📚

Ben’s Security+ 701 Notes

READ ME:
Thanks for supporting my channel! These are my notes that I used to pass the
Sec+ Exam on my first try! This also includes new terms that are found in the
Security+ 701 version.

I strive to keep my notes free and accessible to all. If you've found my notes
valuable, tips are always greatly appreciated. Your support enables me to create
more study materials and sustain my channel. Thank you! 🙂
Tip Jar:
Buy Me a Coffee 👉 https://buymeacoffee.com/benhtruongq
Gumroad 👉 https://bentruong.gumroad.com/l/701?

Study Prompt (ChatGPT):

I am currently studying to get my CompTIA Security+. I want you to act as if you
are my
tutor preparing me for the test. I am going to ask you about a bunch of different
concepts, I want your answers to include a few things.
1. General overview of the concept
2. What I might need to know about it for the Security+ exam
Answer all of my question in this format, until I say otherwise. Can you do that for
me?

Ben’s Security+ 701 Notes 1

 1.0 General Security Concepts
1.1 Compare and contrast various types of security controls.

Categories:

1. Technical Controls: Implemented through technology, focusing on securing

systems, networks, and data.

Examples: firewalls, encryption, access controls

2. Managerial Controls: Policies, procedures, and guidelines to manage security

efforts.

Examples: security policies, risk management frameworks

3. Operational Controls: Day-to-day operational activities ensuring security

measures are properly implemented.

Examples: security audits, system monitoring

4. Physical Controls: Measures to protect physical assets and facilities.

Examples: locks, biometric access controls, surveillance cameras

Control Types:

1. Preventive Controls: Stop security incidents by preventing unauthorized

access or activities.

Examples: firewalls, encryption, authentication

2. Deterrent Controls: Discourage attackers by increasing perceived risk or

difficulty.

Examples: warning signs, security cameras

3. Detective Controls: Identify security incidents after they occur.

Examples: intrusion detection systems, security audits

Ben’s Security+ 701 Notes 2

 4. Corrective Controls: Mitigate impact of security incidents and restore affected
systems.

Examples: incident response plans, data backups

5. Compensating Controls: Address security requirements when primary

controls are ineffective.

Examples: risk acceptance, business continuity planning

6. Directive Controls: Provide guidance on compliance with security policies and

standards.

Examples: security policies, training

1.2 Summarize fundamental security concepts.

Confidentiality, Integrity, and Availability (CIA): Fundamental principles of

information security ensuring data is kept confidential, accurate, and available
when needed.

Non-repudiation: Assurance that a sender cannot deny the authenticity or

integrity of a message or transaction.

Authentication, Authorization, and Accounting (AAA):

Authenticating people: Verifying the identity of users.

Authenticating systems: Confirming the identity of devices or systems.

Authorization models: Determining what resources users or systems can

access.

Gap analysis: Assessment of the differences between current security

measures and desired security objectives.

Zero Trust:

Control Plane:

Adaptive identity: Dynamic authentication based on context.

Ben’s Security+ 701 Notes 3

 Threat scope reduction: Limiting the potential impact of security
breaches.

Policy-driven access control: Access decisions based on defined

policies.

Policy Administrator: Management of access control policies.

Policy Engine: Enforcement of access control policies.

Data Plane:

Implicit trust zones: Segmentation of network based on trust levels.

Subject/System: Entity accessing or being accessed.

Policy Enforcement Point: Mechanism enforcing access control

policies.

Physical Security:

Bollards: Posts used to block vehicular access.

Access control vestibule: Enclosed area controlling entry into a secure

facility.

Fencing: Barrier to prevent unauthorized access.

Video surveillance: Monitoring system using cameras.

Security guard: Personnel providing physical security.

Access badge: Credential granting entry to a secured area.

Lighting: Illumination to enhance visibility and deter intruders.

Sensors:

Infrared: Detects heat signatures.

Pressure: Detects physical pressure changes.

Microwave: Emits microwaves to detect motion.

Ultrasonic: Uses sound waves to detect motion.

Deception and Disruption Technology:

Honeypot: Decoy system designed to attract attackers and gather information.

Ben’s Security+ 701 Notes 4

 Honeynet: Network of honeypots used for monitoring and analysis.

Honeyfile: Fictitious file used to detect unauthorized access.

Honeytoken: Decoy credential or data item used to detect unauthorized

access.

1.3 Explain the importance of change management processes

and the impact to security.

Business Processes Impacting Security Operations:

Approval Process: Procedure for obtaining authorization for security-related

actions or changes.

Ownership: Assignment of responsibility for security tasks or assets to

specific individuals or teams.

Stakeholders: Individuals or groups with an interest or involvement in

security-related decisions or activities.

Impact Analysis: Assessment of the potential effects of security incidents or

changes on business operations.

Test Results: Findings from security testing activities such as penetration

testing or vulnerability assessments.

Backout Plan: Contingency plan for reversing changes or mitigating risks if

security measures fail or cause issues.

Maintenance Window: Scheduled timeframe during which security updates or

maintenance tasks can be performed without disrupting business operations.

Standard Operating Procedure: Established protocol or guideline for carrying

out security-related tasks or responding to security incidents.

Technical Implications:

Allow Lists/Deny Lists: Lists of permitted or prohibited entities, actions, or

resources within a system or network.

Ben’s Security+ 701 Notes 5

 Restricted Activities: Actions or operations that are limited or prohibited due
to security considerations.

Downtime: Period during which a system or service is unavailable due to

maintenance, security updates, or security incidents.

Service Restart: Process of stopping and restarting a service to apply

changes or address security issues.

Application Restart: Reloading or restarting an application to implement

security changes or address issues.

Legacy Applications: Older software or systems with potential security

vulnerabilities or compatibility issues.

Dependencies: Relationships or connections between systems, applications,

or components that may impact security.

Documentation:

Updating Diagrams: Updating visual representations of systems, networks, or

processes to reflect changes or security configurations.

Updating Policies/Procedures: Revising written guidelines or protocols to

align with changes in security practices or requirements.

Version Control: Managing and tracking changes to documents, policies,

procedures, or software to ensure accuracy, accountability, and compliance.

1.4 Explain the importance of using appropriate cryptographic

solutions.

Public Key Infrastructure (PKI):

Public Key: A cryptographic key that is shared openly and used for encryption
or verifying signatures.

Private Key: A secret key that is kept confidential and used for decrypting
data or creating digital signatures.

Ben’s Security+ 701 Notes 6

 Key Escrow: A process where cryptographic keys are stored by a trusted third
party for emergency access.

Encryption:

Level: Various levels of encryption applied to different aspects of data storage

and communication.

Full-disk

Partition

File

Volume

Database

Record

Transport/Communication: Securing data during transmission between

devices or networks.

Asymmetric Encryption: Encryption method using pairs of keys: public and

private keys.

Symmetric Encryption: Encryption method using a single key for both

encryption and decryption.

Key Exchange: Process of securely sharing cryptographic keys between

parties.

Algorithms: Mathematical formulas used for encryption and decryption.

Key Length: The size of the cryptographic key, influencing the strength of
encryption.

Tools:

Trusted Platform Module (TPM): Hardware component for securely storing

cryptographic keys and performing cryptographic operations.

Hardware Security Module (HSM): Dedicated hardware device for managing,

storing, and processing cryptographic keys securely.

Ben’s Security+ 701 Notes 7

 Key Management System: Software or hardware solution for generating,
storing, and distributing cryptographic keys.

Secure Enclave: Isolated hardware or software environment for secure

processing of sensitive data.

Obfuscation:

Steganography: Concealing data within other data to hide its existence.

Tokenization: Substituting sensitive data with non-sensitive placeholders.

Data Masking: Concealing or anonymizing specific data elements within a

dataset.

Hashing:

Generating a fixed-size, unique hash value from input data using

cryptographic algorithms.

Salting:

Adding random data to input before hashing to prevent identical inputs from
producing the same hash.

Digital Signatures:

Cryptographic signatures that verify the authenticity and integrity of digital

messages or documents.

Key Stretching:

Technique to increase the computational effort required to derive keys from

passwords.

Blockchain:

Distributed, decentralized ledger technology used for secure and transparent

record-keeping.

Open Public Ledger:

Transparent and publicly accessible record of transactions or data entries.

Certificates:

Ben’s Security+ 701 Notes 8

 Digital documents used to authenticate the identity of users, devices, or
organizations.

Certificate Authorities: Entities that issue and manage digital certificates.

Certificate Revocation Lists (CRLs): Lists of revoked or compromised

digital certificates.

Online Certificate Status Protocol (OCSP): Protocol for checking the

revocation status of digital certificates in real-time.

Self-signed: Digital certificates signed by their own issuer.

Third-party: Digital certificates issued by a trusted third-party CA.

Root of Trust: A trusted entity or component from which cryptographic

operations and trust relationships originate.

Certificate Signing Request (CSR) Generation: Process of requesting a

digital certificate from a CA.

Wildcard: A digital certificate that can secure multiple subdomains of a

domain.

2.0 Threats, Vulnerabilities, and Mitigations

2.1 Compare and contrast common threat actors and
motivations.

Threat Actors:

Nation-state: Government-sponsored entities targeting other nations for

political, economic, or military purposes.

Unskilled Attacker: Individuals with limited technical expertise or

resources attempting to exploit vulnerabilities.

Hacktivist: Individuals or groups motivated by political or social causes,

engaging in cyber attacks to promote their agenda.

Ben’s Security+ 701 Notes 9

 Insider Threat: Current or former employees, contractors, or partners with
insider access to systems and data, posing a risk to security.

