Back to Course

CompTIA Security+ SY0-601 Course

0% Complete
0/0 Steps
  1. About the course and exam
    About the course and certification
  2. About the course author
  3. Pre-requisites
  4. Tools and tips to help you study more efficiently
  5. Study techniques that will help you pass
  6. What surprised me the most about the exam
  7. Domain 1: Threats, Attacks, and Vulnerabilities
    About threats, attacks, and vulnerabilities
  8. 1.1: Compare and contrast social engineering techniques
    What is social engineering?
  9. Principles
  10. Spam
  11. Blocking and Managing Spam
  12. Phishing
  13. Smishing
  14. Vishing
  15. Spear Phishing
  16. Whaling
  17. Impersonation
  18. Dumpster diving
  19. Shoulder surfing
  20. Pharming
  21. Tailgating
  22. Eliciting information
  23. Prepending
  24. Identity fraud
  25. Invoice scams
  26. Credentials harvesting
  27. Reconnaissance
  28. Hoax
  29. Watering hole attack
  30. Typo squatting and URL hijacking
  31. Influence campaigns
  32. Hybrid warfare
  33. Practical knowledge check
  34. 1.2: Analyze potential indicators to determine the type of attack
    What is malware?
  35. Malware classification
  36. Virus
  37. Worms
  38. Backdoor
  39. Trojans
  40. Remote Access Trojan (RAT)
  41. Ransomware and Crypto Malware
  42. How does ransomware work?
  43. Potentially unwanted programs (PUPs)
  44. Spyware
  45. Adware and Malvertising
  46. Keyloggers
  47. Fileless malware
  48. Logic bombs
  49. Rootkit
  50. Bots and Botnets
  51. Command and control
  52. What are password attacks?
  53. Plaintext, encrypted, and hashed passwords
  54. Brute force
  55. Dictionary attacks
  56. Spraying attacks
  57. Rainbow and hash tables
  58. Credential stuffing
  59. What are physical attacks?
  60. Malicious universal serial bus (USB) cable
  61. Malicious flash drive
  62. Card cloning
  63. Skimming
  64. What is adversarial AI and tainted training for ML?
  65. Supply-chain attacks
  66. Cloud-based vs. on-premises attacks
  67. Cryptography concepts
  68. Cryptographic attacks
  69. Quiz: 1.2
    3 Quizzes
  70. 1.3: Analyze potential indicators associated with application attacks
    Privilege escalation
  71. Improper input handling
  72. Improper error handling
  73. Cross-Site Scripting (XSS)
  74. Structured Query Language (SQL) injections
  75. Dynamic Link Library (DLL) Injections
  76. Lightweight directory access protocol (LDAP) Injections
  77. Extensible Markup Language (XML) and XPATH Injections
  78. XXE Injections
  79. Directory traversal
  80. Request forgeries (server-side, client-side, and cross-site)
  81. Application Programming Interface (API) attacks
  82. Secure Sockets Layer (SSL) stripping
  83. Replay attacks (session replays)
  84. Pass the hash
  85. Race conditions (time of check and time of use)
  86. Resource exhaustion
  87. Memory leak
  88. Pointer/object dereference
  89. Integer overflow
  90. Buffer overflows
  91. Driver manipulation (shimming and refactoring)
  92. Quiz 1.3
    2 Quizzes
  93. 1.4: Analyze potential indicators of network attacks
    What are wireless attacks?
  94. Distributed Denial of Service (DDoS)
  95. Rogue access point and Evil Twin
  96. Bluesnarfing and Bluejacking
  97. Disassociation and Jamming
  98. Radio Frequency Identifier (RFID) attacks
  99. Near Field Communication (NFC)
  100. Initialization Vector (IV)
  101. Man in the middle (on-path)
  102. Man in the browser (on-path browser)
  103. What are layer 2 attacks?
  104. Address resolution protocol (ARP)
  105. Media access control (MAC) flooding
  106. MAC cloning
  107. What are Domain Name System (DNS) attacks and defenses?
  108. Domain hijacking
  109. DNS poisoning
  110. Universal resource locator (URL) redirection
  111. Domain reputation
  112. Quiz 1.4
    1 Quiz
  113. 1.5: Explain threat actors, vectors, and intelligence sources
    What are actors and threats?
  114. Attributes of actors
  115. Vectors
  116. Insider threats
  117. State actors
  118. Hacktivists
  119. Script kiddies
  120. Hackers (white hat, black hat, gray hat)
  121. Criminal syndicates
  122. Advanced persistent threats (APTs)
  123. Shadow IT
  124. Competitors
  125. Threat intelligence sources (OSINT and others)
  126. Using threat intelligence
  127. Research sources
  128. Quiz 1.5
    1 Quiz
  129. 1.6: Security concerns associated with various vulnerabilities
    Cloud-based vs. on-premises vulnerabilities
  130. Zero-day vulnerabilities
  131. Weak configurations
  132. Weak encryption, hashing, and digital signatures
  133. Third-party risks
  134. Improper or weak patch management
  135. Legacy platforms
  136. Impacts
  137. Quiz 1.6
    1 Quiz
  138. 1.7: Summarizing techniques used in security assessments
    Threat hunting
