CompTIA Security+ SY0-701 Last Minute Cram
Pass your CompTIA Security+ SY0-701 with this quick review guide that summarizes all of the exam objectives in just a fe
140 43 913KB
English Pages [84] Year 2024
Recommend Papers
![CompTIA Security+ SY0-601 Exam Cram [6 ed.]
0136798675, 9780136798675](https://ebin.pub/img/200x200/comptia-security-sy0-601-exam-cram-6nbsped-0136798675-9780136798675.jpg)
![Principles of Computer Security Comptia Security+ and Beyondprinciples of Computer Security Comptia Security+ and Beyond Lab Manual Lab Manual [2 ed.]
9780071748575, 0071748571, 9780071748568, 0071748563](https://ebin.pub/img/200x200/principles-of-computer-security-comptia-security-and-beyondprinciples-of-computer-security-comptia-security-and-beyond-lab-manual-lab-manual-2nbsped-9780071748575-0071748571-9780071748568-0071748563.jpg)
- Author / Uploaded
- Andrew Ramdayal
File loading please wait...
Citation preview
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
CompTIA Security+ SY0‐701 Last Minute Cram Andrew Ramdayal, Security+, CEH, CISSP
w w w.t i a e d u . c o m
1
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
CompTIA Security+ 701 Last Minute Guide Copyright© 2024 Technical Ins tute of America Inc. All rights reserved. Except as permi ed under the United States Copyright Act of 1976, no part of this publica on may be reproduced or distributed in any form or by any means or stored in a database or retrieval system, without the prior wri en permission of the publisher. By Andrew Ramdayal First Prin ng: January 2024
w w w.t i a e d u . c o m
2
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
About the Author Andrew Ramdayal, A+, Network+, Security+, CEH, CISSP, CISSP‐ISSMP has over 20 years of experience in IT. He holds over 65 professional cer fica ons in IT and accoun ng from vendors such as Microso , Cisco, CompTIA, and PMI. He also holds a Master Degree in Management Informa on System with a minor in project management. Andrew has worked on many ERP, IT Security, and computer networking projects over his career. Andrew has been teaching the technical cer fica ons for over 20 years to hundreds of thousands of students all over the world. His unique teaching methods have allowed his students not only to pass the exam but also to apply the concepts in real life. He is currently the CEO of the Technical Ins tute of America which provides training to thousands of students every year in IT and medical courses.
About Technical Ins tute of America Technical Ins tute of America (TIA) is a na onally accredited school headquartered in New York City . TIA is a Gold CompTIA Authorized Partner. TIA offers live online bootcamps for CompTIA’s A+, Network+, Security+, CISSP, and PMP. Over the last 13 years TIA has helped over 450,000 students pass their cer fica on exams. We offer the following:
Live CompTIA classes at: www. aedu.com Self‐pace classes at: www. aexams.com Also look for our classes on Udemy: h ps://www.udemy.com/user/andrewramdayal/ Checkout our Youtube channel for free Security+ Ques ons and content: h ps://www.youtube.com/TechnicalIns tuteofAmerica
w w w.t i a e d u . c o m
3
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Contents 1.1 Compare and contrast various types of security controls. ............................................................... 5 1.2 Summarize these fundamental security concepts: ........................................................................... 9 1.3 Explain the importance of change management processes and the impact to security. .............. 11 1.4 Explain the importance of using appropriate cryptographic solu ons. ......................................... 13 2.1 Compare and contrast common threat actors and mo va ons. .................................................... 15 2.2 Explain common threat vectors and a ack surfaces. ..................................................................... 17 2.3 Explain various types of vulnerabili es. .......................................................................................... 19 2.4 Given a scenario, analyze indicators of malicious ac vity. ............................................................. 21 2.5 Explain the purpose of mi ga on techniques used to secure the enterprise. .............................. 23 3.1 Compare and contrast security implica ons of different architecture models. ............................ 25 3.2 Given a scenario, apply security principles to secure enterprise infrastructure. ........................... 28 3.3 Compare and contrast concepts and strategies to protect data. .................................................... 30 3.4 Explain the importance of resilience and recovery in security architecture. ................................. 32 4.1 Given a scenario, apply common security techniques to compu ng resources. ........................... 34 4.2 Explain the security implica ons of proper hardware, so ware, and data asset management. .. 36 4.3 Explain various ac vi es associated with vulnerability management. .......................................... 38 4.4 Explain security aler ng and monitoring concepts and tools. ....................................................... 40 4.5 Given a scenario, modify enterprise capabili es to enhance security. .......................................... 42 4.6 Given a scenario, implement and maintain iden ty and access management. ............................ 44 4.7 Explain the importance of automa on and orchestra on related to secure opera ons. ............. 46 4.8 Explain appropriate incident response ac vi es. ........................................................................... 48 4.9 Given a scenario, use data sources to support an inves ga on. .................................................... 50 5.1 Summarize elements of effec ve security governance. ................................................................. 52 5.2 Explain elements of the risk management process. ....................................................................... 54 5.3 Explain the processes associated with third‐party risk assessment and management. ................ 56 5.4 Summarize elements of effec ve security compliance. .................................................................. 58 5.5 Explain types and purposes of audits and assessments. ................................................................ 60 5.6 Given a scenario, implement security awareness prac ces. .......................................................... 62 Acronyms List and Explana ons ............................................................................................................ 64
w w w.t i a e d u . c o m
4
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1.1 Compare and contrast various types of security controls. Security controls are measures taken to safeguard or protect informa on and other assets. They can be categorized into various types based on their nature and the domain they are applied to. Here's a comparison and contrast of the men oned security controls: 1. Technical Security Controls:
Descrip on: These are controls implemented through technology. They are o en hardware or so ware‐based.
Examples: Firewalls, encryp on, intrusion detec on systems, authen ca on mechanisms, and access controls.
Advantages: Provides direct, o en automated protec on, detec on, and response. Can scale across large infrastructures.
Disadvantages: Vulnerable to technical failures or so ware vulnerabili es. Can become obsolete with technological advancement.
2. Managerial Security Controls:
Descrip on: These controls involve strategies, governance, and the organiza onal approach to informa on security. They ensure the right policies and procedures are in place.
Examples: Risk assessments, security policies and procedures, security training programs, and vendor management.
Advantages: Addresses the organiza on's overall security posture and ensures compliance with legal and regulatory requirements. It's pivotal for strategic decision‐ making.
Disadvantages: Effec veness can be influenced by the level of managerial commitment. There's a need for regular review and upda ng.
3. Opera onal Security Controls:
Descrip on: These controls are focused on opera ons and are o en associated with day‐to‐day tasks and procedures that users or administrators follow.
Examples: Backup and recovery procedures, user awareness training, incident response procedures, and change management.
Advantages: Directly addresses user behavior and day‐to‐day opera ons, which are o en the weak points in security.
Disadvantages: Requires con nuous monitoring and o en relies on users or administrators to follow procedures correctly. It's vulnerable to human error.
4. Physical Security Controls:
w w w.t i a e d u . c o m
5
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Descrip on: These controls are designed to protect the physical environment of informa on assets.
Examples: Security guards, fences, locks, CCTV cameras, biometric access controls, secure server rooms, and fire suppression systems.
Advantages: Provides tangible protec on against physical threats such as the , damage, and natural disasters.
Disadvantages: Does not protect against remote cyber threats. Requires physical maintenance.
Contrast:
Implementa on Nature: Technical controls are mainly implemented through IT systems and infrastructure. Managerial controls are executed at the decision‐making level, while opera onal controls relate to rou ne processes. Physical controls pertain to tangible assets and facili es.
Vulnerabili es: Technical controls are vulnerable to technological flaws, Managerial to a lack of leadership commitment, Opera onal to human errors, and Physical to physical access breaches.
Overhead and Maintenance: Technical controls o en have high ini al costs and need consistent upda ng. Managerial controls require periodic review and adapta on to the organiza on's changing landscape. Opera onal controls demand con nuous user training and oversight. Physical controls need regular physical maintenance and checks.
Applica on Domain: While all controls can be applied to various domains, technical controls are especially per nent in IT and digital domains. Managerial controls span across all areas of an organiza on. Opera onal controls are common in IT opera ons, HR, and other daily func ons. Physical controls are crucial for facili es management and asset safeguarding.
A balanced security strategy usually involves a mix of these controls, ensuring that assets are protected at mul ple levels and through various means. security controls can also be categorized based on their func onality and the stage of the incident they address. Let's dive into a comparison and contrast of the types you men oned: 1. Preven ve Security Controls:
Descrip on: These controls aim to prevent an incident or breach from occurring in the first place.
Examples: Firewalls, access controls, strong password policies, encryp on, and security training.
Primary Func on: Act proac vely to ward off poten al threats.
2. Deterrent Security Controls:
w w w.t i a e d u . c o m
6
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Descrip on: While they might not prevent a threat actor from performing a malicious act, they deter or discourage them by increasing the risk or reducing the reward.
Examples: Warning banners (indica ng legal consequences of unauthorized access), visible surveillance cameras, and "Account will be locked a er three unsuccessful login a empts" mechanisms.
Primary Func on: Serve as a discouragement, making it less appealing for an a acker to proceed.
3. Detec ve Security Controls:
Descrip on: These controls are designed to discover or detect unwanted or unauthorized ac vity.
Examples: Intrusion detec on systems (IDS), audit logs, security informa on and event management (SIEM) systems, and anomaly detec on.
Primary Func on: Iden fy and alert on anomalies or security incidents.
4. Correc ve Security Controls:
Descrip on: Once a security incident has been detected, these controls aim to limit the extent of the damage and take ac on to correct the situa on.
Examples: An ‐virus so ware that quaran nes malware, incident response teams, backup/restora on tools, and patches for known vulnerabili es.
Primary Func on: Remediate and recover from a detected security incident.
5. Compensa ng Security Controls:
Descrip on: These controls come into play when primary controls are deemed ineffec ve or unfeasible. They provide alterna ve measures to achieve the same or similar security objec ves.
Examples: If a system cannot support mul factor authen ca on (a primary control), a stringent password policy and con nuous user behavior monitoring might be applied as compensa ng controls.
Primary Func on: Act as a backup or alterna ve to primary security controls.
6. Direc ve Security Controls:
Descrip on: These controls are used to guide or constrain user ac ons, usually by s pula ng mandatory or recommended ac ons.
Examples: Acceptable use policies, security policies, guidelines, procedures, and standards.
Primary Func on: Provide a roadmap or guidance for security best prac ces within an organiza on.
w w w.t i a e d u . c o m
7
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Contrast:
Stage of Interven on: Preven ve controls act before an incident, aiming to prevent it. Deterrent controls discourage a ackers but may not necessarily stop them. Detec ve controls operate during or a er the incident, looking for signs of breaches. Correc ve controls come into ac on post‐incident to restore and rec fy. Compensa ng controls work as alterna ves to main controls, and direc ve controls provide guidelines for ac on throughout all stages.
Interac on with Threat Actors: Preven ve controls directly counteract threat ac ons, deterrent controls try to scare them away, detec ve controls monitor and alert on their ac vi es, correc ve controls act to nullify or reduce their impact, compensa ng controls act as secondary barriers, and direc ve controls o en don't interact directly but set the stage for all other controls.
Flexibility and Adaptability: Preven ve, deterrent, and detec ve controls are o en specific to certain threats or vulnerabili es. Correc ve controls act based on the nature of detected incidents. Compensa ng controls are inherently adaptable as they are custom solu ons for unique problems. Direc ve controls can be broad and flexible, providing guidance adaptable to various situa ons.
A well‐rounded security posture incorporates a blend of these controls, ensuring that threats are deterred, prevented, detected, and rec fied efficiently, with clear direc ves guiding the organiza on's overall security strategy.
w w w.t i a e d u . c o m
8
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1.2 Summarize these fundamental security concepts: 1. CIA (Confiden ality, Integrity, and Availability):
Confiden ality: Ensures that data is accessed only by authorized individuals.
Integrity: Ensures data remains accurate and untouched by unauthorized en
Availability: Ensures data and systems are accessible when needed.
es.
2. Non‐repudia on: Guarantees that a sender of informa on cannot later deny having sent it and that the receiver cannot deny having received it. 3. AAA (Authen ca on, Authoriza on, and Accoun ng):
Authen ca on: Verifying the iden ty of users, systems, or en
Authen ca ng People: Using passwords, biometrics, or tokens.
Authen ca ng Systems: Using cer ficates or keys.
Authoriza on: Defines permissions, determining what authen cated users or systems are allowed to do.
es.
Authoriza on Models: Examples include Role‐Based Access Control (RBAC) and Mandatory Access Control (MAC).
Accoun ng: Tracks user ac vi es, ensuring they are opera ng within their designated permissions.
4. Gap Analysis: A process to iden fy differences between current security prac ces and desired outcomes or standards. 5. Zero Trust:
Control Plane:
Adap ve Iden ty: Dynamically adjus ng user/system iden ty verifica on based on context.
Threat Scope Reduc on: Minimizing the a ack surface.
Policy‐driven Access Control: Access granted based on policies rather than sta c permissions.
Policy Administrator: Manages and updates access policies.
Policy Engine: Processes and evaluates access requests against set policies.
Data Plane:
Implicit Trust Zones: Areas where trust is assumed by default.
Subject/System: En
es reques ng or being granted access.
w w w.t i a e d u . c o m
9
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Policy Enforcement Point: Where access decisions are executed based on policies.
6. Physical Security:
Bollards: Short posts to prevent vehicle intrusion.
Access Control Ves bule: Secured entry space, o en with two sets of doors to control access.
Fencing: Barriers to deter unauthorized entries.
Video Surveillance: Cameras monitoring and recording ac vi es.
Security Guard: Human personnel guarding premises.
Access Badge: ID card gran ng access to buildings or areas.
Ligh ng: Ensures visibility, o en deterring unauthorized ac vi es.
Sensors:
Infrared: Detects heat emissions, o en from humans.
Pressure: Detects weight or pressure changes, such as footsteps.
Microwave: Uses microwave signals to detect movement.
Ultrasonic: Uses sound waves to detect presence or movement.
7. Decep on and Disrup on Technology:
Honeypot: Decoy system or data set up to lure a ackers.
Honeynet: Network of honeypots.
Honeyfile: Decoy file placed to detect unauthorized access.
Honeytoken: A piece of data used to alert when accessed, it has no real‐world use other than being a trap.
Each of these concepts plays a crucial role in the broader security framework of an organiza on, and understanding them is essen al for any security professional.
w w w.t i a e d u . c o m
10
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1.3 Explain the importance of change management processes and the impact to security. Change management processes play an essen al role in ensuring that any modifica ons made to systems, applica ons, or procedures are conducted in a structured, secure, and efficient manner. Here's why these processes are cri cal and how they impact security: 1. Business Processes Impac ng Security Opera on:
Approval Process: Ensures that only ve ed and necessary changes get implemented, reducing the risk of introducing vulnerabili es.
Ownership: Designa ng an owner ensures accountability and responsibility for the change, ensuring it's implemented correctly and securely.
Stakeholders: Engaging stakeholders ensures that all par es affected by the change are informed and can provide valuable feedback, reducing poten al security gaps.
Impact Analysis: Evalua ng the poten al consequences of a change can reveal poten al security risks and areas of vulnerability.
Test Results: Tes ng changes before implementa on can iden fy and rec fy security flaws or compa bility issues.
Backout Plan: Should a change introduce unforeseen vulnerabili es, having a plan to revert the changes can be essen al to maintain security.
Maintenance Window: Designa ng specific mes for changes reduces disrup ons and ensures that resources are available should issues arise.
Standard Opera ng Procedure: Adhering to established protocols ensures consistency, predictability, and security in the change process.
2. Technical Implica ons:
Allow lists/Deny lists: Changes might require upda ng lists that determine which ac vi es or en es are permi ed or prohibited, directly affec ng security postures.
Restricted Ac vi es: Some changes might limit certain opera ons, poten ally impac ng business opera ons or security monitoring.
Down me: Unplanned or extended down me can expose businesses to risks, especially if security measures are down.
Service Restart: Restar ng services can introduce vulnerabili es if not done securely.
Applica on Restart: Similar to service restarts, applica on restarts need to be done securely to avoid poten al exposures.
Legacy Applica ons: Older so ware might not be compa ble with new changes and can have unresolved vulnerabili es.
w w w.t i a e d u . c o m
11
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Dependencies: Changes can affect dependent systems or applica ons, poten ally crea ng security gaps.
3. Documenta on:
Upda ng Diagrams: Ensures that teams have the latest view of the system's architecture, helping to spot poten al vulnerabili es.
Upda ng Policies/Procedures: Keeps protocols current, ensuring that the organiza on operates securely under the latest changes.
4. Version Control: Ensuring changes are versioned allows teams to track which modifica ons were made and when. This is cri cal not only for debugging but also for security forensics and understanding poten al vulnerabili es. In Summary: The importance of change management processes in security lies in their ability to provide structured and controlled environments for making modifica ons. Without these processes, organiza ons run the risk of introducing vulnerabili es, causing disrup ons, or failing to adhere to security best prac ces. Proper change management not only helps in maintaining the system's security but also ensures smooth business opera ons, accountability, and traceability.
w w w.t i a e d u . c o m
12
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1.4 Explain the importance of using appropriate cryptographic solu ons. Using appropriate cryptographic solu ons is essen al for ensuring data confiden ality, integrity, and authen city in a digitally connected world. Let's dive into the importance of these solu ons: 1. Public Key Infrastructure (PKI):
Public/Private Key: Ensures secure communica on where only the private key holder can decrypt what the public key encrypts.
Key Escrow: Allows a trusted third party to hold cryptographic keys, ensuring they're available if original holders lose access or in legal scenarios.
2. Encryp on:
Level:
Full‐disk: Encrypts an en re storage disk, protec ng data if the physical device is lost or stolen.
Par
File, Database, Record: Encrypts individual files, databases, or records within.
on, Volume: Encrypts specific sec ons of a storage device.
Transport/Communica on: Secures data as it's transmi ed across networks, like with HTTPS.
Asymmetric/Symmetric: Different encryp on methods; asymmetric uses public/private key pairs, while symmetric uses the same key for both encryp on and decryp on.
Key Exchange: The process of securely exchanging cryptographic keys.
Algorithms: Specific procedures for encryp ng and decryp ng data (e.g., AES, RSA).
Key Length: The longer the key, the harder it is to crack, but also poten ally slower in opera on.
3. Tools:
TPM: A dedicated microcontroller that stores keys, passwords, and digital cer ficates securely.
HSM: Physical device that safeguards and manages digital keys, providing hardware‐level security.
Key Management System: Systems designed to manage cryptographic keys throughout their lifecycle.
Secure Enclave: A hardware‐based secure storage area in processors, isola ng it from the main processor to secure sensi ve data.
4. Obfusca on:
Steganography: Hiding data within other data (e.g., embedding a secret message in an image).
Tokeniza on: Replacing sensi ve data with non‐sensi ve placeholders.
w w w.t i a e d u . c o m
13
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Data Masking: Concealing specific data within a database, making it inaccessible to unauthorized users.
5. Hashing: Converts data into a fixed‐size string, ensuring data integrity. 6. Sal ng: Random data added before hashing to ensure the same input produces different outputs. 7. Digital Signatures: Confirms the authen city of a digital document or message. 8. Key Stretching: Makes keys resistant to brute force a acks by making the key deriva on process more computa onally intensive. 9. Blockchain: Distributed, decentralized ledgers that use cryptographic solu ons to ensure data integrity. 10. Open Public Ledger: Transparent, openly accessible ledger where all transac ons are visible. 11. Cer ficates:
Cer ficate Authori es (CA): Organiza ons that issue digital cer ficates.
CRLs: Lists of cer ficates revoked before their expira on.
OCSP: Protocol to obtain the revoca on status of a cer ficate in real‐ me.
Self‐signed/Third‐party: Cer ficates that are signed by the owner vs. a trusted third‐party.
Root of Trust: Star ng point in a security domain from which other security mechanisms derive.
CSR Genera on: A request sent from an applicant to a CA to get a digital iden ty cer ficate.
Wildcard: Cer ficates for securing domain and its subdomains.
Importance: The digital world has inherent vulnerabili es. Cryptographic solu ons play a cri cal role in defending against breaches, ensuring confiden ality, and maintaining trust. Without them:
Data in transit could be intercepted and read.
Authen city of data and sources couldn't be verified.
Sensi ve informa on would be vulnerable at rest.
Transac ons could be altered without detec on.
By employing appropriate cryptographic measures, organiza ons can protect data, ensure its integrity, and validate its origin, which is essen al in today's cyber threat landscape.
w w w.t i a e d u . c o m
14
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
2.1 Compare and contrast common threat actors and mo va ons. Threat Actors: 1. Na on‐State: Governments or government‐backed en for espionage, disrup on, or war.
es that engage in cyber ac vi es, o en
2. Unskilled A acker: Individuals with limited technical skills, o en using pre‐made tools or scripts to launch a acks. Some mes referred to as "script kiddies." 3. Hack vist: Hackers mo vated by poli cal or social causes, aiming to promote a message or protest against en es they disagree with. 4. Insider Threat: Individuals within an organiza on, such as employees or contractors, who misuse their access to harm the organiza on. 5. Organized Crime: Groups engaged in cybercrime for financial gain. 6. Shadow IT: Unauthorized applica ons, tools, or systems used within an organiza on, not officially sanc oned by the IT department. A ributes of Actors: 1. Internal/External: Whether the threat actor originates from within (e.g., Insider Threat) or outside (e.g., Na on‐State) the organiza on. 2. Resources/Funding: The amount of money and resources available to the threat actor. For example, Na on‐States typically have significant resources. 3. Level of Sophis ca on/Capability: The technical skill level of the threat actor. Na on‐States and Organized Crime groups o en have high sophis ca on, while Unskilled A ackers are at the lower end. Mo va ons: 1. Data Exfiltra on: Stealing data from a target, o en for selling or leverage. 2. Espionage: Spying on en
es to gather sensi ve informa on, common with Na on‐States.
3. Service Disrup on: Disabling or disturbing a service, o en seen with hack vists protes ng against specific services or companies. 4. Blackmail: Threatening to release sensi ve data unless a demand (usually monetary) is met. 5. Financial Gain: Stealing data or directly siphoning money, a common mo va on for organized crime. 6. Philosophical/Poli cal Beliefs: Ac ng based on personal or group beliefs, commonly seen with hack vists. 7. Ethical: Ac ng on perceived ethical obliga ons, some mes seen with whistleblowers or "white hat" hackers iden fying vulnerabili es.
w w w.t i a e d u . c o m
15
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
8. Revenge: Targe ng an en ty out of vengeance for a perceived wrong. 9. Disrup on/Chaos: Mo vated purely by the desire to create disorder, some mes without specific poli cal or financial goals. 10. War: Cyber‐opera ons that are a component of larger warfare, typically driven by Na on‐States. Comparison and Contrast:
Na on‐State vs. Unskilled A acker: While na on‐states have high resources and sophis cated capabili es, o en with poli cal, war, or espionage mo va ons, unskilled a ackers are less sophis cated, o en mo vated by chaos, revenge, or simply the thrill of hacking.
Hack vist vs. Insider Threat: While both can be internal or external, hack vists are generally mo vated by philosophical or poli cal beliefs, aiming to send a message. In contrast, insider threats act due to a variety of reasons, including revenge, financial gain, or ethical concerns.
Organized Crime vs. Shadow IT: Organized crime groups are external, well‐resourced, and sophis cated, typically mo vated by financial gain. Shadow IT, however, represents an internal "threat" due to non‐malicious ac ons of employees trying to improve produc vity but inadvertently introducing security risks.
Understanding these threat actors, their a ributes, and mo va ons is vital for organiza ons to develop effec ve security strategies and defense mechanisms.
w w w.t i a e d u . c o m
16
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
2.2 Explain common threat vectors and a ack surfaces. Threat Vectors and A ack Surfaces refer to the various methods and avenues through which cyber adversaries can target individuals and organiza ons. By understanding these, organiza ons can prepare, defend, and mi gate poten al risks. 1. Message‐based:
Email: A popular medium for delivering malicious content or links. Phishing a empts, malware, ransomware, and spam o en use this vector.
SMS: Mobile‐based text messages can contain phishing links (Smishing) or malicious content targe ng smartphones.
Instant Messaging (IM): Real‐ me messaging services can be exploited to deliver malware or phishing content.
2. Image‐based: Malicious payloads can be embedded in images, which, when viewed, can exploit vulnerabili es. 3. File‐based: Malicious so ware can be embedded within files, which, upon opening or execu on, can lead to compromise. 4. Voice Call: Vishing (voice‐based phishing) involves criminals using phone calls to deceive vic ms into divulging personal informa on or following malicious instruc ons. 5. Removable Device: Devices like USBs can be used to introduce malware or exploit so ware vulnerabili es when connected to a system. 6. Vulnerable So ware:
Client‐based: So ware that requires installa on on a user's system can be targeted for vulnerabili es.
Agentless: So ware that runs without installa ons or agents, making them harder to monitor and poten ally vulnerable.
7. Unsupported Systems and Applica ons: Outdated so ware that no longer receives security updates can be a significant risk. 8. Unsecure Networks:
Wireless: Unsecured Wi‐Fi networks can be intercepted or exploited.
Wired: Physical access to wired networks can lead to intrusion.
Bluetooth: Vulnerabili es in Bluetooth can be exploited to snoop on or control devices.
9. Open Service Ports: Unsecured open ports can allow unauthorized access or a acks on services running on those ports.
w w w.t i a e d u . c o m
17
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
10. Default Creden als: Devices or systems with unchanged default passwords can be easily accessed by a ackers. 11. Supply Chain:
Managed Service Providers (MSPs): If compromised, can provide access to their client's infrastructure.
Vendors: Their systems, if breached, can act as a gateway to an organiza on's infrastructure.
Suppliers: A compromise in a supplier's security can have ripple effects on their clients.
12. Human Vectors/Social Engineering:
Phishing: Decep ve emails aiming to steal sensi ve informa on.
Vishing: Voice calls trying to deceive vic ms.
Smishing: SMS‐based phishing a empts.
Misinforma on/Disinforma on: Spreading false informa on to deceive or manipulate.
Impersona on: Pretending to be someone else to deceive a vic m.
Business Email Compromise: Decep ve tac cs to manipulate employees into transferring funds or revealing sensi ve data.
Pretex ng: Using fabricated scenarios to obtain personal data.
Watering Hole: Compromising a commonly used website to target its visitors.
Brand Impersona on: Imita ng well‐known brands to deceive vic ms.
Typosqua ng: Registering domains similar to popular ones to deceive users.
In Summary: The cyber landscape is vast, and there are numerous ways for a ackers to exploit vulnerabili es, both technical and human. Understanding these threat vectors and a ack surfaces enables organiza ons to priori ze defenses and train staff to be vigilant against the myriad of methods employed by cyber adversaries.
w w w.t i a e d u . c o m
18
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
2.3 Explain various types of vulnerabili es. Vulnerabili es refer to weaknesses in a system or process that can be exploited by threat actors to gain unauthorized access or perform unauthorized ac ons. Here's a breakdown of various types of vulnerabili es: 1. Applica on Vulnerabili es:
Memory Injec on: The introduc on of malicious code into a target's memory.
Buffer Overflow: Occurs when data exceeds the buffer's capacity, leading to overwrite of adjacent memory loca ons.
Race Condi ons: Situa ons where a system's behavior depends on the sequence or ming of uncontrollable events.
Time‐of‐check (TOC) / Time‐of‐use (TOU): This vulnerability can occur if a system's state changes between the check of a condi on and the use that results from the check.
Malicious Update: Updates containing malicious code or weakening security mechanisms.
2. Opera ng System (OS)‐based Vulnerabili es: Weaknesses in the OS that can be exploited to gain unauthorized access, elevate privileges, etc. 3. Web‐based Vulnerabili es:
Structured Query Language Injec on (SQLi): A ackers insert malicious SQL code into input fields to run unauthorized SQL queries.
Cross‐site Scrip ng (XSS): A ackers inject malicious scripts into websites which are then executed by the vic m's browser.
4. Hardware Vulnerabili es:
Firmware Vulnerabili es: Weaknesses in low‐level so ware that runs on hardware devices.
End‐of‐life Hardware: Devices no longer supported by manufacturers, resul ng in unpatched vulnerabili es.
Legacy Hardware: Older hardware that may not be compa ble with current security measures.
5. Virtualiza on Vulnerabili es:
Virtual Machine (VM) Escape: An a acker runs code on a VM which allows them to break out and interact with the host system.
Resource Reuse: Sensi ve data can remain in system resources and be accessed by other processes.
w w w.t i a e d u . c o m
19
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
6. Cloud‐specific Vulnerabili es: Weaknesses specific to cloud services, including misconfigura ons, insecure APIs, and data breaches. 7. Supply Chain Vulnerabili es:
Service Provider: Vulnerabili es introduced by third‐party service providers.
Hardware Provider: Weaknesses or backdoors in hardware provided by third par es.
So ware Provider: Vulnerabili es in third‐party so ware products or libraries.
8. Cryptographic Vulnerabili es: Flaws in encryp on algorithms or their implementa on that can be exploited to decrypt sensi ve data. 9. Misconfigura on: Incorrectly configured so ware or hardware that leaves security gaps. 10. Mobile Device Vulnerabili es:
Side Loading: Installing apps from unofficial sources can introduce malicious apps.
Jailbreaking: Bypassing the built‐in security mechanisms of iOS, leaving the device vulnerable.
11. Zero‐day Vulnerabili es: Previously unknown vulnerabili es that are not yet patched by vendors. Since these are not known to the public, there is no defense against them un l discovered. Understanding these vulnerabili es is crucial for organiza ons and individuals to take preventa ve measures and maintain robust security postures. Regularly patching so ware, upda ng hardware, and staying informed about emerging threats can mi gate the risk associated with these vulnerabili es.
w w w.t i a e d u . c o m
20
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
2.4 Given a scenario, analyze indicators of malicious ac vity. Analyzing indicators of malicious ac vity means looking for signs or evidence that suggest an a ack or compromise has occurred or is currently taking place. Here's how you might analyze the indicators given various malicious ac vity scenarios: 1. Malware A acks:
General Indicators: Unexpected system behavior, performance issues, loss of data, unauthorized data access or transmission.
Ransomware: Sudden file encryp on, ransom note displayed, change of file extensions.
Trojan: Unwanted applica ons running, unauthorized system changes.
Worm: Rapid spread across networked devices, self‐replica ng behavior.
Spyware: Unauthorized data transmission, popup ads, changed browser se ngs.
Bloatware: Unwanted so ware installa ons, reduced system performance.
Virus: Corrupt files, altered program behavior, boot issues.
Keylogger: Unauthorized data access, unexpected inputs recorded.
Logic Bomb: Events triggered at specific condi ons or dates.
Rootkit: Undetectable malware presence, deep system control by unknown en es.
2. Physical A acks:
Brute Force: Visible damage to locks or entry points, unauthorized entry.
RFID Cloning: Unauthorized access using cloned RFID tags/cards.
Environmental: Manipula on of environmental controls like hea ng or cooling.
3. Network A acks:
Distributed Denial‐of‐Service (DDoS):
Amplified/Reflected: Large amounts of traffic from a mul tude of sources.
DNS A acks: Redirected traffic, unauthorized domain changes.
Wireless A acks: Unauthorized devices on network, unknown SSIDs.
On‐path (Man‐in‐the‐Middle): Intercepted data, altered communica on.
Creden al Replay: Mul ple login a empts from the same creden als.
w w w.t i a e d u . c o m
21
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Malicious Code: Unexpected network traffic, data breaches.
4. Applica on A acks:
Injec on: Unexpected inputs causing errors or malicious ac vity.
Buffer Overflow: Applica on crashes, unauthorized code execu on.
Replay: Repeated transac on a empts, data resubmission.
Privilege Escala on: Lower‐level users gaining higher‐level access.
Forgery: Altered data or transac ons, impersona on.
Directory Traversal: Unauthorized file access, data breaches.
5. Cryptographic A acks:
Downgrade: Forced use of weaker cryptographic methods.
Collision: Two different data inputs producing the same output hash.
Birthday A ack: Exploi ng the probability of two dis nct inputs having the same output.
6. Password A acks:
Spraying: Mul ple login a empts using common passwords.
Brute Force: Rapid succession of login a empts with varied combina ons.
7. General Indicators:
Account Lockout: Mul ple failed login a empts.
Concurrent Session Usage: Single account logged in from mul ple loca ons.
Blocked Content: Firewall or content filters flagging malicious content.
Impossible Travel: Logins from geographically distant loca ons in a short meframe.
Resource Consump on: Unusually high CPU, memory, or bandwidth usage.
Resource Inaccessibility: Services or resources being unavailable.
Out‐of‐cycle Logging: Logs generated outside of expected meframes.
Published/Documented: Known vulnerabili es or exploits.
Missing Logs: Evidence of logs being deleted or altered.
Recognizing these indicators promptly can make a significant difference in an organiza on's ability to respond and mi gate threats. Regularly monitoring systems, training staff, and using advanced detec on tools can greatly enhance the ability to spot these indicators early on.
w w w.t i a e d u . c o m
22
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
2.5 Explain the purpose of mi ga on techniques used to secure the enterprise. Securing an enterprise requires a combina on of techniques to safeguard data, infrastructure, applica ons, and opera ons. Here's an explana on of the purpose of various mi ga on techniques: 1. Segmenta on:
Purpose: Dividing a network into smaller segments to isolate data and services. If a breach occurs in one segment, it prevents the a acker from easily accessing other parts of the network.
2. Access Control:
Access Control List (ACL):
Purpose: A set list that defines who can access a par cular resource and what opera ons they can perform.
Permissions:
Purpose: Define specific rights users have over a resource, such as read, write, execute, etc.
3. Applica on Allow List:
Purpose: Specify which applica ons are allowed to run on a system. Anything not on the list is prevented from execu ng, minimizing the risk of malicious so ware.
4. Isola on:
Purpose: Keep different processes or systems separated so if one is compromised, it doesn't affect the others.
5. Patching:
Purpose: Regularly upda ng so ware and systems to fix known vulnerabili es, reducing the a ack surface.
6. Encryp on:
Purpose: Encoding data to ensure confiden ality. Even if data is accessed or stolen, it remains unreadable without the decryp on key.
7. Monitoring:
Purpose: Keeping an eye on system ac vity and traffic to detect and respond to any suspicious ac vi es or breaches.
8. Least Privilege:
w w w.t i a e d u . c o m
23
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Purpose: Gran ng users only the permissions they need to perform their roles. This reduces the risk of insiders causing damage (inten onally or uninten onally) and limits what a ackers can do if they compromise an account.
9. Configura on Enforcement:
Purpose: Ensuring that systems are set up according to best prac ces and company policies, minimizing vulnerabili es.
10. Decommissioning:
Purpose: Safely removing systems or so ware from opera on. This ensures that old, poten ally vulnerable so ware or hardware doesn't remain a weak point in the network.
11. Hardening Techniques:
Encryp on: Ensure data confiden ality at rest and in transit.
Installa on of Endpoint Protec on: Provide real‐ me threat protec on for endpoints.
Host‐based Firewall: Control incoming and outgoing network traffic at the machine level.
Host‐based Intrusion Preven on System (HIPS): Monitor and block poten ally harmful ac vity on a host.
Disabling Ports/Protocols: Deac vate unnecessary or vulnerable network ports and communica on protocols.
Default Password Changes: Avoid using easily guessable or manufacturer‐set passwords.
Removal of Unnecessary So ware: Minimize poten al vulnerabili es by reducing the a ack surface.
Overall, these mi ga on techniques aim to minimize risks, reduce the a ack surface, detect malicious ac vi es, and respond to incidents in a mely manner. When combined and properly implemented, they provide a robust defense against a wide range of security threats.
w w w.t i a e d u . c o m
24
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
3.1 Compare and contrast security implica ons of different architecture models. When choosing an architecture model, security is a primary concern. Different architecture models have different security implica ons, and understanding these implica ons can guide decision‐making. Here's a comparison and contrast of various architecture and infrastructure concepts: 1. Cloud:
Implica ons: Shared responsibility; cloud providers handle infrastructure, but user data management is typically the user's responsibility.
Responsibility Matrix: Outlines who is responsible for what in a cloud environment.
Hybrid Considera ons: Merging on‐premises and cloud can complicate security.
Third‐party Vendors: More vendors can increase risk but may also distribute responsibility.
2. Infrastructure as Code (IaC):
Implica ons: Automa on can speed deployment but can also propagate errors or vulnerabili es quickly.
3. Serverless:
Implica ons: Reduced infrastructure overhead but increased reliance on third‐party services.
4. Microservices:
Implica ons: Isola on of services can limit breach scope, but increased inter‐service communica on can introduce new vulnerabili es.
5. Network Infrastructure:
Implica ons: Design and segmenta on can greatly impact security posture.
Physical Isola on (Air‐gapped): No external network connec ons, reducing external threats.
Logical Segmenta on: Isolate parts of the network to contain breaches.
So ware‐defined Networking (SDN): Greater flexibility but poten al for misconfigura ons.
6. On‐premises:
Implica ons: Full control over infrastructure but also full responsibility for all aspects of security.
7. Centralized vs. Decentralized:
w w w.t i a e d u . c o m
25
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Implica ons: Centralized offers a single control point but can be a single point of failure. Decentralized distributes risk but can be harder to manage.
8. Containeriza on:
Implica ons: Lightweight, isolated environments but poten al for container vulnerabili es.
9. Virtualiza on:
Implica ons: Efficient resource use and isola on, but hypervisor vulnerabili es can impact mul ple virtual machines.
10. IoT:
Implica ons: Expanded a ack surface with many devices, o en with limited security features.
11. ICS/SCADA:
Implica ons: Cri cal infrastructure with poten al for physical harm if breached.
12. RTOS:
Implica ons: Time‐sensi ve opera ons can make patching or down me difficult.
13. Embedded Systems:
Implica ons: O en lack sophis cated security features and may be difficult to update.
14. High Availability:
Implica ons: Infrastructure resilience but requires synchroniza on and poten al for replica on of vulnerabili es.
Considera ons when evalua ng these models:
Availability: Can it be accessed when needed?
Resilience: Can it recover from a acks or failures?
Cost: What are the financial implica ons?
Responsiveness: How quickly can it adapt or respond?
Scalability: Can it handle growth?
Ease of Deployment: How simple is it to roll out?
Risk Transference: Can risks be shi ed elsewhere (e.g., to cloud providers)?
Ease of Recovery: How simple is it to recover a er an incident?
Patch Availability: Can security updates be applied regularly?
w w w.t i a e d u . c o m
26
CompTIA Security+ 701 Last Minute Guide
Inability to Patch: Are there constraints preven ng regular updates?
Power: Does it meet processing needs?
Compute: Can it handle the computa onal load?
Andrew Ramdayal
Each model offers different benefits and drawbacks in these considera ons. Choosing an architecture should balance business needs with the associated security risks and implica ons.
w w w.t i a e d u . c o m
27
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
3.2 Given a scenario, apply security principles to secure enterprise infrastructure. Securing an enterprise infrastructure requires a thorough understanding of security principles and how they apply to different infrastructure components. Given a scenario, the applica on of these principles would be influenced by the specific requirements and constraints of that scenario. Here's a general approach to applying security principles to various infrastructure considera ons: 1. Infrastructure Considera ons:
Device Placement: Place cri cal devices in secure, monitored loca ons, away from public access.
Security Zones: Create demilitarized zones (DMZs) for public‐facing services and segregate them from internal networks.
A ack Surface: Minimize unnecessary services, ports, and so ware to reduce the number of poten al entry points for a ackers.
Connec vity: Ensure secure connec ons, especially for devices that handle sensi ve informa on.
Failure Modes:
Fail‐open: Default to allowing traffic when a security device fails. Used where availability is crucial.
Fail‐closed: Default to blocking traffic when a security device fails. Used where security is paramount.
Device A ribute:
Ac ve vs. Passive: Ac ve devices intervene in the traffic (e.g., firewalls), while passive devices just monitor (e.g., IDS).
Inline vs. Tap/Monitor: Inline devices are part of the traffic flow and can block malicious ac vity, whereas tap/monitor devices observe traffic without direct interac on.
Network Appliances:
Jump Server: A secure, intermediate host that manages access to another host in a network.
Proxy Server: Filters and monitors web requests.
IPS/IDS: Monitors and/or blocks malicious network ac vi es.
Load Balancer: Distributes incoming network traffic across mul ple servers.
Port Security:
802.1X: Network access control using EAP over Ethernet.
w w w.t i a e d u . c o m
28
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
EAP: An authen ca on framework frequently used in wireless networks.
Firewall Types:
WAF: Protects web applica ons by inspec ng HTTP/HTTPS traffic.
UTM: Mul ‐purpose firewall with addi onal security features.
NGFW: Deep‐packet inspec on firewall that goes beyond port and protocol to look at applica on level commands.
Layer 4/Layer 7: Differen ates between simple packet filtering (L4) and applica on‐layer filtering (L7).
2. Secure Communica on/Access:
VPN: Encrypts connec ons from remote users to the enterprise network.
Remote Access: Allows users to access network resources from a remote loca on. Needs strong authen ca on and encryp on.
Tunneling:
TLS: Secure method for web traffic.
IPSec: Protocol suite for securing IP communica ons.
SD‐WAN: Enhances bandwidth, performance, and reliability of WAN connec ons.
SASE: Converges networking and network security into a cloud‐based service.
3. Selec on of Effec ve Controls:
Determine the most appropriate controls based on risk assessments. Ensure they address iden fied risks while considering the balance between security, usability, and cost. Deploy a mul ‐layered (defense‐in‐depth) approach, meaning that even if one control fails, another will s ll protect the assets.
In applying these principles to a given scenario, it's essen al to consider the specific business needs, regulatory requirements, and risk tolerance of the enterprise.
w w w.t i a e d u . c o m
29
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
3.3 Compare and contrast concepts and strategies to protect data. Data Types: 1. Regulated: Data subject to specific laws and regula ons (e.g., personal data under GDPR or health data under HIPAA). 2. Trade Secret: Business‐specific data that gives a compe process).
ve edge (e.g., a unique manufacturing
3. Intellectual Property: Crea ons of the mind like inven ons, symbols, and designs. 4. Legal Informa on: Contracts, court documents, and other law‐related documents. 5. Financial Informa on: Banking details, transac on records, etc. 6. Human‐readable vs. Non‐human readable: The difference is self‐explanatory; the former can be interpreted directly by humans (like text files), while the la er o en requires some form of transla on or decoding (like binary files). Data Classifica ons: 1. Sensi ve: Data that, when disclosed, might cause harm (e.g., personally iden fiable informa on). 2. Confiden al: Restricted to certain individuals or groups. 3. Public: Available to everyone and has no confiden ality requirements. 4. Restricted: Has very limited access due to regulatory, legal, or ethical reasons. 5. Private: Personal data that's not necessarily sensi ve but is private to individuals. 6. Cri cal: Data essen al for an organiza on's opera on, and its loss might lead to severe damage or disrup on. General Data Considera ons: 1. Data States:
Data at rest: Stored data, such as files on a hard drive.
Data in transit: Data being transferred between systems or over the internet.
Data in use: Ac vely being processed or accessed.
2. Data Sovereignty: Refers to digital data being subject to the laws of the country in which it's located. 3. Geoloca on: Physical loca on of data, which can affect data sovereignty and regulatory obliga ons. Methods to Secure Data:
w w w.t i a e d u . c o m
30
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1. Geographic Restric ons: Limi ng where data can be stored or transferred based on geographical boundaries. 2. Encryp on: Conver ng data into a code to prevent unauthorized access. 3. Hashing: Using algorithms to convert data into fixed‐length values; o en used for password storage. 4. Masking: Replacing actual data with modified content (e.g., displaying only the last four digits of a credit card number). 5. Tokeniza on: Replacing sensi ve data with non‐sensi ve subs tute, called a token. 6. Obfusca on: Deliberate act of crea ng source or machine code that's difficult for humans to understand. 7. Segmenta on: Dividing network into segments to improve performance and security. 8. Permission Restric ons: Defining who can access data and what they can do with it. In summary, protec ng data in today's digital landscape is a complex task. It requires understanding the type of data you handle, its classifica on, the various states in which it exists, and then applying the most appropriate security methods. By tailoring security measures based on data classifica on and the data's nature, organiza ons can ensure they are op mally protec ng their valuable informa on assets.
w w w.t i a e d u . c o m
31
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
3.4 Explain the importance of resilience and recovery in security architecture. Resilience and recovery are vital components of any security architecture because they ensure that systems can withstand and recover from adverse events, such as cybera acks, system failures, or natural disasters. Let's explore the importance of these concepts in the context of the provided points: High Availability: Ensures that systems are always opera onal, thereby minimizing down me and poten al revenue loss.
Load balancing vs. clustering:
Load balancing: Distributes incoming network traffic across mul ple servers to prevent any single server from ge ng overloaded, ensuring op mal resource u liza on.
Clustering: Links mul ple servers together. If one fails, the others can take over its workload. This ensures con nuous system availability.
Site Considera ons: The loca on and type of backup or secondary sites play a cri cal role in recovery.
Hot: Fully equipped and constantly mirrored site ready to take over in case of primary site failure.
Cold: Basic infrastructure without current data. Longer recovery me.
Warm: A middle ground between hot and cold; has essen al hardware and up‐to‐date data but may require some me to become fully opera onal.
Geographic dispersion: Mul ple sites spread out geographically to avoid localized disasters impac ng all sites simultaneously.
Pla orm Diversity: Using different pla orms or technologies reduces the risk of a single vulnerability or issue compromising the en re system. Mul ‐cloud Systems: Using mul ple cloud providers for redundancy ensures that if one provider faces an outage or issue, the system can s ll operate using the other providers. Con nuity of Opera ons: Ensures that cri cal opera ons can con nue even during adverse situa ons. Capacity Planning:
People: Ensuring enough staff are trained and available.
Technology: Having sufficient and scalable technology resources.
w w w.t i a e d u . c o m
32
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Infrastructure: Ensuring the physical and network infrastructure can support recovery opera ons.
Tes ng: Regularly tes ng resilience and recovery strategies ensures they work when needed.
Tabletop exercises: Role‐playing scenarios to understand response strategies.
Failover: Tes ng automa c transi on to backup systems.
Simula on: Mimicking real‐world adversi es to test systems.
Parallel processing: Running primary and backup systems simultaneously to verify matching outputs.
Backups: Essen al for data recovery.
Onsite/offsite: Local backups for quick recovery and offsite backups for protec on against site‐ specific issues.
Frequency: How o en backups are taken.
Encryp on: Protec ng backup data from unauthorized access.
Snapshots: Capturing the system's state at a par cular me.
Recovery: Restoring data from backups.
Replica on: Copying data in real‐ me to ensure up‐to‐date backups.
Journaling: Keeping track of changes, allowing restora on to a specific point in me.
Power: Ensuring power availability even during outages.
Generators: Provide power during extended outages.
Uninterrup ble power supply (UPS): Provides immediate power during short‐term outages or un l generators can take over.
