4.0 CompTIA Security+ (SY0-701) Security Operations

Secure baselines

Establishing, deploying, and maintaining hardened targets to ensure a secure starting point for systems

Hardening targets

Securing various types of devices, including mobile devices, workstations, switches, routers, cloud infrastructure, servers, ICS/SCADA, embedded systems, real-time operating systems (RTOS), and Internet of Things (IoT) devices

Wireless devices

Devices that connect wirelessly, such as mobile devices, laptops, and IoT devices

Installation considerations

Factors to consider when installing wireless devices, including performing site surveys and creating heat maps to optimize coverage and minimize interference

Mobile device management (MDM)

A system used to manage and secure mobile devices within an organization, including device provisioning, configuration, and monitoring

Deployment models

Different models for deploying mobile devices, including bring your own device (BYOD), corporate-owned personally enabled (COPE), and choose your own device (CYOD)

Connection methods

Different methods for connecting wireless devices, including cellular networks, Wi-Fi, and Bluetooth

Wireless security settings

Settings and protocols used to secure wireless networks, such as Wi-Fi Protected Access 3 (WPA3), Remote Authentication Dial-In User Service (RADIUS), cryptographic protocols, and authentication protocols

Application security

Protecting applications from vulnerabilities, including input validation, secure cookies, static code analysis, and code signing

Sandboxing

Isolating applications to prevent them from accessing sensitive resources or compromising the system

Monitoring

Continuous monitoring of systems and networks for security threats and anomalies

Acquisition Process

The process of obtaining assets for an organization.

Assignment Process

The process of assigning ownership and classifying assets.

Monitoring Process

The process of tracking and managing inventory of assets.

Inventory

A detailed list of all assets owned by an organization.

Enumeration Process

The process of counting and recording the number of assets.

Disposal Process

The process of getting rid of assets that are no longer needed.

Sanitization Process

The process of removing sensitive data from assets before disposal.

Destruction Process

The process of physically destroying assets to prevent recovery of data.

Certification Process

The process of verifying that assets have been properly disposed of.

Data Retention

The process of storing and managing data for a specified period of time.

Identification methods

Techniques used to identify vulnerabilities in a system

Vulnerability scan

Process of scanning a system to identify potential vulnerabilities

Application security

Measures taken to secure applications from vulnerabilities

Static analysis

Analyzing an application's source code without executing it to identify vulnerabilities

Dynamic analysis

Analyzing an application's behavior during runtime to identify vulnerabilities

Package monitoring

Monitoring software packages for vulnerabilities

Threat feed

Source of information about current threats and vulnerabilities

Open-source intelligence (OSINT)

Gathering information from publicly available sources to identify vulnerabilities

Proprietary/third-party

Information obtained from private or external sources to identify vulnerabilities

Information-sharing organization

Group that facilitates the sharing of cybersecurity information

Dark web

Part of the internet not indexed by search engines, often used for illegal activities

Penetration testing

Simulated attack on a system to identify vulnerabilities

Responsible disclosure program

Program that encourages reporting of vulnerabilities to the system owner

Bug bounty program

Program that rewards individuals for finding and reporting vulnerabilities

System/process audit

Examination of a system/process to assess compliance and effectiveness

Analysis

Process of examining vulnerabilities and assessing their impact

Confirmation

Validating whether a vulnerability is real or not

False positive

Incorrectly identifying a non-existent vulnerability

False negative

Failing to identify an actual vulnerability

Prioritize

Ranking vulnerabilities based on their severity and potential impact

Common Vulnerability Scoring System (CVSS)

Standardized system for assessing the severity of vulnerabilities

Common Vulnerability Enumeration (CVE)

Standardized naming scheme for vulnerabilities

Vulnerability classification

Categorizing vulnerabilities based on their characteristics

Exposure factor

Measure of the potential impact of a vulnerability

Environmental variables

Factors that influence the impact of a vulnerability in a specific environment

Industry/organizational impact

Assessing the impact of vulnerabilities on specific industries or organizations

Risk tolerance

An organization's willingness to accept or mitigate risks

Vulnerability response and remediation

Actions taken to address and fix vulnerabilities

Patching

Applying updates or fixes to software to address vulnerabilities

Insurance

Coverage to mitigate financial losses due to cybersecurity incidents

Segmentation

Dividing a network into smaller segments to contain potential attacks

Compensating controls

Alternate security measures implemented to mitigate vulnerabilities

Exceptions and exemptions

Allowances made for specific cases where vulnerabilities cannot be immediately addressed

Validation of remediation

Process of verifying that vulnerabilities have been successfully addressed

Rescanning

Performing another vulnerability scan after remediation

Audit

Examination of systems/processes to ensure compliance and effectiveness

Verification

Confirming that vulnerabilities have been fixed and are no longer present

Reporting

Documenting and communicating the findings and actions taken

Monitoring computing resources

The process of tracking and observing computer systems, applications, and infrastructure to ensure their optimal performance, security, and availability.

