We Knew It Was Coming: Security+ SY0-401 (Part 2 of 3)

May 2, 2014 at 2:47 pm | Posted in CompTIA, Study hints | 1 Comment
Tags: , , , ,

In my previous post, I covered the overall changes from SY0-301 to SY0-401. I described how the exam is moving from “tell” to “show and tell,” with more emphasis on applying your knowledge to scenarios than simply answering fact-based questions.

In this post I’ll delve into the first three domains and draw out the topic-level changes that may affect your study plan, especially if approaching your three-year renewal in Security+.

(In my final post, I’ll cover domains 4 through 6 and the list of acronyms.)

Domain 1: Network Security Changes

Domain 1.1 now states “Implement security configuration parameters on network devices and other technologies,” where this SY0-301 domain only asked you to explain each security function and its purpose. In addition, all-in-one security appliances are now referred to as UTM security appliances. These are now listed as including URL filters, content inspection, and malware inspection.

Domain 1.2 now states “Given a scenario, use secure network administration principles” where this SY0-301 domain focused on applying and implementing these principles. This particular change means that all questions now written for this domain will include scenarios.

Domain 1.3 now states “Explain network design elements and components” where they SY0-301 domain was only about distinguishing and differentiating between these components. The Cloud computing topic within this domain now has four new subtopics: Private, Public, Hybrid, and Community.

Domain 1.4 now states “Given a scenario, implement common protocols and services” where this SY0-301 domain was only about implementing common protocols. This particular change means that all questions now written for this domain will include scenarios. New protocols added to this domain include: iSCSI, Fibre Channel, FCoE, FTP, SFTP, TFTP, TELNET, HTTP, and NetBIOS. (Most of these were listed in Domain 1.5 in SY0-301 and were moved to this domain.) Also, this domain now includes a listing of port numbers that you should definitely know: 21, 22, 25, 53, 80, 110, 139, 143, 443, and 3389.

Domain 1.5 now states “Given a scenario, troubleshoot security issues related to wireless networking” where this SY0-301 domain was actually domain 1.6, where it read “Implement wireless network in a secure manner.” Once again, this domain change means that all questions now written for this domain will include scenarios. In addition, there are four new topics for this domain:

All of the new topics added to this domain are:

  • Application-aware devices (1.1)
  • Unified threat management (1.2)
  • Layered security / Defense in depth (1.3)
  • OSI relevance (1.4)
  • Captive portals (1.5)
  • Antenna types (1.5)
  • Site surveys (1.5)
  • VPN (over open wireless)  (1.5)
Domain 2: Compliance and Operational Security Changes

There were so many new topics added in this domain that I have chosen to list them in the domain description (to prevent slow death by bulleted list).

Domain 2.1 now states “Explain the importance of risk-related concepts” instead of just defining the concepts, as in SY0-301. The topics that have been added to this domain are: False negatives, SLE, ARO, MTTR, MTTF, MTBF, Vulnerabilities, Threat vectors, Probability / threat likelihood, Recovery time objective, and recovery point objective.

Domain 2.2 is a new objective: “Summarize the security implications of integrating systems and data with third parties.” The topics included in this domain are as follows:

  • On-boarding/off-boarding business partners
  • Social media networks and/or applications
  • Interoperability agreements
  • SLA
  • BPA
  • MOU
  • ISA
  • Privacy considerations
  • Risk awareness
  • Unauthorized data sharing
  • Data ownership
  • Data backups
  • Follow security policy and procedures
  • Review agreement requirements to verify compliance and performance standards

Domain 2.3 now states “Given a scenario, implement appropriate risk mitigation strategies” instead of just carrying out these strategies as in SY0-301. One new topic was added to this domain: Enforce technology controls, including Data Loss Prevention (DLP).

Domain 2.4 is technically a new domain, but it was actually listed as a topic under Domain 2.4 in SY0-301. It states “Given a scenario, implement basic forensic procedures.” This is another domain that will include only scenario-based questions. Only one new topic is listed here: Big data analysis.

