Uploaded by Minh Hiền Lê

Ben’s Security+ 701 Notes

advertisement
📚
Ben’s Security+ 701 Notes
READ ME:
Thanks for supporting my channel! These are my notes that I used to pass the
Sec+ Exam on my first try! This also includes new terms that are found in the
Security+ 701 version.
I strive to keep my notes free and accessible to all. If you've found my notes
valuable, tips are always greatly appreciated. Your support enables me to create
more study materials and sustain my channel. Thank you!
🙂
Tip Jar:
Buy Me a Coffee
Gumroad
👉 https://buymeacoffee.com/benhtruongq
👉 https://bentruong.gumroad.com/l/701?
Study Prompt (ChatGPT):
I am currently studying to get my CompTIA Security+. I want you to act as if you
are my
tutor preparing me for the test. I am going to ask you about a bunch of different
concepts, I want your answers to include a few things.
1. General overview of the concept
2. What I might need to know about it for the Security+ exam
Answer all of my question in this format, until I say otherwise. Can you do that for
me?
Ben’s Security+ 701 Notes
1
1.0 General Security Concepts
1.1 Compare and contrast various types of security controls.
Categories:
1. Technical Controls: Implemented through technology, focusing on securing
systems, networks, and data.
Examples: firewalls, encryption, access controls
2. Managerial Controls: Policies, procedures, and guidelines to manage security
efforts.
Examples: security policies, risk management frameworks
3. Operational Controls: Day-to-day operational activities ensuring security
measures are properly implemented.
Examples: security audits, system monitoring
4. Physical Controls: Measures to protect physical assets and facilities.
Examples: locks, biometric access controls, surveillance cameras
Control Types:
1. Preventive Controls: Stop security incidents by preventing unauthorized
access or activities.
Examples: firewalls, encryption, authentication
2. Deterrent Controls: Discourage attackers by increasing perceived risk or
difficulty.
Examples: warning signs, security cameras
3. Detective Controls: Identify security incidents after they occur.
Examples: intrusion detection systems, security audits
Ben’s Security+ 701 Notes
2
4. Corrective Controls: Mitigate impact of security incidents and restore affected
systems.
Examples: incident response plans, data backups
5. Compensating Controls: Address security requirements when primary
controls are ineffective.
Examples: risk acceptance, business continuity planning
6. Directive Controls: Provide guidance on compliance with security policies and
standards.
Examples: security policies, training
1.2 Summarize fundamental security concepts.
Confidentiality, Integrity, and Availability (CIA): Fundamental principles of
information security ensuring data is kept confidential, accurate, and available
when needed.
Non-repudiation: Assurance that a sender cannot deny the authenticity or
integrity of a message or transaction.
Authentication, Authorization, and Accounting (AAA):
Authenticating people: Verifying the identity of users.
Authenticating systems: Confirming the identity of devices or systems.
Authorization models: Determining what resources users or systems can
access.
Gap analysis: Assessment of the differences between current security
measures and desired security objectives.
Zero Trust:
Control Plane:
Adaptive identity: Dynamic authentication based on context.
Ben’s Security+ 701 Notes
3
Threat scope reduction: Limiting the potential impact of security
breaches.
Policy-driven access control: Access decisions based on defined
policies.
Policy Administrator: Management of access control policies.
Policy Engine: Enforcement of access control policies.
Data Plane:
Implicit trust zones: Segmentation of network based on trust levels.
Subject/System: Entity accessing or being accessed.
Policy Enforcement Point: Mechanism enforcing access control
policies.
Physical Security:
Bollards: Posts used to block vehicular access.
Access control vestibule: Enclosed area controlling entry into a secure
facility.
Fencing: Barrier to prevent unauthorized access.
Video surveillance: Monitoring system using cameras.
Security guard: Personnel providing physical security.
Access badge: Credential granting entry to a secured area.
Lighting: Illumination to enhance visibility and deter intruders.
Sensors:
Infrared: Detects heat signatures.
Pressure: Detects physical pressure changes.
Microwave: Emits microwaves to detect motion.
Ultrasonic: Uses sound waves to detect motion.
Deception and Disruption Technology:
Honeypot: Decoy system designed to attract attackers and gather information.
Ben’s Security+ 701 Notes
4
Honeynet: Network of honeypots used for monitoring and analysis.
Honeyfile: Fictitious file used to detect unauthorized access.
Honeytoken: Decoy credential or data item used to detect unauthorized
access.
1.3 Explain the importance of change management processes
and the impact to security.
Business Processes Impacting Security Operations:
Approval Process: Procedure for obtaining authorization for security-related
actions or changes.
Ownership: Assignment of responsibility for security tasks or assets to
specific individuals or teams.
Stakeholders: Individuals or groups with an interest or involvement in
security-related decisions or activities.
Impact Analysis: Assessment of the potential effects of security incidents or
changes on business operations.
Test Results: Findings from security testing activities such as penetration
testing or vulnerability assessments.
Backout Plan: Contingency plan for reversing changes or mitigating risks if
security measures fail or cause issues.
Maintenance Window: Scheduled timeframe during which security updates or
maintenance tasks can be performed without disrupting business operations.
Standard Operating Procedure: Established protocol or guideline for carrying
out security-related tasks or responding to security incidents.
Technical Implications:
Allow Lists/Deny Lists: Lists of permitted or prohibited entities, actions, or
resources within a system or network.
Ben’s Security+ 701 Notes
5
Restricted Activities: Actions or operations that are limited or prohibited due
to security considerations.
Downtime: Period during which a system or service is unavailable due to
maintenance, security updates, or security incidents.
Service Restart: Process of stopping and restarting a service to apply
changes or address security issues.
Application Restart: Reloading or restarting an application to implement
security changes or address issues.
Legacy Applications: Older software or systems with potential security
vulnerabilities or compatibility issues.
Dependencies: Relationships or connections between systems, applications,
or components that may impact security.
Documentation:
Updating Diagrams: Updating visual representations of systems, networks, or
processes to reflect changes or security configurations.
Updating Policies/Procedures: Revising written guidelines or protocols to
align with changes in security practices or requirements.
Version Control: Managing and tracking changes to documents, policies,
procedures, or software to ensure accuracy, accountability, and compliance.
1.4 Explain the importance of using appropriate cryptographic
solutions.
Public Key Infrastructure (PKI):
Public Key: A cryptographic key that is shared openly and used for encryption
or verifying signatures.
Private Key: A secret key that is kept confidential and used for decrypting
data or creating digital signatures.
Ben’s Security+ 701 Notes
6
Key Escrow: A process where cryptographic keys are stored by a trusted third
party for emergency access.
Encryption:
Level: Various levels of encryption applied to different aspects of data storage
and communication.
Full-disk
Partition
File
Volume
Database
Record
Transport/Communication: Securing data during transmission between
devices or networks.
Asymmetric Encryption: Encryption method using pairs of keys: public and
private keys.
Symmetric Encryption: Encryption method using a single key for both
encryption and decryption.
Key Exchange: Process of securely sharing cryptographic keys between
parties.
Algorithms: Mathematical formulas used for encryption and decryption.
Key Length: The size of the cryptographic key, influencing the strength of
encryption.
Tools:
Trusted Platform Module (TPM): Hardware component for securely storing
cryptographic keys and performing cryptographic operations.
Hardware Security Module (HSM): Dedicated hardware device for managing,
storing, and processing cryptographic keys securely.
Ben’s Security+ 701 Notes
7
Key Management System: Software or hardware solution for generating,
storing, and distributing cryptographic keys.
Secure Enclave: Isolated hardware or software environment for secure
processing of sensitive data.
Obfuscation:
Steganography: Concealing data within other data to hide its existence.
Tokenization: Substituting sensitive data with non-sensitive placeholders.
Data Masking: Concealing or anonymizing specific data elements within a
dataset.
Hashing:
Generating a fixed-size, unique hash value from input data using
cryptographic algorithms.
Salting:
Adding random data to input before hashing to prevent identical inputs from
producing the same hash.
Digital Signatures:
Cryptographic signatures that verify the authenticity and integrity of digital
messages or documents.
Key Stretching:
Technique to increase the computational effort required to derive keys from
passwords.
Blockchain:
Distributed, decentralized ledger technology used for secure and transparent
record-keeping.
Open Public Ledger:
Transparent and publicly accessible record of transactions or data entries.
Certificates:
Ben’s Security+ 701 Notes
8
Digital documents used to authenticate the identity of users, devices, or
organizations.
Certificate Authorities: Entities that issue and manage digital certificates.
Certificate Revocation Lists (CRLs): Lists of revoked or compromised
digital certificates.
Online Certificate Status Protocol (OCSP): Protocol for checking the
revocation status of digital certificates in real-time.
Self-signed: Digital certificates signed by their own issuer.
Third-party: Digital certificates issued by a trusted third-party CA.
Root of Trust: A trusted entity or component from which cryptographic
operations and trust relationships originate.
Certificate Signing Request (CSR) Generation: Process of requesting a
digital certificate from a CA.
Wildcard: A digital certificate that can secure multiple subdomains of a
domain.
2.0 Threats, Vulnerabilities, and Mitigations
2.1 Compare and contrast common threat actors and
motivations.
Threat Actors:
Nation-state: Government-sponsored entities targeting other nations for
political, economic, or military purposes.
Unskilled Attacker: Individuals with limited technical expertise or
resources attempting to exploit vulnerabilities.
Hacktivist: Individuals or groups motivated by political or social causes,
engaging in cyber attacks to promote their agenda.
