RAMBO SEC

Return to Blog

CompTIA Security+ Guide

CERTIFICATIONS

11/27/20233 min read

Introduction: Jumping into my first certification, Security+, was a big step for me. With no background in taking certification exams apart from the SAT in high school, I was pretty nervous about the whole thing. Not to mention, the exam isn't cheap, and the idea of having to retake it wasn't something I wanted to think about.

Background and Preparation: I was working in a SOC for a few years before I decided to take the Sec+. I knew the general stuff the exam covered, but that didn't make it any less daunting. Professor Messer's videos were a huge help. They got straight to the point and covered everything you need for the exam.

The real lifesaver, though, was Professor Dion's practice exams on Udemy. I took all six of them. Studying why each answer was right (or wrong) and learning the terms was key. If I had to do it over and do it fast, I'd just focus on these exams and take the real thing within the same week.

The Procrastination Trap: I wasn't perfect in my preparation, though. I got the exam voucher from my university and told myself I'd take the exam in July. But I kept putting it off. It's easy to find excuses not to do the hard stuff. Before I knew it, it was October, and I had to get serious. I booked my exam for a week later to force myself to buckle down and study.

The Exam Day: I took the exam in person at the USF testing center. It went well, and I was glad I chose to do it in person after hearing about issues with online exams.

Final Thoughts: Looking back, I don't think the Security+ is that hard. It seems straightforward once you get how they ask the questions and know the basic stuff. But the real takeaway for me was learning that certs aren't as scary as they seem. They're just another step in learning and growing in this field. Since then, I've passed my CySA+ and I'm already planning the next cert to tackle.

Advice for Others: If you're thinking about a cert, my advice is just to go for it. Don't overthink it, and don't put it off. You'll surprise yourself with what you can achieve.

1. Web Application Security: Understanding SQL Injection

  • Concept: SQL injections target web applications by inserting SQL commands into user input fields.

  • Impact: These attacks manipulate databases to execute unauthorized commands.

  • Prevention: Input validation and prepared statements are key defenses.

2. Data Sovereignty and Security

  • Principle: Certain countries mandate that data must be stored and processed within their borders.

  • Implication: Compliance with local data laws is crucial for international operations.

3. Legal Frameworks: The Role of NDAs

  • Function: Non-disclosure agreements protect sensitive information.

  • Significance: NDAs are essential in maintaining confidentiality in business relationships.

4. Authentication Protocols: Kerberos vs. RADIUS

  • Kerberos: Utilizes ticket-based authentication.

  • RADIUS: A different approach, not relying on tickets.

5. Recognizing On-Path Attacks

  • Nature: Often involves identity spoofing.

  • Distinguishing: Different from other attacks like tailgating or DDOS.

6. Data Loss Prevention (DLP) Strategies

  • Techniques: Include Exact Data Match (EDM), classification, and statistical matching.

  • Goal: To prevent unauthorized data access and leaks.

7. Compliance in Data Breach Scenarios

  • Requirement: Legal guidelines dictate the notification process in data breaches.

  • Responsibility: Understanding who to notify is crucial for compliance.

8. Privilege Escalation Awareness

  • Indicator: Illicit use of "sudo" commands.

  • Risk: Unauthorized elevation of access privileges.

9. Phishing: Exploitation of Familiarity

  • Tactic: Uses well-known brands or entities.

  • Awareness: Recognizing and avoiding such deceptive tactics.

10. Recovery and Fault Correction Metrics

  • MTTR (Mean Time To Repair): Time to fix or replace.

  • RTO (Recovery Time Objective): Maximum downtime tolerance.

  • RPO (Recovery Point Objective): Acceptable data loss window.

  • MTBF (Mean Time Between Failures): Time between system failures.

11. Cryptographic Algorithms

  • Symmetric: Blowfish, AES, DES, 3DES (often end in 'S').

  • Asymmetric: ECC, PGP, RSA (some end in 'A').

12. SCADA System Security

  • Best Practice: Isolation of systems.

  • Challenge: Slow patching and part replacement process.

13. Essential Security Tools and Techniques

  • Tools: Cain and Abel for password cracking.

  • Practices: Importance of input validation and understanding cloud service models.

14. Network Security Essentials

  • Port Scanning: Understanding common ports and their functions.

  • Protocols: The role of IPSec in VPNs and others.

15. Attack Types and Defenses

  • Zero-Day Attacks: Identifying and mitigating.

  • Data Protection: Using anti-malware, tokenization, and understanding PHI vs. PII.

16. Intrusion Detection and Response

  • Frameworks: Diamond Model of Intrusion, MITRE ATT&CK.

  • Tools: Importance of log analysis in cybersecurity.

17. Security in Cloud Computing

  • Challenges: Cloud forensics and patch testing.

  • Types of Cloud: Differences between private, public, and hybrid.

18. Security Compliance and Standards

  • Regulations: GLBA, FISMA, and OAuth 2.

  • Documentation: The importance of SOW and MSA.

Study Guide

Quick Reference

Encryption Algorithms

  • Symmetric: Blowfish, RC4, AES, DES, 3DES

  • Asymmetric: ECC, PGP, RSA, Diffie-Hellman, DSA

  • Note: "ES" indicates symmetric (Encryption Standard).

Regulations and Standards

  • GLBA: Governing banks.

  • FISMA: Focused on finance.

  • OAuth 2: OpenID Connect.

  • SOW: Defines project scope.

  • MSA: Governs future transactions.

Return to Blog