EXAM INTRO & STRATEGY GUIDE

PROVEN FAST, EFFECTIVE &

AFFORDABLE EXAM PREP
securiTY+
EXAM
CRAM
with Pete Zerger CISSP, vCISO, MVP
CompTIA Security+
Exam Cram
EXAM NUMBER: SY0-601
SECURITY+
EXAM STUDY GUIDE
& PRACTICE TESTS BUNDLE

1,000 flashcards
1,000 practice questions
2 practice exams
 SECURITY+
EXAM STUDY GUIDE
& PRACTICE TESTS BUNDLE

link to the 2021 exam bundle in the video description !

A pdf copy of the presentation is
available in the video description!

Subscribed
SUBSCRIBE
about this series…

1 video for each exam domain

DOMAIN 1 1.1 1.8
designed to deliver what you need
for the exam without the fluff DOMAIN 2 2.1 2.8
will help you prepare much faster
used with my study techniques DOMAIN 3 3.1 3.9
as well as any online course or
expensive bootcamp DOMAIN 4 4.1 4.5
The official study guide is
the only cost in my system! DOMAIN 5 5.1 5.5
The 5 core lessons in the series coming
November and December 2021!
INSIDE CLOUD
about the exam
Candidates are encouraged to use this document to help prepare for the CompTIA
Security+ (SY0-601) certification exam. The CompTIA Security+ certification exam will
verify the successful candidate has the knowledge and skills required to:

• Assess the security posture of an enterprise environment and

recommend and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud,
mobile, and IoT
• Operate with an awareness of applicable laws and policies,
including principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents

This is equivalent to two years of hands-on experience

working in a security/systems administrator job role.
about the exam
Candidates are encouraged to use this document to help prepare for the CompTIA
Security+ (SY0-601) certification exam. The CompTIA Security+ certification exam will
verify the successful candidate has the knowledge and skills required to:

• Assess the security posture of an enterprise environment and

recommend and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud,
mobile, and IoT
• Operate with an awareness of applicable laws and policies,
including principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents

These examples should not be construed as a comprehensive

(complete) listing of all the content of this exam.
test details
Required exam SY0-601

Number of question Maximum of 90

Types of questions Multiple-choice and performance-based

Length of test 90 minutes

Recommended ▪ At least 2 years of work experience in IT

experience systems administration with a focus on
security
▪ Hands-on technical information security
experience
▪ Broad knowledge of security concepts
Passing score 750 (on a scale of 100–900)
EXAM OBJECTIVES (DOMAINS)

1.0 Attacks, Threats, and Vulnerabilities 24%

2.0 Architecture and Design 21%

3.0 Implementation 25%

4.0 Operations and Incident Response 16%

5.0 Governance, Risk, and Compliance 14%

 I N T R O D U C T I O N : CISSP EXAM DOMAINS
proposed hardware and software list
CompTIA has included this sample list of hardware and software
to assist candidates as they prepare for the Security+ exam.

HARDWARE SOFTWARE OTHER

• Laptop with Internet • Virtualization software • Access to a CSP
access • Penetration testing
• Separate wireless NIC OS/distributions
• WAP • (e.g., Kali Linux, Parrot OS)
• Firewall • SIEM
• UTM • Wireshark
• Mobile device • Metasploit
• Server/cloud server • Tcpdump
• IoT devices
5 learning tips &
techniques
that
really
work!
5 learning tips &
techniques

✓Improve long-term recall

✓Increase comprehension
✓Reduce study time
 or memory device, is a
learning technique that makes
MNEMONIC memorizing information easier

device
 A common technique is the
expression mnemonic aka
MNEMONIC an acronym
device
 The best mnemonic devices are
simple, relevant, and visual
MNEMONIC
device
 We’ll start with an example
using a first letter mnemonic
MNEMONIC
device
THE OSI MODEL
Away 7 Application All

Pizza 6 Presentation People

Sausage 5 Session Seem

Throw 4 Transport To
|
Not 3 Network Need

Do 2 Data Link Data

Please 1 Physical Processing

THE OSI MODEL
Aside 7 Application All

Processes 6 Presentation People

Security 5 Session Seem

Toss 4 Transport To
|
Not 3 Network Need

Do 2 Data Link Data

Please 1 Physical Processing

INCIDENT MANAGEMENT framework
1 Detection

2 Response

3 Mitigation

4 Reporting
|
5 Recovery

6 Remediation

7 Lessons Learned
INCIDENT MANAGEMENT framework
1 Detection
DRMRRRL
2 Response

3 Mitigation

4 Reporting
|
5 Recovery

6 Remediation

7 Lessons Learned
INCIDENT MANAGEMENT framework
1 Detection
DRMRRRL
2 Response

3 Mitigation

4 Reporting
|
5 Recovery

6 Remediation

7 Lessons Learned
 Chunking is a technique of
breaking info into smaller
MNEMONIC pieces that make sense
device
chunking

cryptography
Asymmetric Hashes
Block ciphers
Symmetric

break into “chunks” based on a unique property

cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Message Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Message Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 NO MD6, et. Al.

