CompTIA Security+ SY0-601 Exam Objectives (3.0)

CompTIA
Security+
Certification
Exam Objectives
EXAM NUMBER: SY0-601
About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA
Security+ (SY0-601) certification exam. The CompTIA Security+ certification exam will
verify the successful candidate has the knowledge and skills required to:
• Assess the security posture of an enterprise environment and
recommend and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud, mobile, and IoT
• Operate with an awareness of applicable laws and policies,
including principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents
This is equivalent to two years of hands-on experience working in a security/systems administrator job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.
EXAM DEVELOPMENT
CompTIA exams result from subject matter expert workshops and industry-wide
survey results regarding the skills and knowledge required of an IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to
more clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA
directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are
considered unauthorized (aka “brain dumps”), he/she should contact CompTIA at
examsecurity@comptia.org to confirm.
PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the
security of the questions is protected. When necessary, we will publish updated exams based on
testing exam objectives. Please know that all related exam preparation materials will still be valid.
CompTIA Security+ Certification Exam Objectives Version 3.0 (Exam Number: SY0-601)
TEST DETAILS
Required exam SY0-601
Number of questions Maximum of
90
Types of questions Multiple-choice and performance-
based Length of test 90 minutes
Recommended experience • At least 2 years of work experience
in IT systems administration
with a focus on security
• Hands-on technical information security experience
• Broad knowledge of security concepts
Passing score 750 (on a scale of 100–900)
EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this
examination and the extent to which they are represented:
DOMAIN PERCENTAGE OF EXAMINATION
1.0 Attacks, Threats, and Vulnerabilities 24%

2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
Total 100%
1.0 Threats, Attacks, and
Vulnerabilities
1.1
Compare and contrast different types of social engineering techniques.
• Phishing • Prepending -Social media
• Smishing • Identity fraud • Principles (reasons for effectiveness)
• Vishing • Invoice scams -Authority
• Spam • Credential harvesting -Intimidation
• Spam over instant messaging • Reconnaissance -Consensus
(SPIM)
• Hoax -Scarcity
• Spear phishing
• Impersonation -Familiarity
• Dumpster diving
• Watering hole attack -Trust
• Shoulder surfing
• Typosquatting -Urgency
• Pharming
• Pretexting
• Tailgating
• Influence campaigns
• Eliciting information
- Hybrid warfare
• Whaling
1.2
Given a scenario, analyze potential
indicators to determine the type of attack.
• Malware
• Password attacks • Adversarial artificial intelligence (AI)
-Ransomware
-Spraying - Tainted training data
-Trojans
-Dictionary for machine learning
-Worms
-Brute force (ML)
-Potentially unwanted programs
(PUPs) - Offline - Security of
-Fileless virus - Online machine learning
-Command and control - Rainbow table algorithms
-Bots - Plaintext/unencrypted • Supply-chain attacks
-Cryptomalware • Physical attacks • Cloud-based vs. on-premises attacks
-Logic bombs - Malicious Universal • Cryptographic attacks
-Spyware Serial Bus (USB) - Birthday
-Keyloggers cable - Collision
-Remote access Trojan (RAT) -Malicious flash drive - Downgrade
-Rootkit -Card cloning
-Backdoor -Skimming
1.0 Threats, Attacks, and
Vulnerabilities
1.3
indicators associated with application
attacks.
• Privilege escalation • Race conditions • Application
• Cross-site scripting - Time of check/time of programming interface
• Injections use (API) attacks
-Structured query language (SQL) • Error handling • Resource exhaustion
-Dynamic-link library (DLL) • Improper input handling • Memory leak
-Lightweight Directory • Replay attack • Secure Sockets Layer (SSL) stripping
Access Protocol (LDAP) - Session replays • Driver manipulation
-Extensible Markup Language • Integer overflow -Shimming
(XML)
• Request forgeries -Refactoring
• Pointer/object dereference - Server-side • Pass the hash
• Directory traversal - Cross-site
• Buffer overflows
1.4
indicators associated with network attacks.
• Wireless
• Layer 2 attacks - Application
-Evil twin
-Address Resolution - Operational technology (OT)
-Rogue access point
Protocol (ARP) • Malicious code or script execution
-Bluesnarfing
poisoning - PowerShell
-Bluejacking
-Media access control (MAC) - Python
-Disassociation flooding - Bash
-Jamming -MAC cloning - Macros
-Radio frequency identification • Domain name system (DNS) - Visual Basic for Applications (VBA)
(RFID)
-Domain hijacking
-Near-field communication (NFC)
-DNS poisoning
-Initialization vector (IV)
-Uniform Resource
• On-path attack (previously
Locator (URL)
known as man-in-the-middle
redirection
attack/ man-in-the-browser attack)
-Domain reputation
• Distributed denial-of-service (DDoS)
-Network
1.5
Explain different threat actors, vectors, and intelligence sources.
• Actors and threats • Vectors - Automated Indicator Sharing (AIS)
-Advanced persistent threat (APT) - Direct access -Structured Threat Information
-Insider threats - Wireless eXpression (STIX)/Trusted
-State actors - Email Automated eXchange of
-Hacktivists - Supply chain Intelligence Information
-Script kiddies - Social media (TAXII)
-Criminal syndicates - Removable media - Predictive analysis
-Hackers - Cloud - Threat maps
- Authorized • Threat intelligence sources - File/code repositories
- Unauthorized - Open-source intelligence • Research sources
- Semi-authorized (OSINT) - Vendor websites
-Shadow IT - Closed/proprietary - Vulnerability feeds
-Competitors - Vulnerability databases - Conferences
• Attributes of actors -Public/private - Academic journals
-Internal/external information- sharing - Request for comments (RFC)
-Level of centers - Local industry groups
sophistication/capability - Dark web - Social media
-Resources/funding - Indicators of compromise - Threat feeds
-Intent/motivation -Adversary tactics,
techniques, and procedures
(TTP)
1.6
Explain the security concerns associated
with various types of vulnerabilities.
