CompTIA Security+ (SY0-701) Cert Prep: 4 Security Operations

Get the detailed information you need to prepare for the Security Operations domain of the CompTIA Security+ exam, version SY0-701.

Introduction

• Security operations
• Study resources

1. Data Security Controls

• Developing security baselines
• Leveraging industry standards
• Customizing security standards

2. Host Security

• Operating system security
• Malware prevention
• Application management
• Host-based network security controls
• File integrity monitoring
• Data loss prevention
• Data encryption
• Hardware and firmware security
• Linux file permissions
• Web content filtering

3. Configuration Enforcement

• Change management
• Configuration management
• Physical asset management
• Disposal and decommissioning

4. Mobile Device Security

• Mobile connection methods
• Mobile device security
• Mobile device management
• Mobile device tracking
• Mobile application security
• Mobile security enforcement
• Bring your own device (BYOD)
• Mobile deployment models

5. Wireless Networking

• Understanding wireless networking
• Wireless encryption
• Wireless authentication
• RADIUS
• Wireless signal propagation
• Wireless networking equipment

6. Code Security

• Code review
• Software testing
• Code security tests
• Fuzz testing
• Acquired software
• Package monitoring

7. Threat Intelligence

• Threat intelligence
• Intelligence sharing
• Threat hunting

8. Vulnerability Management

• What is vulnerability management?
• Identify scan targets
• Scan configuration
• Scan perspective
• Security Content Automation Protocol (SCAP)
• Common Vulnerability Scoring System (CVSS )
• Analyzing scan reports
• Correlating scan results
• Vulnerability response and remediation

9. Penetration Testing and Exercises

• Penetration testing
• Responsible disclosure
• Bug bounty

10. Security Alerting, Monitoring, and Automation

• Logging security information
• Security information and event management
• Monitoring activities
• Endpoint monitoring
• Automation and orchestration

11. Secure Protocols

• TLS and SSL
• IPSec
• Securing common protocols
• DKIM, DMARC, and SPF
• Email gateways

12. Identification

• Identification, authentication, authorization, and accounting
• Usernames and access cards
• Biometrics
• Registration and identity proofing

13. Authentication

• Authentication factors
• Multifactor authentication
• Something you have
• Password policy
• Password managers
• Passwordless authentication
• Single sign-on and federation
• Kerberos and LDAP
• SAML
• OAUTH and OpenID Connect
• Certificate-based authentication

14. Authorization

• Understanding authorization
• Mandatory access controls
• Discretionary access controls
• Access control lists
• Advanced authorization concepts

15. Account Management

• Understanding account and privilege management
• Privileged access management
• Provisioning and deprovisioning

16. Incident Response

• Build an incident response program
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Post-incident activities
• Incident response training and testing

17. Digital Forensics

• Introduction to forensics
• System and file forensics
• Chain of custody
• E-discovery and evidence production
• Investigation data sources

Conclusion

• Continuing your studies