Security+ 601 Exam Cheat Sheet

by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

Acronyms

3DES AAA ABAC ACL AD AES AES256 AH

AI AIS ALE AP API APT ARO ARP
ASLR ASP ATT&CK AUP AV BASH BCP BGP

BIA BIOS BPA BPDU BSSID BYOD CA CAPTCHA

CAR CASB CBC CASB CBT CCMP CCTV CERT
CFB CHAP CIO CIRT CIS CMS CN COOP
COPE CP CRC CRL CSA CSIRT CSO CSP
CSR CSRF CSU CTM CTO CVE CVSS CYOD
DAC DBA DDoS DEP DER DES DHCP DHE
DKIM DLL DLP DMARC DNT DNS DNSSEC DoS
DPO DRP DSA DSL EAP ECB ECC ECDHE

ECDSA EDR EFS EIP EOL EOS ERP ESN

ESP ESSID FACL FDE FIM FPGA FRR FTP
FTPS GCM GDPR GPG GPO GPS GPU GRE
HA HDD HIDS HIPS HMAC HOTP HSM HSMaaS
HTML HTTP HTTPS HVAC IaaS IAM ICMP ICS
IDEA IDF IdP IDS IPS IEEE IKE IM
IMAP4 IoC IoT IP IPS IPSec IR IRC
IRP ISA ISFW ISO ISP ISSO ITCP IV
KDC KEK L2TP LAN LDAP LEAP MaaS MAC
MAM MAN MBR MD5 MDF MDM MFA MFD
MFP ML MMS MOA MOU MPLS MSA MS-CHAP
MSP MSSP MTBF MTTF MTTR MTU NAC NAT
NDA NFC NFV NGFW NG-SWG NIC NIDS NIPS
NIST NOC NTFS NTLM NTP OCSP OID OS
OAI OSINT OSPF OT OTA OTG OVAL OWASP

P12 P2P PaaS PAC PAM PAP PAT PBKDF2

PBX PCAP PCI DSS PDU PE PEAP PED PEM
PFS PGP PHI PII PIN PIV PKCS PKI
PoC POP POTS PPP PPTP PSK PTZ PUP

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 1 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

Acronyms (cont)

QA QoS RA RAD RADIUS RAID RAM RAS

RAT RC4 RCS RFC RFID RIPEMD ROI RPO
RSA RTBH RTO RTOS RTP S/MIME SaaS SAE
SAML SCADA SCAP SCEP SDK SDLC SDLM SDN
SDP SDV SED SEH SFTP SHA SIEM SIM
SIP SLA SLE SMB SMS SMTP/S SNMP SOAP
SOAR SoC SOC SPF SPIM SQL SQLi SRTP
SSD SSH SSID SSL SSO STIX STP SWG
TACACS+ TGT TKIP TLS TOTP TPM TSIG TTP
UAT UDP UEBA UEFI UEM UPS URI URL

USB USB OTG UTM UTP VBA VDE VDI VLAN

VLSM VM VoIP VPC VPN VTC WAF WAP
WEP WIDS WIPS WORM WPA WPS XaaS XSRF

POST EXAM BRAIN DUMP

PBQs
Know how to configure a RADIUS server, WiFi server, and a client machine with PKI, WPA2 and current best security practices
Be familiar with the linux kernel and how to identify how attacks are taken out on there
what security measures can be taken ons pecific network devices to enhance security
What tech can be applied to different network devices (web server, database, domain contro​ller))
Review attack types and their indicators
General
Port numbers and their protocols, only common ones are mentioned and just review them. It can make some of the other questions easier as
well.
different methods of "​pre​ven​tat​ive​" and the like, what physical security measures are the most effective
differ​ences between SOAR and SIEM, Other acronyms to review: CVSS,LDAP, SPI, SoC, API
CASB, other cloud computing concepts (what it takes to move an organi​zation to the cloud, availi​bility, BCP, edge and fog comput​ing))
review linux kernel for directory traver​sals, CSFR,

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 2 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

POST EXAM BRAIN DUMP (cont)

Tip: when taking the exam, flag questions that are worded weirdly and go back to them later and try to rewrite the question yourself. This is what
I had to do for like 8 questions
Best crypto​graphy practices and types to use based on specific scenarios, understand how PKI and PSK works, Tokeni​zation vs hashes
Tip: most "​sce​nar​ios​" seemed to start with "​_____ works at _____ organi​zation and is updati​ng/​rem​ovi​ng/​har​den​ing​", so famili​arize yourself with
business related terms
Review GDPR, ISO, NIST, the diamond intrustion analysis method, and Diffe
Best practices for implem​enting secure work from home networks and remote desktop accessing

My final score was 759 the second time I took it, 723 the first
DISCLAIMER: This is not a word for word descri​ption of the exam and every exam is different
Braind​ump​s.com This website has some "very very simila​r" questions as to what I had on this exam

Exam Objectives

Attacks, Threats, and Vulner​abi​lities (24%) 1.1-1.8

Archit​echture (21%) 2.1-2.8
Implem​ent​ation (25%) 3.1-3.9
Operations and Incident Response (16%) 4.1-4.5
Govern​ance, Risk, and Compliance (14%) 5.1-5.6

36 Objective Tasks, each with various subsec​tions.

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 4 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

1.1 SE Attacks 1.2 Analyze Attack Indicators (cont)

Phishing a way to trick people into giving up sensitive info, dictionary

usually through fake links. prevent with email brute force online v offline
filtering Rainbow Table
Smishing Physical skimming
Vishing AI Training Data
Spam/SPIM Crypto​graphic birthday
Spear phishing collision
Whaling downgrade
Prepending Cloud-​based v. on prem
Reconn​ais​sance
Terms w/o Defini​tions
Watering Hole Attack Malware: fileless virus, command and control, bots, spyware, keylog​‐
Influence Campaigns gers, backdoor
Password Attacks: plain text, unencr​ypted
Reasons of authority, intimi​​da​tion, consensus, scarcity, famili​​‐
Physical Attacks: USB, malicious flash drive, card cloning
Effect​​iv​‐ arity, trust, urgency
eness
1.3 Indicators of App Attacks
Terms without Defini​​tions
Privilege Escalation
dumpster diving, shoulder surfing, pharming, tailga​​ting, eliciting
inform​​ation, identity fraud, invoice scams, credential harves​​ting, XSS
impers​​on​a​tion, hoax, typo squatting, pretex​​ting, Injections
Pointe​r/o​bject Derefe​rence
1.2 Analyze Attack Indicators
Buffer Overflows
Malware Ransomware
Error Handling
Trojan
Race Conditions
Worm
Imprope Input Handling
PUPs
Replay Attack
Logic Bomb
Integer Overflow
RAT
Request Forgeries
Rootkit
API Attacks
crypto​malware
SSL Stripping
Pass Attacks spraying
Driver Manipu​lation
Pass the Hash

Terms w/o Defini​tions

resource exhaus​tion, memory leak

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 5 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

1.4 Network Attacks 1.5 Threat Vectors (cont)

Wireless Evil Twin Vectors Direct access, wireless, email, supply chain,
Rougue Access Point social media, cloud, removable media

Bluesn​arfing Threat Intel OSINT

Sources
Blueja​cking
Propri​etary
Disass​oci​ation
CVE Databases
RFID
AIS
NFC
Research Sources Confer​ences, academic journals, RFC, local
IV
industry, social media, threat feeds
On-path
TTP
Layer 2 ARP poisoning
Terms w/o Defini​tions
MAC poisoning
insider threats, state actors, hackti​vists, script kiddies, criminal
DNS Poisoning syndicates
DDoS OT, Network, App dark web, IoC, sharing centers, predictive analysis, threat maps,
Malicious Code VBA code repos

PS, Python, Bash

1.6 Security Concerns
Macros
There are security concerns with each of the sections below. The
Terms w/o Definition
concerns depend on industry, implem​ent​ation, and time, along with
MAC cloning, domain hijacking, URL redire​ction, domain reputation
other factors. The objective is to explain the security concerns
associated with everything below
1.5 Threat Vectors
Cloud based v on Cloud - can be hacked, default must be
Actors and APT prem changed, availa​bility On-prem- physical, can be
Threats stolen, human errors
Auth Hackers General Concerns open permis​sions, unsecure root accounts,
Unauth Hackers errors, weak encryp​tion, unsecure protocols,
Semi-auth default settings, open ports and services

Shadow IT
Attributes of Internal or external threats, level of experi​enc​‐
Actors e/c​apa​bility, resources, funding, intent

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 6 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

1.6 Security Concerns (cont) 1.8 Pen Test Techniques

Thirs Party Risks vendor manage​ment, supply chain, outsourced Passiv​e/A​ctive drones, war flying​/dr​iving, footpr​inting, OSINT
code, data storage Recon
Impacts of Bad data loss/b​rea​che​s/e​xfi​ltr​ation, identity theft, Exercise Types red, blue, white, or purple team
Security financial, reputa​tion, availa​bility loss Pen Testing un/known enviro​nment, partially known enviro​‐
Terms w/o Definition nment, lateral movement, privilege escala​tion,
zero-day, patch manage​ment, legacy platforms cleanup, bug bounty, pivoting