  139. Vulnerability scans
  140. Security information and event management (SIEM) and Syslog
  141. Security orchestration, automation, and response (SOAR)
  142. Quiz 1.7
    1 Quiz
  143. 1.8: Explaining techniques used in penetration testing
    Important pentesting concepts
  144. Bug bounties
  145. Exercise types (red, blue, white, and purple teams)
  146. Passive and active reconnaissance
  147. Quiz 1.8
    1 Quiz
  148. Domain 2: Architecture and Design
    About architecture and design
  149. 2.1: Explaining the importance of security concepts in an enterprise environment
    Configuration management
  150. Data sovereignty
  151. Data protection
  152. Hardware security module (HSM) and Trusted Platform Module (TPM)
  153. Geographical considerations
  154. Cloud access security broker (CASB)
  155. Response and recovery controls
  156. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) inspection
  157. Hashing
  158. API considerations
  159. Site resiliency
  160. Deception and disruption
  161. Quiz 2.1
    1 Quiz
  162. 2.2: Virtualization and cloud computing concepts
    Comparing cloud models
  163. Cloud service providers
  164. Virtualization
  165. Containers
  166. Microservices and APIs
  167. Serverless architecture
  168. MSPs and MSSPs
  169. On-premises vs. off-premises
  170. Edge computing
  171. Fog computing
  172. Thin client
  173. Infrastructure as Code
  174. Services integration
  175. Resource policies
  176. Transit gateway
  177. Quiz 2.2
    1 Quiz
  178. 2.3: Secure application development, deployment, and automation concepts
    Understanding development environments
  179. Automation and scripting
  180. Version control
  181. Secure coding techniques
  182. Open Web Application Security Project (OWASP)
  183. Integrity measurement
  184. Software diversity
  185. Provisioning and deprovisioning
  186. Elasticity
  187. Scalability
  188. Quiz 2.3
    1 Quiz
  189. 2.4: Authentication and authorization design concepts
    Important authentication and authorization concepts
  190. Multifactor authentication (MFA) factors and attributes
  191. Quiz: MFA factors and attributes
    1 Quiz
  192. Authentication technologies
  193. Biometrics techniques and concepts
  194. Authentication, authorization, and accounting (AAA)
  195. Cloud vs. on-premises requirements
  196. Quiz 2.4
    1 Quiz
  197. 2.5: Implementing cybersecurity resilience
    What is redundancy?
  198. Disk redundancy (RAID levels)
  199. Network redundancy
  200. Power redundancy
  201. Replication
  202. Backup types (full, incremental, differential, and snapshot)
  203. Backup types practice scenarios
  204. Backup devices and strategies
  205. Quiz: Backup types, devices, and strategies
    1 Quiz
  206. Non-persistence
  207. Restoration order
  208. Diversity
  209. Quiz 2.5
    1 Quiz
  210. 2.6: Security implications of embedded and specialized systems
    What are embedded systems?
  211. System on a Chip (SoC)
  212. SCADA and ICS
  213. Internet of Things (IoT)
  214. Specialized systems
  215. VoIP, HVAC, Drones/AVs, MFP, RTOS, Surveillance systems
  216. Communication considerations
  217. Important constraints
  218. 2.7: Importance of physical security controls
    Bollards/barricades, Mantraps, Badges, Alarms, Signage
  219. Lighting and fencing
  220. Cameras and Closed-circuit television (CCTV)
  221. Industrial camouflage
  222. Personnel, robots, drones/UAVs
  223. Locks
  224. Different sensors
  225. Fire suppression
  226. Protected cable distribution (PCD)
  227. Secure areas (air gap, faraday cages, DMZ, etc…)
  228. Hot and cold aisles
  229. Secure data destruction
  230. USB data blocker
  231. Quiz 2.7
    1 Quiz
  232. 2.8: Basics of cryptography
    Common use cases
  233. Key length
  234. Key stretching
  235. Salting, hashing, digital signatures
  236. Perfect forward secrecy
  237. Elliptic curve cryptography
  238. Ephemeral
  239. Symmetric vs. asymmetric encryption
  240. Key exchange
  241. Cipher suites
  242. Modes of operation
  243. Lightweight cryptography and Homomorphic encryption
  244. Steganography
  245. Blockchain
  246. Quantum and post-quantum
  247. Limitations
  248. Quizzes 2.8
    2 Quizzes
  249. Domain 3: Implementation
    About implementation
  250. 3.1: Implement Secure Protocols
    Important protocols to know and use cases
  251. Important email secure protocols
  252. IPsec and VPN
  253. FTPS, SFTP, SCP
  254. DNSSEC
  255. SRTP and NTPsec
  256. DHCP
  257. SNMP and SNMPv3
  258. 3.2: Implement host or application security solutions
    Endpoint protection
  259. Self-encrypting drive (SED), full disk encryption (FDE), and file-level encryption
  260. Boot integrity
  261. Database and data security
  262. Application security
  263. Hardening hosts
