CompTIA SEC+ 701, detailed notes on chapters 1 - 2
65 views 1 purchase
Course
Comptia Security+ SYO-601
Institution
Comptia Security+ SYO-601
Notes taken based on Professor Messer's CompTIA Security+ SY0-701 videos on youtube
Along with COMPTIA SECURITY+ STUDY GUIDE WITH OVER 500 PRACTICE TEST QUESTIONS, EXAM SY0-701
Sec+
Notes
Notes
taken
based
on
Professor
Messer's
CompTIA
Security+
SY0-701
videos
on
youtube
Along
with
COMPTIA
SECURITY+
STUDY
GUIDE
WITH
OVER
500
PRACTICE
TEST
QUESTIONS,
EXAM
SY0-701
Chapter
1
Chapter
1.1
Security
controls
Control
categories
and
types
Categories
Preventative
(Most
effective)
Deterrent
Detective
Corrective
Compensating
Directive
(Least
effective)
Technical
Firewall
Splash
screen
System
logs
Backup
recovery
Block
application
instead
of
patch
Files
storage
policies
Managerial
On-Boarding
policy
Demotion
Review
login
reports
Policies
for
reporting
issues
Separation
of
duties
Compliance
policies
Operational
Guard
shack
Reception
desk
Property
partrolls
Contact
authorities
Require
more
security
staff
Security
policy
training
Physical
Locked
doors
Warning
signs
Motion
detectors
Fire
extinguisher
Power
generator
Sign:
Authorized
personnel
only Chapter
1.2
CIA
Triad
A
fundamental
model
designed
to
guide
policies
for
information
security
within
an
organization.
The
triad
consists
of
three
core
principles,
represented
by
the
acronym
CIA:
Confidentiality,
Integrity,
and
Availability.
Confidentiality:
Confidentiality
ensures
that
sensitive
information
is
protected
from
unauthorized
access
or
disclosure.
It
focuses
on
maintaining
the
privacy
and
secrecy
of
data,
preventing
unauthorized
individuals
or
systems
from
accessing
classified
or
sensitive
information.
Implementation:
Encryption,
access
controls,
and
secure
communication
protocols
are
common
measures
to
uphold
confidentiality.
For
example,
protecting
user
data,
financial
records,
or
intellectual
property
from
being
accessed
or
viewed
by
unauthorized
parties.
Integrity:
Integrity
ensures
that
data
remains
accurate,
unaltered,
and
trustworthy.
It
is
concerned
with
preventing
unauthorized
or
accidental
modifications
to
data,
ensuring
that
information
retains
its
reliability
and
consistency.
Implementation
:
Hash
functions,
digital
signatures,
and
access
controls
are
employed
to
maintain
data
integrity.
For
instance,
preventing
unauthorized
modifications
to
critical
system
files,
databases,
or
financial
records
is
crucial
for
upholding
the
integrity
of
information.
Availability:
Availability
ensures
that
information
and
systems
are
accessible
and
usable
when
needed.
This
principle
focuses
on
preventing
disruptions
to
services,
ensuring
that
authorized
users
can
access
the
required
information
or
resources
without
significant
downtime.
Implementation
:
Redundancy,
backup
systems,
and
disaster
recovery
plans
are
implemented
to
guarantee
availability.
For
example,
deploying
backup
servers,
load
balancing,
and
robust
network
infrastructure
helps
maintain
continuous
access
to
critical
services,
even
in
the
face
of
potential
disruptions.
Non-repudiation
- a
security
measure
designed
to
ensure
that
parties
involved
in
a
digital
interaction
cannot
later
deny
their
participation
or
the
validity
of
their
commitments.
Key
aspects
of
non-repudiation
include:
Digital
Signatures:
When
a
user
digitally
signs
a
document
or
message,
it
generates
a
unique
cryptographic
signature
that
is
associated
with
their
identity.
This
signature
verifies
the
integrity
of
the
data
and
the
identity
of
the
signer.
Transaction
Logging:
Comprehensive
logging
of
digital
transactions
and
communications
helps
establish
a
trail
of
events.
This
log
includes
details
such
as
who
initiated
the
action,
what
action
was
taken,
and
when
it
occurred.
Transaction
logs
provide
evidence
that
can
be
used
to
support
non-repudiation
claims.
Public
Key
Infrastructure
(PKI):
Non-repudiation
is
often
achieved
through
the
use
of
Public
Key
Infrastructure.
In
PKI,
digital
certificates
and
public-private
key
pairs
are
used
to
ensure
the
authenticity
of
parties
involved
in
digital
interactions.
The
private
key,
known
only
to
the
owner,
is
used
for
signing,
while
the
public
key
is
used
for
verification.
Timestamping:
Timestamps
are
used
to
record
the
exact
time
when
a
digital
transaction
or
communication
occurred.
By
including
a
timestamp,
non-repudiation
mechanisms
can
establish
a
chronological
order
of
events,
making
it
difficult
for
a
party
to
deny
their
involvement.
Proof
of
integrity
-
Verify
that
data
has
not
been
altered
from
its
original
state
Hashing
-
represents
data
in
a
short
string
of
text,
used
to
secure
data
by
giving
it
a
“fingerprint”
if
the
hash
is
changed,
the
data
has
been
compromised.
AAA
Authentication
-
Prove
who
you
say
you
are,
Passwords,
verifications
Devices
can
be
authenticated
through
a
digital
signed
certificate
on
the
device
Authorization
-
Based
on
who
you
are,
what
access
do
you
have
Accounting
-
Logs
of
all
activity,
Login
time,
Logout
time,
data
sent/received
Honeypots
-
Virtual
worlds
/Traps
used
to
attract
and
trap
hackers
‘Attackers’
are
usually
machines.
●
Honeypots
help
figure
out
what
automated
machine
is
being
used
and
what
system
they
are
trying
to
attack
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jessicatran1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
