CompTIA Security+ sy0-601
cyber ·-
Domain 1.0 Threats, Attacks, and Vulnerabilities
- 1.1 Compare and contrast different types of social engineering techniques
- 1.2 Given a scenario, analyze potential indicators to determine the type of attack
- 1.3 Given a scenario, analyze potential indicators associated with application attacks
- 1.4 Given a scenario, analyze potential indicators associated with network attacks
- 1.5 Explain different threat actors, vectors, and intelligence sources
- 1.6 Explain the security concerns associated with various types of vulnerabilities
- 1.7 Summarize the techniques used in security assessments
- 1.8 Explain the techniques used in penetration testing
-
Domain 2.0 Architecture and Design
- 2.1 Explain the importance of security concepts in an enterprise environment
- 2.2 Summarize virtualization and cloude computing concepts
- 2.3 Summarize secure application development, deployment, and automation concepts
- 2.4 Summarize authentication and authorization design concepts
- 2.5 Given a scenario, implement cybersecurity resilience
- 2.6 Explain the security implications of embedded and specialized systems
- 2.7 Explain the importance of physical security controls
- 2.8 Summarize the basic of cryptographic concepts
-
Domain 3.0 Implementation
- 3.1 Given a scenario, implement secure protocols
- 3.2 Given a scenario, implement host or application security solutions
- 3.3 Given a scenario, implement secure network designs
- 3.4 Given a scenario, install and configure wireless security settings
- 3.5 Given a scenario, implement secure mobile solutions
- 3.6 Given a scenario, apply cybersecurity solutions to the cloud
- 3.7 Given a scenario, implement identity and account management controls
- 3.8 Given a scenario, implement authentication and authorization solutions
- 3.9 Given a scenario, implement public key infrastructure
-
Domain 4.0 Operations and Incident Response
- 4.1 Given a scenario, use the appropriate tool to assess organizational security
- 4.2 Summarize the importance of policies, processes, and procedures for incident response
- 4.3 Given an incident, utilize appropriate data sources to support an investigation
- 4.4 Given an incident,apply mitigation techniques or controls to secure an environment
- 4.5 Explain the key aspects of digital forensics
- Domain 5.0 Governance, Risk, and Compliance
-
5.1 Compare and contrast various types of control
- 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture
- 5.3 Explain the importance of policies to organizational security
- 5.4 Summarize risk management processes and concepts
- 5.5 Explain privacy and sensitive data concepts in relation to security
- Security+ (SY0-601) Acronym List
- Security+ Proposed Hardware and Software List
- Reference
Domain 1.0 Threats, Attacks, and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques
- Phishing(Solicits information via email)
- Smishing
- Vishing
- Spam
- Spam over instant messaging(SPIM)
- Spear phishing(Solicits information via highly targeted email designed for one person)
- Dumpster diving(Discovers sensitive information discarded in the trash)
- Shoulder surfing
- Pharming
- Tailgating(Accesses a building by having someone hold the door open)
- Eliciting information
- Whaling(Target high value individuals, such as senior executives)
- Prepending
- Identity fraud
- Invoice scams
- Credential harvesting
- Reconnaissance
- Hoax
- Impersonation(simply means pretending to be someone else)
- Watering hole attack
- Typosquatting
- Pretexting
- Influence campaigns
- Hybrid warfare
- Social media
- Principles(reasons for effectiveness)
- Authority
- Intimidation
- Consensus
- Scarsity
- Familiarity
- Trust
- Urgency
1.2 Given a scenario, analyze potential indicators to determine the type of attack
- Malware
- Ransomware
- Trojans (Masquerades as desirable software to trick user into installing it)
- Worms (Spreads between systems by exploiting vulnerabilities;no user action require)
- Potentially unwanted programs(PUPs)
- Fileless viruse
- Command and control
- Bots
- Cryptomalware
- Logic bombs
- Spyware(Monitor user activity, such as keystrokes and web visits.
Keyloggers are an example of spyware
.) - Keyloggers
- Remote access Trojan(RAT)
- Rookit
- Backdoor
- Password attack
- Spraying
- Dictionary
- Brute force
- Offline
- Online
- Rainbow table
- Plaintext/unencrypted
- Physical attacks
- Malicious Universal
- Serial Bus(USB) cable
- Malicious flash drive
- Card cloning
- Skimming(Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.)
- Adversarial artificial intelligence(AI)
- Tained training data for machine learning(ML)
- Security of machine learning algorithms
- Supply-chain attacks
- Cloud-based vs. on-promises attacks
- Cryptographic attacks
- Birthday(an attempt to find collisions in hash functions)
- Collision (replay attack - an attempt to reuse authentication requests)
- Downgrade
1.3 Given a scenario, analyze potential indicators associated with application attacks
- Privilege escalation
- Cross-site scripting(XSS, A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.)
- Injections
- Structured query language(SQL)
- Dynamic-link library(DLL)
- Lightweight Directory Access Protocol(LDAP)(Use TCP port 389)
- Extensible Markup Language(XML)
- Pointer/object dereference
- Directory Traversal
- Buffer overflows
- Race conditions
- Time of check/time of use
- Error handling
- Improper input handling
- Reply attack
- Session replays
- Integer overflow
- Request forgeries
- Server-side
- Cross-site
- Application programming interface(API) attacks
- Resource exhaustion
- Memory leak
- Secure Socket Layer(SSL) stripping
- Driver manipulation
- Shimming (Small library that handle the operation itself, change the arguments passed, or redirect the request elsewhere)
- Refactoring (Identify the flow and then modify the internal structured code)
- Pass the hash (attacker captures a password hash and then passes it through for authentication and lateral access)
1.4 Given a scenario, analyze potential indicators associated with network attacks
- Wireless
- Evil twin ( a malicious fake wireless access point)
- Rogue access point
- Bluesnarfing (data theft using Bluetooth)
- Bluejacking (pranksters to push unsolicited messages to engage/ennoy other nearby Bluetooth)
- Disassociation (break the wireless connection)
- Jamming (a DoS attack that using channel by occupying the channel)
- Radio frequency identification(RFID) (commonly used in access badge systems)
- Near-field communication(NFC) (the touch pay system at the grocery)
- Initialization vector(IV) (modifies the initialization vector of an encrypted wireless packet during transmission)
- On-path attack(previously known as man-in-the-middle attack/man-in-the-browser attack)
- Layer 2 attacks
- Address Resolution Protocol(ARP)poisoning
- Media access control(MAC) flooding
- MAC cloning
- Domain name system(DNS)
- Domain hijacking
- DNS poisoning (attacker alter the domain-name-to-IP-address mapping in a DNS system)
- Uniform Resource
- Loctor(URL) redirection
- Domain reputation
- Distributed denial-of-service(DDoS) (DoS is a resource consumption attack, DDoS is use multiple compromised computer systems as source of attack traffic.(Xmas tree attacks are examples of DoS attack))
- Network (targeting flaws in network protocols)
- Application (exploit weaknesses in the application layer (layer 7))
- Operational technology(OT) (targets the weaknesses of software and hardware devices)
- Malicious code or script execution
- PowerShell
- Python
- Bash
- Macros
- Visual Basic for Applications(VBA)
1.5 Explain different threat actors, vectors, and intelligence sources
- Actors and threats
- Advanced persistent(APT)
- Insider threats
- State actors
- Hacktivists
- Script kiddies(Someone who uses hacker tools without necessarily understanding how they work or having the ability to craft new attacks. Script kiddie attacks might have no specific target or any reasonable goal other than gaining attention or proving technical abilities.)