Log aggregation

The practice of collecting and consolidating log data from various sources, such as servers, applications, and network devices, to gain a comprehensive view of system activities and troubleshoot issues.

Alerting

The act of notifying users or administrators about potential issues or threats detected by monitoring systems, enabling timely response and mitigation.

Scanning

The process of examining computer systems or networks to identify vulnerabilities, security weaknesses, or potential risks that may compromise their integrity or confidentiality.

Reporting

The generation and presentation of information about the status or performance of computing resources, providing insights for decision-making, troubleshooting, and compliance purposes.

Archiving

The practice of storing data for long-term retention and future reference, ensuring its availability and integrity for compliance, analysis, or historical purposes.

Alert response and remediation/validation

The process of taking immediate action to address and resolve identified alerts, followed by validation to ensure the effectiveness of the response and mitigate potential risks.

Quarantine

The act of isolating potentially compromised systems or resources to prevent further harm, containing the impact of security incidents and facilitating investigation and remediation.

Alert tuning

The adjustment of alert settings to reduce false positives or improve detection accuracy, optimizing the monitoring system's ability to identify genuine threats and minimize unnecessary notifications.

Security Content Automation Protocol (SCAP)

A set of standards and specifications for automating security-related tasks, including vulnerability management, configuration assessment, and compliance checking.

Benchmarks

Reference points or standards used to evaluate and measure system performance or security, providing a basis for comparison, optimization, and adherence to industry best practices.

Agents/agentless

Software agents or methods that collect and transmit data for monitoring purposes, or monitoring without the need for dedicated agents, respectively.

Security information and event management (SIEM)

A system that collects and analyzes security event data from various sources, enabling real-time threat detection, incident response, and compliance monitoring.

Antivirus

Software designed to detect, prevent, and remove malicious software, protecting computer systems and data from viruses, worms, trojans, and other types of malware.

Data loss prevention (DLP)

Technologies and strategies aimed at preventing unauthorized access or leakage of sensitive data, ensuring its confidentiality, integrity, and availability.

Simple Network Management Protocol (SNMP) traps

Notifications sent by network devices to a central management system for monitoring and troubleshooting, providing information about network events, performance, and errors.

NetFlow

A network protocol used for monitoring and collecting IP traffic information, enabling network administrators to analyze and optimize network performance, detect anomalies, and troubleshoot issues.

Vulnerability scanners

Tools that identify and assess vulnerabilities in computer systems or networks, helping organizations proactively address security risks and strengthen their overall security posture.

Firewall

A security device that monitors and controls network traffic based on predetermined rules.

Access lists

Lists of rules that determine network traffic permissions.

Ports/protocols

Specific communication endpoints and rules for transmitting data between devices.

Screened subnets

A network architecture that separates and protects internal networks from external networks using firewalls.

IDS/IPS

Intrusion Detection System/Intrusion Prevention System - Security systems that monitor network traffic for suspicious activity and prevent attacks.

Trends

Patterns in network security threats and attacks.

Signatures

Patterns of known malicious activity used by IDS/IPS systems to identify and block threats.

Web filter

A security tool that blocks or filters web content based on predefined rules or categories.

Agent-based

A type of web filter that requires software installation on devices to enforce web filtering policies.

Centralized proxy

A server that acts as an intermediary between client devices and the internet, providing web filtering and caching.

URL scanning

The process of analyzing URLs to determine if they are safe or malicious.

Content categorization

The classification of web content into categories based on its nature or purpose.

Block rules

Rules that prevent access to specific websites or web content.

Reputation

A measure of the trustworthiness or reliability of a website or IP address based on historical data.

Operating system security

Measures and practices to protect the operating system of a computer or device from unauthorized access or attacks.

Group Policy

A feature in Windows operating systems that allows administrators to manage and enforce security settings across a network.

SELinux

Security-Enhanced Linux - A security framework for Linux that provides access control and mandatory access control policies.

Secure protocols

Configuring and using communication protocols to protect data during transmission.

Protocol selection

Choosing the appropriate network protocol based on security requirements and compatibility.

Port selection

Choosing specific network ports for communication based on security and functionality needs.

Transport method

The method used to transmit data between devices, such as wired or wireless communication.

DNS filtering

Blocking or allowing access to websites or domains based on DNS queries.

Email security

Measures and protocols to protect email communication from unauthorized access or malicious content.