Hash MD4 Hash 128 NO MD6, et. Al.

Algorithms MD5 Hash 128 NO MD6, et. Al.

SHA-1 Hash 160 No SHA-2

MD* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Message Digest SHA-384* Hash 384 Yes -
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

SHA* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Secure Hash SHA-384* Hash 384 Yes -
Algorithm
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 No MD6, et. Al.

Hash MD4 Hash 128 No MD6, et. Al.

Algorithms MD5 Hash 128 No MD6, et. Al.

SHA-1 Hash 160 No SHA-2

SHA* SHA-224* Hash 224 Yes -

SHA-256* Hash 256 Yes -
Secure Hash SHA-384* Hash 384 Yes -
Algorithm
SHA-512* Hash 512 Yes -
cryptography
NAME TYPE HASH VALUE LENGTH STILL IN USE? REPLACED BY
HMAC Hash Variable Very Strong -
HAVAL Hash 128, 160, 192, 224, 256

MD2 Hash 128 No MD6, et. al.

Hash MD4 Hash 128 No MD6, et. al.

Algorithms MD5 Hash 128 No MD6, et. al.

SHA-1 Hash 160 NO SHA-2

SHA* SHA-224* Hash 224 YES -

SHA-256* Hash 256 YES -
SHA-384* Hash 384 YES -
SHA-512* Hash 512 YES -
 24 hours
1 week

20 min

THE POWER OF

REPETITION
 spaced repetition
100 Spaced Repetition

1st session 2nd session 3rd session

Forgetting curve

Forgetting curve longer and

shallower with repetition
0
spaced repetition
1st repetition Right after learning
2nd repetition After 15-20 min
3rd repetition After 6-8 hours
4th repetition After 24 hours
5th repetition After 48 hours

6th repetition | After 1 week

1st repetition Right after learning

2nd repetition After 20-30 min
3rd repetition After 1 day
4th repetition After 2-3 weeks
5th repetition After 2-3 months
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW

PRACTICE LIVE QUIZ

EXAM (or flashcards)
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW

PRACTICE LIVE QUIZ

EXAM (or flashcards)
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW

PRACTICE LIVE QUIZ

EXAM (or flashcards)
80/20 STRATEGY
TARGETED POWERPOINT
READING REVIEW

PRACTICE LIVE QUIZ

EXAM (or flashcards)
Use multiple sources

TARGETED LIVE QUIZ VIDEO

READING (or flashcards) CONTENT

PRACTICE POWERPOINT
EXAM REVIEW
 MEMORIZING VS UNDERSTANDING

Studies show understanding you

memorize greatly improves retention
Have a memorization tip
you’d like to share?
Tell us about it in a comment!
Link in the video description
• 1.0 Threats, Attacks and Vulnerabilities

line-for-line review of official exam syllabus!

1.0 Threats, Attacks and Vulnerabilities
Compare and contrast different types Pay attention
1.1
of social engineering techniques to the verbs!

• Phishing • Prepending • Social media

• Smishing • Identity fraud • Principles (reasons for
• Vishing • Invoice scams effectiveness)
• Spam • Credential harvesting • Authority
• Spam over instant messaging • Reconnaissance • Intimidation
• Consensus
(SPIM) • Hoax
• Scarcity
• Spear phishing • Impersonation • Familiarity
• Dumpster diving • Watering hole attack • Trust
• Shoulder surfing • Typosquatting • Urgency
• Pharming • Pretexting
• Tailgating • Influence campaigns
• Eliciting information • Hybrid warfare
• Whaling
Focus on the unique Characteristic(s)
“Chunking” technique of each item in the list!
1.0 Threats, Attacks and Vulnerabilities
Given a scenario, analyze potential indicators
1.2 to determine the type of attack
• Malware • Password attacks • Adversarial artificial
• Ransomware • Spraying intelligence (AI)
• Trojans • Dictionary • Tainted training data for
• Worms • Brute force machine learning (ML)
• Potentially unwanted programs • Offline • Security of machine
(PUPs) • Online learning algorithms
• Fileless virus • Rainbow table • Supply-chain attacks
• Command and control • Plaintext/unencrypted • Cloud-based vs. on-
• Bots • Physical attacks premises attacks
• Cryptomalware • Malicious Universal • Cryptographic attacks
• Logic bombs • Serial Bus (USB) cable • Birthday
• Spyware • Malicious flash drive • Collision
• Keyloggers • Card cloning • Downgrade
• Remote access Trojan (RAT) • Skimming
• Rootkit
• Backdoor
1.0 Threats, Attacks and Vulnerabilities
Given a scenario, analyze potential indicators
1.3 associated with application attacks