• Cloud-based vs. on-
• Third-party risks • Legacy platforms
premises vulnerabilities
- Vendor management • Impacts
• Zero-day
- System integration - Data loss
• Weak configurations
- Lack of vendor support - Data breaches
-Open permissions
- Supply chain - Data exfiltration
-Unsecure root accounts
- Outsourced code development - Identity theft
-Errors
- Data storage - Financial
-Weak encryption
• Improper or weak patch - Reputation
-Unsecure protocols management - Availability loss
-Default settings - Firmware
-Open ports and services - Operating system (OS)
- Applications
1.7
Summarize the techniques used in security assessments.
• Threat hunting • Syslog/Security information and
-Intelligence fusion event management (SIEM)
-Threat feeds -Review reports
-Advisories and bulletins -Packet capture
-Maneuver -Data inputs
• Vulnerability scans -User behavior analysis
-False positives -Sentiment analysis
-False negatives -Security monitoring
-Log reviews -Log aggregation
-Credentialed vs. non-credentialed -Log collectors
-Intrusive vs. non-intrusive • Security orchestration,
-Application automation, and response
-Web application (SOAR)
-Network
-Common Vulnerabilities and
Exposures (CVE)/Common
Vulnerability Scoring System
(CVSS)
-Configuration review
1.8
Explain the techniques used in penetration testing.
• Penetration testing • Passive and active reconnaissance
-Known environment - Drones
-Unknown environment - War flying
-Partially known environment - War driving
-Rules of engagement - Footprinting
-Lateral movement - OSINT
-Privilege escalation • Exercise types
-Persistence - Red-team
-Cleanup - Blue-team
-Bug bounty - White-team
-Pivoting - Purple-team
2.0 Architecture and Design
2.1
Explain the importance of security
concepts in an enterprise environment.
• Configuration management • Geographical considerations • Deception and disruption
-Diagrams • Response and recovery controls - Honeypots
-Baseline configuration • Secure Sockets Layer - Honeyfiles
-Standard naming conventions (SSL)/Transport Layer Security (TLS) - Honeynets
-Internet protocol (IP) schema inspection - Fake telemetry
• Data sovereignty • Hashing - DNS sinkhole
• Data protection • API considerations
-Data loss prevention (DLP) • Site resiliency
-Masking - Hot site
-Encryption - Cold site
-At rest - Warm site
-In transit/motion
-In processing
-Tokenization
-Rights management
2.2
Summarize virtualization and cloud computing concepts.
• Cloud models • Managed service provider • Infrastructure as code
-Infrastructure as a service (MSP)/ managed security -Software-defined networking (SDN)
(IaaS)
service provider (MSSP) -Software-defined visibility (SDV)
-Platform as a service (PaaS)
• On-premises vs. off-premises • Serverless architecture
-Software as a service (SaaS)
• Fog computing • Services integration
-Anything as a service (XaaS)
• Edge computing • Resource policies
-Public
• Thin client • Transit gateway
-Community
• Containers • Virtualization
-Private
• Microservices/API -Virtual machine
-Hybrid
(VM) sprawl
• Cloud service providers
avoidance
-VM escape protection
2.0 Architecture and
Design
2.3
Summarize secure application
development, deployment, and automation
concepts.
• Environment -Code reuse/dead code • Automation/scripting
-Development -Server-side vs. client- - Automated courses of action
-Test side execution and - Continuous monitoring
-Staging validation - Continuous validation
-Production -Memory management - Continuous integration
-Quality assurance (QA) -Use of third-party libraries and - Continuous delivery
• Provisioning and deprovisioning software development kits - Continuous deployment
• Integrity measurement (SDKs) • Elasticity
• Secure coding techniques -Data exposure • Scalability
-Normalization • Open Web Application • Version control
-Stored procedures Security Project
-Obfuscation/camouflage (OWASP)
• Software diversity
-Compiler
-Binary
2.4
Summarize authentication and authorization design concepts.
• Authentication methods • Biometrics • Multifactor authentication
-Directory services -Fingerprint (MFA) factors and
-Federation -Retina attributes
-Attestation -Iris - Factors
-Technologies -Facial - Something you know
- Time-based one- -Voice - Something you have
time password (TOTP) -Vein - Something you are
-HMAC-based one-time -Gait analysis - Attributes
password (HOTP) -Efficacy rates - Somewhere you are
- Short message service -False acceptance - Something you can do
(SMS) -False rejection - Something you exhibit
- Token key -Crossover error rate - Someone you know
- Static codes • Authentication,
- Authentication authorization, and accounting
applications
(AAA)
- Push notifications
• Cloud vs. on-premises requirements
- Phone call
-Smart card authentication
2.5
Given a scenario, implement cybersecurity resilience.
