CompTIA Security+ SY0-601 Domain 2: Architecture and Design

1
CompTIA Security SY0-601 Domain 2 Architecture
and Design
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
SecuritySY0-601 Domains
www.infosectrain.com sales_at_infosectrain.com
4

• The latest version of Security SY0-601 have 5
  Domains
• Domain 1.0 Attacks, Threats, and Vulnerabilities
  (24)
• Domain 2.0 Architecture and Design (21)
• Domain 3.0 Implementation (25)
• Domain 4.0 Operations and Incident Response
  (16)
• Domain 5.0 Governance, Risk, and Compliance
  (14)
• In this blog, we discuss the second
  domain, Architecture and Design.

www.infosectrain.com sales_at_infosectrain.com
5

• Architecture and Design
• A well-managed Information Security environment
  depends heavily on architecture and design. This
  domain will show you how to put security measures
  into effect and establish a safe working
  environment for your organization. The weightage
  of this domain is 21. The subtopics covered in
  this domain are listed below.
• Importance of security concepts in an enterprise
  environment.
• Virtualization and cloud computing concepts.
• Secure application development, deployment, and
  automation concepts.
• Authentication and authorization design concepts.
• Implement cybersecurity resilience.
• Security implications of embedded and specialized
  systems.
• Importance of physical security controls.

www.infosectrain.com sales_at_infosectrain.com
6

• Importance of security concepts in an enterprise
  environment
• In this part, we will learn Configuration
  management and its subtopics Diagrams, Baseline
  Configuration, Standard naming conventions,
  Internet protocol schema.
• We cover Data sovereignty, Data protection,
  Geographical considerations, Response and
  recovery controls, SSL (Secure Sockets Layer)/
  TLS (Transport Layer Security) inspection, API
  considerations, Site resiliency- Hot site- Cold
  site- Warm site, and we understand Deception and
  disruption concept
• Honeypots
• Honeyfiles
• Honeynets
• Fake Telemetry
• DNS Sinkhole

www.infosectrain.com sales_at_infosectrain.com
7
Virtualization and Cloud Computing Concepts The
core premise behind cloud computing is that
youll access and control your applications and
data from any computer, everywhere in the world,
while virtualization hides or abstracts the
storage technique and location. To conduct a
breach in a cloud, a hacker just requires a good
Internet connection and a dictionary of obtained
password hashes or SSH (Secure Shell) keys. A
lack of supervision in cloud providers security
processes can greatly raise a businesss
danger. As a security expert, you should be able
to analyze the dangers and weaknesses associated
with cloud service and delivery models, as well
as the virtualization technologies that support
them. So in this part, we cover Cloud Service
Models- Infrastructure as a Service (laaS),
Software as a Service (SaaS), Platform as a
Service (PaaS). We understand Virtualization
Technologies concepts, VM Escape protection, VM
Sprawl Avoidance, Cloud Security Controls, and we
cover Infrastructure as Code.




www.infosectrain.com sales_at_infosectrain.com
8
Secure Application Development, Deployment, and
Automation Concepts Development (programming and
scripting) is at the foundation of secure network
administration and management, including
automation techniques for durability, disaster
recovery, and incident response. Along with your
career, secure application development will
become increasingly important. In this lesson, we
will cover Secure Coding Techniques- Input
validation, Normalization, and Output Encoding,
Server-side and Client-side Validation, Data
Exposure and Memory Management, Software
development kit (SDK), Stored procedures. We
understand what Automation is and what it
provides? Scalability, Elasticity. We also cover
a Secure Application Development Environment-
Development, Test, Staging, Production. In
Automation/scripting we learn deeply Automated
courses of action, Continuous Monitoring,
Continuous Validation, Continuous Integration,
Continuous Delivery, Continuous deployment.




