Mastering Security Basics
CompTIA Security+ objectives covered in this chapter:
1.7 Summarize the techniques used in security assessments
• Syslog/Security information and event management (SIEM) (Review reports, Packet capture, Data inputs, User behavior analysis, Sentiment analysis, Security monitoring, Log aggregation, Log collectors)
2.1 Explain the importance of security concepts in an enterprise environment.
• Response and recovery controls 2.3 Summarize secure application development, deployment, and automation concepts.
• Elasticity, Scalability 2.5 Given a scenario, implement cybersecurity resilience.
• High availability (Scalability)
2.8 Summarize the basics of cryptographic concepts.
• Common use cases (Supporting confidentiality, Supporting integrity)
4.1 Given a scenario, use the appropriate tool to assess organizational security.
• Network reconnaissance and discovery (tracert/traceroute, ipconfig/ifconfig, ping/pathping, hping, netstat, arp)
• File manipulation (head, tail, cat, grep, chmod, logger)
4.3 Given an incident, utilize appropriate data sources to support an investigation.
• SIEM dashboards (Sensor, Sensitivity, Trends, Alerts, Correlation)
• Log files (Network, System, Application, Security, Web)
• syslog/rsyslog/syslog-ng, journalctl, NXLog
5.1 Compare and contrast various types of controls.
• Category (Managerial, Operational, Technical)
• Control type (Preventative, Detective, Corrective, Deterrent, Compensating, Physical)
** Before you dig into some of the details related to IT security, you should have a solid understanding of core security goals. This chapter introduces many of these core goals to provide you with a big picture, and it presents basic risk concepts. Security controls reduce risks, and you’ll learn about different security control categories in this chapter. You’ll be expected to know about many Windows and Linux command-line tools, and this chapter introduces some. Last, this chapter provides details on some relevant logs and logging tools.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 148-149). YCDA, LLC. Kindle Edition.