Show Menu
Cheatography

Security+ 601 Exam Cheat Sheet by

Comptia Security+ 601 Exam Cheatsheet

Acronyms

3DES
AAA
ABAC
ACL
AD
AES
AES256
AH
AI
AIS
ALE
AP
API
APT
ARO
ARP
ASLR
ASP
ATT&CK
AUP
AV
BASH
BCP
BGP
BIA
BIOS
BPA
BPDU
BSSID
BYOD
CA
CAPTCHA
CAR
CASB
CBC
CASB
CBT
CCMP
CCTV
CERT
CFB
CHAP
CIO
CIRT
CIS
CMS
CN
COOP
COPE
CP
CRC
CRL
CSA
CSIRT
CSO
CSP
CSR
CSRF
CSU
CTM
CTO
CVE
CVSS
CYOD
DAC
DBA
DDoS
DEP
DER
DES
DHCP
DHE
DKIM
DLL
DLP
DMARC
DNT
DNS
DNSSEC
DoS
DPO
DRP
DSA
DSL
EAP
ECB
ECC
ECDHE
ECDSA
EDR
EFS
EIP
EOL
EOS
ERP
ESN
ESP
ESSID
FACL
FDE
FIM
FPGA
FRR
FTP
FTPS
GCM
GDPR
GPG
GPO
GPS
GPU
GRE
HA
HDD
HIDS
HIPS
HMAC
HOTP
HSM
HSMaaS
HTML
HTTP
HTTPS
HVAC
IaaS
IAM
ICMP
ICS
IDEA
IDF
IdP
IDS
IPS
IEEE
IKE
IM
IMAP4
IoC
IoT
IP
IPS
IPSec
IR
IRC
IRP
ISA
ISFW
ISO
ISP
ISSO
ITCP
IV
KDC
KEK
L2TP
LAN
LDAP
LEAP
MaaS
MAC
MAM
MAN
MBR
MD5
MDF
MDM
MFA
MFD
MFP
ML
MMS
MOA
MOU
MPLS
MSA
MS-CHAP
MSP
MSSP
MTBF
MTTF
MTTR
MTU
NAC
NAT
NDA
NFC
NFV
NGFW
NG-SWG
NIC
NIDS
NIPS
NIST
NOC
NTFS
NTLM
NTP
OCSP
OID
OS
OAI
OSINT
OSPF
OT
OTA
OTG
OVAL
OWASP
P12
P2P
PaaS
PAC
PAM
PAP
PAT
PBKDF2
PBX
PCAP
PCI DSS
PDU
PE
PEAP
PED
PEM
PFS
PGP
PHI
PII
PIN
PIV
PKCS
PKI
PoC
POP
POTS
PPP
PPTP
PSK
PTZ
PUP
QA
QoS
RA
RAD
RADIUS
RAID
RAM
RAS
RAT
RC4
RCS
RFC
RFID
RIPEMD
ROI
RPO
RSA
RTBH
RTO
RTOS
RTP
S/MIME
SaaS
SAE
SAML
SCADA
SCAP
SCEP
SDK
SDLC
SDLM
SDN
SDP
SDV
SED
SEH
SFTP
SHA
SIEM
SIM
SIP
SLA
SLE
SMB
SMS
SMTP/S
SNMP
SOAP
SOAR
SoC
SOC
SPF
SPIM
SQL
SQLi
SRTP
SSD
SSH
SSID
SSL
SSO
STIX
STP
SWG
TACACS+
TGT
TKIP
TLS
TOTP
TPM
TSIG
TTP
UAT
UDP
UEBA
UEFI
UEM
UPS
URI
URL
USB
USB OTG
UTM
UTP
VBA
VDE
VDI
VLAN
VLSM
VM
VoIP
VPC
VPN
VTC
WAF
WAP
WEP
WIDS
WIPS
WORM
WPA
WPS
XaaS
XSRF