  264. Sandboxing
  265. 3.3: Implement secure network designs
  266. Load balancing
  267. Network segmentation
  268. East-West and North-South
  269. Jump servers (bastion hosts)
  270. Network Address Translation (NAT) Gateway
  271. Proxy servers
  272. Out-of-band management
  273. Virtual Private Networks (VPNs) and IPsec
  274. Network Access Control (NAC)
  275. Port security
  276. Network-based intrusion detection system (NIDS) and network-based intrusion prevention system (NIPS)
  277. Firewalls
  278. Next-Generation Firewalls
  279. Access Control List (ACL) and Security Groups (SGs)
  280. Quality of Service (QoS)
  281. Implications of IPv6
  282. Port scanning and port mirroring
  283. File integrity monitors
  284. 3.4: Install and configure wireless security settings
    Cryptographic protocols
  285. Methods
  286. Authentication protocols
  287. Installation considerations
  288. 3.5: Implement secure mobile solutions
    Connection methods and receivers
  289. Mobile deployment models
  290. Mobile device management (MDM)
  291. Mobile devices
  292. Enforcement and monitoring
  293. 3.6: Apply cybersecurity solutions to the cloud
    Cloud security controls
  294. Secure cloud storage
  295. Secure cloud networking
  296. Secure cloud compute resources
  297. Secure cloud solutions
  298. 3.7: Implement identity and account management controls
    Understanding identity
  299. Account types to consider
  300. Account policies to consider
  301. 3.8: Implement authentication and authorization solutions
    Authentication management
  302. Authentication protocols and considerations
  303. Extensible Authentication Protocol (EAP)
  304. RADIUS and TACACS+
  305. Kerberos, LDAP, and NTLM
  306. Federated Identities
  307. Access control schemes
  308. Recap notes from this section
  309. 3.9: Implement public key infrastructure
    What is public key infrastructure?
  310. Types of certificates
  311. Certificate formats
  312. Important concepts
  313. 4.0: Operations and Incident Response
    About operations and incident response
  314. 4.1: Use the appropriate tools to assess organizational security
    Network reconnaissance and discovery part 1
  315. Network reconnaissance and discovery part 2
  316. File manipulation
  317. Shell and script environments
  318. Packet capture and replay
  319. Forensics tools
  320. Exploitation frameworks
  321. Password crackers
  322. Data sanitization
  323. 4.2: Policies, processes, and procedures for incident response
    Incident response plans
  324. Incident response process
  325. Important exercises
  326. Important attack frameworks
  327. BCP, COOP, and DRP
  328. Incident response team and stakeholder management
  329. Retention policies
  330. 4.3: Using appropriate data sources to support investigations after an incident
    Vulnerability scan outputs
  331. SIEM dashboards
  332. Log files
  333. Syslog, rsyslog, syslog-ng
  334. Journald and journalctl
  335. NXLog
  336. Bandwidth and network monitors
  337. Important and useful metadata
  338. 4.4: Applying mitigation techniques or controls to secure environments during an incident
    Reconfiguring endpoint security solutions
  339. Configuration changes
  340. Isolation, containment, and segmentation
  341. Secure Orchestration, Automation, and Response (SOAR)
  342. 4.5: Key aspects of digital forensics
    Documentation and evidence
  343. E-discovery, data recovery, and non-repudiation
  344. Integrity and preservation of information
  345. Acquisition
  346. On-premises vs. cloud
  347. Strategic intelligence and counterintelligence
  348. Domain 5: Governance, Risk, and Compliance
    About governance, risk and compliance
  349. 5.1: Compare and contrast various types of controls
  350. Control types
  351. 5.2: Applicable regulations, standards, or frameworks that impact organizational security posture
    Regulations, standards, and legislation
  352. Key frameworks to know about
  353. Benchmarks and secure configuration guides
  354. 5.3: Importance of policies to organizational security
  355. User training
  356. Third-party risk management
  357. Data
  358. Credential policies
  359. Organizational policies
  360. 5.4 Risk management processes and concepts
    Types of risks
  361. Risk management strategies
  362. Risk analysis
  363. Disasters
  364. Business impact analysis
  365. 5.5: Privacy and sensitive data concepts in relation to security
    Organizational consequences of privacy breaches
  366. Notifications of breaches
  367. Data types
  368. Privacy enhancing technologies
  369. Roles and responsibilities
  370. Course Recap and Next Steps
    Looking for the practice exams?
  371. Receiving your Certificate of Completion
Lesson 4 of 371
In Progress

