CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response - PowerPoint PPT Presentation

About This Presentation
Title:

CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response

Description:

This domain focuses on the security specialist’s responsibility in incident response. Everything from incident response to disaster recovery and business continuity is covered in this domain. – PowerPoint PPT presentation

Number of Views:245

less

Transcript and Presenter's Notes

Title: CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response


1
CompTIA Security SY0-601 Domain 4 Operation
and Incident Response
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
Security SY0-601 Domains The new version of
Security SY0-601 has 5 domains
www.infosectrain.com sales_at_infosectrain.com
4
  • Domain 1.0 Attacks, Threats, and Vulnerabilities
    (24)
  • Domain 2.0 Architecture and Design (21)
  • Domain 3.0 Implementation (25)
  • Domain 4.0 Operations and Incident Response
    (16)
  • Domain 5.0 Governance, Risk, and Compliance
    (14)
  • In this blog, we discuss domain 4.0 Operations
    and Incident Response.

www.infosectrain.com sales_at_infosectrain.com
5
  • Operations and Incident Response
  • This domain focuses on the security specialists
    responsibility in incident response. Everything
    from incident response to disaster recovery and
    business continuity is covered in this domain.
    Both technical and administrative subjects are
    included in the examination. It not only includes
    forensics, network reconnaissance, and discovery
    ideas, and the capacity to configure systems for
    incident mitigation, but it also includes the
    planning phase, which includes everything from
    tabletop exercises and simulations to the
    development of strategies. This domain covers 16
    of weightage in the examination.
  • The topics covered in security domain 4.0 are
    listed below
  • Given a scenario, use the appropriate tool to
    assess organizational security
  • Summarize the importance of policies, processes,
    and procedures for incident response
  • Given an incident, utilize appropriate data
    sources to support an investigation
  • Given an incident, apply mitigation techniques or
    controls to secure an environment
  • Explain the key aspects of digital forensics

www.infosectrain.com sales_at_infosectrain.com
6
1. Given a scenario, use the appropriate tool to
assess organizational securityIn this lesson, we
will cover various topics and their subtopics.
The very first topic we will understand is
Network reconnaissance and discovery. In this
topic, we will learn how to work
tracert/traceroute, nslookup/dig,
ipconfig/ifconfig, nmap, ping/pathping, hping,
netstat, netcat, IP scanners, arp, route, curl,
theHarvester, sn1per, scanless dnsenum, Nessus,
Cuckoo. We learn how to do file manipulation and
its commands like head, tail, cat, grep, chmod,
logger. We explore concepts like forensic and
commands, dd, Memdump, WinHex, FTK imager,
Autopsy. We will also understand Exploitation
frameworks, Password crackers, Data sanitization.




www.infosectrain.com sales_at_infosectrain.com
7
  • 2. Summarize the importance of policies,
    processes, and procedures for incident
    responseIn this subdomain, we understand the
    Incident response process. Inside this Incident
    response process, we cover the following
    subtopics
  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons learned
  • We understand the Attack frameworks
  • MITRE ATTCK
  • The Diamond Model of Intrusion Analysis
  • Cyber Kill Chain
  • We also cover the concept of Stakeholder
    management, Communication plan, Disaster recovery
    plan, Business continuity plan, Continuity of
    operations planning (COOP), Incident response
    team, and Retention policies.





www.infosectrain.com sales_at_infosectrain.com
8
  • 3. Given an incident, utilize appropriate data
    sources to support an investigationIn this
    subdomain, we will learn about how Vulnerability
    scan output works. Understand SIEM dashboards and
    the following subtopics
  • Sensor
  • Sensitivity
  • Trends
  • Alerts
  • Correlation





www.infosectrain.com sales_at_infosectrain.com
9
  • We will learn about Log files. Inside Log files,
    we cover the following subtopics
  • Network
  • System
  • Application
  • Security
  • Web
  • DNS
  • Authentication
  • Dump files
  • VoIP and call managers
  • Session Initiation Protocol (SIP) traffic
  • We also cover Metadata, Netflow/sFlow, Protocol
    analyzer output.





www.infosectrain.com sales_at_infosectrain.com
10
  • 4. Given an incident, apply mitigation techniques
    or controls to secure an environmentIn this
    lesson, we will get familiar with reconfigure
    endpoint security solutions. Inside this we will
    cover the following subtopics
  • Application approved list
  • Application blocklist/deny list
  • Quarantine
  • Explain Configuration changes  and  subtopics
    are
  • Firewall rules
  • MDM
  • DLP
  • Content filter/URL filter
  • Update or revoke certificates
  • Also, understand Isolation, Containment,
    Segmentation, SOAR concepts.





www.infosectrain.com sales_at_infosectrain.com
11
  • 5. Explain the key aspects of digital
    forensicsWhereas incident response focuses on
    eradicating malicious activity as soon as
    possible, digital forensics needs patient
    acquisition, preservation, and examination of
    evidence using verified methodologies. In this
    subdomain, we will learn basic concepts of
    digital forensics, explain documentation,
    evidence, and admissibility. Inside this we will
    cover the following subtopics
  • Legal hold
  • Chain of custody
  • Timelines
  • Event Logs and Network Traffic





www.infosectrain.com sales_at_infosectrain.com
12
We understand E-discovery, Preservation, Data
recovery, Non-repudiation, Strategic
intelligence/counterintelligence. We will get
familiar with Data Acquisition and subtopics like
Order of volatility, Disk, Random-access memory
(RAM), Swap/pagefile, OS, Device, Firmware,
Network, Artifacts. Concept of on-premises vs
cloud, Right to audit clauses, Regulation/jurisdic
tion, Data breach notification laws. We will also
cover Integrity, Hashing, Checksums, Provenance.




www.infosectrain.com sales_at_infosectrain.com
13
Learn Security With Us InfosecTrain is a leading
provider of IT security training and consulting
organization, focusing on a wide range of IT
security training. The training sessions will be
delivered by highly qualified and professional
trainers with years of industry experience whom
you can easily interact with and solve your
doubts anytime. If you are interested and looking
for live online training, InfosecTrain provides
the best online security certification training.
You can check and enroll in our CompTIA Security
Online Certification Training to prepare for the
certification exam.




www.infosectrain.com sales_at_infosectrain.com
14
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
15
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
16
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
17
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
18
(No Transcript)
19
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com