Domain 2.5 now states “Summarize common incident response procedures” where this SY0-301 domain was about executing the appropriate incident response procedures. All but one of this topics in this domain are new:

  • Preparation
  • Incident identification
  • Escalation and notification
  • Mitigation steps
  • Lessons learned
  • Reporting
  • Recovery/reconstitution procedures
  • First responder
  • Incident isolation
  • Quarantine
  • Device removal
  • Data breach

Domain 2.6 is the same as Domain 2.4 in SY0-301. Topics that were added to this domain include: Role-based training, Information classification levels (High, Medium, Low, Confidential, Private, and Public), and Follow up and gather training metrics to validate compliance and security posture.

Domain 2.7 states “Compare and contrast physical security and environmental controls” and pulls some topics from SY0-301 Domain 2.6 Explain the impact and proper use of environmental controls. New topics to this domain include the following:

  • Physical security
    • Hardware locks
    • Mantraps
    • Video Surveillance
    • Fencing
    • Proximity readers
    • Access list
    • Proper lighting
    • Signs
    • Guards
    • Barricades
    • Biometrics
    • Protected distribution (cabling)
    • Alarms
    • Motion detection
  • Control types
    • Deterrent
    • Preventive
    • Detective
    • Compensating
    • Technical
    • Administrative

Domain 2.8 is completely new and states “Summarize risk management best practices.” However, most of the topics in it are repeated from SY0-301 Domains 2.5 and 2.7. The NEW topics in this domain are as follows:

  • Risk assessment
  • IT contingency planning
  • High availability
  • Redundancy
  • Tabletop exercises

Domain 2.9 is completely new, and states “Given a scenario, select the appropriate control to meet the goals of security.” This domain, like many others, will only include scenario-based questions. The topics covered in this domain are as follows:

  • Confidentiality
    • Encryption
    • Access controls
    • Steganography
  • Integrity
    • Hashing
    • Digital signatures
    • Certificates
    • Non-repudiation
  • Availability
    • Redundancy
    • Fault tolerance
    • Patching
  • Safety
    • Fencing
    • Lighting
    • Locks
    • CCTV
    • Escape plans
    • Drills
    • Escape routes
    • Testing controls
Domain 3: Threats and Vulnerabilities Changes

Domain 3.1 now states “Explain types of malware” where this SY0-301 domain asked you to analyze and differentiate malware. The new topics here are ransomware, polymorphic malware, and armored viruses.

Domain 3.2 now states “Summarize various types of attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Three new attack types were added to this domain: Password attacks (Brute force, Dictionary attacks, Hybrid, Birthday attacks, and Rainbow tables),  typo squatting/URL hijacking, and watering hole attacks.

Domain 3.3 now states “Summarize social engineering attacks and the associated effectiveness with each attack” where this SY0-301 domain was about analyzing and differentiating these attacks. One new topic, Principles (reasons for effectiveness), was added with several subtopics: Authority, Intimidation, Consensus/Social proof, Scarcity, Urgency, Familiarity/liking, and Trust.

Domain 3.4 now states “Explain types of wireless attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Four new topics have been added to this domain: Near field communication, Replay attacks, WEP/WPA attacks, and WPS attacks.

Domain 3.5 now states “Explain types of application attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Four new topics have been added to this domain: Integer overflow, LSO (Locally Shared Objects), Flash Cookies, and Arbitrary code execution / remote code execution.

Domain 3.6 now states “Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.” The major change to this domain is that is uses the word scenario, which implies that all questions on this topic will now be scenarios. There are no new topics in this domain.

Domain 3.7 now states “Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities” where this Sy0-301 domain was about implementing these tools. Once again, scenarios are specifically mentioned as being the question type for this domain.  Two new tools are listed in this domain: Passive vs. active tools and Banner grabbing.

Domain 3.8 now states “Explain the proper use of penetration testing versus vulnerability scanning.” Three vulnerability scanning topics have been added to this domain: Intrusive vs. non-intrusive, Credentialed vs. non-credentialed, and False positive.

Stay tuned next week, when I’ll finish out my summary of changes in Domains 4, 5, and 6!

Until next time!


1 Comment »

RSS feed for comments on this post. TrackBack URI

  1. […] Part Two: Changes to topics in domains 1, 2, and 3 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: