CompTIA Security+ SY0-601 Domain 4: Operation and Incident Response

1
CompTIA Security SY0-601 Domain 4 Operation
and Incident Response
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
Security SY0-601 Domains The new version of
Security SY0-601 has 5 domains
www.infosectrain.com sales_at_infosectrain.com
4

• Domain 1.0 Attacks, Threats, and Vulnerabilities
  (24)
• Domain 2.0 Architecture and Design (21)
• Domain 3.0 Implementation (25)
• Domain 4.0 Operations and Incident Response
  (16)
• Domain 5.0 Governance, Risk, and Compliance
  (14)
• In this blog, we discuss domain 4.0 Operations
  and Incident Response.

www.infosectrain.com sales_at_infosectrain.com
5

• Operations and Incident Response
• This domain focuses on the security specialists
  responsibility in incident response. Everything
  from incident response to disaster recovery and
  business continuity is covered in this domain.
  Both technical and administrative subjects are
  included in the examination. It not only includes
  forensics, network reconnaissance, and discovery
  ideas, and the capacity to configure systems for
  incident mitigation, but it also includes the
  planning phase, which includes everything from
  tabletop exercises and simulations to the
  development of strategies. This domain covers 16
  of weightage in the examination.
• The topics covered in security domain 4.0 are
  listed below
• Given a scenario, use the appropriate tool to
  assess organizational security
• Summarize the importance of policies, processes,
  and procedures for incident response
• Given an incident, utilize appropriate data
  sources to support an investigation
• Given an incident, apply mitigation techniques or
  controls to secure an environment
• Explain the key aspects of digital forensics

www.infosectrain.com sales_at_infosectrain.com
6
1. Given a scenario, use the appropriate tool to
assess organizational securityIn this lesson, we
will cover various topics and their subtopics.
The very first topic we will understand is
Network reconnaissance and discovery. In this
topic, we will learn how to work
tracert/traceroute, nslookup/dig,
ipconfig/ifconfig, nmap, ping/pathping, hping,
netstat, netcat, IP scanners, arp, route, curl,
theHarvester, sn1per, scanless dnsenum, Nessus,
Cuckoo. We learn how to do file manipulation and
its commands like head, tail, cat, grep, chmod,
logger. We explore concepts like forensic and
commands, dd, Memdump, WinHex, FTK imager,
Autopsy. We will also understand Exploitation
frameworks, Password crackers, Data sanitization.




www.infosectrain.com sales_at_infosectrain.com
7

• 2. Summarize the importance of policies,
  processes, and procedures for incident
  responseIn this subdomain, we understand the
  Incident response process. Inside this Incident
  response process, we cover the following
  subtopics
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons learned
• We understand the Attack frameworks
• MITRE ATTCK
• The Diamond Model of Intrusion Analysis
• Cyber Kill Chain
• We also cover the concept of Stakeholder
  management, Communication plan, Disaster recovery
  plan, Business continuity plan, Continuity of
  operations planning (COOP), Incident response
  team, and Retention policies.

www.infosectrain.com sales_at_infosectrain.com
8

• 3. Given an incident, utilize appropriate data
  sources to support an investigationIn this
  subdomain, we will learn about how Vulnerability
  scan output works. Understand SIEM dashboards and
  the following subtopics
• Sensor
• Sensitivity
• Trends
• Alerts
• Correlation

www.infosectrain.com sales_at_infosectrain.com
9

• We will learn about Log files. Inside Log files,
  we cover the following subtopics
• Network
• System
• Application
• Security
• Web
• DNS
• Authentication
• Dump files
• VoIP and call managers
• Session Initiation Protocol (SIP) traffic
• We also cover Metadata, Netflow/sFlow, Protocol
  analyzer output.

www.infosectrain.com sales_at_infosectrain.com
10

• 4. Given an incident, apply mitigation techniques
  or controls to secure an environmentIn this
  lesson, we will get familiar with reconfigure
  endpoint security solutions. Inside this we will
  cover the following subtopics
• Application approved list
• Application blocklist/deny list
• Quarantine
• Explain Configuration changes  and  subtopics
  are
• Firewall rules
• MDM
• DLP
• Content filter/URL filter
• Update or revoke certificates
• Also, understand Isolation, Containment,
  Segmentation, SOAR concepts.

www.infosectrain.com sales_at_infosectrain.com
11

• 5. Explain the key aspects of digital
  forensicsWhereas incident response focuses on
  eradicating malicious activity as soon as
  possible, digital forensics needs patient
  acquisition, preservation, and examination of
  evidence using verified methodologies. In this
  subdomain, we will learn basic concepts of
  digital forensics, explain documentation,
  evidence, and admissibility. Inside this we will
  cover the following subtopics
• Legal hold
• Chain of custody
• Timelines
• Event Logs and Network Traffic

www.infosectrain.com sales_at_infosectrain.com
12
We understand E-discovery, Preservation, Data
recovery, Non-repudiation, Strategic
intelligence/counterintelligence. We will get
familiar with Data Acquisition and subtopics like
Order of volatility, Disk, Random-access memory
(RAM), Swap/pagefile, OS, Device, Firmware,
Network, Artifacts. Concept of on-premises vs
cloud, Right to audit clauses, Regulation/jurisdic
tion, Data breach notification laws. We will also
cover Integrity, Hashing, Checksums, Provenance.




www.infosectrain.com sales_at_infosectrain.com
13
Learn Security With Us InfosecTrain is a leading
provider of IT security training and consulting
organization, focusing on a wide range of IT
security training. The training sessions will be
delivered by highly qualified and professional
trainers with years of industry experience whom
you can easily interact with and solve your
doubts anytime. If you are interested and looking
for live online training, InfosecTrain provides
the best online security certification training.
You can check and enroll in our CompTIA Security
Online Certification Training to prepare for the
certification exam.




www.infosectrain.com sales_at_infosectrain.com
14
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
15
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
16
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
17
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
18
(No Transcript)
19
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com