• Privilege escalation • Race conditions • Application programming

• Cross-site scripting • Time of check/time of use interface (API) attacks
• Injections • Error handling • Resource exhaustion
• Structured query language (SQL) • Improper input handling • Memory leak
• Dynamic-link library (DLL) • Replay attack • Secure Sockets Layer (SSL)
• Lightweight Directory • Session replays stripping
• Access Protocol (LDAP) • Integer overflow • Driver manipulation
• Extensible Markup Language • Request forgeries • Shimming
(XML) • Server-side • Refactoring
• Pointer/object dereference • Cross-site • Pass the hash
• Directory traversal
• Buffer overflows
1.0 Threats, Attacks and Vulnerabilities
Given a scenario, analyze potential indicators
1.4 associated with network attacks

• Wireless • Layer 2 attacks • Application

• Evil twin
• Rogue access point
• Bluesnarfing
• Bluejacking
• Disassociation
• Jamming
• Radio frequency identification
(RFID)
• Near-field communication (NFC)
• Initialization vector (IV)
• On-path attack (previously
known as man-in-the-
middle attack/ man-in-the-
browser attack)
• Address Resolution • Operational technology
• Protocol (ARP) poisoning (OT)
• Media access control (MAC) • Malicious code or script
flooding execution
• MAC cloning • PowerShell
• Domain name system • Python
(DNS) • Bash
• Domain hijacking • Macros
• DNS poisoning • Visual Basic for
• Uniform Resource Applications (VBA)
• Locator (URL) redirection
• Domain reputation
• Distributed denial-of-
service (DDoS)
• Network
1.0 Threats, Attacks and Vulnerabilities
Explain different threat actors, vectors,
1.5 and intelligence sources

• Actors and threats • Attributes of actors

• Advanced persistent threat (APT) • Internal/external
• Insider threats • Level of sophistication/capability
• State actors • Resources/funding
• Hacktivists • Intent/motivation
• Script kiddies • Vectors
• Criminal syndicates • Direct access
• Hackers • Wireless
• Authorized • Email
• Unauthorized • Supply chain
• Semi-authorized • Social media
• Shadow IT • Removable media
• Competitors • Cloud

Explain = be able to describe in 25 words or less!

1.0 Threats, Attacks and Vulnerabilities
Explain different threat actors, vectors,
1.5 and intelligence sources

• Threat intelligence sources • Predictive analysis

• Open-source intelligence
(OSINT)
• Closed/proprietary
• Vulnerability databases
• Public/private information
sharing centers
• Dark web
• Indicators of compromise
• Automated Indicator Sharing
(AIS)
• Structured Threat Information
eXpression (STIX)/Trusted
Automated eXchange of
Intelligence Information (TAXII)
• Threat maps
• File/code repositories
• Research sources
• Vendor websites
• Vulnerability feeds
• Conferences
• Academic journals
• Request for comments (RFC)
• Local industry groups
• Social media
• Threat feeds
• Adversary tactics, techniques, and
procedures (TTP)
1.0 Threats, Attacks and Vulnerabilities
Explain the security concerns associated
1.6 with various types of vulnerabilities

• Cloud-based vs. on-premises • Third-party risks • Legacy platforms

vulnerabilities • Vendor management • Impacts
• Zero-day • System integration • Data loss
• Weak configurations • Lack of vendor support • Data breaches
• Open permissions • Supply chain • Data exfiltration
• Unsecure root accounts • Outsourced code • Identity theft
• Errors development • Financial
• Weak encryption • Data storage • Reputation
• Unsecure protocols • Improper or weak patch • Availability loss
• Default settings management
• Open ports and services • Firmware
• Operating system (OS)
• Applications
1.0 Threats, Attacks and Vulnerabilities
Summarize the techniques used
1.7 in security assessments
• Threat hunting
• Intelligence fusion
• Threat feeds
• Advisories and bulletins
• Maneuver
• Vulnerability scans
• False positives
• False negatives
• Log reviews
• Credentialed vs. non-
credentialed
• Intrusive vs. non-intrusive
• Application
• Web application
• Network
• Common Vulnerabilities and Exposures
(CVE)/Common Vulnerability Scoring System (CVSS)
• Configuration review
• Syslog/Security information and event
management (SIEM)
• Review reports
• Packet capture
• Data inputs
• User behavior analysis
• Sentiment analysis
• Security monitoring
• Log aggregation
• Log collectors
• Security orchestration, automation, and
response (SOAR)
1.0 Threats, Attacks and Vulnerabilities
1.8 Explain the techniques used in penetration testing

