CCST Cisco Certified Support Technician Study Guide
38,99 €
Sofort verfügbar, Lieferzeit: Sofort lieferbar
CCST Cisco Certified Support Technician Study Guide, Wiley
Cybersecurity Exam
Von Todd Lammle, Jon Buhagiar, Donald Robb, Todd Montgomery, im heise shop in digitaler Fassung erhältlich
Produktinformationen "CCST Cisco Certified Support Technician Study Guide"
THE IDEAL PREP GUIDE FOR EARNING YOUR CCST CYBERSECURITY CERTIFICATIONCCST Cisco Certified Support Technician Study Guide: Cybersecurity Exam is the perfect way to study for your certification as you prepare to start or upskill your IT career. Written by industry expert and Cisco guru Todd Lammle, this Sybex Study Guide uses the trusted Sybex approach, providing 100% coverage of CCST Cybersecurity exam objectives. You’ll find detailed information and examples for must-know Cisco cybersecurity topics, as well as practical insights drawn from real-world scenarios. This study guide provides authoritative coverage of key exam topics, including essential security principles, basic network security concepts, endpoint security concepts, vulnerability assessment and risk management, and incident handling. You also get one year of FREE access to a robust set of online learning tools, including a test bank with hundreds of questions, a practice exam, a set of flashcards, and a glossary of important terminology. The CCST Cybersecurity certification is an entry point into the Cisco certification program, and a pathway to the higher-level CyberOps. It’s a great place to start as you build a rewarding IT career!
* Study 100% of the topics covered on the Cisco CCST Cybersecurity certification exam
* Get access to flashcards, practice questions, and more great resources online
* Master difficult concepts with real-world examples and clear explanations
* Learn about the career paths you can follow and what comes next after the CCST
This Sybex study guide is perfect for anyone wanting to earn their CCST Cybersecurity certification, including entry-level cybersecurity technicians, IT students, interns, and IT professionals. ABOUT THE AUTHORSTODD LAMMLE is the authority on Cisco certification and internetworking, and is Cisco certified in most Cisco certification categories. He is a world-renowned author, speaker, trainer, and consultant. Todd has published over 130 books, including the very popular CCNA Cisco Certified Network Associate Study Guide. You can reach Todd through his website at www.lammle.com. JON BUHAGIAR, CCNA, is an information technology professional with over two decades of experience in higher education. Currently, he is a director of information technology for RareMed Solutions. DONALD ROBB has over 15 years of experience with most areas of IT, including networking, security, collaboration, data center, cloud, SDN, and automation/devops. Visit his blog at https://www.the-packet-thrower.com and YouTube channel at https://www.youtube.com/c/ThePacketThrower. TODD MONTGOMERY is a Network Automation Engineer for a Fortune 500 company. He is involved with network design and implementation of emerging datacenter technologies, as well as software defined networking design plans, cloud design, and implementation.
Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
SYN Flood 5
Reflective/Amplified Attacks 7
On-Path Attack (Previously Known
as Man-in-the-Middle Attack) 8
DNS Poisoning 8
VLAN Hopping 9
ARP Spoofing 10
Rogue DHCP 10
IoT Vulnerabilities 11
Rogue Access Point (AP) 11
Evil Twin 12
Ransomware 12
Password Attacks 12
Brute-Force 13
Dictionary 13
Advanced Persistent Threat 13
Hardening Techniques 13
Changing Default Credentials 14
Avoiding Common Passwords 14
DHCP Snooping 14
Change Native VLAN 15
Patching and Updates 15
Upgrading Firmware 16
Defense in Depth 16
Social-Based Attacks 17
Social Engineering 17
Insider Threats 17
Phishing 18
Vishing 19
Smishing 20
Spear Phishing 20
Environmental 20
Tailgating 20
Piggybacking 21
Shoulder Surfing 21
Malware 21
Ransomware 21
Summary 22
Exam Essentials 23
Review Questions 24
Chapter 2 Network Security Devices 27
Confidentiality, Integrity, Availability (CIA) 28
Confidentiality 29
Integrity 29
Availability 29
Threats 29
Internal 29
External 30
Network Access Control 30
Posture Assessment 30
Guest Network 30
Persistent vs. Nonpersistent Agents 30
Honeypot 31
Wireless Networks 31
Wireless Personal Area Networks 31
Wireless Local Area Networks 32
Wireless Metro Area Networks 33
Wireless Wide Area Networks 33
Basic Wireless Devices 34
Wireless Access Points 34
Wireless Network Interface Card 36
Wireless Antennas 36
Wireless Principles 37
Independent Basic Service Set (Ad Hoc) 37
Basic Service Set 38
Infrastructure Basic Service Set 39
Service Set ID 40
Extended Service Set 40
Nonoverlapping Wi-Fi channels 42
2.4 GHz Band 42
5 GHz Band (802.11ac) 43
2.4 GHz / 5GHz (802.11n) 43
Wi-Fi 6 (802.11ax) 45
Interference 45
Range and Speed Comparisons 46
Wireless Security 46
Authentication and Encryption 46
WEP 48
WPA and WPA2: An Overview 48
Wi-Fi Protected Access 49
WPA2 Enterprise 49
802.11i 50
WPA3 50
WPA3-Personal 51
WPA3-Enterprise 51
Summary 52
Exam Essentials 53
Review Questions 54
Chapter 3 IP, IPv6, and NAT 57
TCP/IP and the DoD Model 58
The Process/Application Layer Protocols 60
Telnet 61
Secure Shell (SSH) 61
File Transfer Protocol (FTP) 62
Secure File Transfer Protocol 63
Trivial File Transfer Protocol (TFTP) 63
Simple Network Management Protocol (SNMP) 63
Hypertext Transfer Protocol (HTTP) 64
Hypertext Transfer Protocol Secure (HTTPS) 65
Network Time Protocol (NTP) 65
Domain Name Service (DNS) 65
Dynamic Host Configuration Protocol
(DHCP)/Bootstrap Protocol (BootP) 66
Automatic Private IP Addressing (APIPA) 69
The Host-to-Host or Transport Layer Protocols 69
Transmission Control Protocol (TCP) 70
User Datagram Protocol (UDP) 72
Key Concepts of Host-to-Host Protocols 74
Port Numbers 74
The Internet Layer Protocols 78
Internet Protocol (IP) 79
Internet Control Message Protocol (ICMP) 82
Address Resolution Protocol (ARP) 85
IP Addressing 86
IP Terminology 86
The Hierarchical IP Addressing Scheme 87
Network Addressing 88
Class A Addresses 90
Class B Addresses 91
Class C Addresses 92
Private IP Addresses (RFC 1918) 92
IPv4 Address Types 93
Layer 2 Broadcasts 94
Layer 3 Broadcasts 94
Unicast Address 94
Multicast Address 95
When Do We Use NAT? 96
Types of Network Address Translation 98
NAT Names 99
How NAT Works 100
Why Do We Need IPv6? 101
IPv6 Addressing and Expressions 102
Shortened Expression 103
Address Types 104
Special Addresses 105
Summary 106
Exam Essentials 107
Review Questions 110
Chapter 4 Network Device Access 115
Local Authentication 116
AAA Model 118
Authentication 119
Multifactor Authentication 119
