Total Seminars, LLC Production: Total: Comptia Security+ Certification (Sy0-601) Video Series

Total Seminars, LLC Production
TOTAL: CompTIA Security+ Certification (SY0-

601) Video Series
Ch # Episode Name
0
0.01 Promo
0.02 Introduction
0.03 About the Security+ (SY0-601) Exam
1 Risk Management
1.01 Defining Risk
1.02 Threats and Vulnerabilities
1.03 Threat Intelligence
1.04 Risk Management Concepts
1.05 Security Controls
1.06 Risk Assessments and Treatments
1.07 Quantitative Risk Assessments
1.08 Qualitative Risk Assessments
1.09 Business Imapct Analysis

1.10 Data Types and Roles
1.11 Security and the Information Life Cycle
1.12 Data Destruction
1.13 Personnel Risk and Policies
1.14 Third-Party Risk Management
1.15 Agreement Types
1.16 Chapter 1 Exam Question Review
1.17 Wiping Disks with the dd Command Lab
1.18 Chapter 1 Ask Me Anything (AMA)
2 Cryptography
2.01 Cryptography Basics
2.02 Data Protection
2.03 Cryptographic Methods
2.04 Symmetric Cryptosystems
2.05 Symmetric Block Modes
2.06 Asymmetric Cryptosystems
2.07 Diffie-Hellman
2.08 Hashing
2.09 Understanding Digital Certificates
2.10 Trust Models
2.11 Public Key Infrastructure
2.12 Certificate Types
2.13 Touring Certificates
2.14 Cryptographic Attacks
2.15 Password Cracking
2.16 Password Cracking Demo
2.18 SSH Public Key Authentication Lab
3 Identity and Account Management

3.01 Identification, Authentication, and Authorization
3.02 Enabling Multifactor Authentication
3.03 Authorization
3.04 Accounting
3.05 Authentication Methods
3.06 Access Control Schemes
3.07 Account Management

3.08 Network Authentication
3.09 Identity Management Systems
3.11 Creating LInux Users and Groups Lab
4 Tools of the Trade
4.01 Touring the CLI
4.02 Shells
4.03 The Windows Command Line
4.04 Microsoft PowerShell
4.05 Linux Shells
4.06 Python Scripts
4.07 Windows Command-Line Tools
4.08 Linux Command-Line Tools
4.09 Network Scanners
4.10 Network Scanning with Nmap

4.11 Network Protocol Analyzers
4.12 Using Wireshark to Analyze Network Traffic
4.13 Using tcpdump to Analyze Network Traffic
4.14 Log Files
4.15 Centralized Logging
4.16 Configuring Linux Log Forwarding
4.18 Lunux Shell Script Lab
4.19 Nmap Lab
5 Securing Individual Systems
5.01 Malware
5.02 Weak Configurations
5.03 Common Attacks
5.04 Driver and Overflow Attacks
5.05 Password Attacks
5.06 Bots and Botnets

5.07 Disk RAID Levels
5.08 Securing Hardware
5.09 Securing Endpoints
5.11 Linux Software RAID Lab
6 The Basic LAN
6.01 The OSI Model
6.02 ARP Cache Poisoning
6.03 Other Layer 2 Attacks
6.04 Network Planning
6.05 Load Balancing
6.06 Securing Network Access
6.07 Honeypots
6.08 Firewalls
6.09 Proxy Servers
6.10 Network and Port Address Translation
6.11 IP Security (IPsec)
6.12 Virtual Private Networks (VPNs)
6.13 Intrusion Detection and Prevention Systems (IDS/IPS)
6.15 Linux Snort IDS Lab
7 Securing Wireless LANs

7.01 Wi-Fi Encryption Standards
7.02 RFID, NFC, and Bluetooth
7.03 Wi-Fi Coverage and Performance
7.04 Wi-Fi Discovery and Attacks
7.05 Cracking WPA2

7.06 Wi-Fi Hardening
7.08 WPA2 Cracking Lab
8 Securing Public Servers
8.01 Defining a Public Server
8.02 Common Attacks and Mitigations
8.03 Containers and Software-Defined Networking
8.04 Hypervisors and Virtual Machines
8.05 Cloud Deployment Models
8.06 Cloud Service Models
8.07 Securing the Cloud
8.08 Chapter 8 Exam Question Reivew
8.09 Docker Container Lab

9 Securing Dedicated Systems
9.01 Embedded Systems
9.02 Industrial Control System (ICS)
9.03 Internet of Things (IoT) Devices
9.04 Connecting to Dedicated and Mobile Systems
9.05 Security Constraints for Dedicated Systems
9.06 Mobile Device Deployment and Hardening
9.08 Smartphone Hardening Lab
10 Physical Security
10.01 Physical Security Overview
10.02 Physical Security
10.03 Keylogger Demo
10.04 Environmental Controls

10.06 Physical Security Lab
11 Secure Protocols and Applications

11.01 DNS Security
11.02 FTP Packet Capture
11.03 Secure Web and E-mail
11.04 Request Forgery Attacks
11.05 Cross-Site Scripting Attacks
11.06 Web Application Security
11.07 Web App Vulnerability Scanning
11.09 OWASP ZAP Web App Scan Lab
12 Testing Infrastructure
12.01 Testing Infrastructure Overview
12.02 Social Engineering
12.03 Social Engineering Attacks
12.04 Vulnerability Assessments
12.05 Penetration Testing

12.06 Security Assessment Tools
12.07 The Metasploit Framework
12.09 hping3 Forged Packet Lab
13 Dealing with Incidents

13.01 Incident Response Overview
13.02 Incident Response Plans (IRPs)
13.03 Threat Analysis and Mitigating Actions
13.04 Digital Forensics
13.05 Gathering Digital Evidence
13.06 Business Continuity and Alternate Sites
13.07 Data Backup
13.09 Autopsy Forensic Browser Lab

tal Seminars, LLC Production
SME: Mike Meyers and Dan Lachance
Description Time
0:04:42
Mike and Dan introduce the CompTIA Security+ (SY0-601) video course from Total 0:02:30
Seminars.
This episode goes over the domains of the CompTIA Security+ (SY0-601) exam 0:03:06
objectives and the various topics that are covered.
Managing risk involves identifying threat actors from script kiddies to state-
sponsored attackers. Mitigating threats is achieved by identifying assets and putting 0:08:20
security controls in place to mitigate risks.
The CIA security triad (confidentiality, integrity and availability) describes how
solutions such as encryption, hashing, and data backups can address potential attack 0:07:00
vectors that might be exploited by threat actors.
With the ever-changing IT threat landscape, how can you keep up with the latest
security issues? Threat intelligence refers to the wide variety of open-source
intelligence (OSINT) and proprietary IT security sources that use standards such as 0:11:01
STIX and TAXII for cybersecurity intelligence sharing.
A risk management framework aids in identifying and managing risk and is

sometimes required for compliance with data privacy regulations such as GDPR and 0:07:22
HIPAA. Organization security policies are often influenced by data privacy
regulations.
Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM)
define what types of security controls to put in place to mitigate risk both on- 0:09:21
premises and in the cloud. The specific type of attack vector determines whether
managerial, operational, or technical controls should be deployed.
How can you determine whether assets are adequately protected from threats? One
way is running periodic risk assessments to address the ever-changing threat 0:05:41
landscape to define the likelihood and impact of security incidents.
Is the cost of a security control justified? A quantitative risk assessment uses various
calculations against an asset to determine the maximum yearly spend for protecting 0:06:33
that asset.
The same risk can have a different impact to various organizations. Qualitative risk 0:03:54
assessment use subjective priority ratings for risks rather than dollar values.
In addition to deploying effective security controls to protect assets, what can be
done to ensure business continuity in the event of a security incident. A business 0:09:16
impact analysis involves proactive planning to help reduce downtime and data loss
when negative events occur.
Protecting personally identifiable information, or PII, is crucial and required by
security regulations such as GDPR, but of the vast amounts of data in an
organization, how do you know which data is sensitive? The answer is through data 0:11:26
roles and responsibilities assigned to personnel in conjunction with data discovery
and classification tools on-premises and in the cloud.
Security must be applied to all phases of the information life cycle, from collection to
its eventual archiving and deletion. This includes data security techniques such as 0:09:00
tokenization and masking while considering how laws apply to data based on its
location (data sovereignty).
Digital data resides on physical storage devices. Secure storage media disposal
mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, 0:06:01
must be put in place to ensure sensitive data cannot be retrieved by unauthorized
users.
Hiring the right employees and contractors for the job always matters. Enacting
internal security controls such as background checks, mandatory vacations, job
rotation, and separation of duties goes a long way in ensuring the integrity of 0:10:21
business processes.
Some business activities cannot be completed entirely within an organization and

must be outsourced. Ensuring that proper security safeguards are in place
0:08:25
throughout the hardware, software, and personnel supply chain results in a properly
secured data, such as through data loss prevention (DLP) tools.
When organizations enter into business partnerships with third-party service

providers, the agreements and contracts they both sign protect both organizations
legally, as well as establish the terms of service. This episode covers the various types 0:06:24
of business agreements.
Threats are executed by a variety of different threat actors, each type having a
different motivation for executing attacks. This episode presents a scenario where 0:01:40
correct type of threat actor must be selected.
When storage media has reached the end of its useful life, data must be wiped from
it in a secure manner which can include using some built-in operating system tools. 0:05:38
Linux administrators can use the dd command to wipe disk partitions by overwriting
them with random data.
The use of social media platforms has skyrocketed in recent years. Organizations
must take the appropriate steps to ensure that sensitive data is not leaked through 0:02:12
this mechanism.
Cryptography is the practice of disguising information in a way that looks random.