• Penetration testing • Passive and active

• Known environment reconnaissance
• Unknown environment • Drones
• Partially known environment • War flying
• Rules of engagement • War driving
• Lateral movement • Footprinting
• Privilege escalation • OSINT
• Persistence Exercise types
• Cleanup • Red-team
• Bug bounty • Blue-team
• Pivoting • White-team
• Purple-team
•2.0 Architecture and Design
2.0 architecture and design
Explain the importance of security concepts
2.1 in an enterprise environment
• Configuration management • Geographical • Deception and disruption
• Diagrams considerations • Honeypots
• Baseline configuration • Response and recovery • Honeyfiles
• Standard naming conventions controls • Honeynets
• Internet protocol (IP) schema • Fake telemetry
• Secure Sockets Layer
• Data sovereignty • DNS sinkhole
(SSL)/Transport Layer
• Data protection
Security (TLS) inspection
• Data loss prevention (DLP)
• Masking • Hashing
• Encryption • API considerations
• At rest • Site resiliency
• In transit/motion • Hot site
• In processing • Cold site
• Tokenization • Warm site
• Rights management

enterprise = large and complex

2.0 architecture and design
Summarize virtualization and
2.2 cloud computing concepts Summarize = Explain

• Cloud models • On-premises vs. off- • Serverless architecture

• Infrastructure as a service (IaaS) premises • Services integration
• Platform as a service (PaaS) • Fog computing • Resource policies
• Software as a service (SaaS) • Edge computing • Transit gateway
• Anything as a service (XaaS)
• Thin client • Virtualization
• Public
• Community • Containers • Virtual machine (VM) sprawl
• Microservices/API avoidance
• Private
• Infrastructure as code • VM escape protection
• Hybrid
• Cloud service providers • Software-defined
• Managed service provider networking (SDN)
(MSP) / managed security • Software-defined
service provider (MSSP) visibility (SDV)
2.0 architecture and design
Summarize secure application development,
2.3 deployment, and automation concepts

• Environment • Code reuse/dead code • Automation/scripting

• Development • Server-side vs. client-side • Automated courses of action
• Test execution and validation • Continuous monitoring
• Staging • Memory management • Continuous validation
• Production • Use of third-party libraries • Continuous integration
• Quality assurance (QA) and software development • Continuous delivery
• Provisioning and kits (SDKs) • Continuous deployment
deprovisioning • Data exposure • Elasticity
• Integrity measurement • Open Web Application • Scalability
• Secure coding techniques • Security Project (OWASP) • Version control
• Normalization • Software diversity
• Stored procedures • Compiler
• Obfuscation/camouflage • Binary CI/CD (DevOps)!
and DevSecOps
2.0 architecture and design
Summarize authentication and
2.4 authorization design concepts
Authentication methods
• Directory services
• Federation
• Attestation
• Technologies
• Time-based onetime
• password (TOTP)
• HMAC-based one-time
• password (HOTP)
• Short message service (SMS)
• Token key
• Static codes
• Authentication applications
• Push notifications
• Phone call
• Smart card authentication
Biometrics • Multifactor authentication
• Fingerprint • (MFA) factors and attributes
• Retina • Factors
• Iris • Something you know
• Facial • Something you have
• Voice • Something you are
• Vein • Attributes
• Gait analysis • Somewhere you are
• Efficacy rates • Something you can do
• False acceptance • Something you exhibit
• False rejection • Someone you know
• Crossover error rate • Authentication, authorization,
and accounting (AAA)
• Cloud vs. on-premises
requirements
2.0 architecture and design
2.5 Given a scenario, implement cybersecurity resilience

• Redundancy • Power
• Geographic dispersal • Uninterruptible
• Disk • power supply (UPS)
• Redundant array of • Generator
• inexpensive disks (RAID) • Dual supply
levels • Managed power
• Multipath • distribution units (PDU
• Network • Replication
• Load balancers • Storage area network
• Network interface card • VM
(NIC) teaming • On-premises vs. cloud

Implement = choose the right option for a scenario

2.0 architecture and design
2.5 Given a scenario, implement cybersecurity resilience

• Backup types • Offsite storage • Diversity

• Full • Distance • Technologies
• Incremental considerations • Vendors
• Snapshot • Non-persistence • Crypto
• Differential • Revert to known state • Controls
• Tape • Last known-good
• Disk configuration
• Copy • Live boot media
• Network-attached • High availability
storage (NAS) • Scalability
• Storage area network • Restoration order
• Cloud
• Image
• Online vs. offline The “A” in the CIA Triad = Availability!
2.0 architecture and design
Explain the security implications of
2.6 embedded and specialized systems

• Embedded systems • Internet of Things (IoT)

• Raspberry Pi • Sensors
• Field-programmable gate • Smart devices
array (FPGA) • Wearables
• Arduino • Facility automation
• Supervisory control and data • Weak defaults
acquisition (SCADA) / • Specialized
industrial control system (ICS) • Medical systems
• Facilities • Vehicles
• Industrial • Aircraft
• Manufacturing • Smart meters
• Energy • Voice over IP (VoIP)
• Logistics
computer system that has a dedicated function
within a larger mechanical or electronic system.
2.0 architecture and design
Explain the security implications of
2.6 embedded and specialized systems