- Criminal syndicates
- Hackers
- Authorized
- Unauthorized
- Semi-authorized
- Shadow IT (often done with good intensions)
- Competitors
- Atributes or actors
- Internal/external
- Level of sophistication/capability
- Resources/funding
- Intent/motivation
- Vectors
- Direct access
- Wireless
- Supply chain
- Social media
- Removable media
- Cloud
- Threat intelligence sources
- Open-source inteligence(OSINT)
- Closed/prioprietary
- Vulnerability databases
- Public/private information-sharing center
- Dark web
- Indicators of compromise
- Automated indicator Sharing (AIS)
- Structured Threat Information
- eXpression(STIX)/Trusted
- Automated eXchange of Inteligence Information(TAXII)
- Predictive analysis(a mix of automation and human intelligence)
- Threat maps
- File/code repositories
- Research sources
- Vendor websites
- Vulnerability feeds
- Conferences
- Academic journals
- Request for comments(RFC)
- Local Industry groups
- Social media
- Threat feeds
- Adversary tactics, techniques, and procedures(TTP)
1.6 Explain the security concerns associated with various types of vulnerabilities
- Cloud-based vs. on-promises vulnerabilities
- Zero-day (an attack that uses a vulnerability that is either unknow to anyone but the attacker or known anly to a limited group of people)
- Weak configuration
- Open permissions
- Unsecure root accounts
- Errors
- Weak encryptions
- Unsecure protocols (telnet, SNMPv1/v2,ftp)
- Default settings
- Open ports and services
- Third-party risks
- Vendor management
- System integration(potential for increased risk of insider attack)
- Lack of vendor support
- Supply chain(include: supplier, manufacturers,distributors and customers)
- Outsourced code development
- Data storage
- Vendor management
- Improper or weak patch management
- Firmware
- Operating system(OS)
- Applications
- Legacy platforms
- Impacts
- Data loss
- Data breaches(When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.)
- Data exfiltration
- Identity theft
- Financial
- Reputation
- Availability loss
1.7 Summarize the techniques used in security assessments
- Threat hunting
- Inteligence fusion(involves industry and government)
- Threat feeds()
- Advisories and bulletins()
- Maneuver(assessment techniques that avoid alerting threat actors)
- Vulnerability scans
- False positives
- False negatives
- Log reviews
- Credentialed vs. non-credentialed
- Intrusive vs. non-intrusive
- Application
- Web application
- Network
- Common Vulnerabilities and Exposure(CVE)/Common Vulnerability Scoring System(CVSS) (The CVE list feeds into the NVD)
- Configuration review
- Syslog/Security information and event management(SIEM)
- Review reports
- Packet capture
- Data inputs
- User behavior analysis
- Sentiment analysis(Artificial intelligence and machine learning)
- Security monitoring
- Log aggregation
- Log collectors
- Security orchestration, automation, and response(SOAR) ()
1.8 Explain the techniques used in penetration testing
- Penetration testing
- Known environment(white box test)
- Unknown environment(black box test)
- Partially known environment(limited information, grey box test)
- Rules of engagement
- Lateral movement
- Privilege escalation
- Persistence
- Cleanup
- Bug bounty(rewards are given for reporting vulnerabilities)
- Pivoting
- Passive and active reconnaissance
- Passive
- Drones
- War flying(combine war driving with a drones)
- War driving()
- OSINT
- Footprinting
- Active
- Footprinting(includes active and passive methods)
- Exercise types
- Red team(offense)
- Blue team(defense)
- White team(judge / referee)
- Purple team(process improvement)
Domain 2.0 Architecture and Design
2.1 Explain the importance of security concepts in an enterprise environment
- Configuration management
- Diagrams
- Baseline configuration(is the process of
identifying and documenting all aspects of an asset’s configurations to create a secure template
against which all subsequent configurations are measured.Provide configuration snapshot
.) - Standard naming conventions(is a convention for naming thing)
- Internet protocol(IP) scheme
- Data sovereignty
- Data protection
- Data loss prevention(DLP)(Technology solution that
search systems and monitor networks for sensitive information
thatis unsecured
and provide the ability to remove the information, block the transmission, or encrypt the stored system) - Masking
- Encryption
- At rest(full disk encryption)
- In transit/motion(TLS)(
Transport layer security (TLS)
is used to protect datain transit
over a network.) - In processing
- Tokenization
- Rights management
- Data loss prevention(DLP)(Technology solution that
- Geographical considerations
- Response and recovery controls
- Secure Sockets Layer(SSL)/Transport Layer Security(TLS)inspections
- Hashing
- API considerations
- Site resiliency
- Hot site
- Cold site
- Warm site
- Deception and disruption
- Honeypots
- Honeyfiles
- Honeynets
- Fake telemetry
- DNS sinkhole
2.2 Summarize virtualization and cloude computing concepts
- Cloud models
- Infrastructure as a service(IaaS)
- Platform as a service(PaaS)
- Software as a service(SaaS)
- Anything as a service(XaaS)
- Public
- Community
- Private
- Hybrid
- Cloud service providers(Offer cloud computing services for sale to third parties - Provide adds-on services)
- Managed service provider(
MSP
)/managed security service provider(MSSP
manage an entire security infrastructure, monitor system logs, manage firewalls or networks, perform identity and access management) - On-promises vs. off-premises
- Fog computing
- Edge computing
- Thin client
- Containers
- Microservices/API
- Infrastructure as code
- Software-defined networking(SDN)
- Software-defined visibility(SDV)
- Serverless architecture
- Services integration