Ben’s Security+ 701 Notes
9
Insider Threat: Current or former employees, contractors, or partners with
insider access to systems and data, posing a risk to security.
Organized Crime: Groups engaged in illegal activities, including
cybercrime, for financial gain.
Shadow IT: Unauthorized IT systems or services implemented within an
organization without official approval or oversight.
Attributes of Actors:
Internal/External: Whether the threat actor operates from within the target
organization or externally.
Resources/Funding: The level of financial and technological resources
available to the threat actor.
Level of Sophistication/Capability: The technical expertise and
sophistication of the threat actor's tactics, techniques, and procedures
(TTPs).
Motivations:
Data Exfiltration: Stealing sensitive data for espionage, financial gain, or
sabotage.
Espionage: Gathering intelligence or intellectual property for political,
economic, or military advantage.
Service Disruption: Interrupting or disabling critical services to cause
operational disruptions.
Blackmail: Coercing victims by threatening to expose sensitive information
or disrupt operations.
Financial Gain: Monetizing stolen data, conducting ransomware attacks,
or engaging in cybercrime for profit.
Philosophical/Political Beliefs: Acting in alignment with ideological or
political agendas.
Ethical: Conducting security research or penetration testing with
permission to identify vulnerabilities and improve defenses.
Ben’s Security+ 701 Notes
10
Revenge: Retaliating against individuals, organizations, or entities
perceived as adversaries.
Disruption/Chaos: Creating chaos or confusion for strategic or ideological
reasons.
War: Engaging in cyber warfare to achieve political, economic, or military
objectives.
2.2 Explain common threat vectors and attack surfaces.
Attack Vectors:
Message-based:
Email: Using email communication to deliver malicious content or phishing
attempts.
Short Message Service (SMS): Sending malicious messages via text
messaging.
Instant Messaging (IM): Exploiting vulnerabilities in instant messaging
platforms to deliver malware or scams.
Image-based: Leveraging image files containing hidden malware or exploiting
vulnerabilities in image processing software.
File-based: Delivering malicious payloads through file attachments, such as
infected documents or executables.
Voice Call: Exploiting vulnerabilities in voice communication systems to deliver
scams or phishing attempts.
Removable Device: Infecting systems through the use of infected USB drives
or external storage devices.
Vulnerable Software:
Client-based vs. Agentless: Exploiting vulnerabilities in client software or
agentless systems to gain unauthorized access or deliver malware.
Ben’s Security+ 701 Notes
11
Unsupported Systems and Applications: Targeting systems or applications
that no longer receive security updates or patches.
Unsecure Networks:
Wireless: Exploiting vulnerabilities in wireless network protocols to
intercept communications or gain unauthorized access.
Wired: Eavesdropping or conducting man-in-the-middle attacks on wired
network connections.
Bluetooth: Exploiting vulnerabilities in Bluetooth connections to gain
unauthorized access or deliver malware.
Open Service Ports: Targeting open ports on networked devices to exploit
known vulnerabilities or gain unauthorized access.
Default Credentials: Exploiting devices or systems with default login
credentials that have not been changed.
Supply Chain:
Managed Service Providers (MSPs): Exploiting vulnerabilities in services
provided by third-party managed service providers.
Vendors: Targeting vulnerabilities in software or hardware provided by
vendors.
Suppliers: Exploiting vulnerabilities in components or services provided by
suppliers.
Human Vectors/Social Engineering:
Phishing: Sending fraudulent emails or messages to trick individuals into
revealing sensitive information or performing actions.
Vishing: Using voice communication to deceive individuals into divulging
sensitive information.
Smishing: Sending deceptive text messages to trick individuals into
revealing information or downloading malware.
Misinformation/Disinformation: Spreading false or misleading information
to manipulate individuals or organizations.
Ben’s Security+ 701 Notes
12
Impersonation: Pretending to be someone else to deceive individuals or
gain unauthorized access.
Business Email Compromise: Targeting employees with fraudulent emails
to trick them into transferring funds or sensitive information.
Pretexting: Creating a false pretext or scenario to manipulate individuals
into revealing information or performing actions.
Watering Hole: Compromising websites frequented by target individuals or
organizations to deliver malware or conduct attacks.
Brand Impersonation: Impersonating reputable brands or organizations to
deceive individuals into taking actions.
Typosquatting: Registering domain names similar to legitimate ones to
deceive users into visiting malicious websites.
2.3 Explain various types of vulnerabilities.
Application:
Memory Injection: Exploiting vulnerabilities to inject malicious code into a
running process's memory space.
Buffer Overflow: Overwriting adjacent memory locations to execute
malicious code or crash the application.
Race Conditions:
Time-of-Check (TOC): Exploiting the time gap between checking a
condition and acting on it.
Time-of-Use (TOU): Exploiting changes in system state between the
time of validation and the time of use.
Malicious Update: Distributing updates or patches that contain malicious
code or backdoors.
Operating System (OS)-Based:
Ben’s Security+ 701 Notes
13
Exploiting vulnerabilities in the operating system to gain unauthorized
access or disrupt operations.
Web-Based:
Structured Query Language Injection (SQLi): Exploiting vulnerabilities in
web applications to execute malicious SQL queries.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages
viewed by other users.
Hardware:
Firmware: Exploiting vulnerabilities in device firmware to gain
unauthorized access or control.
End-of-Life: Exploiting vulnerabilities in devices or systems that are no
longer supported by the manufacturer.
Legacy: Exploiting vulnerabilities in older hardware or software that is still
in use.
Virtualization:
Virtual Machine (VM) Escape: Exploiting vulnerabilities in virtualization
software to break out of a virtual machine and access the host system.
Resource Reuse: Exploiting shared resources in virtualized environments
to gain unauthorized access or disrupt operations.
Cloud-Specific:
Exploiting vulnerabilities in cloud services or infrastructure to gain
unauthorized access or disrupt operations.
Supply Chain:
Service Provider: Exploiting vulnerabilities in services provided by thirdparty vendors or service providers.
Hardware Provider: Exploiting vulnerabilities in hardware components
provided by suppliers.
Software Provider: Exploiting vulnerabilities in software provided by thirdparty vendors or service providers.
Ben’s Security+ 701 Notes
14
Cryptographic:
Exploiting weaknesses or vulnerabilities in cryptographic protocols or
implementations.
Misconfiguration:
Exploiting misconfigured settings or permissions to gain unauthorized
access or disrupt operations.
Mobile Device:
Side Loading: Installing applications from unofficial or untrusted sources,
which may contain malware.
Jailbreaking: Removing software restrictions imposed by the
manufacturer to gain access to unauthorized features or apps.
Zero-Day: Exploiting vulnerabilities that are unknown to the software vendor
or have not yet been patched.
2.4 Given a scenario, analyze indicators of malicious activity.
Malware Attacks:
Ransomware: Malicious software that encrypts files or systems and
demands payment for decryption.
Trojan: Malware disguised as legitimate software, which performs
unauthorized actions when executed.
Worm: Self-replicating malware that spreads across networks and devices
without user intervention.
Spyware: Software designed to secretly gather user information or
monitor activities without consent.
Bloatware: Unwanted software that consumes system resources and may
display intrusive advertisements.
Ben’s Security+ 701 Notes
15
Virus: Malicious code that attaches itself to legitimate programs and
spreads when those programs are executed.
Keylogger: Software or hardware that records keystrokes, often used to
capture sensitive information like passwords.
Logic Bomb: Malicious code that executes a harmful action when specific
conditions are met.
Rootkit: Malware that grants unauthorized access to a computer system
and conceals its presence from users and security software.
Physical Attacks:
Brute Force: Attempting to gain access to a system or account by
systematically trying all possible passwords or encryption keys.
Radio Frequency Identification (RFID) Cloning: Copying RFID tags to gain
unauthorized access to secure areas or systems.
Environmental: Physical damage or disruption caused by factors such as
fire, water, or extreme temperatures.
Network Attacks:
Distributed Denial-of-Service (DDoS):
Amplified: Exploiting vulnerabilities to amplify the volume of traffic
used in a DDoS attack.
Reflected: Spoofing the source IP address to redirect and amplify
traffic towards a target.
Domain Name System (DNS) Attacks: Disrupting or manipulating DNS
services to redirect traffic or disrupt network operations.
Wireless: Exploiting vulnerabilities in wireless networks or devices to gain
unauthorized access or disrupt operations.
On-Path: Intercepting and modifying network traffic between two parties
to eavesdrop or manipulate data.
Credential Replay: Capturing and reusing authentication credentials to
gain unauthorized access to systems or services.
Ben’s Security+ 701 Notes
16
Malicious Code: Executing unauthorized commands or actions on a target
system.
Application Attacks:
Injection: Inserting malicious code or commands into an application to
exploit vulnerabilities.
Buffer Overflow: Writing data beyond the allocated memory buffer,
potentially allowing attackers to execute arbitrary code.
Replay: Capturing and replaying valid data packets to gain unauthorized
access or perform malicious actions.
Privilege Escalation: Exploiting vulnerabilities to gain elevated privileges
and access restricted resources.
Forgery: Creating and using falsified data or credentials to impersonate a
legitimate user or system.
Directory Traversal: Exploiting insufficient input validation to access files
and directories outside of the intended directory structure.
Cryptographic Attacks:
Downgrade: Forcing a system to use weaker cryptographic protocols or
algorithms to exploit vulnerabilities.
Collision: Finding two different inputs that produce the same hash value,
potentially leading to unauthorized actions.
Birthday: Exploiting the mathematical probability of two different inputs
producing the same hash value.
Password Attacks:
Spraying: Attempting to gain unauthorized access by using a small
number of commonly used passwords against multiple accounts.