Organized Crime: Groups engaged in illegal activities, including

cybercrime, for financial gain.

Shadow IT: Unauthorized IT systems or services implemented within an

organization without official approval or oversight.

Attributes of Actors:

Internal/External: Whether the threat actor operates from within the target
organization or externally.

Resources/Funding: The level of financial and technological resources

available to the threat actor.

Level of Sophistication/Capability: The technical expertise and

sophistication of the threat actor's tactics, techniques, and procedures
(TTPs).

Motivations:

Data Exfiltration: Stealing sensitive data for espionage, financial gain, or

sabotage.

Espionage: Gathering intelligence or intellectual property for political,

economic, or military advantage.

Service Disruption: Interrupting or disabling critical services to cause

operational disruptions.

Blackmail: Coercing victims by threatening to expose sensitive information

or disrupt operations.

Financial Gain: Monetizing stolen data, conducting ransomware attacks,

or engaging in cybercrime for profit.

Philosophical/Political Beliefs: Acting in alignment with ideological or

political agendas.

Ethical: Conducting security research or penetration testing with

permission to identify vulnerabilities and improve defenses.

Ben’s Security+ 701 Notes 10

 Revenge: Retaliating against individuals, organizations, or entities
perceived as adversaries.

Disruption/Chaos: Creating chaos or confusion for strategic or ideological

reasons.

War: Engaging in cyber warfare to achieve political, economic, or military

objectives.

2.2 Explain common threat vectors and attack surfaces.

Attack Vectors:

Message-based:

Email: Using email communication to deliver malicious content or phishing

attempts.

Short Message Service (SMS): Sending malicious messages via text

messaging.

Instant Messaging (IM): Exploiting vulnerabilities in instant messaging

platforms to deliver malware or scams.

Image-based: Leveraging image files containing hidden malware or exploiting

vulnerabilities in image processing software.

File-based: Delivering malicious payloads through file attachments, such as

infected documents or executables.

Voice Call: Exploiting vulnerabilities in voice communication systems to deliver

scams or phishing attempts.

Removable Device: Infecting systems through the use of infected USB drives
or external storage devices.

Vulnerable Software:

Client-based vs. Agentless: Exploiting vulnerabilities in client software or

agentless systems to gain unauthorized access or deliver malware.

Ben’s Security+ 701 Notes 11

 Unsupported Systems and Applications: Targeting systems or applications
that no longer receive security updates or patches.

Unsecure Networks:

Wireless: Exploiting vulnerabilities in wireless network protocols to

intercept communications or gain unauthorized access.

Wired: Eavesdropping or conducting man-in-the-middle attacks on wired

network connections.

Bluetooth: Exploiting vulnerabilities in Bluetooth connections to gain

unauthorized access or deliver malware.

Open Service Ports: Targeting open ports on networked devices to exploit

known vulnerabilities or gain unauthorized access.

Default Credentials: Exploiting devices or systems with default login

credentials that have not been changed.

Supply Chain:

Managed Service Providers (MSPs): Exploiting vulnerabilities in services

provided by third-party managed service providers.

Vendors: Targeting vulnerabilities in software or hardware provided by

vendors.

Suppliers: Exploiting vulnerabilities in components or services provided by

suppliers.

Human Vectors/Social Engineering:

Phishing: Sending fraudulent emails or messages to trick individuals into

revealing sensitive information or performing actions.

Vishing: Using voice communication to deceive individuals into divulging

sensitive information.

Smishing: Sending deceptive text messages to trick individuals into

revealing information or downloading malware.

Misinformation/Disinformation: Spreading false or misleading information

to manipulate individuals or organizations.

Ben’s Security+ 701 Notes 12

 Impersonation: Pretending to be someone else to deceive individuals or
gain unauthorized access.

Business Email Compromise: Targeting employees with fraudulent emails

to trick them into transferring funds or sensitive information.

Pretexting: Creating a false pretext or scenario to manipulate individuals

into revealing information or performing actions.

Watering Hole: Compromising websites frequented by target individuals or

organizations to deliver malware or conduct attacks.

Brand Impersonation: Impersonating reputable brands or organizations to

deceive individuals into taking actions.

Typosquatting: Registering domain names similar to legitimate ones to

deceive users into visiting malicious websites.

2.3 Explain various types of vulnerabilities.

Application:

Memory Injection: Exploiting vulnerabilities to inject malicious code into a

running process's memory space.

Buffer Overflow: Overwriting adjacent memory locations to execute

malicious code or crash the application.

Race Conditions:

Time-of-Check (TOC): Exploiting the time gap between checking a

condition and acting on it.

Time-of-Use (TOU): Exploiting changes in system state between the

time of validation and the time of use.

Malicious Update: Distributing updates or patches that contain malicious

code or backdoors.

Operating System (OS)-Based:

Ben’s Security+ 701 Notes 13

 Exploiting vulnerabilities in the operating system to gain unauthorized
access or disrupt operations.

Web-Based:

Structured Query Language Injection (SQLi): Exploiting vulnerabilities in

web applications to execute malicious SQL queries.

Cross-Site Scripting (XSS): Injecting malicious scripts into web pages

viewed by other users.

Hardware:

Firmware: Exploiting vulnerabilities in device firmware to gain

unauthorized access or control.

End-of-Life: Exploiting vulnerabilities in devices or systems that are no

longer supported by the manufacturer.

Legacy: Exploiting vulnerabilities in older hardware or software that is still

in use.

Virtualization:

Virtual Machine (VM) Escape: Exploiting vulnerabilities in virtualization

software to break out of a virtual machine and access the host system.

Resource Reuse: Exploiting shared resources in virtualized environments

to gain unauthorized access or disrupt operations.

Cloud-Specific:

Exploiting vulnerabilities in cloud services or infrastructure to gain

unauthorized access or disrupt operations.

Supply Chain:

Service Provider: Exploiting vulnerabilities in services provided by third-

party vendors or service providers.

Hardware Provider: Exploiting vulnerabilities in hardware components

provided by suppliers.

Software Provider: Exploiting vulnerabilities in software provided by third-

party vendors or service providers.

Ben’s Security+ 701 Notes 14

 Cryptographic:

Exploiting weaknesses or vulnerabilities in cryptographic protocols or

implementations.

Misconfiguration:

Exploiting misconfigured settings or permissions to gain unauthorized

access or disrupt operations.

Mobile Device:

Side Loading: Installing applications from unofficial or untrusted sources,

which may contain malware.

Jailbreaking: Removing software restrictions imposed by the

manufacturer to gain access to unauthorized features or apps.

Zero-Day: Exploiting vulnerabilities that are unknown to the software vendor

or have not yet been patched.

2.4 Given a scenario, analyze indicators of malicious activity.

Malware Attacks:

Ransomware: Malicious software that encrypts files or systems and

demands payment for decryption.

Trojan: Malware disguised as legitimate software, which performs

unauthorized actions when executed.

Worm: Self-replicating malware that spreads across networks and devices

without user intervention.

Spyware: Software designed to secretly gather user information or

monitor activities without consent.

Bloatware: Unwanted software that consumes system resources and may

display intrusive advertisements.

Ben’s Security+ 701 Notes 15

 Virus: Malicious code that attaches itself to legitimate programs and
spreads when those programs are executed.

Keylogger: Software or hardware that records keystrokes, often used to

capture sensitive information like passwords.

Logic Bomb: Malicious code that executes a harmful action when specific
conditions are met.

Rootkit: Malware that grants unauthorized access to a computer system

and conceals its presence from users and security software.

Physical Attacks:

Brute Force: Attempting to gain access to a system or account by

systematically trying all possible passwords or encryption keys.

Radio Frequency Identification (RFID) Cloning: Copying RFID tags to gain

unauthorized access to secure areas or systems.

Environmental: Physical damage or disruption caused by factors such as

fire, water, or extreme temperatures.

Network Attacks:

Distributed Denial-of-Service (DDoS):

Amplified: Exploiting vulnerabilities to amplify the volume of traffic

used in a DDoS attack.

Reflected: Spoofing the source IP address to redirect and amplify

traffic towards a target.

Domain Name System (DNS) Attacks: Disrupting or manipulating DNS

services to redirect traffic or disrupt network operations.

Wireless: Exploiting vulnerabilities in wireless networks or devices to gain

unauthorized access or disrupt operations.

On-Path: Intercepting and modifying network traffic between two parties

to eavesdrop or manipulate data.

Credential Replay: Capturing and reusing authentication credentials to

gain unauthorized access to systems or services.

Ben’s Security+ 701 Notes 16

 Malicious Code: Executing unauthorized commands or actions on a target
system.

Application Attacks:

Injection: Inserting malicious code or commands into an application to

exploit vulnerabilities.

Buffer Overflow: Writing data beyond the allocated memory buffer,

potentially allowing attackers to execute arbitrary code.

Replay: Capturing and replaying valid data packets to gain unauthorized

access or perform malicious actions.

Privilege Escalation: Exploiting vulnerabilities to gain elevated privileges

and access restricted resources.

Forgery: Creating and using falsified data or credentials to impersonate a

legitimate user or system.

Directory Traversal: Exploiting insufficient input validation to access files

and directories outside of the intended directory structure.

Cryptographic Attacks:

Downgrade: Forcing a system to use weaker cryptographic protocols or

algorithms to exploit vulnerabilities.

Collision: Finding two different inputs that produce the same hash value,
potentially leading to unauthorized actions.

Birthday: Exploiting the mathematical probability of two different inputs

producing the same hash value.

Password Attacks:

Spraying: Attempting to gain unauthorized access by using a small

number of commonly used passwords against multiple accounts.

