Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
475 views5 pages

### CompTIA Security+ Study Guide

Uploaded by

Meaghan Hoffman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
475 views5 pages

### CompTIA Security+ Study Guide

Uploaded by

Meaghan Hoffman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

### **CompTIA Security+ Study Guide**

#### **Exam Overview**


The CompTIA Security+ certification validates core security skills required for a career in IT
security. It covers key areas such as risk management, cryptography, and network security. The
exam code is **SY0-601**.

---

### **Domains and Objectives**


The Security+ exam focuses on six main domains:

1. **Attacks, Threats, and Vulnerabilities (24%)**


- Types of malware (viruses, worms, Trojans, ransomware, etc.)
- Social engineering attacks (phishing, spear phishing, etc.)
- Threat actors and vectors
- Vulnerability scanning and penetration testing
- Indicators of compromise and threat intelligence

2. **Architecture and Design (21%)**


- Secure network architecture (firewalls, VLANs, etc.)
- Cloud security and virtualization concepts
- Security controls (physical, administrative, technical)
- Secure system design principles
- Application security best practices

3. **Implementation (25%)**
- Secure protocols (HTTPS, SFTP, SSH, etc.)
- Endpoint and mobile device security
- Secure network configurations
- Identity and access management controls (MFA, biometrics, etc.)
- Public Key Infrastructure (PKI)

4. **Operations and Incident Response (16%)**


- Incident response procedures (identification, containment, recovery)
- Digital forensics basics
- Threat hunting and monitoring
- Analyzing logs and alerts
- Business continuity and disaster recovery

5. **Governance, Risk, and Compliance (14%)**


- Security frameworks and best practices (NIST, ISO, etc.)
- Risk management concepts
- Legal and regulatory compliance (GDPR, HIPAA, etc.)
- Policies, procedures, and training

---

### **Study Resources**


#### **Books**
- **CompTIA Security+ Certification Guide by Mike Meyers**
- **CompTIA Security+ Study Guide by Darril Gibson**

#### **Online Platforms**


- **CompTIA Security+ eLearning on CompTIA’s official website**
- **Cybrary: Free Security+ courses**
- **Professor Messer’s Security+ videos (YouTube)**

#### **Practice Exams**


- **CompTIA Official Practice Tests**
- **MeasureUp Practice Exams**
- **ExamCompass Free Practice Tests**

---

### **Study Plan**


#### Week 1-2: Understand Basics
- Review key concepts in cybersecurity.
- Study malware types, threat actors, and social engineering attacks.
- Practice identifying vulnerabilities and exploits.

#### Week 3-4: Secure Architecture and Design


- Learn network security principles and cloud security.
- Study secure application design and system hardening.
- Use case studies to understand practical implementations.

#### Week 5-6: Master Implementation


- Memorize secure protocols and configurations.
- Practice setting up firewalls and VPNs in a lab environment.
- Study PKI concepts and implement test scenarios.

#### Week 7: Incident Response and Operations


- Understand incident response frameworks.
- Practice analyzing logs and alerts.
- Familiarize yourself with forensic tools and techniques.

#### Week 8: Governance and Review


- Study regulatory frameworks and risk management.
- Review practice exams and focus on weak areas.
- Take timed mock exams to improve confidence.

---

### **Tips for Success**


1. **Understand the Concepts:** Focus on grasping the "why" behind each security measure,
not just memorizing facts.
2. **Hands-On Practice:** Set up a home lab to practice securing networks and devices.
3. **Use Flashcards:** Memorize acronyms and protocols using tools like Quizlet.
4. **Take Breaks:** Avoid burnout by studying in focused sessions with breaks in between.
5. **Join Communities:** Engage in forums like Reddit’s r/CompTIA or Discord groups for peer
support.

---

### **Exam Day Tips**


- Get a good night’s sleep before the exam.
- Arrive early and bring proper identification.
- Read each question carefully and eliminate obviously incorrect answers.
- Manage your time—don’t get stuck on one question for too long.
- Use the review option to revisit flagged questions at the end.

Good luck on your journey to becoming Security+ certified!

CIA Triad

Confidentiality - data is accessible to those with authorization


Integrity - ensures that data remains unchanged and genuine
Availability - ensures systems, apps, and data are available when people need them

Threat actors

Internal
1) Hactivist
Resources low
Funding low

2) **Insider threats
Resources high
Funding may be low
Capability high
3) Shadow IT

External

Unskilled
Low funding
Capability low

Application Allow List


Gatekeeper in cyber
Only known and trusted get access to apps/software

APTS (Advanced Persistent Threats) ex: organized crime, nation states

Highly skilled, well-financed, a lot of time on hands


Often backed by nation states
Attacks are prolonged, sophisticated, and stealthy
External
All are high (resources, funding, sophistication)

Threat Intelligence

Facilitate risk management


Hardening can reduce response time
Provide cybersecurity insight
Adversary tactics, techniques, procedures (TTP)
Threat maps (ex: geographical representations of malware outbreaks)

Threat intelligence sources

Closed/Proprietary

File/code repositories (GitHub)

Vulnerability Database (CVE)

OSINT (Open Source Intelligence)


Govt reports
Media reports
Academic Reports

Dark Web/Dark Net


Tor network - sits over network and anonymizes connection
Not indexed by search engines

-journalists
Law enforcement
Govt informants

Ex:

Tor browser (canada) -> Tor network (canada) -> tor relay servers throughout world -> tor
network exit point (Austria) -> tor browser (Austria)

You might also like