Brute Force: Attempting to guess passwords by systematically trying all
possible combinations until the correct one is found.
Indicators:
Ben’s Security+ 701 Notes
17
Indications or signs of potential security incidents, breaches, or abnormal
activities within a system or network.
Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Resource inaccessibility
Out-of-cycle logging
Published/documented
Missing logs
2.5 Explain the purpose of mitigation techniques used to secure
the
enterprise.
Segmentation:
involves dividing a network or system into smaller, isolated segments to
enhance security by controlling access and limiting the impact of security
incidents.
Access Control:
Access Control List (ACL): List of permissions attached to an object that
specifies which users or system processes are granted access to it and
what operations they are allowed to perform.
Permissions: Rights granted to users, groups, or processes that define their
access levels to system resources.
Application Allow List: A list of approved applications that are allowed to
execute within an environment, reducing the risk of unauthorized or
malicious software.
Ben’s Security+ 701 Notes
18
Isolation: Separating critical systems or sensitive data from other parts of
the network or environment to contain potential threats and limit their
impact.
Patching: Regularly applying software updates, patches, or fixes to
address known vulnerabilities and improve system security.
Encryption: Converting data into a secure form to prevent unauthorized
access, especially during transmission or while stored on a device or
server.
Monitoring: Continuous surveillance of systems, networks, or applications
to detect and respond to security threats or suspicious activities.
Least Privilege: Principle of restricting access rights for users, accounts,
or processes to only those necessary to perform their job functions.
Configuration Enforcement: Ensuring that system configurations comply
with security policies, standards, or best practices to minimize
vulnerabilities.
Decommissioning: Process of securely removing or shutting down
systems, applications, or services that are no longer needed to prevent
them from being exploited.
Hardening Techniques: Methods to enhance the security of systems or
networks by reducing their attack surface and minimizing potential
vulnerabilities.
Encryption: Protecting data by encoding it in a secure format.
Installation of Endpoint Protection: Deploying security software on
endpoints to detect and prevent malware infections.
Host-based Firewall: Software-based firewall installed on individual
hosts to control incoming and outgoing network traffic.
Host-based Intrusion Prevention System (HIPS): Security software that
monitors and analyzes host system activities to detect and prevent
intrusions.
Disabling Ports/Protocols: Closing unused network ports or disabling
unnecessary network protocols to reduce potential entry points for
Ben’s Security+ 701 Notes
19
attackers.
Default Password Changes: Replacing default passwords with strong,
unique passwords to prevent unauthorized access.
Removal of Unnecessary Software: Removing or disabling unnecessary
software or services to minimize the attack surface and reduce
potential vulnerabilities.
3.0 Security Architecture
3.1 Compare and contrast security implications of different
architecture models.
Architecture and Infrastructure Concepts:
Cloud:
Responsibility Matrix: Defines the division of responsibilities
between the cloud service provider and the customer regarding
security, compliance, and management of resources.
Hybrid Considerations: Strategies and challenges involved in
integrating on-premises infrastructure with cloud services.
Third-party Vendors: Incorporating services and solutions from
external providers into cloud architectures.
Infrastructure as Code (IaC): Automating the provisioning and
management of infrastructure using code and configuration files.
Serverless: Architectural approach where cloud providers manage the
infrastructure, allowing developers to focus solely on writing and
deploying code.
Microservices: Architectural style where applications are composed of
small, independently deployable services, promoting modularity and
scalability.
Ben’s Security+ 701 Notes
20
Network Infrastructure:
Physical Isolation: Creating network segments physically
separated from other parts, often for security or regulatory
compliance reasons (e.g., air-gapped networks).
Logical Segmentation: Dividing networks into logical segments
using techniques such as VLANs or software-defined networking
(SDN).
Software-defined Networking (SDN): Managing network
infrastructure programmatically through software, abstracting the
underlying hardware.
On-premises: Infrastructure and services hosted within an
organization's physical facilities rather than in the cloud.
Centralized vs. Decentralized: Contrasting approaches to organizing
infrastructure management and decision-making authority.
Containerization: Encapsulating applications and their dependencies
into lightweight, portable containers for deployment across different
environments.
Virtualization: Creating virtual instances of servers, operating systems,
storage, or networks to maximize resource utilization and flexibility.
IoT (Internet of Things): Network of interconnected devices that
communicate and exchange data, often involving sensors, actuators,
and embedded systems.
Industrial Control Systems (ICS) / Supervisory Control and Data
Acquisition (SCADA): Systems used to monitor and control industrial
processes and critical infrastructure.
Real-time Operating System (RTOS): Operating system optimized for
handling real-time processing requirements, often used in embedded
systems and IoT devices.
Embedded Systems: Computing devices with specialized functions
and limited resources, embedded within larger systems or products.
Ben’s Security+ 701 Notes
21
High Availability: Design principle aiming to minimize downtime and
ensure continuous operation of critical systems and services.
Considerations:
Availability: Ensuring systems and services are accessible and
operational when needed.
Resilience: Ability to withstand and recover from disruptions, failures,
or attacks.
Cost: Balancing infrastructure expenses with budgetary constraints
and business needs.
Responsiveness: Ability to quickly adapt and scale infrastructure to
meet changing demands.
Scalability: Capacity to expand or shrink resources in response to
workload changes.
Ease of Deployment: Simplifying the process of deploying and
configuring infrastructure components.
Risk Transference: Shifting security and operational risks to third-party
service providers or insurance mechanisms.
Ease of Recovery: Simplifying and accelerating the restoration of
services after disruptions or failures.
Patch Availability: Timely availability of software patches and updates
to address vulnerabilities and improve security.
Inability to Patch: Addressing challenges associated with patching
legacy or embedded systems that cannot be easily updated.
Power: Ensuring sufficient and reliable power supply to support
infrastructure operations.
Compute: Managing computational resources to meet performance
requirements and optimize resource utilization
Ben’s Security+ 701 Notes
22
3.2 Given a scenario, apply security principles to secure
enterprise
infrastructure.
Infrastructure Considerations:
Device Placement: Strategic positioning of network devices and assets to
optimize performance, security, and accessibility.
Security Zones: Segregation of network resources into distinct zones based
on security requirements and trust levels.
Attack Surface: Total sum of vulnerabilities and entry points that attackers can
exploit to compromise a system or network.
Connectivity: Establishing reliable connections between network components
while considering bandwidth, latency, and reliability.
Failure Modes:
Fail-Open: Devices or systems that default to an open state when they
encounter a failure, potentially exposing the network to risks.
Fail-Closed: Devices or systems that default to a closed or secure state
when they encounter a failure, preventing unauthorized access.
Device Attribute:
Active vs. Passive: Active devices perform actions on data packets (e.g.,
firewalls), while passive devices observe and analyze network traffic (e.g.,
network monitoring tools).
Inline vs. Tap/Monitor: Inline devices sit directly in the data path and can
actively intercept or modify traffic, whereas tap/monitor devices passively
monitor traffic without interrupting the flow.
Network Appliances:
Jump Server: Intermediate server used to access and manage devices in
a separate, more secure network segment.
Proxy Server: Intermediary server that acts as an intermediary between
clients and other servers, providing various functionalities such as
Ben’s Security+ 701 Notes
23
caching, filtering, and anonymization.
Intrusion Prevention System (IPS) / Intrusion Detection System (IDS):
Security appliances designed to monitor network traffic for suspicious
activity and take action to prevent or mitigate attacks.
Load Balancer: Device that distributes incoming network traffic across
multiple servers to optimize resource utilization, improve scalability, and
enhance reliability.
Sensors: Devices that collect data from the environment or network for
monitoring and analysis, often used for security monitoring and threat
detection.
Port Security:
802.1X: IEEE standard for port-based network access control, allowing
authentication and authorization of devices before granting access to the
network.
Extensible Authentication Protocol (EAP): Framework for network
authentication methods used in 802.1X and other authentication protocols.
Firewall Types:
Web Application Firewall (WAF): Firewall specifically designed to protect
web applications from common web-based attacks.
Unified Threat Management (UTM): Comprehensive security appliance
that combines multiple security features such as firewall, antivirus,
intrusion detection, and content filtering into a single platform.
Next-Generation Firewall (NGFW): Firewall appliance that integrates
traditional firewall capabilities with advanced security features like
application awareness, intrusion prevention, and deep packet inspection.
Layer 4/Layer 7: Classifies firewalls based on the layers of the OSI model
they operate at, with Layer 4 firewalls filtering traffic based on IP
addresses and port numbers, while Layer 7 firewalls can inspect and filter
traffic based on application-layer data.
Secure Communication/Access:
Ben’s Security+ 701 Notes
24
Virtual Private Network (VPN): Secure encrypted tunnel that allows remote
users to securely access the organization's network resources over the
internet.
Remote Access: Provision of secure access to network resources for users
located outside the organization's premises.
Tunneling:
Transport Layer Security (TLS): Protocol that provides secure
communication over a computer network, commonly used for securing
web traffic.
Internet Protocol Security (IPSec): Suite of protocols for securing IP
communications by authenticating and encrypting each IP packet of a data
stream.
Software-Defined Wide Area Network (SD-WAN): Approach to network
connectivity that uses software-defined networking (SDN) to intelligently route
traffic across the WAN, optimizing performance and reducing costs.
Secure Access Service Edge (SASE): Converged networking and security
architecture that combines WAN capabilities with cloud-native security
functions to support secure remote access and direct-to-cloud connectivity.
Selection of Effective Controls:
Choosing and implementing security controls based on risk assessments,
compliance requirements, organizational needs, and industry best practices to
mitigate threats and vulnerabilities effectively.