1.7 Techniques

Threat Hunting Intel fusion

threat feeds
manuever
Vulner​ability non/cr​ede​ntialed
Scans
non/in​trusive
applic​ation
CVE
Config review
SIEM Security info and event management
Packet Capture, review reports, data inputs
User behavior analysis
sentiment analysis
security monitoring
log collectors
SOAR Security, orches​tra​tion, automa​tion, and
response

Terms w/o Definition

false positi​ves​/ne​gat​ives, log reviews, web applic​ation, network

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 7 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

2.1 Sec Conference 2.2 Cloud Concepts (cont)

EXplain the importance of security concepts in an enterprise enviro​‐ Thin client basic app usage, runs on remote server, VDI,
nment local device, minimal operating system on the
Config diagrams, baseline client, big network requir​ement
Management Containers Standa​rdized, physical infras​tru​cture with one
Data soverignty OS with container software, isolated process,
image, standa​rdized and lightw​eight, secure
Data Protection DLP, masking, encryp​tion, at rest, in motion, in
processing Monolithic client database code, one big applic​ation,
codebase is so large it is hard to do mainti​‐
tokeni​zation
nence, not as fast
Geography
Micros​ervices and APIs are the more effecient
SSL transport
version of monolithic
API
Micros​erv​ice​‐ API gateway manages commun​ication through
Site resiliency (hot, warm, cold)) s/APIs gateway to different micros​ervices that leads to
Honeyp​ots​/fl​ies​/nets a data base, the API is the "​glu​e", scalable,
resilient, security and compliance
DNS Sinkhole
Serverless archit​‐ FaaS, applic​ations are remote and autono​‐
Fake telemetry
echture mous, removes the OS, it is a stateless
compute container, event triggered (available
2.2 Cloud Concepts
as needed), third party
Acronyms to review: IaaS, PaaS, SaaS, XaaS, CSP, MSP/MSSP,
API, SDN, SDV, VM, SIAM
Fog computing cloud that is close to IoT data, midpoint, distri​‐
buted cloud archit​ecture, extends the cloud,
distribute data and processing
no latency, no bandwidth reqs, miminzes
security concerns
Edge computing IoT systems, edge server, close to the use,
process the data on the device, increased
internet speed

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 8 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

2.2 Cloud Concepts (cont) 2.2 Cloud Concepts (cont)

Transit Gateway VPC, public cloud that has resources, VPC is
controlled by the transit gateway aka "​cloud
router​," connects through VPN to VPCs
Virtua​liz​ation one physical piece of hardware, runs different
OSs on one deviceVm sprwal avoidance
vm escape protection
Virtua​liz​ation avoid VM sprawl because noo one knows
Security where VMs live, detail provis​ioning so everyone
knows where it is (track), VM is self-c​ont​ained
VM escape attack type can control host
HaaS/IaaS outsou​rcing equipment, must manage internally
SaaS easier and on-demand
PaaS middle ground, no HVAC, no mainte​nance
team, no direct control, building blocks
Cloud Design elasti​city, on-demand, global access,
Data Protection resource policies,
SIAM most providers are different, SIAM integrates
diverse providers for a unified view
SDN central mngmt, vendor neutral, no human
interv​ention, Agile, directly progra​mmable
to secure, use Internal firewall to connect all
servers, use an IPS between internet and
internal net, devices are software based
SDV must see traffic to secure data, monito​ring,
SIEM, firewalls are able to be implem​ented
data is encaps​ulated and encrypted
Terms w/o Defini​tions:
public, community, hybrid, infras​tru​cture as code, on prem v off
prem, service integr​ation, multis​our​cing, control pane (config), data
plane (perfo​rming)
2.3 App Dev/Deploy
Must be able to summarize these concepts
De/Pro​vis​ioning
QA
Integrity Measur​ement

IaaC can be deployed at will, describes app Secure Coding normal​iza​tion, stored procedures
instances in code, obfusc​ati​on/​cam​oflauge
Server v Client Side
OWASP
Compiler v Binary
Elasticity
Scalab​ility

Terms w/o Defini​tions:

memory manage​ment, version control,

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 9 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

2.4 Authen. and Author. 2.5 Cybers​ecurity (cont)

Authen​tic​ation directory services Non-pe​rsi​stence revert to nkown state, last known good config,
methods high availi​bility, restor​ation order
federation Diversity tech, vendors, crypto, controls
attest​ation Terms w/o Defini​tions:
TOTP, HOTP, SMS, token key, static codes, generator, dual supply, managed power, PDUs, multipath, NIC,
push notifi​cat​ion​s/phone calls replic​ation (SAN), disk, copy, NAS, cloud, image, online v offline,
offsite storage
smart cards
Biometrics finger​print, retina, iris, facial, voice, gait
2.6 Sec Implic​ations
analysis, efficacy rates, fase accept​anc​e/r​eje​‐
ction, CER Acronyms to REVIEW THEIR IMPLIC​ATIONS AND
Remember SCENARIOS SCADA, IoT, VoIP, HVAC, MFP,
MFA Factors: something you know, have, or are
RTOS, SoC, SIM cards
Attrib​utes: somewhere you are, something you
Embedded arduino, raspberry pi, FPGA
can do or exhibit, someone you know
systems
AAA
SCADA/ICS facili​ties, indust​rial, manufa​ctu​ring, energy,
logistics
2.5 Cybers​ecurity
IoT sensors, smart devices, wearables, facility
Redundancy RAID
automa​tion, weak defaults
Load Balancers on a network
specia​lized medical
UPS systems
Backup types Full vehicles, aircraft
Increm​ental Smart Meters
Snapshot Constr​aints for power, compute, network, crypto, inabil​ities to
Differ​ential embedded and patch, authen​tic​ation, range, cost, implied trust
Tape specia​lized
systems

Terms w/o Defini​tions:

drones, survei​llance systems, 5G, narrow band

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 10 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

2.7 Physical Sec 2.8 Crypto​graphic Concepts (cont)

Air Gap Stegan​ography Audio

Screened subnet (DMZ) Video
Secure Areas Image
Secure Data burning, shredding, pulping, pulver​izing, Quantum commun​ica​tions
destru​ction degaus​sing, third-​party computing
Faraday cages Post-Q​uantum
Sensors motion, noise, proximity, moisture, cards, temp Other Concepts digital signatures
Terms w/o Defini​tions: key length
bollards, AC vestib​ules, badges, alarms, signage, cameras, motion
salting
detection, CCTV, industrial camo, Personnel, Locks (biome​tri​c/p​hys​‐
hashing
ical), USB data blocker, fencing, lighting, fire suppre​ssion, drones,
visitor logs key exchange
ellipt​ic-​curve
2.8 Crypto​graphic Concepts perfect forward secrecy
Common Use Low Power devices
Cases
low latency
high resiliency
supporting confid​ent​iality
supporting integrity
obfusa​cation support
non-re​pud​ation support
Blockchain public ledgers
Limita​tions speed, size, weak keys, time, longevity, predic​‐
abi​lity, reuse, resource and security constr​aints
entropy
Modes of Unauth​ent​icated
Operation
Authen​ticated
Counter

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 11 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.1 Implement Secure Protocols 3.1 Implement Secure Protocols (cont)

Imlement secure protocols based on a scenario protocol for ex: LDAP can access
Protocol Definition Use read/w​riting dir active directory
Cases over an IP
network, uses
DNSSEC Secure DNS, validates info and sign
TCP/IP
integrity through public key crypto​‐ DNS
graphy certif​‐ LDAPS uses SSL, secure LDAP
icate SASL provides authen​tic​ation using client certif​ica​‐
SSH Secure shell provides encypted secure tions
client​-server terminal, replaced terminal FTPS uses SSL for NOT THE SAME AS
telnet/FTP commun​ encryption over SFTP
ication FTP client
S/MIME Used with email, Secure​/Mu​lti​‐ PKI SFTP SSH FTP, SSH used for encryp​tion, can ls dir,
purpose Internet Mail Extens​ions, manages manipulate files
public​/pr​ivate key pair is required these POP/IMAP Used with email, Use a STARTTLS
keys exntension to encrypt
SRTP Secure Real Time Protocol, keeps ex: POP3 with SSL or use
convos private, adds encyption, HMAC IMAP w/SSL
uses AES, uses Hash based SHA1 NTP no security, classic used in DDoS as
message amplifiers
LDAP Lightw​eight Directory Access Protocol (X.500 NTPSec secure version of NTP
written by Intern​ational Teleco​mmu​nic​ations
SSL/TLS Used with email, always encypted with
Union)
browser emails

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 12 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.1 Implement Secure Protocols (cont) 3.1 Implement Secure Protocols (cont)

