Security+ Study Notes
System Failure
A computer crash or failure of an individual application
Threat Hunting
A cybersecurity technique designed to detect the presence of threats that have not been discovered by normal security monitoring
Hypothesis
A derived hypothesis from threat modeling based on potential events with higher likelihood and higher impact
Intrusion Detection System (IDS)
A device or software application that monitors a system or network to identify incidents or attacks
Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim
MITRE ATT&CK Framework
A knowledge base for listing and explaining specific adversary tactics, techniques, and common procedures
Kill Chain
A model that describes the stages by which a threat actor progresses a network intrusion
Spam
Abuse of electronic messaging systems, most commonly through email
Unauthorized Access
Accessing computer resources and data without the owner's consent
Unnecessary Applications
Applications that are not essential and should be removed from a system
Software Firewalls
Applications that protect a computer from unwanted Internet traffic
Bluetooth Attacks
Attacks that exploit vulnerabilities in Bluetooth technology
AAA of Security
Authentication, Authorization, and Accounting - the three components of security
Botnets and Zombies
Collections of compromised computers under the control of a master node
CIA Triad
Confidentiality, Integrity, and Availability - the three core principles of information security
Open-Source
Data available for use without subscription, often including threat feeds and reputation lists
Closed-Source
Data derived from the provider's own research and analysis efforts
Availability
Ensuring that information is accessible, stored, and protected at all times
Confidentiality
Ensuring that information is not disclosed to unauthorized people
Integrity
Ensuring that information is not modified or altered without proper authorization
Hacktivists
Hackers who are driven by a cause like social change, political agendas, or terrorism
Organized Crime
Hackers who are part of a crime group that is well-funded and highly sophisticated
Blue Hats
Hackers who attempt to hack into a network with permission of the company but are not employed by the company
Elite
Hackers who find and exploit vulnerabilities before anyone else does
Script Kiddies
Hackers with limited skill who only run other people's exploits and tools
Gray Hats
Hackers without any affiliation to a company who attempt to break into a company's network but risk the law by doing so
Advanced Persistent Threats
Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal
Symptoms of Infection
Indications that a computer might be infected with malware
Hackers
Individuals who attempt to gain unauthorized access to computer systems
Viruses
Malicious code that infects a computer when a file is opened or executed
Black Hats
Malicious hackers who break into computer systems and networks without authorization
Trojan Horses
Malicious software disguised as harmless or desirable software
Worms
Malicious software that can self-replicate without user interaction
Ransomware
Malware that restricts access to a victim's computer system until a ransom is received
Spyware
Malware that secretly gathers information about the user without their consent
Security of Apps
Measures to ensure the security of mobile applications
Mobile Malware
Measures to prevent and protect against malware on mobile devices
Preventing Malware
Measures to prevent malware infections
Mobile Device Theft
Measures to protect against and recover from mobile device theft
Securing Wireless Devices
Measures to secure WiFi connections and Bluetooth devices
Securing Storage Devices
Measures to secure removable media, network attached storage (NAS), and storage area networks (SAN)
Open-Source Intelligence (OSINT)
Methods of obtaining information about a person or organization through public records, websites, and social media
Restricting Applications
Methods to control which applications can be run on a system
Backdoors and Logic Bombs
Methods used to bypass normal security and authentication functions or execute malicious code
SIM Cloning & ID Theft
Methods used to clone SIM cards or steal identities
Data Loss Prevention (DLP)
Monitoring data in use, in transit, or at rest to detect attempts to steal the data
White Hats
Non-malicious hackers who attempt to break into a company's systems at their request
Operations and Incident Response
One of the domains in the SYO-601 exam that covers the day-to-day operations of security systems and how to respond to security incidents
Architecture and Design
One of the domains in the SYO-601 exam that covers the design and implementation of secure systems and networks
Governance, Risk, and Compliance
One of the domains in the SYO-601 exam that focuses on the management of security policies, risk assessment, and compliance with regulations
Implementation
One of the domains in the SYO-601 exam that focuses on the practical implementation of security measures
Attacks, Threats, and Vulnerabilities
One of the domains in the SYO-601 exam that focuses on understanding different types of attacks, threats, and vulnerabilities
Trusted Operating Systems
Operating systems that meet specific security requirements
Endpoint Analysis
Security measures for endpoint devices such as anti-virus, host-based IDS/IPS, endpoint protection platforms, endpoint detection and response, and user and entity behavior analytics
Mobile Device Security
Security measures for mobile devices such as smartphones and tablets
Physical Controls
Security measures such as alarm systems, locks, surveillance cameras, identification cards, and security guards
Administrative Controls
Security measures such as policies, procedures, security awareness training, contingency planning, and disaster recovery plans
Technical Controls
Security measures such as smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication
Unnecessary Services
Services that are not needed and should be disabled in the operating system
Malware
Short for malicious software, refers to software designed to harm or exploit computer systems
Rootkits
Software designed to gain administrative level control over a system without detection
Malware
Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent
Pop-up Blockers
Software or browser settings that block unwanted pop-up windows
Updates and Patches
Software updates and patches to fix vulnerabilities and bugs
Removing Malware
Steps to identify and remove malware from an infected system
Securing the BIOS
Steps to secure the Basic Input Output System (BIOS) of a computer
Social Engineering
The act of manipulating users into revealing confidential information or performing detrimental actions
Domains
The different topic areas covered in the SYO-601 exam
Threat Intelligence
The knowledge and information about potential threats and their sources
Threat Vector
The method used by an attacker to access a victim's machine
Attack Vector
The method used by an attacker to gain access to a victim's machine in order to infect it with malware
Minimum to Pass
The minimum score required to pass the SYO-601 exam
Bring Your Own Device (BYOD)
The practice of allowing employees to use their personal devices for work purposes
Information Security
The practice of protecting data and information from unauthorized access, modification, disruption, disclosure, corruption, and destruction
Information Systems Security
The practice of protecting the systems that hold and process critical data
Malware Infection
The process by which malware code infects a target host
Hardening
The process of configuring an operating system securely by updating it, creating rules and policies, and removing unnecessary applications and services
Disk Encryption
The process of encrypting data on a storage device
Privilege Escalation
The process of exploiting a design flaw or bug in a system to gain access to resources that a normal user isn't able to access
Authorization
The process of granting a user access to specific data or areas of a building
Authentication
The process of verifying a person's identity using proof and confirmation by a system
Timeliness
The property of threat intelligence that ensures it is up-to-date
Relevancy
The property of threat intelligence that ensures it matches the intended use cases
Accuracy
The property of threat intelligence that ensures it produces effective results
Confidence Levels
The property of threat intelligence that ensures it produces qualified statements about reliability
Exploit Technique
The specific method by which malware code infects a target host
Actions on Objectives
The stage of the kill chain where the attacker collects information from target systems or achieves other goals
Weaponization
The stage of the kill chain where the attacker combines payload code with exploit code
Reconnaissance
The stage of the kill chain where the attacker determines what methods to use for the attack
Delivery
The stage of the kill chain where the attacker identifies a vector to transmit the weaponized code
Installation
The stage of the kill chain where the weaponized code achieves persistence on the target system
Command & Control (C2)
The stage of the kill chain where the weaponized code establishes an outbound channel to a remote server
Exploitation
The stage of the kill chain where the weaponized code is executed on the target system
Accounting
The tracking of data, computer usage, and network resources
Proprietary
Threat intelligence provided as a commercial service offering, subject to a subscription fee
Common Delivery Methods
Various methods by which malware infections are delivered
Threat Actors
Various types of individuals or groups who pose a threat to cybersecurity
Security Threats
Various types of threats that can compromise the security of a system