This episode explores the history of cryptography and how it has evolved into the 0:15:52
complex systems today.
Data are not all the same. Whether data are at rest, in use, or in transit will affect 0:08:36
how you can best secure it.
This episode introduces various methods used to protect the critical keys in 0:07:18
cryptography that keep communication secure.
In this episode, Mike describes encrypting and decrypting data with the same key. He
also covers how symmetric algorithms can either be block or streaming and use 0:12:41
various types of ciphers depending on which one is used.
Symmetric block algorithms have limitations depending on which kind of cipher is
used. This episode explores the different block modes. 0:08:14
In this episode, Mike describes encrypting and decrypting data with different keys
and the magic that happens when key pairs are generated. 0:12:47
Learn the Diffie-Hellman key exchange agreement and methods in this very complex
algorithm. 0:06:52
Hashes provide assurance of data integrity using fascinating mathematical
0:08:43
calculations. Passwords are a very common use for hashing.
Digital certificates are used in many different places to verify the identity of a public
key owner. They can also include verification from third parties for an added layer of 0:07:39
security.
Web of trust is a mostly outdated method of proving identities, however it is helpful
to understand as the predecessor of public key infrastructure (PKI) which is widely 0:04:44
used today.
In this episode, Mike discusses public key infrastructure (PKI), used to enable 0:03:39
commerce and other secure activities over the Internet.
Mike reviews different types of certificates including Web, e-mail, code-signing, 0:14:10
machine/computer, and user.
Mike tours various certificates in this episode. 0:08:47
In this episode, Mike explains how encrypted information is at risk and explores ways
to protect it. 0:05:23
Passwords are often stored in hash format but can still be susceptible to attacks. The
various password attacks include brute force, dictionary, and rainbow table. Salting 0:10:12
and key stretching add another layer of security to hashed passwords.
Dan demonstrates how to use a password cracking tool to turn hashed passwords
into cleartext. 0:06:08
Protecting sensitive data can be done using many techniques. In this episode , the 0:02:27
viewer is tested on the best security control for a given scenario.
Multifactor authentication should always be used for administratrive accounts. In 0:09:03

this demo, SSH public key authentication is configured for a Linux host.
Digital cryptocurrencies provide a centralized public way to pay for goods and
services. This video explains the relationship between cryptocurrency, public 0:01:44
ledgeres and the blockchain.
Authorization to access resources occurs after the successful proving of one’s

identity through authentication. 0:07:58
Multifactor authentication (MFA) hardens user sign-in by requiring more than one
factor, or category of authentication, such as something you know combined with 0:04:43
something you have.
What role does authorization play in identity and access management (IAM)?
Authorization relates to resource permissions granted to a security principal such as 0:04:48
a user or device.
The 3 As – authentication, authorization, and accounting/auditing, play a big role in
IT security. Tracking activity through auditing provides accountability for access to 0:05:21
resources such as files on a file server or database rows.
Have you ever had trouble remembering usernames and passwords for multiple web
apps? Password vaults serve as a protected credential repository in addition to
common authentication methods such as one-time password codes, certificate- 0:14:03
based authentication and SSH public key authentication.
Controlling access to resources begins with policies governing how credentials are
managed. Permissions to use resources can be configured through attribute-based 0:06:47
access control (ABAC), role-based access control (RBAC), discretionary access control
(DAC), and for high security environments, mandatory access control (MAC).
Accountability for resource access is possible only with people using their own
unique user accounts where the principle of least privilege has been applied, ideally
through group-assigned permissions. Account policies can determine conditions that 0:13:01
allow or deny resource access, such as the location of a user.
Older network authentication protocols such as password authentication protocol
(PAP) and challenge handshake authentication protocol (CHAP) have been
deprecated in favor of protocols such as Kerberos and extensible authentication 0:09:01
protocol (EAP). Variations of the RADIUS authentication protocol are still used to
authenticate users and devices to networks.
How can authentication be removed from individual apps? The answer is identity
federation, which uses a centralized identity provider that is trusted by resources, 0:05:51
such as Web apps, and can also support single sign-on (SSO).
There are a variet of ways in which user authentication can be implemented prior to
allowing user access to the Internet. This question presents a scenario require user 0:02:15
sign-off to a terms of agreement before gaining Internet access.
User and group management in Linux can be performed at the command line. This
demo makes use of the useradd and groupadd commands to create authentication 0:05:44
identities.
Authentication can be configured and managed within a single organization to
control access to IT resources. This episode covers identity federation and its 0:01:16
relationship to identity and resource providers.
The command-line interface (CLI) allows technicians to interact with Windows, Linux,
and macOS systems by typing in commands such as ping and ipconfig. Windows uses
a command prompt, macOS uses a terminal shell and Linux can use a variety of shells 0:16:07
including bash. Microsoft PowerShell is an object-oriented CLI supported on
Windows, Linux, and macOS.
Shells allow technicians to enter commands, such as a Linux bash shell or a Windows
command prompt. Reverse shells are the result of infected victim machines that 0:06:01
reach out to an attacker station.
The Windows command line is spawned by cmd.exe. Security technicians can

automate tasks using batch file scripts containing commands such as whoami and 0:04:31
ipconfig. Powershell.exe can be spawned from a Windows command prompt in order
to use PowerShell cmdlets.
Is there a better way to automate operating system commands than through scripts
and text manipulation? Yes! Microsoft PowerShell is an object-oriented cross- 0:12:22
platform command environment that uses a verb-noun type of syntax, such as with
the Get-Service cmdlet.
A Linux shell is a case-sensitive command line environment that supports scripting
and comes in various flavors including bash, Korn and C shells. 0:11:40
Python is a multi-platform case-sensitive scripting language that requires a Python

interpreter to be installed. 0:07:25
Security technicians must be comfortable with Windows commands for standard 0:16:08
maintenance and security tasks using commands such as ping, netstat, and icalcs.
Security technicians must be comfortable with Linux commands for standard
maintenance and security tasks using commands such as head, tail, grep, dig, and 0:09:19
setting file system permissions with chmod.
How do attackers discover networks and hosts? Network scanners such as Nmap are
used by attackers as well as legitimate security technicians to perform network 0:05:07
reconnaissance.
Nmap is the most commonly used network scanning tool. Scans can be saved as XML
files. Nmap can be used at the command line but it also has a frontend GUI named 0:08:58
Zenmap.
Network traffic can be captured, saved, and analyzed using a properly placed
hardware or software network protocol analyzer such as the free Wireshark tool. 0:08:01
Capture analysis can result in identifying indicators of compromise or the use of
insecure protocols.
Wireshark is a free open-source network traffic analyzer that can capture, analyze, 0:08:58
filter, and save captured network packets.
tcpdump is a built-in Unix and Linux command-line tool that can capture, analyze, 0:08:16
filter, and save captured network packets.
Log files can provide valuable insights related to suspicious network, host or
application activity, but only if log file integrity can be ensured. Centralized logging in 0:08:35
the enterprise on a secured logging host ensures an accurate copy of log files can be
used for security and performance analysis.
Network infrastructure and host and application logs can be stored centrally such as
with Linux or Windows log forwarding. This can then be fed into a centralized log 0:08:48
ingestion and analysis system, otherwise called SIEM.
Centralized Linux log hosts can be configured using the rsyslog daemon on Linux 0:08:20
hosts.
Managing Linux host authentication can involve the use of many command-line
utilities. This episode focuses on the sequence of steps needed to enable SSH public 0:02:57
key authentication.
Shell scripts contain Linux command that can be invoked simply by calling upon the
script name. In this demo, a simple utility menu loop is created in a bash shell script. 0:07:09
IT network reconnaissance begins with discover hosts and services on the network. 0:04:31
This episode uses the nmap command to map out hosts on the network.
Malware is malicious software that comes in many different shapes and sizes. This
episode tackles examples of malicious code and how it related to Visual Basic for 0:02:12
Applications (VBA).
Malicious software is referred to as malware and includes various types including

ransomware, fileless viruses, worms, keyloggers, and trojan horses. Infected 0:13:42
computers that periodically contact command and control servers are called bots or
zombies.
A lack of secure configurations for networks, devices, and hosts results in an

increased attack surface. Default settings, especially credentials, should not be used. 0:11:37
Deprecated security protocols such as WEP and SSL should also be avoided.
Staying up-to-date with the latest types of security attacks is form of attack
mitigation. Keeping systems hardened helps protect against zero-day attacks.
Software develops must adhere to secure coding practices to ensure deployed code 0:09:07
does not contain security flaws.
Malicious actors can trick victims into installing malicious code such as driver shims.
Software programming flaws related to memory allocation can result in security
0:07:55
threats. Secure coding, patching, and user awareness go a long way in mitigating
these types of security issues.
Username and password authentication remains common, as do related dictionary

and brute-force attacks. Account lockout threshold can mitigate password attacks 0:08:04
other than password spraying attacks.
Distributed Denial of Service (DDoS) attacks use collections of infected bots, or
zombies in a botnet, to flood victims hosts or networks. Bots periodically contact a 0:06:14
malicious-user controlled command and control server.
Data availability, including through disk redundancy, is an aspect of IT security. There
are various RAID levels that organize physical disks together to provide performance 0:10:12
and/or fault tolerant benefits.
All IT solutions, in the end, run on hardware somewhere. Restricting physical access
to IT hardware such as through locked server rooms and encryption of data at rest 0:11:04
provide a layer of security.
In the enterprise, endpoint detection and response solutions report to a centralized

SIEM solution when abnormal activity, including malware, is detected on hosts and 0:09:03
devices. Intrusion detection and prevention systems (IDS/IPS) are the engine for this
type of solution and can be configured with allow/deny lists.
Monitoring the network for intrusions is paramount to ensure a timely mitigation.

This episode presents a monitoring scenario that requires the view to identify which 0:02:19
type of attack took place.
RAID configurations can enhance the performance and availability of stored data,
depending on the level of RAID used. In this demo, software RAID level 1 (disk 0:07:31
mirroring) is configured in Linux.
Securing hosts properly should involve both a proactive and a reactive approach. This 0:01:44
episode discusses what can be done about zero-day attacks.
Is there a standard model for describing and mapping network hardware and
software? Yes, the 7-layer conceptual OSI model! Understanding network security
0:12:30
and selecting the appropriate security solutions requires a solid understanding of the
OSI model.
ARP is used to resolve an IP address to a 48-bit hexadecimal hardware MAC address.

Attackers with network access can fraudulently send ARP updates to hosts in order 0:08:39
to force network traffic through the attacker station.
Layer 2 of the OSI model (Data Link layer) accessing network media and addressing
using MAC addresses. MAC address flooding attacks and broadcast storms can be 0:05:19
mitigated with network switches configuring with BPDU and STP.
Which security considerations are important when planning your network design? IP
addressing and network segmentation using screened subnets can be used for
hosting public servers. VLANs can improve network performance and provide 0:07:05
network isolation for security purposes.
Active/active and active/passive load balancing can efficiently route client application
requests to backend servers. Load balancing improves application performance and 0:05:39
resiliency to a single application server failure.
Securing networks restricts access to the network while securing services on the
network. 802.1x network edge devices can limit network access. Rogue DHCP servers
can be mitigated with DHCP snooping configurations. Secure remote server 0:06:17
management is possible using a jump box/bastion host which has both public and
private network connections.
How can malicious attacker and malware activity be monitored without allowing the
compromise of production systems? Honeypots are fake decoy systems designed to 0:06:01
attract malicious activity for the purpose of logging and tracing activity.
Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and
examine only packet headers to allow or deny network traffic. Content filtering
firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as 0:11:16
well as content to allow or deny traffic. A Web application firewall (WAF) protected
Web apps from common Web application attacks.
Forward proxies sit between internal user devices and the Internet and fetch
Internet content on behalf of internal users. Reverse proxies map public network 0:06:15
service IPs to private IPs; they route client requests for a network service to the
backend server private IP.
Network address translation (NAT) maps external public IPs to internal private IPs to
protect the true identity of servers. Port address translation (PAT) allows multiple 0:06:48
internal network clients with private IPs to access the Internet using a single public IP
assigned the NAT device public interface.
The IPsec network security protocol suite can be used to secure any type of network
traffic through integrity, authentication and encryption. Many VPNs use IPsec to 0:08:54
establish an encrypted network tunnel.
VPNs provide an encrypted network tunnel over the Internet to provide secure
access to a remote network. Client-to-site VPNs allow individual device access where 0:09:59
site-to-site VPNs can securely link branch offices over the Internet or securely link an
on-premises network to the cloud through a L2TP or TLS VPN.
Intrusion detection can detect, log, report, and send alerts when suspicious activity is
detected on a host or on the network, whereas intrusion prevention can be
configured to stop the suspicious activity. Anomaly detection can be signature-based 0:13:01
or heuristic/behavior-based. Unified threat management (UTM) solutions combine
firewall, IDS, IPS, and other security functions.
Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode 0:03:25
discussed ARP poisonning attacks and potential mitigations.
An Intrusion Detection System (IDS) is designed to detect suspicious network or host
activity and then log or notify the incident. In this episode, the Snort IDS is 0:07:20
configured and tested in Linux.
Secure Sockets Layer (SSL) has long been used to secure network communication on
LANs and WANs. This episode discusses how Transport Layer Security (TLS) 0:01:12
supersedes SSL in addition to continued backwards-compatibility support that
remains for SSL.
Securing Wi-Fi networks is crucial since physical access is not required to gain
network access. In this video Wi-Fi security standards such as WEP, WPA, and WPS 0:09:43
are discussed.
While there are many wireless network standards, which ones are designed for close
proximity? This video covers RFID, NFC and Bluetooth wireless network 0:06:50
communications.
Optimizing Wi-Fi communication means ensuring there is proper coverage over a

