CompTIA Security+ SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities

1
CompTIA Security SY0-601 Domain 1 Attacks,
Threats, and Vulnerabilities
www.infosectrain.com sales_at_infosectrain.com
2
About Security SY0-601 CompTIA Security is a
worldwide certification that verifies the
fundamental skills required to execute basic
security activities and build a career in
information security. CompTIA Security SY0-601
is the latest version of the Security
certification. The very first security
certification that IT professionals can obtain is
CompTIA Security, and it is the best entry-level
certification. The main reason why CompTIAs
Security(Plus) certification is such an
excellent entry-level certification is It
provides the fundamental information that each
cybersecurity professional must have. Its areas
are based on a straightforward premise a major
emphasis on practical skills. After passing the
certification you can show that you are prepared
to deal with a real-world scenario and It also
provides a platform for intermediate-level
cybersecurity positions.
www.infosectrain.com sales_at_infosectrain.com
3

• The latest version of Security SY0-601  have 5
  Domains
• Domain 1.0 Attacks, Threats, and Vulnerabilities
  (24)
• Domain 2.0 Architecture and Design (21)
• Domain 3.0 Implementation (25)
• Domain 4.0 Operations and Incident Response
  (16)
• Domain 5.0 Governance, Risk, and Compliance
  (14)

www.infosectrain.com sales_at_infosectrain.com
4

• Attacks, Threats, and Vulnerabilities
• The first domain of CompTIA Security (plus),
  SY0-601 addresses a fundamental requirement of
  every data security expert the ability to detect
  and comprehend various threats, attack methods,
  and vulnerabilities that might be exploited. The
  weightage of this domain is 24. In this domain,
  we learn about
• Social Engineering Techniques and Type
• Malware Based Attack
• Threat Actors, Vectors, and Threat Intelligence
• Explain Penetration Testing Techniques
• Explain Security Concerns with Type of
  Vulnerability

• 1. Social Engineering Techniques and Type In
  this lesson, we will learn all about social
  engineering and its techniques. We discuss
  various principles of social engineering like
• Familiarity
• Social Proof
• Authority and Intimidation
• Scarcity and Urgency
• impersonation and trust

www.infosectrain.com sales_at_infosectrain.com
5

• We also cover Impersonation and Trust It is a
  common technique of social engineering. Trying to
  pretend to be someone else is known as
  impersonation. After that we learn different
  types of social engineering
• Phishing
• Smishing
• Vishing
• Spear Phishing
• Dumpster Diving
• Shoulder Surfing
• Tailgating
• Whaling

www.infosectrain.com sales_at_infosectrain.com
6

• 2. Malware Based Attack Malicious code is one of
  the most common dangers to devices today. As a
  cybersecurity specialist, you will almost
  certainly have faced undesirable malware
  attacking your computers. Youll be better
  equipped to fix affected systems or prevent
  malware if you classify the various forms of
  malware and recognize the indications of
  infection.In this part, we will discuss
  different types of Malware and how it works
• Ransomware
• Trojans
• Worms
• PUPs (Potentially Unwanted Programs)
• Bots
• Rootkit
• Backdoor
• Then we learn some different Malware Indicators,
  Sandbox Execution, Resource Consumption, and File
  system.

www.infosectrain.com sales_at_infosectrain.com
7

• 3. Threat Actors, Vectors, and Threat
  Intelligence You should be able to describe
  defensive and attack tactics in order to conduct
  a successful security analysis. Your primary
  responsibility will most likely be protecting
  assets, but in order to do so, youll need to be
  able to describe threat actors strategies,
  techniques, and processes. You should also be
  able to discover trusted sources of threat
  intelligence and research as the threat landscape
  evolves.In this lesson we will learn
• Threat Actors and Vectors.
• Threat Intelligence.
• 1. Threat Actor and Vectors In this part, we
  will discuss types of threat actors Insider
  Threat Actors, Hackers, Script Kiddies, Hacker
  Team, State Actors, Advanced Persistent Threats,
  and Criminal Syndicates. We also cover Attributes
  of Threat Actors. Inside this, we discuss 
  Internal/External, Intent/Motivation, Level of
  Sophistication/Capability, Resources/Funding.Also
  , we understand Attack Vectors and how attack
  vectors help threat actors to gain access to a
  protected system. Inside Attack vector, we also
  learn Direct access, Removable media, Email,
  Remote and wireless, Social chain, and Cloud.

www.infosectrain.com sales_at_infosectrain.com
8

• Threat Intelligence In this part we explain
  threat intelligence, work of threat intelligence,
  we learn, Threat Intelligence Source and Research
  SourceIn Threat Intelligence Source we discuss
  Open-source intelligence (OSINT),
  Closed/proprietary, Vulnerability databases,
  Public/private information sharing centers, Dark
  web, Indicators of compromise, and Threat maps.
• In Research Source we discuss
• Vendor websites
• Vulnerability feeds
• Conferences
• Academic journals
• Request for Comments (RFC)
• Local industry groups
• Social media
• Threat feeds
• Adversary tactics, techniques, and procedures
  (TTP)

www.infosectrain.com sales_at_infosectrain.com
9

• 4. Explain Penetration Testing Techniques
  Penetration testing is a form of evaluation that
  uses well-known strategies and procedures to try
  to break into a system.
• In this part we understand Penetration Testing,
  inside this, we discuss
• Known environment
• Unknown environment
• Partially known environment
• Rules of engagement
• Lateral movement
• Privilege escalation
• Persistence
• Cleanup
• Bug bounty
• Pivoting
• We understand Passive and active reconnaissance
• Drones
• War flying
• War driving
• Footprinting

www.infosectrain.com sales_at_infosectrain.com
10
5. Explain Security Concerns with Type of
Vulnerability You must be aware of the many
types of vulnerabilities that impact computer
systems and networks. You should be able to
analyze and describe the potential consequences
of vulnerabilities in order to prioritize
evaluation and remediation actions where they are
most required. In this lesson, we discuss
Software Vulnerabilities and Patch Management,
Zero-Day, Third-Party Risk, Improper or Weak
Patch Management, Impacts of Vulnerabilities. Lea
rn Security With Us Infosec Train is a leading
provider of IT security training and consulting
organization. We have certified and experienced
trainers in our team whom you can easily interact
with and solve your doubts anytime. There are
recorded sessions also available. If you are
interested and looking for live online training,
Infosec Train provides the best online security
certification training. you can check and enroll
in our CompTIA Security Online Certification
Training to prepare for the certification exam.




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com