CompTIA Security+ SY0-601 Domain 2: Architecture and Design

Security+SY0-601 Domains

The latest version of Security+ SY0-601 have 5 Domains:

• Domain 1.0: Attacks, Threats, and Vulnerabilities (24%)
• Domain 2.0: Architecture and Design (21%)
• Domain 3.0: Implementation (25%)
• Domain 4.0: Operations and Incident Response (16%)
• Domain 5.0: Governance, Risk, and Compliance (14%)

In this blog, we discuss the second domain, Architecture and Design.

Architecture and Design

A well-managed Information Security environment depends heavily on architecture and design. This domain will show you how to put security measures into effect and establish a safe working environment for your organization. The weightage of this domain is 21%. The subtopics covered in this domain are listed below.

1. Importance of security concepts in an enterprise environment.
2. Virtualization and cloud computing concepts.
3. Secure application development, deployment, and automation concepts.
4. Authentication and authorization design concepts.
5. Implement cybersecurity resilience.
6. Security implications of embedded and specialized systems.
7. Importance of physical security controls.

Importance of security concepts in an enterprise environment

In this part, we will learn Configuration management and its subtopics Diagrams, Baseline Configuration, Standard naming conventions, Internet protocol schema.

We cover Data sovereignty, Data protection, Geographical considerations, Response and recovery controls, SSL (Secure Sockets Layer)/ TLS (Transport Layer Security) inspection, API considerations, Site resiliency- Hot site- Cold site- Warm site, and we understand Deception and disruption concept

• Honeypots
• Honeyfiles
• Honeynets
• Fake Telemetry
• DNS Sinkhole

Virtualization and Cloud Computing Concepts: The core premise behind cloud computing is that you’ll access and control your applications and data from any computer, everywhere in the world, while virtualization hides or abstracts the storage technique and location.

To conduct a breach in a cloud, a hacker just requires a good Internet connection and a dictionary of obtained password hashes or SSH (Secure Shell) keys. A lack of supervision in cloud providers’ security processes can greatly raise a business’s danger.

As a security expert, you should be able to analyze the dangers and weaknesses associated with cloud service and delivery models, as well as the virtualization technologies that support them.

So in this part, we cover Cloud Service Models- Infrastructure as a Service (laaS), Software as a Service (SaaS), Platform as a Service (PaaS). We understand Virtualization Technologies concepts, VM Escape protection, VM Sprawl Avoidance, Cloud Security Controls, and we cover Infrastructure as Code.

Secure Application Development, Deployment, and Automation Concepts: Development (programming and scripting) is at the foundation of secure network administration and management, including automation techniques for durability, disaster recovery, and incident response. Along with your career, secure application development will become increasingly important. In this lesson, we will cover Secure Coding Techniques- Input validation, Normalization, and Output Encoding, Server-side and Client-side Validation, Data Exposure and Memory Management, Software development kit (SDK), Stored procedures. We understand what Automation is and what it provides? Scalability, Elasticity. We also cover a Secure Application Development Environment- Development, Test, Staging, Production. In Automation/scripting we learn deeply Automated courses of action, Continuous Monitoring, Continuous Validation, Continuous Integration, Continuous Delivery, Continuous deployment.

Authentication and authorization design concepts: In this lesson, we will learn Authentication Methods, Biometrics concepts, Multi-Factor Authentication Factors, Authentication Attributes, we also cover AAA (Authentication, Authorization, and Accounting) and Cloud versus On-premises Requirements. In Authentication Methods, we cover Directory Services, Federation, Attestation, Smart Card Authentication, Authentication Technologies like- TOTP (Time-based One- time password), HOTP (HMAC-based one-time password), Short message service (SMS), Token key, Static codes, Authentication applications, Push notifications, Phone call. In Biometrics we learn how it works and about its various topics like Fingerprint, Retina, Iris, Facial, Voice, Vein, Gait analysis, Efficacy rates, False acceptance, False rejection, Crossover error rate. In the Authentication Factor, we learn some authentication factors which ensure that the account can only be used by the account user. The factors are Something you know, Something you have, Something you are. And in Authentication Attributes, we cover Somewhere you are, Something you can do, Something you exhibit, Someone you know.

Implement cybersecurity resilience: In this lesson, we learn how to secure the whole organization. The topics we cover inside this are Redundancy, Replication, Backup types, Non-persistence, High availability, Scalability, Restoration order, Diversity. Let’s see what sub-topics we will learn, in Redundancy we cover, Geographic dispersal, Disk,  Redundant array of inexpensive disks (RAID) levels, Multipath, Network, Load balancers, Network interface card (NIC) teaming, Power, Uninterruptible power supply (UPS), Generator, Dual supply, Managed power distribution units (PDUs). Inside Replication, we learn Storage area networks and VM. In Backup, we understand types of backup like Full, Incremental, Snapshot, Differential, Tape, Disk, Copy, Network-attached storage (NAS), Storage area network, Cloud, Image, Online and offline, Offsite storage, Distance considerations.

Security implications of embedded and specialized systems: In this lesson, we learn Embedded systems, Specialized, Supervisory control and data acquisition (SCADA)/industrial control system (ICS), Supervisory control and data acquisition (SCADA)/industrial control system (ICS), Communication considerations, Constraints, Voice over IP (VoIP), Heating, ventilation, air conditioning (HVAC), Drones, Multifunction printer (MFP), Real-time operating system (RTOS), Surveillance systems, System on chip (SoC). In Embedded Systems we cover Raspberry Pi, Field-programmable gate array (FPGA), Arduino. In Specialized we cover Medical systems, Vehicles, Aircraft, Smart meters. Inside the Internet of Things (IoT) we learn about, Sensors, Smart devices, Wearables, Facility automation, Weak defaults.

Importance of physical security controls : In this lesson, we will learn about the importance of physical security. This part will clear your concepts on Bollards/barricades, Access control vestibules, Badges, Alarms, Signage, Cameras, USB data blocker, Lighting, Fencing, Fire suppression, Sensors, Drones, Visitor logs, Faraday cages, Air gap, Screened subnet (previously known as demilitarized zone), Protected cable distribution, Secure data destruction. Inside Sensors, we cover Motion detection, Noise detection, Proximity reader, Moisture detection, Cards, Temperature. We also cover secure data destruction sub-topics like Burning, Shredding, Pulping, Pulverizing, Degaussing, Third-party solutions.

Learn Security+ With Us

Infosec Train is a leading provider of IT security training and consulting organizations. We have certified and experienced trainers in our team whom you can easily interact with and solve your doubts anytime. If you are interested and looking for live online training, Infosec Train provides the best online security+ certification training. You can check and enroll in our CompTIA Security+ Online Certification Training to prepare for the certification exam.

AUTHOR
Nikhilesh kotiyal ( )
Infosec Train

“ Nikhilesh Kotiyal has completed his degree in Information Technology. He is a keen learner and works with full dedication. He enjoys working on technical blogs. Currently, Nikhilesh is working as a content writer at Infosec Train. “