3.3 Compare and contrast concepts and strategies to protect
data.
Data Types:
Regulated: Data subject to specific laws and regulations governing its
collection, storage, processing, and sharing, such as personal health
information (PHI) under HIPAA or financial data under PCI DSS.
Ben’s Security+ 701 Notes
25
Trade Secret: Proprietary information that provides a competitive advantage
to a business and is protected by intellectual property laws.
Intellectual Property: Creations of the mind, such as inventions, literary and
artistic works, designs, symbols, and trade secrets, protected by copyright,
patents, and trademarks.
Legal Information: Data related to legal matters, including contracts, litigation
documents, and attorney-client privileged communications.
Financial Information: Data concerning financial transactions, accounts,
investments, and assets, which may include personally identifiable information
(PII) and payment card data.
Human- and Non-Human-Readable: Data formats that can be understood by
humans (e.g., text, images) and those intended for machine processing (e.g.,
binary, encrypted data).
Data Classifications:
Sensitive: Data that requires protection due to its sensitivity and potential
impact on individuals, organizations, or society if compromised.
Confidential: Data that should be kept private and disclosed only to
authorized individuals or entities, often subject to confidentiality agreements
or laws.
Public: Data intended for unrestricted access and sharing, typically nonsensitive information that can be freely distributed.
Restricted: Data with limited access based on specific criteria or authorization
requirements, often containing sensitive or confidential information.
Private: Data designated for internal use within an organization and not
intended for public disclosure.
Critical: Data essential to the operation or mission of an organization, the loss
or compromise of which could have severe consequences.
General Data Considerations:
Data States:
Data at Rest: Data stored in databases, files, or other storage systems.
Ben’s Security+ 701 Notes
26
Data in Transit: Data being transmitted over a network or communication
channel.
Data in Use: Data actively being processed or accessed by applications or
users.
Data Sovereignty: Legal concept specifying the jurisdiction under which data
is subject to the laws and regulations of a particular country or region.
Geolocation: Identification of the physical location or origin of data, which
may have implications for data privacy, security, and compliance.
Methods to Secure Data:
Geographic Restrictions: Limiting access to data based on the geographic
location of users or devices.
Encryption: Converting data into a ciphertext format using cryptographic
algorithms to prevent unauthorized access.
Hashing: Generating a unique fixed-size string (hash value) from data input,
commonly used for data integrity verification.
Masking: Concealing specific portions of data to prevent unauthorized
disclosure while maintaining usability for authorized purposes.
Tokenization: Substituting sensitive data with a non-sensitive equivalent
(token) that retains the format and length of the original data but has no
exploitable value.
Obfuscation: Intentionally obscuring or hiding data to make it unintelligible or
harder to interpret for unauthorized parties.
Segmentation: Dividing networks or systems into isolated segments to
contain the spread of threats and limit unauthorized access.
Permission Restrictions: Applying access controls and permissions to data
based on user roles, privileges, or other criteria to enforce the principle of
least privilege.
Ben’s Security+ 701 Notes
27
3.4 Explain the importance of resilience and recovery in security
architecture.
High Availability:
Load Balancing vs. Clustering:
Load Balancing: Distributing incoming network traffic across multiple
servers to optimize resource utilization, maximize throughput, and ensure
high availability.
Clustering: Connecting multiple independent servers or nodes to work
together as a single system, providing redundancy and fault tolerance.
Site Considerations:
Hot Site: Fully equipped facility with infrastructure and systems ready to be
operational within a short time frame after a disaster.
Cold Site: Facility lacking pre-installed infrastructure and systems, requiring
setup and configuration before becoming operational after a disaster.
Warm Site: Partially equipped facility with some infrastructure and systems in
place, reducing the time required for setup compared to a cold site.
Geographic Dispersion: Spreading critical infrastructure and resources across
multiple locations to minimize the impact of regional disasters or disruptions.
Platform Diversity:
Utilizing a variety of hardware, software, and cloud platforms to mitigate the risk
of single points of failure and enhance overall system resilience.
Multi-cloud Systems:
Deploying applications and services across multiple cloud providers to increase
redundancy, avoid vendor lock-in, and enhance flexibility and resilience.
Continuity of Operations:
Ensuring the uninterrupted availability of critical business functions and processes
during and after disruptive events or disasters.
Capacity Planning:
Ben’s Security+ 701 Notes
28
People: Ensuring the availability of skilled personnel to manage and support IT
systems during normal operations and emergencies.
Technology: Assessing and allocating resources to meet current and future
demands, including hardware, software, and network infrastructure.
Infrastructure: Scaling and optimizing IT infrastructure to accommodate
changes in workload, user demand, and business requirements.
Testing:
Tabletop Exercises: Simulated discussions and walkthroughs of disaster
scenarios to evaluate preparedness, identify gaps, and refine response plans.
Failover: Testing the automatic or manual transfer of operations from a
primary to a secondary system or site to ensure continuity.
Simulation: Emulating real-world scenarios to assess the effectiveness of
disaster recovery and business continuity plans.
Parallel Processing: Executing tasks simultaneously across multiple systems
or nodes to improve performance and resilience.
Backups:
Onsite/Offsite: Storing backup copies of data and systems either onsite
(within the same physical location) or offsite (at a separate location).
Frequency: Establishing regular backup schedules based on the criticality of
data and business requirements.
Encryption: Protecting backup data with encryption to safeguard
confidentiality and prevent unauthorized access.
Snapshots: Capturing point-in-time copies of data for quick recovery and
data consistency purposes.
Recovery: Implementing procedures and tools to restore data and systems to
a functional state after a disruption or failure.
Replication: Creating duplicate copies of data or systems in real-time or nearreal-time to maintain redundancy and availability.
Journaling: Recording changes made to data or systems over time to facilitate
recovery and rollback procedures.
Ben’s Security+ 701 Notes
29
Power:
Generators: Backup power sources that can provide electricity during outages
or emergencies.
Uninterruptible Power Supply (UPS): Devices that provide short-term power
backup and surge protection to prevent data loss or equipment damage.
4.0 Security Operations
4.1 Given a scenario, apply common security techniques to
computing resources.
Secure Baselines:
Establish: Develop comprehensive security configurations and policies based
on industry best practices and organizational requirements.
Deploy: Implement the established secure baselines across all relevant
systems, devices, and infrastructure components.
Maintain: Regularly update and review secure baselines to address emerging
threats, vulnerabilities, and changes in technology or business needs.
Hardening Targets:
Mobile Devices
Workstations
Switches
Routers
Cloud Infrastructure
Servers
ICS/SCADA
Embedded Systems
Ben’s Security+ 701 Notes
30
RTOS
IoT Devices
Wireless Devices:
Installation Considerations:
Conduct site surveys and use heat maps to optimize wireless coverage
and performance.
Mobile Solutions:
Mobile Device Management (MDM): Implement MDM solutions to centrally
manage and secure mobile devices, applications, and data.
Deployment Models:
Bring Your Own Device (BYOD)
Corporate-Owned, Personally Enabled (COPE)
Choose Your Own Device (CYOD)
Connection Methods:
Cellular
Wi-Fi
Bluetooth
Wireless Security Settings:
Implement robust security measures such as:
Wi-Fi Protected Access 3 (WPA3)
AAA/RADIUS
Cryptographic and authentication protocols
Application Security:
Ensure application security through:
Input validation
Secure cookie handling
Ben’s Security+ 701 Notes
31
Static code analysis
Code signing
Sandboxing:
Isolate applications from the rest of the system to prevent unauthorized
access and mitigate the impact of potential security breaches.
Monitoring:
Continuously monitor systems, networks, and applications for suspicious
activities, anomalies, and security incidents to detect and respond to threats
effectively.
4.2 Explain the security implications of proper hardware,
software,
and data asset management.
Acquisition/Procurement Process:
Assignment/Accounting:
Ownership: Clearly define ownership of acquired assets to establish
accountability and responsibility.
Classification: Classify assets based on their importance, sensitivity, and
criticality to ensure appropriate security measures.
Monitoring/Asset Tracking:
Inventory: Maintain an inventory of all acquired assets, including
hardware, software, and data, to facilitate efficient tracking and
management.
Enumeration: Enumerate assets by assigning unique identifiers to track
their lifecycle, usage, and status accurately.
Disposal/Decommissioning:
Ben’s Security+ 701 Notes
32
Sanitization: Implement proper data sanitization methods to securely
remove sensitive information from decommissioned assets.
Destruction: Physically destroy assets beyond recovery to prevent
unauthorized access to confidential data.
Certification: Obtain certifications or compliance documentation to
validate the proper disposal of assets and adherence to regulatory
requirements.
Data Retention: Establish policies and procedures for data retention to
determine the appropriate duration for storing and disposing of data
securely
4.3 Explain various activities associated with vulnerability
management.
Identification Methods:
Vulnerability Scan: Utilize automated tools to identify weaknesses and
vulnerabilities in systems, networks, and applications.
Application Security:
Static Analysis: Analyze source code or binary files without execution to
identify security vulnerabilities.
Dynamic Analysis: Assess applications during runtime to detect security
flaws and vulnerabilities.
Package Monitoring: Monitor software dependencies for known
vulnerabilities and security issues.
Threat Feed:
Open-Source Intelligence (OSINT): Gather intelligence from publicly
available sources to identify potential threats and vulnerabilities.
Proprietary/Third-Party: Subscribe to threat intelligence services or
utilize proprietary feeds to stay updated on emerging threats.
