Security+SY0-601 Domains
Security+ SY0-601 has 5 Domains.
Domain 1.0: Attacks and Threats (24%)
Domain 2.0: Architecture and Design (21%).
Domain 3.0: Implementation (25%).
Domain 4.0: Operations & Incident Response (16%)
Domain 5.0: Governance and Risk Management (14%)
This blog will discuss Architecture and Design, the second domain.
Architecture and Design
Architecture and design are key factors in a well-managed Information Security Environment. This domain will help you to implement security measures and create a safe working environment. This domain has a 21% weight. Below are the subtopics that this domain covers.
Security concepts are important in an enterprise environment.
Virtualization and cloud computing concepts
Secure application development, deployment, automation concepts
Concepts for authorization and authentication
Secure your network.
Security implications of embedded systems and specialized systems.
Importance of physical security checks
Security concepts are important in an enterprise environment
This part will cover Configuration management and its subtopics Diagrams. Baseline Configuration, Standard Naming Conventions, Internet Protocol Schema.
We cover Data sovereignty, Geopolitical considerations, Responses and Recovery Controls, SSL (Secure Sockets Layer), TLS (Transport Layer Security), inspection, API considerations and Site resiliency-Hot site-Cold site-Warm site. We also understand the concept of Deception and disruption.
Honeypots
Honeyfiles
Honeynets
Fake Telemetry
DNS Sinkhole
Cloud Computing Concepts and Virtualization: Cloud computing is based on the principle that you can access and control your applications from any computer anywhere in the world. Virtualization hides or abstracts the storage method and location.
A hacker can breach a cloud with a simple internet connection and a dictionary of hashed passwords or SSH keys. The risk to a business can be greatly increased if there is no supervision of cloud providers’ security procedures.
Security experts should be able analyze the risks and weaknesses associated cloud services and delivery models as well as the virtualization technologies supporting them.
This section will cover Cloud Service Models – Infrastructure as a Service, Software as a Service, Platform as a Service and Software as a Service. We are familiar with Virtualization Technologies concepts. We also cover Cloud Security Controls, VM Sprawl Avoidance and VM Escape protection.
Secure Application Development, Deployment and Automation Concepts: Programming and scripting are the core of secure network administration, management, including automation techniques that can be used for disaster recovery, durability, and incident response. Secure application development will be an increasingly important part of your career. This lesson will cover Secure Coding Techniques: Input validation, Normalization and Output Coding, Server-side as well as Client-side Validation. Data Exposure, Memory Management, Software Development Kit (SDK), and Stored procedures. What is automation and what does it offer? Scalability, Elasticity. We also cover Secure Application Development Environments – Development, Test and Staging, Production. We will learn about Automation/scripting and how to automate processes, Continuous Monitoring, Continuous Validation. Continuous Integration, Continuous Delivery.
Authentication and authorization design concepts