Multifactor Authentication Methods 121
IPsec Transforms 165
Security Protocols 165
Encryption 167
GRE Tunnels 168
GRE over IPsec 169
Cisco DMVPN (Cisco Proprietary) 169
Cisco IPsec VTI 169
Public Key Infrastructure 170
Certification Authorities 170
Certificate Templates 172
Certificates 173
Summary 174
Exam Essentials 175
Review Questions 176
Chapter 6 OS Basics and Security 179
Operating System Security 180
Windows 180
Windows Defender Firewall 180
Scripting 184
Security Considerations 190
NTFS vs. Share Permissions 191
Shared Files and Folders 195
User Account Control 198
Windows Update 202
Application Patching 203
Device Drivers 204
macOS/Linux 204
System Updates/App Store 206
Patch Management 206
Firewall 207
Permissions 211
Driver/Firmware Updates 213
Operating Systems Life Cycle 214
System Logs 214
Event Viewer 214
Audit Logs 215
Syslog 216
Syslog Collector 216
Syslog Messages 217
Logging Levels/Severity Levels 218
Identifying Anomalies 218
SIEM 220
Summary 221
Exam Essentials 221
Review Questions 223
Chapter 7 Endpoint Security 225
Endpoint Tools 226
Command-Line Tools 226
netstat 227
nslookup 227
dig 228
ping 229
tracert 229
tcpdump 230
nmap 231
gpresult 232
Software Tools 232
Port Scanner 232
iPerf 233
IP Scanner 234
Endpoint Security and Compliance 234
Hardware Inventory 235
Asset Management Systems 235
Asset Tags 236
Software Inventory 236
Remediation 237
Considerations 238
Destruction and Disposal 238
Low-Level Format vs. Standard Format 239
Hard Drive Sanitation and Sanitation Methods 239
Overwrite 240
Drive Wipe 240
Physical Destruction 241
Data Backups 241
Regulatory Compliance 243
BYOD vs. Organization-Owned 243
Mobile Device Management (MDM) 244
Configuration Management 244
App Distribution 245
Data Encryption 245
Endpoint Recovery 248
Endpoint Protection 248
Cloud-Based Protection 250
Reviewing Scan Logs 250
Malware Remediation 254
Identify and Verify Malware Symptoms 254
Quarantine Infected Systems 254
Disable System Restore in Windows 255
Remediate Infected Systems 256
Schedule Scans and Run Updates 258
Enable System Restore and Create a
Restore Point in Windows 260
Educate the End User 261
Summary 261
Exam Essentials 261
Review Questions 263
Chapter 8 Risk Management 265
Risk Management 266
Elements of Risk 267
Vulnerabilities 269
Threats 270
Exploits 270
Assets 270
Risk Analysis 271
Risk Levels 272
Risk Matrix 272
Risk Prioritization 274
Data Classifications 275
Risk Mitigation 277
Introduction 278
Strategic Response 279
Action Plan 279
Implementation and Tracking 280
Security Assessments 281
Vulnerability Assessment 281
Penetration Testing 282
Posture Assessment 282
Change Management Best Practices 283
Documented Business Processes 284
Change Rollback Plan (Backout Plan) 284
Sandbox Testing 284
Responsible Staff Member 285
Request Forms 285
Purpose of Change 286
Scope of Change 286
Risk Review 287
Plan for Change 287
Change Board 288
User Acceptance 289
Summary 289
Exam Essentials 290
Review Questions 291
Chapter 9 Vulnerability Management 293
Vulnerabilities 294
Vulnerability Identification 294
Management 295
Mitigation 297
Active and Passive Reconnaissance 298
Port Scanning 298
Vulnerability Scanning 299
Packet Sniffing/Network Traffic Analysis 300
Brute-Force Attacks 301
Open-Source Intelligence (OSINT) 302
DNS Enumeration 302
Social Engineering 303
Testing 304
Port Scanning 304
Automation 304
Threat Intelligence 305
Vulnerability Databases 308
Limitations 309
Assessment Tools 310
Recommendations 312
Reports 314
Security Reports 314
