ࡱ> kmjc  bjbjZWZW DR8=`\8=`\PW++d9d9d9d9d9x9x9x989L9|x9rFx::(:::;;;EEEEEEE$2JL:Fd9;;;;;Fd9d9::4,F>>>;Rd9:d9:E>;E>>:C,YD:}v!eo<<RC EBF0rFDR"N<l"NYDYD"Nd9D;;>;;;;;FF=;;;rF;;;;"N;;;;;;;;;+> *8: CompTIA Cybersecurity Analyst (CSA+) Cert Guide First Edition Copyright 2017 Pearson Education, Inc. ISBN-10: 0-7897-5695-1 ISBN-13: 978-0-7897-5695-4 Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it. When reviewing corrections, always check the print number of your book. Corrections are made to printed books with each subsequent printing. First Printing: June 2017 Corrections for December 07, 2017 PgError Second PrintingCorrection3Chapter 1, Do I Know This Already? Quiz, Question 1 Reads: 1. You would like to determine whether any services that are available on the network devices should NOT be available. Which of the following can you use to identify this?Should read: You would like to determine if any services are available on the network devices that should not be. Which of the following can you use to identify this? 38Chapter 2, Do I Know This Already? Quiz, Question 2 Reads: 2. After a new application is installed on an image that will be used in the Sales department, the application fails to function. You would like to examine the logs on the reference machine to see what may have gone wrong in the installation. Which of the following Windows logs focuses on events that occur during the installation of a program?Should read: 2. After installing a new application on an image that will be used in the Sales department, the application fails to function. You would like to examine the logs on the reference machine to see what may have gone wrong in the installation. Which of the following Windows logs focuses on events that occur during the installation of a program?81Chapter 3, First Paragraph after Second Set of Bullets Reads: For example, the following ACL permits the entire 172.168.5.0 subnet and denies 192.168.5.5: Corp(config)# access-list 10 permit 172.168.5.0 0.0.0.255 Corp(config)# access-list 10 deny 192.168.5.5 If your intent is to deny the device at 172.16.5.5, you have failed. Because this address lies within the 172.168.5.0 network, it will be allowed because the permit rule is ahead of the deny rule. You could solve this by reordering the rules in the following way: Corp(config)# access-list 10 deny 192.168.5.5 Corp(config)# access-list 10 permit 172.168.5.0 0.0.0.255Should