Tools and tips to help you study more efficiently

Christophe November 22, 2021

If your idea of studying is to watch back-to-back videos or even read a book from start to finish, or if you have ADHD and you can’t sit still long enough to get past 3 videos before needing a break, then the next two videos are for you.

While I’ve never gone in to get diagnosed for ADHD, I have an extremely hard time sitting still and watching videos or reading for long periods of time. So I’ve had to find techniques that work for me, and I hope they also work for you.

Or again, if you’re planning on sitting there watching 30 videos back-to-back, in the end, you won’t remember concepts from the first 20.

Or, if you just write down quick notes from each lecture and you later just try to read back through them, you won’t remember 90% of what you’ve read by the time you’re done.

Don’t just watch videos back to back and take notes. That is not effective studying.

In this video, I’ll share tools that can help you stay on track with your studies and that can make notetaking, or your studying in general, more effective.

In the next lesson, I’ll share more insights into scientifically proven study techniques to increase your attention.

Oh also, this video is not sponsored by anyone or any company, so if I mention any products by name, it’s because I’ve personally used them and I personally found them helpful. I also don’t have any affiliate links or anything like that. What matters most is that you find tools that work best for you, and that may not always be the same tools that I use.

Notetaking tips

Let’s talk about notetaking.

I am not a paper and pencil kind of guy. I’ve heard the studies that say it’s typically better, and frankly I still don’t care. My handwriting is absolutely awful so I can’t re-read my notes half the time, it looks super messy, and it takes so much longer that I don’t have the patience for it.

Instead, the best tool that I’ve found for writing notes to this day is Notion. Notion has sponsored huge YouTube channels for a while now (I’m not sponsored, though) so I’m sure you’ve heard of it and there are plenty of tutorials out there, but as you can see here, I use it extensively. I use it to create my courses, and I also used it to study for the exam.

I’ve also made this study template available for you to use. You can copy it (top right corner) and make it your own!

Again, I’ll talk a bit more about notetaking strategies in the next video, for now, let’s focus on the tools.

So if you’re good with paper and pencil, then that’s a great approach. The only downside here is that you won’t be able to search your notes later on, unless you upload them to something that takes your notes and transcribes them. I’ve never tried that kind of software before, but I heard it can be pretty good.

If you’re more of a digital notetaker like I am, use a tool like Notion to take more structured notes. This is such a large exam with so many concepts that if you just dump all your notes in one document, it will get messy really fast.

Pomodoro Technique

Next, let’s talk about staying focused on your studies. If you have ADHD or something similar, this, I think, will help you a lot if you don’t already do it.

I have been using what’s called the Pomodoro Technique on days that I have a very hard time focusing. So it’s not every day, but pretty close to it.


One of the hardest parts is getting started. You procrastinate because all of a sudden you remember 10 other things that you’re supposed to have done already, like maybe cleaning your desk, doing the dishes, vacuuming, or whatever else. Before you know it, 2 hours have gone by, and you still haven’t studied a thing.