POST EXAM BRAIN DUMP

PBQs
Know how to configure a RADIUS server, WiFi server, and a client machine with PKI, WPA2 and current best security practices
Be familiar with the linux kernel and how to identify how attacks are taken out on there
what security measures can be taken ons pecific network devices to enhance security
What tech can be applied to different network devices (web server, database, domain contro­ller))
Review attack types and their indicators
General
Port numbers and their protocols, only common ones are mentioned and just review them. It can make some of the other questions easier as well.
different methods of "­pre­ven­tat­ive­" and the like, what physical security measures are the most effective
differ­ences between SOAR and SIEM, Other acronyms to review: CVSS,LDAP, SPI, SoC, API
CASB, other cloud computing concepts (what it takes to move an organi­zation to the cloud, availi­bility, BCP, edge and fog comput­ing))
review linux kernel for directory traver­sals, CSFR,
Tip: when taking the exam, flag questions that are worded weirdly and go back to them later and try to rewrite the question yourself. This is what I had to do for like 8 questions
Best crypto­graphy practices and types to use based on specific scenarios, understand how PKI and PSK works, Tokeni­zation vs hashes
Tip: most "­sce­nar­ios­" seemed to start with "­_____ works at _____ organi­zation and is updati­ng/­rem­ovi­ng/­har­den­ing­", so famili­arize yourself with business related terms
Review GDPR, ISO, NIST, the diamond intrustion analysis method, and Diffe
Best practices for implem­enting secure work from home networks and remote desktop accessing
My final score was 759 the second time I took it, 723 the first
DISCLAIMER: This is not a word for word descri­ption of the exam and every exam is different
Braind­ump­s.com This website has some "very very simila­r" questions as to what I had on this exam

Exam Objectives

Attacks, Threats, and Vulner­abi­lities (24%)
1.1-1.8
Archit­echture (21%)
2.1-2.8
Implem­ent­ation (25%)
3.1-3.9
Operations and Incident Response (16%)
4.1-4.5
Govern­ance, Risk, and Compliance (14%)
5.1-5.6
36 Objective Tasks, each with various subsec­tions.

1.1 SE Attacks

Phishing
a way to trick people into giving up sensitive info, usually through fake links. prevent with email
filtering
Smishing
Vishing
Spam/SPIM
Spear phishing
Whaling
Prepending
Reconn­ais­sance
Watering Hole Attack
Influence Campaigns
Reasons of Effect­­iv­eness
authority, intimi­­da­tion, consensus, scarcity, famili­­arity, trust, urgency
Terms without Defini­­tions
dumpster diving, shoulder surfing, pharming, tailga­­ting, eliciting inform­­ation, identity fraud, invoice scams, credential harves­­ting, impers­­on­a­tion, hoax, typo squatting, pretex­­ting,

1.2 Analyze Attack Indicators

Malware
Ransomware
 
Trojan
 
Worm
 
PUPs
 
Logic Bomb
 
RAT
 
Rootkit
 
crypto­malware
Pass Attacks
spraying
 
dictionary
 
brute force
online v offline
 
Rainbow Table
Physical
skimming
AI
Training Data
Crypto­graphic
birthday
 
collision
 
downgrade
Cloud-­based v. on prem
Terms w/o Defini­tions
Malware: fileless virus, command and control, bots, spyware, keylog­gers, backdoor
Password Attacks: plain text, unencr­ypted
Physical Attacks: USB, malicious flash drive, card cloning

1.3 Indicators of App Attacks

Privilege Escalation
XSS
Injections
Pointe­r/o­bject Derefe­rence
Buffer Overflows
Error Handling
Race Conditions
Imprope Input Handling
Replay Attack
Integer Overflow
Request Forgeries
API Attacks
SSL Stripping
Driver Manipu­lation
Pass the Hash
Terms w/o Defini­tions
resource exhaus­tion, memory leak

1.4 Network Attacks

Wireless
Evil Twin
 
Rougue Access Point
 
Bluesn­arfing
 
Blueja­cking
 
Disass­oci­ation
 
RFID
 
NFC
 
IV
On-path
Layer 2
ARP poisoning
 
MAC poisoning
DNS Poisoning
DDoS
OT, Network, App
Malicious Code
VBA
 
PS, Python, Bash
 
Macros
Terms w/o Definition
MAC cloning, domain hijacking, URL redire­ction, domain reputation

1.5 Threat Vectors

Actors and Threats
APT
 
Auth Hackers
 
Unauth Hackers
 
Semi-auth
 
Shadow IT
Attributes of Actors
Internal or external threats, level of experi­enc­e/c­apa­bility, resources, funding, intent
Vectors
Direct access, wireless, email, supply chain, social media, cloud, removable media
Threat Intel Sources
OSINT
 
Propri­etary
 
CVE Databases
 
AIS
Research Sources
Confer­ences, academic journals, RFC, local industry, social media, threat feeds
 
TTP
Terms w/o Defini­tions
insider threats, state actors, hackti­vists, script kiddies, criminal syndicates
dark web, IoC, sharing centers, predictive analysis, threat maps, code repos