Cybersecurity News 314
Subscription-based 315
Documentation 316
Updating Documentation 316
Security Incident Documentation 317
Documenting the Incident 318
Following the Right Chain of Custody 319
Securing and Sharing of Documentation 319
Reporting the Incident 320
Recovering from the Incident 321
Documenting the Incident 321
Reviewing the Incident 321
Documentation Best Practices for Incident Response 322
Summary 322
Exam Essentials 323
Review Questions 324
Chapter 10 Disaster Recovery 327
Disaster Prevention and Recovery 328
Data Loss 329
File Level Backups 329
Image-Based Backups 332
Critical Applications 332
Network Device Backup/Restore 332
Data Restoration Characteristics 333
Backup Media 333
Backup Methods 335
Backup Testing 336
Account Recovery Options 336
Online Accounts 336
Local Accounts 336
Domain Accounts 337
Facilities and Infrastructure Support 338
Battery Backup/UPS 338
Power Generators 339
Surge Protection 339
HVAC 340
Fire Suppression 342
Redundancy and High Availability
Concepts 343
Switch Clustering 343
Routers 344
Firewalls 345
Servers 345
Disaster Recovery Sites 345
Cold Site 345
Warm Site 346
Hot Site 346
Cloud Site 346
Active/Active vs. Active/Passive 346
Multiple Internet Service Providers/Diverse Paths 347
Testing 348
Tabletop Exercises 349
Validation Tests 349
Disaster Recovery Plan 350
Business Continuity Plan 352
Summary 352
Exam Essentials 353
Review Questions 354
Chapter 11 Incident Handling 357
Security Monitoring 358
Security Information and Event Management (SIEM) 359
Hosting Model 359
Detection Methods 359
Integration 360
Cost 360
Security Orchestration, Automation, and Response (SOAR) 361
Orchestration vs. Automation 362
Regulations and Compliance 362
Common Regulations 363
Data locality 363
Family Educational Rights and Privacy Act (FERPA) 364
Federal Information Security Modernization Act (FISMA) 365
Gramm–Leach–Bliley Act 366
General Data Protection Regulation (GDPR) 368
Health Insurance Portability and Accountability Act 369
Payment Card Industry Data Security Standards (PCI-DSS) 370
Reporting 371
Notifications 372
Summary 372
Exam Essentials 373
Review Questions 374
Chapter 12 Digital Forensics 377
Introduction 378
Forensic Incident Response 378
Attack Attribution 379
Cyber Kill Chain 380
MITRE ATT&CK Matrix 381
Diamond Model 382
Tactics, Techniques, and Procedures 383
Artifacts and Sources of Evidence 383
Evidence Handling 384
Preserving Digital Evidence 384
Chain of Custody 385
Summary 385
Exam Essentials 387
Review Questions 388
Chapter 13 Incident Response 391
Incident Handling 392
What Are Security Incidents? 393
Ransomware 393
Social Engineering 393
Phishing 393
DDoS Attacks 394
Supply Chain Attacks 394
Insider Threats 394
Incident Response Planning 394
Incident Response Plans 394
Incident Response Frameworks 395
Incident Preparation 396
Risk Assessments 397
Detection and Analysis 397
Containment 397
Eradication 397
Recovery 398
Post-incident Review 398
Lessons Learned 398
Creating an Incident Response Policy 399
Document How You Plan to Share Information with
Outside Parties 400
Interfacing with Law Enforcement 401
Incident Reporting Organizations 401
Handling an Incident 401
Preparation 401
Preventing Incidents 403
Detection and Analysis 404
Attack Vectors 404
Signs of an Incident 405
Precursors and Indicators Sources 406
Containment, Eradication, and Recovery 406
Choosing a Containment Strategy 406
Evidence Gathering and Handling 407
Attack Sources 409
Eradication and Recovery 409
Post-incident Activity 410
Using Collected Incident Data 411
Evidence Retention 412
Summary 412
Exam Essentials 412
Review Questions 414
Appendix A Answers to Review Questions 417
Chapter 1: Security Concepts 418
Chapter 2: Network Security Devices 419
Chapter 3: IP, IPv6, and NAT 420
Chapter 4: Network Device Access 422
Chapter 5: Secure Access Technology 424
Chapter 6: OS Basics and Security 425
Chapter 7: Endpoint Security 426
Chapter 8: Risk Management 428
Chapter 9: Vulnerability Management 429
Chapter 10: Disaster Recovery 431
Chapter 11: Incident Handling 432
Chapter 12: Digital Forensics 434
Chapter 13: Incident Response 435
Glossary 439
Index 497
* Study 100% of the topics covered on the Cisco CCST Cybersecurity certification exam
* Get access to flashcards, practice questions, and more great resources online
* Master difficult concepts with real-world examples and clear explanations
* Learn about the career paths you can follow and what comes next after the CCST
This Sybex study guide is perfect for anyone wanting to earn their CCST Cybersecurity certification, including entry-level cybersecurity technicians, IT students, interns, and IT professionals. ABOUT THE AUTHORSTODD LAMMLE is the authority on Cisco certification and internetworking, and is Cisco certified in most Cisco certification categories. He is a world-renowned author, speaker, trainer, and consultant. Todd has published over 130 books, including the very popular CCNA Cisco Certified Network Associate Study Guide. You can reach Todd through his website at www.lammle.com. JON BUHAGIAR, CCNA, is an information technology professional with over two decades of experience in higher education. Currently, he is a director of information technology for RareMed Solutions. DONALD ROBB has over 15 years of experience with most areas of IT, including networking, security, collaboration, data center, cloud, SDN, and automation/devops. Visit his blog at https://www.the-packet-thrower.com and YouTube channel at https://www.youtube.com/c/ThePacketThrower. TODD MONTGOMERY is a Network Automation Engineer for a Fortune 500 company. He is involved with network design and implementation of emerging datacenter technologies, as well as software defined networking design plans, cloud design, and implementation.
Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
Acknowledgments xxi
About the Authors xxiii
Introduction xxv
Assessment Test xxxv
Answer to Assessment Test xl
Chapter 1 Security Concepts 1
Technology-Based Attacks 2
Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3
The Ping of Death 3
Distributed DoS (DDoS) 3
Botnet/Command and Control 3
Traffic Spike 4
Coordinated Attack 4
Friendly/Unintentional DoS 4
Physical Attack 5
Permanent DoS 5
Smurf 5
SYN Flood 5
Reflective/Amplified Attacks 7
On-Path Attack (Previously Known
as Man-in-the-Middle Attack) 8
DNS Poisoning 8
VLAN Hopping 9
ARP Spoofing 10
Rogue DHCP 10
IoT Vulnerabilities 11
Rogue Access Point (AP) 11
Evil Twin 12
Ransomware 12
Password Attacks 12
Brute-Force 13
Dictionary 13
Advanced Persistent Threat 13
Hardening Techniques 13
Changing Default Credentials 14
Avoiding Common Passwords 14
DHCP Snooping 14
Change Native VLAN 15
Patching and Updates 15
Upgrading Firmware 16
Defense in Depth 16
Social-Based Attacks 17
Social Engineering 17
Insider Threats 17
Phishing 18
Vishing 19
Smishing 20
Spear Phishing 20
Environmental 20
Tailgating 20
Piggybacking 21
Shoulder Surfing 21
Malware 21
Ransomware 21
Summary 22
Exam Essentials 23
Review Questions 24
