Professional Documents
Culture Documents
CompTIA CySA+ Domain 2 Software and Systems Security
CompTIA CySA+ Domain 2 Software and Systems Security
www.infosectrain.com | sales@infosectrain.com
Information Technology (IT) has revolutionized by leaps and bounds
in the last few years. It has opened up new possibilities for
businesses and how we go about our daily lives, and the ability to
organize the massive amount of data at our fingertips. However,
most businesses have well-oiled systems dedicated to developing,
releasing, and maintaining viable software and systems. Nonetheless,
the rising concerns and risks associated with insecure software have
raised awareness of the necessity to incorporate security into the
development process. Businesses and organizations have had to up
their game with the concern of rising system threats.
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com
Software and systems security is an important aspect to keep software
and systems in control and working effectively. The CompTIA CySA+
certification deals with the various aspects related to software and
systems security.
www.infosectrain.com | sales@infosectrain.com
Domains of CySA+
www.infosectrain.com | sales@infosectrain.com
Domain 1: Threat and Vulnerability Management (22%)
www.infosectrain.com | sales@infosectrain.com
CompTIA CySA+ Domain 2: Software and Systems Security
Software and Systems Security is the second domain in the CompTIA CySA+
certification exam. The domain comprises 18% weightage. In the second domain of the
CySA+ certification, you will learn how to assess and integrate security into your
organization’s software and hardware, as well as how to use the Software
Development Life Cycle (SDLC) and its security implications to ensure that the software
your organization uses is well-written and secure throughout its lifespan. It will discuss
how to ensure that any cloud services you might inject into your environment are
secure to support your apps and systems and best practices to develop a secure
environment. Security is vital to provide integrity, authentication, and availability.
Software security is a type of computer security that focuses on the secure design and
implementation of software using the most up-to-date technologies, tools, and
methods. In other words, it focuses on avoiding software flaws, bugs, and
vulnerabilities. Security is essential for a device to function at its best, from
authentication to software updates, anti-virus protection, and customizations. On the
other hand, all aspects of accessing information assets are covered by system security.
www.infosectrain.com | sales@infosectrain.com
The second domain of the CompTIA CySA+ certification exam covers the following
subtopics:
www.infosectrain.com | sales@infosectrain.com
1. Given a scenario, apply security solutions for infrastructure
management: This subsection will discuss the security solutions for
infrastructure management. It covers the critical areas associated with
Identity and Access Management (IAM) to reflect a broader identity in a
world of numerous connected devices, people, and processes. The section
will discuss the two main infrastructure models: cloud vs. on-premises. The
domain will also cover the issues surrounding asset management, including
asset tagging and change management. It will teach you how to describe
physical and virtual segmentation, jump boxes, and system isolation with an
air gap. The section will also cover the physical, software-defined, Virtual
Private Cloud (VPC), Virtual Private Network (VPN), and serverless
architectures.
www.infosectrain.com | sales@infosectrain.com
2. Explain software assurance best practices: Software assurance refers to the
development and execution of methods and processes for verifying that
software performs as intended while limiting the risks of vulnerabilities,
malicious code, or faults that could affect the end-user. This subsection
examines application security, the types of testing to perform, and secure
coding best practices from a number of well-known organizations that issue
security guidelines. It is preferable for software to be secured from the start.
The earlier security is incorporated in the software development process, the
less it will cost to secure the software.
www.infosectrain.com | sales@infosectrain.com
3. Explain hardware assurance best practices: This subsection covers critical
hardware security subjects such as dedicated hardware, hardware encryption,
secure processing, trusted foundries, and anti-tamper measures. Hardware root of
trust, eFuse, the Unified Extensible Firmware Interface (UEFI), trusted foundry, Self-
Encrypting Drives (SED) will all be covered. You will learn about secure boot
processes and secure processing as well.
CompTIA CySA+ with InfosecTrain
InfosecTrain, a significant provider of Information Technology and cybersecurity
training, offers the CompTIA CySA+ certification training course. We assist
participants in our training program by teaching system security principles, with a
focus on the security aspects and implications of software and information
technologies. Every step of the journey, our trainers will be there for you! So get
started with InfosecTrain today to prepare for the CompTIA Cybersecurity Analyst
(CySA+) certification exam. We are also CompTIA’s authorized training partner.
www.infosectrain.com | sales@infosectrain.com
About InfosecTrain
• Established in 2016, we are one of the finest Security
and Technology Training and Consulting company
www.infosectrain.com | sales@infosectrain.com
Our Endorsements
www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners
www.infosectrain.com | sales@infosectrain.com
Our Trusted Clients
www.infosectrain.com | sales@infosectrain.com
Contact us
Get your workforce reskilled by
our certified and experienced
instructors!
sales@infosectrain.com
www.infosectrain.com