1 / 19

CompTIA Security SY0-601 Domain 4 Operation and Incident Response

This domain focuses on the security specialistu2019s responsibility in incident response. Everything from incident response to disaster recovery and business continuity is covered in this domain.

infosectrain1
Download Presentation

CompTIA Security SY0-601 Domain 4 Operation and Incident Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response www.infosectrain.com | sales@infosectrain.com

  2. www.infosectrain.com | sales@infosectrain.com

  3. Security+ SY0-601 Domains The new version of Security+ SY0-601 has 5 domains: www.infosectrain.com | sales@infosectrain.com

  4. Domain 1.0: Attacks, Threats, and Vulnerabilities (24%) • Domain 2.0: Architecture and Design (21%) • Domain 3.0: Implementation (25%) • Domain 4.0: Operations and Incident Response (16%) • Domain 5.0: Governance, Risk, and Compliance (14%) • In this blog, we discuss domain 4.0 Operations and Incident Response. www.infosectrain.com | sales@infosectrain.com

  5. Operations and Incident Response This domain focuses on the security specialist’s responsibility in incident response. Everything from incident response to disaster recovery and business continuity is covered in this domain. Both technical and administrative subjects are included in the examination. It not only includes forensics, network reconnaissance, and discovery ideas, and the capacity to configure systems for incident mitigation, but it also includes the planning phase, which includes everything from tabletop exercises and simulations to the development of strategies. This domain covers 16% of weightage in the examination. The topics covered in security+ domain 4.0 are listed below: Given a scenario, use the appropriate tool to assess organizational security Summarize the importance of policies, processes, and procedures for incident response Given an incident, utilize appropriate data sources to support an investigation Given an incident, apply mitigation techniques or controls to secure an environment Explain the key aspects of digital forensics www.infosectrain.com | sales@infosectrain.com

  6. 1. Given a scenario, use the appropriate tool to assess organizational securityIn this lesson, we will cover various topics and their subtopics. The very first topic we will understand is Network reconnaissance and discovery. In this topic, we will learn how to work tracert/traceroute, nslookup/dig, ipconfig/ifconfig, nmap, ping/pathping, hping, netstat, netcat, IP scanners, arp, route, curl, theHarvester, sn1per, scanless – dnsenum, Nessus, Cuckoo. We learn how to do file manipulation and its commands like head, tail, cat, grep, chmod, logger. We explore concepts like forensic and commands, dd, Memdump, WinHex, FTK imager, Autopsy. We will also understand Exploitation frameworks, Password crackers, Data sanitization. www.infosectrain.com | sales@infosectrain.com

  7. 2. Summarize the importance of policies, processes, and procedures for incident responseIn this subdomain, we understand the Incident response process. Inside this Incident response process, we cover the following subtopics: • Preparation • Identification • Containment • Eradication • Recovery • Lessons learned • We understand the Attack frameworks: • MITRE ATT&CK • The Diamond Model of Intrusion Analysis • Cyber Kill Chain • We also cover the concept of Stakeholder management, Communication plan, Disaster recovery plan, Business continuity plan, Continuity of operations planning (COOP), Incident response team, and Retention policies. www.infosectrain.com | sales@infosectrain.com

  8. 3. Given an incident, utilize appropriate data sources to support an investigationIn this subdomain, we will learn about how Vulnerability scan output works. Understand SIEM dashboards and the following subtopics: • Sensor • Sensitivity • Trends • Alerts • Correlation www.infosectrain.com | sales@infosectrain.com

  9. We will learn about Log files. Inside Log files, we cover the following subtopics: • Network • System • Application • Security • Web • DNS • Authentication • Dump files • VoIP and call managers • Session Initiation Protocol (SIP) traffic • We also cover Metadata, Netflow/sFlow, Protocol analyzer output. www.infosectrain.com | sales@infosectrain.com

  10. 4. Given an incident, apply mitigation techniques or controls to secure an environmentIn this lesson, we will get familiar with reconfigure endpoint security solutions. Inside this we will cover the following subtopics: • Application approved list • Application blocklist/deny list • Quarantine • Explain Configuration changes  and  subtopics are: • Firewall rules • MDM • DLP • Content filter/URL filter • Update or revoke certificates • Also, understand Isolation, Containment, Segmentation, SOAR concepts. www.infosectrain.com | sales@infosectrain.com

  11. 5. Explain the key aspects of digital forensicsWhereas incident response focuses on eradicating malicious activity as soon as possible, digital forensics needs patient acquisition, preservation, and examination of evidence using verified methodologies. In this subdomain, we will learn basic concepts of digital forensics, explain documentation, evidence, and admissibility. Inside this we will cover the following subtopics: • Legal hold • Chain of custody • Timelines • Event Logs and Network Traffic www.infosectrain.com | sales@infosectrain.com

  12. We understand E-discovery, Preservation, Data recovery, Non-repudiation, Strategic intelligence/counterintelligence. We will get familiar with Data Acquisition and subtopics like Order of volatility, Disk, Random-access memory (RAM), Swap/pagefile, OS, Device, Firmware, Network, Artifacts. Concept of on-premises vs cloud, Right to audit clauses, Regulation/jurisdiction, Data breach notification laws. We will also cover Integrity, Hashing, Checksums, Provenance. www.infosectrain.com | sales@infosectrain.com

  13. Learn Security+ With Us InfosecTrain is a leading provider of IT security training and consulting organization, focusing on a wide range of IT security training. The training sessions will be delivered by highly qualified and professional trainers with years of industry experience whom you can easily interact with and solve your doubts anytime. If you are interested and looking for live online training, InfosecTrain provides the best online security+ certification training. You can check and enroll in our CompTIA Security+ Online Certification Training to prepare for the certification exam. www.infosectrain.com | sales@infosectrain.com

  14. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  15. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  16. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  17. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  18. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related