One main reason this happens is that we’re overwhelmed with the idea of what comes ahead. We subconsciously think that studying is going to be super tough, and so our brains don’t want to get started.

However, the Pomodoro Technique helps reduce that feeling by giving concrete start and stop times. It’s essentially a time management system that separates your tasks into specific periods of time.

Usually, or by default, sessions are 25 minutes long with 5 minutes breaks.

So when you start the clock, you already know that you’re only going to be studying for 25 minutes. That tells your brain that it really won’t be so bad, because after that 25 minutes, you’ll have a break. Then, after 4 of these sessions, you get an even bigger break — typically 15 to 20 minutes.

Personally, I don’t like the 5 minutes breaks. The 25 minutes works fine for me, because that’s usually long enough to focus on a task intensely and then after that I usually need a break, but 5 minutes isn’t even enough time for me to stand up and walk around. So instead, I take 10 minutes break in between each 25 mins session, and then my longer break is 20 minutes.

That gives me enough time to walk around or pull up a YouTube video for some entertainment, and then I feel like I’m ready to get back to studying.

Experiment with times to see what you personally prefer, but if you’re not currently using the Pomodoro Technique, I highly, highly recommend it.

There are many free apps out there that you can put on your phone, or you can also use browser ones like I do and just have a background window that’s running the timer.

Tell family, friends, colleagues, etc…that you will be inaccessible for the next 25 minutes

Along the same lines, it’s really important that you tell your family, friends, colleagues, or whoever else you need to tell, that you will be inaccessible for the next 25 minutes.

At a minimum, put your devices on “Do Not Disturb,” although some people will benefit from turning their devices off completely. I’m serious — turn your phone off if you find yourself constantly checking it.

As long as you give people a timeframe of when you’ll be available again, I’ve found that this usually helps out a bunch.

Get a good pair of noise-canceling headphones

If you can afford to, I also highly recommend getting a good pair of noise-canceling headphones, and put on music without any lyrics. There are great studying playlists available on YouTube that you can pop on while you study, and these help me tremendously.

The noise cancelation helps you get immersed in your studies and in the music, and it avoids distractions that are coming in from the outside world.

Sometimes even just a distant loud car exhaust can break my focus, but a good pair of noise cancelation headphones can tune out most of those distractions.

I personally use the Sony headphones and really enjoy them, but I’ve recently picked up a pair of DT 770 Pros for audio editing, and not only do they sounds absolutely incredible with music, but they also do a fantastic job of blocking outside sounds even without any noise cancelation.

Join a community. It increases your odds of passing!

Another recommendation is that you join a community. Obviously, I’d love for you to join Cybr’s Discord community by going to, but what matters most is that you find other members who are also studying for the exam. Maybe they’re a little bit more experienced than you are, or they’re ahead with their studies. Either way, having someone that will hold you accountable — even indirectly — will work wonders.

This is the same as if you were to go to the gym by yourself versus with a gym partner. While some people can stay self-motivated, many need to have that external driver to keep showing up day-in and day-out.

The same applies to studying. If it’s just you, you’ll be more likely to slack or take the day off. If you’ve got someone else also studying and keeping track, then that will motivate you to push through even when it gets tough.

So this one really is a no-brainer.

Stay healthy while you’re studying

Last, but certainly not least, stay healthy during this time! A lot of people will stop going to the gym, or they’ll let studying cut into their sleeping time.

That’s the absolute worst time for you to be doing that!

There are countless studies that prove that physical exercise helps with mood, creativity, and memory. All 3 of those are important to helping you pass your exam, so you don’t want to lose that.

The same holds true for sleep. If you don’t sleep enough, your brain literally cannot retain information as well. So that extra studying you’re doing that’s cutting into your sleep is actually doing more harm than good.

Instead, plan your studies ahead of and create a solid schedule, and that way you won’t have to cut into your sleep schedule.


Alright, that’s it for now. I didn’t even mean for the video to go on this long, but these are super important topics that I truly believe will help increase your odds of passing the exam, so don’t lose track of them as you go on with your studies.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Great content. I’d not heard of ‘Notion’, looks to be a very useful piece of software, I’ll definitely give it a try and ‘Yes Please’ to the course content notion template.

    1. Glad my recommendation was helpful then! I will definitely plan on making the Notion template available, though please give me a few days as I need to clean it up and make it ready for sharing 🙂