Comptia Security+ 701

What are the four categories of Security Controls?

Technical

Managerial

Operational

Physical

Tmop

What are the six control types?

Preventive

Deterrent

Detective

Corrective

Compensating

Directive

Press down down circle circle down

What is a technical control?

Their primary focus is on upholding system integrity, mitigating the risk of unauthorized access, and protecting sensitive data from potential threats

Firewalls and data encryption

Preventive Controls

They focus on eliminating or minimizing potential threats before they can cause harm

Examples: Firewalls, employee training, and quality control checks

Deterrent Controls

controls aim to discourage individuals from engaging in undesirable behaviors or activities.

Examples of these controls include surveillance cameras, warning, and strong passwords and multi-factor authentication

Detective Control

controls are implemented to identify and detect problems or risks that have already occurred.

Examples of these controls include regular financial audits and Security Information and Event Management (SIEM) systems

Corrective Controls

put in place to address problems or risks after they have been identified. They aim to rectify the situation, mitigate the impact, and restore normalcy

Examples of this include implementing a backup and recovery

Compensating Controls

alternative measures implemented when primary controls are not feasible or sufficient. They help offset the limitations or deficiencies of other controls.

Examples of this include requiring additional layers of approval, utilizing a secondary authentication method when the primary method fails or is unavailable, and increasing physical security measures when technical controls are compromised

Directive Controls

involve providing specific instructions or guidelines to ensure compliance with policies, procedures, or regulations

Examples of this include a code of conduct or ethical guidelines, standard operating procedures (SOPs), and regulatory requirements that mandate specific reporting procedures for financial institutions

Managerial Control

They encompass the implementation of policies, procedures, and practices by management to guide and direct the activities of individuals and teams

Examples include: Performance Reviews, Risk Assessments, Code of conduct

Operational Control

the execution of day-to-day activities and processes necessary for delivering goods and services.

Examples: Incident response procedures, Security awareness training, User access management

Physical Control

focusing on the protection of an organization's tangible assets, facilities, and resources.

Examples: access control vestibule, mantraps, biometrics

Non-repudiation

prevents denial of actions, ensuring accountability and reliability in electronic transactions and communications

Through authentication, digital signatures, and audit trails, it safeguards electronic interactions

Data Plane

in cybersecurity this is the operational core responsible for the actual movement and forwarding of data packets within a network. It focuses on executing tasks such as routing, switching, and packet forwarding based on predefined rules and policies.

Implicit Trust zones

This refers to areas within a network or system where certain levels of trust are assumed without explicit verification.

Subjects in a data plane

the entities that initiate data communication

Systems in the data plane

These represent the collective infrastructure, resources, and devices that are responsible for processing and forwarding data packets as they traverse the network

Example: routers, firewalls, switches and load balancers

Demilitarized Zone (DMZ)

an area that is neither fully trusted nor fully untrusted. It's an intermediate zone that allows controlled access to certain services from the external network.

Also known as a screened subnet

Policy enforcement point

allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks

What are the four types of sensors?

Infrared

Pressure

Microwave

Ultrasonic

Infrared

These detect heat signature changes, effectively identifying human or animal presence. They find applications in perimeter protection and indoor security.

Pressure

Sensing changes in pressure from touch or step, these provide reliable indicators of movement, both indoors and outdoors.

microwave

Emitting microwave pulses and detecting frequency alterations caused by moving objects, these sensors excel in diverse security scenarios.

Ultrasonice

Operating with sound waves, ultrasonic sensors "see" around corners or within concealed areas, proving valuable in challenging environments

Impact Analysis

This analysis helps in foreseeing potential security risks and finding ways to address them before they become real problems.

Public Key Infrastructure (PKI)

you gain the ability to issue and manage digital certificates, which serve as virtual credentials that enable secure identification and authentication of users, devices, and servers in various applications.

Issues pairs of public and private keys

Public Key

is designed for widespread dissemination and can be freely shared without compromising security

The role of this is to encrypt data and validate digital signatures.