In conclusion, resilience ensures that systems remain opera onal or minimize down me during adverse events, while recovery focuses on restoring systems to their normal state a er an event. Together, they form a founda onal principle for any security architecture, ensuring business con nuity and trust in the system's reliability.
w w w.t i a e d u . c o m
33
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.1 Given a scenario, apply common security techniques to compu ng resources. When it comes to applying common security techniques to various compu ng resources, the focus is on protec ng data, preven ng unauthorized access, and ensuring the integrity and availability of systems. Let's break down how to apply these techniques given the men oned scenarios: Secure Baselines: These are standard configura ons for systems that define the desired security posture.
Establish: Determine the necessary security se ngs for systems or applica ons.
Deploy: Implement these se ngs across the appropriate resources.
Maintain: Regularly review and update baselines to align with evolving threats and security best prac ces.
Hardening Targets: This involves reinforcing systems to reduce vulnerabili es.
Mobile devices: Use encryp on, biometric locks, and enforce automa c lock policies.
Worksta ons: Deploy an virus, disable unnecessary services, and apply patches regularly.
Switches/Routers: Change default creden als, disable unused ports, and use secure management protocols.
Cloud infrastructure: Use iden ty and access management (IAM), encrypt data at rest and in transit, and implement network security groups.
Servers: Limit open ports, use intrusion detec on/preven on systems, and regularly patch.
ICS/SCADA & Embedded systems: Isolate them from regular networks, regularly update firmware, and use firewalls.
RTOS & IoT devices: Change default creden als, regularly update firmware, and disable unnecessary services.
Wireless Devices:
Installa on considera ons:
Site surveys: Examine the environment to determine op mal placement of devices.
Heat maps: Visual representa on of wireless signal strength across an area.
Mobile Solu ons:
MDM: So ware used to manage and secure employees' mobile devices.
Deployment models:
w w w.t i a e d u . c o m
34
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
BYOD: Employees use their devices for work.
COPE: Company provides devices that employees can use for personal ac vi es.
CYOD: Employees choose a device from a company‐approved list.
Connec on methods: Ensure connec ons are secure, whether it's cellular, Wi‐Fi, or Bluetooth.
Wireless Security Se ngs:
WPA3: A newer and more secure protocol for Wi‐Fi network security.
AAA/RADIUS: Used for authen ca ng, authorizing, and accoun ng for network users.
Cryptographic protocols: Encrypt the data being transmi ed (e.g., TLS).
Authen ca on protocols: Confirm the iden ty of users or devices trying to access the network.
Applica on Security: This is to ensure applica ons are free from vulnerabili es that can be exploited.
Input valida on: Ensure that input data is valid, accurate, and safe.
Secure cookies: Use flags like H pOnly and Secure to protect cookies.
Sta c code analysis: Examine applica on source code for vulnerabili es without execu ng it.
Code signing: Use digital signatures to verify the integrity of so ware.
Sandboxing: Isolate applica ons or processes in a restricted environment to prevent poten al harm from spreading. Monitoring: Ac vely watch systems, networks, and applica ons for signs of anomalies, intrusions, or failures. In a given scenario, based on the nature of the threat or the resources involved, you would deploy one or more of these techniques to ensure the security of your compu ng resources. It's also worth no ng that security is an ongoing process; as new threats emerge, it's important to reassess and adapt your security stance accordingly.
w w w.t i a e d u . c o m
35
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.2 Explain the security implica ons of proper hardware, so ware, and data asset management. Proper hardware, so ware, and data asset management plays a pivotal role in maintaining a secure environment for organiza ons. Each phase of an asset's life cycle, from acquisi on to disposal, introduces different security considera ons. Let's break down the security implica ons for each stage: Acquisi on/Procurement Process:
Vendor Trustworthiness: Ensuring that you're purchasing from reputable vendors can help avoid counterfeit or compromised equipment or so ware.
Secure Defaults: Equipment or so ware should have default se ngs that priori ze security.
Licensing: Ensuring so ware is legi mately licensed can prevent legal issues and poten al exposure to vulnerabili es or malware found in pirated versions.
Assignment/Accoun ng:
Ownership: Assigning a specific owner or responsible person for each asset ensures accountability. It helps in tracking who's responsible for updates, patches, and the overall security of the asset.
Classifica on: By classifying data and assets according to their sensi vity (e.g., confiden al, public, private), organiza ons can apply appropriate security controls based on the classifica on.
Monitoring/Asset Tracking:
Inventory: Maintaining a current inventory of all assets ensures that all items are accounted for and that unauthorized devices are not connected to the network.
Enumera on: Regularly enumera ng assets can help in iden fying poten al vulnerabili es. Knowing what is on your network is the first step in securing it.
Disposal/Decommissioning:
Sani za on: Before disposing of or repurposing assets, it's crucial to ensure that all data is securely wiped. This prevents poten al data leaks or unauthorized access to le over informa on.
Destruc on: In certain cases, especially for highly sensi ve data, physical destruc on of storage devices (e.g., shredding hard drives) might be necessary.
Cer fica on: Cer ficates of destruc on or sani za on are proofs that assets have been securely disposed of. This can be essen al for compliance reasons.
Data Reten on: It's important to retain data only for as long as it's needed. Old, unneeded data poses a liability. Having a data reten on policy ensures that data is systema cally destroyed a er it's no longer needed.
Overall Implica ons:
w w w.t i a e d u . c o m
36
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
1. Regulatory and Compliance: Many industries have regula ons that mandate specific standards for asset management. Non‐compliance can result in penal es. 2. Financial Impacts: Proper asset management can lead to cost savings by avoiding unnecessary purchases and fines from so ware licensing viola ons. 3. Opera onal Efficiency: An updated inventory can speed up troubleshoo ng, maintenance, and upgrade processes. 4. Security: Properly managed assets reduce the risk of breaches, unauthorized access, and data leaks. 5. Reputa on: Data breaches, especially involving sensi ve customer data, can severely harm an organiza on's reputa on. In conclusion, an effec ve asset management strategy that takes into considera on the security implica ons at every phase is not just a best prac ce—it's essen al for any organiza on that wishes to safeguard its opera ons, reputa on, and bo om line.
w w w.t i a e d u . c o m
37
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.3 Explain various ac vi es associated with vulnerability management. Vulnerability management is a cri cal aspect of any cybersecurity program. It involves iden fying, evalua ng, trea ng, and repor ng on security vulnerabili es in systems and the so ware that runs on them. Let's delve deeper into the various ac vi es associated with vulnerability management: 1. Iden fica on Methods:
Vulnerability Scan: Automated tools scan systems for known vulnerabili es.
Applica on Security:
Sta c Analysis: Evaluates applica on code without execu ng it to find vulnerabili es.
Dynamic Analysis: Evaluates running applica ons to iden fy vulnerabili es that may only be apparent during execu on.
Package Monitoring: Checks for vulnerabili es in so ware packages or libraries used in an applica on.
Threat Feed:
Open‐source Intelligence (OSINT): Gathering data from publicly available sources to iden fy vulnerabili es or threats.
Proprietary/Third‐party: Subscrip on‐based threat intelligence feeds.
Informa on‐sharing Organiza on: Collabora ve groups sharing vulnerability informa on.
Dark Web: Monitoring underground online spaces where vulnerabili es might be discussed or sold.
Penetra on Tes ng: Simulated cyber a acks against a system to uncover vulnerabili es.
Responsible Disclosure Program:
Bug Bounty Program: A program where individuals receive recogni on and compensa on for repor ng bugs.
System/Process Audit: Reviewing systems and processes to iden fy security gaps or vulnerabili es.
2. Analysis:
Confirma on:
False Posi ve: An event that is flagged as a threat but isn't.
False Nega ve: An event that isn't flagged as a threat but is.
Priori ze: Determine which vulnerabili es to address first based on poten al impact and exploitability.
w w w.t i a e d u . c o m
38
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Common Vulnerability Scoring System (CVSS): A framework for ra ng the severity of security vulnerabili es.
Common Vulnerability Enumera on (CVE): A list of publicly disclosed computer security flaws.
Vulnerability Classifica on: Categorizing vulnerabili es based on their nature.
Exposure Factor: How much of the system's informa on might be exposed if a vulnerability is exploited.
Environmental Variables: How external factors can affect the impact of a vulnerability.
Industry/Organiza onal Impact: How a vulnerability might specifically impact a certain industry or organiza on.
Risk Tolerance: The level of risk an organiza on is willing to accept.
3. Vulnerability Response and Remedia on:
Patching: Applying updates that fix the vulnerability.
Insurance: Transferring some of the financial risks associated with vulnerabili es.
Segmenta on: Isola ng systems to contain poten al breaches.
Compensa ng Controls: Implemen ng other security measures when it's not feasible to eliminate a vulnerability.
Excep ons and Exemp ons: Deciding not to address a vulnerability because of business needs or other reasons.
4. Valida on of Remedia on:
Rescanning: Re‐evalua ng systems to ensure vulnerabili es have been addressed.
Audit: A third‐party review to ensure vulnerabili es have been effec vely treated.
Verifica on: Checking to ensure that the vulnerability has been effec vely addressed.
5. Repor ng: Regularly upda ng stakeholders about the vulnerability management process, findings, and ac ons taken. In essence, vulnerability management is a con nuous loop of iden fying vulnerabili es, analyzing their poten al impact, taking steps to mi gate or resolve them, and then verifying that those steps were effec ve. Regular repor ng ensures that all stakeholders remain informed and can make appropriate decisions.
w w w.t i a e d u . c o m
39
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.4 Explain security aler ng and monitoring concepts and tools. Security aler ng and monitoring are vital components of a comprehensive cybersecurity strategy. They enable organiza ons to detect, respond to, and mi gate threats in real‐ me or near‐real‐ me. Let's break down the concepts and tools associated with these ac vi es: Monitoring Compu ng Resources:
Systems: Monitoring opera ng systems and underlying server hardware for signs of intrusion, failure, or misuse.
Applica ons: Monitoring so ware applica ons to detect vulnerabili es, unauthorized access, or abnormal behaviors.
Infrastructure: Monitoring network devices, firewalls, routers, switches, and other infrastructure components to detect anomalies.
Ac vi es:
Log Aggrega on: The collec on of log files from various sources into a centralized pla orm, facilita ng easier analysis and correla on of data.
Aler ng: No fica ons sent out when a par cular event or a set of events occur, usually indica ng poten al security incidents.
Scanning: Proac vely checking systems, applica ons, and networks for vulnerabili es or misconfigura ons.
Repor ng: Genera ng summaries or detailed informa on on monitoring outputs, o en used for compliance, inves ga ons, or audits.
Archiving: Storing logs and monitoring data for extended periods, o en for compliance or forensic reasons.
Alert Response and Remedia on/Valida on:
Quaran ne: Isola ng a poten ally compromised system or network to prevent the spread of malicious ac vity.
Alert Tuning: Adjus ng alert parameters to reduce false posi ves and be er capture genuine threats.
Tools:
Security Content Automa on Protocol (SCAP): A suite of specifica ons that standardize the format and nomenclature by which so ware flaw and security configura on informa on are communicated, both to machines and humans.
Benchmarks: Standardized sets of configura ons for systems and applica ons that increase security levels.
w w w.t i a e d u . c o m
40
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Agents/Agentless: Monitoring can be done with so ware agents installed on the target (agent‐ based) or without installing anything on the target (agentless).
Security Informa on and Event Management (SIEM): Systems that provide real‐ me analysis of security alerts generated by applica ons and network hardware. Examples include Splunk, ArcSight, and LogRhythm.
An virus: So ware designed to detect, stop, and remove malware from computer systems.
Data Loss Preven on (DLP): Tools designed to detect poten al data breaches or exfiltra on transmissions and prevent them by monitoring, detec ng, and blocking sensi ve data while in use, in mo on, and at rest.
Simple Network Management Protocol (SNMP) Traps: Alerts sent from a managed device to no fy a management system of a significant event.
NetFlow: A network protocol used for collec ng IP traffic informa on and monitoring network traffic.
Vulnerability Scanners: Tools that check systems, applica ons, and networks for security vulnerabili es. Examples include Nessus, Qualys, and OpenVAS.
In summary, security aler ng and monitoring involve a mix of prac ces, procedures, and tools to ensure that compu ng resources remain secure and that threats are detected and responded to promptly. The combina on of effec ve monitoring of resources, mely ac vi es to address alerts, and the right tools can significantly enhance an organiza on's security posture.
w w w.t i a e d u . c o m
41
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.5 Given a scenario, modify enterprise capabili es to enhance security. In various scenarios, organiza ons might need to modify their exis ng enterprise capabili es to bolster security. This could be due to the changing nature of threats, adop on of new technologies, or to meet compliance requirements. Let's dive into how you might modify each capability to enhance security: Firewall:
Rules: Regularly review and update to ensure they reflect current organiza onal needs.
Access Lists: Restrict access to necessary IPs or IP ranges.
Ports/Protocols: Limit open ports to only those necessary for business func ons.
Screened Subnets: Use DMZs to isolate public‐facing applica ons from internal networks.
IDS/IPS:
Trends: Stay updated with evolving threat pa erns and adjust detec on mechanisms accordingly.
Signatures: Regularly update to catch the latest known threats.
Web Filter:
Agent‐based: Use endpoint agents to enforce web filtering policies.
Centralized Proxy: Route traffic through a central proxy to monitor and control web access.
URL Scanning: Scan URLs for malicious content.
Content Categoriza on: Classify websites by content type and restrict access accordingly.
Block Rules: Proac vely block known malicious sites.
Reputa on: U lize reputa on‐based systems to block sites with poor security scores.
Opera ng System Security:
Group Policy: Implement and enforce group policies to standardize security se ngs across Windows devices.
SELinux: Use Security‐Enhanced Linux for finer‐grained access controls in Linux environments.
Implementa on of Secure Protocols:
Protocol Selec on: Opt for secure protocols like HTTPS over HTTP.
Port Selec on: Use standardized secure ports.
Transport Method: Use encrypted transport methods such as TLS.
DNS Filtering:
Use services that block access to domains known to host malware or phishing sites.
w w w.t i a e d u . c o m
42
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Email Security:
DMARC: Helps to prevent email spoofing.
DKIM: Ensures the email was not altered in transit.
SPF: Verifies that incoming email comes from a trusted source.
Gateway: Implement email gateways to filter out malicious content.
File Integrity Monitoring:
Use tools to monitor and alert on unexpected changes to cri cal files.
DLP:
Implement Data Loss Preven on tools to monitor and prevent unauthorized data transfers.
Network Access Control (NAC):
Ensure only authen cated and compliant devices can access the network.
EDR/XDR:
Endpoint Detec on and Response (EDR): Monitor endpoints for signs of malicious ac vity.
Extended Detec on and Response (XDR): Enhance EDR capabili es by integra ng data from various sources.
User Behavior Analy cs:
Analyze user ac vity pa erns to detect anomalies that might indicate compromised accounts or insider threats.
In any scenario, the goal is to implement or adjust these capabili es in a way that best meets the organiza on's security objec ves while balancing user experience, business needs, and budgetary constraints. The most effec ve security postures involve a layered approach, where mul ple defenses work together to deter, detect, and respond to threats.
w w w.t i a e d u . c o m
43
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.6 Given a scenario, implement and maintain iden ty and access management. Certainly, implemen ng and maintaining iden ty and access management (IAM) is crucial for any organiza on aiming to ensure appropriate access to its resources. Here's how you might address the concepts you listed in a given scenario: 1. Provisioning/de‐provisioning user accounts:
Scenario: An employee joins or leaves the company.
Ac on: Create (provision) or remove (de‐provision) their user account, ensuring access is given or removed promptly to protect resources.
2. Permission assignments and implica ons:
Scenario: A developer needs access to a produc on server.
Ac on: Assign read‐only permissions to ensure the integrity of live data, understanding the implica ons that write access could have on business opera ons.
3. Iden ty proofing:
Scenario: A user wants to access a secure applica on.
Ac on: Before providing creden als, validate the iden ty using ques ons, biometric checks, or tokens.
4. Federa on:
Scenario: An organiza on uses mul ple cloud providers.