- Resource policies
- Transit gateway
- Virtualization
- Virtual machine(VM) sprawl avoidance(Unused and unmaintained servers)
- VM escape protection
2.3 Summarize secure application development, deployment, and automation concepts
- Environment
- Development
- Test
- Staging
- Production
- Quality assurance(QA)
- Provisioning and deprovisioning(after onboarding admin create auth credential and grant appropriate authorization)
- Integrity measurement
- Secure coding techniques
- Normalization
- Stored procedures
- Obfuscation/camouflage
- Code reuse/dead code
- Server-side vs. client-side execution and validation
- Memory management
- Use of third-party libraries and software development kits(SDKs)
- Data exposure
- Open Web Application Security Project(OWASP)
- Software diversity
- Compiler
- Binary
- Automation/scripting
- Automated course of action
- Continuous monitoring
- Continuous validation
- Continuous integration(n is designed to trigger automatic code integration in the main code base instead of developing in isolation and then integrating them at the end of the development cycle)
- Continuous delivery
- Continuous deployment(is a software development method that releases or deploys software automatically into the production environment. In this model, no one manually checks the code and pushes it into your app)
- Elasticity(expanding and contracting quickly)
- Scalability
- Version control(Assigns numbers to each version)
2.4 Summarize authentication and authorization design concepts
- Authentication methods
- Directory service
- Federation
- Attestation(approved device compliant with company policies)
- Technologies
- Time-based one-time password(TOTP)(
like google authentication soft token
this protocol) - HMAC-based one-time password(HOTP)(hardware token)
- Short message service(SMS)
- Token key(one-time password provided on a hardware of software token generator)
- Static codes
- Authentication applications
- Push notifications
- Phone call
- Time-based one-time password(TOTP)(
- Smart card authentication(means programming cryptographic information onto a card equipped with a secure processing chip. The chip stores the user’s digital certificate, the private key associated with the certificate, and a personal identification number (PIN) used to activate the card.)
- Biometrics
- Fingerprint(often found on computing devices, allow self-enrollment)
- Retina
- Iris
- Facial(scans user’s facial structure)
- Voice(requires user to speak a phrase)
- Vein(żyła)
- Gait analysis(chód)
- Efficacy acceptance
- False rejection
- Crossover error rate(FAR=false acceptace rate and FRR=false rejection rate)
- Multifactor authentication(MFA) factors and attributes
- Factors
- Something you know
- Something you have
- Something you are
- Attributes
- Somewhere you are
- Something you can do
- Something you exhibit(personality trait)
- Someone you know
- Factors
- Authentications authorization, and accounting(AAA)(Authorization is the term for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. A accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session.)
- Cloud vs. on-premises requirements
2.5 Given a scenario, implement cybersecurity resilience
- Redundancy
- Geographical dispersal
- Disk
- Redundant array of inexpensive disks(RAID) levels
- Multipath
- Network
- Load balances
- Network interface card(NIC)teaming(also known as Load Balancing/Failover (LBFO) in the Microsoft world)
- Power
- Uninterruptible power supply(UPS)(essentially a battery)
- Generator(standby power source)
- Dual supply
- Manager power distribution units(PDUs)
- Replication
- Storage area network(SAN)
- VM
- On-premises vs. cloud
- Backup types
- Full
- Incremental
- Snapshot
- Differential
- Tape(most suitable system for data storage requiring large capacity)
- Disk
- Copy(useful in one-off/add hoc scenario)
- Network-attached storage(NAS)
- Storage area network(SAN)
- Cloud
- Image
- Online vs. Offline
- Offsite storage
- Distance consideration
- Non-persistence
- Revert to know state
- Last known good configuration
- Live boot media
- High availability(HA is the
ability to keep services up and running
for long periods of time. Uses multiple systems to protect against service failure.)- Scalability(Increasing capacity with demand -
Horizontal Scaling
is adds more servers to the pool
to meet increased demand -Vertical Scaling
is adds more resources
(CPU, memory) to existing servers to meet increased demand)
- Scalability(Increasing capacity with demand -
- Restoration order
- Diversity(impact of diversity on availability, resiliency,and security)
- Technologies(different technology)
- Vendors(multiple vendors)
- Crypto(multiple algorithms)
- Controls
2.6 Explain the security implications of embedded and specialized systems
- Embedded systems(Technology components of an Internet of Things device that place a full computer inside of another, large system.)
- Raspberry Pi
- Field-programmable gate arrey(FPGA)
- Arduino
- Supervisory control and data acquisition(SCADA)/industrial control system(ICS)
- Facilities
- Industrial
- Manufacturing
- Energy
- Logistics
- Internet of Things(IoT)
- Sensors
- Smart devices
- Wearables
- Facility automation
- Weak defaults
- Specialized
- Medical systems
- Vehicles
- Aircraft
- Smart meters
- Voice over IP(VoIP)
- Heating, ventilation, air conditioning(HVAC)
- Drones
- Multifunction printer(MFP)
- Real-time operating system(RTOS)
- Surveillance systems
- System on chip(SoC)
- Communication considerations
- 5G
- Narrow-band
- Baseband radio
- Subscriber identity module(SIM)cards
- Zigbee(Low-power wireless communications open source protocol used primarily for home automation.
ZigBee
usesradio frequencies in the 2.4 GHz
band and a mesh topology.)
