CompTIA Security+ SY0-601 Domain 2: Architecture and Design - PowerPoint PPT Presentation

About This Presentation

CompTIA Security+ SY0-601 Domain 2: Architecture and Design


The latest version of Security+ SY0-601 have 5 Domains: Domain 1.0: Attacks, Threats, and Vulnerabilities (24%) Domain 2.0: Architecture and Design (21%) Domain 3.0: Implementation (25%) Domain 4.0: Operations and Incident Response (16%) Domain 5.0: Governance, Risk, and Compliance (14%) In this blog, we discuss the second domain, Architecture and Design. – PowerPoint PPT presentation

Number of Views:362


Transcript and Presenter's Notes

Title: CompTIA Security+ SY0-601 Domain 2: Architecture and Design

CompTIA Security SY0-601 Domain 2 Architecture
and Design
SecuritySY0-601 Domains
  • The latest version of Security SY0-601 have 5
  • Domain 1.0 Attacks, Threats, and Vulnerabilities
  • Domain 2.0 Architecture and Design (21)
  • Domain 3.0 Implementation (25)
  • Domain 4.0 Operations and Incident Response
  • Domain 5.0 Governance, Risk, and Compliance
  • In this blog, we discuss the second
    domain, Architecture and Design.
  • Architecture and Design
  • A well-managed Information Security environment
    depends heavily on architecture and design. This
    domain will show you how to put security measures
    into effect and establish a safe working
    environment for your organization. The weightage
    of this domain is 21. The subtopics covered in
    this domain are listed below.
  • Importance of security concepts in an enterprise
  • Virtualization and cloud computing concepts.
  • Secure application development, deployment, and
    automation concepts.
  • Authentication and authorization design concepts.
  • Implement cybersecurity resilience.
  • Security implications of embedded and specialized
  • Importance of physical security controls.
  • Importance of security concepts in an enterprise
  • In this part, we will learn Configuration
    management and its subtopics Diagrams, Baseline
    Configuration, Standard naming conventions,
    Internet protocol schema.
  • We cover Data sovereignty, Data protection,
    Geographical considerations, Response and
    recovery controls, SSL (Secure Sockets Layer)/
    TLS (Transport Layer Security) inspection, API
    considerations, Site resiliency- Hot site- Cold
    site- Warm site, and we understand Deception and
    disruption concept
  • Honeypots
  • Honeyfiles
  • Honeynets
  • Fake Telemetry
  • DNS Sinkhole
Virtualization and Cloud Computing Concepts The
core premise behind cloud computing is that
youll access and control your applications and
data from any computer, everywhere in the world,
while virtualization hides or abstracts the
storage technique and location. To conduct a
breach in a cloud, a hacker just requires a good
Internet connection and a dictionary of obtained
password hashes or SSH (Secure Shell) keys. A
lack of supervision in cloud providers security
processes can greatly raise a businesss
danger. As a security expert, you should be able
to analyze the dangers and weaknesses associated
with cloud service and delivery models, as well
as the virtualization technologies that support
them. So in this part, we cover Cloud Service
Models- Infrastructure as a Service (laaS),
Software as a Service (SaaS), Platform as a
Service (PaaS). We understand Virtualization
Technologies concepts, VM Escape protection, VM
Sprawl Avoidance, Cloud Security Controls, and we
cover Infrastructure as Code.
Secure Application Development, Deployment, and
Automation Concepts Development (programming and
scripting) is at the foundation of secure network
administration and management, including
automation techniques for durability, disaster
recovery, and incident response. Along with your
career, secure application development will
become increasingly important. In this lesson, we
will cover Secure Coding Techniques- Input
validation, Normalization, and Output Encoding,
Server-side and Client-side Validation, Data
Exposure and Memory Management, Software
development kit (SDK), Stored procedures. We
understand what Automation is and what it
provides? Scalability, Elasticity. We also cover
a Secure Application Development Environment-
Development, Test, Staging, Production. In
Automation/scripting we learn deeply Automated
courses of action, Continuous Monitoring,
