Introduction: What is CompTIA Security+ and Why It Matters
CompTIA Security+ is a globally recognized certification that validates baseline cybersecurity skills. It’s vendor-neutral and covers core security functions, making it ideal for IT professionals looking to demonstrate fundamental security knowledge. The certification serves as a springboard for cybersecurity careers and is DoD 8570 approved, often required for government and defense-related IT security positions.
Core Security Concepts
CIA Triad
- Confidentiality: Ensuring data is accessible only to authorized users
- Integrity: Maintaining accuracy and trustworthiness of data
- Availability: Ensuring systems and data are accessible when needed
Additional Security Principles
- Non-repudiation: Preventing denial of actions performed
- Authentication: Verifying identity
- Authorization: Granting appropriate access rights
- Accounting: Tracking user activities and resource usage
Key Domains Covered in Security+ (SY0-601)
| Domain | Weight | Key Focus Areas |
|---|---|---|
| 1. Attacks, Threats, and Vulnerabilities | 24% | Social engineering, malware, attack vectors |
| 2. Architecture and Design | 21% | Security controls, secure network design |
| 3. Implementation | 25% | Secure protocols, authentication, deployment |
| 4. Operations and Incident Response | 16% | Security tools, incident handling, forensics |
| 5. Governance, Risk, and Compliance | 14% | Policies, standards, regulations |
Network Security Concepts
Network Architecture Components
- Firewall: Hardware/software that filters traffic between networks
- IDS/IPS: Intrusion Detection/Prevention Systems
- NAT: Network Address Translation
- VPN: Virtual Private Network
- DMZ: Demilitarized Zone
- VLAN: Virtual Local Area Network
Secure Network Protocols
- SSH (22): Secure Shell for encrypted remote access
- SFTP (22): Secure File Transfer Protocol
- HTTPS (443): HTTP Secure with TLS/SSL
- FTPS (990): FTP Secure with explicit TLS/SSL
- LDAPS (636): LDAP over SSL
- SNMPv3 (161/162): Simple Network Management Protocol version 3
- IPsec: Internet Protocol Security for VPNs
Insecure Protocols to Avoid
- Telnet (23): Unencrypted terminal emulation
- FTP (20/21): Unencrypted file transfer
- HTTP (80): Unencrypted web traffic
- SMTP (25): Basic email transfer (without TLS)
Common Threats and Attack Vectors
Malware Types
- Virus: Requires host program, self-replicates
- Worm: Self-propagates without host program
- Trojan: Disguised as legitimate software
- Ransomware: Encrypts data, demands payment
- Spyware: Monitors user activity without consent
- Rootkit: Gains privileged system access, hides presence
- Keylogger: Records keystrokes
- Adware: Displays unwanted advertisements
- Fileless Malware: Operates in memory without files
Social Engineering Attacks
- Phishing: Fraudulent attempts to obtain sensitive information
- Spear Phishing: Targeted phishing against specific individuals
- Whaling: Targeting high-profile executives
- Vishing: Voice phishing via phone
- Smishing: SMS phishing
- Pretexting: Creating fabricated scenario
- Baiting: Offering something enticing
- Tailgating/Piggybacking: Following someone into secure area
- Dumpster Diving: Searching through discarded materials
Network Attacks
- DDoS: Distributed Denial of Service
- Man-in-the-Middle: Intercepting communications
- ARP Poisoning: Associating attacker’s MAC with legitimate IP
- DNS Poisoning: Corrupting DNS resolver cache
- Session Hijacking: Taking over authenticated sessions
- Evil Twin: Rogue wireless access point
- Replay Attack: Valid data transmission is maliciously repeated
Cryptography Basics
Encryption Types
- Symmetric: Same key for encryption/decryption (faster, less secure)
- Asymmetric: Public/private key pairs (slower, more secure)
Common Algorithms
| Type | Examples | Use Cases |
|---|---|---|
| Symmetric | AES, 3DES, Blowfish | Bulk data encryption, VPNs |
| Asymmetric | RSA, ECC, DH | Digital signatures, key exchange |
| Hashing | SHA-256, SHA-3, BLAKE2 | Data integrity, password storage |
PKI Components
- Certificates: Bind public keys to entities
- Certificate Authority (CA): Issues certificates
- Registration Authority (RA): Verifies user identities
- CRL: Certificate Revocation List
- OCSP: Online Certificate Status Protocol
- Recovery Agent: Can recover encrypted data
Identity and Access Management
Authentication Methods
- Something you know: Passwords, PINs
- Something you have: Smart cards, tokens
- Something you are: Biometrics