- Constraints
- Power
- Compute
- Network
- Crypto
- Inability to patch
- Authentication
- Range
- Cost
- Implied trust
2.7 Explain the importance of physical security controls
- Bollards(stop car moving after point)/barricades
- Access control vestibules
- Badges
- Alarms
- Signage(discourage intruders)
- Cameras
- Motion recognition
- Object detection
- Closed-circuit television(CCTV)
- Industrial camouflage
- Personnel
- Guards
- Robot sentries
- Reception
- Two-person integrity/control
- Locks
- Biometrics
- Electronic
- Physical
- Cable locks
- USB data blocker
- Lighting
- Fencing
- Fire suppression
? Class Type Suppression material A Common combustibles Watre,soda acid(a dry powder or liquid chemical) B Liquids CO2,halon,soda acid C Electrical CO2,halon D Metal Dry powder K Kitchen Wet chemicals
- Sensors
- Motion detection
- Noise detection
- Proximity reader(nearness)
- Moisture detection(humidity)
- Cards
- Temperature
- Drones
- Visitor logs
- Faraday cages(prevents wireless or cellular phones)
- Air gap(A type of network isolation that physically separates a network from all other networks.)
- Screened subnet(previously known as demilitarized zone)(like DMZ)
- Protected cable distribution
- Secure area
- Air gap(like secure area demilitarized zone (DMZ).)
- Vault
- Safe
- Hot aisle
- Cold aisle
- Secure data destruction
- Burning
- Shredding(shred a metal hard drive into powder)
- Pulping(if burning is not available, pulping, which turns the data into paper mache, is the best option)
- Pulverizing(use a hammer and smash frive into pieces, or drill through all the platters)
- Degaussing(create a stronge magnetic field that erases data on some media and destroy electronics)
- Third-party solutions
2.8 Summarize the basic of cryptographic concepts
- Digital signatures(encrypted hash of a message, encrypted with the sender’s private key)
- Key length(large keys tend to be more secure, Since 2015, NIST recommands a minimum of 2048-bit keys for RSA)
- Key stretching
- Salting(random data that is used as an additional input to a one-way function that hashes data, a password or passphrase)
- Hashing(one-way function that scrambles plain text to produce a unique message digest)
- ?Encryption(two-way function;what is encrytped can be decrypted with the proper key)
- Key exchange
- Elliptic-curve cryptography(ECC)(small, fast key that is used for encryption in small mobile devices,256-bit ECC key is stronger than a 2048-bit RSA key)
- Perfect forward secrecy(PFS)
- Quantum()
- Communications
- Computing
- Post-quantum
- Ephemeral(Using ephemeral session keys means that any future compromise of the server will not translate into an attack on recorded data)
- Modes of operation
- Authenticated
- Unauthenticated
- Counter
- Blockchain
- Public ledgers
- Cipher suites
- Stream
- Block
- Symmetric vs. asymmetric(Symetric relies on the use of a shared secret key. Asymmetric- public-privates key pairs for communication between parties.)
- Lightweight ctyptography
- Steganography(Steganalysis is the study of detecting messages hidden using steganography. It is analogous to cryptanalysis applied to cryptography. The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. A computer file,message,image, or video is cancealed within another file,message,image,or video)
- Audio
- Video
- Image
- Homomorphic encryption(allows users to run calculation on data while it is still encrypted)
- Common use cases
- Low power devices
- Low latency
- High resiliency
- Supporting confidentiality( is used for both data-at-rest (file encryption) and data-in-transit (transport encryption))
- Supporting integrity
- Supporting obfuscation
- Supporting authentication
- Supporting non-repudiation
- Limitation
- Speed
- Size
- Weak keys
- Time
- Longevity(a measure of the confidence that people have in a given cipher)
- Predictability
- Reuse
- Entropy
- Computational overheads
- Resource vs. security constraints
Domain 3.0 Implementation
3.1 Given a scenario, implement secure protocols
- Protocols
- Domain Name System Security Extensions(DNSSEC)
- SSH
- Secure/Multipurpose Internet Mail Extensions(S/MIME)
- Secure Real-time Transport Protocol(SRTP)
- Lightweight Directory Access Protocol Over SSL(LDAPS)
- File Transfer Protocol, Secure(FTPS)
- SSH File Transfer Protocol(SFTP)
- Simple Network Management Protocol, version 3(SNMP3)
- Hypertext transfer protocol over SSL?TLS(HTTPS)
- IPSec
- Authentication header(AH)/Encapsulating Security Payloads(ESP)
- Tunnel/transport
- Post Office Protocol(POP)/Internet Message Access Protocol(IMAP)
- Use cases
- Voice and video
- Time synchronization
- Email and web
- File transfer
- Directory services
- Remote access
- Domain name resolution
- Routnig and switching
- Network address allocation
- Subscription services
3.2 Given a scenario, implement host or application security solutions
- Endpoint protection
- Antivirus
- Anti-malvare
- Endpoint detection and response(EDR)
- DLP(Data loss prevention)
- Next-generation firewall(NGFW)(Incorporates
advanced security features
, such ascontextual information about the user and application
) - Host-based intrusion prevention system(HIPS)(Takes
proactive measures
to block suspicious network activity) - Host-based intrusion detection system(HIDS)(
Alerts
administrators tosuspicious network activity
) - Host based firewall
- Boot integrity
- Boot security/Unified Extensible Firmware Interfact(
UEFI
)(UEFIReplaces BIOS