Ac on: Implement federated IAM, enabling users to log in once to access resources across all pla orms.
5. Single Sign‐On (SSO):
Scenario: A company uses several internal tools, each requiring login.
Ac on: Implement SSO using protocols like LDAP, OAuth, or SAML, allowing users to authen cate once to access mul ple services.
6. Interoperability:
Scenario: Partner organiza ons want shared access to a tool.
Ac on: Ensure IAM systems can communicate and recognize users from both organiza ons.
7. A esta on:
Scenario: Regular review of user permissions.
Ac on: Periodically verify and validate user permissions, ensuring they're appropriate and up‐to‐date.
w w w.t i a e d u . c o m
44
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
8. Access controls:
Scenario: Se ng up access for a new finance tool.
Ac on: Implement role‐based access control, with different roles (e.g., admin, viewer) defined. Apply me‐of‐day restric ons for remote users.
9. Mul factor authen ca on (MFA):
Scenario: Increased security for accessing sensi ve systems.
Ac on: Implement MFA. When a user logs in with a password (something they know), request biometric authen ca on (something they are) or a token from a security app (something they have).
10. Password concepts:
Scenario: Password policy setup.
Ac on: Enforce password best prac ces like minimum length and complexity. Promote the use of password managers and consider implemen ng passwordless systems for enhanced security.
11. Privileged access management tools:
Scenario: A sysadmin requires temporary access to a server.
Ac on: Use just‐in‐ me permissions that grant access for a limited me. Ensure any admin passwords used are vaulted and rotate them regularly. Provide ephemeral creden als that expire a er use.
In each scenario, the primary goal is to ensure that the right people have the appropriate level of access at the right mes, while also safeguarding company resources and data. Proper IAM prac ces can greatly reduce the risk of unauthorized access or breaches.
w w w.t i a e d u . c o m
45
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.7 Explain the importance of automa on and orchestra on related to secure opera ons. Automa on and orchestra on play a pivotal role in modern IT environments, especially in the context of security opera ons. Let's delve into their importance: Use Cases of Automa on and Scrip ng: 1. User Provisioning: Automated processes can swi ly onboard/o have access to the necessary resources.
oard employees, ensuring they
2. Resource Provisioning: Automate the provisioning of VMs, storage, or network resources based on workload needs. 3. Guard Rails: Automa cally set limits or boundaries to ensure opera ons remain within predefined standards or policies. 4. Security Groups: Auto‐configure network security groups based on predefined rules or in response to security events. 5. Ticket Crea on: Generate ckets in incident management systems when specific events or alerts are triggered. 6. Escala on: Automa cally escalate cri cal issues based on severity or if not addressed within a specific meframe. 7. Enabling/Disabling Services and Access: Automa cally grant or revoke access to services based on policy or in response to an event. 8. Con nuous Integra on and Tes ng: Ensure code is automa cally tested for vulnerabili es every me changes are made. 9. Integra ons and APIs: U lize APIs to facilitate communica on between disparate systems or pla orms, ensuring cohesive automated workflows. Benefits: 1. Efficiency/Time Saving: Automa on removes manual, repe
ve tasks, speeding up processes.
2. Enforcing Baselines: Ensure that systems adhere to security and opera onal baselines consistently. 3. Standard Infrastructure Configura ons: Automa on ensures that configura ons are uniform, reducing discrepancies that can lead to vulnerabili es. 4. Scaling in a Secure Manner: As the organiza on grows, automa on can help ensure security policies are uniformly applied. 5. Employee Reten on: Automa on can reduce the mundane tasks, allowing employees to focus on more complex and rewarding challenges. 6. Reac on Time: Automated processes can respond to threats or issues faster than manual interven ons.
w w w.t i a e d u . c o m
46
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
7. Workforce Mul plier: Automa on allows a small team to manage extensive infrastructures, effec vely mul plying their impact. Other Considera ons: 1. Complexity: While automa on can simplify many tasks, the setup and maintenance of automa on tools can introduce complexity. 2. Cost: There's o en an upfront cost in se ng up automa on, though this can o en be offset by long‐term savings. 3. Single Point of Failure: Over‐reliance on a par cular automa on process or tool can introduce a single point of failure into the system. 4. Technical Debt: Poorly implemented or ad‐hoc automa on can lead to technical debt, where future changes become harder due to past shortcuts or decisions. 5. Ongoing Supportability: As tools and pla orms evolve, automated scripts and processes may need updates or overhauls to stay effec ve. In conclusion, while automa on and orchestra on are vital for secure opera ons in today's fast‐paced IT environments, they need to be implemented though ully, with an understanding of both their benefits and poten al pi alls.
w w w.t i a e d u . c o m
47
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.8 Explain appropriate incident response ac vi es. Incident response is a structured approach detailing the processes to follow when a cybersecurity incident occurs. Here's a breakdown of appropriate incident response ac vi es: Process: 1. Prepara on:
Develop and maintain an incident response policy and plan.
Set up an Incident Response Team (IRT) with clearly defined roles and responsibili es.
Establish communica on guidelines and no fica on hierarchies.
Keep updated tools and resources for the response team.
2. Detec on:
Monitor system and network traffic.
Set up intrusion detec on and preven on systems.
Review logs and alerts regularly to detect abnormali es.
Use Security Informa on and Event Management (SIEM) systems to correlate events.
3. Analysis:
Determine the nature, scope, and magnitude of the incident.
Use digital forensic tools to analyze ar facts and raw data.
Assess the impact and poten al business harm.
4. Containment:
Short‐Term: Immediately act to stop the damage and prevent further harm.
Long‐Term: Modify and secure the environment to prevent the same incident from reoccurring.
5. Eradica on:
Remove the root cause of the incident.
Clean and sani ze affected systems.
6. Recovery:
Restore and validate system func onality.
Monitor for any signs of weaknesses that could be exploited again.
7. Lessons Learned:
w w w.t i a e d u . c o m
48
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Conduct a post‐incident retrospec ve.
Document findings and update the incident response plan accordingly.
Training:
Train the IRT regularly on current threats and a ack methods.
Update staff on security awareness and the importance of mely repor ng of suspicious ac vi es.
Tes ng: 1. Tabletop Exercise: A discussion‐based session where team members meet and discuss their roles during an incident and make decisions in response to a hypothe cal scenario. 2. Simula on: A prac ce run where an incident is simulated in a controlled environment to test the efficacy of the response plan. Root Cause Analysis:
Understand the underlying reasons an incident occurred to prevent its recurrence.
Threat Hun ng:
Proac vely search for signs of malicious ac vi es within your networks and systems that haven't yet triggered any alerts.
Digital Forensics: 1. Legal Hold: Ensuring data relevant to a legal case is preserved and not modified or deleted. 2. Chain of Custody: Document every step of evidence handling to ensure its integrity. 3. Acquisi on: Collec on of digital evidence from various sources. 4. Repor ng: Documen ng the findings of the forensic analysis. 5. Preserva on: Safeguarding evidence to ensure its authen city and integrity. 6. E‐discovery: Electronic discovery is the process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a legal case. In essence, effec ve incident response requires a coordinated and planned approach to manage the a ermath of a security breach or cybera ack, with the aim to handle the situa on in a way that limits damage and reduces recovery me and costs.
w w w.t i a e d u . c o m
49
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
4.9 Given a scenario, use data sources to support an inves ga on. When responding to security incidents or conduc ng an inves ga on, various data sources can be incredibly valuable. By understanding the content and context provided by each source, inves gators can piece together what happened, how it happened, and possibly who was involved. Let's explore how you can use these data sources in a given scenario: Scenario: Suspicious Traffic to an External IP Log Data: 1. Firewall logs:
Check for any connec ons made to the suspicious IP.
Iden fy the internal sources (systems or users) connec ng to it.
2. Applica on logs:
Determine if the suspicious IP is related to any legi mate applica on ac vity.
Look for any applica on errors or unauthorized access a empts.
3. Endpoint logs:
Check if any systems have reported malware detec ons or other security issues.
Review logs for evidence of suspicious so ware execu on or user ac vi es.
4. OS‐specific security logs:
Iden fy any suspicious or unauthorized ac ons like privilege escala on or a empts to disable security controls.
Windows event logs, for example, can highlight login ac vi es.
5. IPS/IDS logs:
Look for alerts related to the suspicious IP or indicators of known a ack pa erns.
Examine traffic pa erns for signs of data exfiltra on or malware command and control ac vity.
6. Network logs:
Examine traffic volume to and from the suspicious IP to gauge the extent of communica on.
Look for other unusual traffic pa erns or sources.
7. Metadata:
w w w.t i a e d u . c o m
50
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Delve into file metadata or communica on metadata to understand when, how, and possibly by whom certain ac ons were performed.
Data Sources: 1. Vulnerability scans:
Check if any of the systems communica ng with the suspicious IP have known vulnerabili es.
Helps in understanding if the a acker might have exploited a specific vulnerability.
2. Automated reports:
Review any automated security or ac vity reports generated during the me of suspicion. These might highlight anomalies or policy viola ons.
3. Dashboards:
Security dashboards o en provide a summarized view of the security posture and events. This can provide a quick overview of any alerts, notable events, or metrics that stand out.
4. Packet captures:
Examine the raw data packets sent to/from the suspicious IP.
Helps in understanding the nature of the data being transmi ed. For instance, you can iden fy if sensi ve data is being leaked, or if there are signs of a command and control server.
By correla ng informa on from these data sources, an inves gator can build a meline of events, iden fy affected systems, and determine the nature and scope of the incident. This informa on is crucial not only for understanding the current incident but also for improving defenses against future threats.
w w w.t i a e d u . c o m
51
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.1 Summarize elements of effec ve security governance. Effec ve security governance is crucial for any organiza on to protect its assets, maintain trust, and ensure the business runs smoothly. Governance provides a framework that aligns with the organiza on's objec ves and regulatory requirements. Here's a summary of the essen al elements of effec ve security governance: 1. Guidelines:
General recommenda ons and best prac ces that organiza ons can refer to, usually more flexible than standards or policies.
2. Policies:
Acceptable Use Policy (AUP): Details the permi ed and prohibited ac vi es for users on the organiza on's systems.
Informa on Security Policies: Guidelines and rules set to protect the confiden ality, integrity, and availability of an organiza on's data.
Business Con nuity: Ensures the con nuous func oning of an organiza on's cri cal opera ons during a disrup on.
Disaster Recovery: Focuses on recovering the IT infrastructure a er adverse events.
Incident Response: Guidelines on how to respond to a security incident.
So ware Development Lifecycle (SDLC): Addresses security throughout the process of so ware development.
Change Management: Manages changes in a controlled manner.
3. Standards:
Define specific requirements, like:
Password Standards: Complexity, rota on, and storage requirements.
Access Control: Defining who can access what.
Physical Security: Securing physical assets and loca ons.
Encryp on: Ensuring data is ciphered to protect its confiden ality.
4. Procedures:
Step‐by‐step instruc ons for specific tasks.
For instance, the exact steps for onboarding a new employee or implemen ng a change in the IT environment.
5. External Considera ons:
Compliance with Regulatory mandates specific to industries, like healthcare or finance.
w w w.t i a e d u . c o m
52
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Legal obliga ons, such as data protec on or privacy laws.
Industry standards like PCI‐DSS for payment card data.
Local/Regional, Na onal, and Global considera ons for interna onal businesses or those with diverse geographic opera ons.
6. Monitoring and Revision:
Con nuous monitoring ensures governance documents remain up‐to‐date and relevant.
Regular revisions to account for changes in the business environment, technology, or risk landscape.
7. Types of Governance Structures:
Boards: Senior members responsible for strategic decisions.
Commi ees: O en focused on specific topics like IT or audit.
Government En
Centralized/Decentralized: Single point of decision‐making vs. distributed decision‐ making.
es: In case of public sector organiza ons.
8. Roles and Responsibili es for Systems and Data:
Owners: Those responsible for the data and its protec on.
Controllers: Determine how and why personal data is processed.
Processors: Process personal data on behalf of the controller.
Custodians/Stewards: Responsible for the safe custody, transport, and storage of the data.
Effec ve governance is not just about crea ng these documents but ensuring they're lived by. It requires leadership commitment, clear communica on, regular training, and a culture of security awareness.
w w w.t i a e d u . c o m
53
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.2 Explain elements of the risk management process. The risk management process is a systema c approach to iden fying, assessing, and addressing the risks faced by an organiza on. Here's a comprehensive breakdown of the key elements of the risk management process: 1. Risk Iden fica on:
The ini al step where poten al threats, vulnerabili es, and risks are iden fied.
2. Risk Assessment:
Ad hoc: Conducted as needed based on specific incidents or changes.
Recurring: Done at regular intervals, like annually or quarterly.
One‐ me: Conducted for a specific event or project.
Con nuous: Ongoing assessment integra ng real‐ me data feeds or frequent updates.
3. Risk Analysis:
Qualita ve: Uses subjec ve judgment to priori ze risks based on their severity and impact.
Quan ta ve: Uses numerical values to assess risks, o en to determine the poten al financial impact.
Single Loss Expectancy (SLE): The monetary loss expected from a single risk event.
Annualized Rate of Occurrence (ARO): The expected frequency of a risk occurring within a year.
Annualized Loss Expectancy (ALE): The expected annual loss from a risk (SLE x ARO).
Probability: Chance of a risk event occurring.
Likelihood: O en a qualita ve measure of the chance of occurrence.
Exposure Factor: Percentage of loss a specific asset would undergo if a specific threat occurs.
Impact: The effect on the organiza on if the risk is realized.
4. Risk Register:
A centralized database containing details of all iden fied risks.
Key Risk Indicators: Metrics or measures used to gauge the level of risks.
Risk Owners: Individuals responsible for managing each risk.
w w w.t i a e d u . c o m
54
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Risk Threshold: The level of risk the organiza on is willing to accept before taking ac on.
5. Risk Tolerance:
The level of risk an organiza on is willing to accept, considering its objec ves and opera ons.
6. Risk Appe te:
Expansionary: Willing to take more risks to achieve growth.
Conserva ve: Prefers to take fewer risks.
Neutral: Neither risk‐seeking nor risk‐averse.
7. Risk Management Strategies:
Transfer: Shi the risk to a third party, like insurance.
Accept: Acknowledge and decide to bear the risk. This can include:
Exemp on: A formal process where a risk that exceeds the threshold is accepted for specific reasons.
Excep on: A situa on where a standard security control is not applied due to some specific condi ons.
Avoid: Take ac ons to prevent the risk from occurring.
Mi gate: Implement controls to reduce the impact or likelihood of the risk.
8. Risk Repor ng:
Keeping stakeholders informed about the risk profile, o en using dashboards, charts, and detailed reports.
9. Business Impact Analysis:
Understanding how different risks affect business opera ons.
Recovery Time Objec ve (RTO): The me within which a business process must be restored a er an incident.
Recovery Point Objec ve (RPO): The maximum acceptable amount of data loss expressed in me.
Mean Time to Repair (MTTR): The average me taken to repair a failed component or system.
Mean Time Between Failures (MTBF): The average me between system failures.
w w w.t i a e d u . c o m
55
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.3 Explain the processes associated with third‐party risk assessment and management. Third‐party risk assessment and management involves understanding and managing the risks associated with outsourcing services or procuring products from external organiza ons. Third‐party vendors can introduce risks due to their access to an organiza on's data, infrastructure, or other cri cal assets. Here's a breakdown of the processes involved: 1. Vendor Assessment:
Penetra on Tes ng: Evalua ng a vendor's security posture through simulated cybera acks to discover vulnerabili es.
Right‐to‐audit Clause: A s pula on in contracts allowing an organiza on to audit the vendor's opera ons and security, ensuring compliance with agreed‐upon standards.
Evidence of Internal Audits: Reques ng proof or results of a vendor's self‐conducted audits to verify internal controls and processes.
Independent Assessments: Relying on third‐party evalua ons or cer fica ons of the vendor's opera ons and security.
Supply Chain Analysis: Understanding and assessing the vendor's own third‐party rela onships, ensuring they don't introduce addi onal risks.
2. Vendor Selec on:
Due Diligence: Inves ga ng and understanding a vendor's financial stability, reputa on, history, and more before entering into an agreement.
Conflict of Interest: Ensuring that the vendor has no conflic ng business interests that might compromise the service's integrity.
3. Agreement Types:
Service‐level Agreement (SLA): Defines the level and quality of service expected from the vendor.
Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU): Documents outlining mutual understandings, goals, and responsibili es but might not be legally binding.
Master Service Agreement (MSA): Outlines general terms and condi ons for mul ple transac ons or agreements.
Work Order (WO)/Statement of Work (SOW): Specifies the par cular services a vendor will deliver in a specific instance.
Non‐disclosure Agreement (NDA): Binds the vendor to confiden ality, ensuring that organiza onal secrets or proprietary informa on isn't disclosed.
w w w.t i a e d u . c o m
56
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Business Partners Agreement (BPA): Defines the terms and condi ons between an organiza on and its business partner.
4. Vendor Monitoring:
Con nuous or periodic evalua on of a vendor's performance, security, and compliance with the terms of agreements.
5. Ques onnaires:
Structured forms or checklists used to gather informa on about a vendor's processes, controls, security measures, and more.
6. Rules of Engagement:
Specific guidelines defining how the organiza on and the vendor will interact, especially relevant during evalua ons, audits, or tests.
Managing third‐party risks is essen al because while you can outsource various opera ons or services, you cannot outsource responsibility. Ensuring that vendors adhere to security and performance standards is crucial for maintaining organiza onal integrity, compliance, and opera onal con nuity.
w w w.t i a e d u . c o m
57
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.4 Summarize elements of effec ve security compliance. Effec ve security compliance is paramount in safeguarding an organiza on's data, maintaining trust with customers and stakeholders, and ensuring adherence to various regulatory requirements. Here's a summary of the elements of effec ve security compliance: 1. Compliance Repor ng:
Internal: Repor ng within the organiza on to management, board of directors, or other internal bodies about the organiza on's compliance status.
External: Repor ng to external bodies, such as regulatory agencies or third‐party auditors, typically mandated by law or industry standards.
2. Consequences of Non‐compliance:
Fines: Monetary penal es imposed by regulatory bodies for viola ons.
Sanc ons: Restric ons or other puni ve ac ons, which could limit an organiza on's opera ons.
Reputa onal Damage: Nega ve public percep on can lead to loss of customers or partners and decreased stock value.
Loss of License: Regulatory bodies might revoke licenses, barring the organiza on from opera ng in specific domains or regions.
Contractual Impacts: Non‐compliance can lead to breaches of contracts with partners, customers, or other en es.
3. Compliance Monitoring:
Due Diligence/Care: Proac vely ensuring that all efforts are made to comply with regula ons and best prac ces.
A esta on and Acknowledgement: Formal declara ons, o en by senior management, confirming adherence to compliance requirements.
Internal and External: Regular internal checks and external audits or assessments to verify compliance.
Automa on: Using automated tools and so ware to monitor and enforce compliance con nuously.
4. Privacy:
Legal Implica ons: Varying privacy laws and regula ons depending on the region or country, such as GDPR in Europe or CCPA in California.
Local/Regional: Laws and regula ons at the municipal or state/provincial level.
Na onal: Country‐specific regula ons.
w w w.t i a e d u . c o m
58
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Global: Interna onal standards or agreements.
Data Subject: An individual whose personal data is being collected, processed, or stored.
Controller vs. Processor:
Controller: En ty that determines the purposes and means of processing personal data.
Processor: En ty that processes personal data on behalf of the controller.
Ownership: Determining who owns the data, o en the data subject in many regula ons, and ensuring that rights are respected.
Data Inventory and Reten on: Keeping a clear record of what data is held, where, and for how long.
Right to be Forgo en: An individual's right to have their data erased from an organiza on's records, a principle highlighted in GDPR.
Effec ve security compliance requires a combina on of proac ve measures, ongoing monitoring, and prompt response to any issues that arise. It ensures that an organiza on is not only adhering to regula ons but also maintaining trust with its stakeholders.
w w w.t i a e d u . c o m
59
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.5 Explain types and purposes of audits and assessments. Audits and assessments serve as a means to verify, validate, and ensure that systems, processes, and prac ces within an organiza on adhere to required standards, best prac ces, and regulatory requirements. Understanding the types and purposes of these audits and assessments is essen al to maintain security and compliance. 1. A esta on:
A formal declara on, o en by management or a third party, that certain condi ons or requirements have been met. Typically, it's a wri en confirma on of accuracy or authen city.
2. Internal:
Compliance: Evalua ons conducted within the organiza on to ensure that different departments and opera ons align with internal policies and external regulatory requirements.
Audit Commi ee: A group within the organiza on (o en part of the board of directors) that oversees the internal audit func on, financial repor ng, and regulatory compliance.
Self‐assessments: Evalua ons conducted by departments or teams to assess their own processes, risks, and compliance. O en less formal than other audits and used for internal improvement.
3. External:
Regulatory: Audits conducted by governmental or regulatory bodies to ensure that an organiza on is complying with relevant laws and regula ons.
Examina ons: Deep‐dive evalua ons o en associated with specific regula ons or standards.
Assessment: General evalua on by external en processes or systems.
Independent Third‐party Audit: An evalua on by an external organiza on that is not affiliated with the en ty being audited, ensuring impar ality and objec vity.
es to determine the state of certain
4. Penetra on Tes ng:
A cybersecurity prac ce where experts a empt to breach an organiza on's defenses (with permission) to iden fy vulnerabili es.
Physical: Tes ng focused on physical barriers and controls, such as locks, access badges, and surveillance.
Offensive: Proac ve approaches to iden fy and exploit vulnerabili es in systems or networks.
w w w.t i a e d u . c o m
60
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Defensive: Evaluates the effec veness of defensive measures in place by simula ng a acks.
Integrated: Combines mul ple methods and targets both physical and digital vulnerabili es.
Known Environment: Testers are given comprehensive informa on about the target environment.
Par ally Known Environment: Testers are given some, but not all, informa on about the target.
Unknown Environment: Testers are given no prior knowledge about the target systems or infrastructure.
Reconnaissance:
Passive: Gathering informa on without directly interac ng with the target system, e.g., open‐source intelligence.
Ac ve: Directly interac ng with the target to gather informa on, e.g., port scanning.
The purpose of these audits and assessments is mul faceted. They ensure compliance with regula ons, iden fy areas for improvement, validate security measures, and provide confidence to stakeholders that the organiza on operates securely and responsibly. Proper audits and assessments can prevent financial, legal, and reputa onal damage.
w w w.t i a e d u . c o m
61
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
5.6 Given a scenario, implement security awareness prac ces. Implemen ng security awareness prac ces involves a blend of training, monitoring, and mely response. In a hypothe cal scenario, let's assume a medium‐sized organiza on is frequently targeted by phishing a empts and wishes to bolster its defenses through security awareness. Scenario: Company ABC wants to improve its security posture through enhanced security awareness prac ces. 1. Phishing:
Campaigns:
Launch controlled phishing campaigns to test employee vigilance and readiness.
Use a variety of phishing email templates to mimic real‐world scenarios, from fake IT requests to sham invoices.
Recognizing a Phishing A empt:
Conduct training sessions and workshops to teach employees about the common signs of phishing: suspicious email addresses, misspellings, urgent requests, or unexpected a achments.
Responding to Reported Suspicious Messages:
Encourage employees to report suspicious emails.
Establish a protocol for IT/security teams to analyze and respond to these reports.
2. Anomalous Behavior Recogni on:
Risky: Provide examples of high‐risk behaviors, such as sharing passwords or accessing sensi ve data from public networks.
Unexpected: Train employees to recognize unexpected system behaviors, like sudden shutdowns or unauthorized so ware installa ons.
Uninten onal: Emphasize the consequences of mistakes, like accidentally emailing sensi ve informa on.
3. User Guidance and Training:
Policy/Handbooks: Regularly update and distribute security policy handbooks. Hold annual briefings to refresh these guidelines.
Situa onal Awareness: Host seminars on the latest threats and trends.
Insider Threat: Make employees aware that threats can come from within the company, not just external actors.
Password Management: Promote the use of strong passwords and password managers.
w w w.t i a e d u . c o m
62
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Removable Media and Cables: Advise against the use of unauthorized devices and cables to prevent hardware‐based a acks.
Social Engineering: Conduct workshops on recognizing and resis ng manipula on a empts.
Opera onal Security: Discuss best prac ces for maintaining daily security, such as logging off when not in use.
Hybrid/Remote Work Environments: Offer guidelines on secure remote work prac ces, like using VPNs.
4. Repor ng and Monitoring:
Ini al: Set up an ini al baseline of employee security awareness through tests and evalua ons.
Recurring: Regularly reassess and report on the current security awareness level, adjus ng training accordingly.
5. Development:
Develop a comprehensive security awareness program that adapts to new threats and challenges.
Ensure it’s itera ve and includes feedback from employees.
6. Execu on:
Deploy the program company‐wide, ensuring all employees, from top management to entry‐ level, undergo training.
Use a combina on of online modules, in‐person workshops, and hands‐on exercises.
In conclusion, for Company ABC, security awareness isn't a one‐ me ac vity but an ongoing process. It's crucial to adapt to evolving threats and ensure employees remain informed and vigilant.
w w w.t i a e d u . c o m
63
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
Acronyms List and Explana ons AAA (Authen ca on, Authoriza on, and Accoun ng): A framework for intelligently controlling access to computer resources, enforcing policies, audi ng usage, and providing the informa on necessary to bill for services. ACL (Access Control List): A table that tells a computer opera ng system which access rights each user has to a par cular system object, such as a file directory or individual file. AES (Advanced Encryp on Standard): A symmetric encryp on algorithm widely used across the globe to secure data. AES‐256 (Advanced Encryp on Standards 256‐bit): A version of the AES using a 256‐bit key size for encryp on, providing a higher level of security. AH (Authen ca on Header): A part of the IPsec protocol suite that provides authen ca on and integrity to the data. AI (Ar ficial Intelligence): The simula on of human intelligence processes by machines, especially computer systems. AIS (Automated Indicator Sharing): A system that allows the exchange of cyber threat indicators between the public and private sectors. ALE (Annualized Loss Expectancy): A risk management concept to es mate the monetary loss that can be expected for an asset due to a risk over a year. AP (Access Point): A networking hardware device that allows other Wi‐Fi devices to connect to a wired network. API (Applica on Programming Interface): A set of func ons and procedures allowing the crea on of applica ons that access the features or data of an opera ng system, applica on, or other services. APT (Advanced Persistent Threat): A prolonged and targeted cybera ack in which an intruder gains access to a network and remains undetected for an extended period. ARO (Annualized Rate of Occurrence): The expected frequency with which a specific event is likely to occur annually. ARP (Address Resolu on Protocol): A communica on protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. ASLR (Address Space Layout Randomiza on): A computer security technique involved in preven ng exploita on of memory corrup on vulnerabili es. ATT&CK (Adversarial Tac cs, Techniques, and Common Knowledge): A knowledge base maintained by MITRE for lis ng and explaining cyber adversary behavior.
w w w.t i a e d u . c o m
64
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
AUP (Acceptable Use Policy): A policy that sets out the rules and guidelines for the proper use of an organiza on's informa on technology. AV (An virus): So ware designed to detect and destroy computer viruses. BASH (Bourne Again Shell): A Unix shell and command language. BCP (Business Con nuity Planning): The process involved in crea ng a system of preven on and recovery from poten al threats to a company. BGP (Border Gateway Protocol): The protocol used to route informa on across the internet. BIA (Business Impact Analysis): A process that iden fies and evaluates the poten al effects of natural and man‐made events on business opera ons. BIOS (Basic Input/Output System): Firmware used to perform hardware ini aliza on during the boo ng process and to provide run me services for opera ng systems and programs. BPA (Business Partners Agreement): A contract between par es who have agreed to share resources to undertake a specific, mutually beneficial project. BPDU (Bridge Protocol Data Unit): A type of network message that is transmi ed by a local area network (LAN) bridge. BYOD (Bring Your Own Device): A policy that allows employees to bring personally owned devices to their workplace and use those devices to access company informa on and applica ons. CA (Cer ficate Authority): An en ty that issues digital cer ficates for use by other par es. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart): A type of challenge‐response test used in compu ng to determine whether the user is human. CAR (Correc ve Ac on Report): A report that outlines the correc ve ac ons necessary to rec fy a detected non‐conformance. CASB (Cloud Access Security Broker): On‐premises or cloud‐based security policy enforcement points placed between cloud service consumers and cloud service providers. CBC (Cipher Block Chaining): A mode of opera on for a block cipher that provides confiden ality but not message integrity. CCMP (Counter Mode/CBC‐MAC Protocol): An encryp on protocol used in Wi‐Fi networks. CCTV (Closed‐circuit Television): A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes. CERT (Computer Emergency Response Team): An expert group that handles computer security incidents. CFB (Cipher Feedback): A mode of opera on for a block cipher.
w w w.t i a e d u . c o m
65
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
CHAP (Challenge Handshake Authen ca on Protocol): A type of authen ca on protocol used primarily to authen cate a user or network host to an authen ca ng en ty. CIA (Confiden ality, Integrity, Availability): A model designed to guide policies for informa on security within an organiza on. CIO (Chief Informa on Officer): A job tle commonly given to the most senior execu ve in an enterprise responsible for the informa on technology and computer systems that support enterprise goals. CIRT (Computer Incident Response Team): A service organiza on that is contacted when a security breach or other computer‐related emergency occurs. CMS (Content Management System): So ware that helps users create, manage, and modify content on a website without the need for specialized technical knowledge. COOP (Con nuity of Opera on Planning): A process by government agencies to ensure that cri cal func ons con nue during a wide range of emergencies, including localized acts of nature, accidents, and technological or a ack‐related emergencies. COPE (Corporate Owned, Personally Enabled): A business strategy for managing mobile devices that allows employees to use corporate‐owned IT devices for personal use. CP (Con ngency Planning): A course of ac on designed to help an organiza on respond effec vely to a significant future event or situa on that may or may not happen. CRC (Cyclical Redundancy Check): An error‐detec ng code commonly used in digital networks and storage devices to detect accidental changes to raw data. CRL (Cer ficate Revoca on List): A list of digital cer ficates that have been revoked by the issuing cer ficate authority before their scheduled expira on date and should no longer be trusted. CSO (Chief Security Officer): A company execu ve responsible for the security of personnel, physical assets, and informa on in both physical and digital form. CSP (Cloud Service Provider): A company that offers some component of cloud compu ng – typically Infrastructure as a Service (IaaS), So ware as a Service (SaaS) or Pla orm as a Service (PaaS) – to other businesses or individuals. CSR (Cer ficate Signing Request): A message sent from an applicant to a cer ficate authority in order to apply for a digital iden ty cer ficate. CSRF (Cross‐site Request Forgery): A type of malicious exploit of a website where unauthorized commands are transmi ed from a user that the web applica on trusts. CSU (Channel Service Unit): A device used in digital data transmission for interfacing a digital data terminal with a digital transmission medium. CTM (Counter Mode): A mode of opera on in cryptography for block ciphers.
