Make Money Make $250 per referral Find out More

A review of changes to CompTIA’s new Security+ exam

While CompTIA consistently rolls out improvements to its most well known merchant unbiased affirmation exams, for the most part there is a touch of time lurched between them. This year, in any case, they refreshed both the Security+ and the Network+ exams in a short timespan. In a past article, we took a gander at the progressions to Network+ (from N10-006 to N10-007), and in this article, we will concentrate on the progressions to Security+ (from SY0-401 to SY0-501).

Domains

The SY0-401 exam comprised of 90 questions and there were a hour and a half in which to finish them with a base passing score of 750 (on a scale from 100 to 900). It was/is (the length of it still accessible) partitioned into six areas and weighted as followed:

1) Network Security 20 percent
2) Compliance and Operational Security 18 percent
3) Threats and Vulnerabilities 20 percent
4) Application, Data and Host Security 15 percent
5) Access Control and Identity Management 15 percent
6) Cryptography 12 percent

The SY0-501 exam has the same number of questions, time, and minimum passing score. It six domains and weighting have changed as follows:

1) Threats, Attacks and Vulnerabilities 21 percent
2) Technologies and Tools  22 percent
3) Architecture and Design 15 percent
4) Identity and Access Management 16 percent
5) Risk Management 14 percent
6) Cryptography and PKI 12 percent

While the number of domains stays the same, the overall number of objectives has actually gone up: from 33 to 37. The following table lists the domains/objectives on SY0-501 and offers a few notes on each:

