Home > Store

View Larger Image

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

CompTIA Security+ SY0-701 Exam Cram, 7th Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $60.99
  • List Price: $109.98
  • About Premium Edition eBooks

    • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions

Add to cart

FREE SHIPPING!

More Purchase Options

Book

  • Your Price: $39.99
  • List Price: $49.99
  • Usually ships in 24 hours.
Add to cart

FREE SHIPPING!

Premium Edition eBook

  • Your Price: $47.99
  • List Price: $59.99
  • About Premium Edition eBooks

    • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions

Add to cart

Description

  • Copyright 2025
  • Dimensions: 6" x 9"
  • Pages: 688
  • Edition: 7th
  • Book
  • ISBN-10: 0-13-822557-5
  • ISBN-13: 978-0-13-822557-5

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.

Covers the critical information needed to score higher on your Security+ SY0-701 exam!

  • General security concepts
  • Threats, vulnerabilities, and mitigations
  • Security architecture
  • Security operations
  • Security program management and oversight

Prepare for your exam with Pearson Test Prep

  • Realistic practice questions and answers
  • Comprehensive reporting and feedback
  • Customized testing in study, practice exam, or flash card modes
  • Complete coverage of CompTIA Security+ SY0-701 exam objectives

Premium Edition

The CompTIA Security+ SY0-701 Exam Cram Premium Edition and Practice Test is a digital-only certification preparation product combining an eBook with an enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

  • The CompTIA Security+ SY0-701 Exam Cram Premium Edition Practice Test, including four full practice exams and enhanced practice test features
  • PDF and EPUB formats of the CompTIA Security+ SY0-701 Exam Cram from Pearson IT Certification, accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test software with four full practice exams. This integrated learning package:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed explanations to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

About the Premium Edition eBook

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet.

Covers the critical information needed to score higher on your Security+ SY0-701 exam!

  • General security concepts
  • Threats, vulnerabilities, and mitigations
  • Security architecture
  • Security operations
  • Security program management and oversight

Sample Content

Online Sample Chapter

Risk Management

Sample Pages

Download the sample pages (includes Chapter 2)

