Upgrade Your Career with Exciting Offers on our Career-defining Courses Upto 50% OFF | Offer ending in:
D H M S Grab Now
X

CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response

CompTIA Security+ SY0-601 Domain 4_

Security+ SY0-601 Domains

The new version of Security+ SY0-601 has 5 domains:

Domains covered by CompTIA Security+ SY0-601

In this blog, we discuss domain 4.0 Operations and Incident Response.

Operations and Incident Response

This domain focuses on the security specialist’s responsibility in incident response. Everything from incident response to disaster recovery and business continuity is covered in this domain. Both technical and administrative subjects are included in the examination. It not only includes forensics, network reconnaissance, and discovery ideas, and the capacity to configure systems for incident mitigation, but it also includes the planning phase, which includes everything from tabletop exercises and simulations to the development of strategies. This domain covers 16% of weightage in the examination.

The topics covered in security+ domain 4.0 are listed below:

  1. Given a scenario, use the appropriate tool to assess organizational security
  2. Summarize the importance of policies, processes, and procedures for incident response
  3. Given an incident, utilize appropriate data sources to support an investigation
  4. Given an incident, apply mitigation techniques or controls to secure an environment
  5. Explain the key aspects of digital forensics

security

1. Given a scenario, use the appropriate tool to assess organizational security
In this lesson, we will cover various topics and their subtopics. The very first topic we will understand is Network reconnaissance and discovery. In this topic, we will learn how to work tracert/traceroute, nslookup/dig, ipconfig/ifconfig, nmap, ping/pathping, hping, netstat, netcat, IP scanners, arp, route, curl, theHarvester, sn1per, scanless – dnsenum, Nessus, Cuckoo. We learn how to do file manipulation and its commands like head, tail, cat, grep, chmod, logger. We explore concepts like forensic and commands, dd, Memdump, WinHex, FTK imager, Autopsy. We will also understand Exploitation frameworks, Password crackers, Data sanitization.

2. Summarize the importance of policies, processes, and procedures for incident response
In this subdomain, we understand the Incident response process. Inside this Incident response process, we cover the following subtopics:

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Lessons learned

We understand the Attack frameworks:

  • MITRE ATT&CK
  • The Diamond Model of Intrusion Analysis
  • Cyber Kill Chain

We also cover the concept of Stakeholder management, Communication plan, Disaster recovery plan, Business continuity plan, Continuity of operations planning (COOP), Incident response team, and Retention policies.

3. Given an incident, utilize appropriate data sources to support an investigation
In this subdomain, we will learn about how Vulnerability scan output works. Understand SIEM dashboards and the following subtopics:

  • Sensor
  • Sensitivity
  • Trends
  • Alerts
  • Correlation

We will learn about Log files. Inside Log files, we cover the following subtopics:

  • Network
  • System
  • Application
  • Security
  • Web
  • DNS
  • Authentication
  • Dump files
  • VoIP and call managers
  • Session Initiation Protocol (SIP) traffic

We also cover Metadata, Netflow/sFlow, Protocol analyzer output.

4. Given an incident, apply mitigation techniques or controls to secure an environment
In this lesson, we will get familiar with reconfigure endpoint security solutions. Inside this we will cover the following subtopics:

  • Application approved list
  • Application blocklist/deny list
  • Quarantine

Explain Configuration changes  and  subtopics are:

  • Firewall rules
  • MDM
  • DLP
  • Content filter/URL filter
  • Update or revoke certificates

Also, understand Isolation, Containment, Segmentation, SOAR concepts.

5. Explain the key aspects of digital forensics
Whereas incident response focuses on eradicating malicious activity as soon as possible, digital forensics needs patient acquisition, preservation, and examination of evidence using verified methodologies. In this subdomain, we will learn basic concepts of digital forensics, explain documentation, evidence, and admissibility. Inside this we will cover the following subtopics:

  • Legal hold
  • Chain of custody
  • Timelines
  • Event Logs and Network Traffic

We understand E-discovery, Preservation, Data recovery, Non-repudiation, Strategic intelligence/counterintelligence. We will get familiar with Data Acquisition and subtopics like Order of volatility, Disk, Random-access memory (RAM), Swap/pagefile, OS, Device, Firmware, Network, Artifacts. Concept of on-premises vs cloud, Right to audit clauses, Regulation/jurisdiction, Data breach notification laws. We will also cover Integrity, Hashing, Checksums, Provenance.

Learn Security+ With Us

InfosecTrain is a leading provider of IT security training and consulting organization, focusing on a wide range of IT security training. The training sessions will be delivered by highly qualified and professional trainers with years of industry experience whom you can easily interact with and solve your doubts anytime. If you are interested and looking for live online training, InfosecTrain provides the best online security+ certification training. You can check and enroll in our CompTIA Security+ Online Certification Training to prepare for the certification exam.

security

AUTHOR
Nikhilesh kotiyal ( )
Infosec Train
Nikhilesh Kotiyal has completed his degree in Information Technology. He is a keen learner and works with full dedication. He enjoys working on technical blogs. Currently, Nikhilesh is working as a content writer at Infosec Train.
TOP