with a flexible alternative) - Measured boot(Each device verifies the hash of the next device in the boot chain)
- Boot attestation(Confirmed hashes are stored in the TPM)
- Boot security/Unified Extensible Firmware Interfact(
- Database
- Tokenization
- Salting
- Hashing
- Application security
- Input validations
- Secure cooking
- Hypertext Transfer Protocol(HTTP)headers
- Code signing
- Allow list
- Block list/deny list
- Secure coding practices
- Static code analysis
- Manual code review
- Dynamic code analysis
- Fuzzing
- Hardening
- Open ports and services
- Registry
- Disk encryption
- OS
- Patch management
- Third-party updates
- Auto-updates
- Self-encrypting drive(SED)/full-disk encryption(FDE)
- Opal
- Hardware root or trust(Verifies firmware integrity)
- Trusted Platform Module(TPM)
- Sandboxing(Provides a
safe space to run
potentially malicious code. Isolates malicious content)
3.3 Given a scenario, implement secure network designs
- Load balancing
- Active/active
- Active/passive
- Scheduling
- Virtual IP
- Persistence
- Network segmentation
- Virtual local area network(VLAN)
- Screened subnet(previously know as demilitarized zone)
- East-west traffic
- External
- Intranet
- Zero Trust
- Virtual private network(VPN)
- Always-on
- Split tunenel vs. full tunnel
- Remote access vs. site-to-site
- IPSec
- SSL/TLS
- HTML5
- Layer 2 tunneling protocol(L2TP)
- DNS
- Network access control(NAC)
- Agent and agentless
- Out-of-band management
- Port security
- Broadcast storm prevention
- Bridge Protocol Data Unit(BPDU) guard
- Loop prevention
- Dynamic Host Configuration Protocol(DHCP) snooping
- Media access control(MAC)filtering
- Network appliances
- Jump servers
- Proxy servers
- Forward
- Reverse
- Network-based intrusion detection system(NIDS)/network-based intrusion prevention system(NIPS)
- Signature-based
- Heuristic/behavior
- Anomaly
- Inline vs. passive
- HSM(is a network appliance designed to perform centralized PKI management for a network of devices. This means that it can act as an archive or escrow for keys in case of loss or damage)
- Sensors
- Collectors
- Aggregators
- Firewalls(Restrict network traffic. Firewalls,
by default, block any network connection
attempts that arenot explicitly allowed by a firewall rule
.)- Web application firewall(WAF)
- NGFW
- StatefulStateless
- Unified threat management(UTM)
- Network address translation(NAT)gateway
- Content/URL filter
- Open-source vs. prioprietary
- Hardware vs. software
- Appliance vs. host-based vs. virtual
- Access control list(ACL)
- Route security
- Quality of service(QoS)
- Implications of IPv6
- Port spanning/port mirroring
- Port taps
- Monitoring services
- File integrity monitors(Watch for unexpected file modifications. Periodically verify that the hash values of critical files have not changed)
3.4 Given a scenario, install and configure wireless security settings
- Cryptographic protocols
- WiFi Protected Access 2(WPA2)(support only 128 bits)
- WiFi Protected Access 3(WPA3)(256-bit AES)
- Counter-mode/CBC-MAC Protocol(CCMP)(used with WPA2, which replaced WEP and WPA)
- Simultaneous Authentication of Equals(SAE)
- Authentication protocols
- Extensible Authentication Protocol(EAP)
- Protected Extensible
- Authentication Protocol(PEAP)
- EAP-FAST(developed by Cisco, it replaced LEAP, which was insecure)
- EAP-TLS
- EAP-TTLS
- IEE 802.1X
- Remote Authentication Dial-in User Service(RADIUS)Ferderation
- Methods
- Pre-shared key(PSK) vs. Enterprise vs. Open
- WiFi Protected Setup(WPS)
- Captive portals(A web page or website to which a client is redirected before being granted full network access.)
- Instalation considerations
- Site surveys
- Heat maps
- Wifi analyzes
- Channel overlaps
- Wireless access point(WAP)placement
- Controller and access point security
3.5 Given a scenario, implement secure mobile solutions
- Connections methods and receivers
- Cellural
- WiFi
- Bluetooth
- NFC
- Infrared
- USB
- Point-to-point
- Point-to-multipoint
- Global Positioning System(GPS)
- RFID
- Mobile device management(MDM)(MDM solution can be used to push configuration changes to mobile devices)
- Application management
- Content management
- Remote wipe(security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device)
- Geofencing
- Geolocation
- Screen locks
- Push notifications
- Password and PINs
- Biometrics
- Context-aware authentication
- Containerization
- Full device encryption
- Mobile device
- MicroSD hardware security module(HSM)
- MDM/Unified Endpoint Management(UEM)
- Mobile application management(MAM)
- SEAndroid
- Enforcement and monitoring of:
- Third-party application stores
- Rooting/jailbreaking(the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface. iOS jailbreaking is accomplished by booting the device with a patched kernel. For most exploits, this can only be done when the device is attached to a computer when it boots (tethered jailbreak).)
- Sideloading
- Custom firmware
- Carrier unlocking(enables a smartphone to be switched to a diffrent mobile network provider)
- Firmware oven-the-air(OTA)updates
- Camera use
- SMS/Multimedia Messaging Service(MMS)Rich Communication Services(RCS)
- External media
- USB On-The-Go(USB OTG)
- Recoding microphone
- GPS tagging
- Wifi direct/ad hoc
- Tethering
- Hotspot
- Payment methods
- Deployment models
- Bring your own device(BYOD)
- Corporate-owned personally enabled(COPE)
- Choose your own device(CYOD)
- Corporate-owned
- Virtual desktop infrastructure(VDI provides network-based access to a desktop computing env.