Table of Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi

Part 1: General Security Concepts 1

CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3

                Nature of Controls.. . . . . . . . . . . . . . . . . . . 3

                Functional Use of Controls.. . . . . . . . . . . . . . . . 4

                What Next?.. . . . . . . . . . . . . . . . . . . . . . 9

CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11

                Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12

                Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13

                Authentication, Authorization, and Accounting (AAA).. . . . . . . 13

                Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14

                Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15

                Physical Security. . . . . . . . . . . . . . . . . . . . 18

                Video Surveillance. . . . . . . . . . . . . . . . . . . 20

                Deception and Disruption Technology. . . . . . . . . . . . 23

                What Next?.. . . . . . . . . . . . . . . . . . . . . 26

CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27

                Change Management. . . . . . . . . . . . . . . . . . 28

                Business Processes Impacting Security Operations. . . . . . . . 28

                Technical Implications.. . . . . . . . . . . . . . . . . . 31

                Documentation. . . . . . . . . . . . . . . . . . . . 35

                Version Control.. . . . . . . . . . . . . . . . . . . . 36

                What Next?.. . . . . . . . . . . . . . . . . . . . . 38

CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39

                Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40

                Encryption. . . . . . . . . . . . . . . . . . . . . . 43

                Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55

                What Next?.. . . . . . . . . . . . . . . . . . . . . 80

Part 2: Threats, Vulnerabilities, and Mitigations 81

CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83

                Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84

                Motivations.. . . . . . . . . . . . . . . . . . . . . 90

                What Next?.. . . . . . . . . . . . . . . . . . . . . 96

CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97

                Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98

                What Next?.. . . . . . . . . . . . . . . . . . . . . 114

CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115

                Application. . . . . . . . . . . . . . . . . . . . . . 116

                Operating System-Based.. . . . . . . . . . . . . . . . . 118

                Web-Based. . . . . . . . . . . . . . . . . . . . . . 119

                Hardware. . . . . . . . . . . . . . . . . . . . . . 120

                Virtualization.. . . . . . . . . . . . . . . . . . . . . 121

                Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122

                Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123

                Cryptographic.. . . . . . . . . . . . . . . . . . . . 125

                Misconfiguration. . . . . . . . . . . . . . . . . . . . 126

                Mobile Device.. . . . . . . . . . . . . . . . . . . . 127

                Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127

                What Next?.. . . . . . . . . . . . . . . . . . . . . 130

CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131

                Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132

                Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138

                Network Attacks.. . . . . . . . . . . . . . . . . . . . 139

                Application Attacks.. . . . . . . . . . . . . . . . . . . 148

                Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153

                Password Attacks. . . . . . . . . . . . . . . . . . . . 154

                Indicators of Malicious Activity. . . . . . . . . . . . . . . 156

                What Next?.. . . . . . . . . . . . . . . . . . . . . 160

CHAPTER 9 Mitigation Techniques for Securing the Enterprise..  . . . . 161

                Segmentation.. . . . . . . . . . . . . . . . . . . . . 162

                Access Control.. . . . . . . . . . . . . . . . . . . . 162

                Application Allow List.. . . . . . . . . . . . . . . . . . 164

                Isolation. . . . . . . . . . . . . . . . . . . . . . . 165

                Patching.. . . . . . . . . . . . . . . . . . . . . . 165

                What Next?.. . . . . . . . . . . . . . . . . . . . . 176

Part 3: Security Architecture 177

CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179

                Architecture and Infrastructure Concepts. . . . . . . . . . . 180

                Considerations.. . . . . . . . . . . . . . . . . . . . 201

                What Next?.. . . . . . . . . . . . . . . . . . . . . 209

CHAPTER 11: Enterprise Architecture Security Principles.. . .  . . . . . . 211

                Infrastructure Considerations.. . . . . . . . . . . . . . . 212

                Secure Communication/Access.. . . . . . . . . . . . . . . 224

                Selection of Effective Controls.. . . . . . . . . . . . . . . 228

                What Next?.. . . . . . . . . . . . . . . . . . . . . 232

CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233

                Data Types. . . . . . . . . . . . . . . . . . . . . . 234

                Data Classifications.. . . . . . . . . . . . . . . . . . . 237

                General Data Considerations.. . . . . . . . . . . . . . . 238

                Methods to Secure Data. . . . . . . . . . . . . . . . . 240

                What Next?.. . . . . . . . . . . . . . . . . . . . . 246

CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247

                High Availability.. . . . . . . . . . . . . . . . . . . . 248

                Site Considerations.. . . . . . . . . . . . . . . . . . . 249

                Platform Diversity. . . . . . . . . . . . . . . . . . . 251

                Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252

                Continuity of Operations.. . . . . . . . . . . . . . . . . 252

                Capacity Planning. . . . . . . . . . . . . . . . . . . 253

                Testing.. . . . . . . . . . . . . . . . . . . . . . . 254

                Backups.. . . . . . . . . . . . . . . . . . . . . . . 255

                Power.. . . . . . . . . . . . . . . . . . . . . . . 261

                What Next?.. . . . . . . . . . . . . . . . . . . . . 264

Part 4: Security Operations 265

CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267

                Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268

                Hardening Targets.. . . . . . . . . . . . . . . . . . . 270

                Wireless Devices. . . . . . . . . . . . . . . . . . . . 278

                Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281

                Wireless Security Settings.. . . . . . . . . . . . . . . . 285

                Application Security.. . . . . . . . . . . . . . . . . . 289

                Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290

                Monitoring.. . . . . . . . . . . . . . . . . . . . . 291

                What Next?.. . . . . . . . . . . . . . . . . . . . . 293

CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295

                Acquisition/Procurement Process.. . . . . . . . . . . . . . 296

                Assignment/Accounting.. . . . . . . . . . . . . . . . . 297

                Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299

                Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300

                What Next?.. . . . . . . . . . . . . . . . . . . . . 305

CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307

                Identification Methods. . . . . . . . . . . . . . . . . . 308

                Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316

                Vulnerability Response and Remediation.. . . . . . . . . . . 322

                Validation of Remediation.. . . . . . . . . . . . . . . . 325

                Reporting. . . . . . . . . . . . . . . . . . . . . . 326

                What Next?.. . . . . . . . . . . . . . . . . . . . . 328

CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329

                Monitoring Computing Resources.. . . . . . . . . . . . . 330

                Activities.. . . . . . . . . . . . . . . . . . . . . . 332

                Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336

                What Next?.. . . . . . . . . . . . . . . . . . . . . 347

CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349

                Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350

                IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354

                Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357

                Operating System Security.. . . . . . . . . . . . . . . . 361

                Implementation of Secure Protocols.. . . . . . . . . . . . . 363

                DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366

                Email Security.. . . . . . . . . . . . . . . . . . . . 367

                File Integrity Monitoring. . . . . . . . . . . . . . . . . 369

                Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370

                Network Access Control (NAC).. . . . . . . . . . . . . . 371

                Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372

                User Behavior Analytics.. . . . . . . . . . . . . . . . . 373

                What Next?.. . . . . . . . . . . . . . . . . . . . . 375

CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377

                Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378

                Permission Assignments and Implications. . . . . . . . . . . 379

                Identity Proofing.. . . . . . . . . . . . . . . . . . . 381

                Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382

                Interoperability. . . . . . . . . . . . . . . . . . . . 385

                Attestation.. . . . . . . . . . . . . . . . . . . . . . 385

                Access Controls.. . . . . . . . . . . . . . . . . . . . 386

                Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388

                Password Concepts.. . . . . . . . . . . . . . . . . . . 395

                Privileged Access Management Tools. . . . . . . . . . . . . 397

                What Next?.. . . . . . . . . . . . . . . . . . . . . 400

CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401

                Use Cases of Automation and Scripting.. . . . . . . . . . . . 402

                Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405

                Other Considerations.. . . . . . . . . . . . . . . . . . 406

                What Next?.. . . . . . . . . . . . . . . . . . . . . 408

CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409

                Incident Response Process.. . . . . . . . . . . . . . . . 410

                Training and Testing.. . . . . . . . . . . . . . . . . . 411

                Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412

                Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413

                Digital Forensics. . . . . . . . . . . . . . . . . . . . 414

                What Next?.. . . . . . . . . . . . . . . . . . . . . 417

CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419

                Log Data.. . . . . . . . . . . . . . . . . . . . . . 419

                Data Sources.. . . . . . . . . . . . . . . . . . . . . 421

                What Next?.. . . . . . . . . . . . . . . . . . . . . 423