Objective Note
Threats, Attacks and Vulnerabilities  
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware  Know the difference between worms, Trojans, backdoors, rootkits, and the various types of viruses
1.2 Compare and contrast types of attacks This one objective covers enough topics to be an exam in and of itself. The four main topic areas are: social engineering, application/service attacks (think DoS), wireless attacks, and cryptographic attacks (brute force, birthday, etc.)
1.3 Explain threat actor types and attributes A tiny topic where commonsense can help you identify the right answer to any question asked
1.4 Explain penetration testing concepts Know the various types: black box, white box, and gray box
1.5 Explain vulnerability scanning concepts Be able to identify common misconfigurations and differentiate between intrusive and non-intrusive testing
1.6 Explain the impact associated with types of vulnerabilities Zero day exploits have been moved to this objective as have a lot of catchall topics like untrained users, buffer overflows, and the like
Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based, to support organizational security Firewalls are but one topic here – you also have routers, switches, proxies, NIPS/NIDS, SIEM, DLP, load balancers, and access points
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization Among the topics to know here are the command line tools commonly used in troubleshooting (ping, netstat, arp, tracert, and so on)
2.3 Given a scenario, troubleshoot common security issues Misconfigured devices factors in heavily here along with those unhappy employees who are able to wreak harm from the inside
2.4 Given a scenario, analyze and interpret output from security technologies Antivirus software is an easy one, but there is also patch management tools, web application firewall and data execution prevention
2.5 Given a scenario, deploy mobile devices securely For this objective, you need to know connection methods (lifted from Network+), and deployment models
2.6 Given a scenario, implement secure protocols Think of every protocol you can think of that has an “S” with it implying Secure/SSL and you’ll have what you need to know for this objective: LDAPS, S/MIME, SFTP, FTPS, HTTPS, and so on
Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides Think benchmarking, layered security, and the value of creating/having guides to assist with security-related implementations
3.2 Given a scenario, implement secure network architecture concepts Honeynets have been moved to here along with DMZ, extranets, NAT, and some security devices
3.3 Given a scenario, implement secure systems design TPM and HSM now reside here along with patch management and some good security practices (disabling unnecessary ports, application white- blacklisting, and the concept of least functionality)
3.4 Explain the importance of secure staging deployment concepts Sandboxing, sandboxing, sandboxing
3.5 Explain the security implications of embedded systems SCADA/ICS became test topics with the previous iteration of the exam and now reside beneath this objective
3.6 Summarize secure application development and deployment concepts Be familiar with the software development lifecycle and secure coding techniques. Sandboxing pops up once again
3.7 Summarize cloud and virtualization concepts This is, once again, pretty much a straight lift from the Network+ exam and expects you to know the basics of hypervisors/containers and the most popular deployment models
3.8 Explain how resiliency and automation strategies reduce risk Fault tolerance, RAID, and high availability topics reside here along with individual technologies to make them possible
3.9 Explain the importance of physical security controls Lock it down. Do so with physical locks, guards, cameras, and so on.
Identity and Access Management
4.1 Compare and contrast identity and access management concepts Multifactor authentication focuses on:
● Something you are
● Something you have
● Something you know
● Something you are
● Something you do
4.2 Given a scenario, install and configure identity and access services  RADIUS is here for remote connectivity along with the old standbys CHAP, PAP, and MSCHAP.  Kerberos and Shibboleth now join them
4.3 Given a scenario, implement identity and access management controls The various access methods are here (such as MAC, DAC, RBAC), biometric methods, and certificate-based authentication
4.4 Given a scenario, differentiate common account management practices Have different levels of accounts, follow best practices, and be sure to enforce them
Risk Management
5.1 Explain the importance of policies, plans and procedures related to organizational security Vendor agreements and personnel agreements fall beneath this objective along with policies related to email and social media usage
5.2 Summarize business impact analysis concepts Be able to quantify risk using MTBF, MTTR, RTO/RPO and associated forms of assessment
5.3 Explain risk management processes and concepts Continuing on with what was is 5.2, add in SLE, ALE, ARO, and other methods of assigning quantitative numbers to risk
5.4 Given a scenario, follow incident response procedures Know what should be in an incident response plan and how to follow an organized incident response process
5.5 Summarize basic concepts of forensics From a legal standpoint, you need to document everything. Similarly, during data collection you need to gather as much information as possible and be able to build a case
5.6 Explain disaster recovery and continuity of operation concepts Types of recovery sites (hot, cold, warm), backups (full, incremental, differential), and considerations (geographic) fact in heavily to being back up following a crisis
5.7 Compare and contrast various types of controls There are eight different categories of controls and you need to be able to identity which one certain steps or actions would be classified as
5.8 Given a scenario, carry out data security and privacy practices Know the data destruction and sanitization methods from the popular (shredding) to less widespread (pulping) and everything in between
Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography This is another objective which could easily be an entire exam in and of itself. Know the meaning of various phrases used to describe cryptography
6.2 Explain cryptography algorithms and their basic characteristics This objective is an extension of 6.1 and it adds algorithms for each of the phrases. Be able to identify whether any given algorithm is classified as symmetric, asymmetric, hashing, or other
6.3 Given a scenario, install and configure wireless security settings Know which protocols are used with wireless technologies and for what purpose (authentication versus cryptographic)
6.4 Given a scenario, implement public key infrastructure Certificates, certificates, certificates.  Be familiar with the most popular of them and the components of the infrastructure that makes PKI possible.

CompTIA recently overhauled its popular Security+ certification exam. Here's what changed.

Notwithstanding taking a gander at the areas/goals, when you are considering for an exam you ought to likewise take a gander at the acronyms/phrasing related with that exam and ensure you know them. The accompanying acronyms are among those that have been added to the most up to date cycle of the Security+ exam that were not on the past one:

ABAC: Attribute-based Access Control
CBC: Cipher Block Chaining
COPE: Corporate Owned, Personally Enabled
CTM: Counter-Mode
CYOD: Choose Your Own Device
DER: Distinguished Encoding Rules
ECB: Electronic Code Book
EMP: Electro Magnetic Pulse
MMS: Multimedia Message Service
MDA: Memorandum of Agreement
MSP: Managed Service Provider
OTA: Over The Air
PEM: Privacy-enabled Electronic Mail
PFX: Personal Exchange Format
RAT: Remote Access Trojan
RTOS: Real-time Operating System
SDN: Software Defined Network
SED: Self-encrypting Drive
SoC: System on Chip
WORM: Write Once Read Many
XOR: Exclusive Or

While these were added, only a few acronyms were removed from the previous version, including: FQDN, HSRP, JBOD, NOS, OLA, RDP, SONET, and TFTP.

%d bloggers like this: