COMPTIA SECURITY + 701 Section 4.0

Secure Baselines

(4.1 Apply Common Security Techniques to computing resources) Organizations use this to provide known starting points for systems. Improve the overall security posture of systems.

Three steps of baselines

(4.1 Apply Common Security Techniques to computing resources) Establish an initial baseline configuration - Deploy the baseline - Maintain the baseline

Mobile Devices

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Workstations

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Switches

(4.1 Apply Common Security Techniques to computing resources) Chapter 3

Routers

(4.1 Apply Common Security Techniques to computing resources) Chapter 3

Cloud Infrastructure

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Servers

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

ICS (Industrial Control System)

(4.1 Apply Common Security Techniques to computing resources) Systems within large facilities such as power plants or water treatment facilities.

SCADA (Supervisory Control and data acquisition)

(4.1 Apply Common Security Techniques to computing resources) Controls an ICS by monitoring it and sending it commands.

Embedded Systems

(4.1 Apply Common Security Techniques to computing resources) Any device that has a dedicated function and uses a computer system to perform the function.

RTOS (Real Time Operation System)

(4.1 Apply Common Security Techniques to computing resources) A specialized operating system designed for embedded systems that require precise timing and deterministic behavior.

IoT (Internet of Things) devices

(4.1 Apply Common Security Techniques to computing resources) A wide assortment of technologies that interact with the physical world. Commonly have embedded systems and typically connect to a central device or app and communicate via the internet, Bluetooth, or other wireless technologies.

Wireless Devices

(4.1 Apply Common Security Techniques to computing resources) Chapter 4

Installation considerations

(4.1 Apply Common Security Techniques to computing resources) Chapter 4

Site Surveys

(4.1 Apply Common Security Techniques to computing resources) Examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.

Heat Maps

(4.1 Apply Common Security Techniques to computing resources) Give color-coded representation of wireless signals.

Mobile Device Management (MDM)

(4.1 Apply Common Security Techniques to computing resources) Includes the technologies to manage mobile devices. Goal is to ensure these devices have security controls in place to keep them secure.

Deployment Models

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Bring your own device (BYOD)

(4.1 Apply Common Security Techniques to computing resources) Allows employees to connect their personal devices to the corporate network.

Corporate-owned, personally enabled (COPE)

(4.1 Apply Common Security Techniques to computing resources) Devices are owned by the organization, but employees can use them for personal reasons.

Choose your own device (CYOD)

(4.1 Apply Common Security Techniques to computing resources) Includes a list of approved devices that employees can purchase and connect to the network.

Connection Methods

(4.1 Apply Common Security Techniques to computing resources) Cellular, Wi-Fi, Bluetooth

Wi-Fi Protected Access Chapter 3 (WPA3)

(4.1 Apply Common Security Techniques to computing resources) Devices are now widely available on many enterprise wireless networks.

AAA/Remote Authentication Dial-In User Service (RADIUS)

(4.1 Apply Common Security Techniques to computing resources) Only encrypts the password by default but can be used with EAP to encrypt entire sessions.

Application Security

(4.1 Apply Common Security Techniques to computing resources) Chapter 7

Input Validation

(4.1 Apply Common Security Techniques to computing resources) Practice of checking data for validity before using it. Prevents an attacker from sending malicious code that an application will use by either sanitizing the input to remove malicious code or rejecting the input.

Secure Cookies

(4.1 Apply Common Security Techniques to computing resources) Cookie that has the secure attribute set. Secure attribute ensures that the cookie is only transmitted over secure, encrypted channels, such as HTTPS.

Static Code Analysis

(4.1 Apply Common Security Techniques to computing resources) Examines the code without executing it. Developer goes through the code line by line to discover vulnerabilities.

Code Signing

(4.1 Apply Common Security Techniques to computing resources) 1. The certificate identifies the author. 2. The hash verifies the code has not been modified. If malware changes the code, the hash no longer matches, alerting the user that the code has been modified.

Sandboxing

(4.1 Apply Common Security Techniques to computing resources) Used to test applications within an isolated area specifically created for testing.

Monitoring

(4.1 Apply Common Security Techniques to computing resources) Chapter 7 (362)

Acquisition/Procurement Process

(4.2 Security implications of proper hardware, software, and data asset management) Provides consistent procedures for identifying the need for new assets, evaluating the possible options for security, financial, and business requirements, and effectively onboarding and managing new vendors.

Assignment/Accounting

(4.2 Security implications of proper hardware, software, and data asset management) Assigns each asset to a named owner who bears responsibility for the asset and a classification system that identifies the sensitivity and criticality of each asset to the organization.

Monitoring/asset tracking

(4.2 Security implications of proper hardware, software, and data asset management) Maintains an inventory of all of the assets owned by the organization and their current location. It also benefits from periodic enumeration of assets, where auditors review the assets owned by the organization and update the inventory.

Disposal/decommissioning

(4.2 Security implications of proper hardware, software, and data asset management) Chapter 11

Sanitization

(4.2 Security implications of proper hardware, software, and data asset management) Ensure that data is removed or destroyed from any devices before disposing of the devices.

Destruction

(4.2 Security implications of proper hardware, software, and data asset management) Chapter 11

Certification

(4.2 Security implications of proper hardware, software, and data asset management) Certificate of Destruction (COD) that the destruction was properly carried out.

Data Retention

(4.2 Security implications of proper hardware, software, and data asset management) Identifies how long data is retained, and sometimes specifies where it is stored.