Brute Force: Attempting to guess passwords by systematically trying all

possible combinations until the correct one is found.

Indicators:

Ben’s Security+ 701 Notes 17

 Indications or signs of potential security incidents, breaches, or abnormal
activities within a system or network.

Account lockout

Concurrent session usage

Blocked content

Impossible travel

Resource consumption

Resource inaccessibility

Out-of-cycle logging

Published/documented

Missing logs

2.5 Explain the purpose of mitigation techniques used to secure

the
enterprise.
Segmentation:

involves dividing a network or system into smaller, isolated segments to

enhance security by controlling access and limiting the impact of security
incidents.

Access Control:

Access Control List (ACL): List of permissions attached to an object that

specifies which users or system processes are granted access to it and
what operations they are allowed to perform.

Permissions: Rights granted to users, groups, or processes that define their

access levels to system resources.

Application Allow List: A list of approved applications that are allowed to

execute within an environment, reducing the risk of unauthorized or
malicious software.

Ben’s Security+ 701 Notes 18

 Isolation: Separating critical systems or sensitive data from other parts of
the network or environment to contain potential threats and limit their
impact.

Patching: Regularly applying software updates, patches, or fixes to

address known vulnerabilities and improve system security.

Encryption: Converting data into a secure form to prevent unauthorized

access, especially during transmission or while stored on a device or
server.

Monitoring: Continuous surveillance of systems, networks, or applications

to detect and respond to security threats or suspicious activities.

Least Privilege: Principle of restricting access rights for users, accounts,

or processes to only those necessary to perform their job functions.

Configuration Enforcement: Ensuring that system configurations comply

with security policies, standards, or best practices to minimize
vulnerabilities.

Decommissioning: Process of securely removing or shutting down

systems, applications, or services that are no longer needed to prevent
them from being exploited.

Hardening Techniques: Methods to enhance the security of systems or

networks by reducing their attack surface and minimizing potential
vulnerabilities.

Encryption: Protecting data by encoding it in a secure format.

Installation of Endpoint Protection: Deploying security software on

endpoints to detect and prevent malware infections.

Host-based Firewall: Software-based firewall installed on individual

hosts to control incoming and outgoing network traffic.

Host-based Intrusion Prevention System (HIPS): Security software that

monitors and analyzes host system activities to detect and prevent
intrusions.

Disabling Ports/Protocols: Closing unused network ports or disabling

unnecessary network protocols to reduce potential entry points for

Ben’s Security+ 701 Notes 19

 attackers.

Default Password Changes: Replacing default passwords with strong,

unique passwords to prevent unauthorized access.

Removal of Unnecessary Software: Removing or disabling unnecessary

software or services to minimize the attack surface and reduce
potential vulnerabilities.

3.0 Security Architecture

3.1 Compare and contrast security implications of different
architecture models.

Architecture and Infrastructure Concepts:

Cloud:

Responsibility Matrix: Defines the division of responsibilities

between the cloud service provider and the customer regarding
security, compliance, and management of resources.

Hybrid Considerations: Strategies and challenges involved in

integrating on-premises infrastructure with cloud services.

Third-party Vendors: Incorporating services and solutions from

external providers into cloud architectures.

Infrastructure as Code (IaC): Automating the provisioning and

management of infrastructure using code and configuration files.

Serverless: Architectural approach where cloud providers manage the

infrastructure, allowing developers to focus solely on writing and
deploying code.

Microservices: Architectural style where applications are composed of

small, independently deployable services, promoting modularity and
scalability.

Ben’s Security+ 701 Notes 20

 Network Infrastructure:

Physical Isolation: Creating network segments physically

separated from other parts, often for security or regulatory
compliance reasons (e.g., air-gapped networks).

Logical Segmentation: Dividing networks into logical segments

using techniques such as VLANs or software-defined networking
(SDN).

Software-defined Networking (SDN): Managing network

infrastructure programmatically through software, abstracting the
underlying hardware.

On-premises: Infrastructure and services hosted within an

organization's physical facilities rather than in the cloud.

Centralized vs. Decentralized: Contrasting approaches to organizing

infrastructure management and decision-making authority.

Containerization: Encapsulating applications and their dependencies

into lightweight, portable containers for deployment across different
environments.

Virtualization: Creating virtual instances of servers, operating systems,

storage, or networks to maximize resource utilization and flexibility.

IoT (Internet of Things): Network of interconnected devices that

communicate and exchange data, often involving sensors, actuators,
and embedded systems.

Industrial Control Systems (ICS) / Supervisory Control and Data

Acquisition (SCADA): Systems used to monitor and control industrial
processes and critical infrastructure.

Real-time Operating System (RTOS): Operating system optimized for

handling real-time processing requirements, often used in embedded
systems and IoT devices.

Embedded Systems: Computing devices with specialized functions

and limited resources, embedded within larger systems or products.

Ben’s Security+ 701 Notes 21

 High Availability: Design principle aiming to minimize downtime and
ensure continuous operation of critical systems and services.

Considerations:

Availability: Ensuring systems and services are accessible and

operational when needed.

Resilience: Ability to withstand and recover from disruptions, failures,

or attacks.

Cost: Balancing infrastructure expenses with budgetary constraints

and business needs.

Responsiveness: Ability to quickly adapt and scale infrastructure to

meet changing demands.

Scalability: Capacity to expand or shrink resources in response to

workload changes.

Ease of Deployment: Simplifying the process of deploying and

configuring infrastructure components.

Risk Transference: Shifting security and operational risks to third-party

service providers or insurance mechanisms.

Ease of Recovery: Simplifying and accelerating the restoration of

services after disruptions or failures.

Patch Availability: Timely availability of software patches and updates

to address vulnerabilities and improve security.

Inability to Patch: Addressing challenges associated with patching

legacy or embedded systems that cannot be easily updated.

Power: Ensuring sufficient and reliable power supply to support

infrastructure operations.

Compute: Managing computational resources to meet performance

requirements and optimize resource utilization

Ben’s Security+ 701 Notes 22

 3.2 Given a scenario, apply security principles to secure
enterprise
infrastructure.

Infrastructure Considerations:

Device Placement: Strategic positioning of network devices and assets to

optimize performance, security, and accessibility.

Security Zones: Segregation of network resources into distinct zones based

on security requirements and trust levels.

Attack Surface: Total sum of vulnerabilities and entry points that attackers can
exploit to compromise a system or network.

Connectivity: Establishing reliable connections between network components

while considering bandwidth, latency, and reliability.

Failure Modes:

Fail-Open: Devices or systems that default to an open state when they

encounter a failure, potentially exposing the network to risks.

Fail-Closed: Devices or systems that default to a closed or secure state

when they encounter a failure, preventing unauthorized access.

Device Attribute:

Active vs. Passive: Active devices perform actions on data packets (e.g.,
firewalls), while passive devices observe and analyze network traffic (e.g.,
network monitoring tools).

Inline vs. Tap/Monitor: Inline devices sit directly in the data path and can
actively intercept or modify traffic, whereas tap/monitor devices passively
monitor traffic without interrupting the flow.

Network Appliances:

Jump Server: Intermediate server used to access and manage devices in

a separate, more secure network segment.

Proxy Server: Intermediary server that acts as an intermediary between

clients and other servers, providing various functionalities such as

Ben’s Security+ 701 Notes 23

 caching, filtering, and anonymization.

Intrusion Prevention System (IPS) / Intrusion Detection System (IDS):

Security appliances designed to monitor network traffic for suspicious
activity and take action to prevent or mitigate attacks.

Load Balancer: Device that distributes incoming network traffic across

multiple servers to optimize resource utilization, improve scalability, and
enhance reliability.

Sensors: Devices that collect data from the environment or network for
monitoring and analysis, often used for security monitoring and threat
detection.

Port Security:

802.1X: IEEE standard for port-based network access control, allowing

authentication and authorization of devices before granting access to the
network.

Extensible Authentication Protocol (EAP): Framework for network

authentication methods used in 802.1X and other authentication protocols.

Firewall Types:

Web Application Firewall (WAF): Firewall specifically designed to protect

web applications from common web-based attacks.

Unified Threat Management (UTM): Comprehensive security appliance

that combines multiple security features such as firewall, antivirus,
intrusion detection, and content filtering into a single platform.

Next-Generation Firewall (NGFW): Firewall appliance that integrates

traditional firewall capabilities with advanced security features like
application awareness, intrusion prevention, and deep packet inspection.

Layer 4/Layer 7: Classifies firewalls based on the layers of the OSI model
they operate at, with Layer 4 firewalls filtering traffic based on IP
addresses and port numbers, while Layer 7 firewalls can inspect and filter
traffic based on application-layer data.

Secure Communication/Access:

Ben’s Security+ 701 Notes 24

 Virtual Private Network (VPN): Secure encrypted tunnel that allows remote
users to securely access the organization's network resources over the
internet.

Remote Access: Provision of secure access to network resources for users

located outside the organization's premises.

Tunneling:

Transport Layer Security (TLS): Protocol that provides secure

communication over a computer network, commonly used for securing
web traffic.

Internet Protocol Security (IPSec): Suite of protocols for securing IP

communications by authenticating and encrypting each IP packet of a data
stream.

Software-Defined Wide Area Network (SD-WAN): Approach to network

connectivity that uses software-defined networking (SDN) to intelligently route
traffic across the WAN, optimizing performance and reducing costs.

Secure Access Service Edge (SASE): Converged networking and security

architecture that combines WAN capabilities with cloud-native security
functions to support secure remote access and direct-to-cloud connectivity.