SSL (Secure Sockets Layer), TLS (Transport DHCP snooping, MAC spoofi​ng,no built in
layer security) is the newer version of SSL) security, rogue DHCP servers are a security
HTTPS private key used on most common issue but can be minimized through trusted
server, symmetric session form uses public interfaces on switches and only allowing distri​‐
key transf​erred using key encryption bution from trusted interfaces
asymmetric encryption prevent DHCP client DoS starvation attacks
symmetric key with a limited number of MAC addys per
gets used during interface
commun​ication Antivirus, auto updates, constant, always check for
IPsec OSI Layer 3, public both tunnel ends Firewalls, encryp​tio​n/i​nte​grity checks to inform firewall
internet, data IS are secure, very animalware config​ura​tions
encrypted, anti-r​eplay with standa​rdized Use cases can include, voice and video, time sync, email, file
encryption transfer, directory services, routing and switching, DNR(Domain
AH provides integrity, ESP provides encryption Name Resolu​tion), Net address alloca​tion, and subscr​iptions

Tunneling
ESP
SNMPv3 SSH encrypts tunnel is asking router​‐
commun​ica​tion, follows s/s​witches for info
CIA from web browser
with HTTPS
DHCP servers must be routin​g/s​wit​ching
authorized in AD, no
secure version of DHCP

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 13 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.2 Host/App Sec 3.2 Host/App Sec (cont)

Implement these based on a scenario Boot Integrity BIOS, will use secure boot, protects UEFI
Secure coding practices: with the BIOS and public key to protect
Bootloader BIOS update with digital signature
Type Scenario Solution
check, verifies boot laoder
Endpoint trojans worms and viruses are Antivirus
device provides central management Attest​‐
Protection stopped
server with all bootloader info from ation
stops spywar​e/r​ans​omw​are​/fi​leless Antima​‐
chain of trust. The report will compare
lware
with trusted v not trusted
allows to detect a threat without or EDR
Various Boot not wanting to lose contact with a Secure
with signatures and can use
Levels (Chain system, perfect to get in, rootkits Boot
behavioral analysis, can invest​igate
of Trust) work, UEFI
and respond
bootloader verifies signature of OS Trusted
OSI app layer, can block/​allow, NGFW
kernel Boot
examine encrypted data
allows us to measure if any changes Measured
HIDS uses log files to detect, HIPS HIPs/HIDS
occured, measur​ements stored in Boot
can block known attacks and uses
TPM as a hash from previous two
signat​ures, hashes, and behavioral
processes
analysis
Database breaches can be expensive, compliance issues,
allow/​block incoming or outgoing app Host-
continuity of business is important
traffic based
firewall

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 14 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.2 Host/App Sec (cont) 3.2 Host/App Sec (cont)

replacing sensitive data like a SSN with Tokeni​‐ app code is signed by developer, code
a different, totally random number. ex: zation assymetric encryp​tion, trusted CA signing
tap to pay, NOT HASHING OR signs developers public key
ENCRYPTING SAST for static code analysis, can Static v
adding random data to a hash to secure Salting easily find vulner​abi​lit​ies(can have Dynamic
it further false positi​ves). Code
one way, ex: passwords, fixed length Hashing Analysis

Applic​ation occurs when info is going in, normal​‐ input dynamic analysis, random data put Fuzzing
Security ization valida​‐ into an app, time and CPU resource
tions heavy, try CERTBFF, negative
testing, attack type,
info stored on computer from browsers, cookies
tracks temp info, person​ali​zation, Hardening minimizing attack survace, removing all possible
session mangmt, sensitive info is NOT entry points, can be based on compli​ance, CIS,
supposed to store info SANS, NIST

secure headers are added to web Headers possible entry points, close all except Open
server config​ura​tion, restricts browsers, required ports, used with NGFW, use Ports
helps prevent XSS attacks nmap
FDE, ex: Bitlocker, Disk
encryption

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 15 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.2 Host/App Sec (cont) 3.3 Secure Net Design (cont)

system stability, security fixes, Patch NIDS/NIPS

emergency used for zero day management HSM
attacks
Aggreg​ators
TPM trusted platform modules, used in Secure Boot
Firewalls
junction with HSM
ACL
Terms w/o Defini​tions:
App v host v virtual
allow/​block list, sandbo​xing, FDE, SED, Hardware root of trust,
registry, auto update, third party services Port Scanning

