CompTIA CySA+ Domain 2: Software

and Systems Security

www.infosectrain.com | sales@infosectrain.com
 Information Technology (IT) has revolutionized by leaps and bounds
in the last few years. It has opened up new possibilities for
businesses and how we go about our daily lives, and the ability to
organize the massive amount of data at our fingertips. However,
most businesses have well-oiled systems dedicated to developing,
releasing, and maintaining viable software and systems. Nonetheless,
the rising concerns and risks associated with insecure software have
raised awareness of the necessity to incorporate security into the
development process. Businesses and organizations have had to up
their game with the concern of rising system threats.

www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com
 Software and systems security is an important aspect to keep software
and systems in control and working effectively. The CompTIA CySA+
certification deals with the various aspects related to software and
systems security.

The CompTIA Cybersecurity Analyst+ certification (also known as

CySA+) is a vendor-neutral certification for cybersecurity, threat, and
vulnerability analysts. It focuses on security analytics and the actual
application of security solutions in real-world situations.

www.infosectrain.com | sales@infosectrain.com
Domains of CySA+

www.infosectrain.com | sales@infosectrain.com
  Domain 1: Threat and Vulnerability Management (22%)

 Domain 2: Software and Systems Security (18%)

 Domain 3: Security Operations and Monitoring (25%)

 Domain 4: Incident Response (22%)

 Domain 5: Compliance and Assessment (13%)

This article provides an overview of the CompTIA CySA+ Domain 2:

Software and Systems Security.

www.infosectrain.com | sales@infosectrain.com
CompTIA CySA+ Domain 2: Software and Systems Security

Software and Systems Security is the second domain in the CompTIA CySA+
certification exam. The domain comprises 18% weightage. In the second domain of the
CySA+ certification, you will learn how to assess and integrate security into your
organization’s software and hardware, as well as how to use the Software
Development Life Cycle (SDLC) and its security implications to ensure that the software
your organization uses is well-written and secure throughout its lifespan. It will discuss
how to ensure that any cloud services you might inject into your environment are
secure to support your apps and systems and best practices to develop a secure
environment. Security is vital to provide integrity, authentication, and availability.

Software security is a type of computer security that focuses on the secure design and
implementation of software using the most up-to-date technologies, tools, and
methods. In other words, it focuses on avoiding software flaws, bugs, and
vulnerabilities. Security is essential for a device to function at its best, from
authentication to software updates, anti-virus protection, and customizations. On the
other hand, all aspects of accessing information assets are covered by system security.

www.infosectrain.com | sales@infosectrain.com
 The second domain of the CompTIA CySA+ certification exam covers the following
subtopics:

 Given a scenario, apply security solutions for infrastructure management

 Explain software assurance best practices
 Explain hardware assurance best practices

www.infosectrain.com | sales@infosectrain.com
 1. Given a scenario, apply security solutions for infrastructure
management: This subsection will discuss the security solutions for
infrastructure management. It covers the critical areas associated with
Identity and Access Management (IAM) to reflect a broader identity in a
world of numerous connected devices, people, and processes. The section
will discuss the two main infrastructure models: cloud vs. on-premises. The
domain will also cover the issues surrounding asset management, including
asset tagging and change management. It will teach you how to describe
physical and virtual segmentation, jump boxes, and system isolation with an
air gap. The section will also cover the physical, software-defined, Virtual
Private Cloud (VPC), Virtual Private Network (VPN), and serverless
architectures.

www.infosectrain.com | sales@infosectrain.com
 2. Explain software assurance best practices: Software assurance refers to the
development and execution of methods and processes for verifying that
software performs as intended while limiting the risks of vulnerabilities,
malicious code, or faults that could affect the end-user. This subsection
examines application security, the types of testing to perform, and secure
coding best practices from a number of well-known organizations that issue
security guidelines. It is preferable for software to be secured from the start.
The earlier security is incorporated in the software development process, the
less it will cost to secure the software.

This section discusses the platforms such as web application, mobile,

client/server, embedded, and System-on-Chip (SoC), Software Development Life
Cycle (SDLC) integration, discusses the DevSecOps framework, various software
assessment methods, best practices for secure coding, static and dynamic
analysis tools, more structured techniques of analysis for verification of critical
software, and service-oriented architecture.

www.infosectrain.com | sales@infosectrain.com
 3. Explain hardware assurance best practices: This subsection covers critical
hardware security subjects such as dedicated hardware, hardware encryption,
secure processing, trusted foundries, and anti-tamper measures. Hardware root of
trust, eFuse, the Unified Extensible Firmware Interface (UEFI), trusted foundry, Self-
Encrypting Drives (SED) will all be covered. You will learn about secure boot
processes and secure processing as well.
CompTIA CySA+ with InfosecTrain
InfosecTrain, a significant provider of Information Technology and cybersecurity
training, offers the CompTIA CySA+ certification training course. We assist
participants in our training program by teaching system security principles, with a
focus on the security aspects and implications of software and information
technologies. Every step of the journey, our trainers will be there for you! So get
started with InfosecTrain today to prepare for the CompTIA Cybersecurity Analyst
(CySA+) certification exam. We are also CompTIA’s authorized training partner.

www.infosectrain.com | sales@infosectrain.com
About InfosecTrain
• Established in 2016, we are one of the finest Security
and Technology Training and Consulting company

• Wide range of professional training programs,

certifications & consulting services in the IT and Cyber
Security domain

• High-quality technical services, certifications or

customized training programs curated with professionals
of over 15 years of combined experience in the domain

www.infosectrain.com | sales@infosectrain.com
 Our Endorsements

www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners

Certified and Experienced Flexible modes of Access to the

Instructors Training recorded sessions

Post training Tailor Made

completion Training

www.infosectrain.com | sales@infosectrain.com
 Our Trusted Clients

www.infosectrain.com | sales@infosectrain.com
Contact us
Get your workforce reskilled by
our certified and experienced
instructors!

IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK :

+44 7451 208413

sales@infosectrain.com

www.infosectrain.com