Back to Course

CompTIA Security+ SY0-601 Course

0% Complete
0/0 Steps
  1. About the course and exam
    About the course and certification
  2. About the course author
  3. Pre-requisites
  4. Tools and tips to help you study more efficiently
  5. Study techniques that will help you pass
  6. What surprised me the most about the exam
  7. Domain 1: Threats, Attacks, and Vulnerabilities
    About threats, attacks, and vulnerabilities
  8. 1.1: Compare and contrast social engineering techniques
    What is social engineering?
  9. Principles
  10. Spam
  11. Blocking and Managing Spam
  12. Phishing
  13. Smishing
  14. Vishing
  15. Spear Phishing
  16. Whaling
  17. Impersonation
  18. Dumpster diving
  19. Shoulder surfing
  20. Pharming
  21. Tailgating
  22. Eliciting information
  23. Prepending
  24. Identity fraud
  25. Invoice scams
  26. Credentials harvesting
  27. Reconnaissance
  28. Hoax
  29. Watering hole attack
  30. Typo squatting and URL hijacking
  31. Influence campaigns
  32. Hybrid warfare
  33. Practical knowledge check
  34. 1.2: Analyze potential indicators to determine the type of attack
    What is malware?
  35. Malware classification
  36. Virus
  37. Worms
  38. Backdoor
  39. Trojans
  40. Remote Access Trojan (RAT)
  41. Ransomware and Crypto Malware
  42. How does ransomware work?
  43. Potentially unwanted programs (PUPs)
  44. Spyware
  45. Adware and Malvertising
  46. Keyloggers
  47. Fileless malware
  48. Logic bombs
  49. Rootkit
  50. Bots and Botnets
  51. Command and control
  52. What are password attacks?
  53. Plaintext, encrypted, and hashed passwords
  54. Brute force
  55. Dictionary attacks
  56. Spraying attacks
  57. Rainbow and hash tables
  58. Credential stuffing
  59. What are physical attacks?
  60. Malicious universal serial bus (USB) cable
  61. Malicious flash drive
  62. Card cloning
  63. Skimming
  64. What is adversarial AI and tainted training for ML?
  65. Supply-chain attacks
  66. Cloud-based vs. on-premises attacks
  67. Cryptography concepts
  68. Cryptographic attacks
  69. Quiz: 1.2
    3 Quizzes
  70. 1.3: Analyze potential indicators associated with application attacks
    Privilege escalation
  71. Improper input handling
  72. Improper error handling
  73. Cross-Site Scripting (XSS)
  74. Structured Query Language (SQL) injections
  75. Dynamic Link Library (DLL) Injections
  76. Lightweight directory access protocol (LDAP) Injections
  77. Extensible Markup Language (XML) and XPATH Injections
  78. XXE Injections
  79. Directory traversal
  80. Request forgeries (server-side, client-side, and cross-site)
  81. Application Programming Interface (API) attacks
  82. Secure Sockets Layer (SSL) stripping
  83. Replay attacks (session replays)
  84. Pass the hash
  85. Race conditions (time of check and time of use)
  86. Resource exhaustion
  87. Memory leak
  88. Pointer/object dereference
  89. Integer overflow
  90. Buffer overflows
  91. Driver manipulation (shimming and refactoring)
  92. Quiz 1.3
    2 Quizzes
  93. 1.4: Analyze potential indicators of network attacks
    What are wireless attacks?
  94. Distributed Denial of Service (DDoS)
  95. Rogue access point and Evil Twin
  96. Bluesnarfing and Bluejacking
  97. Disassociation and Jamming
  98. Radio Frequency Identifier (RFID) attacks
  99. Near Field Communication (NFC)
  100. Initialization Vector (IV)
  101. Man in the middle (on-path)
  102. Man in the browser (on-path browser)
  103. What are layer 2 attacks?
  104. Address resolution protocol (ARP)
  105. Media access control (MAC) flooding
  106. MAC cloning
  107. What are Domain Name System (DNS) attacks and defenses?
  108. Domain hijacking
  109. DNS poisoning
  110. Universal resource locator (URL) redirection
  111. Domain reputation
  112. Quiz 1.4
    1 Quiz
  113. 1.5: Explain threat actors, vectors, and intelligence sources
    What are actors and threats?
  114. Attributes of actors
  115. Vectors
  116. Insider threats
  117. State actors
  118. Hacktivists
  119. Script kiddies
  120. Hackers (white hat, black hat, gray hat)
  121. Criminal syndicates
  122. Advanced persistent threats (APTs)
  123. Shadow IT
  124. Competitors
  125. Threat intelligence sources (OSINT and others)
  126. Using threat intelligence
  127. Research sources
  128. Quiz 1.5
    1 Quiz
  129. 1.6: Security concerns associated with various vulnerabilities
    Cloud-based vs. on-premises vulnerabilities
  130. Zero-day vulnerabilities
  131. Weak configurations
  132. Weak encryption, hashing, and digital signatures
  133. Third-party risks
  134. Improper or weak patch management
  135. Legacy platforms
  136. Impacts
  137. Quiz 1.6
    1 Quiz
  138. 1.7: Summarizing techniques used in security assessments
    Threat hunting