given area and that there are no wireless interference issues from other transmitting
devices. A wireless site survey with a heat map can identify overlapping Wi-Fi 0:08:19
channels or wireless dead spots where connectivity may need to be improved.
Is your Wi-Fi network completely invisible if you disable SSID broadcasting? No!
Periodic beacon frames are still sent wirelessly with the WLAN name field excluded. 0:12:09
Freely available tools can be used to discover and crack WEP and WPA passphrases.
One way to crack WPA2 passphrases is to de-authenticate an existing connected

client, then capture and analyze the client re-authenticating. This episode will 0:10:30
demonstrate how to perform an offline dictionary attack using a WPA2
authentication packet capture file.
There are many options for securing Wi-Fi networks. Disabling items such as WLAN
name broadcast, DHCP, and public network management are the first consideration. 0:10:30
Using WPA3 enterprise mode and changing default settings also help harden your
Wi-Fi network.
Malicious users will often mimic legitimate services in an attempt to trick

unsuspecting victims into connecting to the service. This episode presents a scenario 0:01:42
where the viewer must determin what type of attack has taken place.
Wi-Fi Protected Access (WPA) protectes Wi-Fi network communnications. This

episode demonstrates how there are ways to crack a WPA2 using offline attack 0:06:28
methods.
Some wireless networking attacks involve deception. In this episode, Mike describes 0:01:16
how there are variations of Evil Twin attacks including through DNS.
Public servers offer services to Internet users. These servers should be hardened and
placed on an isolated network such as a screened subnet or DMZ so that in the case 0:00:45
of compromise, lateral movement by the attacker will not allow access to other
sensitive hosts.
Public servers are subjected to many types of attacks that can be mitigated by
hardening the network and host using a wide variety of methods. This episode
covers common attacks include DDoS, URL hijacking/redirection, session replay, and 0:09:46
pass-the-hash.
Modern software development often uses application containers which serve as a

logical boundary for app files and settings outside of the operating system. This 0:11:26
episode also covers software-defined networking (SDN).
Hypervisors are servers configured to host virtual machine guests. This episode will
discuss Type 1 and Type 2 hypervisors as well as hardening. 0:08:24
Virtualization alone does not constitute cloud computing; a number of characteristics

such as resource pooling and metered usage must also be involved. This episode 0:08:44
discusses public, private, hybrid and community clouds.
Cloud computing services are categorized using the term “as a service” (aaS). This
episode discusses IaaS, Paas, SaaS, and where responsibility lies for each type of 0:08:27
service.
Cloud security is generally split between the Cloud Service Provider (CSP) and the
cloud tenant, depending on which type of cloud service is being used. Security
solutions include firewalls, data loss prevention tools as well as a Cloud Access 0:10:18
Security Broker which enforces cloud computing security policies.
Public servers can be hosted as virtual machines in the public cloud. In this episode, a
scenario is presented where a virtual machine requires access to specific cloud-based 0:02:10
resources.
Containerized applications are self-contained boundaries consisting of only

application files, not an operating system. This demo shows how to work with Docker 0:04:07
containers on the Linux platform.
Virtual machines, often referred to as instances, are widely used both on-premises
and in the cloud. This episode tackles issues related to being aware of deployed 0:01:59
instances in the interest of reducing the attack surface.
Embedded systems use an operating system burned into one or more chips and have
a defined function, such as running an elevator or proving Wi-Fi services. In this 0:13:16
episode, Industrial Control Systems, Internet of Things (IoT), Raspberry PI and
Arduinos are discussed.
ICSs use computing devices to automate tasks in a fast dependable way using
Programmable Logic Controllers (PLCs). This episode also covers Supervisory Control 0:06:42
and Data Acquisition (SCADA).
IoT devices are function-specific and can communicate over the Internet. Examples
include environmental control devices, medical devices, and video surveillance 0:10:03
systems. This episode also covers the Zigbee smart home automation protocol.
There are many modern wireless communication standards. This episode discussed
the Global Positioning System (GPS), 4G and 5G cellular, Wi-Fi Direct, and mobile 0:10:52
device tethering.
Some dedicated device security settings are limited, or patches are not available, and
should be placed on isolated networks that do not contain sensitive systems or data. 0:05:09
Mobile devices have limited CPU and battery power which limits characteristics such
as the ability to quickly process cryptographic algorithms.
Organizations normally allow the use of personal or work-issued mobile devices for
work purposes through provisioning schemes such as Bring Your Own Device (BYOD)
0:11:18
and Choose Your Own Device (CYOD). This episode also discusses Subscriber Identity
Module (SIM) cards and mobile device hardening.
Critical infrastructure IT systems can sometimes be vulnerable to attacks. In this

episode, a scenario is presented in which the best solution must be implemented to 0:02:34
protect Programmable Logic Controllers (PLCs).
Smartphones are small computers that almost everybody carries around with them.
Many standard desktop computer hardening techniques can be applied to 0:02:31
smartphones.
Some IT solutions are dedicated to serving specific functions. In this episode, Mike 0:02:13
discusses the security aspect of using Zigbee devices.
Physical security matters because all digital IT systems and data rely upon physical 0:01:00
equipment somewhere.
This episode covers physical security controls such as door lock types and bollards, as 0:09:53
well as encryption of data at rest.
Limited access to network computers can prevent malicious actors from installing
components such as hardware key loggers, which can capture all user keystrokes and 0:04:44
make them available to an attacker over a Wi-Fi network.
Computing equipment must be kept at the correct temperature and humidity levels
to function efficiently. This episode covers air flow management using hot and cold 0:05:25
aisles as well as environmental monitoring.
IT systems are greatly affected by physical security. This episode presents a scenario
in which only some security controls effectively mitigate a security problem. 0:02:24
A full IT security audit always includes physical security. In this episode, physical
security considerations are presented. 0:02:54
Some physical security controls protect physical property which includes harware IT
devices. In this episode, IP cameras and CCTV are discussed. 0:02:42
DNS is a crucial network service used by everybody to resolve names to IP addresses

and as a result, it is a target for attackers. This episode also discusses other protocols 0:05:10
such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).
FTP continues to be used for file transfers over the Internet, but it is inherently
insecure. This episode also discusses how to harden the use of FTP by instead using 0:03:29
secure variations such as SSH File Transfer Protocl (SFTP) and File Transfer Protocol,
Secure (FTPS).
This episode covers how to harden Web and e-mail servers using load balancers,
0:11:58
proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.
Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF)
attacks. This episode explains how these attacks occur and how they can be 0:04:56
mitigated.
Web apps that do not properly validate or sanitize user-supplied input could be
susceptible to Cross-Site Scripting (XSS) attacks. 0:07:16
The OWASP Top 10 identifies common Web application attacks. This episode also
discusses secure coding practices that should be applied to each system (or software) 0:08:01
development life cycle (SDLC) phase.
This episode shows how specialized Web application vulnerability scanning tools can
be used to identity security flaws in a Web application. 0:05:43
Connecting to any Internet resource commonly uses DNS to resolve host names to IP
addresses. In this episode, the viewer is presented with a DNS scenario and must 0:03:21
determine which type of attack has occurred.
The OWASP to 10 is a list of the most common web application attacks. Using the
OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for 0:04:24
common vulnerabilities.
Securing web applications involves not only IT administrators but also software
developers. In this episode, Mike provides a distinction between input validation and 0:02:00
input sanitization.
With so many security vulnerabilities out there, a good IT security tech must know 0:04:37
how to robustly test their network and physical security measures.
Tricking people into doing something, or divulging sensitive information – this is
social engineering. This episode discusses a pretext, or believable story, that often 0:05:48
goes along with this type of activity.
Social engineering attacks can take place over the phone, in person, or through
technology. This episode discusses concepts such as spam, phishing and DNS URL 0:10:47
redirection.
This episode discusses how to use tools to identify security flaws on hosts or for a
specific application. Topics include credential vs non-credential scans and keeping 0:08:52
the vulnerability database up to date.
This episode focuses on how penetration testing discovers and exploits security
vulnerabilities. Concepts covered include known, partially known, and unknown 0:09:39
testing types as well as the role that red, white, blue, and purples teams play.
Open-source and proprietary (paid) security assessment tools are used by security
analysts and malicious actors; what differs is the reason they are being used. The
scanless tool uses Web sites to perform port scanswhile the hping3 tool allows for 0:11:30
the creation of spoofed packets, among other capabilities.
Penetration testers can use the cross-platform Metasploit framework command-line
tool for discovering and exploiting security flaws on hosts. 0:08:01
Penetration testing provides insight as to how secure an organization's physical and 0:01:46
IT infrastructure really is. In this episode, a pen testing scenario is provided.
The hping3 tool provides many services, including the creation of network packets
based on command-line parameters. This episode demonstrates to to craft packets 0:06:05
using the hping3 tool.
One aspect of security testing is determining if internal employees have an
awareness of common security problems. In this episode, Mike discusses phishing 0:01:41
and whaling.
Responding to incidents in a timely and effective manner is the result of proactive

planning with defined roles and responsibilities. 0:02:57
An IRP provides guidance on how security incidents are dealt with effectively while
they are occurring. The IRP includes roles, responsibilities, a contact list and
escalation procedures. IRPs should be updated periodically through lessons learned 0:06:01
from past incidents.
Stepping through how attackers manage to compromise a system or exfiltrate data

helps harden environments to prevent future incidents. This episode covers the
Cyber Kill Chain, the Mitre ATT&CK Framework, the Diamond Model of Intrusion 0:07:40
Analysis, and how Security Orchestration, Automation, and Response (SOAR) tools
can reduce incident response time.
The application of computer science to legal situations include evidence gathering is 0:12:14
referred to as digital forensics. This episode covers e-discovery, and steganography.
This episode covers chain of custody, evidence order of volatility, and digital 0:09:44
forensics tools used to acquire evidence.
Business continuity ensures that business processes can continue despite
interruptions. Continuity of operations (COOP), disaster recovery plans (DRPs), as 0:06:11
well as hot, warm, and cold alternate sites are discussed.
Backing data up provides availability in the event of data deletion, corruption, or

encryption through ransomware. This episode discusses backup settings such as 0:09:45
compression and encryption, as well as full, differential, and incremental backup
types.
Incident response strives to minimize security issues as they are happening.