Continuous Validation, Continuous Integration,
Continuous Delivery, Continuous deployment.
Authentication and authorization design
concepts In this lesson, we will learn
Authentication Methods, Biometrics concepts,
Multi-Factor Authentication Factors,
Authentication Attributes, we also cover AAA
(Authentication, Authorization, and Accounting)
and Cloud versus On-premises Requirements. In
Authentication Methods, we cover Directory
Services, Federation, Attestation, Smart Card
Authentication, Authentication Technologies like-
TOTP (Time-based One- time password), HOTP
(HMAC-based one-time password), Short message
service (SMS), Token key, Static codes,
Authentication applications, Push notifications,
Phone call. In Biometrics we learn how it works
and about its various topics like Fingerprint,
Retina, Iris, Facial, Voice, Vein, Gait analysis,
Efficacy rates, False acceptance, False
rejection, Crossover error rate. In the
Authentication Factor, we learn some
authentication factors which ensure that the
account can only be used by the account user. The
factors are Something you know, Something you
have, Something you are. And in Authentication
Attributes, we cover Somewhere you are, Something
you can do, Something you exhibit, Someone you
Implement cybersecurity resilience In this
lesson, we learn how to secure the whole
organization. The topics we cover inside this are
Redundancy, Replication, Backup types,
Non-persistence, High availability, Scalability,
Restoration order, Diversity. Lets see what
sub-topics we will learn, in Redundancy we cover,
Geographic dispersal, Disk,  Redundant array of
inexpensive disks (RAID) levels, Multipath,
Network, Load balancers, Network interface card
(NIC) teaming, Power, Uninterruptible power
supply (UPS), Generator, Dual supply, Managed
power distribution units (PDUs). Inside
Replication, we learn Storage area networks and
VM. In Backup, we understand types of backup like
Full, Incremental, Snapshot, Differential, Tape,
Disk, Copy, Network-attached storage (NAS),
Storage area network, Cloud, Image, Online and
offline, Offsite storage, Distance considerations.
Security implications of embedded and specialized
systems In this lesson, we learn Embedded
systems, Specialized, Supervisory control and
data acquisition (SCADA)/industrial control
system (ICS), Supervisory control and data
acquisition (SCADA)/industrial control system
(ICS), Communication considerations, Constraints,
Voice over IP (VoIP), Heating, ventilation, air
conditioning (HVAC), Drones, Multifunction
printer (MFP), Real-time operating system (RTOS),
Surveillance systems, System on chip (SoC). In
Embedded Systems we cover Raspberry Pi,
Field-programmable gate array (FPGA), Arduino. In
Specialized we cover Medical systems, Vehicles,
Aircraft, Smart meters. Inside the Internet of
Things (IoT) we learn about, Sensors, Smart
devices, Wearables, Facility automation, Weak
Importance of physical security controls  In
this lesson, we will learn about the importance
of physical security. This part will clear your
concepts on Bollards/barricades, Access control
vestibules, Badges, Alarms, Signage, Cameras, USB
data blocker, Lighting, Fencing, Fire
suppression, Sensors, Drones, Visitor logs,
Faraday cages, Air gap, Screened subnet
(previously known as demilitarized zone),
Protected cable distribution, Secure data
destruction. Inside Sensors, we cover Motion
detection, Noise detection, Proximity reader,
Moisture detection, Cards, Temperature. We also
cover secure data destruction sub-topics like
Burning, Shredding, Pulping, Pulverizing,
Degaussing, Third-party solutions. Learn
Security With Us Infosec Train is a leading
provider of IT security training and consulting
organizations. We have certified and experienced
trainers in our team whom you can easily interact
with and solve your doubts anytime. If you are
interested and looking for live online training,
Infosec Train provides the best online security
certification training. You can check and enroll
in our CompTIA Security Online Certification
Training to prepare for the certification exam.
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain
Our Endorsements
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
Our Trusted Clients
(No Transcript)
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
Write a Comment
User Comments (0)