• Redundancy • Replication - Offsite storage
-Geographic dispersal - Storage area network - Distance considerations
-Disk - VM • Non-persistence
-Redundant array of • On-premises vs. cloud -Revert to known state
inexpensive disks (RAID) • Backup types -Last known-good configuration
levels - Full -Live boot media
- Multipath - Incremental • High availability
-Network - Snapshot -Scalability
- Load balancers - Differential • Restoration order
-Network interface - Tape • Diversity
card (NIC) - Disk -Technologies
teaming - Copy -Vendors
-Power - Network-attached storage -Crypto
-Uninterruptible (NAS) -Controls
power supply - Storage area network
(UPS) - Cloud
- Generator - Image
- Dual supply - Online vs. offline
-Managed power
distribution units
(PDUs)
2.6
Explain the security implications of embedded and specialized systems.
• Embedded systems • Specialized -Subscriber identity module (SIM) cards
-Raspberry Pi -Medical systems -Zigbee
-Field-programmable gate array -Vehicles • Constraints
(FPGA) -Aircraft -Power
-Arduino -Smart meters -Compute
• Supervisory control and data • Voice over IP (VoIP) -Network
acquisition (SCADA)/industrial control • Heating, ventilation, -Crypto
system (ICS) air conditioning (HVAC) -Inability to patch
-Facilities • Drones -Authentication
-Industrial • Multifunction printer (MFP) -Range
-Manufacturing • Real-time operating system (RTOS) -Cost
-Energy • Surveillance systems -Implied trust
-Logistics • System on chip (SoC)
• Internet of Things (IoT) • Communication considerations
-Sensors -5G
-Smart devices -Narrow-band
-Wearables -Baseband radio
-Facility automation
-Weak defaults
2.7
Explain the importance of physical security controls.
• Bollards/barricades -Electronic • Air gap
• Access control vestibules -Physical • Screened subnet (previously
• Badges -Cable locks known as demilitarized
• Alarms • USB data blocker zone)
• Signage • Lighting • Protected cable distribution
• Cameras • Fencing • Secure areas
-Motion recognition • Fire suppression -Air gap
-Object detection • Sensors -Vault
• Closed-circuit television (CCTV) -Motion detection -Safe
• Industrial camouflage -Noise detection -Hot aisle
• Personnel -Proximity reader -Cold aisle
-Guards -Moisture detection • Secure data destruction
-Robot sentries -Cards -Burning
-Reception -Temperature -Shredding
-Two-person integrity/control • Drones -Pulping
• Locks • Visitor logs -Pulverizing
-Biometrics • Faraday cages -Degaussing
-Third-party solutions
2.8
Summarize the basics of cryptographic concepts.
• Digital signatures • Blockchain - Supporting integrity
• Key length - Public ledgers - Supporting obfuscation
• Key stretching • Cipher suites - Supporting authentication
• Salting - Stream - Supporting non-repudiation
• Hashing - Block • Limitations
• Key exchange • Symmetric vs. asymmetric - Speed
• Elliptic-curve cryptography • Lightweight cryptography - Size
• Perfect forward secrecy • Steganography - Weak keys
• Quantum - Audio - Time
-Communications - Video - Longevity
-Computing - Image - Predictability
• Post-quantum • Homomorphic encryption - Reuse
• Ephemeral • Common use cases - Entropy
• Modes of operation - Low power devices - Computational overheads
-Authenticated - Low latency - Resource vs. security constraints
-Unauthenticated - High resiliency
-Counter - Supporting confidentiality
3.0 Implementation
3.1
Given a scenario, implement secure protocols.
• Protocols -Simple Network • Use cases
-Domain Name System Management Protocol, - Voice and video
Security Extensions (DNSSEC) version 3 (SNMPv3) - Time synchronization
-SSH -Hypertext transfer protocol - Email and web
-Secure/Multipurpose Internet over SSL/TLS (HTTPS) - File transfer
Mail Extensions (S/MIME) - IPSec - Directory services
-Secure Real-time -Authentication header - Remote access
Transport Protocol (SRTP) (AH)/ Encapsulating - Domain name resolution
-Lightweight Directory Security Payloads (ESP) - Routing and switching
Access Protocol Over SSL - Tunnel/transport - Network address allocation
(LDAPS) - Post Office Protocol (POP)/ - Subscription services
-File Transfer Protocol, Secure Internet Message Access Protocol
(FTPS) (IMAP)
-SSH File Transfer Protocol (SFTP)
3.2
Given a scenario, implement host or application security solutions.
• Endpoint protection
• Database • Hardening
-Antivirus
-Tokenization -Open ports and services
-Anti-malware
-Salting -Registry
-Endpoint detection
-Hashing -Disk encryption
and response (EDR)
• Application security -OS
-DLP
-Input validations -Patch management
-Next-generation firewall (NGFW)
-Secure cookies - Third-party updates
-Host-based intrusion
-Hypertext Transfer - Auto-update
prevention system (HIPS)
Protocol (HTTP) • Self-encrypting drive
-Host-based intrusion
headers (SED)/ full-disk encryption
detection system (HIDS)
-Code signing (FDE)
-Host-based firewall
-Allow list -Opal
• Boot integrity
-Block list/deny list • Hardware root of trust
-Boot security/Unified
-Secure coding practices • Trusted Platform Module (TPM)
Extensible Firmware Interface
-Static code analysis • Sandboxing
(UEFI)
- Manual code review
-Measured boot
- Dynamic code
-Boot attestation
analysis
-Fuzzing
3.0 Implementation
3.3
Given a scenario, implement secure network designs.