read: For example, the following ACL permits the entire 172.168.5.0 subnet and denies HYPERLINK "http://172.168.5.5/" \t "_blank" 172.168.5.5: Corp(config)# access-list 10 permit 172.168.5.0 0.0.0.255 Corp(config)# access-list 10 deny 172.168.5.5 If your intent is to deny the device at 172.16.5.5, you have failed. Because this address lies within the 172.168.5.0 network, it will be allowed because the permit rule is ahead of the deny rule. You could solve this by reordering the rules in the following way: Corp(config)# access-list 10 deny 172.168.5.5 Corp(config)# access-list 10 permit 172.168.5.0 0.0.0.255247Chapter 9, Review Question 2 Reads: 2. Which segmentation approach works well for a single compromised system but becomes cumbersome when multiple devices are involved?Should read: 2. Which approach works well for a single compromised system but becomes cumbersome when multiple devices are involved?477Appendix A, Chapter 9, Review Questions, Answer to Question 2 Reads: 2. C. Isolation typically is implemented by either blocking all traffic to and from a device or devices or by shutting down device interfaces This approach works well for a single compromised system but becomes cumbersome when multiple devices are involved. In that case, segmentation may be a more advisable approach.Should Read: 2. B. Isolation typically is implemented by either blocking all traffic to and from a device or devices or by shutting down device interfaces This approach works well for a single compromised system but becomes cumbersome when multiple devices are involved. In that case, segmentation may be a more advisable approach.484Appendix A, Chapter 12, Review Questions, Answer to Question 5 Reads: 5. C. Due diligence and due care are two related terms that deal with liability. Due diligence means that an organization understands the security risks it faces and has taken reasonable measures to meet those risks. Due care means that an organization takes all the actions it can reasonably take to prevent security issues or to mitigate damage if security breaches occur. Due care and due diligence often go hand-in-hand but must be understood separately before they can be considered together.Should read: 5. A. Due diligence and due care are two related terms that deal with liability. Due diligence means that an organization understands the security risks it faces and has taken reasonable measures