Download CompTIA Security+ (SY0-701) Study Notes and more Essays (university) Computer Networks in PDF only on Docsity!
(SY0-701) (Study Notes)
CompTIA Security+ (SY0-701)
Study Notes
Introduction
● Introduction ○ CompTIA Security+ (SY0-701) certification is considered an intermediate level information technology certification and an entry level cyber security certification that focuses on your ability to assess the security posture of an enterprise environment ○ This certification is designed for information technology professionals or aspiring cybersecurity professionals who have already earned their CompTIA A+ and Network+ certifications, but this is a recommendation from CompTIA and not a strict requirement ■ If you have the equivalent of 1-2 years of working with hardware, software, and networks, then you will do fine in this course ○ This course is designed as a full textbook replacement, but if you would like to get a textbook to study from as well, we recommend the official CompTIA Security+ Student Guide available directly from CompTIA ○ CompTIA Security+ (SY0-701) certification exam consists of five domains or areas of knowledge ■ 12% of General Security Concepts ■ 22% of Threats, Vulnerabilities, and Mitigations ■ 18% of Security Architecture ■ 28% of Security Operations 1
(SY0-701) (Study Notes)
■ 20% of Security Program Management and Oversight ○ When taking the CompTIA Security+ certification exam at the testing center or online using the web proctoring service, you are going to have 90 minutes to answer up to 90 questions ■ You’re going to be answering multiple-choice questions, but you may get a few multiple-select questions where they ask you to pick 2 or 3 correct answers for a single question ■ You will also get a handful of performance-based questions ○ To pass the Security+ certification exam, you must score at least 750 points out of 900 on their 100 to 900 point scale ○ To take the exam, you do have to pay an exam fee to cover the cost of testing, and you do that by buying an exam voucher ■ How do you sign up and schedule your exam? ● CompTIA Store ○ You can do this by going to store.comptia.org and buying it from their web store ○ The price does vary depending on which country you will be taking your exam from since CompTIA uses region based pricing ● Dion Training ○ You can go to diontraining.com/vouchers and purchase your voucher directly from us, because we are a certified Platinum Level CompTIA Delivery Partner ○ You’ll save an extra 10% or so off the regular CompTIA price ○ We’ll give you free access to our searchable video library as a bonus for buying your voucher from us 2
(SY0-701) (Study Notes)
● 100% Pass Guarantee ○ All the risk is on us, as it should be ■ You have nothing to lose here, but you do have to do your part and put in some effort ○ When you take those quizzes, you have to score at least an 80% for it to be considered a pass in our system ○ At the end of the course, you will find our practice exams ■ Understand why the answers are right or wrong ■ Explanations are provided for every single question ○ Please don’t try to simply memorize the questions, but instead take the time to understand the why behind them ○ Make sure that you watched the videos, took the quizzes, did the labs, and finished the practice exams ■ If you’ve done all and don’t see the progress part at the top going from 0 to 100, that means something’s wrong ■ If you think you’ve done everything and it still doesn’t show 100%, please email us at support@diontraining.com ○ Once you have the course completion letter, you are eligible for our 60-Day 100% Pass Guarantee 4
(SY0-701) (Study Notes)
Fundamentals of Security Objectives: ● 1.1 - Compare and contrast various types of security controls ● 1.2 - Summarize fundamental security concepts ● Fundamentals of Security ○ Information Security ■ Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction ○ Information Systems Security ■ Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data ○ CIA Triad ■ Confidentiality ● Ensures information is accessible only to authorized personnel (e.g., encryption) ■ Integrity ● Ensures data remains accurate and unaltered (e.g., checksums) ■ Availability ● Ensures information and resources are accessible when needed (e.g., redundancy measures) ○ Non-Repudiation ■ Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures) 5
(SY0-701) (Study Notes)
■ To achieve zero trust, we use the control plane and the data plane ● Control Plane ○ Adaptive identity, threat scope reduction, policy-driven access control, and secured zones ● Data Plane ○ Subject/system, policy engine, policy administrator, and establishing policy enforcement points ● Threats and Vulnerabilities ○ Threat ■ Anything that could cause harm, loss, damage, or compromise to our information technology systems ■ Can come from the following ● Natural disasters ● Cyber-attacks ● Data integrity breaches ● Disclosure of confidential information ○ Vulnerability ■ Any weakness in the system design or implementation ■ Come from internal factors like the following ● Software bugs ● Misconfigured software ● Improperly protected network devices ● Missing security patches ● Lack of physical security 7
(SY0-701) (Study Notes)
○ Where threats and vulnerabilities intersect, that is where the risk to your enterprise systems and networks lies ■ If you have a threat, but there is no matching vulnerability to it, then you have no risk ■ The same holds true that if you have a vulnerability but there’s no threat against it, there would be no risk ○ Risk Management ■ Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome ● Confidentiality ○ Confidentiality ■ Refers to the protection of information from unauthorized access and disclosure ■ Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes ○ Confidentiality is important for 3 main reasons ■ To protect personal privacy ■ To maintain a business advantage ■ To achieve regulatory compliance ○ To ensure confidentiality, we use five basic methods ■ Encryption ● Process of converting data into a code to prevent unauthorized access ■ Access Controls ● By setting up strong user permissions, you ensure that only authorized personnel can access certain types data 8
(SY0-701) (Study Notes)