3.3 Secure Net Design 3.4 Wireless Security

Implement secure network designs based on scenarios Remember to review how to install and configure wireless security
settings
Design Type Terms Definition Scenarios
Crypto​graphic WPA2
Load Balancing active​/active
Protocols
passiv​e/a​ctive
WPA3
Virtual IP
CCMP
Segmen​tation VLAN
SAE
DMZ
Authen​tic​ation EAP
Extra or Intranet
Tools
VPN split tunnel v full tunnel
PEAP
SSL/TLS
EAP-FAST
HTML5
EAP-TLS
L2TP
EAP-TTLS
DNS
IEEE 802.1x
Port Security snooping
RADIUS
Network jump servers
Methods PSK, open, WPS, captive portals
Appliances
Instal​lations site surveys, heat maps, WiFi analyzers,
forward proxy
channel overlaps, WAP, ap security
reverse proxy

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 16 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.5 Mobile Solutions 3.6 Cloud Cybers​ecurity

Controls High availi​bility, resource policies, secrets

Connection cellular, wifi, bluetooth, infared, USB, PTP, manage​ment, auditing
Methods GPS, RFID Storage Controls permis​sions, encryp​tion, replic​ation, high availi​‐
NFC bility
MDM remote wipes, geofen​cing, geoloc​ation, screen Network Controls Virtual Networks
locks, push notifi​cat​ions, passowrds and pins Public​/pr​ivate subnets
applic​ation management Segmen​tation
content management API Inspection
Biometrics Compute Controls Sec groups, dynamic resource alloca​tion,
full device encryption instance awareness, VPC endpoint, container
contai​ner​ization security

storage segmen​tation Solutions CASB, app security, SWG, Firewalls consider

for firewalls cost, segmen​tation
Enforc​ement and monitor third parties
monito​ring... Third party

rooting
3.7 Account Management
sidelo​ading
Identity Tools IdP, Attrib​utes, Certif​icates, Tokens, SSH
custom firmware
Keys, Smart Cards
OTA
Account Types user, shared, generic, guest, service
geotagging
Account Policies Password comple​xity, history, and reuse
Hotspot prohib​iting
Deployment BYOD, CYOD, COPE, VDI Network location, geofen​cing, geotagging
Models
access policies, time based logins, account
Terms w/o Defini​tions: audits, permis​sions, lockout, disabl​ement
contex​t-aware authen​tic​ation, carrier unlocking, UEM, MAM,
Android, Camera use, SMS, external media, USB OTG, microp​hone,
GPS

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 17 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

3.8 Authen​/Author Solutions Recomm​ended Resources

Authen​tic​ation keys, vaults Comptia Objectives List Sec+ 691 Exam Cram (Book, $40)
management (Free)
TPM, HSM, knowle​dge​-based Professor Messer​(Free, 601 Get Certified Get Ahead (Book,
Authen​tic​ati​on/​‐ EAP, SHAP, PAP, RADIUS, 802.1x, SSO, Videos) $40)
Aut​hor​ization SAML, TACACS+ LinkedIn Learning (1st Official Comptia Study Tools (Books,
Kerberos Month Free) $50 USD)

Access Control ABAC, MAC, DAC Anki Learning Flashcards Practice Tests!
Schemes (Free)

rule or role based, condit​ional, privilege access see braindump

management

3.9 PKI

PKI Types Definition Certif​icate Types Definition

Key Wildcard
Management
CA, RA, CRL, Subject Altern​ative Names
OCSP, CSR,
CN
Expiration Code Signing
Self Signed
Concepts Email, User, Root, Domain
Online v DER Format
Offline
Stapling PEM Format
Pinning PFX Format
Trust Model P12
Key Escrow P7B

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 18 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

4.1 ToolUse 4.2 PPP

Organi​zat​ional Security Policies, Processes, and Procedures for IR

Commands Function Tools Function IR Process Preper​ation
tracert theHar​vester Identi​fic​ation

nslook​up/dig sn1per Contai​nment

nmap Nessus Eradic​ation

ipconf​ig/​ifc​on Cuckoo Recovery

fig Lessons Learned

hping FTK Imager Attack MITRE ATT&CK

Frameworks
netstat Win Hex
Cyber Kill Chain
netcat Autopsy
Stakeh​older Management
arp Wireshark
Commun​ication Plan
route Memdump
DRP
curl Powers​hell,
BCP
Python, SSH
COOP
dnsenum last one used for Tcpdump
recon Retention

head used for file manipu​‐ Tcpreplay Terms w/o Defini​tio​ns:​tab​letop, walkth​roughs, simula​tions, diamond
lation (FM) model of intrusion analysis, irp
tail FM
4.3 Data Support
cat FM
Utilize approp​riate data sources to support an invest​igation
grep FM
SIEM Dashboards sensors, sensit​ivity, trends, alerts, correl​ation
chmod FM
Log Files Network, system, app, security, web, DNS,
logger FM
authen​tic​ation, dump files, VoIP, SIP
Terms w/o Defini​tio​ns:Data saniti​zation, dd, password crackers, syslog
indicent response, OpenSSL
journalctl
NXLog
Bandwidth monitors
Metadata email, mobile, web, file
netflow