Chapter 2 Network Security Devices 27
Confidentiality, Integrity, Availability (CIA) 28
Confidentiality 29
Integrity 29
Availability 29
Threats 29
Internal 29
External 30
Network Access Control 30
Posture Assessment 30
Guest Network 30
Persistent vs. Nonpersistent Agents 30
Honeypot 31
Wireless Networks 31
Wireless Personal Area Networks 31
Wireless Local Area Networks 32
Wireless Metro Area Networks 33
Wireless Wide Area Networks 33
Basic Wireless Devices 34
Wireless Access Points 34
Wireless Network Interface Card 36
Wireless Antennas 36
Wireless Principles 37
Independent Basic Service Set (Ad Hoc) 37
Basic Service Set 38
Infrastructure Basic Service Set 39
Service Set ID 40
Extended Service Set 40
Nonoverlapping Wi-Fi channels 42
2.4 GHz Band 42
5 GHz Band (802.11ac) 43
2.4 GHz / 5GHz (802.11n) 43
Wi-Fi 6 (802.11ax) 45
Interference 45
Range and Speed Comparisons 46
Wireless Security 46
Authentication and Encryption 46
WEP 48
WPA and WPA2: An Overview 48
Wi-Fi Protected Access 49
WPA2 Enterprise 49
802.11i 50
WPA3 50
WPA3-Personal 51
WPA3-Enterprise 51
Summary 52
Exam Essentials 53
Review Questions 54
Chapter 3 IP, IPv6, and NAT 57
TCP/IP and the DoD Model 58
The Process/Application Layer Protocols 60
Telnet 61
Secure Shell (SSH) 61
File Transfer Protocol (FTP) 62
Secure File Transfer Protocol 63
Trivial File Transfer Protocol (TFTP) 63
Simple Network Management Protocol (SNMP) 63
Hypertext Transfer Protocol (HTTP) 64
Hypertext Transfer Protocol Secure (HTTPS) 65
Network Time Protocol (NTP) 65
Domain Name Service (DNS) 65
Dynamic Host Configuration Protocol
(DHCP)/Bootstrap Protocol (BootP) 66
Automatic Private IP Addressing (APIPA) 69
The Host-to-Host or Transport Layer Protocols 69
Transmission Control Protocol (TCP) 70
User Datagram Protocol (UDP) 72
Key Concepts of Host-to-Host Protocols 74
Port Numbers 74
The Internet Layer Protocols 78
Internet Protocol (IP) 79
Internet Control Message Protocol (ICMP) 82
Address Resolution Protocol (ARP) 85
IP Addressing 86
IP Terminology 86
The Hierarchical IP Addressing Scheme 87
Network Addressing 88
Class A Addresses 90
Class B Addresses 91
Class C Addresses 92
Private IP Addresses (RFC 1918) 92
IPv4 Address Types 93
Layer 2 Broadcasts 94
Layer 3 Broadcasts 94
Unicast Address 94
Multicast Address 95
When Do We Use NAT? 96
Types of Network Address Translation 98
NAT Names 99
How NAT Works 100
Why Do We Need IPv6? 101
IPv6 Addressing and Expressions 102
Shortened Expression 103
Address Types 104
Special Addresses 105
Summary 106
Exam Essentials 107
Review Questions 110
Chapter 4 Network Device Access 115
Local Authentication 116
AAA Model 118
Authentication 119
Multifactor Authentication 119
Multifactor Authentication Methods 121
IPsec Transforms 165
Security Protocols 165
Encryption 167
GRE Tunnels 168
GRE over IPsec 169
Cisco DMVPN (Cisco Proprietary) 169
Cisco IPsec VTI 169
Public Key Infrastructure 170
Certification Authorities 170
Certificate Templates 172
Certificates 173
Summary 174
Exam Essentials 175
Review Questions 176
Chapter 6 OS Basics and Security 179
Operating System Security 180
Windows 180
Windows Defender Firewall 180
Scripting 184
Security Considerations 190
NTFS vs. Share Permissions 191
Shared Files and Folders 195
User Account Control 198
Windows Update 202
Application Patching 203
Device Drivers 204
macOS/Linux 204
System Updates/App Store 206
Patch Management 206
Firewall 207
Permissions 211
Driver/Firmware Updates 213
Operating Systems Life Cycle 214
System Logs 214
Event Viewer 214