■ Digital Signatures ● Ensure both integrity and authenticity ■ Checksums ● Method to verify the integrity of data during transmission ■ Access Controls ● Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations ■ Regular Audits ● Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed ● Availability ○ Availability ■ Ensure that information, systems, and resources are accessible and operational when needed by authorized users ○ As cybersecurity professionals, we value availability since it can help us with the following ■ Ensuring Business Continuity ■ Maintaining Customer Trust ■ Upholding an Organization's Reputation ○ To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs ■ Redundancy ● Duplication of critical components or functions of a system with the 10
(SY0-701) (Study Notes)
intention of enhancing its reliability ○ There are various types of redundancy you need to consider when designing your systems and networks ■ Server Redundancy ● Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users ■ Data Redundancy ● Involves storing data in multiple places ■ Network Redundancy ● Ensures that if one network path fails, the data can travel through another route ■ Power Redundancy ● Involves using backup power sources, like generators and UPS systems ● Non-repudiation ○ Non-repudiation ■ Focused on providing undeniable proof in the world of digital transactions ■ Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions ○ Digital Signatures ■ Considered to be unique to each user who is operating within the digital domain ■ Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption 11
(SY0-701) (Study Notes)
○ Authentication is critical to understand because of the following ■ To prevent unauthorized access ■ To protect user data and privacy ■ To ensure that resources are accessed by valid users only ● Authorization ○ Authorization ■ Pertains to the permissions and privileges granted to users or entities after they have been authenticated ○ Authorization mechanisms are important to help us with the following ■ To protect sensitive data ■ To maintain the system integrity in our organizations ■ To create a more streamlined user experience ● Accounting ○ Accounting ■ Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded ○ Your organization should use a robust accounting system so that you can create the following ■ Create an audit trail ● Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time ■ Maintain regulatory compliance ● Maintains a comprehensive record of all users’ activities 13
(SY0-701) (Study Notes)
■ Conduct forensic analysis ● Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again ■ Perform resource optimization ● Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions ■ Achieve user accountability ● Thorough accounting system ensures users’ actions are monitored and logged , deterring potential misuse and promoting adherence to the organization’s policies ○ To perform accounting, we usually use different technologies like the following ■ Syslog Servers ● Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems ■ Network Analysis Tools ● Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network ■ Security Information and Event Management (SIEM) Systems ● Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization 14
(SY0-701) (Study Notes)
shortly thereafter ■ Corrective Controls ● Mitigate any potential damage and restore our systems to their normal state ■ Compensating Controls ● Alternative measures that are implemented when primary security controls are not feasible or effective ■ Directive Controls ● Guide, inform, or mandate actions ● Often rooted in policy or documentation and set the standards for behavior within an organization ● Gap Analysis ○ Gap Analysis ■ Process of evaluating the differences between an organization's current performance and its desired performance ○ Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture ○ There are several steps involved in conducting a gap analysis ■ Define the scope of the analysis ■ Gather data on the current state of the organization ■ Analyze the data to identify any areas where the organization's current performance falls short of its desired performance ■ Develop a plan to bridge the gap 16
(SY0-701) (Study Notes)
○ 2 Basic Types of Gap Analysis ■ Technical Gap Analysis ● Involves evaluating an organization's current technical infrastructure ● identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions ■ Business Gap Analysis ● Involves evaluating an organization's current business processes ● Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions ■ Plan of Action and Milestones (POA&M) ● Outlines the specific measures to address each vulnerability ● Allocate resources ● Set up timelines for each remediation task that is needed ● Zero Trust ○ Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin ○ To create a zero trust architecture, we need to use two different planes ■ Control Plane ● Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization ● Control Plane typically encompasses several key elements ○ Adaptive Identity ■ Relies on real-time validation that takes into account the user's behavior, device, location, and more 17
(SY0-701) (Study Notes)
Threat Actors Objectives: ● 1.2 - Summarize fundamental security concepts ● 2.1 - Compare and contrast common threat actors and motivations ● 2.2 - Explain common threat vectors and attack surfaces ● Threat Actors ○ Threat Actor Motivations ■ Data Exfiltration ■ Blackmail ■ Espionage ■ Service Disruption ■ Financial Gain, ■ Philosophical/Political Beliefs ■ Ethical Reasons ■ Revenge ■ Disruption/Chaos ■ War ○ Threat Actor Attributes ■ Internal vs. External Threat Actors ■ Differences in resources and funding ■ Level of sophistication ○ Types of Threat Actors ■ Unskilled Attackers ● Limited technical expertise, use readily available tools 19
(SY0-701) (Study Notes)
■ Hacktivists ● Driven by political, social, or environmental ideologies ■ Organized Crime ● Execute cyberattacks for financial gain (e.g., ransomware, identity theft) ■ Nation-state Actor ● Highly skilled attackers sponsored by governments for cyber espionage or warfare ■ Insider Threats ● Security threats originating from within the organization ○ Shadow IT ■ IT systems, devices, software, or services managed without explicit organizational approval ○ Threat Vectors and Attack Surfaces ■ Message-based ■ Image-based ■ File-based ■ Voice Calls ■ Removable Devices ■ Unsecured Networks ○ Deception and Disruption Technologies ■ Honeypots ● Decoy systems to attract and deceive attackers ■ Honeynets ● Network of decoy systems for observing complex attacks ■ Honeyfiles ● Decoy files to detect unauthorized access or data breaches 20