• Load balancing
• Out-of-band management - Aggregators
-Active/active
• Port security - Firewalls
-Active/passive
-Broadcast storm prevention - Web application firewall (WAF)
-Scheduling
-Bridge Protocol - NGFW
-Virtual IP
Data Unit (BPDU) - Stateful
-Persistence
guard - Stateless
• Network segmentation
-Loop prevention - Unified threat management (UTM)
-Virtual local area network
(VLAN) -Dynamic Host -Network address
-Screened subnet (previously Configuration Protocol translation (NAT)
known as demilitarized (DHCP) snooping gateway
zone) -Media access - Content/URL filter
-East-west traffic control (MAC) filtering - Open-source vs. proprietary
-Extranet • Network appliances - Hardware vs. software
-Intranet -Jump servers - Appliance vs. host-based vs. virtual
-Zero Trust -Proxy servers • Access control list (ACL)
• Virtual private network (VPN) - Forward • Route security
-Always-on - Reverse • Quality of service (QoS)
-Split tunnel vs. full tunnel -Network-based intrusion • Implications of IPv6
-Remote access vs. site-to-site detection system (NIDS)/network- • Port spanning/port mirroring
-IPSec based intrusion prevention system - Port taps
-SSL/TLS (NIPS) • Monitoring services
-HTML5 - Signature-based • File integrity monitors
-Layer 2 tunneling protocol - Heuristic/behavior
(L2TP) - Anomaly
• DNS - Inline vs. passive
• Network access control (NAC) -HSM
-Agent and agentless -Sensors
-Collectors
3.4
Given a scenario, install and configure wireless security settings.
• Cryptographic protocols -IEEE 802.1X - Controller and access point security
-WiFi Protected Access 2 -Remote Authentication Dial-in
(WPA2)
User Service (RADIUS)
-WiFi Protected Access 3
(WPA3) Federation
-Counter-mode/CBC-MAC • Methods
Protocol (CCMP) -Pre-shared key (PSK)
-Simultaneous Authentication vs. Enterprise vs. Open
of Equals (SAE) -WiFi Protected Setup (WPS)
• Authentication protocols -Captive portals
-Extensible Authentication • Installation considerations
Protocol (EAP) -Site surveys
-Protected Extensible -Heat maps
Authentication Protocol (PEAP) -WiFi analyzers
-EAP-FAST -Channel overlaps
-EAP-TLS -Wireless access
-EAP-TTLS point (WAP)
placement
3.5
Given a scenario, implement secure mobile solutions.
• Connection methods and - Biometrics - Camera use
receivers - Context-aware authentication -SMS/Multimedia Messaging Service
-Cellular - Containerization (MMS)/Rich Communication
-WiFi - Storage segmentation Services (RCS)
-Bluetooth - Full device encryption - External media
-NFC • Mobile devices - USB On-The-Go (USB OTG)
-Infrared - MicroSD hardware - Recording microphone
-USB security module - GPS tagging
-Point-to-point (HSM) - WiFi direct/ad hoc
-Point-to-multipoint -MDM/Unified Endpoint - Tethering
-Global Positioning System Management (UEM) - Hotspot
(GPS)
-Mobile application - Payment methods
-RFID
management (MAM) • Deployment models
• Mobile device management
(MDM) - SEAndroid - Bring your own device (BYOD)
-Application management • Enforcement and monitoring of: -Corporate-owned
-Content management - Third-party application stores personally enabled
-Remote wipe - Rooting/jailbreaking (COPE)
- Sideloading - Choose your own device (CYOD)
-Geofencing
-Geolocation - Custom firmware - Corporate-owned
-Screen locks - Carrier unlocking - Virtual desktop infrastructure (VDI)
-Push notifications - Firmware over-the-air (OTA)
updates
-Passwords and PINs
3.6
Given a scenario, apply cybersecurity solutions to the cloud.
• Cloud security controls • Solutions
-High availability across zones -CASB
-Resource policies -Application security
-Secrets management -Next-generation
-Integration and auditing secure web gateway
-Storage (SWG)
- Permissions -Firewall considerations
- Encryption in a cloud environment
- Replication -Cost
- High availability -Need for segmentation
-Network -Open Systems
- Virtual networks Interconnection (OSI)
- Public and private subnets layers
- Segmentation •Cloud native controls
- API inspection and vs. third-party solutions
integration
-Compute
- Security groups
- Dynamic resource allocation
- Instance awareness
- Virtual private
cloud (VPC) endpoint
- Container security
3.0 Implementation
•I
d -G
3.7 c
Given a scenario, implement identity e a
u
e
and account management controls. n
t
r
s
d
i t
s
t a
A c
y c c
-I c o
d o u
e u n
n n t
ti t s
t
y -S
t e
p
y r
r
p v
o
e i
v
s c
i
d -User e
e accou
r nt a
(I -Share c
d d and c
P o
generi
) u
c n
-A
accou t
tt
nts/cr s
ri
b edent • Acc
u ials oun
t t
e poli
s cies
-C -P
e a
rt s
if s
i w
c o
a r
t d
e
s c
o
-T
m
o
p
k
l
e
e
n
x
s
i
-S t
S y
H
-P
k
a
e
s
y
s
s
w
S o
m r
a d
r
t h
istory o
c -Access policies
-Pass
word at -Account
3.9 io permissions
reuse
n -Account audits
Given a scenario,
-Netw
ork -Ti
m
-Impossible implement public key
locat travel
ion e- time/risky login infrastructure.