Part 5: Security Program Management and Oversight 425

CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427

                Governing Framework. . . . . . . . . . . . . . . . . . 428

                Policies.. . . . . . . . . . . . . . . . . . . . . . . 433

                Standards.. . . . . . . . . . . . . . . . . . . . . . 445

                Procedures.. . . . . . . . . . . . . . . . . . . . . . 447

                Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452

                External Considerations. . . . . . . . . . . . . . . . . 453

                Roles and Responsibilities for Systems and Data.. . . . . . . . . 460

                What Next?.. . . . . . . . . . . . . . . . . . . . . 464

CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465

                Risk Identification. . . . . . . . . . . . . . . . . . . 466

                Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466

                Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468

                Risk Register.. . . . . . . . . . . . . . . . . . . . . 472

                Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474

                Risk Management Strategies. . . . . . . . . . . . . . . . 475

                Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477

                Business Impact Analysis.. . . . . . . . . . . . . . . . . 478

                What Next?.. . . . . . . . . . . . . . . . . . . . . 483

CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485

                Third-Party Risk Management.. . . . . . . . . . . . . . . 486

                What Next?.. . . . . . . . . . . . . . . . . . . . . 494

CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495

                Compliance Reporting and Monitoring.. . . . . . . . . . . . 496

                Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501

                What Next?.. . . . . . . . . . . . . . . . . . . . . 507

CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509

                Audits and Assessments.. . . . . . . . . . . . . . . . . 510

                Penetration Testing.. . . . . . . . . . . . . . . . . . . 513

                What Next?.. . . . . . . . . . . . . . . . . . . . . 523

CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525

                Security Awareness.. . . . . . . . . . . . . . . . . . . 526

                What Next?.. . . . . . . . . . . . . . . . . . . . . 550

Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551

Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603

9780138225575, TOC, 7/3/2024

Updates

Submit Errata

More Information

vceplus-200-125    | boson-200-125    | training-cissp    | actualtests-cissp    | techexams-cissp    | gratisexams-300-075    | pearsonitcertification-210-260    | examsboost-210-260    | examsforall-210-260    | dumps4free-210-260    | reddit-210-260    | cisexams-352-001    | itexamfox-352-001    | passguaranteed-352-001    | passeasily-352-001    | freeccnastudyguide-200-120    | gocertify-200-120    | passcerty-200-120    | certifyguide-70-980    | dumpscollection-70-980    | examcollection-70-534    | cbtnuggets-210-065    | examfiles-400-051    | passitdump-400-051    | pearsonitcertification-70-462    | anderseide-70-347    | thomas-70-533    | research-1V0-605    | topix-102-400    | certdepot-EX200    | pearsonit-640-916    | itproguru-70-533    | reddit-100-105    | channel9-70-346    | anderseide-70-346    | theiia-IIA-CIA-PART3    | certificationHP-hp0-s41    | pearsonitcertification-640-916    | anderMicrosoft-70-534    | cathMicrosoft-70-462    | examcollection-cca-500    | techexams-gcih    | mslearn-70-346    | measureup-70-486    | pass4sure-hp0-s41    | iiba-640-916    | itsecurity-sscp    | cbtnuggets-300-320    | blogged-70-486    | pass4sure-IIA-CIA-PART1    | cbtnuggets-100-101    | developerhandbook-70-486    | lpicisco-101    | mylearn-1V0-605    | tomsitpro-cism    | gnosis-101    | channel9Mic-70-534    | ipass-IIA-CIA-PART1    | forcerts-70-417    | tests-sy0-401    | ipasstheciaexam-IIA-CIA-PART3    | mostcisco-300-135    | buildazure-70-533    | cloudera-cca-500    | pdf4cert-2v0-621    | f5cisco-101    | gocertify-1z0-062    | quora-640-916    | micrcosoft-70-480    | brain2pass-70-417    | examcompass-sy0-401    | global-EX200    | iassc-ICGB    | vceplus-300-115    | quizlet-810-403    | cbtnuggets-70-697    | educationOracle-1Z0-434    | channel9-70-534    | officialcerts-400-051    | examsboost-IIA-CIA-PART1    | networktut-300-135    | teststarter-300-206    | pluralsight-70-486    | coding-70-486    | freeccna-100-101    | digitaltut-300-101    | iiba-CBAP    | virtuallymikebrown-640-916    | isaca-cism    | whizlabs-pmp    | techexams-70-980    | ciscopress-300-115    | techtarget-cism    | pearsonitcertification-300-070    | testking-2v0-621    | isacaNew-cism    | simplilearn-pmi-rmp    | simplilearn-pmp    | educationOracle-1z0-809    | education-1z0-809    | teachertube-1Z0-434    | villanovau-CBAP    | quora-300-206    | certifyguide-300-208    | cbtnuggets-100-105    | flydumps-70-417    | gratisexams-1V0-605    | ituonline-1z0-062    | techexams-cas-002    | simplilearn-70-534    | pluralsight-70-697    | theiia-IIA-CIA-PART1    | itexamtips-400-051    | pearsonitcertification-EX200    | pluralsight-70-480    | learn-hp0-s42    | giac-gpen    | mindhub-102-400    | coursesmsu-CBAP    | examsforall-2v0-621    | developerhandbook-70-487    | root-EX200    | coderanch-1z0-809    | getfreedumps-1z0-062    | comptia-cas-002    | quora-1z0-809    | boson-300-135    | killtest-2v0-621    | learncia-IIA-CIA-PART3    | computer-gcih    | universitycloudera-cca-500    | itexamrun-70-410    | certificationHPv2-hp0-s41    | certskills-100-105    | skipitnow-70-417    | gocertify-sy0-401    | prep4sure-70-417    | simplilearn-cisa    |
http://www.pmsas.pr.gov.br/wp-content/    | http://www.pmsas.pr.gov.br/wp-content/    |