• Heating, ventilation, air conditioning • Subscriber identity

(HVAC) module (SIM) cards
• Drones • Zigbee
• Multifunction printer (MFP) Constraints
• Real-time operating system (RTOS) • Power
• Surveillance systems • Compute
• System on chip (SoC) • Network
• Communication considerations • Crypto
• 5G • Inability to patch
• Narrow-band • Authentication
• Baseband radio • Range
• Cost
• Implied trust
2.0 architecture and design
2.7 Explain the importance of physical security controls

• Bollards/barricades • Personnel • USB data blocker

• Access control vestibules • Guards • Lighting
• Badges • Robot sentries • Fencing
• Alarms • Reception • Fire suppression
• Signage • Two-person
• Cameras integrity/control
• Motion recognition • Locks
• Object detection • Biometrics
• Closed-circuit television • Electronic
(CCTV) • Physical
• Industrial camouflage • Cable locks

“explain the importance” means you

need to know not only what, but why!
2.0 architecture and design
2.7 Explain the importance of physical security controls

• Sensors • Secure areas

• Motion detection • Air gap
• Noise detection • Vault
• Proximity reader • Safe
• Moisture detection • Hot aisle
• Cards • Cold aisle
• Temperature • Secure data destruction
• Drones • Burning
• Visitor logs • Shredding
• Faraday cages • Pulping
• Air gap • Pulverizing
• Screened subnet (previously • Degaussing
known as demilitarized zone) • Third-party solutions
• Protected cable distribution
2.0 architecture and design
2.8 Summarize the basics of cryptographic concepts

• Digital signatures • Modes of operation

• Key length • Authenticated
• Key stretching • Unauthenticated
• Salting • Counter
• Hashing • Blockchain
• Key exchange • Public ledgers
• Elliptic-curve cryptography • Cipher suites
• Perfect forward secrecy • Stream
• Quantum • Block
• Communications • Symmetric vs.
• Computing asymmetric
• Post-quantum • Lightweight
• Ephemeral cryptography
2.0 architecture and design
2.8 Summarize the basics of cryptographic concepts

• Steganography • Limitations
• Audio • Speed
• Video • Size
• Image • Weak keys
• Homomorphic • Time
encryption • Longevity
• Common use cases • Predictability
• Low power devices • Reuse
• Low latency • Entropy
• High resiliency • Computational overheads
• Supporting confidentiality • Resource vs. security
• Supporting integrity constraints
• Supporting obfuscation
• Supporting authentication symmetric & asymmetric algorithms work together
• Supporting non-repudiation
to solve for these! More in the DOMAIN 2 lesson!
• 3.0 Implementation
3.0 implementation
3.1 Given a scenario, implement secure protocols

• Protocols • Simple Network Management • Use cases

• Domain Name System
• Security Extensions (DNSSEC)
• SSH
• Secure/Multipurpose Internet
• Mail Extensions (S/MIME)
• Secure Real-time Transport
• Protocol (SRTP)
• Lightweight Directory Access
• Protocol Over SSL (LDAPS)
• File Transfer Protocol, Secure
(FTPS)
• SSH File Transfer Protocol (SFTP)
• Protocol, version 3 (SNMPv3)
• Hypertext transfer protocol
over SSL/TLS (HTTPS)
• IPSec
• Authentication header (AH)/
• Encapsulating Security
• Payloads (ESP)
• Tunnel/transport
• Post Office Protocol (POP)/
Internet Message Access
Protocol (IMAP)
• Voice and video
• Time synchronization
• Email and web
• File transfer
• Directory services
• Remote access
• Domain name resolution
• Routing and switching
• Network address allocation
• Subscription services

Implement = choose the right protocol for a use case

3.0 implementation
3.1 Given a scenario, implement secure protocols

• Protocols • Simple Network Management • Use cases

• Domain Name System
• Security Extensions (DNSSEC)
• SSH
• Secure/Multipurpose Internet
• Mail Extensions (S/MIME)
• Secure Real-time Transport
• Protocol (SRTP)
• Lightweight Directory Access
• Protocol Over SSL (LDAPS)
• File Transfer Protocol, Secure
(FTPS)
• SSH File Transfer Protocol (SFTP)
• Protocol, version 3 (SNMPv3)
• Hypertext transfer protocol
over SSL/TLS (HTTPS)
• IPSec
• Authentication header (AH)/
• Encapsulating Security
• Payloads (ESP)
• Tunnel/transport
• Post Office Protocol (POP)/
Internet Message Access
Protocol (IMAP)
• Voice and video
• Time synchronization
• Email and web
• File transfer
• Directory services
• Remote access
• Domain name resolution
• Routing and switching
• Network address allocation
• Subscription services

In the DOMAIN 3 session, we will match protocols

and their functions to their common use cases.
3.0 implementation
Given a scenario, implement host or
3.2 application security controls