1.6 Security Concerns

There are security concerns with each of the sections below. The concerns depend on industry, implem­ent­ation, and time, along with other factors. The objective is to explain the security concerns associated with everything below
Cloud based v on prem
Cloud- can be hacked, default must be changed, availa­bility On-prem- physical, can be stolen, human errors
General Concerns
open permis­sions, unsecure root accounts, errors, weak encryp­tion, unsecure protocols, default settings, open ports and services
Thirs Party Risks
vendor manage­ment, supply chain, outsourced code, data storage
Impacts of Bad Security
data loss/b­rea­che­s/e­xfi­ltr­ation, identity theft, financial, reputa­tion, availa­bility loss
Terms w/o Definition
zero-day, patch manage­ment, legacy platforms

1.7 Techniques

Threat Hunting
Intel fusion
 
threat feeds
 
manuever
Vulner­ability Scans
non/cr­ede­ntialed
 
non/in­trusive
 
applic­ation
 
CVE
 
Config review
SIEM
Security info and event management
 
Packet Capture, review reports, data inputs
 
User behavior analysis
 
sentiment analysis
 
security monitoring
 
log collectors
SOAR
Security, orches­tra­tion, automa­tion, and response
Terms w/o Definition
false positi­ves­/ne­gat­ives, log reviews, web applic­ation, network

1.8 Pen Test Techniques

Passiv­e/A­ctive Recon
drones, war flying­/dr­iving, footpr­inting, OSINT
Exercise Types
red, blue, white, or purple team
Pen Testing
un/known enviro­nment, partially known enviro­nment, lateral movement, privilege escala­tion, cleanup, bug bounty, pivoting

2.1 Sec Conference

EXplain the importance of security concepts in an enterprise enviro­nment
Config Management
diagrams, baseline
Data soverignty
Data Protection
DLP, masking, encryp­tion, at rest, in motion, in processing
 
tokeni­zation
Geography
SSL transport
API
Site resiliency (hot, warm, cold))
Honeyp­ots­/fl­ies­/nets
DNS Sinkhole
Fake telemetry

2.2 Cloud Concepts

Acronyms to review: IaaS, PaaS, SaaS, XaaS, CSP, MSP/MSSP, API, SDN, SDV, VM, SIAM
Fog computing
cloud that is close to IoT data, midpoint, distri­buted cloud archit­ecture, extends the cloud, distribute data and processing
 
no latency, no bandwidth reqs, miminzes security concerns
Edge computing
IoT systems, edge server, close to the use, process the data on the device, increased internet speed
Thin client
basic app usage, runs on remote server, VDI, local device, minimal operating system on the client, big network requir­ement
Containers
Standa­rdized, physical infras­tru­cture with one OS with container software, isolated process, image, standa­rdized and lightw­eight, secure
Monolithic
client database code, one big applic­ation, codebase is so large it is hard to do mainti­nence, not as fast
 
Micros­ervices and APIs are the more effecient version of monolithic
Micros­erv­ice­s/APIs
API gateway manages commun­ication through gateway to different micros­ervices that leads to a data base, the API is the "­glu­e", scalable, resilient, security and compliance
Serverless archit­echture
FaaS, applic­ations are remote and autono­mous, removes the OS, it is a stateless compute container, event triggered (available as needed), third party
Transit Gateway
VPC, public cloud that has resources, VPC is controlled by the transit gateway aka "­cloud router­," connects through VPN to VPCs
Virtua­liz­ation
one physical piece of hardware, runs different OSs on one deviceVm sprwal avoidance
 
vm escape protection
Virtua­liz­ation Security
avoid VM sprawl because noo one knows where VMs live, detail provis­ioning so everyone knows where it is (track), VM is self-c­ont­ained
 
VM escape attack type can control host
HaaS/IaaS
outsou­rcing equipment, must manage internally
SaaS
easier and on-demand
PaaS
middle ground, no HVAC, no mainte­nance team, no direct control, building blocks
Cloud Design
elasti­city, on-demand, global access,
Data Protection
resource policies,
SIAM
most providers are different, SIAM integrates diverse providers for a unified view
IaaC
can be deployed at will, describes app instances in code,
SDN
central mngmt, vendor neutral, no human interv­ention, Agile, directly progra­mmable
 
to secure, use Internal firewall to connect all servers, use an IPS between internet and internal net, devices are software based
SDV
must see traffic to secure data, monito­ring, SIEM, firewalls are able to be implem­ented
 
data is encaps­ulated and encrypted
Terms w/o Defini­tions:
public, community, hybrid, infras­tru­cture as code, on prem v off prem, service integr­ation, multis­our­cing, control pane (config), data plane (perfo­rming)