Ben’s Security+ 701 Notes
33
Information-Sharing Organization: Collaborate with industry peers to
share threat intelligence and enhance collective security.
Dark Web: Monitor underground forums and marketplaces to identify
potential threats and indicators of compromise.
Penetration Testing: Simulate real-world attacks to identify vulnerabilities and
assess the security posture of systems and networks.
Responsible Disclosure Program:
Bug Bounty Program: Incentivize ethical hackers to report security
vulnerabilities by offering rewards for valid submissions.
System/Process Audit: Conduct comprehensive reviews of systems,
processes, and controls to identify security gaps and compliance issues.
Analysis:
Confirmation:
False Positive: Identify instances where a reported vulnerability does not
pose an actual threat.
False Negative: Recognize undetected vulnerabilities that represent
genuine security risks.
Prioritize: Assess and prioritize identified vulnerabilities based on their
severity, impact, and exploitability.
Common Vulnerability Scoring System (CVSS): Utilize a standardized
framework to assess and score the severity of vulnerabilities.
Common Vulnerability Enumeration (CVE): Reference unique identifiers
assigned to vulnerabilities for tracking and management.
Vulnerability Classification: Categorize vulnerabilities based on their nature,
impact, and affected assets.
Exposure Factor: Evaluate the potential impact of a vulnerability based on the
percentage of assets or data exposed.
Environmental Variables: Consider contextual factors such as network
architecture, system configurations, and user behavior.
Ben’s Security+ 701 Notes
34
Industry/Organizational Impact: Assess the potential consequences of a
vulnerability within specific industry sectors or organizational contexts.
Risk Tolerance: Determine the level of risk that an organization is willing to
accept or tolerate.
Vulnerability Response and Remediation:
Patching: Apply security patches and updates to remediate identified
vulnerabilities promptly.
Insurance: Transfer residual risk through insurance coverage against potential
financial losses resulting from security incidents.
Segmentation: Implement network segmentation to isolate vulnerable assets
and contain potential threats.
Compensating Controls: Implement alternative security measures to mitigate
risks in the absence of direct remediation.
Exceptions and Exemptions: Document and manage exceptions or
exemptions to standard security policies or controls.
Validation of Remediation:
Rescanning: Reassess systems and networks after applying remediation
measures to verify effectiveness.
Audit: Conduct audits and reviews to ensure compliance with security
policies, standards, and regulatory requirements.
Verification: Validate that identified vulnerabilities have been adequately
addressed and mitigated.
Reporting: Document and communicate findings, remediation efforts, and risk
status to relevant stakeholders, management, and regulatory authorities.
4.4 Explain security alerting and monitoring concepts and tools.
Monitoring Computing Resources:
Ben’s Security+ 701 Notes
35
Systems: Continuously monitor the health, performance, and security of
servers, endpoints, and devices within the network infrastructure.
Applications: Monitor the availability, functionality, and security of software
applications deployed across the network.
Infrastructure: Monitor the underlying network infrastructure components
such as routers, switches, firewalls, and other network devices to ensure
proper functioning and security.
Activities:
Log Aggregation: Collect and consolidate logs from various sources, including
systems, applications, and network devices, for centralized analysis and
monitoring.
Alerting: Set up alerts and notifications to promptly identify and respond to
security incidents, anomalies, or deviations from established baselines.
Scanning: Conduct regular scans of systems and networks to identify
vulnerabilities, misconfigurations, and security weaknesses.
Reporting: Generate reports and dashboards to provide insights into system
performance, security posture, and compliance status.
Archiving: Archive logs, reports, and other relevant data for historical
analysis, compliance requirements, and forensic investigations.
Alert Response and Remediation/Validation:
Quarantine: Isolate compromised systems or devices to prevent further
spread of malware or unauthorized access.
Alert Tuning: Fine-tune alerting thresholds and criteria to reduce false
positives and focus on actionable alerts.
Tools:
Security Content Automation Protocol (SCAP): Standardized protocol for
automating vulnerability management, security measurement, and policy
compliance evaluation.
Benchmarks: Use security benchmarks and best practices to assess and
measure the security configuration of systems and applications.
Ben’s Security+ 701 Notes
36
Agents/Agentless: Employ monitoring agents or agentless solutions to collect
and transmit data for analysis and reporting.
Security Information and Event Management (SIEM): Centralized platform for
collecting, correlating, and analyzing security event data from various sources
for threat detection and response.
Antivirus: Deploy antivirus software to detect, prevent, and remove malicious
software and threats from systems and networks.
Data Loss Prevention (DLP): Implement DLP solutions to monitor and prevent
unauthorized access, use, or transmission of sensitive data.
Simple Network Management Protocol (SNMP) Traps: Utilize SNMP traps to
monitor and manage network devices and receive notifications about
significant events or conditions.
NetFlow: Analyze NetFlow data to monitor network traffic patterns, identify
anomalies, and detect potential security threats.
Vulnerability Scanners: Use automated vulnerability scanning tools to identify
security vulnerabilities and weaknesses within systems, applications, and
networks.
4.5 Given a scenario, modify enterprise capabilities to enhance
security.
Firewall:
Rules: Define policies and regulations governing traffic flow between
networks, specifying what is allowed or denied based on predefined criteria.
Access Lists: Lists of rules that determine which traffic is permitted or denied
based on source and destination IP addresses, ports, and protocols.
Ports/Protocols: Manage network traffic by controlling access to specific
ports and protocols, preventing unauthorized communication.
Screened Subnets: Implement security zones with layered defenses, typically
consisting of a screening router or firewall between internal and external
Ben’s Security+ 701 Notes
37
networks.
IDS/IPS (Intrusion Detection/Prevention Systems):
Trends: Analyze patterns and behaviors to detect and prevent potential
security threats and attacks in real-time.
Signatures: Use predefined patterns or signatures to identify known threats
and malicious activities within network traffic.
Web Filter:
Agent-Based: Deploy software agents on endpoints to monitor and filter web
traffic based on predefined policies and rules.
Centralized Proxy: Route web traffic through a central proxy server to enforce
web filtering policies, content categorization, and access control.
URL Scanning: Inspect URLs in web traffic to identify and block malicious or
suspicious websites based on reputation and content.
Content Categorization: Classify web content into categories to enforce
browsing policies and restrict access to inappropriate or unauthorized sites.
Block Rules: Define rules to block access to specific websites, web
applications, or content categories based on policy requirements.
Reputation: Evaluate the reputation of websites and URLs to determine the
risk level associated with accessing them.
Operating System Security:
Group Policy: Use Group Policy to enforce security settings, configurations,
and restrictions across Windows-based systems within a network.
SELinux (Security-Enhanced Linux): Implement mandatory access control
policies to confine processes and enforce security policies on Linux-based
systems.
Implementation of Secure Protocols:
Protocol Selection: Choose secure communication protocols (e.g., HTTPS,
SSH) to encrypt data in transit and authenticate communication channels.
Ben’s Security+ 701 Notes
38
Port Selection: Configure firewall rules to allow only essential ports for secure
protocols, blocking unnecessary or vulnerable ports.
Transport Method: Ensure secure transport methods (e.g., TLS/SSL) are used
to encrypt data transmission and protect against interception and tampering.
DNS Filtering: Filter and block malicious or unauthorized DNS requests to prevent
access to malicious domains and mitigate DNS-related threats.
Email Security:
DMARC (Domain-based Message Authentication, Reporting, and
Conformance): Protocol for email authentication and reporting to detect and
prevent email spoofing and phishing attacks.
DKIM (DomainKeys Identified Mail): Mechanism to verify the authenticity of
email messages by adding digital signatures to email headers.
SPF (Sender Policy Framework): Authentication method that verifies the
sender's domain and prevents email spoofing by defining authorized mail
servers.
File Integrity Monitoring: Monitor and detect unauthorized changes or
modifications to files and system configurations to prevent tampering and
unauthorized access.
DLP (Data Loss Prevention): Implement policies and controls to prevent
unauthorized access, use, or transmission of sensitive data across networks and
endpoints.
NAC (Network Access Control): Enforce security policies and controls to regulate
access to network resources based on the identity and compliance status of
endpoints and users.
EDR/XDR (Endpoint Detection and Response/Extended Detection and
Response): Continuously monitor and respond to security threats and suspicious
activities on endpoints, providing advanced threat detection, investigation, and
response capabilities.
User Behavior Analytics: Analyze user behavior patterns and activities to detect
anomalies, identify insider threats, and mitigate security risks associated with user
actions.
Ben’s Security+ 701 Notes
39
4.6 Given a scenario, implement and maintain identity and
access
management.
Provisioning/De-provisioning User Accounts:
Permission Assignments and Implications: Define user permissions and
access rights based on job roles and responsibilities, ensuring users have the
appropriate level of access to resources.
Identity Proofing: Verify the identity of users before granting access to
sensitive systems or data, typically through methods such as identity
verification questions or biometric authentication.
Federation: Enable single sign-on (SSO) across multiple domains or
organizations by allowing users to access resources using their credentials
from a trusted identity provider.
Single Sign-On (SSO): Provide users with seamless access to multiple
applications and services using a single set of login credentials, reducing the
need for multiple passwords.
LDAP (Lightweight Directory Access Protocol): Protocol used for
accessing and managing directory information services, often used for
centralized user authentication.
OAuth (Open Authorization): Protocol for authorization, allowing users to
grant third-party applications limited access to their resources without
revealing their credentials.
SAML (Security Assertion Markup Language): XML-based standard for
exchanging authentication and authorization data between identity
providers and service providers.
Interoperability: Ensure compatibility and seamless integration between
different identity and access management systems and protocols.