-Geof b -Lockout
enci as • Public -O (CSR
e -Disablement
ng key n )
d infrast -CN
-Geot lo l
aggi ructur -Subj
gi e i
ng ns n ect
(PKI) alter
-Geol e
- Ke nativ
y e
ma nam
C
na e
3.8 ge e
Given a me r
-Expir
ation
scenario, nt t
implement - Ce i
rtifi
authenticati cat
f
i
on and e
c
aut
authorizati hor a
on ity t
(C
solutions. A)
e
• Authentication - Int
- 802.1X - Role-based access er S
management
-RADIUS control me t
-Password
- Rule-based access diat a
keys -Single sign-on
control e
-Password (SSO) t
CA
vaults -Sec - MAC u
- Re
-TPM urity - Discretionary s
gist
Ass access control
-HSM rati
(DAC)
-Knowledge- ertio on P
- Conditional access aut
based n
- Privileged access hor r
authenticatio Mar
n management ity o
kup - Filesystem (R t
• Authentication/
authorization Lan permissions A) o
-EAP gua - Ce c
ge rtifi o
-Challenge-
(SA cat
Handshake e l
Authenticati ML)
rev
-Terminal Access oc
on Protocol (
Controller atio
(CHAP) O
Access Control n
-Pass System Plus list C
word (TACACS+) (C S
Authe -OAuth RL P
nticati -OpenID ) )
on -Kerberos - Ce - Certi
Protoc rtifi ficat
• Access control cat
ol schemes e
e signi
(PAP) -Attribute-based attr ng
access control ibu requ
(ABAC) tes est
• Types of - Privacy enhanced
certificates mail (PEM)
-Wildcard - Personal
-Subject information
alternative exchange (PFX)
name - .cer
-Code signing - P12
-Self-signed - P7B
-Machine/co • Concepts
mputer
- Online vs. offline
-Email CA
-User - Stapling
-Root - Pinning
-Domain - Trust model
validation
- Key escrow
-Extended
validation - Certificate
chaining
• Certificate
formats
-Distinguishe
d encoding
rules (DER)
4.0 Operations and Incident Response
4.1
Given a scenario, use the appropriate tool
to assess organizational security.
• Network reconnaissance and -scanless - OpenSSL
discovery
-dnsenum • Packet capture and replay
-tracert/traceroute
-Nessus -Tcpreplay
-nslookup/dig
-Cuckoo -Tcpdump
-ipconfig/ifconfig
• File manipulation -Wireshark
-nmap
-head • Forensics
-ping/pathping
-tail -dd
-hping
-cat -Memdump
-netstat
-grep -WinHex
-netcat
-chmod -FTK imager
-IP scanners
-logger -Autopsy
-arp
• Shell and script environments • Exploitation frameworks
-route
-SSH • Password crackers
-curl
-PowerShell • Data sanitization
-theHarvester
-Python
-sn1per
4.2
Summarize the importance of policies, processes,
and procedures for incident response.
• Incident response plans • Exercises • Stakeholder management
• Incident response process - Tabletop • Communication plan
-Preparation - Walkthroughs • Disaster recovery plan
-Identification - Simulations • Business continuity plan
-Containment • Attack frameworks • Continuity of operations planning (COOP)
-Eradication - MITRE ATT&CK • Incident response team
-Recovery -The Diamond Model • Retention policies
-Lessons learned of Intrusion Analysis
- Cyber Kill Chain
4.0 Operations and Incident Response
4.3
Given an incident, utilize appropriate
data sources to support an investigation.
• Vulnerability scan output
- Security • Metadata
• SIEM dashboards
- Web - Email
-Sensor
- DNS - Mobile
-Sensitivity
- Authentication - Web
-Trends
- Dump files - File
-Alerts
- VoIP and call managers • Netflow/sFlow
-Correlation
- Session Initiation Protocol (SIP) - Netflow
• Log files
traffic - sFlow
-Network
• syslog/rsyslog/syslog-ng - IPFIX
-System
• journalctl • Protocol analyzer output
-Application
• NXLog
• Bandwidth monitors
4.4
Given an incident, apply mitigation
techniques or controls to secure an
environment.
• Reconfigure endpoint security
solutions • Isolation
-Application approved list • Containment
-Application blocklist/deny list • Segmentation
-Quarantine • SOAR
• Configuration changes - Runbooks
-Firewall rules - Playbooks
-MDM
-DLP
-Content filter/URL filter
-Update or revoke certificates
4.5
Explain the key aspects of digital forensics.
• Documentation/evidence • Acquisition • On-premises vs. cloud
-Legal hold - Order of volatility - Right-to-audit clauses
-Video - Disk - Regulatory/jurisdiction
-Admissibility - Random-access memory (RAM) - Data breach notification laws
-Chain of custody - Swap/pagefile • Integrity
-Timelines of sequence of - OS - Hashing
events
- Device - Checksums
- Time stamps
- Firmware - Provenance
- Time offset
- Snapshot • Preservation
-Tags
- Cache • E-discovery
-Reports
- Network • Data recovery
-Event logs
- Artifacts • Non-repudiation
-Interviews
• Strategic
intelligence/
counterintelli
gence
5.0 Governance, Risk, and Compliance
5.1
Compare and contrast various types of controls.
• Category • Control type - Deterrent
-Managerial - Preventive - Compensating
-Operational - Detective - Physical
-Technical - Corrective
5.2
Explain the importance of applicable regulations, standards,
or frameworks that impact organizational security posture.
• Regulations, standards, and and Technology (NIST) Risk - Cloud control matrix
legislation
Management Framework (RMF)/ - Reference architecture
-General Data
Cybersecurity Framework • Benchmarks /secure
Protection Regulation
(CSF) configuration guides
(GDPR)
- International -Platform/vendor-specific guides
-National, territory, or state laws
Organization for - Web server
-Payment Card Industry
Standardization (ISO) - OS
Data Security Standard (PCI
27001/27002/27701/31000 - Application server
DSS)
- SSAE SOC 2 Type I/II - Network infrastructure devices
• Key frameworks
- Cloud security alliance
-Center for Internet Security (CIS)
-National Institute of Standards
5.3
Explain the importance of policies to organizational security.