2.3 App Dev/Deploy

Must be able to summarize these concepts
De/Pro­vis­ioning
QA
Integrity Measur­ement
Secure Coding
normal­iza­tion, stored procedures
 
obfusc­ati­on/­cam­oflauge
Server v Client Side
OWASP
Compiler v Binary
Elasticity
Scalab­ility
Terms w/o Defini­tions:
memory manage­ment, version control,

2.4 Authen. and Author.

Authen­tic­ation methods
directory services
 
federation
 
attest­ation
 
TOTP, HOTP, SMS, token key, static codes, push notifi­cat­ion­s/phone calls
 
smart cards
Biometrics
finger­print, retina, iris, facial, voice, gait analysis, efficacy rates, fase accept­anc­e/r­eje­ction, CER
MFA
Factors: something you know, have, or are
 
Attrib­utes: somewhere you are, something you can do or exhibit, someone you know
AAA

2.5 Cybers­ecurity

Redundancy
RAID
 
Load Balancers on a network
 
UPS
Backup types
Full
 
Increm­ental
 
Snapshot
 
Differ­ential
 
Tape
Non-pe­rsi­stence
revert to nkown state, last known good config, high availi­bility, restor­ation order
Diversity
tech, vendors, crypto, controls
Terms w/o Defini­tions:
generator, dual supply, managed power, PDUs, multipath, NIC, replic­ation (SAN), disk, copy, NAS, cloud, image, online v offline, offsite storage

2.6 Sec Implic­ations

Acronyms to Remember
REVIEW THEIR IMPLIC­ATIONS AND SCENARIOS SCADA, IoT, VoIP, HVAC, MFP, RTOS, SoC, SIM cards
Embedded systems
arduino, raspberry pi, FPGA
SCADA/ICS
facili­ties, indust­rial, manufa­ctu­ring, energy, logistics
IoT
sensors, smart devices, wearables, facility automa­tion, weak defaults
specia­lized systems
medical
 
vehicles, aircraft
 
Smart Meters
Constr­aints for embedded and specia­lized systems
power, compute, network, crypto, inabil­ities to patch, authen­tic­ation, range, cost, implied trust
Terms w/o Defini­tions:
drones, survei­llance systems, 5G, narrow band

2.7 Physical Sec

Air Gap
Screened subnet (DMZ)
Secure Areas
Secure Data destru­ction
burning, shredding, pulping, pulver­izing, degaus­sing, third-­party
Faraday cages
Sensors
motion, noise, proximity, moisture, cards, temp
Terms w/o Defini­tions:
bollards, AC vestib­ules, badges, alarms, signage, cameras, motion detection, CCTV, industrial camo, Personnel, Locks (biome­tri­c/p­hys­ical), USB data blocker, fencing, lighting, fire suppre­ssion, drones, visitor logs

2.8 Crypto­graphic Concepts

Common Use Cases
Low Power devices
 
low latency
 
high resiliency
 
supporting confid­ent­iality
 
supporting integrity
 
obfusa­cation support
 
non-re­pud­ation support
Blockchain
public ledgers
Limita­tions
speed, size, weak keys, time, longevity, predic­abi­lity, reuse, resource and security constr­aints
 
entropy
Modes of Operation
Unauth­ent­icated
 
Authen­ticated
 
Counter
Stegan­ography
Audio
 
Video
 
Image
Quantum
commun­ica­tions
 
computing
 
Post-Q­uantum
Other Concepts
digital signatures
 
key length
 
salting
 
hashing
 
key exchange
 
ellipt­ic-­curve
 
perfect forward secrecy

3.1 Implement Secure Protocols

Imlement secure protocols based on a scenario
Protocol
Definition
Use Cases
DNSSEC
Secure DNS, validates info and integrity through public key crypto­graphy
sign DNS certif­icate
SSH
Secure shell provides encypted client­-server terminal, replaced telnet/FTP
secure terminal commun­ication
S/MIME
Used with email, Secure­/Mu­lti­purpose Internet Mail Extens­ions, public­/pr­ivate key pair is required
PKI manages these keys
SRTP
Secure Real Time Protocol, keeps convos private, adds encyption, uses AES, uses Hash based message
ex: HMAC SHA1
LDAP
Lightw­eight Directory Access Protocol (X.500 written by Intern­ational Teleco­mmu­nic­ations Union)
 
protocol for read/w­riting dir over an IP network, uses TCP/IP
ex: LDAP can access active directory
LDAPS
uses SSL, secure LDAP
SASL
provides authen­tic­ation using client certif­ica­tions
FTPS
uses SSL for encryption over FTP client
NOT THE SAME AS SFTP
SFTP
SSH FTP, SSH used for encryp­tion, can ls dir, manipulate files
POP/IMAP
Used with email,
Use a STARTTLS exntension to encrypt POP3 with SSL or use IMAP w/SSL
NTP
no security, classic
used in DDoS as amplifiers
NTPSec
secure version of NTP
SSL/TLS
Used with email,
always encypted with browser emails
 
