Scribd
Upload
15 views3 pages

SecurityPlus Domain4 Notes

The document outlines key security techniques in CompTIA Security+ Domain 4, covering areas such as asset management, vulnerability management, monitoring, and incident response. It emphasizes the importance of secure baselines, hardening devices, and effective identity and access management practices. Additionally, it highlights the role of automation in security processes and the use of data for investigations.

Uploaded by

yugadeepofficial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views3 pages

SecurityPlus Domain4 Notes

The document outlines key security techniques in CompTIA Security+ Domain 4, covering areas such as asset management, vulnerability management, monitoring, and incident response. It emphasizes the importance of secure baselines, hardening devices, and effective identity and access management practices. Additionally, it highlights the role of automation in security processes and the use of data for investigations.

Uploaded by

yugadeepofficial
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CompTIA Security+ Domain 4 (4.1 to 4.

9) - Simple Notes

4.1 Apply common security techniques

- Secure baselines: Set, apply, and keep checking basic security rules.

- Hardening targets: Lock down mobile devices, PCs, routers, cloud, servers, etc.

- Wireless devices: Use WPA3 and strong passwords.

- Installation: Use site surveys and heat maps to plan Wi-Fi.

- Mobile security: Use MDM; handle BYOD/COPE/CYOD devices safely.

- Wireless settings: Use WPA3, RADIUS, and good encryption.

- App security: Check inputs, use secure cookies, scan code, and sign apps.

- Sandboxing: Run suspicious apps in isolated space.

- Monitoring: Watch systems for strange activity.

4.2 Asset management

- Acquisition: Buy secure and trusted devices/software.

- Assignment: Know who owns what, and how important it is.

- Monitoring: Keep a full list of devices (inventory, details).

- Disposal: Wipe or destroy data, follow data retention rules.

4.3 Vulnerability management

- Identify: Use scans, threat feeds, pen tests, bug bounties.

- Analyze: Confirm issues, check severity (CVSS, CVE).

- Respond: Patch, isolate, or insure against threats.

- Validate: Double-check if fixes worked.

- Report: Share what you found and fixed.


CompTIA Security+ Domain 4 (4.1 to 4.9) - Simple Notes

4.4 Monitoring & alerting

- Monitor: Watch systems, apps, and networks.

- Activities: Logging, alerting, scanning, reporting.

- Response: Quarantine bad systems, tune alerts.

- Tools: SIEM, DLP, antivirus, scanners, SNMP, NetFlow.

4.5 Enhance security

- Firewalls, IDS/IPS: Block or detect attacks.

- Web filters: Block dangerous sites.

- OS security: Use Group Policy, SELinux.

- Secure protocols: Use HTTPS, TLS, etc.

- Email protection: Use DMARC, SPF, DKIM.

- NAC/EDR/XDR: Control access and respond fast.

4.6 Identity & access management

- Provisioning: Give/remove accounts.

- Permissions: Give only whats needed (least privilege).

- SSO/Federation: One login across systems.

- MFA: Use 2+ login methods (password + fingerprint).

- Passwords: Long, complex, no reuse. Use managers or go passwordless.

- Privileged access: Protect admin accounts (vaulting, temporary access).

4.7 Automation & orchestration


CompTIA Security+ Domain 4 (4.1 to 4.9) - Simple Notes

- Use cases: Auto user setup, alerts, testing, API integration.

- Benefits: Faster, fewer errors, saves time.

- Challenges: Can be complex and costly.

4.8 Incident response

- Steps: Prepare, Detect, Analyze, Contain, Eradicate, Recover, Review.

- Practice: Tabletop drills, simulations.

- Root cause & threat hunting: Find how it happened.

- Forensics: Keep digital evidence safe (chain of custody).

4.9 Using data in investigations

- Logs: Firewall, system, app, network, metadata.

- Sources: Dashboards, reports, scans, packet captures.

- Goal: Find out what happened and how.

You might also like