0:00:59
In this episode, an incident response scenario is presented.
Digital forensics is the cross-pollination of computer science and law. In this

demonstration, Dan shows how to use the Autopsy forensic tool to work with 0:04:58
a disk image to retrieve a deleted file.
There is much to be learned by analyzing past security incidents. In this
0:02:12
episode, Dan discussed the Cyber Kill Chain.
Total Video
File Name Resources Series Time: 19:26:06
CompTIA Security+ SY0-601 Exam

Objectives.pdf
c01_e01_defining_risk Chapter_01_Handout.pdf
c01_e02_threats_and_vulnerabilities
c01_e03_threat_intelligence
c01_e04_risk_management_concepts
c01_e05_security_controls
c01_e06_risk_assessments_treatmen
ts
c01_e07_quantitative_risk_assessme
ments
c01_e08_qualitative_risk_assessment
s
c01_e09_business_impact_analysis
c01_e10_data_types_and_roles
c01_e11_security_and_the_info_life_
cycle
c01_e12_data_destruction
c01_e13_personnel_risk_and_policie
s
c01_e14_third_party_risk_managem
ent
c01_e15_agreement_types
c01_e16_ch_1_exam_question_revie
w.mp4
c01_e17_wiping_disks_with_dd_lab. Chapter 1 Lab Handout.pdf

mp4
c01_e18_ch_1_ama.mp4
c02_e01_cryptography_basics Chapter_02_Handout.pdf
c02_e02_data_protection
c02_e03_cryptographic_methods
c02_e04_symmetric_cryptosystems
c02_e05_symmetric_block_modes
c02_e06_asymmetric_cryptosystems
c02_e07_diffie_hellman
c02_e08_hashing
c02_e09_understanding _digital
_certs
c02_e10_trust_models
c02_e11_public_key_infrastructure
c02_e12_certificate_types
c02_e13_touring_certificates
c02_e14_cryptographic_attacks
c02_e15_password_cracking
c02_e16_password_cracking_demo
w.mp4
c02_e18_ssh_public_key_authentica
tion.mp4 Chapter 2 Lab Handout.pdf
c03_e01_id_authentication_authoriz
ation Chapter_03_Handout.pdf
c03_e02_enabling_multifactor_authe
ntication
c03_e03_authorization
c03_e04_accounting
c03_e05_authentication_methods
c03_e06_access_control_schemes
c03_e07_account_management
c03_e08_network_authentication
c03_e09_identity_management_syst
ems
w.mp4
c03_e11_creating_linux_users_group
s_lab.mp4 Chapter 3 Lab Handout.pdf
c04_e01_touring_the_cli Chapter_04_Handout.pdf
c04_e02_shells
c04_e03_the_windows_command_li
ne
c04_e04_microsoft_powershell
c04_e05_linux_shells
c04_e06_python_scripts
c04_e07_windows_command_line_t
ools
c04_e08_linux_command_line_tools
c04_e09_network_scanners
c04_e10_network_scanning_with_n
map
c04_e11_network_protocol_analyzer
s
c04_e12_wireshark_analyze_network
_traffic
c04_e13_tcpdump_analyze_network
_traffic
c04_e14_log_files
c04_e15_centralized_logging
c04_e16_configuring_linux_log_forw
arding
w.mp4
c04_e18_linux_shell_script_lab.mp4
Chapter 4 Lab Handout Part
1.pdf
c04_e19_nmap_lab.mp4
Chapter 4 Lab Handout Part
2.pdf
c05_e01_malware Chapter_05_Handout.pdf
c05_e02_weak_configurations
c05_e03_common_attacks
c05_e04_driver_and_overflow_attack
s
c05_e05_password_attacks
c05_e06_bots_and_botnets
c05_e07_disk_raid_levels
c05_e08_securing_hardware
c05_e09_securing_endpoints
w.mp4
Chapter 5 Lab
c05_e11_linux_software_raid_lab.mp Chapter 5 Lab Handout Part
Handout Part
4 1.pdf
2.pdf
c06_e01_osi_model Chapter_06_Handout.pdf
c06_e02_arp_cache_poisoning
c06_e03_other_layer_2_attacks
c06_e04_network_planning
c06_e05_load_balancing
c06_e06_securing_network_access
c06_e07_honeypots
c06_e08_firewalls
c06_e09_proxy_servers
c06_e10_network_and_pat
c06_e11_ip_security
c06_e12_virtual_private_networks
c06_e13_intrusion_detection_preven
tion
w.mp4
c06_e15_linux_snort_ids_lab.mp4 Chapter 6 Lab Handout.pdf
c07_e01_wi_fi_encryption_standards Chapter_07_Handout.pdf
c07_e02_rfid_nfc_and_bluetooth
c07_e03_wi_fi_coverage_and_perfor
mance
c07_e04_wi_fi_discovery_and_attack
s
c07_e05_cracking_wpa2
c07_e06_wi_fi_hardening
w.mp4
c07_e08_wpa2_cracking_lab.mp4 Chapter 7 Lab Handout.pdf
c08_e01_defining_a_public_server Chapter_08_Notes_Slides.pdf
c08_e02_common_attacks_and_miti
gations
c08_e03_cont_and_soft_defined_net
working
c08_e04_hypervisors_and_virtual_m
achines
c08_e05_cloud_deployment_models
c08_e06_cloud_service_models
c08_e07_securing_the_cloud
w.mp4
c08_e09_docker_container_lab.mp4 Chapter 8 Lab Handout.pdf

c09_e01_embedded_systems Chapter_09_Handout.pdf
c09_e02_industrial_control_system
c09_e03_iot_devices
c09_e04_conn_to_dedicated_and_m
obile
c09_e05_sec_constraints_for_dedicat
ed_sys
c09_e06_mobile_deploy_and_harde
ning
w.mp4
c09_lab_01_smartphone_hardening.
mp4 Chapter 9 Lab Handout.pdf
c10_e01_physical_security_overview Chapter_10_Handout.pdf
c10_e02_physical_security
c10_e03_keylogger_demo
c10_e04_environmental_controls
c10_e05_ch_10_exam_question_revi
ew.mp4
c10_lab_01_physical_security.mp4 Chapter 10 Lab Handout.pdf
c11_e01_dns_security Chapter_11_Handout.pdf
c11_e02_ftp_packet_capture
c11_e03_secure_web_and_email
c11_e04_request_forgery_attacks
c11_e05_cross_site_scripting_attacks
c11_e06_web_application_security
c11_e07_web_app_vulnerability_sca
nning
ew.mp4
c11_e09_owasp_zap_lab.mp4 Chapter 11 Lab Handout.pdf
c12_e01_testing_infrastructure_over Chapter_12_Notes_Slides.pdf
view
c12_e02_social_engineering
c12_e03_social_engineering_attacks
c12_e04_vulnerability_assessments
c12_e05_penetration_testing
c12_e06_security_assessment_tools
c12_e07_the_metasploit_framework
ew.mp4
c12_e09_hping3_forged_packet_lab.
mp4 Chapter 12 Lab Handout.pdf
c13_e01_incident_response_overvie
w Chapter_13_Handout.pdf
c13_e02_incident_response_plans
c13_e03_threat_analysis_mitigating_
actions
c13_e04_digital_forensics
c13_e05_gathering_digital_evidence
c13_e06_business_cont_alt_sites
c13_e07_data_backup
c13_e08_ch_13_exam_question_r
eview.mp4
c13_e09_autopsy_forensic_brows Chapter 13 Lab Handout.pdf

er_lab.mp4
Question Answer 1 Answer 2
1 Risk Management
Which type of malicious actor is characterized by

1 lacking sophisticated technical skills and using cracking Hacktivist State-sponsored
tools created by others?
You need to subscribe to a threat intelligence feed

using your Unified Threat Management (UTM) solution.
2 Which standard protocol is used by UTM tools to STIX HSM
exchange threat intelligence information?
You are reviewing Web server logs after a Web

3 application security breach. To what type of security Detective Preventative
control do log reviews relate?
After analysing the risk associated with working with an

external organization to fulfil a government contract,
4 you decide to enter into a contractual agreement after Risk acceptance Risk mitigation
applying security settings to the external organization.
What type of risk treatment is this?
Multiply the Annual Multiply the Asset

5 How is an asset's Single Loss Expectancy (SLE) derived? Rate of Occurrence Value (AV) by the
(ARO) by the Exposure Factor
Exposure Factor (EF). (EF).
Multiply the Annual Multiply the Asset

Rate of Occurrence Value (AV) by the
6 How is the Annual Loss Expectancy (ALE) calculated?
(ARO) by the Exposure Factor
Exposure Factor (EF). (EF).
Which type of risk assessment is based on subjective

7 opinions regarding threat likelihood and threat impact Risk heat map Qualitative
severity?
Your company is hiring new employees that may come

into contact with sensitive data during the course of
8 their jobs. Which type of document is normally signed ISA NDA
by employees during the user on-boarding process to
ensure that they will not disclose sensitive data?
2 Cryptography
Which term describes the result of plaintext that has
1 been fed into an encryption algorithm along with an Hash Ciphertext
encryption key?
You are ordering laptops for sales executives that travel
for work. The laptops will run the Windows 10 Order laptops with Order laptops with
2 Enterprise operating system. You need to ensure that HSM chips and HSM chips and
protection of data at rest is enabled for internal laptop configure BitLocker configure EFS
disks. The encryption must be tied to the specific disk encryption. encryption.
laptop. What should you do?
Which type of encryption uses a single key for

3 encryption and decryption? Asymmetric RSA
4 You are decrypting a message sent over the network. Your public key Sender public key
Which key will be used for decryption?
5 You are verifying a digital signature. Which key will be Your public key Sender public key
used?
6 Which technique is used to enhance the security of Password length Key pinning
password hashes?
Which block cipher mode uses the ciphertext from the

7 previous block to be fed into the algorithm to encrypt CFB ECB
the next block?
Your company has numerous public-facing Web sites Generate self-signed Acquire public
that use the same DNS domain suffix. You need to use
8 certificates for each certificates for each
PKI to secure each Web site. Which solution involves Web sit Web site
the least amount of administrative effort?
3 Identity and Account Management
1 Which of the following constitutes multifactor Username +

authentication (MFA)? password device PIN Fingerprint scan
A user gains access to a secured Web application using