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 19 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

4.3 Data Support (cont)

Protocol Analyzer

4.4 Mitigation

Reconf​iguring Endpoints
Quarantine
Config​uration alter firewall, MDM, DLP, content filter, cert
changes updates
Isolation, Contai​nment, Segmen​tation
SOAR playbooks

4.5 Digital Forensics

Docume​ntation can include video, tags, reports, snapshots,

and Evidence time stamps, event logs, interv​iews, admiss​‐
ibility
chain of custody
Acquis​ition order of volatility
use disks, RAM, OS, device type, firmware,
snapshots, caches, networks, artifacts
Integrity Hashing, checksums, and provenance
Preser​vation is crucial
Non-re​pud​ation
Counte​rin​tel​ligence

Terms w/o Defini​tions:

on prem v cloud, right to audi, data breaches

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 20 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

5.1 Types of Controls 5.3 Policies (cont)

Control preven​tive, detective, correc​tive, deterrent, compen​‐ Third Party Risk vendors, supply chain, business partners, SLA,
Types sating, physical Management MOU, MSA, BPA, EOL, EOSL
Categories manege​rial, operat​ional, technical Data Classi​fic​ation
Governance
5.2 Regula​tions
Retention
Importance of applic​aible regula​tions, standards, or frameworks that
Credential personnel, third party, devices, service
impact organi​zat​ional security posture
Policies in accounts, admins
Legisl​ation GDPR reference to...
Nation​al/​ter​rit​ory​/state laws Organi​zat​ional Change management and control
PCI DSS Policies

HIPAA Asset Management

Frameworks CIS
5.4 Risk Management
NIST
Acronyms: RTO, RPO, MTTR, MTBF, DRP, SLE, ALE, IP, ARO
RMF/CSF
Risk types external, internal, legacy systems, multip​arty, IP
ISO
include... theft, and software compliance
Cloud
Risk Management Accept​ance, Avoidance, Transf​erence,
SSAE
Stategies Mitigation
Guides OS
Risk Analysis Control assesments
Web server
inherent risk
residual risk
5.3 Policies
control risk
Personnel Abide by AUP, job rotations, mandatory
Qualit​ative v Quanti​tative risk
vacations, sepere​ation of duties
Likelihood of occurence
least privilege
Asset Values
clean desk, background checks, NDAs, social
media analysis, Onboar​ding, Offboa​rding, User SLE, ALE, ARO
Traini​ng/Role based training Business Impact RTO, RPO, MTTR, MTBF, DRp
Diverse Training Analysis
site risk assessment

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 21 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

5.5 Data Security Network Design (cont)

Conseq​uences to reputation is damaged, identity theft, fines, IP Use layered security : A layered security approach involves implem​‐
an org when data theft enting multiple layers of defense to protect the network from different
breaches occur types of threats. This includes using firewalls, intrusion detection and
Notifi​cations prevention systems, antivirus software, encryp​tion, and access
controls.
Data Types Public
Secure network infras​tru​cture: The network infras​tru​cture should be
Private
secured by implem​enting strong passwords, disabling unnece​ssary
Sensitive services, updating firmware and software, and restri​cting access to
Confid​ential critical network devices. Network devices should also be physically
secured to prevent unauth​orized access.
Propri​etary
Implement access controls: Access controls should be implem​ented
PII
to restrict access to sensitive inform​ation and resources. This
Health, Govt, Customer includes user authen​tic​ation, author​iza​tion, and accounting (AAA),
Financial role-based access control, and network segmen​tation.
Privacy Enhancing Data minimi​zation Encrypt sensitive data: Sensitive data should be encrypted both in
Techno​logies transit and at rest. This includes using secure protocols such as
HTTPS, SSH, and VPNs for data transm​ission and encryption tools
Data masking
such as BitLocker, VeraCrypt, or LUKS for data storage.
tokeni​zation
Train employees: Security awareness training should be provided to
anonym​inity all employees to educate them on security best practices and to
Roles and their Data owners reduce the risk of human error.
Respon​sib​ilities Monitor and test the network: Regular monitoring and testing should
be conducted to identify and remediate security vulner​abi​lities. This
Data controller
includes using network monitoring tools, conducting penetr​ation
DPO
testing, and reviewing audit logs.
Info Life Cycle
Terms of Privacy Notices Encryption and Keys
Agreement
Public vs Private Key

Network Design

Conduct a risk assessment: The first step in designing a secure

network is to assess the risks to the network and the assets it
protects. This includes identi​fying potential threats, vulner​abi​lities,
and the impact of a security breach. Based on the risk assess​ment,
the security requir​ements can be identi​fied, and the security design
can be developed.