Amazon Workspace
as example of VDI service)
3.6 Given a scenario, apply cybersecurity solutions to the cloud
- Cloud security controls
- High availability across zones
- Resource policies(
Resource policies
place limits on the actions that may be taken by users with direct access to your cloud environment) - Secrets management
- Integration and auditing
- Storage
- Permissions
- Encryption
- Replication
- High availability()
- Network
- Virtual networks
- Public and private subnets
- Segmentation
- API inspection and integration
- Compute
- Security groups(Serve as IaaS firewalls. Security groups are the primary mechanism
used to offer firewall functionality
to IaaS customers.) - Dynamic resource allocation
- Instance awareness
- Virtual private
- cloud(VPC)endpoint
- Container security
- Security groups(Serve as IaaS firewalls. Security groups are the primary mechanism
- Solutions
- CASB((Cloud Access Security Broker) Enterprise management software designed to mediate access to cloud services by users across all types of devices - Provide IAM services)
- Application security
- Next-generation secure web gateway(SWG)
- Firewall considerations in a cloud environment
- Cost
- Need for segmentation
- Open Systems interconnection(OSI)layers
- Cloud native controls vs. third-party solutions
3.7 Given a scenario, implement identity and account management controls
- Identity
- Identity provider(IdP)( In a federated network, the service that holds the user account and performs authentications like Azure Active Directory is the identity provider for Office 365)
- Attributes(unique property in a user’s account details, such as employee ID)
- Certificates(a digital certificate where two keys are generated, a public key and a private key.The private kay is used for identity)
- Tokens(a digital token, such as a SAML token used for federation services, or a token used by Open Authentication(OAuth2))
- SSH keys(linux server, instead of using username and password)
- Smart cards(a credit card-loke token with a certificate embedded on a chip;it is used in conjunction with a pin.Physical card)
- Account types
- User account(standard user account with limited privileges)
- Shared and generic accounts/credentials(Generic account is default andmin accounts created by manufacturers)
- Guest accounts(a legacy account that was designed to give limited access to a single computer without the need to creat a user account, normally disabled)
- Service accounts(a service account is type of administrator account used to run an application, example: account to run an anti-virus application)
- Account policies
- Password complexity
- Password history(prevents someone from reusing the same password)
- Password reuse
- Network location
- Geofencing
- Geotagging
- Geolocation
- Time-based logins(employees may be restricted to accessing the network between 7 am and 6 pm)
- Access policies
- Account permissions
- Account audits
- Impossible travel time/risky login
- Lockout
- Disablement
3.8 Given a scenario, implement authentication and authorization solutions
- Authentication management
- Password keys(like USB device and works in conjuction with your password to provide multi-factor authentication)
- Password vaults(use strong encryption(e.g. AES-256))
- TPM(Trusted Platform Module normally built into the motherboard of a computer, and they are used when you are using Full disk Encryption(FDE))
- HSM(Hardware Security Module is used to store encryption keys, a key escrow that holds the private keys for third parties)
- Knowledge-based authentication(KBA normally used by banks or email providers to identify when they want a password reset)
- Authentication/authorization
- EAP(Extensible Auth Protocol)(auth framework, allows for new auth technologies to be compatible with existing wireless or point-to-point connection technologies)
- Challenge-Handshake Authentication Protocol(CHAP)(a user or network host to an authenticating entity. That entity may be, for example, an internet service provider. Much safer than PAP)
- Password Authentication Protocol(PAP)(does not use any encryption)
- 802.1X
- RADIUS(uses
UDP
and encrypts the passwords only, remote access) - Single sign-on(SSO)(means a user doesn’t have to sign into every application they use. the user logs in once and that credential is used for multiple apps. Common SSO methods: SAML,Oauth2,OpenID)
- Security Assertion Markup Language(SAML)(common in on-prem federation scenarios)
- Terminal Access Controller Access Control System Plus(TACACS+)(admin access to network devices, uses
TCP
and encrypts the entire session) - OAuth(for internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter etc. accounts without exposing their passwords)
- OpenID(loggin into spotify with your FB account)
- Kerberos(authorization protocol in Microsoft Azure Directory. Ticket-based auth system. Use port 88)
- Access control scheme
- Attribute based access control(ABAC)
- Role-based access control(RBAC)(typical mapped to job roles)
- Rule-based access control(global rules)
- MAC(Mandatory access control)
- Discretionary access control(DAC)(access control system where permissions may be set by the owners of files, computers, and other resources)
- Conditional access
- Privileged access management(privileged accounts within a domain)
- Filesystem permissions(NTFS(Windows), SUID and SGID(Linux, read=4,write=2,execute=1))
3.9 Given a scenario, implement public key infrastructure
- Public key infrastructure(PKI)
- Key management
- Certificate authority(CA)
- Intermediate CA
- Registration authority(RA)
- Certificate revocation list(CRL)(A list of certificates that were revoked before their expiration date)
- Certificate attributes
- Online Certificate Status
- Protocol(OCSP)
- Certificate signing request(CSR)(A Base64 ASCII file that a subject sends to a CA to get a certificates)
- CN
- Subject alternative name(SAN)
- Expriation
- Types of certificates
- Wildcard
- Subject alternative name(SAN)(certificate enables you use one certificate to secure hosts with different name)
- Code signing
- Self-signed
- Machine/computer
- User
- Root
- Domain validation
- Extended validation
- Certificate formats
- Distinguished encoding rules(DER)
- Privacy enhanced mail(PEM)
- Personal information exchange(PFX)
- cer
- P12
- P78
- Concepts
- Online vs. offline CA
- Stapling
- Pinning(technique used to associate hosts with their public key)
- Trust model
- Key escrow
- Certificate chaining
Domain 4.0 Operations and Incident Response
4.1 Given a scenario, use the appropriate tool to assess organizational security
- Network reconnaissance and discovery
- tracert/traceroute
- nslookup/dig
- ipconfig/ifconfig
- nmap
- TCP SYN (-sS)—this is a fast technique also referred to as half-open scanning, as the scanning host requests a connection without acknowledging it. The target’s response to the scan’s SYN packet identifies the port state.
- UDP scans (-sU)—scan UDP ports. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time. A UDP scan can be combined with a TCP scan.
- Port range (-p)—by default, Nmap scans 1000 commonly used ports, as listed in its configuration file. Use the -p argument to specify a port range.
- ping/pathping
- hping
- netstat
- IP scanners
- arp
- route
- curl
- theHarvester
- sniper
- scanless
- dnsenum
- Nessus
- Cuckoo( Implementation of a sandbox for malware analysis.)
- File manipulation
- head
- tail
- cat
- grep
- chmod
- logger
- Shell and script environments
- SSH
- PowerShell
- Python
- OpenSSL
- Packet capture and replay
- Tcpreplay
- Tcpdump
- Wireshark
- Forensics
- dd
- Memdump
- WinHex(Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.)
- FTK imager
- Autopsy(The Sleuth Kit is an open source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools and also provides a case management/workflow tool. Also known as Sleuth Kit)
- Exploitation frameworks
- Password crackers
- Data sanitization
4.2 Summarize the importance of policies, processes, and procedures for incident response
- Incident response plans
- Incident response process(Incident response is a set of procedures that an investigator follows when examining a computer security incident. This is a part of incident management. Many organizations implement incident response policies in order to assist in the identification and handling of incidents.)