  139. Vulnerability scans
  140. Security information and event management (SIEM) and Syslog
  141. Security orchestration, automation, and response (SOAR)
  142. Quiz 1.7
    1 Quiz
  143. 1.8: Explaining techniques used in penetration testing
    Important pentesting concepts
  144. Bug bounties
  145. Exercise types (red, blue, white, and purple teams)
  146. Passive and active reconnaissance
  147. Quiz 1.8
    1 Quiz
  148. Domain 2: Architecture and Design
    About architecture and design
  149. 2.1: Explaining the importance of security concepts in an enterprise environment
    Configuration management
  150. Data sovereignty
  151. Data protection
  152. Hardware security module (HSM) and Trusted Platform Module (TPM)
  153. Geographical considerations
  154. Cloud access security broker (CASB)
  155. Response and recovery controls
  156. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) inspection
  157. Hashing
  158. API considerations
  159. Site resiliency
  160. Deception and disruption
  161. Quiz 2.1
    1 Quiz
  162. 2.2: Virtualization and cloud computing concepts
    Comparing cloud models
  163. Cloud service providers
  164. Virtualization
  165. Containers
  166. Microservices and APIs
  167. Serverless architecture
  168. MSPs and MSSPs
  169. On-premises vs. off-premises
  170. Edge computing
  171. Fog computing
  172. Thin client
  173. Infrastructure as Code
  174. Services integration
  175. Resource policies
  176. Transit gateway
  177. Quiz 2.2
    1 Quiz
  178. 2.3: Secure application development, deployment, and automation concepts
    Understanding development environments
  179. Automation and scripting
  180. Version control
  181. Secure coding techniques
  182. Open Web Application Security Project (OWASP)
  183. Integrity measurement
  184. Software diversity
  185. Provisioning and deprovisioning
  186. Elasticity
  187. Scalability
  188. Quiz 2.3
    1 Quiz
  189. 2.4: Authentication and authorization design concepts
    Important authentication and authorization concepts
  190. Multifactor authentication (MFA) factors and attributes
  191. Quiz: MFA factors and attributes
    1 Quiz
  192. Authentication technologies
  193. Biometrics techniques and concepts
  194. Authentication, authorization, and accounting (AAA)
  195. Cloud vs. on-premises requirements
  196. Quiz 2.4
    1 Quiz
  197. 2.5: Implementing cybersecurity resilience
    What is redundancy?
  198. Disk redundancy (RAID levels)
  199. Network redundancy
  200. Power redundancy
  201. Replication
  202. Backup types (full, incremental, differential, and snapshot)
  203. Backup types practice scenarios
  204. Backup devices and strategies
  205. Quiz: Backup types, devices, and strategies
    1 Quiz
  206. Non-persistence
  207. Restoration order
  208. Diversity
  209. Quiz 2.5
    1 Quiz
  210. 2.6: Security implications of embedded and specialized systems
    What are embedded systems?
  211. System on a Chip (SoC)
  212. SCADA and ICS
  213. Internet of Things (IoT)
  214. Specialized systems
  215. VoIP, HVAC, Drones/AVs, MFP, RTOS, Surveillance systems
  216. Communication considerations
  217. Important constraints
  218. 2.7: Importance of physical security controls
    Bollards/barricades, Mantraps, Badges, Alarms, Signage
  219. Lighting and fencing
  220. Cameras and Closed-circuit television (CCTV)
  221. Industrial camouflage
  222. Personnel, robots, drones/UAVs
  223. Locks
  224. Different sensors
  225. Fire suppression
  226. Protected cable distribution (PCD)
  227. Secure areas (air gap, faraday cages, DMZ, etc…)
  228. Hot and cold aisles
  229. Secure data destruction
  230. USB data blocker
  231. Quiz 2.7
    1 Quiz
  232. 2.8: Basics of cryptography
    Common use cases
  233. Key length
  234. Key stretching
  235. Salting, hashing, digital signatures
  236. Perfect forward secrecy
  237. Elliptic curve cryptography
  238. Ephemeral
  239. Symmetric vs. asymmetric encryption
  240. Key exchange
  241. Cipher suites
  242. Modes of operation
  243. Lightweight cryptography and Homomorphic encryption
  244. Steganography
  245. Blockchain
  246. Quantum and post-quantum
  247. Limitations
  248. Domain 3: Implementation
    About implementation
  249. 3.1: Implement Secure Protocols
    Important protocols to know and use cases
  250. Important email secure protocols
  251. IPsec and VPN
  252. FTPS, SFTP, SCP
  253. DNSSEC
  254. SRTP and NTPsec
  255. DHCP
  256. SNMP and SNMPv3
  257. 3.2: Implement host or application security solutions
    Endpoint protection
  258. Self-encrypting drive (SED), full disk encryption (FDE), and file-level encryption
  259. Boot integrity
  260. Database and data security
  261. Application security
  262. Hardening hosts