Vulnerability Scan

(4.3 Various activities associated with vulnerability Management) Chapter 8

Application Security

4.3 Various activities associated with vulnerability Management) Chapter 11

Static Analysis

4.3 Various activities associated with vulnerability Management) Chapter 11

Dynamic Analysis

4.3 Various activities associated with vulnerability Management) Chapter 11

Package Monitoring

4.3 Various activities associated with vulnerability Management) Chapter 11

Open-Source Intelligence (OSINT)

(4.3 Various activities associated with vulnerability Management) Includes any information that is available to the general public, such as via websites and social media.

Proprietary/Third-party

(4.3 Various activities associated with vulnerability Management) Trade Secrets such as intellectual property

Information-sharing Organization

4.3 Various activities associated with vulnerability Management) Chapter 6

Dark Web

4.3 Various activities associated with vulnerability Management) Chapter 6

Penetration Testing

4.3 Various activities associated with vulnerability Management) Actively assesses deployed security controls within a system or network.

Responsible Disclosure (RD) Program

(4.3 Various activities associated with Vulnerability Management) The goal is to address security issues before they are exploited by attackers, improving overall security for everyone. Involve a coordinated process for reporting vulnerabilities to the appropriate parties, such as vendors, developers, or security teams. Includes guidelines for reporting vulnerabilities, a point of contact for reporting, and expectations for the timeline of the response and resolution. When vulnerabilities are reported, the organization receiving the report is expected to investigate and, if necessary, take appropriate steps to address the issue.

Bug Bounty Program

(4.3 Various activities associated with vulnerability Management) Type of responsible disclosure program that incentivizes individuals or organizations to report vulnerabilities by offering monetary or other rewards for valid submissions. Can be run by organizations to encourage external researchers or open to the public, while others are by invitation only.

System/Process Audit

(4.3 Various activities associated with vulnerability Management) Chapter 8 (Page 412)

Analysis

(4.3 Various activities associated with vulnerability Management) Chapter 8

Confirmation

(4.3 Various activities associated with vulnerability Management) Chapter 8

False Positive

(4.3 Various activities associated with vulnerability Management) A vulnerability scanner incorrectly reports that a vulnerability exists, but the vulnerability does not exist on the scanned system.

False Negative

(4.3 Various activities associated with vulnerability Management) A vulnerability exists, but the scanner doesn’t detect it and doesn’t report the vulnerability.

Prioritize

(4.3 Various activities associated with vulnerability Management) Chapter 8

Common Vulnerability Scoring System (CVSS)

(4.3 Various activities associated with Vulnerability Management) Assesses vulnerabilities and assigns severity scores from 0 to 10, with 10 being the most severe. Helps security professionals prioritize their work in mitigating known vulnerabilities.

Common Vulnerability Enumeration (CVE)

(4.3 Various activities associated with vulnerability Management) A dictionary of publicly known security vulnerabilities and exposures.

Vulnerability Classification

(4.3 Various activities associated with vulnerability Management) Chapter 8

Exposure Factor

(4.3 Various activities associated with vulnerability Management) Chapter 8

Environmental Variables

(4.3 Various activities associated with vulnerability Management) Chapter 8

Industry/organizational impact

(4.3 Various activities associated with vulnerability Management) Chapter 8

Risk Tolerance

(4.3 Various activities associated with vulnerability Management) The organization’s ability to withstand risk.

Vulnerability Response and Remediation

(4.3 Various activities associated with vulnerability Management) Chapter 8

Patching

(4.3 Various activities associated with vulnerability Management) Updating the correct vulnerabilities and other flaws in the applicaiton.

Insurance

(4.3 Various activities associated with vulnerability Management) Chapter 8

Segmentation

(4.3 Various activities associated with vulnerability Management) Chapter 8

Compensating Controls

(4.3 Various activities associated with vulnerability Management) Secondary security control that prevents the vulnerability from being exploited.

Exceptions and Exemptions

(4.3 Various activities associated with vulnerability Management) Chapter 8

Validation of Remediation

(4.3 Various activities associated with vulnerability Management) Chapter 8

Rescanning

(4.3 Various activities associated with vulnerability Management) Chapter 8

Audit

(4.3 Various activities associated with vulnerability Management) A formal evaluation of an organization’s policies, procedures, and operations.

Verification

(4.3 Various activities associated with vulnerability Management) Chapter 8

Reporting

(4.3 Various activities associated with vulnerability Management) Chapter 8

Systems

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Applications

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Infrastructure

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Activities

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Log Aggregation

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Alerting

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Scanning

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Reporting

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Archiving

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Alert Response and remediation/validation

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 4

Quarantine

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 4

Alert Tuning

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Security Content Automation Protocol (SCAP)

(4.4 Alerting and Monitoring Concepts and Tools) Designed to help facilitate communication between vulnerability scanners and other security and management tools.

Benchmarks

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 8

Agent NAC

(4.4 Alerting and Monitoring Concepts and Tools) Can be either permanent or dissolvable. A permanent is installed on the client and stays on the client. NAC uses the agent when the client attempts to log on remotely. A dissolvable is downloaded and runs on the client when the client logs on remotely. It collects the information it needs, identifies the client as healthy or not healthy, and reports the status back to the NAC System.

Agentless NAC

(4.4 Alerting and Monitoring Concepts and Tools) Scans a client remotely without installing code on the client, either permanently or temporarily.

Security Information and event management (SIEM)

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Antivirus

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 5

Data Loss Prevention (DLP)

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 5

Simple Network Management Protocol (SNMP)

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 3

NetFlow

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 8

Vulnerability Scanners

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 8

Firewall

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Rules

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3