Ben’s Security+ 701 Notes
40
Attestation: Verify the accuracy and validity of user permissions and access
rights through regular reviews and audits.
Access Controls:
Mandatory Access Control: Enforce access restrictions based on security
labels assigned to users and resources, typically used in highly secure
environments.
Discretionary Access Control: Allow resource owners to determine access
permissions for users based on their discretion.
Role-Based Access Control: Assign access rights to users based on their
roles within an organization, streamlining access management and ensuring
least privilege.
Rule-Based Access Control: Define access rules and policies based on
specific conditions or criteria.
Attribute-Based Access Control: Determine access rights based on user
attributes such as job title, department, or location.
Time-of-Day Restrictions: Restrict user access to resources based on
specific time periods or schedules.
Least Privilege: Grant users the minimum level of access required to perform
their job functions, reducing the risk of unauthorized access and privilege
escalation.
Multifactor Authentication (MFA):
Implementations: Enhance authentication security by requiring users to
provide multiple forms of verification before accessing resources.
Biometrics: Authenticate users based on unique biological characteristics
such as fingerprints, iris patterns, or facial recognition.
Hard/Soft Authentication Tokens: Generate one-time passwords or
cryptographic keys to verify user identity.
Security Keys: Physical devices used for authentication, such as USB
tokens or smart cards.
Ben’s Security+ 701 Notes
41
Factors: Utilize different factors to verify user identity, including something
you know (e.g., password), something you have (e.g., smartphone), something
you are (e.g., fingerprint), and somewhere you are (e.g., geolocation).
Password Concepts:
Password Best Practices: Implement password policies to ensure strong
passwords, including requirements for length, complexity, expiration, and
prevention of password reuse.
Password Managers: Tools that securely store and manage passwords,
providing users with a convenient and secure way to access their credentials.
Passwordless: Authentication methods that eliminate the need for traditional
passwords, such as biometric authentication or hardware tokens.
Privileged Access Management Tools:
Just-in-Time Permissions: Grant temporary access to privileged accounts
only when needed, reducing the risk of misuse or unauthorized access.
Password Vaulting: Securely store and manage privileged account
passwords, allowing authorized users to access them when necessary.
Ephemeral Credentials: Dynamically generate and assign temporary
credentials to users for specific tasks or sessions, reducing the risk of
credential theft or misuse.
4.7 Explain the importance of automation and orchestration
related
to secure operations.
Use Cases of Automation and Scripting:
User Provisioning: Automate the process of creating and configuring user
accounts, including permissions and access rights.
Resource Provisioning: Automatically provision resources such as virtual
machines, storage, and networking components based on predefined
templates or scripts.
Ben’s Security+ 701 Notes
42
Guard Rails: Implement automated controls and policies to ensure compliance
with security standards and prevent unauthorized actions.
Security Groups: Automate the management of security groups and access
controls to enforce least privilege and segmentation.
Ticket Creation: Automatically generate tickets for incidents, requests, or
changes, streamlining the workflow for IT operations and support teams.
Escalation: Automatically escalate alerts or incidents to the appropriate
personnel or teams based on predefined criteria.
Enabling/Disabling Services and Access: Automate the process of enabling
or disabling services, features, or access rights based on user roles, events,
or policies.
Continuous Integration and Testing: Automate the build, integration, and
testing processes for software development, ensuring rapid and reliable
delivery of updates and improvements.
Integrations and APIs: Use automation and scripting to integrate different
systems and applications through APIs, enabling seamless data exchange and
communication.
Benefits:
Efficiency/Time Saving: Automation reduces manual effort and human error,
allowing tasks to be completed faster and more reliably.
Enforcing Baselines: Automation helps enforce standardized configurations
and security baselines across the infrastructure, reducing the risk of
misconfigurations and vulnerabilities.
Standard Infrastructure Configurations: Automation ensures consistency in
infrastructure deployment and configuration, facilitating management and
troubleshooting.
Scaling in a Secure Manner: Automated scaling enables the infrastructure to
adapt to changing demand while maintaining security and compliance
requirements.
Employee Retention: Automation reduces repetitive and mundane tasks,
improving job satisfaction and retention among IT personnel.
Ben’s Security+ 701 Notes
43
Reaction Time: Automated responses to security incidents or events can
significantly reduce the time between detection and response, enhancing
overall security posture.
Workforce Multiplier: Automation allows organizations to achieve more with
existing resources by automating routine tasks and freeing up personnel for
higher-value activities.
Other Considerations:
Complexity: Automation introduces complexity, requiring careful planning and
management to ensure reliability and maintainability.
Cost: While automation can lead to cost savings in the long run, there may be
initial investments in tools, training, and infrastructure.
Single Point of Failure: Overreliance on automation systems can create single
points of failure, necessitating redundancy and failover mechanisms.
Technical Debt: Poorly designed or implemented automation solutions can
lead to technical debt, requiring ongoing maintenance and refactoring.
Ongoing Supportability: Automation systems require ongoing monitoring,
maintenance, and updates to remain effective and secure over time.
4.8 Explain appropriate incident response activities.
Process:
Preparation: Establishing policies, procedures, and resources to effectively
respond to security incidents. This includes developing incident response
plans, assembling response teams, and implementing necessary tools and
technologies.
Detection: Identifying and detecting security incidents through various means
such as intrusion detection systems (IDS), security information and event
management (SIEM) tools, and user reports.
Analysis: Investigating and analyzing the nature and scope of security
incidents to understand their impact, determine the root cause, and assess the
Ben’s Security+ 701 Notes
44
severity of the situation.
Containment: Implementing measures to contain and prevent further spread
or damage caused by the security incident. This may involve isolating affected
systems, disabling compromised accounts, or blocking malicious network
traffic.
Eradication: Removing the root cause of the security incident from the
affected systems and networks. This may involve patching vulnerabilities,
removing malware, or restoring affected data from backups.
Recovery: Restoring affected systems, data, and services to normal operation
following a security incident. This includes verifying the integrity of restored
assets and ensuring that any residual risks are mitigated.
Lessons Learned: Conducting post-incident reviews to identify areas for
improvement, update incident response plans, and share insights with relevant
stakeholders to enhance future incident response efforts.
Training:
Providing ongoing training and awareness programs to ensure that personnel are
prepared to respond effectively to security incidents and adhere to established
incident response procedures.
Testing:
Tabletop Exercise: Simulated scenarios where incident response team
members discuss and walk through their responses to hypothetical security
incidents in a collaborative and interactive manner.
Simulation: Realistic simulations of security incidents to evaluate the
effectiveness of incident response plans, procedures, and personnel under
simulated conditions.
Root Cause Analysis:
Investigating the underlying causes of security incidents to identify systemic
issues, vulnerabilities, or weaknesses in the organization's security posture and
implement corrective actions to prevent similar incidents in the future.
Threat Hunting:
Ben’s Security+ 701 Notes
45
Proactively searching for signs of malicious activity or security threats within the
organization's networks and systems using various tools, techniques, and data
analysis methods.
Digital Forensics:
Legal Hold: Implementing measures to preserve potential evidence related to
a security incident to ensure its integrity and admissibility in legal
proceedings.
Chain of Custody: Documenting the chronological history of evidence from
the time it is collected until it is presented in court, ensuring its integrity and
authenticity.
Acquisition: Gathering and collecting digital evidence from various sources,
including systems, networks, and storage devices, using forensically sound
methods.
Reporting: Documenting findings, analysis, and conclusions from digital
forensic investigations in comprehensive reports suitable for internal review
and legal purposes.
Preservation: Ensuring the integrity and security of digital evidence
throughout the forensic investigation process to prevent tampering, alteration,
or loss.
E-discovery: Identifying, collecting, and preparing electronically stored
information (ESI) for legal proceedings, including litigation, regulatory
inquiries, and internal investigations.
4.9 Given a scenario, use data sources to support an
investigation.
Log Data:
Firewall Logs: Records of activities and events related to network traffic
passing through a firewall, including allowed and denied connections,
intrusion attempts, and policy violations.
Ben’s Security+ 701 Notes
46
Application Logs: Records generated by applications detailing their activities,
errors, and user interactions, providing insights into application behavior and
performance.
Endpoint Logs: Records generated by endpoints (e.g., desktops, laptops,
servers) detailing user activities, system events, and security-related events
such as login attempts, file access, and malware detection.
OS-Specific Security Logs: Logs generated by operating systems containing
security-related events such as authentication events, privilege changes,
system file modifications, and audit trail records.
IPS/IDS Logs: Logs generated by Intrusion Prevention Systems (IPS) and
Intrusion Detection Systems (IDS) containing information about detected
threats, attack signatures, and alerts triggered by suspicious network
activities.
Network Logs: Logs generated by network devices such as routers, switches,
and proxies, containing information about network traffic, connections,
bandwidth usage, and network security events.
Metadata: Additional information associated with log entries, such as
timestamps, source and destination IP addresses, user identifiers, event IDs,
and severity levels, enhancing the context and analysis of log data.
Data Sources:
Vulnerability Scans: Results and reports generated by vulnerability scanning
tools, identifying security vulnerabilities, misconfigurations, and potential
weaknesses within systems and networks.
Automated Reports: Scheduled or automated reports generated by security
tools, systems, and monitoring solutions, providing summaries, trends, and
analysis of security events and activities.
Dashboards: Visual representations of log data, metrics, and key performance
indicators (KPIs) displayed in real-time or near real-time, enabling security
analysts to monitor and analyze security posture and trends.