- Somewhere you are: Geolocation
- Something you do: Behavioral biometrics
Access Control Models
- DAC: Discretionary Access Control (owner-based)
- MAC: Mandatory Access Control (label-based)
- RBAC: Role-Based Access Control (role-based)
- ABAC: Attribute-Based Access Control (policy-based)
- Rule-Based Access Control: Uses rules to determine access
Account Management
- Least Privilege: Grant minimal access needed
- Separation of Duties: Divide critical tasks
- Job Rotation: Regularly change responsibilities
- User Access Review: Periodically verify access rights
- Onboarding/Offboarding: Account creation/termination
Risk Management
Risk Assessment Formula
Risk = Threat × Vulnerability × Impact
Risk Responses
- Accept: Acknowledge risk without mitigation
- Transfer: Shift risk to third party (insurance)
- Mitigate: Reduce risk through controls
- Avoid: Eliminate risk by removing cause
Security Controls
- Administrative: Policies, training, awareness
- Technical: Software/hardware solutions
- Physical: Barriers, locks, surveillance
- Preventive: Stop incidents before occurring
- Detective: Identify incidents during/after
- Corrective: Minimize impact of incidents
- Deterrent: Discourage violation attempts
- Compensating: Alternative to primary control
Security Policies and Procedures
Key Policy Types
- Acceptable Use Policy (AUP): Defines proper system use
- Data Classification Policy: Categorizes data sensitivity
- Password Policy: Requirements for authentication
- BYOD Policy: Rules for personal devices
- Change Management: Process for system changes
- Incident Response: Steps for security incidents
- Disaster Recovery: Recovery after major disruption
- Business Continuity: Maintaining operations during disruption
Compliance Regulations
- GDPR: EU data protection
- HIPAA: US healthcare data
- PCI DSS: Payment card industry
- SOX: Financial reporting
- FISMA: US federal information
Incident Response Process
- Preparation: Planning, policies, training
- Identification: Detect and analyze potential incidents
- Containment: Limit incident scope/damage
- Eradication: Remove threat from environment
- Recovery: Restore systems to normal operation
- Lessons Learned: Document findings and improve process
Common Security+ Acronyms
| Acronym | Full Term |
|---|---|
| APT | Advanced Persistent Threat |
| BCP | Business Continuity Plan |
| BIA | Business Impact Analysis |
| BYOD | Bring Your Own Device |
| CIRT | Computer Incident Response Team |
| DLP | Data Loss Prevention |
| DRP | Disaster Recovery Plan |
| HIDS | Host-based Intrusion Detection System |
| MFA | Multi-Factor Authentication |
| MITM | Man-in-the-Middle |
| NIDS | Network-based Intrusion Detection System |
| OWASP | Open Web Application Security Project |
| RPO | Recovery Point Objective |
| RTO | Recovery Time Objective |
| SIEM | Security Information and Event Management |
| SOC | Security Operations Center |
| TPM | Trusted Platform Module |
| UTM | Unified Threat Management |
| WAF | Web Application Firewall |
| XSS | Cross-Site Scripting |
Common Security Tools
Vulnerability Management
- Nessus, OpenVAS, Qualys
- Nmap, Wireshark, Metasploit
Monitoring & Analysis
- SIEM tools (Splunk, LogRhythm, QRadar)
- Snort, Suricata (IDS)
- Bro/Zeek (Network analysis)
Encryption & Authentication
- OpenSSL, GnuPG
- OAuth, SAML, RADIUS, TACACS+
Exam Tips and Study Strategies
- Practice performance-based questions (PBQs)
- Master the acronyms – create flashcards
- Understand concepts rather than memorizing
- Take practice exams to identify weak areas
- Use the process of elimination for difficult questions
- Review logs and configuration files for PBQs
- Answer all questions – no penalty for wrong answers
- Read each question carefully – look for qualifying words
Resources for Further Learning
Official Resources
- CompTIA Security+ Official Study Guide
- CompTIA CertMaster Practice for Security+
- CompTIA CertMaster Learn for Security+
Practice Tests
- CompTIA Official Practice Tests
- Dion Training Security+ Practice Exams
- Professor Messer Practice Exams
Online Training
- Professor Messer’s YouTube Course (free)
- Jason Dion’s Udemy Course
- Mike Meyers’ Total Seminars
- ITProTV Security+ Course
Communities
- Reddit r/CompTIA
- TechExams.net forums
- CompTIA Discord community
Remember that Security+ is about understanding concepts, not just memorizing facts. This cheatsheet provides a foundation, but deep understanding comes through practical application and experience.