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 22 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

Encryption and Keys (cont) PBQ Notes from Youtube

Public Key: A public key is a part of the asymmetric encryption Firewalls allow web traffic, disallow all traffic from specific IP,
algorithm and is made available to anyone who wants to commun​‐ and ensure implicit deny, port 53 is DNS,
icate with the owner of the key. It is used to encrypt data, digital Proxy
signature verifi​cation, and establish secure commun​ication channels. PBQ
The public key can be freely distri​buted as it does not contain IDS alert, supposed to be denied on ACL, given diagram.
sensitive inform​ation. Private Key: A private key, on the other hand, 443 default port for https, NAT, NAPT firewall in use
is the other half of the asymmetric encryption algorithm and is kept
3.3 PBQ tcp port 22, new inbound rule wizards, use custom, rule
secret by the owner of the key. It is used to decrypt data, generate
can be named SFTP, most groups use third party for
digital signat​ures, and establish secure commun​ication channels.
FTP,
The private key must be kept secure as it contains sensitive inform​‐
PBQ multif​actor auth charac​ter​istis, payload, trojan with
ation that must not be disclosed to anyone else.
Vincent keylogger
Asymmetric Keys vs Symmetric Keys
Humble
Symmetric Key: A symmetric key encryption system uses the same
crypto​graphic scenario: RSA,
secret key to both encrypt and decrypt the data. The sender and
hash  private key encryption  to create dig sig 
receiver must have the same secret key to commun​icate securely.
alice then attatches DS to og message to deliver to bob
The symmetric key encryption system is faster than the asymmetric
(SHE FORGOT TO ENCRYPT THIS)  bob then
key encryption system, and it is typically used for bulk data encryp​‐
decrypts og message w/ DS using Alice's public key 
tion. Asymmetric Key: An asymmetric key encryption system uses
resulting in the has of the og message  bob performs
two keys, a public key, and a private key. The public key is used to
hash comparison  the hashes do not match  no trust
encrypt the data, and the private key is used to decrypt it. Anyone
can have access to the public key, but the private key is kept secret Other 601-P1: blowfish cipher, Bcrypt? can lengthen and
by the owner. Asymmetric key encryption is slower than symmetric Vincent strengthen keys, longer the key, the longer a file is
key encryption but provides better security and is typically used for Humble confid​ential,
digital signat​ures, secure key exchange, and establ​ishing secure Videos
commun​ication channels. The main difference between symmetric
and asymmetric key encryption is that symmetric key encryption uses
the same key to encrypt and decrypt data, while asymmetric key
encryption uses two different keys for encryption and decryp​tion. The
symmetric key encryption system is faster, while the asymmetric key
encryption system is more secure.

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 23 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

PBQ Notes from Youtube (cont) Encryption (Image)

601-P2: Sim cloning, elliptic curve crypto​graphy, geo requir​ement

for data centers 100 miles?, hybrid, DLP, GPS and WiFi, nonrep &
accoun​tib​ility,
601-P3:

Cyber Kill Chain

Alt text: encryption process

Data prepar​ation, Key genera​tion, Encryption algorithm, transm​‐
ission of data, decryption

DiD

Alt text: the cyber kil chain, 8 steps

Cloud vs On Premises

Alt Text: Defense in depth methods

DNS Tunneling

Alt Text: DNS tunneling techniques

Alt text: On cloud vs On premises

Note: This is a VERY strong theme throughout all of the objectives

for this exam

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 24 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/
 Security+ 601 Exam Cheat Sheet
by sokoctopus (sokoctopus) via cheatography.com/178232/cs/37168/

Virtua​liz​ation vs Contai​ner​ization

Alt text: virtua​liz​ation vs contai​ner​ization screenshot from Professor

Messer Video

"As a Servic​e"

Alt text: Cloud services and how they differ from one another

By sokoctopus (sokoctopus) Published 25th March, 2023. Sponsored by ApolloPad.com

Last updated 25th March, 2023. Everyone has a novel in them. Finish
Page 25 of 24. Yours!
https://apollopad.com
cheatography.com/sokoctopus/