compare
and contrast various types of security controls) of the CompTIA Security+
SY0-701 certification exam:

Categories
Control types

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 CHAPTER 1

Comparing and Contrasting
the Various Types of Controls
In this chapter you’ll learn about the various categories of controls, starting with an
overview of technical, managerial, operational, and physical controls. Additionally,
you learn the control types, including preventive, deterrent, detective, corrective,
compensating, and directive controls.

“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz enables you to assess whether you should
read this entire chapter thoroughly or jump to the “Chapter Review Activities”
section. If you are in doubt about your answers to these questions or your
own assessment of your knowledge of the topics, read the entire chapter.
Table 1-1 lists the major headings in this chapter and their corresponding “Do
I Know This Already?” quiz questions. You can find the answers in Appendix A,
“Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 1-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section Questions
Control Categories 1–5
Control Types 6–10

CAUTION The goal of self-assessment is to gauge your mastery of the topics
in this chapter. If you do not know the answer to a question or are only partially
sure of the answer, you should mark that question as wrong for purposes of self-
assessment. Giving yourself credit for an answer you correctly guess skews your
self-assessment results and might provide you with a false sense of security.

1. Which category of controls involves decisions and management of risk?
a. Operational controls
b. Managerial controls
c. Technical controls
d. Physical controls

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
4 CompTIA Security+ SY0-701 Cert Guide

2. The configuration and workings of firewalls and access control fall under
which category of controls?
a. Operational controls
b. Technical controls
c. Managerial controls
d. Physical controls

3. Which control category involves securing physical access to an organization’s
building and equipment?
a. Technical controls
b. Managerial controls
c. Operational controls
d. Physical controls

4. Which category of controls is executed by people and involves user awareness
and training?
a. Operational controls
b. Technical controls
c. Managerial controls
d. Physical controls

5. Security awareness training and formal change-management procedures are
examples of which category of controls?
a. Technical controls
b. Operational controls
c. Managerial controls
d. Physical controls

6. Which type of controls are implemented to prevent incidents from happening,
with examples such as access lists, passwords, and fences?
a. Detective controls
b. Corrective controls
c. Deterrent controls
d. Preventive controls

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Chapter 1: Comparing and Contrasting the Various Types of Controls 5

7. What type of controls are meant to deter threat actors from executing
offensive assaults on an environment, thereby preventing incidents from
occurring?
a. Deterrent controls
b. Corrective controls
c. Preventive controls
d. Detective controls

8. Detective controls are designed to do which of the following?
a. Correct a problem during an incident
b. Monitor and detect any unauthorized behavior or hazard
c. Deter potential attackers
d. Prevent incidents from happening

9. Corrective controls are used at which stage of an incident?
a. Before the event
b. During the event
c. After the event
d. They are not linked to a specific stage of an incident.

10. What is the main purpose of directive controls in an organization’s security
system?
a. To provide physical protection against threats
b. To guide the operation and use of systems within an organization
c. To prevent incidents from happening
d. To correct problems during an incident

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
6 CompTIA Security+ SY0-701 Cert Guide

Foundation Topics

Control Categories
Controls can be classified into four main categories—technical, managerial,
operational, and physical—as described in the sections that follow.

Technical Controls
Technical controls are logical controls executed by a computer, or technical, system.
Technical controls include authentication, access control, auditing, and cryptogra-
phy. You might encounter these technical controls in places like a security system
or logical access control. The configuration and workings of firewalls, session locks,
RADIUS servers, and RAID 5 arrays fall into this category, as do concepts such as
least-privilege implementation.

Managerial Controls
Managerial controls are techniques and concerns addressed by an organization’s
management (managers and executives). Generally, these controls focus on decisions
and the management of risk. They also concentrate on procedures, legal and regu-
latory policies, the software development lifecycle (SDLC), the computer security
lifecycle, information assurance, and vulnerability management/scanning. In short,
these controls focus on how the security of data and systems is managed. Manage-
rial, or administrative, controls include business and organizational processes and
procedures, such as security policies and procedures, personnel background checks,
security awareness training, and formal change-management procedures.

Operational Controls
Operational controls are controls executed by people that are designed to increase
individual and group system security. They include user awareness and training, fault
tolerance and disaster recovery plans, incident handling, computer support, baseline
configuration development, and environmental security. The people who carry out
the specific requirements of these controls must have technical expertise and under-
stand how to implement what management desires of them. Operational controls
include physical controls that form the outer line of defense against direct access
to data, such as protecting backup media; securing output and mobile file storage
devices; and paying attention to facility design details, including layout, doors,
guards, locks, and surveillance systems.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Chapter 1: Comparing and Contrasting the Various Types of Controls 7

Physical Controls
Physical controls can be considered the first line of defense in controlling access,
as a firewall is the first line of defense for a network. Implementing physical access
security methods should be a top priority for an organization. Unfortunately, secur-
ing physical access to an organization’s building sometimes slumps to the bottom of
the list. Or a system is employed, but it fails to mitigate risk properly. In some cases,
the system is not maintained well. Proper building entrance access and secure access
to physical equipment are vital. And anyone coming and going should be logged and
surveilled.
Operational/physical controls include organizational culture and physical controls
that form the outer line of defense against direct access to data, such as protecting
backup media; securing output and mobile file storage devices; and paying attention
to facility design details, including layout, doors, guards, locks, and surveillance
systems. For more in-depth information, physical security is covered in detail in
Chapter 2, “Summarizing Fundamental Security Concepts.”