Selection of Effective Controls:

Choosing and implementing security controls based on risk assessments,

compliance requirements, organizational needs, and industry best practices to
mitigate threats and vulnerabilities effectively.

3.3 Compare and contrast concepts and strategies to protect

data.

Data Types:

Regulated: Data subject to specific laws and regulations governing its

collection, storage, processing, and sharing, such as personal health
information (PHI) under HIPAA or financial data under PCI DSS.

Ben’s Security+ 701 Notes 25

 Trade Secret: Proprietary information that provides a competitive advantage
to a business and is protected by intellectual property laws.

Intellectual Property: Creations of the mind, such as inventions, literary and

artistic works, designs, symbols, and trade secrets, protected by copyright,
patents, and trademarks.

Legal Information: Data related to legal matters, including contracts, litigation

documents, and attorney-client privileged communications.

Financial Information: Data concerning financial transactions, accounts,

investments, and assets, which may include personally identifiable information
(PII) and payment card data.

Human- and Non-Human-Readable: Data formats that can be understood by

humans (e.g., text, images) and those intended for machine processing (e.g.,
binary, encrypted data).

Data Classifications:

Sensitive: Data that requires protection due to its sensitivity and potential
impact on individuals, organizations, or society if compromised.

Confidential: Data that should be kept private and disclosed only to

authorized individuals or entities, often subject to confidentiality agreements
or laws.

Public: Data intended for unrestricted access and sharing, typically non-
sensitive information that can be freely distributed.

Restricted: Data with limited access based on specific criteria or authorization

requirements, often containing sensitive or confidential information.

Private: Data designated for internal use within an organization and not
intended for public disclosure.

Critical: Data essential to the operation or mission of an organization, the loss

or compromise of which could have severe consequences.

General Data Considerations:

Data States:

Data at Rest: Data stored in databases, files, or other storage systems.

Ben’s Security+ 701 Notes 26

 Data in Transit: Data being transmitted over a network or communication
channel.

Data in Use: Data actively being processed or accessed by applications or

users.

Data Sovereignty: Legal concept specifying the jurisdiction under which data
is subject to the laws and regulations of a particular country or region.

Geolocation: Identification of the physical location or origin of data, which

may have implications for data privacy, security, and compliance.

Methods to Secure Data:

Geographic Restrictions: Limiting access to data based on the geographic

location of users or devices.

Encryption: Converting data into a ciphertext format using cryptographic

algorithms to prevent unauthorized access.

Hashing: Generating a unique fixed-size string (hash value) from data input,
commonly used for data integrity verification.

Masking: Concealing specific portions of data to prevent unauthorized

disclosure while maintaining usability for authorized purposes.

Tokenization: Substituting sensitive data with a non-sensitive equivalent

(token) that retains the format and length of the original data but has no
exploitable value.

Obfuscation: Intentionally obscuring or hiding data to make it unintelligible or

harder to interpret for unauthorized parties.

Segmentation: Dividing networks or systems into isolated segments to

contain the spread of threats and limit unauthorized access.

Permission Restrictions: Applying access controls and permissions to data

based on user roles, privileges, or other criteria to enforce the principle of
least privilege.

Ben’s Security+ 701 Notes 27

 3.4 Explain the importance of resilience and recovery in security
architecture.

High Availability:

Load Balancing vs. Clustering:

Load Balancing: Distributing incoming network traffic across multiple

servers to optimize resource utilization, maximize throughput, and ensure
high availability.

Clustering: Connecting multiple independent servers or nodes to work

together as a single system, providing redundancy and fault tolerance.

Site Considerations:

Hot Site: Fully equipped facility with infrastructure and systems ready to be
operational within a short time frame after a disaster.

Cold Site: Facility lacking pre-installed infrastructure and systems, requiring

setup and configuration before becoming operational after a disaster.

Warm Site: Partially equipped facility with some infrastructure and systems in
place, reducing the time required for setup compared to a cold site.

Geographic Dispersion: Spreading critical infrastructure and resources across

multiple locations to minimize the impact of regional disasters or disruptions.

Platform Diversity:
Utilizing a variety of hardware, software, and cloud platforms to mitigate the risk
of single points of failure and enhance overall system resilience.

Multi-cloud Systems:
Deploying applications and services across multiple cloud providers to increase
redundancy, avoid vendor lock-in, and enhance flexibility and resilience.
Continuity of Operations:
Ensuring the uninterrupted availability of critical business functions and processes
during and after disruptive events or disasters.
Capacity Planning:

Ben’s Security+ 701 Notes 28

 People: Ensuring the availability of skilled personnel to manage and support IT
systems during normal operations and emergencies.

Technology: Assessing and allocating resources to meet current and future

demands, including hardware, software, and network infrastructure.

Infrastructure: Scaling and optimizing IT infrastructure to accommodate

changes in workload, user demand, and business requirements.

Testing:

Tabletop Exercises: Simulated discussions and walkthroughs of disaster

scenarios to evaluate preparedness, identify gaps, and refine response plans.

Failover: Testing the automatic or manual transfer of operations from a

primary to a secondary system or site to ensure continuity.

Simulation: Emulating real-world scenarios to assess the effectiveness of

disaster recovery and business continuity plans.

Parallel Processing: Executing tasks simultaneously across multiple systems

or nodes to improve performance and resilience.

Backups:

Onsite/Offsite: Storing backup copies of data and systems either onsite

(within the same physical location) or offsite (at a separate location).

Frequency: Establishing regular backup schedules based on the criticality of

data and business requirements.

Encryption: Protecting backup data with encryption to safeguard

confidentiality and prevent unauthorized access.

Snapshots: Capturing point-in-time copies of data for quick recovery and

data consistency purposes.

Recovery: Implementing procedures and tools to restore data and systems to

a functional state after a disruption or failure.

Replication: Creating duplicate copies of data or systems in real-time or near-

real-time to maintain redundancy and availability.

Journaling: Recording changes made to data or systems over time to facilitate

recovery and rollback procedures.

Ben’s Security+ 701 Notes 29

 Power:

Generators: Backup power sources that can provide electricity during outages
or emergencies.

Uninterruptible Power Supply (UPS): Devices that provide short-term power

backup and surge protection to prevent data loss or equipment damage.

4.0 Security Operations

4.1 Given a scenario, apply common security techniques to
computing resources.

Secure Baselines:

Establish: Develop comprehensive security configurations and policies based

on industry best practices and organizational requirements.

Deploy: Implement the established secure baselines across all relevant

systems, devices, and infrastructure components.

Maintain: Regularly update and review secure baselines to address emerging

threats, vulnerabilities, and changes in technology or business needs.

Hardening Targets:

Mobile Devices

Workstations

Switches

Routers

Cloud Infrastructure

Servers

ICS/SCADA

Embedded Systems

Ben’s Security+ 701 Notes 30

 RTOS

IoT Devices

Wireless Devices:

Installation Considerations:

Conduct site surveys and use heat maps to optimize wireless coverage
and performance.

Mobile Solutions:

Mobile Device Management (MDM): Implement MDM solutions to centrally

manage and secure mobile devices, applications, and data.

Deployment Models:

Bring Your Own Device (BYOD)

Corporate-Owned, Personally Enabled (COPE)

Choose Your Own Device (CYOD)

Connection Methods:

Cellular

Wi-Fi

Bluetooth

Wireless Security Settings:

Implement robust security measures such as:

Wi-Fi Protected Access 3 (WPA3)

AAA/RADIUS

Cryptographic and authentication protocols

Application Security:

Ensure application security through:

Input validation

Secure cookie handling

Ben’s Security+ 701 Notes 31

 Static code analysis

Code signing

Sandboxing:

Isolate applications from the rest of the system to prevent unauthorized

access and mitigate the impact of potential security breaches.

Monitoring:

Continuously monitor systems, networks, and applications for suspicious

activities, anomalies, and security incidents to detect and respond to threats
effectively.

4.2 Explain the security implications of proper hardware,

software,
and data asset management.

Acquisition/Procurement Process:

Assignment/Accounting:

Ownership: Clearly define ownership of acquired assets to establish

accountability and responsibility.

Classification: Classify assets based on their importance, sensitivity, and

criticality to ensure appropriate security measures.

Monitoring/Asset Tracking:

Inventory: Maintain an inventory of all acquired assets, including

hardware, software, and data, to facilitate efficient tracking and
management.

Enumeration: Enumerate assets by assigning unique identifiers to track

their lifecycle, usage, and status accurately.

Disposal/Decommissioning:

Ben’s Security+ 701 Notes 32

 Sanitization: Implement proper data sanitization methods to securely
remove sensitive information from decommissioned assets.

Destruction: Physically destroy assets beyond recovery to prevent

unauthorized access to confidential data.

Certification: Obtain certifications or compliance documentation to

validate the proper disposal of assets and adherence to regulatory
requirements.

Data Retention: Establish policies and procedures for data retention to

determine the appropriate duration for storing and disposing of data
securely

4.3 Explain various activities associated with vulnerability

management.

Identification Methods:

Vulnerability Scan: Utilize automated tools to identify weaknesses and

vulnerabilities in systems, networks, and applications.

Application Security:

Static Analysis: Analyze source code or binary files without execution to

identify security vulnerabilities.

Dynamic Analysis: Assess applications during runtime to detect security

flaws and vulnerabilities.

Package Monitoring: Monitor software dependencies for known

vulnerabilities and security issues.

Threat Feed:

Open-Source Intelligence (OSINT): Gather intelligence from publicly

available sources to identify potential threats and vulnerabilities.

Proprietary/Third-Party: Subscribe to threat intelligence services or

utilize proprietary feeds to stay updated on emerging threats.