to meet those risks. Due care means that an organization takes all the actions it can reasonably take to prevent security issues or to mitigate damage if security breaches occur. Due care and due diligence often go hand-in-hand but must be understood separately before they can be considered together. Corrections for July 21, 2017 PgError First PrintingCorrection81Chapter 3, Paragraph before Sinkhole, First Sentence Reads: If your intent is to deny the device at 172.16.5.5, you have failed.Should Read: If your intent was to deny the device at 172.168.5.5, you have failed.81Chapter 3, Code before Sinkhole Reads: Corp(config)# access-list 10 deny 192.168.5.5 Corp(config)# access-list 10 permit 172.168.5.0 0.0.0.255Should read: Corp(config)# access-list 10 permit 172.168.5.5.0 0.0.0.255 Corp(config)# access-list 10 deny 172.168.5.5465Appendix A, Chapter 3, Review Questions, Answer 9 Reads: 9. D.Should read: 9. B. This errata sheet is intended to provide updated technical information. Spelling and grammar misprints are updated during the reprint process, but are not listed on this errata sheet.     MACGLOBL.DOT  DATE \l 12/7/2017 TIME 8:18 AM Updated 12/07/2017 06>?@PQbhipr   Ľ|q|i^SKhC?#OJQJhC?#56OJQJh[56OJQJhySOJQJhRwh0OJQJh0OJQJhRwh1 OJQJhRwhhN5OJQJhRwhRwOJQJh*OJQJhhN5OJQJhRYOJQJ hchc hBhB#hRYhB5CJOJQJ^JaJ#hRYhRY5CJOJQJ^JaJ hRYhRYCJOJQJ^JaJ0>?@iT  ! 9 D $Ifgd`}P :$If]:gd`}P  p@@gdC?# $ p@@a$gd0o$a$o$a$gd0n$a$gdcgdB$a$gd- D E R q r / >   ˴ᜇkgZD-Z,h"&x5CJOJPJQJ\^JaJnHtH+h[h"&xOJPJQJ\^JaJnHtHh/h/OJQJaJh[6h[h[B*OJQJ^JaJfHph"""q (h[h[OJPJQJ^JaJnHtH.h[h[5OJPJQJ\^JaJnHtH,h[5CJOJPJQJ\^JaJnHtH+h[h[OJPJQJ\^JaJnHtHh[h[OJQJaJhC?#OJQJhC?#5OJQJD E G } 0 = > wfYY@YYd$7$8$H$If^`gd[ $Ifgd`}P :$If]:gd`}Pkd$$IflFv2r0 3    4 layt`}P>   caPCC $Ifgd`}P :$If]:gd`}Pkd$$IflFv2r0 3    4 layt`}P & F V$If^Vgd[  t{ƸƜƏxcL2L22hA-!h|5CJOJPJQJ\^J aJnHtH,hA-!h|CJOJPJQJ^JaJnHtH(h|h|OJPJQJ^JaJnHtHh[OJQJaJh|hC?#OJQJaJh|h|OJQJaJ6h/h/B*OJQJ^JaJfHph"""q h/h/5OJQJaJh/h/OJQJaJ(h/h/OJPJQJ^JaJnHtH.h/h/5OJPJQJ\^JaJnHtH u<kd,$$IflFv2r0 3    4 layt`}P V$If^V`gd/ $Ifgd`}PVd$7$8$H$If^V`gd/z{VcdZc$-DIfM gd|d$-DIfM gd| $Ifgd|d$7$8$H$Ifgd| $Ifgd`}P :$If]:gd`}P*UbcdӼubSb*B*OJQJ^JaJphh|h|OJQJ^JaJ%jh|h|OJQJU^JaJ%h|h|B*OJQJ^JaJph"""h|hC?#OJQJaJh|h|OJQJaJ2hA-!h|5CJOJPJQJ\^J aJnHtH,hA-!h|CJOJPJQJ^JaJnHtH(h|h|OJPJQJ^JaJnHtH.h|h|5OJPJQJ\^J aJnHtH,:Z[dryJzbMzbMz@h|h|OJQJaJ(h/h/OJPJQJ^JaJnHtH.h/h/5OJPJQJ\^JaJnHtHh/h/OJQJaJh|hC?