2 a digitally signed security token in the form of a Web Accounting Authorization
browser cookie. To which security term does this best
apply?
3 Which authentication mechanism generates a code for Multifactor Single factor

use only once? authentication authentication
You are configuring SSH public key authentication for a User home
4 Linux host that will be managed from a Windows User home directory directory on the
on the Linux server
computer. Where must the public key be stored? Windows host
You are configuring a Windows file server so that files

5 marked as “PII-Finance” are accessible only to full-time ABAC RBAC
users in the Finance department. What type of access
control model are you configuring?
6 Which technique adds location metadata to social Geofencing Global positioning
media posts and pictures? system
You are building a Web application that will allow users Multifactor
7 to sign in with their Google account. Which term best Identity federation
describes this scenario? authentication
What type of authentication server is used with IEEE

8 802.1x network access control? LDAP RADIUS
4 Tools of the Trade
1 Which file extension is normally used for Microsoft BAT PY

PowerShell scripts?
You are a Linux sys admin attempting to execute Use the sudo Use the chmod
2 privileged commands in Linux but you keep receiving command command
“Permission denied” messages. What should you do?
Which Linux command can be used to create an SSH

3 public and private key pair? md5sum sha256sum
The chgrp
You have created a Python script named You must be logged command was not
4 “remove_temp.py.” When you attempt to run the in as root to execute used to set the
script at the Linux command line, it does not execute at
all. What is the most probable reason? Python scripts. script owning
group.
You need to use the Windows command line to

5 determine if the RDP listener is running. Which netstat –p tcp –n | netstat –p tcp –n |
command should you use? find “3389” find “389”
You need to test DNS name resolution on a Windows

6 dig nslookup
client device. Which command should you use?
7 You are logged into a Linux host and need to view its IP dig nslookup
address. Which command should you use?
You are setting file system permissions for a Linux script

named “script1.sh.” You need to ensure that anybody chmod 074
8 chmod 777 script1.sh
can execute the script. Which command should you script1.sh
use?
5 Securing Individual Systems
1 Which of the following Wi-Fi configurations is WPA3 RADIUS

considered to be the weakest? authentication
2 You are planning the configuration of HTTPS for a Web Client PKI certificates Server PKI
site. Which items should be acquired/configured? certificate
Which type of security flaw is not known by the
3 Firmware Denial of service
vendor?
4 Which type of security problem stems from improper Race condition Driver shimming
memory handling?
5 Which type of password attack tries every possible Dictionary Brute-force

combination of letters, numbers and symbols?
Client devices are Client devices are

While comparing previous and current network traffic performing normal performing normal
6 patterns, you notice new numerous DNS client queries forward lookup DNS reverse lookup DNS
for TXT records. What might this indicate? queries for IP
queries for Web sites. addresses.
You are configuring the disks in a server so that in the

7 event of a single disk loss, a second disk will already RAID 0 RAID 1
have all of the data. Which RAID level should you
configure?
You need a network security solution that can not only Reverse proxy
8 detect, but also stop current suspicious activity. What Layer 4 firewall
should you implement? server
6 The Basic LAN

TCP port numbers apply to which layer of the OSI
1 model? 2 3
Network devices Network devices

modify their DNS modify their ARP
cache to use the cache to use the
2 What is the general premise of ARP cache poisoning? attacker MAC address attacker IP address
for the default for the default
gateway. gateway.
Disable link auto

3 Which mitigation can prevent network switching loops? MAC filtering
negotiation
4 Which load balancing algorithm sends each client app Weighted Active/passive
request to the next backend virtual machine?
Which term describes an end user device attempting to

5 connect to an IEEE 802.1x Wi-Fi network configured RADIUS client Applicant
with network authentication?
6 To which OSI layer do packet filtering firewalls apply? 2 3

You need to force user authentication and time-based
restrictions for internal client devices connecting out to Port address
7 the Internet. You also need to ensure client device IP Reverse proxy server translation
addresses are not exposed to the Internet. What should
you implement?
7 Securing Wireless LANs
1 Which Wi-Fi term is synonymous with the WLAN name? BSSID WPA
2 Which Wi-Fi standard pairs devices together using a WPA WPS

PIN?
Your hotel provides free Wi-Fi to guests. The Wi-Fi Send automated
network is secured. You would like to provide a simple emails to registered Provide guests with
3 convenient way for guests to immediately connect to guests with Wi-Fi a printout of Wi-Fi
connection
the Wi-Fi network using their smartphones. What connection information.
should you do? information.
4 What approximate range do Bluetooth Class 2 devices 10 feet 30 feet

have?
You are performing a Wi-Fi site survey due to
complaints about slow wireless network connectivity.
5 -120 dBm -80 dBm
Which reading indicates a strong signal that will provide
the best wireless network speeds?
To forcibly To forcibly
disconnect Wi-Fi
6 When pen testing Wi-Fi networks, why is disconnect Wi-Fi clients to prevent
deauthentication sometimes used? clients to observe their Wi-Fi
authentication
connectivity.
7 Which Wi-Fi EAP configuring uses both client and server EAP-FAST EAP-TTLS
PKI certificates?
When connecting to a public Wi-Fi hotspot you are
8 presented with a Web page where you must agree to Reverse proxy server Port address
the terms of use before gaining Internet access. What is translation
this?
8 Securing Public Servers

You are developing a Web application that uses
1 cookies. You want to prevent client Javascript access to Samesite Secure
cookies. Which HTTP response header attribute flag
should you set?
You need to start a Docker container named “cust-dev-

lamp1.” The container image has a small HTTP Web sudo docker init –d – sudo docker run –d
2 server stack configure for TCP port 443 but you want p 4443:443 cust-dev- –p 443:4443 cust-
connectivity to occur using TCP port 4443. Which lamp1 dev-lamp1
Docker command should you use?
Which type of hypervisor runs within an existing

3 operating system? Type 1 Type 2
4 Which type of cloud is owned and used by a single Pubic Hybrid

organization?
With which cloud service model is the cloud tenant
5 SaaS IaaS
responsible for patching virtual machines?
Which cloud configuration enforces security policies

6 when accessing cloud resources? CSP CASB
9 Securing Dedicated Systems
Which term describes a specialized computer interface

1 that controls industrial devices such as manufacturing PLC SLA
robots and centrifuges?
Which smart home wireless networking protocol does

2 not use TCP/IP? ICS PLC
What is the proposed maximum speed of a 5G

3 network? 1 Gbps 3 Gbps
4 What is the approximate signal range for 4G cell 1 mile 3 miles

towers?
Which cryptographic algorithm uses smaller keys but

5 provides just as much crypto strength as other ECC RSA
algorithms with larger key spaces?
Which term describes installing a smart phone app

6 directly, without going through an app store? Geotagging Geofencing
10 Physical Security
1 Which type of device records everything a user types? Common Access Card Ransomware
2 Which physical security item mitigates the ramming of Bollard Security guards
vehicles into buildings?
3 Why is it important to install blanking panels on Rack security is Inventory gathering

equipment rack spaces that do not contain equipment? enhanced is made easier
4 Which server room consideration focuses on pulling Cold aisles Hot aisles
warm equipment exhaust air away from equipment?
Your company runs sensitive medical research
5 equipment and servers on a network named RNET-A. VLANs Layer 4 firewall
You need to ensure external network access to RNET-A
is not possible. Which technique should you use?
11 Secure Protocols and Applications

You need to ensure that DNS client query responses are
1 authentic and have not been tampered with. What IPsec DNSSEC
should you configure?
2 Which TCP/IP protocol is used for configuring and SNMP DNSEC

gathering remote network host statistics?
What type of attack hijacks authenticated sessions

3 between a client and a server? Cross-site scripting Denial of service
4 Which language is commonly used by attackers for XSS PowerShell Python

attacks?
In the client Web

5 Where do XSS attacks execute? On the Web server
browser
12 Testing Infrastructure
1 Which term is the most closely related to social Firewall Ransomware

engineering?
What is the most prevalent risk related to NOT

2 shredding paper documents? Impersonation Shoulder surfing
Which type of phishing attack occurs over SMS text

3 messaging? Vishing Smishing
4 What type of document is often signed by pen testers MOU NDA

before starting a pen test engagement?
Which Linux command-line tool can be used to

5 download files from a Web server? scanless hping3
13 Dealing with Incidents
1 Which type of planning is designed to deal with security Disaster recovery Business continuity
events as they occur? plan plan
You have determined that your department can

withstand the loss of no more than 3 hours of data, so
2 you have adjusted your backups to occur once every SLA HSM
three hours. To which term does this scenario best
apply?
Your company has determined that incident response
3 to security events must be automated to reduce SOAR SIEM
incident response time. What type of solution should
be implemented?
When gathering digital evidence, what is the correct Hard disk, USB thumb Hard disk, USB
4 order of volatility that dictates the order in which drive, RAM, CPU thumb drive, RAM,
evidence should be acquired? registers temporary files
5 Which term refers to hiding files within other files? Digital signature Hashing
Answer 3 Answer 4 Correct Answer
Script kiddie Criminal syndicate Script kiddie
PKI TAXII TAXII
Compensating Technical Detective
Risk transfer Risk avoidance Risk mitigation
Multiply the Annual Multiply the Exposure Multiply the Asset

Rate of Occurrence Factor (EF) by the risk Value (AV) by the
(ARO) by the Asset severity rating. Exposure Factor
Value (AV). (EF).
Multiply the Annual Multiply the Single Loss Multiply the Single
Rate of Occurrence Expectancy (SLE) by the Loss Expectancy
(SLE) by the Annual
(ARO) by the Asset Annual Rate of Rate of Occurrence
Value (AV). Occurrence (ARO).
(ARO).
Risk register Quantitative Qualitative
MOU MOA NDA
Message digest Digital signature Ciphertext

Order laptops with Order laptops with TPM Order laptops with
TPM chips and chips and configure TPM chips and
configure EFS BitLocker disk configure BitLocker
encryption. encryption. disk encryption.
Symmetric SHA256 Symmetric
Your private key Sender private key Your private key
Your private key Sender private key Sender public key
Multifactor Salting Salting

authentication
CBC OFB CFB
Acquire a wildcard Acquire an extended Acquire a wildcard

certificate validation certificate certificate
Username + password + Username +

Facial recognition answer to security password device
question PIN
Availability Authentication Authorization
One-time password Digital signature One-time password
User home
Root directory on the Root directory on the directory on the
Linux server Windows host
Linux server
DAC MAC ABAC

Geotagging Triangulation Geotagging
SAML LDAP Identity federation
Identity federation Active Directory RADIUS
PS1 SH PS1
Disable SELinux Use the sudo