Summary of Control Categories
Table 1-2 provides a quick comparison view of the different control categories.

Table 1-2 Summary of Control Categories
Category Description
Technical Technical/logical controls are security controls put in place that are executed
controls by technical systems. Technical controls include logical access control systems,
security systems, encryption, and data classification solutions.
Managerial Managerial, or administrative, controls include business and organizational
controls processes and procedures, such as security policies and procedures, personnel
background checks, security awareness training, and formal change-
management procedures.
Operational Operational controls encompass a range of procedures and actions carried out
controls by personnel to enhance the security of individual and group systems. These
controls include, but are not limited to, regular user training, implementation
of fault tolerance measures, formulation of disaster recovery plans, and
incident response coordination. Personnel responsible for these tasks must
have the necessary technical skills and align their actions with the strategic
security goals set by management.
Physical Physical controls are a category of security measures designed to prevent
controls unauthorized physical access to an organization’s facilities and resources. They
form a fundamental component of a layered defense strategy. Key elements
include controlling entry points to buildings, securing access to sensitive
equipment, and maintaining detailed logs of individuals’ movements within the
premises, alongside surveillance to monitor and record activities.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
8 CompTIA Security+ SY0-701 Cert Guide

Control Types
The following sections focus on control types, including preventive controls, deter-
rent controls, detective controls, corrective controls, compensating controls, and
directive controls.

Preventive Controls
Preventive controls are employed before an event occurs and are designed to pre-
vent incidents from occurring. Examples include biometric systems designed to keep
unauthorized persons out, network intrusion prevention systems (NIPSs) to prevent
malicious activity, and RAID 1 to prevent loss of data. They are also sometimes
referred to as deterrent controls. Preventive controls enforce security policy and are
meant to prevent incidents from happening. The only way to bypass a preventive
control is to find a flaw in its implementation or logic. These controls are usually
not optional. Examples of preventive controls include access lists, passwords, and
fences. Preventive controls include security awareness, separation of duties, access
control, security policies, and intrusion prevention systems.

Deterrent Controls
An organization uses deterrent controls to try to deter threat actors from executing
offensive assaults on its environment. The idea is that if potential threat actors see
that this type of control is in place, they may decide to move on. An example of this
type of control is an alarm system on a home. If a robber sees that the home clearly
has an alarm system, they may decide to move on to the next house. Similarly, if
threat actors on the Internet identify that an organization they are targeting is using
a specific type of technology that would make it more difficult for them to carry out
their attack, they may move on.
Deterrent controls are similar to preventive controls in the sense that the primary
objective is to prevent an incident from occurring, but the rationale behind deter-
rent controls is to discourage attackers from proceeding just because of the fact that
a control is in place. For example, a system banner warning that any unauthorized
attempt to log in will be monitored and punished is a type of deterrent control. In
fact, it would probably discourage casual users from attempting to access the sys-
tem; however, it might not block determined attackers from trying to log in to the
system. Deterrent controls are intended to discourage individuals from intentionally
violating information security policies or procedures. Examples of deterrent controls
include warnings indicating that systems are being monitored.

Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
 Chapter 1: Comparing and Contrasting the Various Types of Controls 9

Detective Controls
Detective controls aim at monitoring and detecting unauthorized behavior or haz-
ards. These types of controls are generally used to alert to failures in other types of
controls, such as preventive, deterrent, and compensating controls. Detective con-
trols are very powerful while an attack is taking place, and they are useful in post-
mortem analyses to understand what has happened. Audit logs, intrusion detection
systems (IDSs), motion detection, and security information and event management
(SIEM) systems are examples of detective controls.
Detective controls are used during an event to determine whether malicious activity
is occurring or has occurred. Examples include CCTV/video surveillance, alarms,
network intrusion detection systems (NIDSs), and auditing. Detective controls warn
that physical security measures are being violated and attempt to identify unwanted
events after they have occurred. Common technical detective controls include audit
trails, intrusion detection systems, system monitoring, checksums, and anti-malware.

Corrective Controls
Corrective controls are used after an event has occurred. They limit the extent of
damage and help the company recover from damage quickly. Tape backup, hot
sites, and other fault tolerance and disaster recovery methods are also included in
this category. Corrective controls, which are sometimes referred to as compensat-
ing controls, include all the controls used during an incident to correct a problem.
Quarantining an infected computer, sending a guard to block an intruder, and ter-
minating an employee for not having followed the security policy are all examples of
corrective controls. Corrective controls are reactive and provide measures to lessen
harmful effects or restore the system being impacted. Examples of corrective con-
trols include operating system upgrades, data backup restores, vulnerability mitiga-
tion, and anti-malware.

Compensating Controls
Also known as alternative controls, compensating controls are mechanisms put in
place to satisfy security requirements that are either impractical or too difficult to
implement. For example, instead of using expensive hardware-based encryption
modules, an organization might opt to use network access control (NAC), data loss
prevention (DLP), and other security methods. Or, on the personnel side, instead of
implementing separation of duties, an organization might opt to do additional log-
ging and auditing. You should approach compensating controls with great caution.
They do not give the same level of security as their replaced counterparts.
Of course, many security concepts can be placed in the category of physical as well
as other categories listed in the sections that follow. For example, a locking door
would be an example of a physical control as well as a preventive control.
Humble Bundle Pearson Cybersecurity – © Pearson. Do Not Distribute.
10 CompTIA Security+ SY0-701 Cert Guide

Compensating controls are alternative controls that are intended to reduce the risk
of an existing or potential control