SSL (Secure Sockets Layer), TLS (Transport layer security) is the newer version of SSL)
HTTPS
private key used on server, symmetric session key transf­erred using asymmetric encryption
most common form uses public key encryption
   
symmetric key gets used during commun­ication
IPsec
OSI Layer 3, public internet, data IS encrypted, anti-r­eplay with encryption
both tunnel ends are secure, very standa­rdized
 
AH provides integrity, ESP provides encryption
Tunneling
ESP
SNMPv3
SSH encrypts tunnel commun­ica­tion, follows CIA
is asking router­s/s­witches for info from web browser with HTTPS
DHCP
servers must be authorized in AD, no secure version of DHCP
routin­g/s­wit­ching
 
DHCP snooping, MAC spoofi­ng,no built in security, rogue DHCP servers are a security issue but can be minimized through trusted interfaces on switches and only allowing distri­bution from trusted interfaces
 
prevent DHCP client DoS starvation attacks with a limited number of MAC addys per interface
Antivirus, Firewalls, animalware
auto updates, constant, always check for encryp­tio­n/i­nte­grity checks to inform firewall config­ura­tions
Use cases can include, voice and video, time sync, email, file transfer, directory services, routing and switching, DNR(Domain Name Resolu­tion), Net address alloca­tion, and subscr­iptions

3.2 Host/App Sec

Implement these based on a scenario
Secure coding practices:
Type
Scenario
Solution
Endpoint Protection
trojans worms and viruses are stopped
Antivirus
 
stops spywar­e/r­ans­omw­are­/fi­leless
Antima­lware
 
allows to detect a threat without or with signatures and can use behavioral analysis, can invest­igate and respond
EDR
 
OSI app layer, can block/­allow, examine encrypted data
NGFW
 
HIDS uses log files to detect, HIPS can block known attacks and uses signat­ures, hashes, and behavioral analysis
HIPs/HIDS
 
allow/­block incoming or outgoing app traffic
Host-based firewall
Boot Integrity with Bootloader
BIOS, will use secure boot, protects the BIOS and public key to protect BIOS update with digital signature check, verifies boot laoder
UEFI
 
device provides central management server with all bootloader info from chain of trust. The report will compare with trusted v not trusted
Attest­ation
Various Boot Levels (Chain of Trust)
not wanting to lose contact with a system, perfect to get in, rootkits work, UEFI
Secure Boot
 
bootloader verifies signature of OS kernel
Trusted Boot
 
allows us to measure if any changes occured, measur­ements stored in TPM as a hash from previous two processes
Measured Boot
Database
breaches can be expensive, compliance issues, continuity of business is important
 
replacing sensitive data like a SSN with a different, totally random number. ex: tap to pay, NOT HASHING OR ENCRYPTING
Tokeni­zation
 
adding random data to a hash to secure it further
Salting
 
one way, ex: passwords, fixed length
Hashing
Applic­ation Security
occurs when info is going in, normal­ization
input valida­tions
 
info stored on computer from browsers, tracks temp info, person­ali­zation, session mangmt, sensitive info is NOT supposed to store info
cookies
 
secure headers are added to web server config­ura­tion, restricts browsers, helps prevent XSS attacks
Headers
 
app code is signed by developer, assymetric encryp­tion, trusted CA signs developers public key
code signing
 
SAST for static code analysis, can easily find vulner­abi­lit­ies(can have false positi­ves).
Static v Dynamic Code Analysis
 
dynamic analysis, random data put into an app, time and CPU resource heavy, try CERTBFF, negative testing, attack type,
Fuzzing
Hardening
minimizing attack survace, removing all possible entry points, can be based on compli­ance, CIS, SANS, NIST
 
possible entry points, close all except required ports, used with NGFW, use nmap
Open Ports
 
FDE, ex: Bitlocker,
Disk encryption
 
system stability, security fixes, emergency used for zero day attacks
Patch management
TPM
trusted platform modules, used in junction with HSM
Secure Boot
Terms w/o Defini­tions:
allow/­block list, sandbo­xing, FDE, SED, Hardware root of trust, registry, auto update, third party services