Login as root enforcing mode command
ssh ssh-keygen ssh-keygen
The script does not The script does not The script does not
include the include the include the
#!/usr/bin/bash #!/usr/bin/env python #!/usr/bin/env
python directive. directive. python directive.
netstat –p udp –n | netstat –p icmp –n | find netstat –p tcp –n |

find “3389” “3389” find “3389”
tracert icacls nslookup
ipconfig ifconfig ifconfig
chmod o+rx chmod o+rx

chmod u+rw script1.sh
script1.sh script1.sh
Disable DHCP WEP WEP
Enable security
protocols that Enable security protocols Server PKI
that precede TLS v1.0 certificate
precede SSL v3.0
Application Zero-day Zero-day
Buffer overflow Driver refactoring Buffer overflow
Spraying Offline Brute-force
Client devices are Client devices are Client devices are

infected and are
infected and are infected and are attempting to
attempting to attempting to discover a discover a
remove the command and control
infection. server. command and
control server.
RAID 5 RAID 6 RAID 1
Network intrusion Network intrusion Network intrusion

prevention system detection system prevention system
4 7 4
Network devices Network devices

modify their ARP Network devices modify modify their ARP
cache to use the their DNS cache to use cache to use the
attacker MAC the attacker IP address attacker MAC
address for the for the default gateway. address for the
default gateway. default gateway.
Intrusion detection Spanning Tree

Spanning Tree Protocol
sensor Protocol
Round robin Least connections Round robin
Supplicant RADIUS requester Supplicant
4 7 4
Network address Forward proxy
translation Forward proxy server server
TKIP ESSID ESSID
WEP TKIP WPS
Use RFID tags that Use NFC tags that Use NFC tags that
contain Wi-Fi contain Wi-Fi connection contain Wi-Fi
connection connection
information. information. information.
60 feet 150 feet 30 feet
-50 dBm -30 dBm -30 dBm
To forcibly
To test RADIUS
authentication To perform offline disconnect Wi-Fi
resiliency. dictionary attacks. clients to observe
authentication
EAP-TLS Protected EAP EAP-TLS
RADIUS Captive portal Captive portal

authentication
HTTPOnly Domain HTTPOnly
sudo docker run –d – sudo docker init –d –p sudo docker run –d

p 4443:443 cust-dev- 443:4443 cust-dev- –p 4443:443 cust-
lamp1 lamp1 dev-lamp1
Type A Type B Type 2
Community Private Private

SECaaS PaaS IaaS
SLA IaaS CASB
ICS HSM PLC
Zigbee IoT Zigbee
10 Gbps 50 Gbps 10 Gbps
6 miles 20 miles 6 miles
MD5 SHA256 ECC
Registering Sideloading Sideloading
Hardware security
Keylogger module Keylogger
Access control Door locks Bollard

vestibule
Visual equipment
inspection is made Air flow is improved Air flow is improved
easier
Air conditioning Blanking panels Hot aisles
Air-gapping Reverse proxy Air-gapping

PKI HTTPS DNSSEC
IPsec HTTPS SNMP
Cross-site request Distributed denial of Cross-site request

forgery service forgery
Perl JavaScript JavaScript
In the client On the Web server In the client Web

operating system operating system browser
Password Deception Deception
Dumpster diving Tailgating Dumpster diving
Spear-phishing Whaling Smishing
ISA MOA NDA
dnsenum curl curl
Incident response Backup plan Incident response

plan plan
RPO RTO RPO

ICS PLC SOAR
CPU registers, hard CPU registers, RAM, CPU registers, RAM,

disk, RAM, temporary files, hard temporary files,
temporary files disk hard disk
Encrypting Steganography Steganography

Explanation
Correct Answer: Script kiddies have basic IT knowledge and the ability to read tutorials to learn how to execute attacks.
Incorrect Answers: Hacktivists are motivated by a belief or ideology and execute attacks in an attempt to bring about social change. State-s
funded by one or more nations, often for the purposes of protecting national interests. Criminal syndicate actors are related to organized
technology to ply their nefarious trade.
Correct Answer: Trusted Automated Exchange of Intelligence (TAXII) is a standard that defines how threat intelligence information is relay
subscribers.
Incorrect Answers: Structured Threat Information Expression (STIX) defines a standard format used to express threat intelligence data. A H
Module (HSM) is a cryptographic tamper-proof appliance used to carry out cryptographic operations, as well as to securely store encryptio
Infrastructure (PKI) is a hierarchy of digital security certificates.
Correct Answer: Reviewing logs allows technicians to detect anomalous activity.

