1 / 16

CompTIA Security plus SY0-601 Domain 1 Attacks, Threats, and Vulnerabilities

CompTIA Security is a worldwide certification that verifies the fundamental skills required to execute basic security activities and build a career in information security. CompTIA Security SY0-601 is the latest version of the Security certification.

infosectrain1
Download Presentation

CompTIA Security plus SY0-601 Domain 1 Attacks, Threats, and Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CompTIA Security+ SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities www.infosectrain.com | sales@infosectrain.com

  2. About Security+ SY0-601 CompTIA Security+ is a worldwide certification that verifies the fundamental skills required to execute basic security activities and build a career in information security. CompTIA Security+ SY0-601 is the latest version of the Security+ certification. The very first security certification that IT professionals can obtain is CompTIA Security+, and it is the best entry-level certification. The main reason why CompTIA’s Security+(Plus) certification is such an excellent entry-level certification is It provides the fundamental information that each cybersecurity professional must have. Its areas are based on a straightforward premise: a major emphasis on practical skills. After passing the certification you can show that you are prepared to deal with a real-world scenario and It also provides a platform for intermediate-level cybersecurity positions. www.infosectrain.com | sales@infosectrain.com

  3. The latest version of Security+ SY0-601  have 5 Domains: • Domain 1.0: Attacks, Threats, and Vulnerabilities (24%) • Domain 2.0: Architecture and Design (21%) • Domain 3.0: Implementation (25%) • Domain 4.0: Operations and Incident Response (16%) • Domain 5.0: Governance, Risk, and Compliance (14%) www.infosectrain.com | sales@infosectrain.com

  4. Attacks, Threats, and Vulnerabilities The first domain of CompTIA Security+ (plus), SY0-601 addresses a fundamental requirement of every data security expert: the ability to detect and comprehend various threats, attack methods, and vulnerabilities that might be exploited. The weightage of this domain is 24%. In this domain, we learn about: Social Engineering Techniques and Type Malware Based Attack Threat Actors, Vectors, and Threat Intelligence Explain Penetration Testing Techniques Explain Security Concerns with Type of Vulnerability • 1. Social Engineering Techniques and Type: In this lesson, we will learn all about social engineering and its techniques. We discuss various principles of social engineering like: • Familiarity • Social Proof • Authority and Intimidation • Scarcity and Urgency • impersonation and trust www.infosectrain.com | sales@infosectrain.com

  5. We also cover Impersonation and Trust: It is a common technique of social engineering. Trying to pretend to be someone else is known as impersonation. After that we learn different types of social engineering : • Phishing • Smishing • Vishing • Spear Phishing • Dumpster Diving • Shoulder Surfing • Tailgating • Whaling www.infosectrain.com | sales@infosectrain.com

  6. 2. Malware Based Attack: Malicious code is one of the most common dangers to devices today. As a cybersecurity specialist, you will almost certainly have faced undesirable malware attacking your computers. You’ll be better equipped to fix affected systems or prevent malware if you classify the various forms of malware and recognize the indications of infection.In this part, we will discuss different types of Malware and how it works: • Ransomware • Trojans • Worms • PUPs (Potentially Unwanted Programs) • Bots • Rootkit • Backdoor • Then we learn some different Malware Indicators, Sandbox Execution, Resource Consumption, and File system. www.infosectrain.com | sales@infosectrain.com

  7. 3. Threat Actors, Vectors, and Threat Intelligence: You should be able to describe defensive and attack tactics in order to conduct a successful security analysis. Your primary responsibility will most likely be protecting assets, but in order to do so, you’ll need to be able to describe threat actors’ strategies, techniques, and processes. You should also be able to discover trusted sources of threat intelligence and research as the threat landscape evolves.In this lesson we will learn: Threat Actors and Vectors. Threat Intelligence. 1. Threat Actor and Vectors: In this part, we will discuss types of threat actors: Insider Threat Actors, Hackers, Script Kiddies, Hacker Team, State Actors, Advanced Persistent Threats, and Criminal Syndicates. We also cover Attributes of Threat Actors. Inside this, we discuss  Internal/External, Intent/Motivation, Level of Sophistication/Capability, Resources/Funding.Also, we understand Attack Vectors and how attack vectors help threat actors to gain access to a protected system. Inside Attack vector, we also learn Direct access, Removable media, Email, Remote and wireless, Social chain, and Cloud. www.infosectrain.com | sales@infosectrain.com

  8. Threat Intelligence: In this part we explain threat intelligence, work of threat intelligence, we learn, Threat Intelligence Source and Research SourceIn Threat Intelligence Source we discuss Open-source intelligence (OSINT), Closed/proprietary, Vulnerability databases, Public/private information sharing centers, Dark web, Indicators of compromise, and Threat maps. • In Research Source we discuss: • Vendor websites • Vulnerability feeds • Conferences • Academic journals • Request for Comments (RFC) • Local industry groups • Social media • Threat feeds • Adversary tactics, techniques, and procedures (TTP) www.infosectrain.com | sales@infosectrain.com

  9. 4. Explain Penetration Testing Techniques: Penetration testing is a form of evaluation that uses well-known strategies and procedures to try to break into a system. • In this part we understand Penetration Testing, inside this, we discuss: • Known environment • Unknown environment • Partially known environment • Rules of engagement • Lateral movement • Privilege escalation • Persistence • Cleanup • Bug bounty • Pivoting • We understand Passive and active reconnaissance: • Drones • War flying • War driving • Footprinting • OSINT • We also cover Exercise Types. In this part, we learn about some Teams. What is the work of these teams: Red-team, Blue-team, White-team, Purple-team. www.infosectrain.com | sales@infosectrain.com

  10. 5. Explain Security Concerns with Type of Vulnerability: You must be aware of the many types of vulnerabilities that impact computer systems and networks. You should be able to analyze and describe the potential consequences of vulnerabilities in order to prioritize evaluation and remediation actions where they are most required. In this lesson, we discuss Software Vulnerabilities and Patch Management, Zero-Day, Third-Party Risk, Improper or Weak Patch Management, Impacts of Vulnerabilities. Learn Security+ With Us Infosec Train is a leading provider of IT security training and consulting organization. We have certified and experienced trainers in our team whom you can easily interact with and solve your doubts anytime. There are recorded sessions also available. If you are interested and looking for live online training, Infosec Train provides the best online security+ certification training. you can check and enroll in our CompTIA Security+ Online Certification Training to prepare for the certification exam. www.infosectrain.com | sales@infosectrain.com

  11. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  12. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  13. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  14. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  15. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related