CompTIA Security+ SY0-601

Compare and Contrast Different Types of Social Engineering Techniques

• Social Engineering Principles
• Social Engineering Attack Vectors
• Influence Campaigns

Given a Scenario, Analyze Indicators of Compromise and Determine the Malware

• Malware Primer
• Malware Families

Given a Scenario, Analyze Potential Indicators Associated with Application Attacks

• Input and Output Validation
• Injection, XSS and Forgery Attacks

Given a Scenario, Analyze Potential Indicators Associated with Network Attacks

• Digital Infrastructure Attacks

Explain Different Threat Actors, Vectors and Intelligence Sources

Explain the Security Concerns Associated with Various Types of Vulnerabilities

• Operational Vulnerabilities

Summarize the Techniques Used in Security Assessments

• Threat Hunting and Vulnerability Identification
• Syslog, SIEM & SOAR

Explain the Techniques Used in Penetration Testing

• Penetration Testing Concepts

Explain the Importance of Security Concepts in an Enterprise Environment

• Configuration Management
• Data Protection
• Deception and Disruption

Summarize Virtualization and Cloud Computing Concepts

• Cloud Computing
• Virtualization

Summarize Secure Application Development, Deployment, and Automation Concepts

Summarize Authentication and Authorization Design Concepts

Given a Scenario, Implement Cybersecurity Resilience

• Resiliency and Redundancy
• Backup and Recovery

Explain the Security Implications of Embedded and Specialized Systems

Explain the Importance of Physical Security Controls

Summarize the Basics of Cryptographic Concepts

• Cryptography Primer
• Steganography
• Symmetric Encryption
• Asymmetric Encryption
• Hashing

Given a Scenario, Implement Secure Protocols

• Secure Communications Protocols
• Secure Network Protocols

Given a Scenario, Implement Host or Application Security Solutions

• Trusted Computing Base
• Endpoint Security
• Database and Application Security

Given a Scenario, Implement Secure Network Designs

• Zones and Segments

Given a Scenario, Install and Configure Wireless Security Settings

Given a Scenario, Implement Secure Mobile Solutions

• Mobile Connectivity
• Mobile Device Management

Given a Scenario, Apply Cybersecurity Solutions to the Cloud

• Cloud Infrastructure
• Virtual Private Clouds
• Cloud Security Controls

Given a Scenario, Implement Identity and Account Management Controls

• Identity and Access Management

Given a Scenario, Implement Authentication and Authorization Solutions

• Authentication Protocols
• Federated Identity
• Authorization and Access Control

Given a Scenario, Implement Public Key Infrastructure

• PKI Cryptographic Review
• Digital Certificates

Given a Scenario, Use the Appropriate Tool to Assess Organizational Security

• Reconnaissance and Discovery
• Packet Capture and NetFlows
• Linux Commands

Summarize the Importance of Policies, Processes, and Procedures for Incident Response

Given an Incident, Utilize Appropriate Data Sources to Support an Investigation

• Data Sources

Given an Incident, Apply Mitigation Techniques or Controls to Secure an Environment

Explain the Key Aspects of Digital Forensics

Compare and Contrast Various Types of Controls

Explain the Importance of Applicable Regulations...orks That Impact Organizational Security Posture

Explain the Importance of Policies to Organizational Security

Summarize Risk Management Processes and Concepts

Explain Privacy and Sensitive Data Concepts in Relation to Security

Preparing for the Exam