• Personnel - Phishing simulations -Computer-based training (CBT)
-Acceptable use policy -Role-based training
-Job rotation • Diversity of training techniques
-Mandatory vacation • Third-party risk management
-Separation of duties -Vendors
-Least privilege -Supply chain
-Clean desk space -Business partners
-Background checks -Service level agreement (SLA)
-Non-disclosure agreement -Memorandum of
(NDA)
understanding
-Social media analysis
(MOU)
-Onboarding
-Measurement systems analysis
-Offboarding (MSA)
-User training -Business partnership agreement
- Gamification (BPA)
- Capture the flag -End of life (EOL)
- Phishing campaigns -End of service life (EOSL)
- NDA • Data
- Classification
- Governance
- Retention
• Credential policies
- Personnel
- Third-party
- Devices
- Service accounts
- Administrator/root accounts
• Organizational policies
- Change management
- Change control
- Asset management
5.0 Governance, Risk, and Compliance
5.4
Summarize risk management processes and concepts.
• Risk types
- Risk control self-assessment • Disasters
-External
- Risk awareness -Environmental
-Internal
- Inherent risk -Person-made
-Legacy systems
- Residual risk -Internal vs. external
-Multiparty
- Control risk • Business impact analysis
-IP theft
- Risk appetite -Recovery time objective (RTO)
-Software compliance/licensing
- Regulations that affect risk -Recovery point objective (RPO)
• Risk management strategies
posture -Mean time to repair (MTTR)
-Acceptance
- Risk assessment types -Mean time between failures (MTBF)
-Avoidance
- Qualitative -Functional recovery plans
-Transference
- Quantitative -Single point of failure
- Cybersecurity insurance
- Likelihood of occurrence -Disaster recovery plan (DRP)
- Mitigation
- Impact -Mission essential functions
• Risk
- Asset value -Identification of critical systems
analysis
- Single-loss expectancy (SLE) -Site risk assessment
-Risk register
- Annualized loss expectancy (ALE)
-Risk matrix/heat map
- Annualized rate of occurrence
-Risk control assessment
(ARO)
5.5
Explain privacy and sensitive data concepts in relation to security.
•Organizational consequences -Personally identifiable • Information life cycle
of privacy and data breaches information (PII) • Impact assessment
-Reputation damage -Health information • Terms of agreement
-Identity theft -Financial information • Privacy notice
-Fines -Government data
-IP theft -Customer data
• Notifications of breaches • Privacy enhancing technologies
-Escalation -Data minimization
-Public notifications and -Data masking
disclosures -Tokenization
• Data types -Anonymization
- Classifications -Pseudo-anonymization
- Public • Roles and responsibilities
- Private -Data owners
- Sensitive -Data controller
- Confidential -Data processor
- Critical -Data custodian/steward
- Proprietary -Data protection officer
(DPO)
Security+ (SY0-601) Acronym List
The following is a list of acronyms that appear on the CompTIA
Security+ exam. Candidates are encouraged to review the complete
list and attain a working knowledge of all listed acronyms as
part of a comprehensive exam preparation program.
ACRONYM DEFINITION ACRONYM DEFINITION
3DES Triple Data Encryption Standard CAR Corrective Action Report
AAA Authentication, Authorization, and Accounting CASB Cloud Access Security Broker
ABAC Attribute-based Access Control CBC Cipher Block Chaining
ACL Access Control List CBT Computer-based Training
AD Active Directory CCMP Counter-Mode/CBC-MAC Protocol
AES Advanced Encryption Standard CCTV Closed-Circuit Television
AES256 Advanced Encryption Standards 256bit CERT Computer Emergency Response Team
AH Authentication Header CFB Cipher Feedback
AI Artificial Intelligence CHAP Challenge-Handshake Authentication Protocol
AIS Automated Indicator Sharing CIO Chief Information Officer
ALE Annualized Loss Expectancy CIRT Computer Incident Response Team
AP Access Point CIS Center for Internet Security
API Application Programming Interface CMS Content Management System
APT Advanced Persistent Threat CN Common Name
ARO Annualized Rate of Occurrence COOP Continuity of Operations Planning
ARP Address Resolution Protocol COPE Corporate-owned Personally Enabled
ASLR Address Space Layout Randomization CP Contingency Planning
ASP Active Server Pages CRC Cyclic Redundancy Check
ATT&CK Adversarial Tactics, Techniques, CRL Certificate Revocation List
and Common Knowledge CSA Cloud Security Alliance
AUP Acceptable Use Policy CSIRT Computer Security Incident Response Team
AV Antivirus CSO Chief Security Officer
BASH Bourne Again Shell CSP Cloud Service Provider
BCP Business Continuity Planning CSR Certificate Signing Request
BGP Border Gateway Protocol CSRF Cross-Site Request Forgery
BIA Business Impact Analysis CSU Channel Service Unit
BIOS Basic Input/Output System CTM Counter-Mode
BPA Business Partnership Agreement CTO Chief Technology Officer
BPDU Bridge Protocol Data Unit CVE Common Vulnerabilities and Exposures
BSSID Basic Service Set Identifier CVSS Common Vulnerability Scoring System
BYOD Bring Your Own Device CYOD Choose Your Own Device
CA Certificate Authority DAC Discretionary Access Control
CAPTCHA Completely Automated Public Turing DBA Database Administrator