w w w.t i a e d u . c o m
66
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
CTO (Chief Technology Officer): An execu ve‐level posi on in a company or other en ty whose occupant is focused on scien fic and technological issues within an organiza on. CVE (Common Vulnerability Enumera on): A list of publicly disclosed cybersecurity vulnerabili es. CVSS (Common Vulnerability Scoring System): A free and open industry standard for assessing the severity of computer system security vulnerabili es. CYOD (Choose Your Own Device): A corporate policy that permits employees to choose which devices they use for work purposes. DAC (Discre onary Access Control): A type of access control defined by the Access Control List (ACL) where access rights are assigned to users by the system (or system's administrators). DBA (Database Administrator): A person who uses specialized so ware to store and organize data. DDoS (Distributed Denial of Service): A type of cyber‐a ack where mul ple compromised computer systems a ack a target, such as a server, website, or other network resource, and cause a denial of service for users of the targeted resource. DEP (Data Execu on Preven on): A security feature that can help prevent damage to your computer from viruses and other security threats. DES (Digital Encryp on Standard): A previously dominant algorithm for the encryp on of electronic data. DHCP (Dynamic Host Configura on Protocol): A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configura on parameters to each device on a network. DHE (Diffie‐Hellman Ephemeral): A method of securely exchanging cryptographic keys over a public channel. DKIM (DomainKeys Iden fied Mail): An email authen ca on method designed to detect forged sender addresses in emails. DLL (Dynamic Link Library): A feature of Windows and other opera ng systems that allows mul ple so ware programs to share the same func onality. DLP (Data Loss Preven on): A set of tools and processes used to ensure that sensi ve data is not lost, misused, or accessed by unauthorized users. DMARC (Domain Message Authen ca on Repor ng and Conformance): An email authen ca on protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. DNAT (Des na on Network Address Transla on): A technique for transparently changing the des na on IP address of an end route packet and performing the inverse func on for any replies. DNS (Domain Name System): The phonebook of the Internet, a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
w w w.t i a e d u . c o m
67
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
DoS (Denial of Service): A cyber‐a ack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrup ng services of a host connected to the Internet. DPO (Data Privacy Officer): A role within a company or organiza on responsible for ensuring that the company complies with data protec on laws. DRP (Disaster Recovery Plan): A structured approach with policies and procedures for responding to an unplanned incident and recovering cri cal systems. DSA (Digital Signature Algorithm): A standard for digital signatures. DSL (Digital Subscriber Line): A family of technologies that provide internet access by transmi ng digital data over the wires of a local telephone network. EAP (Extensible Authen ca on Protocol): An authen ca on framework frequently used in wireless networks and Point‐to‐Point connec ons. ECB (Electronic Code Book): A mode of opera on for a block cipher, with the characteris c that each possible block of plaintext has a defined corresponding ciphertext value. ECC (Ellip c Curve Cryptography): An approach to public‐key cryptography based on the algebraic structure of ellip c curves over finite fields. ECDHE (Ellip c Curve Diffie‐Hellman Ephemeral): A variant of the Diffie‐Hellman algorithm that uses ellip c curve cryptography. ECDSA (Ellip c Curve Digital Signature Algorithm): A cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their righ ul owners. EDR (Endpoint Detec on and Response): A cybersecurity technology that addresses the need for con nuous monitoring and response to advanced threats. EFS (Encrypted File System): A feature of some versions of Microso Windows that provides filesystem‐ level encryp on. ERP (Enterprise Resource Planning): Business process management so ware that allows an organiza on to use a system of integrated applica ons to manage the business and automate many back office func ons. ESN (Electronic Serial Number): A unique iden fica on number embedded by manufacturers on a microchip in wireless phones. ESP (Encapsulated Security Payload): A component of IPsec used for providing confiden ality, along with some authen ca on and integrity, to the data. FACL (File System Access Control List): A data structure, most o en associated with Microso Windows and NTFS, that controls access to files and folders. FDE (Full Disk Encryp on): Encryp on at the hardware level.
w w w.t i a e d u . c o m
68
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
FIM (File Integrity Management): A technology that monitors and reports changes in files, o en used in IT security. FPGA (Field Programmable Gate Array): An integrated circuit designed to be configured by a customer or a designer a er manufacturing – hence "field‐programmable". FRR (False Rejec on Rate): In biometric security systems, the measure of the likelihood that the biometric security system will incorrectly reject an access a empt by an authorized user. FTP (File Transfer Protocol): A standard network protocol used for the transfer of computer files between a client and server on a computer network. FTPS (Secured File Transfer Protocol): An extension of FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. GCM (Galois Counter Mode): A mode of opera on for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. GDPR (General Data Protec on Regula on): A regula on in EU law on data protec on and privacy in the European Union and the European Economic Area. GPG (Gnu Privacy Guard): A free so ware re‐implementa on of the OpenPGP standard as defined by RFC4880, which allows you to encrypt and sign your data and communica ons. GPO (Group Policy Object): A feature of Windows that provides centralized management and configura on of opera ng systems, applica ons, and users' se ngs in an Ac ve Directory environment. GPS (Global Posi oning System): A satellite‐based radionaviga on system owned by the United States government and operated by the United States Space Force. GPU (Graphics Processing Unit): A specialized electronic circuit designed to rapidly manipulate and alter memory to accelerate the crea on of images in a frame buffer intended for output to a display device. GRE (Generic Rou ng Encapsula on): A tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point‐to‐point links or point‐to‐ mul point links over an Internet Protocol network. HA (High Availability): Refers to systems that are durable and likely to operate con nuously without failure for a long me. HDD (Hard Disk Drive): A data storage device that uses magne c storage to store and retrieve digital informa on using one or more rigid rapidly rota ng disks coated with magne c material. HIDS (Host‐based Intrusion Detec on System): A system that monitors important opera ng system files. HIPS (Host‐based Intrusion Preven on System): An installed so ware package which monitors a single host for suspicious ac vity by analyzing events occurring within that host. HMAC (Hashed Message Authen ca on Code): A specific type of message authen ca on code involving a cryptographic hash func on and a secret cryptographic key.
w w w.t i a e d u . c o m
69
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
HOTP (HMAC‐based One‐ me Password): A one‐ me password algorithm based on hash‐based message authen ca on codes. HSM (Hardware Security Module): A physical compu ng device that safeguards and manages digital keys for strong authen ca on and provides cryptoprocessing. HTML (Hypertext Markup Language): The standard markup language for documents designed to be displayed in a web browser. HTTP (Hypertext Transfer Protocol): An applica on protocol for distributed, collabora ve, hypermedia informa on systems. HTTPS (Hypertext Transfer Protocol Secure): An extension of HTTP for secure communica on over a computer network, and is widely used on the Internet. HVAC (Hea ng, Ven la on, and Air Condi oning): Technology of indoor and vehicular environmental comfort. IaaS (Infrastructure as a Service): A form of cloud compu ng that provides virtualized compu ng resources over the internet. IaC (Infrastructure as Code): The process of managing and provisioning computer data centers through machine‐readable defini on files, rather than physical hardware configura on or interac ve configura on tools. IAM (Iden ty and Access Management): A framework of business processes, policies, and technologies that facilitates the management of electronic or digital iden es. ICMP (Internet Control Message Protocol): Used by network devices, including routers, to send error messages and opera onal informa on indica ng success or failure when communica ng with another IP address. ICS (Industrial Control Systems): A general term that encompasses several types of control systems and associated instrumenta on, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes. IDEA (Interna onal Data Encryp on Algorithm): A symmetric key block cipher. IDF (Intermediate Distribu on Frame): A cable rack that interconnects and manages the telecommunica ons wiring between an MDF and end‐user devices. IdP (Iden ty Provider): A system en ty that creates, maintains, and manages iden ty informa on for principals and provides principal authen ca on to other service providers within a federa on or distributed network. IDS (Intrusion Detec on System): A device or so ware applica on that monitors a network or systems for malicious ac vity or policy viola ons.
w w w.t i a e d u . c o m
70
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
IEEE (Ins tute of Electrical and Electronics Engineers): A professional associa on with its corporate office in New York City and its opera ons center in Piscataway, New Jersey, dedicated to advancing technology for the benefit of humanity. IKE (Internet Key Exchange): A protocol used in IPsec for establishing a Security Associa on (SA) and cryptographic keys in an IP network. IM (Instant Messaging): A type of online chat that offers real‐ me text transmission over the internet. IMAP (Internet Message Access Protocol): An internet standard protocol used by email clients to retrieve messages from a mail server over a TCP/IP connec on. IoC (Indicators of Compromise): Ar facts observed on a network or in an opera ng system that with high confidence indicate a computer intrusion. IoT (Internet of Things): The extension of Internet connec vity into physical devices and everyday objects. IP (Internet Protocol): The principal communica ons protocol in the Internet protocol suite for relaying datagrams across network boundaries. IPS (Intrusion Preven on System): A network security/threat preven on technology that examines network traffic flows to detect and prevent vulnerability exploits. IPSec (Internet Protocol Security): A secure network protocol suite that authen cates and encrypts the packets of data sent over an internet protocol network. IR (Incident Response): An organized approach to addressing and managing the a ermath of a security breach or cybera ack. IRC (Internet Relay Chat): An applica on layer protocol that facilitates communica on in the form of text. IRP (Incident Response Plan): A set of instruc ons to help IT staff detect, respond to, and recover from network security incidents. ISO (Interna onal Standards Organiza on): An independent, non‐governmental interna onal organiza on with a membership of 164 na onal standards bodies. ISP (Internet Service Provider): A company that provides subscribers with access to the Internet. ISSO (Informa on Systems Security Officer): A person responsible for ensuring the appropriate opera onal security posture is maintained for an informa on system. IV (Ini aliza on Vector): A fixed‐size input to a cryptographic primi ve that is typically required to be random or pseudorandom. KDC (Key Distribu on Center): Part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KEK (Key Encryp on Key): A key used to encrypt other keys.
w w w.t i a e d u . c o m
71
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
L2TP (Layer 2 Tunneling Protocol): A tunneling protocol used to support virtual private networks (VPNs). LAN (Local Area Network): A network that connects computers within a limited area such as a residence, school, laboratory, university campus or office building. LDAP (Lightweight Directory Access Protocol): An open, vendor‐neutral, industry standard applica on protocol for accessing and maintaining distributed directory informa on services over an Internet Protocol network. LEAP (Lightweight Extensible Authen ca on Protocol): A proprietary wireless LAN authen ca on method developed by Cisco Systems. MaaS (Monitoring as a Service): A type of cloud service that involves the use of remote monitoring tools to manage and monitor the infrastructure of a company. MAC (Mandatory Access Control): A type of access control in which the opera ng system constrains the ability of a subject or ini ator to access or generally perform some sort of opera on on an object or target. MAC (Media Access Control): A unique iden fier assigned to a network interface controller for use as a network address in communica ons within a network segment. MAC (Message Authen ca on Code): A short piece of informa on used to authen cate a message and to provide integrity and authen city assurances on the message. MAN (Metropolitan Area Network): A network that interconnects users with computer resources in a geographic area or region larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN). MBR (Master Boot Record): A special type of boot sector at the very beginning of par mass storage devices.
oned computer
MD5 (Message Digest 5): A widely used cryptographic hash func on that produces a 128‐bit (16‐byte) hash value. MDF (Main Distribu on Frame): A signal distribu on frame for connec ng equipment (inside plant) to cables and subscriber carrier equipment (outside plant). MDM (Mobile Device Management): A type of security so ware used by an IT department to monitor, manage, and secure employees' mobile devices that are deployed across mul ple mobile service providers and across mul ple mobile opera ng systems being used in the organiza on. MFA (Mul factor Authen ca on): An electronic authen ca on method in which a user is granted access to a website or applica on only a er successfully presen ng two or more pieces of evidence to an authen ca on mechanism.
w w w.t i a e d u . c o m
72
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
MFD (Mul func on Device): An office machine which incorporates the func onality of mul ple devices in one, so as to have a smaller footprint in a home or small business se ng. MFP (Mul func on Printer): A mul ‐func onal device that performs func ons like prin ng, scanning, and copying. ML (Machine Learning): A type of ar ficial intelligence that allows so ware applica ons to become more accurate at predic ng outcomes without being explicitly programmed to do so. MMS (Mul media Message Service): A standard way to send messages that include mul media content to and from a mobile phone over a cellular network. MOA (Memorandum of Agreement): A document wri en between par es to coopera vely work together on an agreed‐upon project or meet an agreed‐upon objec ve. MOU (Memorandum of Understanding): An agreement between two or more par es outlined in a formal document. MPLS (Mul ‐protocol Label Switching): A type of data‐carrying technique for high‐performance telecommunica ons networks. MSA (Master Service Agreement): A contract reached between par es, in which the par es agree to most of the terms that will govern future transac ons or future agreements. MSCHAP (Microso Challenge Handshake Authen ca on Protocol): A Microso proprietary version of the Challenge Handshake Authen ca on Protocol (CHAP) used by Windows NT. MSP (Managed Service Provider): A company that remotely manages a customer's IT infrastructure and/or end‐user systems, typically on a proac ve basis and under a subscrip on model. MSSP (Managed Security Service Provider): A type of IT service company that provides organiza ons with some amount of cybersecurity monitoring and management. MTBF (Mean Time Between Failures): A measure of how reliable a hardware product or component is. MTTF (Mean Time to Failure): The length of me a device or other product is expected to last in opera on. MTTR (Mean Time to Recover): The average me that a device will take to recover from any failure. MTU (Maximum Transmission Unit): The size of the largest packet that a network protocol can transmit. NAC (Network Access Control): A security solu on that enforces policy on devices that access networks to increase network visibility and reduce risk. NAT (Network Address Transla on): A method of remapping one IP address space into another by modifying network address informa on in the IP header of packets while they are in transit across a traffic rou ng device. NDA (Non‐disclosure Agreement): A legally binding contract establishing a confiden al rela onship.
w w w.t i a e d u . c o m
73
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
NFC (Near Field Communica on): A set of communica on protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communica on by bringing them within 4 cm of each other. NGFW (Next‐genera on Firewall): A part of the third genera on of firewall technology that combines a tradi onal firewall with other network device filtering func onali es. NIDS (Network‐based Intrusion Detec on System): A system that analyzes incoming network traffic. NIPS (Network‐based Intrusion Preven on System): A system that monitors a network for malicious ac vi es such as security threats or policy viola ons. NIST (Na onal Ins tute of Standards & Technology): A physical sciences laboratory and a non‐ regulatory agency of the United States Department of Commerce. NTFS (New Technology File System): A proprietary file system developed by Microso . NTLM (New Technology LAN Manager): A suite of Microso security protocols that provides authen ca on, integrity, and confiden ality to users. NTP (Network Time Protocol): A networking protocol for clock synchroniza on between computer systems over packet‐switched, variable‐latency data networks. OAuth (Open Authoriza on): An open standard for access delega on, commonly used as a way for Internet users to grant websites or applica ons access to their informa on on other websites but without giving them the passwords. OCSP (Online Cer ficate Status Protocol): An internet protocol used for obtaining the revoca on status of an X.509 digital cer ficate. OID (Object Iden fier): An iden fier used to name an object (a set of data) in a globally unique way. OS (Opera ng System): So ware that manages computer hardware, so ware resources, and provides common services for computer programs. OSINT (Open‐source Intelligence): Intelligence collected from publicly available sources. OSPF (Open Shortest Path First): A rou ng protocol for Internet Protocol (IP) networks. OT (Opera onal Technology): Hardware and so ware that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise. OTA (Over the Air): Wireless transmission of data or so ware updates to mobile devices. OVAL (Open Vulnerability Assessment Language): An informa on security community standard to promote open and publicly available security content. P12 (PKCS #12): A portable format for storing or transpor ng a user's private keys, cer ficates, and miscellaneous secrets.