• Endpoint protection • Database • Hardening

• Antivirus • Tokenization • Open ports and services
• Anti-malware • Salting • Registry
• Endpoint detection and response • Hashing • Disk encryption
(EDR) • Application security • OS
• DLP • Input validations • Patch management
• Next-generation firewall (NGFW) • Secure cookies • Third-party updates
• Host-based intrusion prevention • Hypertext Transfer • Auto-update
system (HIPS) • Protocol (HTTP) headers • Self-encrypting drive (SED)/
• Host-based intrusion detection • Code signing full-disk encryption (FDE)
system (HIDS) • Allow list • Opal
• Host-based firewall • Block list/deny list • Hardware root of trust
• Boot integrity • Secure coding practices • Trusted Platform Module
• Boot security/Unified Extensible • Static code analysis (TPM)
• Firmware Interface (UEFI) • Manual code review
• Sandboxing
• Measured boot • Dynamic code analysis
• Boot attestation • Fuzzing
3.0 implementation
Given a scenario, implement
3.3 secure network designs

• Load balancing • Virtual private network • Out-of-band

• Active/active (VPN) management
• Active/passive • Always-on • Port security
• Scheduling • Split tunnel vs. full tunnel • Broadcast storm prevention
• Virtual IP • Remote access vs. site-to-site • Bridge Protocol Data Unit
• Persistence • IPSec (BPDU) guard
• Network segmentation • SSL/TLS • Loop prevention
• Virtual local area network (VLAN) • HTML5 • Dynamic Host Configuration
• Screened subnet (previously • Layer 2 tunneling protocol • Protocol (DHCP) snooping
• known as demilitarized zone) (L2TP) • Media access control (MAC)
• East-west traffic • DNS filtering
• Extranet • Network access control (NAC)
• Intranet • Agent and agentless
• Zero Trust
3.0 implementation
Given a scenario, implement
3.3 secure network designs
• Network appliances • Aggregators • Access control list (ACL)
• Jump servers • Firewalls • Route security
• Proxy servers • Web application firewall (WAF)
• Quality of service (QoS)
• Forward • NGFW
• Stateful • Implications of IPv6
• Reverse
• Stateless • Port spanning/port
• Network-based intrusion
detection system (NIDS) • Unified threat management mirroring
/network-based intrusion (UTM) • Port taps
prevention system (NIPS) • Network address • Monitoring services
• Signature-based • translation (NAT) gateway • File integrity monitors
• Heuristic/behavior • Content/URL filter
• Anomaly • Open-source vs. proprietary
• Inline vs. passive • Hardware vs. software
• HSM • Appliance vs. host-based vs.
• Sensors virtual
• Collectors
3.0 implementation
Given a scenario, install and configure
3.4 wireless security settings

• Cryptographic protocols • IEEE 802.1X • Installation

• Wi-Fi Protected Access 2 (WPA2) • Remote Authentication considerations
• Wi-Fi Protected Access 3 (WPA3) Dial-in • Site surveys
• Counter-mode/CBC-MAC • User Service (RADIUS)
• Heat maps
• Protocol (CCMP) Federation
• Wi-Fi analyzers
• Simultaneous Authentication of • Methods
Equals (SAE) • Pre-shared key (PSK) vs. • Channel overlaps
• Wireless access point
• Authentication protocols Enterprise vs. Open
• Wi-Fi Protected Setup (WAP) placement
• Extensible Authentication
(WPS) • Controller and access
Protocol (EAP)
• Captive portals point security
• Protected Extensible
• Authentication Protocol (PEAP)
• EAP-FAST
• EAP-TLS
• EAP-TTLS
3.0 implementation
Given a scenario, implement
3.5 secure mobile solutions

• Connection methods and • Mobile device • Mobile devices

receivers management (MDM) • MicroSD hardware security
• Cellular • Application management module (HSM)
• Wi-Fi • Content management • MDM/Unified Endpoint
• Bluetooth • Remote wipe • Management (UEM)
• NFC • Geofencing • Mobile application
• Infrared • Geolocation management (MAM)
• USB • Screen locks • SEAndroid
• Point-to-point • Push notifications
• Point-to-multipoint • Passwords and PINs
• Global Positioning System (GPS)
• RFID
3.0 implementation
Given a scenario, implement
3.5 secure mobile solutions

• Enforcement and monitoring of: • Recording microphone

• Third-party application stores • GPS tagging
• Rooting/jailbreaking • Wi-Fi direct/ad hoc
• Sideloading • Tethering
• Custom firmware • Hotspot
• Carrier unlocking • Payment methods
• Firmware over-the-air (OTA) updates • Deployment models
• Camera use • Bring your own device (BYOD)
• SMS/Multimedia Messaging Service • Corporate-owned personally
(MMS)/Rich Communication enabled (COPE)
• Services (RCS) • Choose your own device (CYOD)
• External media • Corporate-owned
• USB On-The-Go (USB OTG) • Virtual desktop infrastructure (VDI)
3.0 implementation
Given a scenario, apply cybersecurity
3.6 solutions to the cloud
• Cloud security controls
• High availability across zones
• Resource policies
• Secrets management
• Integration and auditing
• Storage
• Permissions
• Encryption
• Replication
• High availability
• Network
• Virtual networks
• Public and private subnets
• Segmentation
• API inspection and
integration
• Compute • Solutions
• Security groups • CASB
• Dynamic resource • Application security
allocation • Next-generation secure
• Instance awareness web gateway (SWG)
• Virtual private cloud • Firewall considerations in
(VPC) endpoint a cloud environment
• Container security • Cost
• Need for segmentation
• Open Systems
Interconnection (OSI)
layers
• Cloud native controls vs.
third-party solutions
3.0 implementation
Given a scenario, implement identity and
3.7 account management controls