#OJQJaJ(h|h|5B*OJQJ^JaJph""",hA-!h|5B*CJOJQJ^JaJph""")hA-!h|B*CJOJQJ^JaJph"""%h|h|B*OJQJ^JaJph"""-h|h|B*OJQJ^JaJnHph"""tHceTGG $Ifgd`}P :$If]:gd`}Pkd$$IflFv2r0 3    4 layt`}P$-DIfM gd|z<kdX$$IflFv2r0 3    4 layt`}P V$If^V`gd[ $Ifgd`}PVd$7$8$H$If^V`gd[CJ V$If^V`gd|Vd$7$8$H$If^V`gd| $Ifgd`}P :$If]:gd`}PJK!"!"#!&3ӴƧzezZOD9hRY56OJQJhY$356OJQJhhN556OJQJhC?#56OJQJ(h/5OJPJQJ\^JaJnHtH(h/h/OJPJQJ^JaJnHtH.h/h/5OJPJQJ\^JaJnHtHh/h/OJQJaJ"h|OJPJQJ^JaJnHtHh|h|OJQJaJ(h|h|OJPJQJ^JaJnHtH.h|h|5OJPJQJ\^JaJnHtH! !wfYY@YYVd$7$8$H$If^V`gd/ $Ifgd`}P :$If]:gd`}Pkd$$IflFv2r0 3    4 layt`}P!"47Nb[[M@ $IfgdY3 :$If]: p@@kd$$IflFv2r0 3    4 layt`}P V$If^V`gd/34<MYZ234^lɼުފkQkQkQ2hpnhpn5CJOJPJQJ\^J aJnHtH,hpnhpnCJOJPJQJ^JaJnHtHhpnOJQJhRYhRYOJQJ(hRYhpnOJPJQJ^JaJnHtH"hpnOJPJQJ^JaJnHtHhRYhRYOJQJaJ(hRYhRYOJPJQJ^JaJnHtHhRYOJQJhRY5OJQJhhN55OJQJhhN5OJQJNYZ]m_RRR $IfgdY3 :$If]:kd$$IflFv2r0 3    4 laytY3 $If347W^j\OO>d$7$8$H$Ifgdpn $IfgdY3 :$If]:kd$$IflFv2r0 3    4 laytY3 $Ifgdpn>?COA :$If]:kdF$$IflFv2r0 3    4 laytY3 $Ifgdpnd$7$8$H$Ifgdpn $If-1;=>?BCP Q S T V W Y Z \ i j t u ~ ϸ鰥~~~~zrzrirzrirzh[mHnHujh[Uh[hA-!jhA-!UhhN5OJQJhRYhRYOJQJhRYOJQJhRYhpnOJQJhpnOJQJ,hpnhpnCJOJPJQJ^JaJnHtH2hpnhpn5CJOJPJQJ\^J aJnHtH,hpn5CJOJPJQJ\^J aJnHtH%Cu|P `^V $a$gdy kd$$IflFv2r0 3    4 laytY3 $If $IfgdY3 P R S U V X Y [ \ i  $a$gdyv$a$gd- hhN5OJQJhA-!h[h[5CJOJQJaJh-h[5CJOJQJaJB0@P0:p-= /!"#$%: Dp$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54yt`}P$$If!vh#v#vr#v:V l0 355r54ytY3$$If!vh#v#vr#v:V l0 355r54ytY3$$If!vh#v#vr#v:V l0 355r54ytY3$$If!vh#v#vr#v:V l0 355r54ytY3 {s2 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ OJPJQJ_HmH nHsH tHN`N Normald CJOJ PJQJ _HmH sH tH ZZ Rw Heading 1$<@&5CJ KH OJQJ\^JaJ BB  Heading 4$<@&56DA D Default Paragraph FontVi@V  Table Normal :V 44 la (k (No List J/J FT d CJOJ PJQJ _HmH sH tH / QQTd$d%d&d'dNOPQ#5CJOJ PJQJ _HmH sH tH N/N HC d#5CJOJ PJQJ _HmH sH tH 0U`!0 Hyperlink>*B*@V 1@ FollowedHyperlink>*B* R/BR ITd` CJOJ PJQJ _HmH sH tH f/Rf BL'  d^` CJOJ PJQJ _HmH sH tH f/bf BX'  d^` CJOJ PJQJ _HmH sH tH f/rf NL'  d^` CJOJ PJQJ _HmH sH tH f/f NX'  d^` CJOJ PJQJ _HmH sH tH ^/^ UC d^#6CJOJ PJQJ _HmH sH tH Z/Z UL d^ CJOJ PJQJ _HmH sH tH Z/Z UX d^ CJOJ PJQJ _HmH sH tH N/N TN d#5CJOJ PJQJ _HmH sH tH NoN TH d#6CJOJ PJQJ _HmH sH tH T/T TS$da$#6CJOJ PJQJ _HmH sH tH V/V TC @d#5CJOJ PJQJ _HmH sH tH RoR TB @dx CJOJ PJQJ _HmH sH tH R/R TX! @d CJOJ PJQJ _HmH sH tH N/"N LH "d#6CJOJ PJQJ _HmH sH tH V/2V C1#d]#>*CJOJ PJQJ _HmH sH tH R/BR C2$d]#>*CJOJ PJQJ _HmH sH tH V/RV CX%d]#>*CJOJ PJQJ _HmH sH tH Z/bZ MN&d]^ CJOJ PJQJ _HmH sH tH d/rd SH"'$``d]`^`a$#6CJOJ PJQJ _HmH sH tH Z/Z SB(``d]`^` CJOJ PJQJ _HmH sH tH Z/Z NO)``d]`^` CJOJ PJQJ _HmH sH tH Z/Z TI*``d]`^` CJOJ PJQJ _HmH sH tH Z/Z CA+``d]`^` CJOJ PJQJ _HmH sH tH ^/^ EH,$d^a$&56CJOJ PJQJ _HmH sH tH Z/Z ET- d^ CJOJ PJQJ _HmH sH tH Z/Z EX. d^ CJOJ PJQJ _HmH sH tH N/N FC /d#6CJOJ PJQJ _HmH sH tH N/N FN 0d#5CJOJ PJQJ _HmH sH tH L/L M01 1d CJOJ PJQJ _HmH sH tH L/"L M02 2d CJOJ PJQJ _HmH sH tH L/2L M03 3d CJOJ PJQJ _HmH sH tH L/BL M04 4d CJOJ PJQJ _HmH sH tH L/RL M05 5d CJOJ PJQJ _HmH sH tH L/bL M06 6d CJOJ PJQJ _HmH sH tH L/rL M07 7d CJOJ PJQJ _HmH sH tH T/T PD8d&56CJOJ PJQJ _HmH sH tH j/j ENL*9 @@@d^` CJOJ PJQJ _HmH sH tH j/j ENX*: @@@d^` CJOJ PJQJ _HmH sH tH N/N HA ;d#5CJOJ PJQJ _HmH sH tH N/N HB <d#5CJOJ PJQJ _HmH sH tH N/N HD =d#5CJOJ PJQJ _HmH sH tH N/N HE >d#5CJOJ PJQJ _HmH sH tH N/N HF ?d#5CJOJ PJQJ _HmH sH tH N/N HG @d#5CJOJ PJQJ _HmH sH tH h/h EL*A @@@d^` CJOJ PJQJ _HmH sH tH `/"` LC1Bd]^#>*CJOJ PJQJ _HmH sH tH \/2\ LC2Cd]^#>*CJOJ PJQJ _HmH sH tH `/B` LCXDd]^#>*CJOJ PJQJ _HmH sH tH R/RR TRE @dx CJOJ PJQJ _HmH sH tH N/bN AU Fd#6CJOJ PJQJ _HmH sH tH d/rd MH"G$d]^a$#6CJOJ PJQJ _HmH sH tH L/L M08 Hd CJOJ PJQJ _HmH sH tH \/\ CLTI``d]`^` CJOJ PJQJ _HmH sH tH `/` FTNJ``d]`^`#6CJOJ PJQJ _HmH sH tH P/P BTSUB Kd CJOJ PJQJ _HmH sH tH V/V LXLd]#>*CJOJ PJQJ _HmH sH tH \/\ NOXM``d]`^` CJOJ PJQJ _HmH sH tH \/\ TIXN``d]`^` CJOJ PJQJ _HmH sH tH \/\ CAXO``d]`^` CJOJ PJQJ _HmH sH tH \/\ SBXP``d]`^` CJOJ PJQJ _HmH sH tH N/N BT Qd#5CJOJ PJQJ _HmH sH tH L/"L M09 Rd CJOJ PJQJ _HmH sH tH L/2L M10 Sd CJOJ PJQJ _HmH sH tH L/BL M11 Td CJOJ PJQJ _HmH sH tH L/RL M12 Ud CJOJ PJQJ _HmH sH tH L/bL M13 Vd CJOJ PJQJ _HmH sH tH L/rL M14 Wd CJOJ PJQJ _HmH sH tH L/L M15 Xd CJOJ PJQJ _HmH sH tH f/f CSH"Y$d]^a$#6CJOJ PJQJ _HmH sH tH X/X CHDZ@d^@#5CJOJ PJQJ _HmH sH tH X/X CHE[@d^@#5CJOJ PJQJ _HmH sH tH T/T CFT\@d^@ CJOJ PJQJ _HmH sH tH h/h CBL'] `0p`d^p`` CJOJ PJQJ _HmH sH tH h/h CBX'^ `0p`d^p`` CJOJ PJQJ _HmH sH tH h/h CNL'_ `0p`d^p`` CJOJ PJQJ _HmH sH tH h/h CNX'` `0p`d^p`` CJOJ PJQJ _HmH sH tH X/X CTHa@d^@#5CJOJ PJQJ _HmH sH tH `/"` CTCb @d^@#5CJOJ PJQJ _HmH sH tH \/2\ CTBc @d^@ CJOJ PJQJ _HmH sH tH \/B\ CTXd @d^@ CJOJ PJQJ _HmH sH tH N/RN EDTN ed CJOJ PJQJ _HmH sH tH L/bL ADD fd CJOJ PJQJ _HmH sH tH P/rP PTTOC gd CJOJ PJQJ _HmH sH tH P/P CTTOC hd CJOJ PJQJ _HmH sH tH T/T TOCPART