w w w.t i a e d u . c o m
74
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
P2P (Peer to Peer): A decentralized communica ons model in which each party has the same capabili es and either party can ini ate a communica on session. PaaS (Pla orm as a Service): A category of cloud compu ng services that provides a pla orm allowing customers to develop, run, and manage applica ons without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. PAC (Proxy Auto Configura on): A method used by web browsers to select an appropriate proxy server automa cally. PAM (Privileged Access Management): A comprehensive approach to controlling and monitoring privileged access to cri cal assets and systems. PAM (Pluggable Authen ca on Modules): A mechanism to integrate mul ple low‐level authen ca on schemes into a high‐level applica on programming interface (API). PAP (Password Authen ca on Protocol): A simple, plaintext password authen ca on protocol. PAT (Port Address Transla on): A feature of a network device that translates TCP or UDP communica ons made between hosts on a private network and hosts on a public network. PBKDF2 (Password‐based Key Deriva on Func on 2): A key deriva on func on that is part of RSA Laboratories' Public‐Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0. PBX (Private Branch Exchange): A private telephone network used within a company or organiza on. PCAP (Packet Capture): The act of capturing data packets crossing a specific segment of a network. PCI DSS (Payment Card Industry Data Security Standard): A set of security standards designed to ensure that all companies that accept, process, store or transmit credit card informa on maintain a secure environment. PDU (Power Distribu on Unit): A device fi ed with mul ple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PEAP (Protected Extensible Authen ca on Protocol): A method to securely transmit authen ca on informa on, including passwords, over wireless networks. PED (Personal Electronic Device): A small electronic device typically used for personal tasks such as communica on, data management, and recrea on. PEM (Privacy Enhanced Mail): A de facto standard for secure email in the Internet community. PFS (Perfect Forward Secrecy): A property of secure communica on protocols in which compromise of long‐term keys does not compromise past session keys. PGP (Pre y Good Privacy): An encryp on program that provides cryptographic privacy and authen ca on for data communica on.
w w w.t i a e d u . c o m
75
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
PHI (Personal Health Informa on): Any informa on about health status, provision of health care, or payment for health care that can be linked to a specific individual. PII (Personally Iden fiable Informa on): Informa on that can be used on its own or with other informa on to iden fy, contact, or locate a single person, or to iden fy an individual in context. PIV (Personal Iden ty Verifica on): A United States federal government standard for reliable iden fica on and access control card. PKCS (Public Key Cryptography Standards): A set of standards for public‐key cryptography that were established by RSA Data Security, Inc. PKI (Public Key Infrastructure): A set of roles, policies, hardware, so ware, and procedures needed to create, manage, distribute, use, store, and revoke digital cer ficates and manage public‐key encryp on. POP (Post Office Protocol): An Internet standard protocol used by local email clients to retrieve email from a remote server over a TCP/IP connec on. POTS (Plain Old Telephone Service): The voice‐grade telephone service that remains the basic form of residen al and small business service connec on to the telephone network in most parts of the world. PPP (Point‐to‐Point Protocol): A data link protocol commonly used to establish a direct connec on between two networking nodes. PPTP (Point‐to‐Point Tunneling Protocol): A method for implemen ng virtual private networks. PSK (Pre‐shared Key): A shared secret which was previously shared between the two par es using some secure channel before it needs to be used. PTZ (Pan‐ lt‐zoom): A type of camera that is capable of remote direc onal and zoom control. PUP (Poten ally Unwanted Program): A program that a user may perceive as unwanted. RA (Recovery Agent): An en ty that has the ability to recover a key, cer ficate, or encrypted data. RA (Registra on Authority): An authority in a network that verifies user requests for a digital cer ficate and tells the Cer ficate Authority (CA) to issue it. RACE (Research and Development in Advanced Communica ons Technologies in Europe): A former European Union research and development program focused on developing advanced telecommunica ons networks. RAD (Rapid Applica on Development): A type of so ware development methodology that priori zes rapid prototype releases and itera ons. RADIUS (Remote Authen ca on Dial‐in User Service): A networking protocol that provides centralized Authen ca on, Authoriza on, and Accoun ng (AAA or Triple A) management for users who connect and use a network service.
w w w.t i a e d u . c o m
76
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
RAID (Redundant Array of Inexpensive Disks): A technology that combines mul ple disk drive components into a logical unit for data redundancy and performance improvement. RAS (Remote Access Server): A server that provides a remote access service to users or client computers. RAT (Remote Access Trojan): A malware program that includes a back door for administra ve control over the target computer. RBAC (Role‐based Access Control): An approach to restric ng system access to authorized users based on their role within an organiza on. RBAC (Rule‐based Access Control): A policy‐neutral access control mechanism defined around roles and privileges. RC4 (Rivest Cipher version 4): A stream cipher that is simple and fast but has vulnerabili es and is considered insecure. RDP (Remote Desktop Protocol): A proprietary protocol developed by Microso that provides a user with a graphical interface to connect to another computer over a network connec on. RFID (Radio Frequency Iden fier): A technology that uses electromagne c fields to automa cally iden fy and track tags a ached to objects. RIPEMD (RACE Integrity Primi ves Evalua on Message Digest): A family of cryptographic hash func ons developed in Belgium. ROI (Return on Investment): A measure used to evaluate the efficiency of an investment or compare the efficiency of a number of different investments. RPO (Recovery Point Objec ve): The maximum acceptable amount of data loss measured in me. RSA (Rivest, Shamir, & Adleman): One of the first public‐key cryptosystems and is widely used for secure data transmission. RTBH (Remotely Triggered Black Hole): A technique used to block denial‐of‐service a acks in IP networks. RTO (Recovery Time Objec ve): The targeted dura on of me and a service level within which a business process must be restored a er a disaster or disrup on. RTOS (Real‐ me Opera ng System): An opera ng system intended to serve real‐ me applica on process data as it comes in, typically without buffering delays. RTP (Real‐ me Transport Protocol): A network protocol for delivering audio and video over IP networks. S/MIME (Secure/Mul purpose Internet Mail Extensions): A standard for public key encryp on and signing of MIME data. SaaS (So ware as a Service): A so ware distribu on model in which a third‐party provider hosts applica ons and makes them available to customers over the Internet.
w w w.t i a e d u . c o m
77
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
SAE (Simultaneous Authen ca on of Equals): A security protocol used in Wi‐Fi networks. SAML (Security Asser ons Markup Language): An open standard for exchanging authen ca on and authoriza on data between par es, in par cular, between an iden ty provider and a service provider. SAN (Storage Area Network): A network which provides access to consolidated, block‐level data storage. SAN (Subject Alterna ve Name): An extension to X.509 specifica on that allows users to specify addi onal host names for a single SSL cer ficate. SASE (Secure Access Service Edge): A network architecture that combines WAN capabili es with comprehensive security func ons. SCADA (Supervisory Control and Data Acquisi on): A control system architecture that uses computers, networked data communica ons, and graphical user interfaces for high‐level process supervisory management. SCAP (Security Content Automa on Protocol): A method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evalua on. SCEP (Simple Cer ficate Enrollment Protocol): A protocol used for the secure issuance of digital cer ficates. SD‐WAN (So ware‐defined Wide Area Network): An approach to designing and deploying an enterprise WAN that uses so ware‐defined networking to determine the most effec ve way to route traffic to remote loca ons. SDK (So ware Development Kit): A collec on of so ware development tools in one installable package. SDLC (So ware Development Lifecycle): A process for planning, crea ng, tes ng, and deploying an informa on system. SDLM (So ware Development Lifecycle Methodology): A framework that describes the stages involved in the development of so ware, from ini al feasibility study through maintenance of the completed applica on. SDN (So ware‐defined Networking): An approach to networking that uses so ware‐based controllers or applica on programming interfaces (APIs) to direct traffic on the network and communicate with the underlying hardware infrastructure. SE Linux (Security‐enhanced Linux): A set of kernel modifica ons and user‐space tools that have been added to various Linux distribu ons. Its purpose is to enhance Linux system security by enforcing mandatory access control policies. SED (Self‐encryp ng Drives): Storage drives (usually hard drives or solid‐state drives) that automa cally and con nuously encrypt the data on the drive without any user interac on. SEH (Structured Excep on Handler): A mechanism in Microso Windows for handling both hardware and so ware excep ons.
w w w.t i a e d u . c o m
78
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
SFTP (Secured File Transfer Protocol): A secure version of the File Transfer Protocol (FTP) that uses Secure Shell (SSH) to encrypt the data transferred over the network. SHA (Secure Hashing Algorithm): A family of cryptographic hash func ons published by the Na onal Ins tute of Standards and Technology as a U.S. Federal Informa on Processing Standard. SHTTP (Secure Hypertext Transfer Protocol): An obsolete alterna ve to HTTPS for encryp ng web communica ons carried over HTTP. SIEM (Security Informa on and Event Management): So ware solu ons that provide real‐ me analysis of security alerts generated by applica ons and network hardware. SIM (Subscriber Iden ty Module): A removable smart card for mobile phones that securely stores the service‐subscriber key used to iden fy a subscriber on mobile telephony devices. SLA (Service‐level Agreement): A commitment between a service provider and a client. Par cular aspects of the service – quality, availability, responsibili es – are agreed upon between the service provider and the service user. SLE (Single Loss Expectancy): A term used in risk management referring to the monetary value expected from the occurrence of a risk on an asset. SMS (Short Message Service): A text messaging service component of most telephone, internet, and mobile device systems. SMTP (Simple Mail Transfer Protocol): An internet standard for email transmission across Internet Protocol (IP) networks. SMTPS (Simple Mail Transfer Protocol Secure): A method for securing SMTP with transport layer security. It is intended to provide authen ca on of the communica on partners, as well as data integrity and confiden ality. SNMP (Simple Network Management Protocol): An Internet Standard protocol for collec ng and organizing informa on about managed devices on IP networks and for modifying that informa on to change device behavior. SOAP (Simple Object Access Protocol): A messaging protocol specifica on for exchanging structured informa on in the implementa on of web services in computer networks. SOAR (Security Orchestra on, Automa on, and Response): Technologies that enable organiza ons to collect inputs monitored by the security opera ons center (SOC). SoC (System on Chip): An integrated circuit that integrates all components of a computer or other electronic systems into a single chip. SOC (Security Opera ons Center): A centralized unit that deals with security issues on an organiza onal and technical level.
w w w.t i a e d u . c o m
79
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
SOW (Statement of Work): A document rou nely employed in the field of project management. It defines project‐specific ac vi es, deliverables, and melines for a vendor providing services to the client. SPF (Sender Policy Framework): An email authen ca on method designed to detect forging sender addresses during the delivery of the email. SPIM (Spam over Internet Messaging): Unsolicited messages sent via an instant messaging (IM) system. SQL (Structured Query Language): A domain‐specific language used in programming and designed for managing data held in a rela onal database management system. SQLi (SQL Injec on): A code injec on technique used to a ack data‐driven applica ons, in which malicious SQL statements are inserted into an entry field for execu on. SRTP (Secure Real‐Time Protocol): A profile of the Real‐Time Transport Protocol (RTP) intended to provide encryp on, message authen ca on, and integrity, and replay protec on to the RTP data in both unicast and mul cast applica ons. SSD (Solid State Drive): A storage device containing nonvola le flash memory, used in place of a hard disk because of its much greater speed. SSH (Secure Shell): A cryptographic network protocol for opera ng network services securely over an unsecured network. SSL (Secure Sockets Layer): The standard security technology for establishing an encrypted link between a web server and a browser. SSO (Single Sign‐on): A property of access control of mul ple related, yet independent, so ware systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems. STIX (Structured Threat Informa on eXchange): A language and serializa on format used to exchange cyber threat intelligence. SWG (Secure Web Gateway): Solu ons that filter unwanted so ware/malware from user‐ini ated web/internet traffic and enforce corporate and regulatory policy compliance. TACACS+ (Terminal Access Controller Access Control System): A security applica on that provides centralized valida on of users a emp ng to gain access to a router or network access server. TAXII (Trusted Automated eXchange of Indicator Informa on): An applica on layer protocol for the communica on of cyber threat informa on in a simple and scalable manner. TCP/IP (Transmission Control Protocol/Internet Protocol): A set of communica on protocols used to interconnect network devices on the internet. TGT (Ticket Gran ng Ticket): A part of the Kerberos protocol used for authen ca ng requests for service ckets within the network. TKIP (Temporal Key Integrity Protocol): A security protocol used in the IEEE 802.11 wireless networking standard.
w w w.t i a e d u . c o m
80
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
TLS (Transport Layer Security): A cryptographic protocol designed to provide communica ons security over a computer network. TOC (Time‐of‐check): Refers to a problem where the state of a system can change between the me it is checked and the me it is used. TOTP (Time‐based One‐ me Password): A common algorithm for genera ng a one‐ me password, which is valid only for a short period of me. TOU (Time‐of‐use): Refers to the varying price of electricity or other resources depending on the me when it is used. TPM (Trusted Pla orm Module): A specialized chip on an endpoint device that stores RSA encryp on keys specific to the host system for hardware authen ca on. TTP (Tac cs, Techniques, and Procedures): Describes the behavior or modus operandi of cyber a ackers in terms of the tac cs they use, the techniques they employ, and the procedures they follow to execute an a ack. TSIG (Transac on Signature): A protocol used for securing updates to DNS, which is based on shared secret key cryptography. UAT (User Acceptance Tes ng): The last phase of the so ware tes ng process, where actual so ware users test the so ware to make sure it can handle required tasks in real‐world scenarios. UAV (Unmanned Aerial Vehicle): An aircra without a human pilot aboard, also known as a drone. UDP (User Datagram Protocol): A communica ons protocol that facilitates the exchange of messages between compu ng devices in a network. It's used for me‐sensi ve transmissions. UEFI (Unified Extensible Firmware Interface): A specifica on for a so ware program that connects a computer's firmware to its opera ng system (OS). It's designed to replace BIOS (basic input/output system). UEM (Unified Endpoint Management): A class of so ware tools that provide a single management interface for mobile, PC, and other devices. UPS (Uninterrup ble Power Supply): A device that allows a computer to keep running for at least a short me when the primary power source is lost. URI (Uniform Resource Iden fier): A string of characters used to iden fy a name or a resource on the Internet. URL (Uniform Resource Locator): A reference to a web resource that specifies its loca on on a computer network and a mechanism for retrieving it.
w w w.t i a e d u . c o m
81
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
USB (Universal Serial Bus): An industry standard that establishes specifica ons for cables and connectors and protocols for connec on, communica on, and power supply between computers, peripherals, and other computers. USB OTG (USB On‐The‐Go): A standard that enables mobile devices to talk to one another. UTM (Unified Threat Management): A comprehensive solu on that has evolved from tradi onal firewall solu ons into a product that can perform mul ple security func ons within one single system. UTP (Unshielded Twisted Pair): A popular type of cable that is used for network cabling. VBA (Visual Basic for Applica ons): An implementa on of Microso 's event‐driven programming language Visual Basic 6 and its associated integrated development environment (IDE). VDE (Virtual Desktop Environment): A virtual machine that provides a user with a graphical interface similar to that of a physical desktop. VDI (Virtual Desktop Infrastructure): A technology that hosts a desktop opera ng system on a centralized server in a data center. VLAN (Virtual Local Area Network): A group of devices on one or more LANs that are configured to communicate as if they were a ached to the same wire, when in fact they are located on a number of different LAN segments. VLSM (Variable Length Subnet Masking): A technique that allows network administrators to divide an IP address space into different lengths. VM (Virtual Machine): An emula on of a computer system. Virtual machines are based on computer architectures and provide the func onality of a physical computer. VoIP (Voice over Internet Protocol): A methodology and group of technologies for the delivery of voice communica ons and mul media sessions over Internet Protocol (IP) networks. VPC (Virtual Private Cloud): A secure, isolated private cloud hosted within a public cloud. VPN (Virtual Private Network): A technology that creates a safe and encrypted connec on over a less secure network, such as the internet. VTC (Video Teleconferencing): A technology that allows users in different loca ons to hold face‐to‐face mee ngs without having to move to a single loca on together. WAF (Web Applica on Firewall): A specific form of applica on firewall that filters, monitors, and blocks HTTP traffic to and from a web service. WAP (Wireless Access Point): A networking hardware device that allows a Wi‐Fi device to connect to a wired network. WEP (Wired Equivalent Privacy): A security protocol, now considered insecure, for wireless local area networks (WLANs). WIDS (Wireless Intrusion Detec on System): A system designed to detect the presence
w w w.t i a e d u . c o m
82
CompTIA Security+ 701 Last Minute Guide
Andrew Ramdayal
w w w.t i a e d u . c o m
83