Incorrect Answers: Preventative controls take steps to reduce the possibility of threat incidents such as keeping antivirus databases up to d
controls are used when it is not feasible to implement the preferred control due to cost, time or complexity. Technical controls use techno
assets, such as a firewall appliance.
Correct Answer: Mitigating risk means putting security controls in place to eliminate or reduce the impact or realized threats.
Incorrect Answers: Risk acceptance occurs when the potential benefit of engaging in an activity outweighs the risks and no changes are m
transfer shifts some or all risk responsibility to a third party, as is the case with cybersecurity attack insurance. With risk avoidance, the risk
to potential benefits not outweighing the risks.
Correct Answer: Multiple the Asset Value (AV) by the Exposure Factor (EF). The SLE reflects the cost associated with an asset being unavail
going down for a period of time. The Single Loss Expectancy (SLE) is calculated by multiplying the Asset Value (AV) by the Exposure Factor
percentage expressing how much of an asset’s value is loss due to a negative event.
Incorrect Answers: The listed options do not reflect the values used to calculate the SLE.
Correct Answer: Multiply the Single Loss Expectancy (SLE) by the Annual Rate of Occurrence (ARO). The Annual Loss Expectancy (ALE) repr
the downtime of an asset over a one-year period. It is calculated by multiplying the Single Loss Expectancy (SLE) by the Annual Rate of Occ
Incorrect Answers: The listed options do not reflect the values used to calculate the ALE.
Correct Answer: A qualitative risk assessment organizes risks by a severity or threat rating which may differ from one organization to anoth
Incorrect Answers: A risk heat map plots risks on a grid using colours to represent severities; red is normally high severity and green is norm
register is a centralized list of risks that includes details such as a risk priority value, risk severity rating, mitigating controls, responsible per
Quantitative risk assessments use numbers (such as dollar values and percentages) to calculate the impact realized threats can have on as
determine if the cost of protecting an asset is less than the projected annual cost of negative security incidents.
Correct Answer: A Non-disclosure Agreement (NDA) is used to ensure that any sensitive data will not be disclosed to unauthorized parties.
Incorrect Answers: An Interconnection Security Agreement (ISA) defines how to secure communications when linking organizations, sites,
together. A Memorandum of Understanding (MOU) defines general terms of agreement between two parties, where a Memorandum of U
defines granular contractual details between two parties.
Correct Answer: Ciphertext results from feeding plaintext and an encryption key into an encryption algorithm.
Incorrect Answers: A hash is a unique representation of data that was fed into a one-way hashing algorithm; no key is used. “Message dige
hash. A digital signature is created with a sender’s private key and verified by the recipient with the related public key; it assures the recipi
authenticity and that the message has not been tampered with.
Correct Answer: Order laptops with TPM chips and configure BitLocker disk encryption. A Trusted Platform Module (TPM) chip in a compu
integrity of the machine boot process and to store disk volume encryption keys.
Incorrect Answers: A Hardware Security Module (HSM) is not a chip installed within a computer; it is a tamper-resistant device used for cry
and the storage of encryption keys. Encrypting File System (EFS) file encryption is tied to the user account, not tied to the machine.
Correct Answer: Symmetric encrypting uses a single “secret” key for encrypting and decrypting.
Incorrect Answers: Asymmetric keys (public and private keys) are used for security in the form of encryption, digital signatures and so on;
is used to encrypt and the related private key is used to decrypt. RSA is a public and private key pair cryptosystem. SHA256 is a hashing alg
Correct Answer: Your private key. Recipient private keys decrypt network messages (the recipient’s related public key encrypts network m
Incorrect Answers: The listed keys are not used for decryption.
Correct Answer: Sender public key. Verifying digital signatures is done using the sender’s public key (the sender’s private key creates the d
Incorrect Answers: The listed keys are not used to verify a digital signature.
Correct Answer: Salting adds random data to passwords before they are hashed thus making them much more difficult to crack.
Incorrect Answers: The listed items do not enhance the security of password hashes. The password length does not affect the password ha
fixed length. Key pinning is an older technique that associates a certificate stored on a client device with a Web site. Multifactor authentica
multiple factors for authentication, such as a username (something you know) and a private key (something you have).
Correct Answer: With Cipher Feedback Mode (CFB), each previous block ciphertext is encrypted and fed into the algorithm to encrypt the
Incorrect Answers: Electronic Code Book (ECB), given the same plaintext, always results in the same ciphertext and is thus considered inse
Chaining (CBC) is similar to ECB except that it used a random Initialization Vector (IV). Output Feedback Mode (OFB) uses a keystream of bi
blocks.
Correct Answer: Wildcard certificates allow a single certificate tied a DNS domain to be used by hosts within subdomains.
Incorrect Answers: Using self-signed or public certificates for each Web site requires more effort than using a wildcard certificate. Extende
require the certificate issuer to perform extra due diligence in ensuring that the certificate request is legitimate.
Correct Answer: Username + password device PIN. MFA uses multiple categories of authentication such as something you know (usernam
something you have (a device on which you receive a PIN).
Incorrect Answers: The listed items constitute only single factor authentication (SFA) because they use only one authentication category su
are (fingerprint scan, facial recognition) or something you know (username, password, answer to security question).
Correct Answer: Authorization (gaining access to a resource) occurs only after successful authentication.
Incorrect Answers: Accounting, also referred to as auditing, is used to track activity in an IT environment. Availability ensures that data or I
when needed. Authentication proves the identity of a user, device, or software component in an IT environment.
Correct Answer: One-time passwords (OTPs) enhance user sign in security since the code is supplied through a separate mechanism than t
(out of band), and the code can only be used once.
Incorrect Answers: Multifactor authentication (MFA) combines authentication categories such as a username (something you know) with a
you have), where single factor uses only one category. Digital signatures are used to prove the authenticity of received network messages.
Correct Answer: User home directory on the Linux server. SSH public keys must be stored on the server in the user home directory in a file
“authorized_keys”.
Incorrect Answers: None of the listed options specifies the correct location of the SSH public key.
Correct Answer: Access-based Access Control (ABAC) allows resource access based on user, device and resource attributes.
Incorrect Answers: Role-based Access Control (RBAC) uses roles, which are collections of related permissions, to control resource access. D
Control (DAC) allows the data custodian to set permissions in accordance with policies set forth by the data owner. Mandatory Access Con
resources and ties security clearance levels to specific labels to allow resource access.
Correct Answer: Geotagging uses GPS coordinates or IP address block information to add detailed location information to social media pos
Incorrect Answers: Geofencing is used to allow app access within a specific location. The Global Positioning System (GPS) uses satellites to
objects on the Earth’s surface. Triangulation is a technique used to determine the distances and relative positions of points spread over a g
Correct Answer: Identity federation uses a central trusted Identity Provider (IdP) to allow access to resources such as Web sites.
Incorrect Answers: Multifactor authentication (MFA) combines authentication categories such as a username (something you know) with a
you have). Security Assertion Markup Language (SAML) is an authentication scheme whereby an identity provider issues digitally signed se
then used to gain resource access. The Lightweight Directory Access Protocol (LDAP) is a protocol used to access a central network directo
Correct Answer: Remote Authentication Dial-In User Service (RADIUS) servers are centralized authentication servers that receive authentic
RADIUS clients such as network switches and Wi-Fi routers.
Incorrect Answers: The Lightweight Directory Access Protocol (LDAP) is a protocol used to access a central network directory. Identity fede
trusted Identity Provider (IdP) to allow access to resources such as Web sites. Active Directory is a Microsoft Windows Server role that use
containing user, computer and application configuration information.
Correct Answer: PS1. Microsoft PowerShell scripts normally use a .PS1 file extension.
Incorrect Answers: Batch files use a .BAT extension, Python scripts use a .PY extension and shell scripts often use the .SH file extension.
Correct Answer: The sudo command prefix allows non-root users to run privileged commands as long as they are granted this permission i
Incorrect Answers: The chmod command is used to set Linux file system permissions. Logging in as root is not recommended because it is
account. Security Enhanced Linux (SELinux) is not causing permission denied messages in this scenario.
Correct Answer: The ssh-keygen command creates an SSH public and private key pair.
Incorrect Answers: The listed commands do not create key pairs. md5sum and sha256sum are used to generate file hashes. The ssh comm
management of any device with an SSH daemon over an encrypted connection.
Correct Answer: To run a Python script either specify the script name after the python command, or specific python as the script engine us
python directive.
Incorrect Answers: The listed items are not as probable reasons for the Python script failing, and the script should not refer to /usr/bin/ba
instead refer to the Python binary.
Correct Answer: netstat –p tcp –n | find “3389”. Remote Desktop Protocol (RDP) uses TCP port 3389.
Incorrect Answers: RDP does not use port 389, nor does it use UDP or ICMP.
Correct Answer: The name server lookup (nslookup) command is used to test and troubleshoot DNS name resolution.
Incorrect Answers: While the dig command can also be used to test and troubleshoot DNS name resolution, this command is not native to
Linux. The tracert command show the hops (routers) that traffic traverses to reach an ultimate network target. The icacls command is used
file system permissions.
Correct Answer: The ifconfig command shows Linux network interfaces and IP address information.
Incorrect Answers: The dig command in Linux can be used to test and troubleshoot DNS name resolution. The name server lookup (nslook
test and troubleshoot DNS name resolution in both Windows and Linux. Ipconfig is used to view network interface and IP address informa
Correct Answer: chmod o+rx script1.sh. The change mode (chmod) command sets file system permissions. Use the ‘o’ mnemonic to set ‘ot
case, read and execute.
Incorrect Answers: The other listed commands do not set read and execute permissions for ‘other’.
Correct Answer: Wired Equivalent Privacy (WEP) is a deprecated insecure wireless security protocol and should not be used.
Incorrect Answers: Wi-Fi Protected Access 3 (WPA3) is a current wireless network security protocol. Remote Access Dial-in User Service (R
uses a central authentication server to service authentication requests from RADIUS clients. Disabling DHCP is a hardening technique beca
difficult for attackers to get on an IP network.
Correct Answer: Server PKI certificate. HTTP Web sites require a server PKI certificate to secure communications and normally use TCP por
Incorrect Answers: Client PKI certificates are not required to enable an HTTPS Web application. TLS v1.2 should be configured on clients an
network security protocol used for HTTPS; SSL v3.0 and TLS v1.0 are deprecated and should not be used.
Correct Answer: Zero-days are security flaws not yet known by vendors.
Incorrect Answers: The listed flaw types do not reflect security problems unknown to the vendor.
Correct Answer: Common buffer overflow problems occur when too much data is provided to a memory variable due to a lack of input val
programmer.
Incorrect Answers: Driver shimming is normally used to allow legacy software to run; it intercepts API calls. A race condition is a multi-thre
phenomenon whereby one code action that might occur before a security control or programmatic result is in effect from another thread.
restructures internal code while maintaining external behaviour.
Correct Answer: Brute-force attacks use automation tools to try every possible combination of letters, numbers and symbols to crack passw
Incorrect Answers: Dictionary attacks use dictionary word or phrase files to try them in combination with a username in an attempt to crac
Password spraying blasts many accounts with a best-guess common password before trying a new password; this is slower (per-user accou
traditional attacks and is less likely to trigger account lockout thresholds. Offline password attacks use an offline copy of passwords for crac
Correct Answer: Client devices are infected and are attempting to discover a command and control server. Client devices normally query IP
AAAA records to resolve FQDNs to IP addresses. Clients querying DNS TXT records is abnormal.
Incorrect Answers: The listed reasons are invalid in this scenario.
Correct Answer: RAID level 1 (disk mirroring) writes each file to all disks in the mirrored array.
Incorrect Answers: RAID 0 (disk striping) writes data across an array of disks to improve performance. RAID 5 (disk striping with distributed
across an array of disks but also write parity (error recovery information) across the disks in the array, thus providing a performance impro
resiliency against a single failed disk in the array. RAID 6 uses at least 4 disks for striping and stores 2 parity stripes on each disk in the arra
tolerance of 2 disk failures within the array.
Correct Answer: A network intrusion prevention system can not only detect but also be configured to stop suspicious activity.
Incorrect Answers: Layer 4 firewalls are packet filtering firewalls which do not detect or prevent suspicious activity. Reverse proxy servers m
and ports to internal servers to protect their true identities. Intrusion detection systems only detect and report, log, or notify of suspicious
Correct Answer: Port numbers apply to the OSI model transport layer (layer 4).
Incorrect Answers: The listed OSI layers are not related to port numbers.
Correct Answer: Network devices modify their ARP cache to use the attacker MAC address for the default gateway. ARP cache poisoning fo
destined for a router (default gateway) first through an attacker machine.
Incorrect Answers: The listed items do not properly describe ARP cache poisoning.
Correct Answer: The Spanning Tree Protocol (STP) is a network switch configuration option that can prevent network switching loops.
Incorrect Answers: The listed mitigations are not designed to prevent network switching loops.
Correct Answer: Round robin load balancing sends each client app request to the next backend server.
Incorrect Answers: Weighted load balancing uses a configured relative weight value for each backend server to determine how much traffi
Active/passive is a load balancing redundancy configuration where a standby server is not active until the active server fails. Least connecti
requests to the backend server that is currently the least busy.
Correct Answer: RADIUS supplicants (client devices) initiate authentication requests.

Incorrect Answers: RADIUS clients are network edge devices such as Wi-Fi routers or network switches that forward RADIUS supplication a
to a RADIUS server. Application is not a valid term in this context. RADIUS requester is not a valid term in this context.
Correct Answer: Layer 4. Packet filtering firewall can examine only packets headers (OSI layers 2-4).
Incorrect Answers: The listed layers do not correctly represent where packet filtering firewalls fit into the OSI model.
Correct Answer: Forward proxy servers fetch content on behalf of internal client devices, and they can require authentication and enforce
Incorrect Answers: Reverse proxy servers map public IP addresses and port numbers to internal servers. Port Address Translation (PAT) all
clients to get to the Internet using a single public IP address. Network Address Translation (NAT) is similar to a reverse proxy server except
authentication or time of day restrictions; it applies to OSI model 4 (transport layer), not layer 7 (the application layer).
Correct Answer: The Extended Set Service Identification (ESSID) is synonymous with the wireless network name.
Incorrect Answers: The Basic Service Set Identifier (BSSID) represents the Wi-Fi access point MAC address. Wi-Fi Protected Access (WPA) is
network security protocol. Temporal Key Integrity Protocol (TKIP) was introduced with WPA to address WEP security issues related to unch
Correct Answer: Wi-Fi Protected Setup (WPS) pairs Wi-Fi devices using a PIN.
Incorrect Answers: The listed Wi-Fi standards do not pair Wi-Fi devices using a PIN.
Correct Answer: Use NFC tags that contain Wi-Fi connection information. With a smartphone app, you can write data to a physical NFC tag
inexpensively. Users with NFC-enabled smartphones can retrieve NFC tag information such as Wi-Fi connection details.
Incorrect Answers: The listed options are not as convenient as using NFC tags.
Correct Answer: Bluetooth Class 2 devices have a range of approximately 30 feet.

Incorrect Answers: The listed ranges are not valid.
Correct Answer: A -30 dBm wireless signal strength is considered excellent.