• Identity • Guest accounts • Access policies

• Identity provider (IdP) • Service accounts • Account permissions
• Attributes • Account policies • Account audits
• Certificates • Password complexity • Impossible travel
• Tokens • Password history time/risky login
• SSH keys • Password reuse • Lockout
• Smart cards • Network location • Disablement
• Account types • Geofencing
• User account • Geotagging
• Shared and generic • Geolocation
• accounts/credentials • Time-based logins
3.0 implementation
Given a scenario, implement authentication
3.8 and authorization solutions

• Authentication management • 802.1X • Role-based access control

• Password keys • RADIUS • Rule-based access control
• Password vaults • Single sign-on (SSO) • MAC
• TPM • Security Assertion • Discretionary access
• HSM • Markup Language (SAML) control (DAC)
• Knowledge-based • Terminal Access Controller • Conditional access
authentication Access Control System • Privileged access
• Authentication/authorization Plus (TACACS+) management
• EAP • OAuth • File system permissions
• Challenge-Handshake • OpenID
Authentication Protocol • Kerberos
(CHAP) • Access control schemes
• Password Authentication • Attribute-based access
Protocol (PAP) control (ABAC)
3.0 implementation
Given a scenario, implement
3.9 public key infrastructure certificate services

• Public key infrastructure (PKI) • Types of certificates • Privacy enhanced mail

• Key management • Wildcard (PEM)
• Certificate authority (CA) • Subject alternative name • Personal information
• Intermediate CA • Code signing exchange (PFX)
• Registration authority (RA) • Self-signed • .cer
• Certificate revocation list (CRL) • Machine/computer • P12
• Certificate attributes • Email • P7B
• Online Certificate Status Protocol • User • Concepts
(OCSP) • Root • Online vs. offline CA
• Certificate signing request (CSR) • Domain validation • Stapling
• CN • Extended validation • Pinning
• Subject alternative name • Certificate formats • Trust model
• Expiration • Distinguished encoding • Key escrow
rules (DER) • Certificate chaining
• 4.0 Operations and Incident Response
4.0 Operations and Incident Response
Given a scenario, use the appropriate tool
4.1
to assess organizational security
• Network reconnaissance • scanless • OpenSSL
and discovery • dnsenum • Packet capture and
• tracert/traceroute • Nessus replay
• nslookup/dig • Cuckoo • Tcpreplay
• ipconfig/ifconfig • File manipulation • Tcpdump
• nmap • head • Wireshark
• ping/pathping • tail • Forensics
• hping • cat • dd
• netstat • grep • Memdump
• netcat • chmod • WinHex
• IP scanners • logger • FTK imager
• arp • Shell and script • Autopsy
• route environments • Exploitation frameworks
• curl • SSH • Password crackers
• theHarvester • PowerShell • Data sanitization
• sn1per • Python

Hands-on learning will be helpful!

4.0 Operations and Incident Response
Summarize the importance of policies, processes,
4.2 and procedures for incident response

• Incident response plans • Exercises • Stakeholder

• Incident response process
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons learned
• Tabletop management
• Walkthroughs • Communication plan
• Simulations • Disaster recovery plan
• Attack frameworks • Business continuity plan
• MITRE ATT&CK
• Continuity of operations
• The Diamond Model of
Intrusion Analysis planning (COOP)
• Cyber Kill Chain • Incident response team
• Retention policies
4.0 Operations and Incident Response
Given an incident, utilize appropriate data
4.3 sources to support an investigation

• Vulnerability scan output • Security Metadata

• SIEM dashboards • Web • Email
• Sensor • DNS • Mobile
• Sensitivity • Authentication • Web
• Trends • Dump files • File
• Alerts • VoIP and call managers Netflow / sFlow
• Correlation • Session Initiation Protocol (SIP) • Netflow
• Log files traffic • sFlow
• Network • syslog / rsyslog / syslog-ng • IPFIX
• System • journalctl Protocol analyzer output
• Application • NXLog
• Bandwidth monitors
4.0 Operations and Incident Response
Given an incident, apply mitigation techniques
4.4 or controls to secure an environment