3.3 Secure Net Design

Implement secure network designs based on scenarios
Design Type
Terms
Definition
Scenarios
Load Balancing
active­/active
 
passiv­e/a­ctive
 
Virtual IP
Segmen­tation
VLAN
 
DMZ
 
Extra or Intranet
VPN
split tunnel v full tunnel
 
SSL/TLS
 
HTML5
 
L2TP
DNS
Port Security
snooping
Network Appliances
jump servers
 
forward proxy
 
reverse proxy
 
NIDS/NIPS
 
HSM
 
Aggreg­ators
 
Firewalls
 
ACL
 
App v host v virtual
Port Scanning

3.4 Wireless Security

Remember to review how to install and configure wireless security settings
Crypto­graphic Protocols
WPA2
 
WPA3
 
CCMP
 
SAE
Authen­tic­ation Tools
EAP
 
PEAP
 
EAP-FAST
 
EAP-TLS
 
EAP-TTLS
 
IEEE 802.1x
 
RADIUS
Methods
PSK, open, WPS, captive portals
Instal­lations
site surveys, heat maps, WiFi analyzers, channel overlaps, WAP, ap security

3.5 Mobile Solutions

 
Connection Methods
cellular, wifi, bluetooth, infared, USB, PTP, GPS, RFID
 
NFC
MDM
remote wipes, geofen­cing, geoloc­ation, screen locks, push notifi­cat­ions, passowrds and pins
 
applic­ation management
 
content management
 
Biometrics
 
full device encryption
 
contai­ner­ization
 
storage segmen­tation
Enforc­ement and monito­ring...
monitor third parties
 
rooting
 
sidelo­ading
 
custom firmware
 
OTA
 
geotagging
 
Hotspot
Deployment Models
BYOD, CYOD, COPE, VDI
Terms w/o Defini­tions:
contex­t-aware authen­tic­ation, carrier unlocking, UEM, MAM, Android, Camera use, SMS, external media, USB OTG, microp­hone, GPS

3.6 Cloud Cybers­ecurity

Controls
High availi­bility, resource policies, secrets manage­ment, auditing
Storage Controls
permis­sions, encryp­tion, replic­ation, high availi­bility
Network Controls
Virtual Networks
 
Public­/pr­ivate subnets
 
Segmen­tation
 
API Inspection
Compute Controls
Sec groups, dynamic resource alloca­tion, instance awareness, VPC endpoint, container security
Solutions
CASB, app security, SWG, Firewalls consider for firewalls cost, segmen­tation
 
Third party

3.7 Account Management

Identity Tools
IdP, Attrib­utes, Certif­icates, Tokens, SSH Keys, Smart Cards
Account Types
user, shared, generic, guest, service
Account Policies
Password comple­xity, history, and reuse prohib­iting
 
Network location, geofen­cing, geotagging
 
access policies, time based logins, account audits, permis­sions, lockout, disabl­ement

3.8 Authen­/Author Solutions

Authen­tic­ation management
keys, vaults
 
TPM, HSM, knowle­dge­-based
Authen­tic­ati­on/­Aut­hor­ization
EAP, SHAP, PAP, RADIUS, 802.1x, SSO, SAML, TACACS+
 
Kerberos
Access Control Schemes
ABAC, MAC, DAC
 
rule or role based, condit­ional, privilege access management

3.9 PKI

PKI Types
Definition
Certif­icate Types
Definition
Key Management
 
Wildcard
CA, RA, CRL, OCSP, CSR, CN
 
Subject Altern­ative Names
Expiration
 
Code Signing
   
Self Signed
Concepts
 
Email, User, Root, Domain
Online v Offline
 
DER Format
Stapling
 
PEM Format
Pinning
 
PFX Format
Trust Model
 
P12
Key Escrow
 
P7B
 

Recomm­ended Resources

4.1 ToolUse

Organi­zat­ional Security
Commands
Function
Tools
Function
tracert
 
theHar­vester
nslook­up/dig
 
sn1per
nmap
 
Nessus
ipconf­ig/­ifc­onfig
 
Cuckoo
hping
 
FTK Imager
netstat
 
Win Hex
netcat
 
Autopsy
arp
 
Wireshark
route
 
Memdump
curl
 
Powers­hell, Python, SSH
dnsenum
last one used for recon
Tcpdump
head
used for file manipu­lation (FM)
Tcpreplay
tail
FM
cat
FM
grep
FM
chmod
FM
logger
FM
Terms w/o Defini­tio­ns:Data saniti­zation, dd, password crackers, indicent response, OpenSSL