Packet Captures: Records of network traffic captured and stored for analysis,
allowing security analysts to inspect packet contents, detect anomalies, and
investigate network security incidents
Ben’s Security+ 701 Notes
47
5.0 Security Program Management and Oversight
5.1 Summarize elements of effective security governance.
Guidelines:
Policies:
Acceptable Use Policy (AUP): Defines acceptable behavior regarding the
use of organization's IT resources, outlining rules and restrictions to
ensure security and productivity.
Information Security Policies: Set of policies governing the protection of
organizational data and information assets from unauthorized access,
disclosure, alteration, or destruction.
Business Continuity: Policies outlining procedures and protocols to ensure
the organization can continue operating during and after a disruptive
event, minimizing downtime and ensuring resilience.
Disaster Recovery: Policies defining the steps and processes to recover IT
systems and data after a catastrophic event, restoring normal operations
as quickly as possible.
Incident Response: Policies detailing the procedures and actions to be
taken in response to security incidents, including detection, containment,
eradication, and recovery.
Software Development Lifecycle (SDLC): Policies guiding the development,
testing, deployment, and maintenance of software applications, ensuring
security, quality, and compliance.
Change Management: Policies governing the process for requesting,
reviewing, approving, implementing, and documenting changes to IT
systems and infrastructure.
Standards:
Password: Standard guidelines for creating, managing, and securing
passwords, including complexity requirements, expiration periods, and
Ben’s Security+ 701 Notes
48
reuse restrictions.
Access Control: Standard protocols and procedures for managing user
access to systems, applications, and data, ensuring only authorized users
have appropriate permissions.
Physical Security: Standard practices for securing physical premises,
facilities, and assets, including access controls, surveillance, and
environmental controls.
Encryption: Standard algorithms, protocols, and key management
practices for encrypting data at rest, in transit, and in use, protecting
sensitive information from unauthorized access.
Procedures:
Change Management: Detailed procedures for requesting, reviewing,
approving, implementing, and documenting changes to IT systems and
infrastructure, ensuring compliance with policies and minimizing
disruptions.
Onboarding/Offboarding: Procedures for provisioning and deprovisioning
user accounts, access privileges, and IT resources for new hires,
contractors, and departing employees.
Playbooks: Step-by-step guides and instructions for responding to
specific security incidents or scenarios, facilitating quick and effective
incident response.
External Considerations:
Regulatory: External regulations and compliance requirements governing
the organization's operations, data handling practices, and security
controls.
Legal: Laws and statutes applicable to the organization's industry,
jurisdiction, and geographical locations, influencing data privacy,
intellectual property, and liability.
Industry: Sector-specific standards, guidelines, and best practices
relevant to the organization's industry vertical, ensuring compliance and
addressing industry-specific risks.
Ben’s Security+ 701 Notes
49
Local/Regional/National/Global: Geographic-specific regulations, laws,
and standards applicable at the local, regional, national, or global level,
influencing governance and compliance obligations.
Monitoring and Revision:
Processes for ongoing monitoring, review, and revision of policies,
standards, and procedures to ensure they remain current, effective, and
aligned with organizational objectives and external requirements.
Types of Governance Structures:
Boards/Committees: Governing bodies responsible for setting strategic
direction, overseeing risk management, and ensuring compliance with
policies and regulations.
Government Entities: Regulatory bodies, government agencies, or industry
associations providing oversight, guidance, and enforcement of laws and
standards.
Centralized/Decentralized: Organizational structures determining the
distribution of authority, decision-making processes, and accountability
for governance and compliance functions.
Roles and Responsibilities for Systems and Data:
Owners: Individuals or groups responsible for the overall management and
stewardship of systems, applications, or data assets, including
accountability for security and compliance.
Controllers: Individuals or entities responsible for determining the
purposes and means of processing personal data, ensuring compliance
with data protection regulations.
Processors: Individuals or entities that process personal data on behalf of
the data controller, subject to contractual obligations and security
requirements.
Custodians/Stewards: Individuals or groups responsible for the day-to-day
management, protection, and maintenance of specific IT systems,
applications, or data sets.
Ben’s Security+ 701 Notes
50
5.2 Explain elements of the risk management process.
Risk Management:
Risk Identification:
Process of identifying potential threats, vulnerabilities, and events that
could impact the organization's objectives, operations, or assets.
Risk Assessment:
Ad Hoc: Occasional assessments conducted on an as-needed basis in
response to specific events or changes.
Recurring: Regularly scheduled assessments conducted at predefined
intervals to evaluate and manage risks systematically.
One-time: Single, comprehensive assessment performed to identify
and analyze risks within a specific context or project.
Continuous: Ongoing monitoring and assessment of risks to maintain
awareness and responsiveness to evolving threats and vulnerabilities.
Risk Analysis:
Qualitative: Subjective assessment of risks based on expert judgment,
categorizing risks by severity, likelihood, and impact.
Quantitative: Objective assessment of risks using numerical data and
mathematical models to calculate potential losses and probabilities.
Single Loss Expectancy (SLE): Monetary value associated with a single
occurrence of a risk event.
Annualized Loss Expectancy (ALE): Expected monetary loss from a
risk over a one-year period.
Annualized Rate of Occurrence (ARO): Frequency at which a risk event
is expected to occur annually.
Probability/Likelihood: Likelihood of a risk event occurring based on
historical data, expert judgment, or statistical analysis.
Exposure Factor: Percentage of loss expected if a risk event occurs.
Ben’s Security+ 701 Notes
51
Impact: Consequence or effect of a risk event on the organization's
objectives, assets, or operations.
Risk Register:
Document or database containing information about identified risks,
including their likelihood, impact, mitigation strategies, and risk
owners.
Key Risk Indicators: Quantifiable metrics or measures used to monitor
changes in risk levels and trigger risk management actions.
Risk Owners: Individuals or groups responsible for overseeing and
managing specific risks within the organization.
Risk Threshold: Level of risk that the organization is willing to accept
before taking action to mitigate or manage the risk.
Risk Tolerance/Risk Appetite:
Risk Tolerance: Maximum acceptable level of risk exposure that an
organization is willing to tolerate in pursuit of its objectives.
Risk Appetite: Organization's willingness to take on risk to achieve
strategic goals, categorized as expansionary, conservative, or neutral.
Risk Management Strategies:
Transfer: Shifting risk to third parties, such as insurance companies or
vendors, through contractual agreements.
Accept: Acknowledging the existence of a risk without taking active
measures to mitigate it.
Exemption: Specific instances where certain risks are exempt from
mitigation due to their low likelihood or impact.
Exception: Unique circumstances where risks are deemed
acceptable based on specific criteria or business needs.
Avoid: Taking actions to eliminate or minimize the likelihood or impact
of identified risks.
Mitigate: Implementing measures to reduce the likelihood or impact of
risks to an acceptable level.
Ben’s Security+ 701 Notes
52
Risk Reporting:
Communication of risk-related information to stakeholders, including
executive management, board members, and relevant parties, to
facilitate informed decision-making and risk oversight.
Business Impact Analysis:
Assessment of the potential consequences of disruptions to critical
business functions, including:
Recovery Time Objective (RTO): Maximum acceptable downtime
for restoring operations after an incident.
Recovery Point Objective (RPO): Maximum acceptable data loss
tolerated during the recovery process.
Mean Time to Repair (MTTR): Average time required to repair
systems or processes after a failure.
Mean Time Between Failures (MTBF): Average time elapsed
between system failures.
5.3 Explain the processes associated with third-party risk
assessment and management.
Vendor Assessment:
Penetration Testing:
Assessment method involving simulated cyber attacks on a vendor's
systems or infrastructure to identify vulnerabilities and assess security
posture.
Right-to-Audit Clause:
Contractual provision granting the organization the authority to conduct
audits or assessments of the vendor's operations, processes, or
compliance with security requirements.
Evidence of Internal Audits:
Ben’s Security+ 701 Notes
53
Documentation or reports demonstrating that the vendor conducts internal
audits or assessments of their systems, processes, and controls to ensure
compliance with standards and regulations.
Independent Assessments:
Third-party evaluations or audits conducted by independent organizations
to assess the vendor's security practices, controls, and compliance with
contractual or regulatory requirements.
Supply Chain Analysis:
Examination of the vendor's supply chain to identify potential risks,
vulnerabilities, or dependencies that could impact the organization's
operations or security posture.
Vendor Selection:
Process of evaluating and choosing vendors based on factors such as
reputation, capabilities, security posture, and alignment with
organizational needs.
Due Diligence:
Comprehensive investigation or assessment conducted to evaluate the
vendor's financial stability, reputation, legal compliance, and other relevant
factors before entering into a business relationship.
Conflict of Interest:
Evaluation of potential conflicts of interest that may arise from the
vendor's relationships, affiliations, or competing interests that could
impact their ability to fulfill contractual obligations impartially.
Agreement Types:
Service-Level Agreement (SLA): Contractual agreement outlining the
services, performance standards, and responsibilities of both parties.
Memorandum of Agreement (MOA): Formal document outlining terms and
conditions of a specific agreement or understanding between parties.
Memorandum of Understanding (MOU): Non-binding agreement outlining
mutual intentions or goals between parties.
Ben’s Security+ 701 Notes
54
Master Service Agreement (MSA): Comprehensive contract outlining
general terms and conditions for future transactions or services between
parties.
Work Order (WO)/Statement of Work (SOW): Detailed document outlining
specific tasks, deliverables, and timelines for a project or service.
Non-Disclosure Agreement (NDA): Contractual agreement outlining
confidentiality obligations regarding proprietary or sensitive information
shared between parties.
Business Partners Agreement (BPA): Contractual agreement outlining the
terms and conditions of a partnership or joint venture between businesses.