• Reconfigure endpoint • Isolation

security solutions • Containment
• Application approved list • Segmentation
• Application blocklist/deny list • SOAR
• Quarantine • Runbooks
• Configuration changes • Playbooks
• Firewall rules
• MDM
• DLP
• Content filter/URL filter
• Update or revoke certificates
4.0 Operations and Incident Response
4.5 Explain the key aspects of digital forensics
• Documentation/evidence • Acquisition • On-premises vs. cloud
• Legal hold • Order of volatility • Right-to-audit clauses
• Video • Disk • Regulatory/jurisdiction
• Admissibility • Random-access memory • Data breach notification
• Chain of custody (RAM) laws
• Timelines of sequence of events • Swap/pagefile • Integrity
• Time stamps • OS • Hashing
• Time offset • Device • Checksums
• Tags • Firmware • Provenance
• Reports • Snapshot • Preservation
• Event logs • Cache • E-discovery
• Interviews • Network
• Data recovery
• Artifacts
• Non-repudiation
• Strategic intelligence/
counterintelligence
• 5.0 Governance, Risk, and Compliance
5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls
• Category • Control type
• Managerial • Preventive
• Operational • Detective
• Technical • Corrective
• Deterrent
• Compensating
• Physical

Know the security controls

that fall into each category!
5.0 Governance, Risk, and Compliance
Explain the importance of applicable regulations, standards,
5.2 or frameworks that impact organizational security posture
• Regulations, standards, and • Key frameworks • Benchmarks /secure
legislation • Center for Internet Security (CIS) configuration guides
• General Data Protection • National Institute of Standards • Platform/vendor-specific guides
Regulation (GDPR) and Technology (NIST) Risk • Web server
• National, territory, or state laws Management Framework (RMF)/ • OS
• Payment Card Industry Data Cybersecurity Framework (CSF) • Application server
Security Standard (PCI DSS) • International Organization for • Network infrastructure devices
Standardization (ISO)
27001/27002/27701/31000
• SSAE SOC 2 Type I/II
• Cloud security alliance
• Cloud control matrix
• Reference architecture
5.0 Governance, Risk, and Compliance
Explain the importance of policies
5.3 to organizational security

• Personnel • Phishing campaigns • Data

• Acceptable use policy • Phishing simulations • Classification
• Job rotation • Computer-based training (CBT) • Governance
• Mandatory vacation • Role-based training • Retention
• Separation of duties • Diversity of training techniques • Credential policies
• Least privilege • Third-party risk management • Personnel
• Clean desk space • Vendors • Third-party
• Background checks • Supply chain • Devices
• Non-disclosure • Business partners • Service accounts
agreement (NDA) • Service level agreement (SLA) • Administrator/root
• Social media analysis • Memorandum of understanding (MOU) accounts
• Onboarding • Measurement systems analysis (MSA) • Organizational policies
• Offboarding • Business partnership agreement (BPA) • Change management
• User training • End of life (EOL) • Change control
• Gamification • End of service life (EOSL) • Asset management
• Capture the flag • NDA
5.0 Governance, Risk, and Compliance
Summarize risk management
5.4 processes and concepts

• Risk types • Risk analysis • Single-loss expectancy (SLE)

• External • Risk register • Annualized loss expectancy (ALE)
• Internal • Risk matrix/heat map • Annualized rate of occurrence (ARO)
• Legacy systems • Risk control assessment • Disasters
• Multiparty • Risk control self-assessment • Environmental
• IP theft • Risk awareness • Person-made
• Software compliance / • Inherent risk • Internal vs. external
licensing • Residual risk • Business impact analysis
• Risk management • Control risk • Recovery time objective (RTO)
strategies • Risk appetite • Recovery point objective (RPO)
• Acceptance • Regulations that affect risk • Mean time to repair (MTTR)
• Avoidance posture • Mean time between failures (MTBF)
• Transference • Risk assessment types • Functional recovery plans
• Cybersecurity insurance • Qualitative • Single point of failure
• Mitigation • Quantitative • Disaster recovery plan (DRP)
• Likelihood of occurrence • Mission essential functions
• Impact • Identification of critical systems
• Asset value • Site risk assessment
5.0 Governance, Risk, and Compliance
Explain privacy and sensitive data
5.5 concepts in relation to security

• Organizational consequences • Critical • Roles and responsibilities

of privacy and data breaches • Proprietary • Data owners
• Reputation damage • Personally identifiable • Data controller
• Identity theft information (PII) • Data processor
• Fines • Health information • Data custodian/steward
• IP theft • Financial information • Data protection officer (DPO)
• Notifications of breaches • Government data • Information life cycle
• Escalation • Customer data • Impact assessment
• Public notifications and • Privacy enhancing • Terms of agreement
disclosures technologies • Privacy notice
• Data types • Data minimization
• Classifications • Data masking
• Public • Tokenization
• Private • Anonymization
• Sensitive • Pseudo-anonymization
• Confidential
There is considerable
overlap with the CISSP
However, there is a
difference of focus
updated ISC2 study guide
released in July 2021 !
SECURITY+ HELPS WITH WHICH

OTHER EXAMS?
INSIDE CLOUD

THANKS
F O R W A T C H I N G!