4.2 PPP

Policies, Processes, and Procedures for IR
IR Process
Preper­ation
 
Identi­fic­ation
 
Contai­nment
 
Eradic­ation
 
Recovery
 
Lessons Learned
Attack Frameworks
MITRE ATT&CK
 
Cyber Kill Chain
Stakeh­older Management
Commun­ication Plan
DRP
BCP
COOP
Retention
Terms w/o Defini­tio­ns:­tab­letop, walkth­roughs, simula­tions, diamond model of intrusion analysis, irp

4.3 Data Support

Utilize approp­riate data sources to support an invest­igation
SIEM Dashboards
sensors, sensit­ivity, trends, alerts, correl­ation
Log Files
Network, system, app, security, web, DNS, authen­tic­ation, dump files, VoIP, SIP
syslog
journalctl
NXLog
Bandwidth monitors
Metadata
email, mobile, web, file
netflow
Protocol Analyzer

4.4 Mitigation

Reconf­iguring Endpoints
Quarantine
Config­uration changes
alter firewall, MDM, DLP, content filter, cert updates
Isolation, Contai­nment, Segmen­tation
SOAR playbooks

4.5 Digital Forensics

 
Docume­ntation and Evidence
can include video, tags, reports, snapshots, time stamps, event logs, interv­iews, admiss­ibility
 
chain of custody
Acquis­ition
order of volatility
 
use disks, RAM, OS, device type, firmware, snapshots, caches, networks, artifacts
Integrity
Hashing, checksums, and provenance
Preser­vation is crucial
Non-re­pud­ation
Counte­rin­tel­ligence
Terms w/o Defini­tions:
on prem v cloud, right to audi, data breaches

5.1 Types of Controls

Control Types
preven­tive, detective, correc­tive, deterrent, compen­sating, physical
Categories
manege­rial, operat­ional, technical

5.2 Regula­tions

Importance of applic­aible regula­tions, standards, or frameworks that impact organi­zat­ional security posture
Legisl­ation
GDPR
 
Nation­al/­ter­rit­ory­/state laws
 
PCI DSS
 
HIPAA
Frameworks
CIS
 
NIST
 
RMF/CSF
 
ISO
 
Cloud
 
SSAE
Guides
OS
 
Web server

5.3 Policies

Personnel
Abide by AUP, job rotations, mandatory vacations, sepere­ation of duties
 
least privilege
 
clean desk, background checks, NDAs, social media analysis, Onboar­ding, Offboa­rding, User Traini­ng/Role based training
Diverse Training
Third Party Risk Management
vendors, supply chain, business partners, SLA, MOU, MSA, BPA, EOL, EOSL
Data
Classi­fic­ation
 
Governance
 
Retention
Credential Policies in reference to...
personnel, third party, devices, service accounts, admins
Organi­zat­ional Policies
Change management and control
 
Asset Management

5.4 Risk Management

Acronyms: RTO, RPO, MTTR, MTBF, DRP, SLE, ALE, IP, ARO
Risk types include...
external, internal, legacy systems, multip­arty, IP theft, and software compliance
Risk Management Stategies
Accept­ance, Avoidance, Transf­erence, Mitigation
Risk Analysis
Control assesments
 
inherent risk
 
residual risk
 
control risk
 
Qualit­ative v Quanti­tative risk
 
Likelihood of occurence
 
Asset Values
 
SLE, ALE, ARO
Business Impact Analysis
RTO, RPO, MTTR, MTBF, DRp
 
site risk assessment

5.5 Data Security

Conseq­uences to an org when data breaches occur
reputation is damaged, identity theft, fines, IP theft
Notifi­cations
Data Types
Public
 
Private
 
Sensitive
 
Confid­ential
 
Propri­etary
 
PII
 
Health, Govt, Customer
 
Financial
Privacy Enhancing Techno­logies
Data minimi­zation
 
Data masking
 
tokeni­zation
 
anonym­inity
Roles and their Respon­sib­ilities
Data owners
 
Data controller
 
DPO
Info Life Cycle
Terms of Agreement
Privacy Notices

Network Design

Conduct a risk assessment: The first step in designing a secure network is to assess the risks to the network and the assets it protects. This includes identi­fying potential threats, vulner­abi­lities, and the impact of a security breach. Based on the risk assess­ment, the security requir­ements can be identi­fied, and the security design can be developed.

Use layered security: A layered security approach involves implem­enting multiple layers of defense to protect the network from different types of threats. This includes using firewalls, intrusion detection and prevention systems, antivirus software, encryp­tion, and access controls.