Ben’s Security+ 701 Notes 33

 Information-Sharing Organization: Collaborate with industry peers to
share threat intelligence and enhance collective security.

Dark Web: Monitor underground forums and marketplaces to identify

potential threats and indicators of compromise.

Penetration Testing: Simulate real-world attacks to identify vulnerabilities and

assess the security posture of systems and networks.

Responsible Disclosure Program:

Bug Bounty Program: Incentivize ethical hackers to report security

vulnerabilities by offering rewards for valid submissions.

System/Process Audit: Conduct comprehensive reviews of systems,

processes, and controls to identify security gaps and compliance issues.

Analysis:

Confirmation:

False Positive: Identify instances where a reported vulnerability does not

pose an actual threat.

False Negative: Recognize undetected vulnerabilities that represent

genuine security risks.

Prioritize: Assess and prioritize identified vulnerabilities based on their

severity, impact, and exploitability.

Common Vulnerability Scoring System (CVSS): Utilize a standardized

framework to assess and score the severity of vulnerabilities.

Common Vulnerability Enumeration (CVE): Reference unique identifiers

assigned to vulnerabilities for tracking and management.

Vulnerability Classification: Categorize vulnerabilities based on their nature,

impact, and affected assets.

Exposure Factor: Evaluate the potential impact of a vulnerability based on the

percentage of assets or data exposed.

Environmental Variables: Consider contextual factors such as network

architecture, system configurations, and user behavior.

Ben’s Security+ 701 Notes 34

 Industry/Organizational Impact: Assess the potential consequences of a
vulnerability within specific industry sectors or organizational contexts.

Risk Tolerance: Determine the level of risk that an organization is willing to

accept or tolerate.

Vulnerability Response and Remediation:

Patching: Apply security patches and updates to remediate identified

vulnerabilities promptly.

Insurance: Transfer residual risk through insurance coverage against potential

financial losses resulting from security incidents.

Segmentation: Implement network segmentation to isolate vulnerable assets

and contain potential threats.

Compensating Controls: Implement alternative security measures to mitigate

risks in the absence of direct remediation.

Exceptions and Exemptions: Document and manage exceptions or

exemptions to standard security policies or controls.

Validation of Remediation:

Rescanning: Reassess systems and networks after applying remediation

measures to verify effectiveness.

Audit: Conduct audits and reviews to ensure compliance with security

policies, standards, and regulatory requirements.

Verification: Validate that identified vulnerabilities have been adequately

addressed and mitigated.

Reporting: Document and communicate findings, remediation efforts, and risk

status to relevant stakeholders, management, and regulatory authorities.

4.4 Explain security alerting and monitoring concepts and tools.

Monitoring Computing Resources:

Ben’s Security+ 701 Notes 35

 Systems: Continuously monitor the health, performance, and security of
servers, endpoints, and devices within the network infrastructure.

Applications: Monitor the availability, functionality, and security of software

applications deployed across the network.

Infrastructure: Monitor the underlying network infrastructure components

such as routers, switches, firewalls, and other network devices to ensure
proper functioning and security.

Activities:

Log Aggregation: Collect and consolidate logs from various sources, including
systems, applications, and network devices, for centralized analysis and
monitoring.

Alerting: Set up alerts and notifications to promptly identify and respond to

security incidents, anomalies, or deviations from established baselines.

Scanning: Conduct regular scans of systems and networks to identify

vulnerabilities, misconfigurations, and security weaknesses.

Reporting: Generate reports and dashboards to provide insights into system

performance, security posture, and compliance status.

Archiving: Archive logs, reports, and other relevant data for historical
analysis, compliance requirements, and forensic investigations.

Alert Response and Remediation/Validation:

Quarantine: Isolate compromised systems or devices to prevent further

spread of malware or unauthorized access.

Alert Tuning: Fine-tune alerting thresholds and criteria to reduce false

positives and focus on actionable alerts.

Tools:

Security Content Automation Protocol (SCAP): Standardized protocol for

automating vulnerability management, security measurement, and policy
compliance evaluation.

Benchmarks: Use security benchmarks and best practices to assess and

measure the security configuration of systems and applications.

Ben’s Security+ 701 Notes 36

 Agents/Agentless: Employ monitoring agents or agentless solutions to collect
and transmit data for analysis and reporting.

Security Information and Event Management (SIEM): Centralized platform for

collecting, correlating, and analyzing security event data from various sources
for threat detection and response.

Antivirus: Deploy antivirus software to detect, prevent, and remove malicious

software and threats from systems and networks.

Data Loss Prevention (DLP): Implement DLP solutions to monitor and prevent
unauthorized access, use, or transmission of sensitive data.

Simple Network Management Protocol (SNMP) Traps: Utilize SNMP traps to

monitor and manage network devices and receive notifications about
significant events or conditions.

NetFlow: Analyze NetFlow data to monitor network traffic patterns, identify

anomalies, and detect potential security threats.

Vulnerability Scanners: Use automated vulnerability scanning tools to identify

security vulnerabilities and weaknesses within systems, applications, and
networks.

4.5 Given a scenario, modify enterprise capabilities to enhance

security.

Firewall:

Rules: Define policies and regulations governing traffic flow between

networks, specifying what is allowed or denied based on predefined criteria.

Access Lists: Lists of rules that determine which traffic is permitted or denied
based on source and destination IP addresses, ports, and protocols.

Ports/Protocols: Manage network traffic by controlling access to specific

ports and protocols, preventing unauthorized communication.

Screened Subnets: Implement security zones with layered defenses, typically

consisting of a screening router or firewall between internal and external

Ben’s Security+ 701 Notes 37

 networks.

IDS/IPS (Intrusion Detection/Prevention Systems):

Trends: Analyze patterns and behaviors to detect and prevent potential

security threats and attacks in real-time.

Signatures: Use predefined patterns or signatures to identify known threats

and malicious activities within network traffic.

Web Filter:

Agent-Based: Deploy software agents on endpoints to monitor and filter web

traffic based on predefined policies and rules.

Centralized Proxy: Route web traffic through a central proxy server to enforce
web filtering policies, content categorization, and access control.

URL Scanning: Inspect URLs in web traffic to identify and block malicious or
suspicious websites based on reputation and content.

Content Categorization: Classify web content into categories to enforce

browsing policies and restrict access to inappropriate or unauthorized sites.

Block Rules: Define rules to block access to specific websites, web

applications, or content categories based on policy requirements.

Reputation: Evaluate the reputation of websites and URLs to determine the

risk level associated with accessing them.

Operating System Security:

Group Policy: Use Group Policy to enforce security settings, configurations,

and restrictions across Windows-based systems within a network.

SELinux (Security-Enhanced Linux): Implement mandatory access control

policies to confine processes and enforce security policies on Linux-based
systems.

Implementation of Secure Protocols:

Protocol Selection: Choose secure communication protocols (e.g., HTTPS,

SSH) to encrypt data in transit and authenticate communication channels.

Ben’s Security+ 701 Notes 38

 Port Selection: Configure firewall rules to allow only essential ports for secure
protocols, blocking unnecessary or vulnerable ports.

Transport Method: Ensure secure transport methods (e.g., TLS/SSL) are used
to encrypt data transmission and protect against interception and tampering.

DNS Filtering: Filter and block malicious or unauthorized DNS requests to prevent
access to malicious domains and mitigate DNS-related threats.

Email Security:

DMARC (Domain-based Message Authentication, Reporting, and

Conformance): Protocol for email authentication and reporting to detect and
prevent email spoofing and phishing attacks.

DKIM (DomainKeys Identified Mail): Mechanism to verify the authenticity of

email messages by adding digital signatures to email headers.

SPF (Sender Policy Framework): Authentication method that verifies the

sender's domain and prevents email spoofing by defining authorized mail
servers.

File Integrity Monitoring: Monitor and detect unauthorized changes or

modifications to files and system configurations to prevent tampering and
unauthorized access.
DLP (Data Loss Prevention): Implement policies and controls to prevent
unauthorized access, use, or transmission of sensitive data across networks and
endpoints.
NAC (Network Access Control): Enforce security policies and controls to regulate
access to network resources based on the identity and compliance status of
endpoints and users.
EDR/XDR (Endpoint Detection and Response/Extended Detection and
Response): Continuously monitor and respond to security threats and suspicious
activities on endpoints, providing advanced threat detection, investigation, and
response capabilities.
User Behavior Analytics: Analyze user behavior patterns and activities to detect
anomalies, identify insider threats, and mitigate security risks associated with user
actions.

Ben’s Security+ 701 Notes 39

 4.6 Given a scenario, implement and maintain identity and
access
management.

Provisioning/De-provisioning User Accounts:

Permission Assignments and Implications: Define user permissions and

access rights based on job roles and responsibilities, ensuring users have the
appropriate level of access to resources.

Identity Proofing: Verify the identity of users before granting access to

sensitive systems or data, typically through methods such as identity
verification questions or biometric authentication.

Federation: Enable single sign-on (SSO) across multiple domains or

organizations by allowing users to access resources using their credentials
from a trusted identity provider.

Single Sign-On (SSO): Provide users with seamless access to multiple

applications and services using a single set of login credentials, reducing the
need for multiple passwords.

LDAP (Lightweight Directory Access Protocol): Protocol used for

accessing and managing directory information services, often used for
centralized user authentication.

OAuth (Open Authorization): Protocol for authorization, allowing users to

grant third-party applications limited access to their resources without
revealing their credentials.

SAML (Security Assertion Markup Language): XML-based standard for

exchanging authentication and authorization data between identity
providers and service providers.

Interoperability: Ensure compatibility and seamless integration between

different identity and access management systems and protocols.

Ben’s Security+ 701 Notes 40

 Attestation: Verify the accuracy and validity of user permissions and access
rights through regular reviews and audits.

Access Controls:

Mandatory Access Control: Enforce access restrictions based on security

labels assigned to users and resources, typically used in highly secure
environments.

Discretionary Access Control: Allow resource owners to determine access

permissions for users based on their discretion.

Role-Based Access Control: Assign access rights to users based on their

roles within an organization, streamlining access management and ensuring
least privilege.

Rule-Based Access Control: Define access rules and policies based on

specific conditions or criteria.

Attribute-Based Access Control: Determine access rights based on user

attributes such as job title, department, or location.

Time-of-Day Restrictions: Restrict user access to resources based on

specific time periods or schedules.

Least Privilege: Grant users the minimum level of access required to perform
their job functions, reducing the risk of unauthorized access and privilege
escalation.

Multifactor Authentication (MFA):

Implementations: Enhance authentication security by requiring users to

provide multiple forms of verification before accessing resources.

Biometrics: Authenticate users based on unique biological characteristics

such as fingerprints, iris patterns, or facial recognition.

Hard/Soft Authentication Tokens: Generate one-time passwords or

cryptographic keys to verify user identity.

Security Keys: Physical devices used for authentication, such as USB

tokens or smart cards.

Ben’s Security+ 701 Notes 41

 Factors: Utilize different factors to verify user identity, including something
you know (e.g., password), something you have (e.g., smartphone), something
you are (e.g., fingerprint), and somewhere you are (e.g., geolocation).

Password Concepts:

Password Best Practices: Implement password policies to ensure strong

passwords, including requirements for length, complexity, expiration, and
prevention of password reuse.

Password Managers: Tools that securely store and manage passwords,

providing users with a convenient and secure way to access their credentials.

Passwordless: Authentication methods that eliminate the need for traditional

passwords, such as biometric authentication or hardware tokens.

Privileged Access Management Tools:

Just-in-Time Permissions: Grant temporary access to privileged accounts

only when needed, reducing the risk of misuse or unauthorized access.

Password Vaulting: Securely store and manage privileged account

passwords, allowing authorized users to access them when necessary.

Ephemeral Credentials: Dynamically generate and assign temporary

credentials to users for specific tasks or sessions, reducing the risk of
credential theft or misuse.

4.7 Explain the importance of automation and orchestration

related
to secure operations.

Use Cases of Automation and Scripting:

User Provisioning: Automate the process of creating and configuring user

accounts, including permissions and access rights.

Resource Provisioning: Automatically provision resources such as virtual

machines, storage, and networking components based on predefined
templates or scripts.

Ben’s Security+ 701 Notes 42

 Guard Rails: Implement automated controls and policies to ensure compliance
with security standards and prevent unauthorized actions.

Security Groups: Automate the management of security groups and access

controls to enforce least privilege and segmentation.

Ticket Creation: Automatically generate tickets for incidents, requests, or

changes, streamlining the workflow for IT operations and support teams.

Escalation: Automatically escalate alerts or incidents to the appropriate

personnel or teams based on predefined criteria.

Enabling/Disabling Services and Access: Automate the process of enabling

or disabling services, features, or access rights based on user roles, events,
or policies.

Continuous Integration and Testing: Automate the build, integration, and

testing processes for software development, ensuring rapid and reliable
delivery of updates and improvements.

Integrations and APIs: Use automation and scripting to integrate different

systems and applications through APIs, enabling seamless data exchange and
communication.

Benefits:

Efficiency/Time Saving: Automation reduces manual effort and human error,

allowing tasks to be completed faster and more reliably.

Enforcing Baselines: Automation helps enforce standardized configurations

and security baselines across the infrastructure, reducing the risk of
misconfigurations and vulnerabilities.

Standard Infrastructure Configurations: Automation ensures consistency in

infrastructure deployment and configuration, facilitating management and
troubleshooting.

Scaling in a Secure Manner: Automated scaling enables the infrastructure to

adapt to changing demand while maintaining security and compliance
requirements.

Employee Retention: Automation reduces repetitive and mundane tasks,

improving job satisfaction and retention among IT personnel.

Ben’s Security+ 701 Notes 43

 Reaction Time: Automated responses to security incidents or events can
significantly reduce the time between detection and response, enhancing
overall security posture.

Workforce Multiplier: Automation allows organizations to achieve more with

existing resources by automating routine tasks and freeing up personnel for
higher-value activities.

Other Considerations:

Complexity: Automation introduces complexity, requiring careful planning and

management to ensure reliability and maintainability.

Cost: While automation can lead to cost savings in the long run, there may be
initial investments in tools, training, and infrastructure.

Single Point of Failure: Overreliance on automation systems can create single

points of failure, necessitating redundancy and failover mechanisms.

Technical Debt: Poorly designed or implemented automation solutions can

lead to technical debt, requiring ongoing maintenance and refactoring.

Ongoing Supportability: Automation systems require ongoing monitoring,

maintenance, and updates to remain effective and secure over time.

4.8 Explain appropriate incident response activities.

Process:

Preparation: Establishing policies, procedures, and resources to effectively

respond to security incidents. This includes developing incident response
plans, assembling response teams, and implementing necessary tools and
technologies.

Detection: Identifying and detecting security incidents through various means

such as intrusion detection systems (IDS), security information and event
management (SIEM) tools, and user reports.

Analysis: Investigating and analyzing the nature and scope of security

incidents to understand their impact, determine the root cause, and assess the

Ben’s Security+ 701 Notes 44

 severity of the situation.

Containment: Implementing measures to contain and prevent further spread

or damage caused by the security incident. This may involve isolating affected
systems, disabling compromised accounts, or blocking malicious network
traffic.

Eradication: Removing the root cause of the security incident from the
affected systems and networks. This may involve patching vulnerabilities,
removing malware, or restoring affected data from backups.

Recovery: Restoring affected systems, data, and services to normal operation

following a security incident. This includes verifying the integrity of restored
assets and ensuring that any residual risks are mitigated.

Lessons Learned: Conducting post-incident reviews to identify areas for

improvement, update incident response plans, and share insights with relevant
stakeholders to enhance future incident response efforts.

Training:
Providing ongoing training and awareness programs to ensure that personnel are
prepared to respond effectively to security incidents and adhere to established
incident response procedures.
Testing:

Tabletop Exercise: Simulated scenarios where incident response team

members discuss and walk through their responses to hypothetical security
incidents in a collaborative and interactive manner.

Simulation: Realistic simulations of security incidents to evaluate the

effectiveness of incident response plans, procedures, and personnel under
simulated conditions.

Root Cause Analysis:

Investigating the underlying causes of security incidents to identify systemic
issues, vulnerabilities, or weaknesses in the organization's security posture and
implement corrective actions to prevent similar incidents in the future.
Threat Hunting:

Ben’s Security+ 701 Notes 45

 Proactively searching for signs of malicious activity or security threats within the
organization's networks and systems using various tools, techniques, and data
analysis methods.

Digital Forensics:

Legal Hold: Implementing measures to preserve potential evidence related to

a security incident to ensure its integrity and admissibility in legal
proceedings.

Chain of Custody: Documenting the chronological history of evidence from

the time it is collected until it is presented in court, ensuring its integrity and
authenticity.

Acquisition: Gathering and collecting digital evidence from various sources,

including systems, networks, and storage devices, using forensically sound
methods.

Reporting: Documenting findings, analysis, and conclusions from digital

forensic investigations in comprehensive reports suitable for internal review
and legal purposes.

Preservation: Ensuring the integrity and security of digital evidence

throughout the forensic investigation process to prevent tampering, alteration,
or loss.

E-discovery: Identifying, collecting, and preparing electronically stored

information (ESI) for legal proceedings, including litigation, regulatory
inquiries, and internal investigations.

4.9 Given a scenario, use data sources to support an

investigation.

Log Data:

Firewall Logs: Records of activities and events related to network traffic

passing through a firewall, including allowed and denied connections,
intrusion attempts, and policy violations.

Ben’s Security+ 701 Notes 46

 Application Logs: Records generated by applications detailing their activities,
errors, and user interactions, providing insights into application behavior and
performance.

Endpoint Logs: Records generated by endpoints (e.g., desktops, laptops,

servers) detailing user activities, system events, and security-related events
such as login attempts, file access, and malware detection.

OS-Specific Security Logs: Logs generated by operating systems containing

security-related events such as authentication events, privilege changes,
system file modifications, and audit trail records.

IPS/IDS Logs: Logs generated by Intrusion Prevention Systems (IPS) and

Intrusion Detection Systems (IDS) containing information about detected
threats, attack signatures, and alerts triggered by suspicious network
activities.

Network Logs: Logs generated by network devices such as routers, switches,

and proxies, containing information about network traffic, connections,
bandwidth usage, and network security events.

Metadata: Additional information associated with log entries, such as

timestamps, source and destination IP addresses, user identifiers, event IDs,
and severity levels, enhancing the context and analysis of log data.

Data Sources:

Vulnerability Scans: Results and reports generated by vulnerability scanning

tools, identifying security vulnerabilities, misconfigurations, and potential
weaknesses within systems and networks.

Automated Reports: Scheduled or automated reports generated by security

tools, systems, and monitoring solutions, providing summaries, trends, and
analysis of security events and activities.

Dashboards: Visual representations of log data, metrics, and key performance

indicators (KPIs) displayed in real-time or near real-time, enabling security
analysts to monitor and analyze security posture and trends.