www.infosectrain.com sales_at_infosectrain.com
9
Authentication and authorization design
concepts In this lesson, we will learn
Authentication Methods, Biometrics concepts,
Multi-Factor Authentication Factors,
Authentication Attributes, we also cover AAA
(Authentication, Authorization, and Accounting)
and Cloud versus On-premises Requirements. In
Authentication Methods, we cover Directory
Services, Federation, Attestation, Smart Card
Authentication, Authentication Technologies like-
TOTP (Time-based One- time password), HOTP
(HMAC-based one-time password), Short message
service (SMS), Token key, Static codes,
Authentication applications, Push notifications,
Phone call. In Biometrics we learn how it works
and about its various topics like Fingerprint,
Retina, Iris, Facial, Voice, Vein, Gait analysis,
Efficacy rates, False acceptance, False
rejection, Crossover error rate. In the
Authentication Factor, we learn some
authentication factors which ensure that the
account can only be used by the account user. The
factors are Something you know, Something you
have, Something you are. And in Authentication
Attributes, we cover Somewhere you are, Something
you can do, Something you exhibit, Someone you
know.




www.infosectrain.com sales_at_infosectrain.com
10
Implement cybersecurity resilience In this
lesson, we learn how to secure the whole
organization. The topics we cover inside this are
Redundancy, Replication, Backup types,
Non-persistence, High availability, Scalability,
Restoration order, Diversity. Lets see what
sub-topics we will learn, in Redundancy we cover,
Geographic dispersal, Disk,  Redundant array of
inexpensive disks (RAID) levels, Multipath,
Network, Load balancers, Network interface card
(NIC) teaming, Power, Uninterruptible power
supply (UPS), Generator, Dual supply, Managed
power distribution units (PDUs). Inside
Replication, we learn Storage area networks and
VM. In Backup, we understand types of backup like
Full, Incremental, Snapshot, Differential, Tape,
Disk, Copy, Network-attached storage (NAS),
Storage area network, Cloud, Image, Online and
offline, Offsite storage, Distance considerations.




www.infosectrain.com sales_at_infosectrain.com
11
Security implications of embedded and specialized
systems In this lesson, we learn Embedded
systems, Specialized, Supervisory control and
data acquisition (SCADA)/industrial control
system (ICS), Supervisory control and data
acquisition (SCADA)/industrial control system
(ICS), Communication considerations, Constraints,
Voice over IP (VoIP), Heating, ventilation, air
conditioning (HVAC), Drones, Multifunction
printer (MFP), Real-time operating system (RTOS),
Surveillance systems, System on chip (SoC). In
Embedded Systems we cover Raspberry Pi,
Field-programmable gate array (FPGA), Arduino. In
Specialized we cover Medical systems, Vehicles,
Aircraft, Smart meters. Inside the Internet of
Things (IoT) we learn about, Sensors, Smart
devices, Wearables, Facility automation, Weak
defaults.




www.infosectrain.com sales_at_infosectrain.com
12
Importance of physical security controls  In
this lesson, we will learn about the importance
of physical security. This part will clear your
concepts on Bollards/barricades, Access control
vestibules, Badges, Alarms, Signage, Cameras, USB
data blocker, Lighting, Fencing, Fire
suppression, Sensors, Drones, Visitor logs,
Faraday cages, Air gap, Screened subnet
(previously known as demilitarized zone),
Protected cable distribution, Secure data
destruction. Inside Sensors, we cover Motion
detection, Noise detection, Proximity reader,
Moisture detection, Cards, Temperature. We also
cover secure data destruction sub-topics like
Burning, Shredding, Pulping, Pulverizing,
Degaussing, Third-party solutions. Learn
Security With Us Infosec Train is a leading
provider of IT security training and consulting
organizations. We have certified and experienced
trainers in our team whom you can easily interact
with and solve your doubts anytime. If you are
interested and looking for live online training,
Infosec Train provides the best online security
certification training. You can check and enroll
in our CompTIA Security Online Certification
Training to prepare for the certification exam.




www.infosectrain.com sales_at_infosectrain.com
13
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
14
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
15
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
16
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
17
(No Transcript)
18
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com