  263. Sandboxing
  264. 3.3: Implement secure network designs
    DNS
  265. Load balancing
  266. Network segmentation
  267. East-West and North-South
  268. Jump servers (bastion hosts)
  269. Network Address Translation (NAT) Gateway
  270. Proxy servers
  271. Out-of-band management
  272. Virtual Private Networks (VPNs) and IPsec
  273. Network Access Control (NAC)
  274. Port security
  275. Network-based intrusion detection system (NIDS) and network-based intrusion prevention system (NIPS)
  276. Firewalls
  277. Next-Generation Firewalls
  278. Access Control List (ACL) and Security Groups (SGs)
  279. Quality of Service (QoS)
  280. Implications of IPv6
  281. Port scanning and port mirroring
  282. File integrity monitors
  283. 3.4: Install and configure wireless security settings
    Cryptographic protocols
  284. Methods
  285. Authentication protocols
  286. Installation considerations
  287. 3.5: Implement secure mobile solutions
    Connection methods and receivers
  288. Mobile deployment models
  289. Mobile device management (MDM)
  290. Mobile devices
  291. Enforcement and monitoring
  292. 3.6: Apply cybersecurity solutions to the cloud
    Cloud security controls
  293. Secure cloud storage
  294. Secure cloud networking
  295. Secure cloud compute resources
  296. Secure cloud solutions
  297. 3.7: Implement identity and account management controls
    Understanding identity
  298. Account types to consider
  299. Account policies to consider
  300. 3.8: Implement authentication and authorization solutions
    Authentication management
  301. Authentication protocols and considerations
  302. Extensible Authentication Protocol (EAP)
  303. RADIUS and TACACS+
  304. Kerberos, LDAP, and NTLM
  305. Federated Identities
  306. Access control schemes
  307. Recap notes from this section
  308. 3.9: Implement public key infrastructure
    What is public key infrastructure?
  309. Types of certificates
  310. Certificate formats
  311. Important concepts
  312. 4.0: Operations and Incident Response
    About operations and incident response
  313. 4.1: Use the appropriate tools to assess organizational security
    Network reconnaissance and discovery part 1
  314. Network reconnaissance and discovery part 2
  315. File manipulation
  316. Shell and script environments
  317. Packet capture and replay
  318. Forensics tools
  319. Exploitation frameworks
  320. Password crackers
  321. Data sanitization
  322. 4.2: Policies, processes, and procedures for incident response
    Incident response plans
  323. Incident response process
  324. Important exercises
  325. Important attack frameworks
  326. BCP, COOP, and DRP
  327. Incident response team and stakeholder management
  328. Retention policies
  329. 4.3: Using appropriate data sources to support investigations after an incident
    Vulnerability scan outputs
  330. SIEM dashboards
  331. Log files
  332. Syslog, rsyslog, syslog-ng
  333. Journald and journalctl
  334. NXLog
  335. Bandwidth and network monitors
  336. Important and useful metadata
  337. 4.4: Applying mitigation techniques or controls to secure environments during an incident
    Reconfiguring endpoint security solutions
  338. Configuration changes
  339. Isolation, containment, and segmentation
  340. Secure Orchestration, Automation, and Response (SOAR)
  341. 4.5: Key aspects of digital forensics
    Documentation and evidence
  342. E-discovery, data recovery, and non-repudiation
  343. Integrity and preservation of information
  344. Acquisition
  345. On-premises vs. cloud
  346. Strategic intelligence and counterintelligence
  347. Domain 5: Governance, Risk, and Compliance
    About governance, risk and compliance
  348. 5.1: Compare and contrast various types of controls
    Categories
  349. Control types
  350. 5.2: Applicable regulations, standards, or frameworks that impact organizational security posture
    Regulations, standards, and legislation
  351. Key frameworks to know about
  352. Benchmarks and secure configuration guides
  353. 5.3: Importance of policies to organizational security
    Personnel
  354. User training
  355. Third-party risk management
  356. Data
  357. Credential policies
  358. Organizational policies
  359. 5.4 Risk management processes and concepts
    Types of risks
  360. Risk management strategies
  361. Risk analysis
  362. Disasters
  363. Business impact analysis
  364. 5.5: Privacy and sensitive data concepts in relation to security
    Organizational consequences of privacy breaches
  365. Notifications of breaches
  366. Data types
  367. Privacy enhancing technologies
  368. Roles and responsibilities
  369. Course Recap and Next Steps
    Looking for the practice exams?
Lesson 6 of 369
In Progress