Packet Captures: Records of network traffic captured and stored for analysis,
allowing security analysts to inspect packet contents, detect anomalies, and
investigate network security incidents

Ben’s Security+ 701 Notes 47

 5.0 Security Program Management and Oversight
5.1 Summarize elements of effective security governance.
Guidelines:

Policies:

Acceptable Use Policy (AUP): Defines acceptable behavior regarding the

use of organization's IT resources, outlining rules and restrictions to
ensure security and productivity.

Information Security Policies: Set of policies governing the protection of

organizational data and information assets from unauthorized access,
disclosure, alteration, or destruction.

Business Continuity: Policies outlining procedures and protocols to ensure

the organization can continue operating during and after a disruptive
event, minimizing downtime and ensuring resilience.

Disaster Recovery: Policies defining the steps and processes to recover IT

systems and data after a catastrophic event, restoring normal operations
as quickly as possible.

Incident Response: Policies detailing the procedures and actions to be

taken in response to security incidents, including detection, containment,
eradication, and recovery.

Software Development Lifecycle (SDLC): Policies guiding the development,

testing, deployment, and maintenance of software applications, ensuring
security, quality, and compliance.

Change Management: Policies governing the process for requesting,

reviewing, approving, implementing, and documenting changes to IT
systems and infrastructure.

Standards:

Password: Standard guidelines for creating, managing, and securing

passwords, including complexity requirements, expiration periods, and

Ben’s Security+ 701 Notes 48

 reuse restrictions.

Access Control: Standard protocols and procedures for managing user

access to systems, applications, and data, ensuring only authorized users
have appropriate permissions.

Physical Security: Standard practices for securing physical premises,

facilities, and assets, including access controls, surveillance, and
environmental controls.

Encryption: Standard algorithms, protocols, and key management

practices for encrypting data at rest, in transit, and in use, protecting
sensitive information from unauthorized access.

Procedures:

Change Management: Detailed procedures for requesting, reviewing,

approving, implementing, and documenting changes to IT systems and
infrastructure, ensuring compliance with policies and minimizing
disruptions.

Onboarding/Offboarding: Procedures for provisioning and deprovisioning

user accounts, access privileges, and IT resources for new hires,
contractors, and departing employees.

Playbooks: Step-by-step guides and instructions for responding to

specific security incidents or scenarios, facilitating quick and effective
incident response.

External Considerations:

Regulatory: External regulations and compliance requirements governing

the organization's operations, data handling practices, and security
controls.

Legal: Laws and statutes applicable to the organization's industry,

jurisdiction, and geographical locations, influencing data privacy,
intellectual property, and liability.

Industry: Sector-specific standards, guidelines, and best practices

relevant to the organization's industry vertical, ensuring compliance and
addressing industry-specific risks.

Ben’s Security+ 701 Notes 49

 Local/Regional/National/Global: Geographic-specific regulations, laws,
and standards applicable at the local, regional, national, or global level,
influencing governance and compliance obligations.

Monitoring and Revision:

Processes for ongoing monitoring, review, and revision of policies,

standards, and procedures to ensure they remain current, effective, and
aligned with organizational objectives and external requirements.

Types of Governance Structures:

Boards/Committees: Governing bodies responsible for setting strategic

direction, overseeing risk management, and ensuring compliance with
policies and regulations.

Government Entities: Regulatory bodies, government agencies, or industry

associations providing oversight, guidance, and enforcement of laws and
standards.

Centralized/Decentralized: Organizational structures determining the

distribution of authority, decision-making processes, and accountability
for governance and compliance functions.

Roles and Responsibilities for Systems and Data:

Owners: Individuals or groups responsible for the overall management and

stewardship of systems, applications, or data assets, including
accountability for security and compliance.

Controllers: Individuals or entities responsible for determining the

purposes and means of processing personal data, ensuring compliance
with data protection regulations.

Processors: Individuals or entities that process personal data on behalf of

the data controller, subject to contractual obligations and security
requirements.

Custodians/Stewards: Individuals or groups responsible for the day-to-day

management, protection, and maintenance of specific IT systems,
applications, or data sets.

Ben’s Security+ 701 Notes 50

 5.2 Explain elements of the risk management process.

Risk Management:

Risk Identification:

Process of identifying potential threats, vulnerabilities, and events that

could impact the organization's objectives, operations, or assets.

Risk Assessment:

Ad Hoc: Occasional assessments conducted on an as-needed basis in

response to specific events or changes.

Recurring: Regularly scheduled assessments conducted at predefined

intervals to evaluate and manage risks systematically.

One-time: Single, comprehensive assessment performed to identify

and analyze risks within a specific context or project.

Continuous: Ongoing monitoring and assessment of risks to maintain

awareness and responsiveness to evolving threats and vulnerabilities.

Risk Analysis:

Qualitative: Subjective assessment of risks based on expert judgment,

categorizing risks by severity, likelihood, and impact.

Quantitative: Objective assessment of risks using numerical data and

mathematical models to calculate potential losses and probabilities.

Single Loss Expectancy (SLE): Monetary value associated with a single

occurrence of a risk event.

Annualized Loss Expectancy (ALE): Expected monetary loss from a

risk over a one-year period.

Annualized Rate of Occurrence (ARO): Frequency at which a risk event

is expected to occur annually.

Probability/Likelihood: Likelihood of a risk event occurring based on

historical data, expert judgment, or statistical analysis.

Exposure Factor: Percentage of loss expected if a risk event occurs.

Ben’s Security+ 701 Notes 51

 Impact: Consequence or effect of a risk event on the organization's
objectives, assets, or operations.

Risk Register:

Document or database containing information about identified risks,

including their likelihood, impact, mitigation strategies, and risk
owners.

Key Risk Indicators: Quantifiable metrics or measures used to monitor

changes in risk levels and trigger risk management actions.

Risk Owners: Individuals or groups responsible for overseeing and

managing specific risks within the organization.

Risk Threshold: Level of risk that the organization is willing to accept

before taking action to mitigate or manage the risk.

Risk Tolerance/Risk Appetite:

Risk Tolerance: Maximum acceptable level of risk exposure that an

organization is willing to tolerate in pursuit of its objectives.

Risk Appetite: Organization's willingness to take on risk to achieve

strategic goals, categorized as expansionary, conservative, or neutral.

Risk Management Strategies:

Transfer: Shifting risk to third parties, such as insurance companies or

vendors, through contractual agreements.

Accept: Acknowledging the existence of a risk without taking active

measures to mitigate it.

Exemption: Specific instances where certain risks are exempt from

mitigation due to their low likelihood or impact.

Exception: Unique circumstances where risks are deemed

acceptable based on specific criteria or business needs.

Avoid: Taking actions to eliminate or minimize the likelihood or impact

of identified risks.

Mitigate: Implementing measures to reduce the likelihood or impact of

risks to an acceptable level.

Ben’s Security+ 701 Notes 52

 Risk Reporting:

Communication of risk-related information to stakeholders, including

executive management, board members, and relevant parties, to
facilitate informed decision-making and risk oversight.

Business Impact Analysis:

Assessment of the potential consequences of disruptions to critical

business functions, including:

Recovery Time Objective (RTO): Maximum acceptable downtime

for restoring operations after an incident.

Recovery Point Objective (RPO): Maximum acceptable data loss

tolerated during the recovery process.

Mean Time to Repair (MTTR): Average time required to repair

systems or processes after a failure.

Mean Time Between Failures (MTBF): Average time elapsed

between system failures.

5.3 Explain the processes associated with third-party risk

assessment and management.

Vendor Assessment:

Penetration Testing:

Assessment method involving simulated cyber attacks on a vendor's

systems or infrastructure to identify vulnerabilities and assess security
posture.

Right-to-Audit Clause:

Contractual provision granting the organization the authority to conduct

audits or assessments of the vendor's operations, processes, or
compliance with security requirements.

Evidence of Internal Audits:

Ben’s Security+ 701 Notes 53

 Documentation or reports demonstrating that the vendor conducts internal
audits or assessments of their systems, processes, and controls to ensure
compliance with standards and regulations.

Independent Assessments:

Third-party evaluations or audits conducted by independent organizations

to assess the vendor's security practices, controls, and compliance with
contractual or regulatory requirements.

Supply Chain Analysis:

Examination of the vendor's supply chain to identify potential risks,

vulnerabilities, or dependencies that could impact the organization's
operations or security posture.

Vendor Selection:

Process of evaluating and choosing vendors based on factors such as

reputation, capabilities, security posture, and alignment with
organizational needs.

Due Diligence:

Comprehensive investigation or assessment conducted to evaluate the

vendor's financial stability, reputation, legal compliance, and other relevant
factors before entering into a business relationship.

Conflict of Interest:

Evaluation of potential conflicts of interest that may arise from the

vendor's relationships, affiliations, or competing interests that could
impact their ability to fulfill contractual obligations impartially.

Agreement Types:

Service-Level Agreement (SLA): Contractual agreement outlining the

services, performance standards, and responsibilities of both parties.

Memorandum of Agreement (MOA): Formal document outlining terms and

conditions of a specific agreement or understanding between parties.

Memorandum of Understanding (MOU): Non-binding agreement outlining

mutual intentions or goals between parties.

Ben’s Security+ 701 Notes 54

 Master Service Agreement (MSA): Comprehensive contract outlining
general terms and conditions for future transactions or services between
parties.

Work Order (WO)/Statement of Work (SOW): Detailed document outlining

specific tasks, deliverables, and timelines for a project or service.

Non-Disclosure Agreement (NDA): Contractual agreement outlining

confidentiality obligations regarding proprietary or sensitive information
shared between parties.

Business Partners Agreement (BPA): Contractual agreement outlining the

terms and conditions of a partnership or joint venture between businesses.