Incorrect Answers: The listed wireless signal strengths are sub-standard.
Correct Answer: To forcibly disconnect Wi-Fi clients to observe authentication. Deauthentication kicks connected devices off the Wi-Fi netw
the reconnection authentication information.
Incorrect Answers: The listed explanations do not explain why deauthentication is often used with Wi-Fi pen testing.
Correct Answer: EAP-TLS can use client and server PKI certificates for mutual authentication.
Incorrect Answers: The listed EAP configurations do not require both client and server PKI certificates.
Correct Answer: Captive portals present a Web page when users connect to a Wi-Fi network; sometimes a user account is required (often
terms of use before connecting to the Internet).
Incorrect Answers: The listed security configurations would not result with the Web page presented when connection to a public Wi-Fi hot
Correct Answer: The HTTPOnly flag ensures that client Javascript cannot access the cookie which can help mitigate cross-site scripting (XSS
Incorrect Answers: The Samesite attribute helps mitigate cross-site request forgery (CSRF) attacks. The Secure attribute requires HTTPS con
attribute controls the target host to which the cookie will be sent.
Correct Answer: sudo docker run –d –p 4443:443 cust-dev-lamp1. The first port number is the local Docker host port number, the second
colon is the configured listening port number within the application container.
Incorrect Answers: The listed syntax options are incorrect.
Correct Answer: Type 2 hypervisors run as an app within an existing operating system.
Incorrect Answers: Type 1 hypervisors are a specialized operating system designed to host multiple virtual machine guests. Type A and B a
types.
Correct Answer: Private clouds are owned and used by a single organization.
Incorrect Answers: Public clouds are accessible by anybody over the Internet. Hybrid clouds combine Public and Private clouds. Communit
specific cloud computing needs of a group of tenants, such as for government cloud usage.
Correct Answer: Infrastructure as a Service (IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is
the cloud tenant.
Incorrect Answers: Software as a Service (SaaS) refers to end-user productivity software running in the cloud, Security as a Service (SECaaS
services, and Platform as a Service (PaaS) refers to database and software development platforms, all of which do not place the responsibi
patching on the cloud tenant.
Correct Answer: A Cloud Access Security Broker (CASB) sits between users and cloud services to enforce organizational security policies.
Incorrect Answers: Cloud Service Providers (CSPs) host cloud services. Service Level Agreements (SLAs) guarantee cloud service uptime. Inf
(IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is the responsibility of the cloud tenant.
Correct Answer: Programmable Logic Controllers (PLCs) are used extensively in manufacturing and various industries such as oil refining, e
treatment.
Incorrect Answers: Service Level Agreements (SLAs) guarantee uptime for services such as those offered in the cloud. An Industrial Control
collection of computerized solution used for industrial process control. A Hardware Security Module (HSM) is a tamper-resistant device us
operations and the storage of cryptographic keys.
Correct Answer: Zigbee is designed to make connecting smart home devices together simple and convenient, and it does not use TCP/IP.
Incorrect Answers: An Industrial Control System (ICS) refers to a collection of computerized solution used for industrial process control. Pro
Controllers (PLCs) are used extensively in manufacturing and various industries such as oil refining, electricity and water treatment. Interne
to devices that connect to and send and receive data over the Internet.
Correct Answer: The maximum proposed speed for 5G is 10 Gbps.
Incorrect Answers: The listed transmission rates are incorrect.
Correct Answer: 4G cell towers have an approximate range of 6 miles.
Incorrect Answers: The listed distances are incorrect.
Correct Answer: Elliptic Curve Cryptography (ECC) uses small keys to achieve strong crypto strength.
Incorrect Answers: RSA keys are larger than ECC keys. MD5 and SHA256 do not use keys; they are hashing algorithms.
Correct Answer: Sideloading refers to installing mobile device apps directly from installation files, without using an app store.
Incorrect Answers: Geotagging adds geographic metadata (such as GPS coordinates) to files, such as photos taken with a smart phone. Geo
geographical location to control app access. Registering refers to linking a mobile device to a centralized Mobile Device Management (MDM
Correct Answer: Keyloggers come in the form of hardware and software. User keystrokes are captured and can later be viewed by maliciou
Incorrect Answers: A Common Access Card (CAC) is a single card used to authenticate to many systems such as buildings, floors in a buildin
systems. Ransomware is malware that encrypts user data files and demands a ransom payment in exchange for a decryption key. A Hardw
(HSM) is a tamper-proof device used for cryptographic operations and the secure storage of cryptographic keys.
Correct Answer: Bollards are concrete or steel pillars embedded deep into the ground near sensitive areas to prevent vehicle ramming.
Incorrect Answers: Security guards cannot effectively prevent vehicles from ramming buildings. Access control vestibules (man traps) prev
from opening until the first outer door closes and locks. Door locks prevent physical entry to a room but do not mitigate vehicles ramming
Correct Answer: Air flow is improved by installing blanking panels in racks where there is no equipment.
Incorrect Answers: The listed items are not valid reasons for installing blanking panels.
Correct Answer: Hot aisles are designed to pull warm exhaust air away from equipment.
Incorrect Answers: The listed items are not focused on removing warm exhaust air from server rooms.
Correct Answer: Air-gapping ensures that there is not a physical wired or wireless connection to a sensitive network.
Incorrect Answers: The listed items can be used for optimizing network throughput (VLAN) and limiting network access (Layer 4 firewall, re
options do not ensure external network access to RNET-A is impossible.
Correct Answer: DNS Security (DNSSEC) digitally signs DNS zone records. Clients validate the signature to ensure DNS responses are authen
Incorrect Answers: IP security (IPsec) is a suite of network security protocols that can be used to encrypt and authenticate network messag
Infrastructure (PKI) is a hierarchy of digital security certificates. Hyper Text Transfer Protocol Secure (HTTPS) encrypts HTTP network transm
and servers.
Correct Answer: The Simple Network Management Protocol (SNMP) uses a management station that connects to network devices to retrie
allow remote configuration.
Incorrect Answers: DNS Security (DNSSEC) digitally signs DNS zone records. Clients validate the signature to ensure DNS responses are auth
is a suite of network security protocols that can be used to encrypt and authenticate network messages. Hyper Text Transfer Protocol Secu
HTTP network transmissions between clients and servers.
Correct Answer: A Cross-site Request Forgery (CSRF) attack occurs when the attacker takes over an existing authenticated user session and
the server that appear to originate from the authenticated user.
Incorrect Answers: A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious user has injected maliciou
in JavaScript, that executes in the victim Web browser. A Denial of Service (DoS) attack renders a service unreachable by legitimate users, o
network or host with useless traffic. A Distributed Denial of Service (DDoS) is similar to a DoS attack but instead uses multiple hosts to atta
network.
Correct Answer: JavaScript. A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious user has injected
written in JavaScript, that executes in the victim Web browser.
Incorrect Answers: The listed languages are not commonly used for XSS attacks.
Correct Answer: In the client Web browser. A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious us
malicious code, normally written in JavaScript, that executes in the victim Web browser.
Incorrect Answers: The listed locations do not correctly identity where XSS attacks execute.
Correct Answer: Deception. Attackers use social engineering to trick (deceive) unsuspecting victims into somehow divulging sensitive infor
via SMS text messages, through email with infected links or attachments, and so on.
Incorrect Answers: While the listed terms can be related to social engineering in some cases, they are not always associated as is the word
Correct Answer: Dumpster diving involves malicious actors going through garbage seeking documents that could contain some kind of sen
Incorrect Answers: Impersonation is more related to social engineering than it is with not shredding paper documents. Shoulder surfing oc
actors can watch unsuspecting victims using computing devices to learn of passwords or to see sensitive information on their screens. Tail
malicious actors follow legitimate users into a secured facility before a locked door closes.
Correct Answer: Smishing occurs when social engineering phishing attacks take place over SMS text.
Incorrect Answers: Vishing occurs when social engineering attacks take place using phone calls. Spear phishing is a form of phishing that is
potential victims. Whaling relates to targeted phishing scams, such as to a company CEO.
Correct Answer: A Non-disclosure Agreement (NDA) ensures that pen testers will not divulge any sensitive information they might encoun
parties.
Incorrect Answers: A Memorandum of Understanding (MOU) consists of a general agreement with broad terms between 2 parties. An Inte
Agreement (ISA) defines how 2 parties will securely connect their networks and systems together. A Memorandum of Agreement (MOA) c
agreed upon by two parties in a business arrangement.
Correct Answer: The Linux curl command can be used to download files from a variety of sources including Web servers.
Incorrect Answers: The scanless tool is used to perform port scans through a Web site. The hping3 tool can be used to forge TCP/IP packet
used to go through DNS records within a DNS zone and also to perform DNS zone transfers, or copies.
Correct Answer: An Incident Response Plan (IRP) is a plan created to deal with incidents as they occur such as enabling incident containme
eradication.
Incorrect Answers: A Disaster Recovery Plan (DRP) is specific to a business process, IT system, or data, and it focuses on recovering from a
quickly as possible. A Business Continuity Plan (BCP) is a document specifying general terms organizations will take to ensure continued bu
backup plan is not a standard accepted term in this context.
Correct Answer: The Recovery Point Objective (RPO) specifies, in time, the maximum tolerable amount of data loss due to a negative occu
Incorrect Answers: The Service Level Agreement (SLA) is a document detailing guaranteed service uptime. A Hardware Security Module (H
resistant device used for cryptographic operations. The Recovery Time Objective (RTO) specifies, in time, the maximum amount of tolerab
business process or IT system.
Correct Answer: A Security, Orchestration, Automation, and Response (SOAR) solution allows the creation of playbooks that can automate
response tasks.
Incorrect Answers: Security Information Event Management (SIEM) is a solution that ingests activity data from numerous sources in order
compromise. An Industrial Control System (ICS) is a collection of computerized solutions used for industry, such as with manufacturing, oil
plants. A Programmable Logic Controller (PLC) is a network device that connects with some kind of industrial component such as robotics,
centrifuges, and so on.
Correct Answer: CPU registers, RAM, temporary files, hard disk. The most volatile, or fragile types of evidence should be gathered first, suc
followed by RAM contents since they depend on power. Temporary files might persist without power, and files on hard disks are non-vola
when the machine is not turned on.
Correct Answer: Steganography is a technique used to hide files within other files; it is a form of obfuscation.
Incorrect Answers: Digital signatures are created with the sender’s private key and are used by the message recipient to ensure the messa
not been tampered with. Hashing feeds data into a 1-way algorithm which results in a fixed-length unique value called a “hash”. Encryptio
data; the correct decryption key is needed to reverse the process thus revealing the original data.

Total Seminars, LLC Production: Total: Comptia Security+ Certification (Sy0-601) Video Series

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Total Seminars, LLC Production: Total: Comptia Security+ Certification (Sy0-601) Video Series

Uploaded by

Copyright:

Available Formats

Total Seminars, LLC Production

TOTAL: CompTIA Security+ Certification (SY0-

0.03 About the Security+ (SY0-601) Exam

1.01 Defining Risk

1.02 Threats and Vulnerabilities

1.03 Threat Intelligence

1.04 Risk Management Concepts

1.05 Security Controls

1.06 Risk Assessments and Treatments

1.07 Quantitative Risk Assessments

1.08 Qualitative Risk Assessments

1.09 Business Imapct Analysis

1.11 Security and the Information Life Cycle

1.12 Data Destruction

1.13 Personnel Risk and Policies

1.14 Third-Party Risk Management

1.15 Agreement Types

1.16 Chapter 1 Exam Question Review

1.17 Wiping Disks with the dd Command Lab

1.18 Chapter 1 Ask Me Anything (AMA)

2.01 Cryptography Basics

2.02 Data Protection

2.03 Cryptographic Methods

2.04 Symmetric Cryptosystems

2.05 Symmetric Block Modes

2.06 Asymmetric Cryptosystems

2.09 Understanding Digital Certificates

2.10 Trust Models

2.11 Public Key Infrastructure

2.12 Certificate Types

2.13 Touring Certificates

2.14 Cryptographic Attacks

2.15 Password Cracking

2.16 Password Cracking Demo

2.17 Chapter 2 Exam Question Review

2.18 SSH Public Key Authentication Lab

2.19 Chapter 2 Ask Me Anything (AMA)

3 Identity and Account Management

3.02 Enabling Multifactor Authentication

3.05 Authentication Methods

3.06 Access Control Schemes

3.07 Account Management

3.09 Identity Management Systems

3.10 Chapter 3 Exam Question Review

3.11 Creating LInux Users and Groups Lab

3.12 Chapter 3 Ask Me Anything (AMA)

4 Tools of the Trade

4.01 Touring the CLI

4.03 The Windows Command Line

4.04 Microsoft PowerShell

4.05 Linux Shells

4.06 Python Scripts

4.07 Windows Command-Line Tools

4.08 Linux Command-Line Tools

4.09 Network Scanners

4.10 Network Scanning with Nmap

4.12 Using Wireshark to Analyze Network Traffic

4.13 Using tcpdump to Analyze Network Traffic

4.14 Log Files

4.15 Centralized Logging

4.16 Configuring Linux Log Forwarding

4.17 Chapter 4 Exam Question Review

4.18 Lunux Shell Script Lab