Secure network infras­tru­cture: The network infras­tru­cture should be secured by implem­enting strong passwords, disabling unnece­ssary services, updating firmware and software, and restri­cting access to critical network devices. Network devices should also be physically secured to prevent unauth­orized access.

Implement access controls: Access controls should be implem­ented to restrict access to sensitive inform­ation and resources. This includes user authen­tic­ation, author­iza­tion, and accounting (AAA), role-based access control, and network segmen­tation.

Encrypt sensitive data: Sensitive data should be encrypted both in transit and at rest. This includes using secure protocols such as HTTPS, SSH, and VPNs for data transm­ission and encryption tools such as BitLocker, VeraCrypt, or LUKS for data storage.

Train employees: Security awareness training should be provided to all employees to educate them on security best practices and to reduce the risk of human error.

Monitor and test the network: Regular monitoring and testing should be conducted to identify and remediate security vulner­abi­lities. This includes using network monitoring tools, conducting penetr­ation testing, and reviewing audit logs.

Encryption and Keys

Public vs Private Key
Public Key: A public key is a part of the asymmetric encryption algorithm and is made available to anyone who wants to commun­icate with the owner of the key. It is used to encrypt data, digital signature verifi­cation, and establish secure commun­ication channels. The public key can be freely distri­buted as it does not contain sensitive inform­ation. Private Key: A private key, on the other hand, is the other half of the asymmetric encryption algorithm and is kept secret by the owner of the key. It is used to decrypt data, generate digital signat­ures, and establish secure commun­ication channels. The private key must be kept secure as it contains sensitive inform­ation that must not be disclosed to anyone else.
Asymmetric Keys vs Symmetric Keys
Symmetric Key: A symmetric key encryption system uses the same secret key to both encrypt and decrypt the data. The sender and receiver must have the same secret key to commun­icate securely. The symmetric key encryption system is faster than the asymmetric key encryption system, and it is typically used for bulk data encryp­tion. Asymmetric Key: An asymmetric key encryption system uses two keys, a public key, and a private key. The public key is used to encrypt the data, and the private key is used to decrypt it. Anyone can have access to the public key, but the private key is kept secret by the owner. Asymmetric key encryption is slower than symmetric key encryption but provides better security and is typically used for digital signat­ures, secure key exchange, and establ­ishing secure commun­ication channels. The main difference between symmetric and asymmetric key encryption is that symmetric key encryption uses the same key to encrypt and decrypt data, while asymmetric key encryption uses two different keys for encryption and decryp­tion. The symmetric key encryption system is faster, while the asymmetric key encryption system is more secure.

PBQ Notes from Youtube

allow web traffic, disallow all traffic from specific IP, ensure implicit deny, port 53 is DNS,
 
IDS alert, supposed to be denied on ACL, given diagram. 443 default port for https, NAT, NAPT firewall in use
tcp port 22, new inbound rule wizards, use custom, rule can be named SFTP, most groups use third party for FTP,
multif­actor auth charac­ter­istis, payload, trojan with keylogger
 
crypto­graphic scenario: RSA,
 
hash private key encryption to create dig sig alice then attatches DS to og message to deliver to bob (SHE FORGOT TO ENCRYPT THIS) bob then decrypts og message w/ DS using Alice's public key resulting in the has of the og message bob performs hash comparison the hashes do not match no trust
Other Vincent Humble Videos
601-P1: blowfish cipher, Bcrypt? can lengthen and strengthen keys, longer the key, the longer a file is confid­ential,
 
601-P2: Sim cloning, elliptic curve crypto­graphy, geo requir­ement for data centers 100 miles?, hybrid, DLP, GPS and WiFi, nonrep & accoun­tib­ility,
 
601-P3:

Cyber Kill Chain

Alt text: the cyber kil chain, 8 steps

Cloud vs On Premises

Alt text: On cloud vs On premises

Note: This is a VERY strong theme throughout all of the objectives for this exam

Encryption (Image)

Alt text: encryption process
Data prepar­ation, Key genera­tion, Encryption algorithm, transm­ission of data, decryption

DiD

Alt Text: Defense in depth methods

DNS Tunneling

Alt Text: DNS tunneling techniques

Virtua­liz­ation vs Contai­ner­ization

Alt text: virtua­liz­ation vs contai­ner­ization screenshot from Professor Messer Video

"As a Servic­e"

Alt text: Cloud services and how they differ from one another
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Passe Compose Cheat Sheet
          Mortgage Brokering In Ontario Cheat Sheet