Vendor Monitoring:
Ongoing oversight and evaluation of the vendor's performance,
compliance, and security posture throughout the duration of the business
relationship.
Questionnaires:
Surveys or assessments used to gather information from vendors about
their practices, controls, and compliance with security requirements.
Rules of Engagement:
Guidelines or protocols established to define the scope, objectives, and
boundaries of assessments, audits, or engagements with vendors.
5.4 Summarize elements of effective security compliance.
Compliance Reporting:
Internal:
Reporting mechanisms and processes established within the organization
to monitor and document compliance with internal policies, procedures,
and standards.
External:
Ben’s Security+ 701 Notes
55
Reporting activities and submissions to external entities such as regulatory
authorities, industry regulators, or certification bodies to demonstrate
compliance with applicable laws, regulations, or standards.
Consequences of Non-Compliance:
Fines:
Monetary penalties imposed by regulatory authorities or governing bodies
for failure to comply with legal or regulatory requirements.
Sanctions:
Punitive measures or restrictions imposed on the organization for noncompliance, which may include limitations on business activities or
operations.
Reputational Damage:
Negative impact on the organization's reputation or brand perception
resulting from non-compliance with laws, regulations, or industry
standards.
Loss of License:
Revocation or suspension of licenses, permits, or certifications necessary
for the organization to conduct business operations legally.
Contractual Impacts:
Adverse effects on contractual relationships with customers, partners, or
vendors due to breaches of compliance obligations outlined in contractual
agreements.
Compliance Monitoring:
Due Diligence/Care:
Proactive measures taken by the organization to ensure compliance with
applicable laws, regulations, and industry standards through diligent
monitoring, risk assessment, and adherence to best practices.
Attestation and Acknowledgment:
Ben’s Security+ 701 Notes
56
Formal declarations or acknowledgments made by responsible parties
within the organization to confirm compliance with specific requirements
or standards.
Internal and External:
Monitoring activities conducted both internally by the organization's
compliance teams and externally by regulatory authorities or third-party
auditors.
Automation:
Use of automated tools, systems, or processes to streamline compliance
monitoring, reporting, and enforcement activities, enhancing efficiency
and accuracy.
Privacy:
Legal Implications:
Legal considerations and obligations related to privacy protection,
including local, regional, national, and global laws, regulations, or
directives governing data privacy and protection.
Data Subject:
Individuals whose personal data is collected, processed, or stored by the
organization, entitled to certain rights and protections regarding the
handling of their information.
Controller vs. Processor:
Distinction between entities responsible for determining the purposes and
means of processing personal data (controllers) and those processing
data on behalf of controllers (processors), with different compliance
obligations and responsibilities.
Ownership:
Clarification of ownership rights and responsibilities regarding the
management, protection, and use of personal data collected or processed
by the organization.
Data Inventory and Retention:
Ben’s Security+ 701 Notes
57
Documentation and management of the organization's data assets,
including inventorying and categorizing data, defining retention periods,
and implementing appropriate controls for data protection and privacy
compliance.
Right to be Forgotten:
Individuals' right to request the erasure or deletion of their personal data
held by the organization, as mandated by certain privacy regulations such
as the General Data Protection Regulation (GDPR).
5.5 Explain types and purposes of audits and assessments.
Attestation:
Internal:
Compliance:
Internal processes and activities to confirm adherence to regulatory
requirements, industry standards, and organizational policies.
Audit Committee:
Oversight body responsible for reviewing and validating the effectiveness
of internal controls, compliance efforts, and audit findings.
Self-Assessments:
Internal evaluations conducted by the organization to assess its
compliance posture, identify gaps, and implement corrective actions.
External:
Regulatory:
Compliance verification conducted by regulatory authorities or
government agencies to ensure adherence to applicable laws, regulations,
and standards.
Examinations:
Ben’s Security+ 701 Notes
58
Formal reviews or assessments performed by external entities, such as
auditors or regulators, to evaluate the organization's compliance with legal
and regulatory requirements.
Assessment:
Comprehensive evaluations conducted by independent assessors or thirdparty auditors to assess the organization's adherence to industry
standards, best practices, and contractual obligations.
Independent Third-Party Audit:
Examination of the organization's compliance status and controls by
external auditors or assessors who are independent of the organization's
management structure.
Penetration Testing:
Physical:
Testing focused on assessing the physical security controls,
vulnerabilities, and potential points of entry to facilities or premises.
Offensive:
Simulation of cyber attacks and exploitation attempts to identify
weaknesses in networks, systems, and applications from the perspective
of potential adversaries.
Defensive:
Evaluation of defensive measures, detection capabilities, and incident
response processes to assess the organization's ability to withstand and
mitigate cyber attacks.
Integrated:
Coordinated testing approach that combines offensive and defensive
strategies to simulate real-world attack scenarios and evaluate overall
security posture.
Known Environment:
Testing conducted in environments where the organization has full
knowledge of its infrastructure, systems, and security controls.
Ben’s Security+ 701 Notes
59
Partially Known Environment:
Assessment performed in environments where the organization has limited
knowledge or visibility into its infrastructure, systems, or security
measures.
Unknown Environment:
Testing conducted in environments where the organization has no prior
knowledge or information about its infrastructure, systems, or security
controls.
Reconnaissance:
Initial phase of penetration testing focused on gathering information about
the target environment through passive or active methods.
Passive:
Gathering information without directly interacting with the target, such
as through public sources or passive network monitoring.
Active:
Proactively seeking information by directly interacting with the target
environment, such as through network scans or vulnerability
assessments.
5.6 Given a scenario, implement security awareness practices.
Phishing:
Campaigns:
Coordinated efforts by attackers to distribute fraudulent communications,
typically via email, aimed at deceiving recipients into divulging sensitive
information or performing actions that compromise security.
Recognizing a Phishing Attempt:
Ben’s Security+ 701 Notes
60
Training employees to identify common indicators of phishing emails, such
as suspicious sender addresses, unfamiliar URLs, grammatical errors,
urgent language, and requests for sensitive information.
Responding to Reported Suspicious Messages:
Establishing protocols for promptly investigating and addressing reported
phishing attempts, including verification, communication with affected
parties, and mitigation measures to prevent further exposure.
Anomalous Behavior Recognition:
Risky:
Identifying behaviors or actions that deviate from established norms or
pose a potential risk to the organization's security, such as accessing
unauthorized resources or downloading suspicious files.
Unexpected:
Noticing actions or events that are unusual or unexpected in the context of
typical user behavior, which may indicate a security incident or
compromise.
Unintentional:
Recognizing inadvertent actions or mistakes made by users that could
inadvertently compromise security, such as clicking on malicious links or
sharing sensitive information.
User Guidance and Training:
Policy/Handbooks:
Providing employees with clear guidelines and policies regarding
acceptable use of technology resources, security best practices, and
procedures for handling sensitive information.
Situational Awareness:
Educating users about the tactics and techniques used by cyber attackers,
promoting awareness of potential threats, and encouraging vigilance in
identifying and reporting suspicious activities.
Insider Threat:
Ben’s Security+ 701 Notes
61
Raising awareness about the risks posed by insider threats, including
unintentional and malicious actions by employees, contractors, or other
trusted entities.
Password Management:
Educating users on the importance of strong, unique passwords, and
implementing password management practices such as regular updates
and the use of multifactor authentication.
Removable Media and Cables:
Providing guidance on the secure use of removable media and cables to
prevent data loss or unauthorized access, including policies for encryption
and secure disposal.
Social Engineering:
Training employees to recognize and resist social engineering tactics used
by attackers to manipulate individuals into divulging confidential
information or performing actions that compromise security.
Operational Security:
Promoting operational security practices to safeguard sensitive
information and assets, including physical security measures, data
encryption, and secure communication protocols.
Hybrid/Remote Work Environments:
Offering guidance and best practices for maintaining security in hybrid or
remote work environments, including secure connectivity, device
management, and data protection measures.
Reporting and Monitoring:
Initial:
Establishing channels for employees to report suspicious activities,
security incidents, or potential threats, ensuring timely response and
investigation by security teams.
Recurring:
Ben’s Security+ 701 Notes
62
Implementing ongoing monitoring and reporting mechanisms to track
security-related events, analyze trends, and identify areas for
improvement in security posture.
Development:
Creating and delivering training programs and materials to educate employees
on security awareness, phishing prevention, and incident response
procedures.
Execution:
Implementing security awareness training initiatives, phishing simulations, and
incident response exercises to test and reinforce the effectiveness of user
training and awareness efforts.
Bonus Tips:
Once you finish reviewing material and notes, continue to take practice exams.
When I started scoring around 75-85% on my practice exams, I felt confident
enough to take the exam and passed.
Here are the practice exams I used:
Udemy (Jason Dion) Practice Exams: https://bit.ly/46VaMOC
This channel is how I studied for the Performance-Based questions:
https://www.youtube.com/@cyberkraft1
During the exam, don’t spend too much time on any question. I review the
several mistakes to avoid in this video here
👉 https://www.youtube.com/watch?v=iWjI6Kll0Gs&t=2s
Be confident in your knowledge and don’t overthink it!
Last of all, I wish you the best of luck on your exam! Continue to push yourself,
and develop your skills! Cybersecurity is a field that welcomes people from all
backgrounds, and this is just the beginning!
Ben’s Security+ 701 Notes
63
I hope you stay in touch with me via either my YouTube channel
(https://www.youtube.com/bentruong) or on a more personal level on my
Instagram + TikTok @CyberWithBen
Ben’s Security+ 701 Notes
64
Download