What surprised me the most about the exam

Christophe November 22, 2021

In this video, I want to share 4 things that surprised me about the CompTIA Security+ Certification exam.

For context, this was not my first IT certification exam. I have — over a number of years — taken and passed multiple certifications (mostly Amazon Web Services certifications) including professional-level certs that can be pretty tough.

With that said, I had not taken any CompTIA-specific certifications.

So the overall exam experience was quite familiar to me since some of my certs were also through Pearson testing.

That part was not surprising or out of the ordinary. It was normal.

However, there were 4 main things that kind of surprised me about the Security+

#1 – It had more networking questions than I thought it would

Networking is not my favorite or my strongest area. I’ve always just kind of struggled with it, and I think it’s mostly because I don’t enjoy it. It’s not that interesting of a topic to me for whatever reason.

I also knew that CompTIA has a Networking+ certification, but to be fair, I had heard that they’re starting to blur the lines a little bit more, and so I knew that I would see some networking questions on the exam, but it did surprise me to see that many networking questions.

Most of them for my version of the exam were around networking authentication protocols and encryption.

They might ask what’s the best protocol for a given scenario. What’s the correct security to use for a scenario, and so on.

So I’m glad that I experienced that first-hand because then I was able to come back and add more practice exam questions around those topics and make sure that I went in a little bit more depth in networking-related lessons for the course.

#2 – It has even more acronyms than I thought it would

Look, I’ve heard of these exams being referred to as vocabulary dumps, so I don’t know why it surprised me so much, but wow, so many acronyms get thrown into scenarios and questions.

I don’t have the best memory, so unless I’m using an acronym on a very frequent basis, I’m just not going to remember what it means. Context of how it’s used of course definitely helps, but if there’s an acronym in the question and you don’t know what that acronym stands for, your odds of answering correctly go down dramatically, because you don’t really know what the question is asking.

Acronyms in answers can be equally as challenging, but usually, if you know what the question is asking, it’s a little bit easier to remember what the correct answer acronym would be.

This might sound crazy, but I personally literally went through every acronym listed in the official CompTIA Security+ Objectives Guide PDF, I copy/pasted all of them, and I wrote succinct definitions for all of them. It took me forever, but there were a lot of them that I already knew so that definitely helped.

And then I used flashcards from those definitions to quiz myself on it.

Because I did the work up-front if you don’t want to do that because you don’t have the time or you don’t think writing your own definitions will help you, then check out list of definitions that you can use to quiz yourself and to review.

But if you have the time and patience, I think you will remember them more easily if you do this on your own.

So it’s there if you need it.

#3 – The performance-based questions were a little bit trickier than I thought they would be

I think the main reason is that I got a lot of networking performance-based questions on mine, which again, is not my strong point. But that really helped me to make sure that I focused on adding more networking-based questions in my simulations.

That way you’re not thrown off immediately when the exam starts, unlike me. Because you get those up-front.

I’m also going to mention this a couple of times throughout the course, but if you don’t know the answers to the performance-based questions, mark them for review and come at the end when you’ve knocked out the multiple-choice questions. The last thing you want is to waste a bunch of your time on questions you don’t know, and then you don’t have enough time to answer questions you do know and you rush through it.

#4 – There were more ambiguous questions than I thought there would be for the level of the exam

Again, I’ve taken professional-level AWS certifications that are known for trying to make your head spin by using keywords that completely change the meaning of the question, so I’m used to that kind of testing, and the Sec+ definitely wasn’t at that difficulty level, but they do try to trick you by throwing in specific keywords in some of the questions that completely changes the meaning of the question and therefore the answer.

Focus on what you’re reading and make sure you fully understand the meaning of the question before you respond. Even if you are super confident in your answer as soon as you start reading the question, don’t rush to answer. Take your time — there might be a keyword at the end of the question that changes the meaning of it entirely.

Conclusion

I didn’t add this lesson to make you worried about taking the exam or to make it sound like it’s super hard, because overall it is not a super difficult exam. It can be challenging if you don’t have much IT experience or if you’re not good at memorizing, but scaring you was not my intention with this. Instead, I just wanted to share my experience so that you’re more prepared for the actual exam.

So keep these things in mind as you go through the course and as you go through the practice exams.

With that, let’s move on!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Trying to get to the list of CompTIA acronyms and the link to your site redirects to.a site giving the following error – {“object”:”error”,”status”:400,”code”:”invalid_request_url”,”message”:”Subdomain ‘daisy-jeep-57f’ is invalid for this page, do you have the correct subdomain?”}