Vendor Monitoring:

Ongoing oversight and evaluation of the vendor's performance,

compliance, and security posture throughout the duration of the business
relationship.

Questionnaires:

Surveys or assessments used to gather information from vendors about

their practices, controls, and compliance with security requirements.

Rules of Engagement:

Guidelines or protocols established to define the scope, objectives, and

boundaries of assessments, audits, or engagements with vendors.

5.4 Summarize elements of effective security compliance.

Compliance Reporting:

Internal:

Reporting mechanisms and processes established within the organization

to monitor and document compliance with internal policies, procedures,
and standards.

External:

Ben’s Security+ 701 Notes 55

 Reporting activities and submissions to external entities such as regulatory
authorities, industry regulators, or certification bodies to demonstrate
compliance with applicable laws, regulations, or standards.

Consequences of Non-Compliance:

Fines:

Monetary penalties imposed by regulatory authorities or governing bodies

for failure to comply with legal or regulatory requirements.

Sanctions:

Punitive measures or restrictions imposed on the organization for non-

compliance, which may include limitations on business activities or
operations.

Reputational Damage:

Negative impact on the organization's reputation or brand perception

resulting from non-compliance with laws, regulations, or industry
standards.

Loss of License:

Revocation or suspension of licenses, permits, or certifications necessary

for the organization to conduct business operations legally.

Contractual Impacts:

Adverse effects on contractual relationships with customers, partners, or

vendors due to breaches of compliance obligations outlined in contractual
agreements.

Compliance Monitoring:

Due Diligence/Care:

Proactive measures taken by the organization to ensure compliance with

applicable laws, regulations, and industry standards through diligent
monitoring, risk assessment, and adherence to best practices.

Attestation and Acknowledgment:

Ben’s Security+ 701 Notes 56

 Formal declarations or acknowledgments made by responsible parties
within the organization to confirm compliance with specific requirements
or standards.

Internal and External:

Monitoring activities conducted both internally by the organization's

compliance teams and externally by regulatory authorities or third-party
auditors.

Automation:

Use of automated tools, systems, or processes to streamline compliance

monitoring, reporting, and enforcement activities, enhancing efficiency
and accuracy.

Privacy:

Legal Implications:

Legal considerations and obligations related to privacy protection,

including local, regional, national, and global laws, regulations, or
directives governing data privacy and protection.

Data Subject:

Individuals whose personal data is collected, processed, or stored by the

organization, entitled to certain rights and protections regarding the
handling of their information.

Controller vs. Processor:

Distinction between entities responsible for determining the purposes and

means of processing personal data (controllers) and those processing
data on behalf of controllers (processors), with different compliance
obligations and responsibilities.

Ownership:

Clarification of ownership rights and responsibilities regarding the

management, protection, and use of personal data collected or processed
by the organization.

Data Inventory and Retention:

Ben’s Security+ 701 Notes 57

 Documentation and management of the organization's data assets,
including inventorying and categorizing data, defining retention periods,
and implementing appropriate controls for data protection and privacy
compliance.

Right to be Forgotten:

Individuals' right to request the erasure or deletion of their personal data

held by the organization, as mandated by certain privacy regulations such
as the General Data Protection Regulation (GDPR).

5.5 Explain types and purposes of audits and assessments.

Attestation:
Internal:

Compliance:

Internal processes and activities to confirm adherence to regulatory

requirements, industry standards, and organizational policies.

Audit Committee:

Oversight body responsible for reviewing and validating the effectiveness

of internal controls, compliance efforts, and audit findings.

Self-Assessments:

Internal evaluations conducted by the organization to assess its

compliance posture, identify gaps, and implement corrective actions.

External:

Regulatory:

Compliance verification conducted by regulatory authorities or

government agencies to ensure adherence to applicable laws, regulations,
and standards.

Examinations:

Ben’s Security+ 701 Notes 58

 Formal reviews or assessments performed by external entities, such as
auditors or regulators, to evaluate the organization's compliance with legal
and regulatory requirements.

Assessment:

Comprehensive evaluations conducted by independent assessors or third-

party auditors to assess the organization's adherence to industry
standards, best practices, and contractual obligations.

Independent Third-Party Audit:

Examination of the organization's compliance status and controls by

external auditors or assessors who are independent of the organization's
management structure.

Penetration Testing:

Physical:

Testing focused on assessing the physical security controls,

vulnerabilities, and potential points of entry to facilities or premises.

Offensive:

Simulation of cyber attacks and exploitation attempts to identify

weaknesses in networks, systems, and applications from the perspective
of potential adversaries.

Defensive:

Evaluation of defensive measures, detection capabilities, and incident

response processes to assess the organization's ability to withstand and
mitigate cyber attacks.

Integrated:

Coordinated testing approach that combines offensive and defensive

strategies to simulate real-world attack scenarios and evaluate overall
security posture.

Known Environment:

Testing conducted in environments where the organization has full

knowledge of its infrastructure, systems, and security controls.

Ben’s Security+ 701 Notes 59

 Partially Known Environment:

Assessment performed in environments where the organization has limited

knowledge or visibility into its infrastructure, systems, or security
measures.

Unknown Environment:

Testing conducted in environments where the organization has no prior

knowledge or information about its infrastructure, systems, or security
controls.

Reconnaissance:

Initial phase of penetration testing focused on gathering information about

the target environment through passive or active methods.

Passive:

Gathering information without directly interacting with the target, such

as through public sources or passive network monitoring.

Active:

Proactively seeking information by directly interacting with the target

environment, such as through network scans or vulnerability
assessments.

5.6 Given a scenario, implement security awareness practices.

Phishing:

Campaigns:

Coordinated efforts by attackers to distribute fraudulent communications,

typically via email, aimed at deceiving recipients into divulging sensitive
information or performing actions that compromise security.

Recognizing a Phishing Attempt:

Ben’s Security+ 701 Notes 60

 Training employees to identify common indicators of phishing emails, such
as suspicious sender addresses, unfamiliar URLs, grammatical errors,
urgent language, and requests for sensitive information.

Responding to Reported Suspicious Messages:

Establishing protocols for promptly investigating and addressing reported

phishing attempts, including verification, communication with affected
parties, and mitigation measures to prevent further exposure.

Anomalous Behavior Recognition:

Risky:

Identifying behaviors or actions that deviate from established norms or

pose a potential risk to the organization's security, such as accessing
unauthorized resources or downloading suspicious files.

Unexpected:

Noticing actions or events that are unusual or unexpected in the context of

typical user behavior, which may indicate a security incident or
compromise.

Unintentional:

Recognizing inadvertent actions or mistakes made by users that could

inadvertently compromise security, such as clicking on malicious links or
sharing sensitive information.

User Guidance and Training:

Policy/Handbooks:

Providing employees with clear guidelines and policies regarding

acceptable use of technology resources, security best practices, and
procedures for handling sensitive information.

Situational Awareness:

Educating users about the tactics and techniques used by cyber attackers,
promoting awareness of potential threats, and encouraging vigilance in
identifying and reporting suspicious activities.

Insider Threat:

Ben’s Security+ 701 Notes 61

 Raising awareness about the risks posed by insider threats, including
unintentional and malicious actions by employees, contractors, or other
trusted entities.

Password Management:

Educating users on the importance of strong, unique passwords, and

implementing password management practices such as regular updates
and the use of multifactor authentication.

Removable Media and Cables:

Providing guidance on the secure use of removable media and cables to

prevent data loss or unauthorized access, including policies for encryption
and secure disposal.

Social Engineering:

Training employees to recognize and resist social engineering tactics used

by attackers to manipulate individuals into divulging confidential
information or performing actions that compromise security.

Operational Security:

Promoting operational security practices to safeguard sensitive

information and assets, including physical security measures, data
encryption, and secure communication protocols.

Hybrid/Remote Work Environments:

Offering guidance and best practices for maintaining security in hybrid or

remote work environments, including secure connectivity, device
management, and data protection measures.

Reporting and Monitoring:

Initial:

Establishing channels for employees to report suspicious activities,

security incidents, or potential threats, ensuring timely response and
investigation by security teams.

Recurring:

Ben’s Security+ 701 Notes 62

 Implementing ongoing monitoring and reporting mechanisms to track
security-related events, analyze trends, and identify areas for
improvement in security posture.

Development:

Creating and delivering training programs and materials to educate employees

on security awareness, phishing prevention, and incident response
procedures.

Execution:

Implementing security awareness training initiatives, phishing simulations, and

incident response exercises to test and reinforce the effectiveness of user
training and awareness efforts.

Bonus Tips:

Once you finish reviewing material and notes, continue to take practice exams.
When I started scoring around 75-85% on my practice exams, I felt confident
enough to take the exam and passed.

Here are the practice exams I used:

Udemy (Jason Dion) Practice Exams: https://bit.ly/46VaMOC

This channel is how I studied for the Performance-Based questions:

https://www.youtube.com/@cyberkraft1

During the exam, don’t spend too much time on any question. I review the
several mistakes to avoid in this video here
👉 https://www.youtube.com/watch?v=iWjI6Kll0Gs&t=2s
Be confident in your knowledge and don’t overthink it!

Last of all, I wish you the best of luck on your exam! Continue to push yourself,
and develop your skills! Cybersecurity is a field that welcomes people from all
backgrounds, and this is just the beginning!

Ben’s Security+ 701 Notes 63

 I hope you stay in touch with me via either my YouTube channel
(https://www.youtube.com/bentruong) or on a more personal level on my
Instagram + TikTok @CyberWithBen

Ben’s Security+ 701 Notes 64