Test to Tell Computers and Humans Apart DDoS Distributed Denial-of-Service
DEP Data Execution Prevention
DER Distinguished Encoding Rules HSM Hardware Security Module
DES Data Encryption Standard HSMaaS Hardware Security Module as a Service
DHCP Dynamic Host Configuration Protocol HTML Hypertext Markup Language
DHE Diffie-Hellman Ephemeral HTTP Hypertext Transfer Protocol
DKIM Domain Keys Identified Mail HTTPS Hypertext Transfer Protocol Secure
DLL Dynamic-link Library HVAC Heating, Ventilation, Air Conditioning
DLP Data Loss Prevention IaaS Infrastructure as a Service
DMARC Domain Message Authentication IAM Identity and Access Management
Reporting and Conformance ICMP Internet Control Message Protocol
DNAT Destination Network Address Transaction ICS Industrial Control Systems
DNS Domain Name System IDEA International Data Encryption Algorithm
DNSSEC Domain Name System Security Extensions IDF Intermediate Distribution Frame
DoS Denial-of-Service IdP Identity Provider
DPO Data Protection Officer IDS Intrusion Detection System
DRP Disaster Recovery Plan IEEE Institute of Electrical and Electronics Engineers
DSA Digital Signature Algorithm IKE Internet Key Exchange
DSL Digital Subscriber Line IM Instant Messaging
EAP Extensible Authentication Protocol IMAP4 Internet Message Access Protocol v4
ECB Electronic Code Book IoC Indicators of Compromise
ECC Elliptic-curve Cryptography IoT Internet of Things
ECDHE Elliptic-curve Diffie-Hellman Ephemeral IP Internet Protocol
ECDSA Elliptic-curve Digital Signature Algorithm IPS Intrusion Prevention System
EDR Endpoint Detection and Response IPSec Internet Protocol Security
EFS Encrypted File System IR Incident Response
EIP Extended Instruction Pointer IRC Internet Relay Chat
EOL End of Life IRP Incident Response Plan
EOS End of Service ISA Interconnection Security Agreement
ERP Enterprise Resource Planning ISFW Internal Segmentation Firewall
ESN Electronic Serial Number ISO International Organization for Standardization
ESP Encapsulating Security Payload ISP Internet Service Provider
ESSID Extended Service Set Identifier ISSO Information Systems Security Officer
FACL File System Access Control List ITCP IT Contingency Plan
FDE Full Disk Encryption IV Initialization Vector
FIM File Integrity Monitoring KDC Key Distribution Center
FPGA Field Programmable Gate Array KEK Key Encryption Key
FRR False Rejection Rate L2TP Layer 2 Tunneling Protocol
FTP File Transfer Protocol LAN Local Area Network
FTPS Secured File Transfer Protocol LDAP Lightweight Directory Access Protocol
GCM Galois/Counter Mode LEAP Lightweight Extensible Authentication Protocol
GDPR General Data Protection Regulation MaaS Monitoring as a Service
GPG GNU Privacy Guard MAC Media Access Control
GPO Group Policy Object MAM Mobile Application Management
GPS Global Positioning System MAN Metropolitan Area Network
GPU Graphics Processing Unit MBR Master Boot Record
GRE Generic Routing Encapsulation MD5 Message Digest 5
HA High Availability MDF Main Distribution Frame
HDD Hard Disk Drive MDM Mobile Device Management
HIDS Host-based Intrusion Detection System MFA Multifactor Authentication
HIPS Host-based Intrusion Prevention System MFD Multifunction Device
HMAC Hash-based Message Authentication Code MFP Multifunction Printer
HOTP HMAC-based One-time Password ML Machine Learning
MMS Multimedia Message Service PCI DSS Payment Card Industry Data Security
Standard
MOA Memorandum of Agreement PDU Power Distribution Unit
MOU Memorandum of Understanding PE Portable Executable
MPLS Multiprotocol Label Switching PEAP Protected Extensible Authentication Protocol
MSA Measurement Systems Analysis PED Portable Electronic Device
MS-CHAP Microsoft Challenge-Handshake PEM Privacy Enhanced Mail
Authentication Protocol PFS Perfect Forward Secrecy
MSP Managed Service Provider PGP Pretty Good Privacy
MSSP Managed Security Service Provider PHI Personal Health Information
MTBF Mean Time Between Failures PII Personally Identifiable Information
MTTF Mean Time to Failure PIN Personal Identification Number
MTTR Mean Time to Repair PIV Personal Identity Verification
MTU Maximum Transmission Unit PKCS Public Key Cryptography Standards
NAC Network Access Control PKI Public Key Infrastructure
NAS Network-attached Storage PoC Proof of Concept
NAT Network Address Translation POP Post Office Protocol
NDA Non-disclosure Agreement POTS Plain Old Telephone Service
NFC Near-field Communication PPP Point-to-Point Protocol
NFV Network Function Virtualization PPTP Point-to-Point Tunneling Protocol
NGFW Next-generation Firewall PSK Preshared Key
NG-SWG Next-generation Secure Web Gateway PTZ Pan-Tilt-Zoom
NIC Network Interface Card PUP Potentially Unwanted Program
NIDS Network-based Intrusion Detection System QA Quality Assurance
NIPS Network-based Intrusion Prevention System QoS Quality of Service
NIST National Institute of Standards & Technology PUP Potentially Unwanted Program
NOC Network Operations Center RA Registration Authority
NTFS New Technology File System RAD Rapid Application Development
NTLM New Technology LAN Manager RADIUS Remote Authentication Dial-in User Service
NTP Network Time Protocol RAID Redundant Array of Inexpensive Disks
OCSP Online Certificate Status Protocol RAM Random Access Memory
OID Object Identifier RAS Remote Access Server
OS Operating System RAT Remote Access Trojan
OSI Open Systems Interconnection RC4 Rivest Cipher version 4
OSINT Open-source Intelligence RCS Rich Communication Services
OSPF Open Shortest Path First RFC Request for Comments
OT Operational Technology RFID Radio Frequency Identification
OTA Over-The-Air RIPEMD RACE Integrity Primitives
OTG On-The-Go Evaluation Message Digest
OVAL Open Vulnerability and Assessment Language ROI Return on Investment
OWASP Open Web Application Security Project RPO Recovery Point Objective
P12 PKCS #12 RSA Rivest, Shamir, & Adleman
P2P Peer-to-Peer RTBH Remotely Triggered Black Hole
PaaS Platform as a Service RTO Recovery Time Objective
PAC Proxy Auto Configuration RTOS Real-time Operating System
PAM Privileged Access Management RTP Real-time Transport Protocol
PAM Pluggable Authentication Modules S/MIME Secure/Multipurpose Internet Mail Extensions
PAP Password Authentication Protocol SaaS Software as a Service
PAT Port Address Translation SAE Simultaneous Authentication of Equals
PBKDF2 Password-based Key Derivation Function 2 SAML Security Assertions Markup Language
PBX Private Branch Exchange SCADA Supervisory Control and Data Acquisition
PCAP Packet Capture SCAP Security Content Automation Protocol
SCEP Simple Certificate Enrollment Protocol UAT User Acceptance Testing
SDK Software Development Kit UDP User Datagram Protocol
SDLC Software Development Life Cycle UEBA User and Entity Behavior Analytics
SDLM Software Development Life-cycle Methodology UEFI Unified Extensible Firmware Interface
SDN Software-defined Networking UEM Unified Endpoint Management
SDP Service Delivery Platform UPS Uninterruptible Power Supply
SDV Software-defined Visibility URI Uniform Resource Identifier
SED Self-Encrypting Drives URL Universal Resource Locator
SEH Structured Exception Handling USB Universal Serial Bus
SFTP SSH File Transfer Protocol USB OTG USB On-The-Go
SHA Secure Hashing Algorithm UTM Unified Threat Management
SIEM Security Information and Event Management UTP Unshielded Twisted Pair
SIM Subscriber Identity Module VBA Visual Basic for Applications
SIP Session Initiation Protocol VDE Virtual Desktop Environment
SLA Service-level Agreement VDI Virtual Desktop Infrastructure
SLE Single Loss Expectancy VLAN Virtual Local Area Network
SMB Server Message Block VLSM Variable-length Subnet Masking
S/MIME Secure/Multipurpose Internet Mail Extensions VM Virtual Machine
SMS Short Message Service VoIP Voice over IP
SMTP Simple Mail Transfer Protocol VPC Virtual Private Cloud
SMTPS Simple Mail Transfer Protocol Secure VPN Virtual Private Network
SNMP Simple Network Management Protocol VTC Video Teleconferencing
SOAP Simple Object Access Protocol WAF Web Application Firewall
SOAR Security Orchestration, Automation, Response WAP Wireless Access Point
SoC System on Chip WEP Wired Equivalent Privacy
SOC Security Operations Center WIDS Wireless Intrusion Detection System
SPF Sender Policy Framework WIPS Wireless Intrusion Prevention System
SPIM Spam over Instant Messaging WORM Write Once Read Many
SQL Structured Query Language WPA WiFi Protected Access
SQLi SQL Injection WPS WiFi Protected Setup
SRTP Secure Real-time Transport Protocol XaaS Anything as a Service
SSD Solid State Drive XML Extensible Markup Language
SSH Secure Shell XOR Exclusive OR
SSID Service Set Identifier XSRF Cross-site Request Forgery
SSL Secure Sockets Layer XSS Cross-site Scripting
SSO Single Sign-on
STIX Structured Threat Information eXpression
STP Shielded Twisted Pair
SWG Secure Web Gateway
TACACS+ Terminal Access Controller Access Control System
TAXII Trusted Automated eXchange
of Intelligence Information
TCP/IP Transmission Control Protocol/Internet Protocol
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOTP Time-based One Time Password
TPM Trusted Platform Module
TSIG Transaction Signature
TTP Tactics, Techniques, and Procedures
Security+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the Security+ exam. This list may also be helpful for
training companies that wish to create a lab component for their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.
HARDWARE
SOFTWARE OTHER
• Laptop with Internet
• Virtualization software • Access to a CSP
access
• Penetration testing
• Separate wireless NIC
OS/distributions (e.g., Kali Linux,
• WAP
Parrot OS)
• Firewall
• SIEM
• UTM
• Wireshark
• Mobile device
• Metasploit
• Server/cloud server
• tcpdump
• IoT devices
© 2019 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to
such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and
internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective
owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 007330-Dec2019

CompTIA Security+ SY0-601 Exam Objectives (3.0)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CompTIA Security+ SY0-601 Exam Objectives (3.0)

Uploaded by

Copyright:

Available Formats

CompTIA

CompTIA AUTHORIZED MATERIALS USE POLICY

EXAM OBJECTIVES (DOMAINS)

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Attacks, Threats, and Vulnerabilities 24%

You might also like