Format is p7b and the file extension is .cer

Private Key

must be kept confidential and secure to prevent unauthorized access. It is retained and never distributed. Often stored in digital or hardware-based cryptographic devices

The primary function is decryption

Format is p12 and the file extension is .pfx

Key Escrow

a trusted third party responsible for securely storing copies of cryptographic keys. This serves as a safety net in scenarios where the original key holder loses access

Hardware Security Module (HSM)

a specialized hardware device designed to provide robust security measures for the management and protection of cryptographic keys, sensitive data, and cryptographic operations.

They are used to safeguard digital assets, ensure secure key storage, and perform cryptographic operations with a high level of trust and integrity.

asymmetric encryption

there are two keys, the private and the public keys

Examples include RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC)

Symmetric Encryption

employs a single key and block cipher to safeguard vast volumes of data, ensuring both security and expedience.

Examples are:

Data Encryption Standard (DES—56 bit), the Triple Data Encryption Standard (3DES—168 bit), and the more popular Advanced Encryption Standard (AES—256 bit)

Key Exchange

securely delivering cryptographic keys from sender to receiver.

Algorithms

transform plaintext into a jumble of characters (ciphertext)

Key Length

the measure of their resistance against attacks

The longer the more resistance

What is obfuscation and where is it used often?

deliberately making code, data, or information more complex and difficult to understand.

This technique is often used in software development to deter reverse-engineering attempts and protect intellectual property

Steganorgraphy

Hiding data inside images or audio files

Tokenization

transforming sensitive data into unique tokens that hold no inherent value

Data Masking

disguising sensitive data by replacing original values with fictitious ones

Key stretching

a cryptographic technique designed to transform a password into a longer, more complex key

Block chain

data batches that are distributed across countless computers,

Open Public ledger

a digital record of all transactions that have ever occurred within the blockchain network

What are the six benefits to an open public ledger?

Decentralization

Security

Transaction recording

Consensus mechanisms

Immutable and chronological

Transparency:

What are the two types of certificate authorities?

online are in real time and offline prioritize security by working in isolated environments

Certificate Revocation List (CRL)

These lists contain the serial numbers of certificates that have been revoked, compromised, or expired. CAs maintain these and publish them regularly

Online Certificate Status Protocol (OCSP)

enables real-time certificate validation by allowing systems to query the CA's server directly

What are the five types of certificate authorities?

Self signed

Third party

Root of trust

Certificate signing requests

wildcard

Self-signed

is a digital certificate that is generated and signed by the same entity it is issued to

Root of trust

the starting point of trust in a PKI, which is a self-signed certificate that acts as the anchor for the entire certificate chain

Third party

Are like online IDS

these certificates are recognized globally, like self-signed certificates, making them trustworthy

Certificate Signing Request (CSR)

When an individual or organization seeks to obtain a digital certificate from a trusted CA

Wildcard

A single certificate can be installed on multiple servers within the same domain, thereby reducing the cost of purchasing multiple certificates

What are the seven forms of encryption?

Level

Full-disk

Partition

File

Volume

Database

Record

Level (encryption)

The scope or layer at which encryption is applied

Full Disk Encryption (FDE)

a robust security measure designed to protect the data stored on a computer's hard drive or Solid-State Drive (SSD)

Partition (encryption)

Encrypts a single partition

File (encryption)

Encrypts individual files

Volume (encryption)

Encrypts selected files or directories

Database (encryption)

An encryption method that targets databases and the data they contain, rather than individual files or whole disks.

Record (encryption)

technique by encrypting discrete records within databases or other data repositories

What are the four types of segementation?

Physical

Virtual Local Area Network

Subnetting

Micro-segmentation

Physical Segementation

This method separates a network into smaller segments using routers, switches, and firewalls. It's like building different rooms within a fortress, each with a unique access control.

Ideal for large organizations

Virtual Local Area Network (VLAN)

create logical network segments within a single switch.

commonly used to group devices based on function or department, reducing broadcast traffic and enhancing network efficiency.

Subnetting

The act of dividing a network into smaller logical subnetworks.

Micro-segmentation

applying security policies to individual workloads or devices.

What are the four methods of configuration enforcement?

Standardization

Vulnerability mitigation

Compliance adherence

Automation

SVCA

Standarization

these baselines are used to establish a consistent set of security configurations across an organization's devices, software, and systems.

Vulnerability mitigation

The steps to reduce or eliminate the vulnerabilities

Compliance adherence

Configuration enforcement helps organizations achieve and maintain compliance, thus avoiding costly fines and reputational damage.

Automation

enabling real-time detection and rectification of deviations from security policies.

Isolation

the practice of creating secure, self-contained environments within an enterprise's network. Its purpose is to confine critical systems or sensitive data.

can also be used to control a malware attack

Patching

Regular updates and fixes

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Security Information and Event Management (SIEM)

Operates in real time, centralizing and correlating logs from servers and network devices and capturing network traffic.

Provides reports of threats to security center.

Security orchestration, automation, and response (SOAR)

Works in real time to tackle threats. Users AI and ML algorithms, with their capacity to decipher patterns, detect anomalies, and make data-driven decisions at lightning speed.

Has playbooks of predefined auctions in response to incidents.

Endpoint Detection and Response (EDR)

A real-time solution that uses AI and ML technologies as part of their capabilities. It is specifically crafted to oversee, identify, and react to security incidents and potential threats throughout an organizations infrastructure and network endpoints like computers, servers, and mobile devices

Host-based intrusion prevention system (HIPS)

A security solution designed to protect individual computer systems or hosts from unauthorized access, malicious activities, and cyber threats.

Host-based firewall

Software firewalls that run on individual devices. They monitor and control incoming and outgoing network traffic at the device level

What are the four different types of Cloud models?

Public

Private

Community

Hybrid

Logical segmentation

refers to dividing the network into smaller parts. This division is based on logical rather than physical boundaries.

Software Defined Networking (SDN)

fine-grained control over network traffic by enabling dynamic security policies and can respond to security threats in real time by isolating compromised segments of the network when an attack is detected.

Three major planes to it:

Management Plane - monitors traffic

Control plane - makes high level decisions

Data Plane - consists of network devices and forward data packets based on instructions from control plane.

Network Infrastructure

a mixture of networking devices, protocols, and routing packets that all work together in an interconnected environment

Ex: OSI Model

Physical Isolation

an isolated computer or standalone system that isn't connected to any external networks or the internet.

Air-gapped network

no devices within that network have cable or wireless connections from which data might be stolen.

Tunneling

a networking technique used to secure and encrypt data as it travels over potentially untrusted networks, ensuring the privacy, integrity, and safe passage of information

Platform Diversity

Implementing diverse technologies for resilience

Multi-cloud systems

Leveraging multiple cloud providers for redundancy

Continuity of Operations Plan (COOP)

a comprehensive strategy that enables organizations to continue essential functions and services during and after disruptive events

aims to build resilience into an organization's infrastructure, systems, and processes. This includes redundancy in critical systems, data backups, and alternate communication methods. The goal is to reduce single points of failure

Site survey

a comprehensive analysis of the environment, which includes identification of sources of interference, such as load-bearing walls, cordless phones, microwaves, elevators, metal frames, metal doors, and radio waves

Heat map

By visually pinpointing areas with subpar coverage on the map, administrators can efficiently identify potential issues, including malfunctioning WAPs, which may be the root cause of the problem

Security Content Automation Protocol (SCAP)

a framework that enables compatible vulnerability scanners to see whether a computer adheres to a predefined configuration baseline.

Open Vulnerability and Assessment Language (OVAL

This is an XML-based schema designed to describe the security state of a system and query information related to vulnerabilities.

Extensible Configuration Checklist Description Format (XCCDF)

XML schema, is utilized to create and audit best practice configuration checklists and rules.

when do you use a host based firewall?

Ideal for safeguarding personal devices; it operates right on your desktop

network based firewall

Perfect for protecting the borders of your network, ensuring unauthorized access is prevented

stateless firewall

Best suited when you need to inspect application traffic and permit or block based on application behavior, a stateful firewall knows the size and format of each type of network packet.

stateful firewall

Use when you want to keep things straightforward, such as allowing or blocking packets without a deep-level analysis of the data in the packets

web application firewall

Essential when you need to protect your web applications from online threats

Unified Threat Management Firewall (UTM)

The go-to when you need an all-in-one security solution

Next-Generation Firewall (NGFW)

Your choice for advanced protection, with intrusion prevention capabilities in both on-premise and cloud environments