Title: CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response
1CompTIA Security SY0-601 Domain 4 Operation
and Incident Response
www.infosectrain.com sales_at_infosectrain.com
2www.infosectrain.com sales_at_infosectrain.com
3Security SY0-601 Domains The new version of
Security SY0-601 has 5 domains
www.infosectrain.com sales_at_infosectrain.com
4- Domain 1.0 Attacks, Threats, and Vulnerabilities
(24) - Domain 2.0 Architecture and Design (21)
- Domain 3.0 Implementation (25)
- Domain 4.0 Operations and Incident Response
(16) - Domain 5.0 Governance, Risk, and Compliance
(14) - In this blog, we discuss domain 4.0 Operations
and Incident Response.
www.infosectrain.com sales_at_infosectrain.com
5- Operations and Incident Response
- This domain focuses on the security specialists
responsibility in incident response. Everything
from incident response to disaster recovery and
business continuity is covered in this domain.
Both technical and administrative subjects are
included in the examination. It not only includes
forensics, network reconnaissance, and discovery
ideas, and the capacity to configure systems for
incident mitigation, but it also includes the
planning phase, which includes everything from
tabletop exercises and simulations to the
development of strategies. This domain covers 16
of weightage in the examination. - The topics covered in security domain 4.0 are
listed below - Given a scenario, use the appropriate tool to
assess organizational security - Summarize the importance of policies, processes,
and procedures for incident response - Given an incident, utilize appropriate data
sources to support an investigation - Given an incident, apply mitigation techniques or
controls to secure an environment - Explain the key aspects of digital forensics
www.infosectrain.com sales_at_infosectrain.com
61. Given a scenario, use the appropriate tool to
assess organizational securityIn this lesson, we
will cover various topics and their subtopics.
The very first topic we will understand is
Network reconnaissance and discovery. In this
topic, we will learn how to work
tracert/traceroute, nslookup/dig,
ipconfig/ifconfig, nmap, ping/pathping, hping,
netstat, netcat, IP scanners, arp, route, curl,
theHarvester, sn1per, scanless dnsenum, Nessus,
Cuckoo. We learn how to do file manipulation and
its commands like head, tail, cat, grep, chmod,
logger. We explore concepts like forensic and
commands, dd, Memdump, WinHex, FTK imager,
Autopsy. We will also understand Exploitation
frameworks, Password crackers, Data sanitization.
www.infosectrain.com sales_at_infosectrain.com
7- 2. Summarize the importance of policies,
processes, and procedures for incident
responseIn this subdomain, we understand the
Incident response process. Inside this Incident
response process, we cover the following
subtopics - Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
- We understand the Attack frameworks
- MITRE ATTCK
- The Diamond Model of Intrusion Analysis
- Cyber Kill Chain
- We also cover the concept of Stakeholder
management, Communication plan, Disaster recovery
plan, Business continuity plan, Continuity of
operations planning (COOP), Incident response
team, and Retention policies.
www.infosectrain.com sales_at_infosectrain.com
8- 3. Given an incident, utilize appropriate data
sources to support an investigationIn this
subdomain, we will learn about how Vulnerability
scan output works. Understand SIEM dashboards and
the following subtopics - Sensor
- Sensitivity
- Trends
- Alerts
- Correlation
www.infosectrain.com sales_at_infosectrain.com
9- We will learn about Log files. Inside Log files,
we cover the following subtopics - Network
- System
- Application
- Security
- Web
- DNS
- Authentication
- Dump files
- VoIP and call managers
- Session Initiation Protocol (SIP) traffic
- We also cover Metadata, Netflow/sFlow, Protocol
analyzer output.
www.infosectrain.com sales_at_infosectrain.com
10- 4. Given an incident, apply mitigation techniques
or controls to secure an environmentIn this
lesson, we will get familiar with reconfigure
endpoint security solutions. Inside this we will
cover the following subtopics - Application approved list
- Application blocklist/deny list
- Quarantine
- Explain Configuration changes and subtopics
are - Firewall rules
- MDM
- DLP
- Content filter/URL filter
- Update or revoke certificates
- Also, understand Isolation, Containment,
Segmentation, SOAR concepts.
www.infosectrain.com sales_at_infosectrain.com
11- 5. Explain the key aspects of digital
forensicsWhereas incident response focuses on
eradicating malicious activity as soon as
possible, digital forensics needs patient
acquisition, preservation, and examination of
evidence using verified methodologies. In this
subdomain, we will learn basic concepts of
digital forensics, explain documentation,
evidence, and admissibility. Inside this we will
cover the following subtopics - Legal hold
- Chain of custody
- Timelines
- Event Logs and Network Traffic
www.infosectrain.com sales_at_infosectrain.com
12We understand E-discovery, Preservation, Data
recovery, Non-repudiation, Strategic
intelligence/counterintelligence. We will get
familiar with Data Acquisition and subtopics like
Order of volatility, Disk, Random-access memory
(RAM), Swap/pagefile, OS, Device, Firmware,
Network, Artifacts. Concept of on-premises vs
cloud, Right to audit clauses, Regulation/jurisdic
tion, Data breach notification laws. We will also
cover Integrity, Hashing, Checksums, Provenance.
www.infosectrain.com sales_at_infosectrain.com
13Learn Security With Us InfosecTrain is a leading
provider of IT security training and consulting
organization, focusing on a wide range of IT
security training. The training sessions will be
delivered by highly qualified and professional
trainers with years of industry experience whom
you can easily interact with and solve your
doubts anytime. If you are interested and looking
for live online training, InfosecTrain provides
the best online security certification training.
You can check and enroll in our CompTIA Security
Online Certification Training to prepare for the
certification exam.
www.infosectrain.com sales_at_infosectrain.com
14About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
15Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
16Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
17Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
18(No Transcript)
19Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com