Audit Logs 215
Syslog 216
Syslog Collector 216
Syslog Messages 217
Logging Levels/Severity Levels 218
Identifying Anomalies 218
SIEM 220
Summary 221
Exam Essentials 221
Review Questions 223
Chapter 7 Endpoint Security 225
Endpoint Tools 226
Command-Line Tools 226
netstat 227
nslookup 227
dig 228
ping 229
tracert 229
tcpdump 230
nmap 231
gpresult 232
Software Tools 232
Port Scanner 232
iPerf 233
IP Scanner 234
Endpoint Security and Compliance 234
Hardware Inventory 235
Asset Management Systems 235
Asset Tags 236
Software Inventory 236
Remediation 237
Considerations 238
Destruction and Disposal 238
Low-Level Format vs. Standard Format 239
Hard Drive Sanitation and Sanitation Methods 239
Overwrite 240
Drive Wipe 240
Physical Destruction 241
Data Backups 241
Regulatory Compliance 243
BYOD vs. Organization-Owned 243
Mobile Device Management (MDM) 244
Configuration Management 244
App Distribution 245
Data Encryption 245
Endpoint Recovery 248
Endpoint Protection 248
Cloud-Based Protection 250
Reviewing Scan Logs 250
Malware Remediation 254
Identify and Verify Malware Symptoms 254
Quarantine Infected Systems 254
Disable System Restore in Windows 255
Remediate Infected Systems 256
Schedule Scans and Run Updates 258
Enable System Restore and Create a
Restore Point in Windows 260
Educate the End User 261
Summary 261
Exam Essentials 261
Review Questions 263
Chapter 8 Risk Management 265
Risk Management 266
Elements of Risk 267
Vulnerabilities 269
Threats 270
Exploits 270
Assets 270
Risk Analysis 271
Risk Levels 272
Risk Matrix 272
Risk Prioritization 274
Data Classifications 275
Risk Mitigation 277
Introduction 278
Strategic Response 279
Action Plan 279
Implementation and Tracking 280
Security Assessments 281
Vulnerability Assessment 281
Penetration Testing 282
Posture Assessment 282
Change Management Best Practices 283
Documented Business Processes 284
Change Rollback Plan (Backout Plan) 284
Sandbox Testing 284
Responsible Staff Member 285
Request Forms 285
Purpose of Change 286
Scope of Change 286
Risk Review 287
Plan for Change 287
Change Board 288
User Acceptance 289
Summary 289
Exam Essentials 290
Review Questions 291
Chapter 9 Vulnerability Management 293
Vulnerabilities 294
Vulnerability Identification 294
Management 295
Mitigation 297
Active and Passive Reconnaissance 298
Port Scanning 298
Vulnerability Scanning 299
Packet Sniffing/Network Traffic Analysis 300
Brute-Force Attacks 301
Open-Source Intelligence (OSINT) 302
DNS Enumeration 302
Social Engineering 303
Testing 304
Port Scanning 304
Automation 304
Threat Intelligence 305
Vulnerability Databases 308
Limitations 309
Assessment Tools 310
Recommendations 312
Reports 314
Security Reports 314
Cybersecurity News 314
Subscription-based 315
Documentation 316
Updating Documentation 316
Security Incident Documentation 317
Documenting the Incident 318
Following the Right Chain of Custody 319
Securing and Sharing of Documentation 319
Reporting the Incident 320
Recovering from the Incident 321
Documenting the Incident 321
Reviewing the Incident 321
Documentation Best Practices for Incident Response 322
Summary 322
Exam Essentials 323
Review Questions 324
Chapter 10 Disaster Recovery 327
Disaster Prevention and Recovery 328
Data Loss 329
File Level Backups 329
Image-Based Backups 332
Critical Applications 332
Network Device Backup/Restore 332
Data Restoration Characteristics 333
Backup Media 333
Backup Methods 335
Backup Testing 336
Account Recovery Options 336
Online Accounts 336
Local Accounts 336
Domain Accounts 337