- Exercises
- Attack frameworks
- Stakeholders management
- Communication plan
- Disaster Recovery Plan(DRP refers more specifically to the
steps and technologies for recovering from a disruptive event
, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.) - Business Continuity Plan(BCP is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster)
- Continuity of Operations Planning(COOP)
- Incident Response Team(Group of IT professionals in charge of preparing for and reacting to any type of organizational emergency)
- Retention Policies( Key part of the lifecycle of a record. It describes
how long a business needs to keep a piece of information
(a record), where it’s stored, and how to dispose of the record when its time)
4.3 Given an incident, utilize appropriate data sources to support an investigation
- Vulnerability scan output
- SIEM dashboards
- Sensor
- Sensitivity
- Trends
- Alerts
- Correlation
- Log files
- Network
- System
- Application
- Security
- Web
- DNS
- Authentication
- Dump files
- VoIP and call managers
- Session initiation Protocol(SIP)traffic
- syslog/rsyslog/syslog-ng
- journalctl
- NXLog
- Bandwidth monitors
- Metadata
- Mobile
- Web
- File
- Netflow/sFlow
- Netflow
- SFlow
- IPFIX
- Protocol analyzer output
4.4 Given an incident,apply mitigation techniques or controls to secure an environment
- Reconfigure andpoint security solutions
- Application approved list
- Application blocklist/deny list
- Quarantine
- Configuration changes
- Firewall rules
- MDM
- DLP
- Content filter/URL filter
- Update or revoke certificates
- Isolation(users don’t impact each other)
- Containment
- Segmentation
- SOAR
- Runbooks
- Playbooks
4.5 Explain the key aspects of digital forensics
- Documentation/evidence
- Legal hold
- Video
- Admissibility
- Chain of custody(The record of evidence history from collection, to presentation in court, to disposal.)
- Timelines of sequence of events
- Time stamps
- Time offset
- Tags
- Reports
- Event logs
- Interviews
- Acquisition
- Order of volatility
- Disk
- Random-access memory(RAM)
- Swap/pagefile
- Firmware
- Snapshot
- Cache
- Network
- Artifacts
- On-premises vs. cloud
- Right-to-audit clauses
- Regulatory/jurisdiction
- Data breach notification laws
- Integrity
- Hashing
- Checksums(The output of a hash function. chmod Linux command for managing file permissions.)
- Provenance
- Preservation
- E-discovery
- Data recovery
- Non-repudiation
- Strategic intelligence/counterintelligence
Domain 5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of control
- Category
- Managerial(Policies and procedures defined by org’s security policy, other regulation and requirements)
- Operational(Executed by company personnel during their day-to-day operations(security awareness training, change mgmt, BCP))
- Technical(aka ‘logical’, involves the hardware or software mechanisms implemented by IT team to reduce risk(firewall rules, antivirus/malware, IDS/IPS, etc) )
- Control type
- Preventive(Stops an adversary from violating security policies.EXAMPLES: fences, locks, biometrics, mantraps, alarm systems, job rotation, data classification, penetration testing, access control methods.)
-
Detective(Deployed to
discover or detect unwanted or unauthorized activity
. EXAMPLES: security guards, guard dogs, motion detectors, job rotation, mandatory vacations, audit trails, Intrusion Detection Systems(IDSs), violation reports, honey pots, and incident investigations) -
Corrective(modifies the env to
return systems to normal after an unwanted or unauthorized
activity has occurred. EXAMPLES: intrusion prevention systems, antivirus solutions, alarms, mantraps,Business Continuity Planning(BCP)
and security policies.) -
Deterrent(deployed to
discourage violation
of security policies. EXAMPLES: locks, fences, security badges, security guards, mantraps, security badges, security ) -
Compensating(provide
options to other existing controls
to aid in enforcement of security policies. EXAMPLES: security policy, personnel supervision, monitoring and work task procedures.) -
Physical(a control you can
physically touch
)
5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture
- Regulations, standards, and legislations
- General Data Protection Regulation(GDPR)(is a set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.)
- National,territory, or state laws(-Gramm-Lench-Bliley Act(GLBA(financial institutions)), -Federal Information Security Management Act(FISMA),-HIPAA(Health Insurance Portability and Accountability Act),-HITECHHealth information Technology for Economic and Clinical Health,-Children’s Online Privacy Protection Act(COPPA),Electronic Communications Privacy Act(ECPA))
- Payment Card Industry Data Security Standard (PCI DSS)( is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information)
- Key frameworks
- Center for Internet Security(CSI)(cybersecurity best practices and threats)
- National Institute of Standards and Technology(NIST) Risk Management Framework(RMF)/Cyber Security Framework(CSF-is aimed at private industry)
- International Organization for Standardization(ISO)27001/27002/27017/27701/31000(
27001
-international standard on how to manage information security,27002
-improve the management of information,27017
-provide guidelines related to the secure use of cloud computing,27701
-improve a privacy information management system(PIMS) is extension for 27001/27002,31000
-managing risk) - SSAE SOC2 Type I/II(Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption)
- Cloud security alliance(not for profit organization that produces resources to help Cloud Service Providers(CSPs))
- Cloud control matrix(CCM)(to assess the overall risk of a cloud provider)
- Reference architecture
- Center for Internet Security(CSI)(cybersecurity best practices and threats)
- Benchmarks/secure configuration guides(benchmarks are configuration baselines and best practices for securely configuring a system)
- Platform/vendor-specific guides(release with new products so that they can be set up as securely as possible, making them less vulnerable to attack)
- Web server(Microsofts’s Internet Information Server(IIS), and the linux-based Apache. Both security teams reduce the attack surface, making them more secure)
- OS(vendors have guides that detail the best practices for installing their operating systems)
- Application server(vendors produce guides on how to configure application servers, such as email servers or database servers, to make them less vulnerable to attack)
- Network infrastructure devices(companies like Cisco produce network devices and offer benchmarks for secure configuration)
- Platform/vendor-specific guides(release with new products so that they can be set up as securely as possible, making them less vulnerable to attack)
5.3 Explain the importance of policies to organizational security
- Personnel
- Acceptable use policy
- Job rotation(employees are rotated into different jobs, or tasks are assigned to different employees)
- Mandatory vacation
-
Separation of duties(performing any critical business function should require the involvement of
two or more individuals
) -
Least privilege(a subject should be given only those
privileges necessary
to complete their job-related tasks.) - Clean desk space(increases the physical security of data by requiring employees to limit what is on their desk)
- Background checks(potential employees should be extensive background check before being hired)
- Non-disclosure agreement(NDA)(legal contract intended to