id CJOJ PJQJ _HmH sH tH P/P TOCHB jd CJOJ PJQJ _HmH sH tH P/P TOCHC kd CJOJ PJQJ _HmH sH tH P/P TOCHD ld CJOJ PJQJ _HmH sH tH R/R CRHC md#5CJOJ PJQJ _HmH sH tH RoR CRHD nd#5CJOJ PJQJ _HmH sH tH JoJ CR od CJOJ PJQJ _HmH sH tH V/V CREDTI pd#5CJOJ PJQJ _HmH sH tH R/R CREDNM qd CJOJ PJQJ _HmH sH tH P/"P DED rd#6CJOJ PJQJ _HmH sH tH  Q2 CLs"B" frttBZRB Plain Textud CJOJ QJ 4 @b4 Footer v !4r4 Header w !HH 1 Balloon TextxCJOJ QJ ^J aJH>H -Titley$da$5CJ$OJQJ\aJ(( -ver12redPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VvnB`2ǃ,!"E3p#9GQd; H xuv 0F[,F᚜K sO'3w #vfSVbsؠyX p5veuw 1z@ l,i!b I jZ2|9L$Z15xl.(zm${d:\@'23œln$^-@^i?D&|#td!6lġB"&63yy@t!HjpU*yeXry3~{s:FXI O5Y[Y!}S˪.7bd|n]671. tn/w/+[t6}PsںsL. J;̊iN $AI)t2 Lmx:(}\-i*xQCJuWl'QyI@ھ m2DBAR4 w¢naQ`ԲɁ W=0#xBdT/.3-F>bYL%׭˓KK 6HhfPQ=h)GBms]_Ԡ'CZѨys v@c])h7Jهic?FS.NP$ e&\Ӏ+I "'%QÕ@c![paAV.9Hd<ӮHVX*%A{Yr Aբ pxSL9":3U5U NC(p%u@;[d`4)]t#9M4W=P5*f̰lk<_X-C wT%Ժ}B% Y,] A̠&oʰŨ; \lc`|,bUvPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!R%theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] R AAAVVVY  J3 !%(D >  c!NCP  "#$&' X$./6>Y @ @H 0(  0(  B S  ? PRSUVXY[\PRSUVXY[\iGl}0=uV c z  ]47?C|PRSUVXY[\E !PPRSSUVXY[\->Nr`s?2g^`5o(. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.h^`OJQJo(hHh^`OJ QJ ^J o(hHohpp^p`OJ QJ o(hHh@ @ ^@ `OJQJo(hHh^`OJ QJ ^J o(hHoh^`OJ QJ o(hHh^`OJQJo(hHh^`OJ QJ ^J o(hHohPP^P`OJ QJ o(hHr`s->P                  REK091Y r~~CY r8(_Y ry6cY rRjY rY r76[TT) 1 y$./BA-!C?#* ,t,0Y$3Y3hN5&Q>C^KILlL`}PRY2hR]o w"&x|"5zB<]GA *ySRwhQ^'ifu/FOlNl?-]cpnPR@     v@UnknownG*Ax Times New Roman5Symbol3. *Cx Arial7. [ @Verdana3*Ax TimesSHelveticaNeueLTStd-BdSJansonTextLTStd-RomanC.,{ @Calibri Light=CourierStdGCourierStd-Bold71 Courier?= *Cx Courier New5. .[`)Tahoma;WingdingsA$BCambria Math"Hh:\J:\k&1 , ,!r4DD 3qHX ?02!xx WG4 System:Applications:Microsoft Office 2001:Templates:My Templates:Global_May_2002.dot(c)We Want to Hear from YouEnd UserEvans, Vanessa  Oh+'0 ( H T ` lx(c)We Want to Hear from You End UserGlobal_May_2002.dotEvans, Vanessa3Microsoft Office Word@f`@_K@ \^o@,eo՜.+,D՜.+,X hp  Pearson Education, D (c)We Want to Hear from You Title 8@ _PID_HLINKSA`&!http://172.168.5.5/  !"#$%&'()+,-./013456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY[\]^_`acdefghilRoot Entry F}v!eonData *1Table26NWordDocumentDRSummaryInformation(ZDocumentSummaryInformation8bCompObjr  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q