Facilities and Infrastructure Support 338
Battery Backup/UPS 338
Power Generators 339
Surge Protection 339
HVAC 340
Fire Suppression 342
Redundancy and High Availability
Concepts 343
Switch Clustering 343
Routers 344
Firewalls 345
Servers 345
Disaster Recovery Sites 345
Cold Site 345
Warm Site 346
Hot Site 346
Cloud Site 346
Active/Active vs. Active/Passive 346
Multiple Internet Service Providers/Diverse Paths 347
Testing 348
Tabletop Exercises 349
Validation Tests 349
Disaster Recovery Plan 350
Business Continuity Plan 352
Summary 352
Exam Essentials 353
Review Questions 354
Chapter 11 Incident Handling 357
Security Monitoring 358
Security Information and Event Management (SIEM) 359
Hosting Model 359
Detection Methods 359
Integration 360
Cost 360
Security Orchestration, Automation, and Response (SOAR) 361
Orchestration vs. Automation 362
Regulations and Compliance 362
Common Regulations 363
Data locality 363
Family Educational Rights and Privacy Act (FERPA) 364
Federal Information Security Modernization Act (FISMA) 365
Gramm–Leach–Bliley Act 366
General Data Protection Regulation (GDPR) 368
Health Insurance Portability and Accountability Act 369
Payment Card Industry Data Security Standards (PCI-DSS) 370
Reporting 371
Notifications 372
Summary 372
Exam Essentials 373
Review Questions 374
Chapter 12 Digital Forensics 377
Introduction 378
Forensic Incident Response 378
Attack Attribution 379
Cyber Kill Chain 380
MITRE ATT&CK Matrix 381
Diamond Model 382
Tactics, Techniques, and Procedures 383
Artifacts and Sources of Evidence 383
Evidence Handling 384
Preserving Digital Evidence 384
Chain of Custody 385
Summary 385
Exam Essentials 387
Review Questions 388
Chapter 13 Incident Response 391
Incident Handling 392
What Are Security Incidents? 393
Ransomware 393
Social Engineering 393
Phishing 393
DDoS Attacks 394
Supply Chain Attacks 394
Insider Threats 394
Incident Response Planning 394
Incident Response Plans 394
Incident Response Frameworks 395
Incident Preparation 396
Risk Assessments 397
Detection and Analysis 397
Containment 397
Eradication 397
Recovery 398
Post-incident Review 398
Lessons Learned 398
Creating an Incident Response Policy 399
Document How You Plan to Share Information with
Outside Parties 400
Interfacing with Law Enforcement 401
Incident Reporting Organizations 401
Handling an Incident 401
Preparation 401
Preventing Incidents 403
Detection and Analysis 404
Attack Vectors 404
Signs of an Incident 405
Precursors and Indicators Sources 406
Containment, Eradication, and Recovery 406
Choosing a Containment Strategy 406
Evidence Gathering and Handling 407
Attack Sources 409
Eradication and Recovery 409
Post-incident Activity 410
Using Collected Incident Data 411
Evidence Retention 412
Summary 412
Exam Essentials 412
Review Questions 414
Appendix A Answers to Review Questions 417
Chapter 1: Security Concepts 418
Chapter 2: Network Security Devices 419
Chapter 3: IP, IPv6, and NAT 420
Chapter 4: Network Device Access 422
Chapter 5: Secure Access Technology 424
Chapter 6: OS Basics and Security 425
Chapter 7: Endpoint Security 426
Chapter 8: Risk Management 428
Chapter 9: Vulnerability Management 429
Chapter 10: Disaster Recovery 431
Chapter 11: Incident Handling 432
Chapter 12: Digital Forensics 434
Chapter 13: Incident Response 435
Glossary 439
Index 497
Artikel-Details
- Anbieter:
- Wiley
- Autor:
- Donald Robb, Jon Buhagiar, Todd Lammle, Todd Montgomery
- Artikelnummer:
- 9781394207367
- Veröffentlicht:
- 21.03.25
- Seitenanzahl:
- 496