cover confidentiality
with vendors and suppliers) - Social media analysis
- Onboarding(process of integrating a new employee into a company)
- Offboarding(process to the formal separation between an employee and the company through resignation, termination, or retirement)
- User training
- Gamification(used in computer-based training to provide employees with a question/challenges)
- Capture the flag(a security related competition where someone is trying to hack into a resource to gain access to data(red/blue team))
- phishing campaigns
- Phishing simulations
- Computer-based training(CBT)
- Role-based training
- Diversity of training techniques
- Third-party risk management
- Vendors
- Supply chain(a secure chain vendors who are secure, reliable, trustworthy,reputable)
- Business partners
- Service level agreement(
SLA
Service level agreements document vendor obligations.) - Memorandum of understanding(
MOU
)(similar to SLA) - Measurement systems analysis(
MSA
)(provide a way for an organization to evaluate the quality of the process used in their measurement systems) - Business partnership agreement(
BPA
) - End of life(
EOL
)(point at which a vendor stops selling a product and may limit replacement parts and support) - End of service life(
EOSL
)(product is no longer sold by manufacturer,updates,support agreements are not renewed) - NDA(non-disclosure agreement - contract with vendors and suppliers not to disclose the company’s confidential information)
- Data
- Classification(is process of labeling data)
- Governance(oversight and management that describes security controls)
- Retention(unnecessary retention increases liability and risk)
- Credential policies
- Personnel(avoid using shared accounts unless necessary)
- Third-party
- Devices(Default password should be changed on devices with generic accounts)
- Service accounts(MAy run as local service accounts with same rights as user)
- Administrator/root accounts(require periodic pass changes and enforce pass complexity)
- Organizational policies
- Change management(policy that details how changes will be processed in an organization.Guidance on the process)
- Change control(refers to the process of evaluating a change request within an organization and decided if it should go ahead. The process in action)
- Asset management(tagged and recorded in an asset registry, includes periodic(usually annual) audits need to be carried out to ensure that all assets are accounted for.)
5.4 Summarize risk management processes and concepts
- Risk types
- External
- Internal
- Legacy systems(vulnerabilities to legacy systems tend to increase over time)
- Multiparty
- IP theft
- Software compliance/licensing
- Risk management strategies
- Acceptance
- Avoidance
- Transference
- Cybersecurity insurance
- Mitigation(The act of reducing risk)
- Risk analysis
- Risk register
- Risk matrix/heat map
- Risk control assessment(occurs when a company periodically checks that the risk controls that they have in place are still effective with changing technology. May involve an external auditor or export)
- Risk control self-assessment(Employees evaluate existing risk controls so management-level decision makers can decide if current controls are adequate. A bottom-up approach often used in smaller organizations)
- Risk awareness
- Inherent risk
- Residual risk(a risk that remains even with all conceivable safeguards in place)
- Control risk
- Risk appetite(willing to accept)
- Regulations that affect risk posture
- Risk assessment types
- Qualitative
- Quantitative
- Likelihood of occurrence
- Impact
- Asset value
- Single-loss expectancy(SLE)(SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF).)
- Annualized loss expectancy(ALE)
- Annualized rate of occurrence(ARO)(is described as an estimated frequency of the threat occurring in one year. ARO is used to scalculate ALE (annualized loss expectancy))
- Disasters
- Environmental(earthquakes,floods,volcano,storms,tsunamis)
- Person-made(explosions,electrical fires,terrorist acts,power outages,othet utility failures)
- Internal vs. external
- Business impact analysis
- Recovery time objective(
RTO
)(Duration of time
and a service level within which a business process must berestored after a disaster
in order to avoid unacceptable consequences associated with a break in continuity.) - Recovery point objective(
RPO
)(Is themaximum time period
from which datamay be lost
in the wake of a disaster.) - Mean time to repair(MTTR)( is the average time it takes to recover from a product or system failure. This includes the full time of the outage—from the time the system or product fails to the time that it becomes fully operational again.)
- Mean time between failures(MTBF)(measures the predicted time that passes between one previous failure of a mechanical/ electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.)
- Functional recovery plans
- Single point of failure(any non-redundant part of a system that if unavailable , would cause the entire system or service to fail)
- Disaster recovery plan(DRP)
- Mission essential functions
- Identification of critical systems
- Site risk assessment
- Recovery time objective(
5.5 Explain privacy and sensitive data concepts in relation to security
- Organizational consequences of privacy and data breaches
- Reputation damage
- Identity theft
- Fines
- IP theft
- Notifications of breaches(The EU sets their standard GDPR, and notifications of data breaches must be reported within 72 hours)
- Escalation
- Public notifications and disclosures
- Data types
- Classifications
- Public
- Private
- Sensitive
- Confidential
- Critical
- Proprietary
- Personally identifiable information(PII)(any information that can identify an individual(name,SSN,birthdate/place,biometric,records))
- Health information
- Financial information
- Government data
- Customer data
- Classifications
- Privacy enhancing technologies
- Data minimization
- Data masking
- Tokenization
- Anonymization(process of removing all relevant data so that it is impossible to identify original subject or person)
- Pseudo-anonymization
- Roles and responsibilities
- Data owners
- Data controller
- Data processor
- Data custodian/steward(An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures)
- Data protection officer(DPD)
- Information life cycle
- Impact assessment
- Terms of agreement(protects the company)
- Privacy notice(protects the customer)
Security+ (SY0-601) Acronym List
The following is a list of acronyms that appear on the Comptia Security+ exam Candidates are encouraged to review the complate list and attain a working knowledge of all listed acronyms as part of a comprehensive exam preparation program.
ACRONYM | DEFINITION |
---|---|
3DES | Triple Data Encryption |
AAA | Authentication, Authorization, and Accounting |
ABAC | Attribute-based Access Control |
ACL | Access Control List |
CSF | Cybersecurity Framework |
CSIRT | Computer Security Incident Response Team |
NIST | National Institute of Standards and Technology |
RMF | Risk Management Framework |
TTP | tactic, technique, or procedure |
UEBA | User and Entity Behavior Analytics |
Security+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist candidates as they prepare for the Security+ exam. This list may also be helpful for training companies that wish to create a lab component for their training offering. The bulleted lists below each topic are sample lists and are not exhaustive.
- Hardware
- Software
- Other