SY0-601 is the new version of Security + Exam. This new version has 5 domains.
Domain 1.0: Attacks and Threats (24%)
Domain 2.0: Architecture and Design (21%).
Domain 3.0: Implementation (25%).
Domain 4.0: Operations & Incident Response (16%)
Domain 5.0: Governance and Risk Management (14%)
This blog will discuss domain 3.0 implementation.
Implementation is crucial for a company’s security plan. Implementation is crucial for any security program. Without it, a security system or technology is only created. This domain covers 9 objectives and subtopics.
Below are the objectives of security+ domain 3.0.
Implement Application Security Solutions or Host Security Solutions
Secure Network Designs
Install and configure wireless security settings
Implement Secure Mobile Solutions
Cybersecurity Solutions for the Cloud
Implement identity and account management controls
Implement Authentication and Authorization Solutions
Implement Public Key Infrastructure
1. Secure Protocols: Cyber attackers can exploit insecure protocols to compromise data security and the integrity systems. This lesson will cover some of the protocols and services that allow network hosts to address, resolve name, and monitor. These protocols are not as easily visible as web servers or email servers, but they are essential for protecting networks.
This lesson consists of two parts: Protocols & Use Case. We will be learning about Domain Name System (DNS), DNS Security Extensions(DNSSEC), Secure Real-time Transport Protocols (SRTP), File Transfer Protocols, File Transfer Protocols, FTPS, SSH File Transfer Protocolss (SFTP), Understand Simple Network Management Protocols (SNMP), Hypertext Transfer Protocols (HTTP), and email service protocols. We are familiar with Internet Protocol Security (IPSec), and its 2 Protocols.
Authentication Header (AH)
Encapsulation Security Payload
We will cover the Use Case section.
Voice and video
Email and Web
Domain Name Resolution
Routing and switching
Network Address Allocation
2. Implementing Application Security Solutions or Host Protection This lesson focuses on which security solutions can be implemented for different hosts and applications. This lesson covers Endpoint Protection, Boot Integrity and Application Security, as well as Hardening.
Endpoint Protection can be understood as Antivirus and Anti-Malware (NGFW), Next-generation firewall (HIDS), Host-based intrusion detector system (HIDS), Endpoint detection response (EDR), Data Loss Prevention and (DLP). Boot Integrity includes Boot Security, Unified Extension Firmware Interfaces (UEFI), Measured Boot and Boot Attestation.
We will be covering Application security, including Input Validation, Secure cookies, HTTP Headers, and Block list, Dynamic code analysis, as well as Allow list, Blocklist, and Dynamic code analysis.
3. Secure Network Designs Understanding secure network design is crucial for creating a secure network for your business. This lesson will explain the basics of Network segmentation, Load balancing, Virtual local area networks (VLAN), and the difference between Extranets and Intranets. We will also discuss the operation of VPN (Virtual Private Network), DNA, and Network access control (NAC) and Access control list (ACL). We will also cover Port security.
4. Wireless security settings can be installed and configured. This is a very important topic in information security. This lesson teaches us Cryptographia