The latest version of Security+ SY0-601 have 5 Domains:
Domain 1.0: Attacks, Threats, and Vulnerabilities (24%)
Domain 2.0: Architecture and Design (21%)
Domain 3.0: Implementation (25%)
Domain 4.0: Operations and Incident Response (16%)
https://www.infosectrain.com/blog/comptia-security-sy0-601-domain-2-architecture-and-design/
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
CompTIA Security+ SY0-601 Domain 2
1.
2. www.infosectrain.com | sales@infosectrain.com 01
The latest version of
Security+ SY0-601 have 5 Domains:
Domain 1.0: Attacks, Threats, and Vulnerabilities (24%)
Domain 2.0: Architecture and Design (21%)
Domain 3.0: Implementation (25%)
Domain 4.0: Operations and Incident Response (16%)
Domain 5.0: Governance, Risk, and Compliance (14%)
In this blog, we discuss the second domain 2: Architecture and Design.
3. www.infosectrain.com | sales@infosectrain.com 02
Architecture and Design
D O M A I N 2
A well-managed Information Security environment depends heavily
on architecture and design. This domain will show you how to put
security measures into effect and establish a safe working
environment for your organization. The weightage of this domain is
21%. The subtopics covered in this domain are listed below
1. Importance of security concepts in an enterprise environment.
2. Virtualization and cloud computing concepts.
3. Secure application development, deployment, and automation
concepts.
4. Authentication and authorization design concepts.
5. Implement cybersecurity resilience.
6. Security implications of embedded and specialized systems.
7. Importance of physical security controls.
4. www.infosectrain.com | sales@infosectrain.com 03
Importance of security concepts
in an enterprise environment
01
In this part, we will learn Configuration management and its
subtopics Diagrams, Baseline Configuration, Standard naming
conventions, Internet protocol schema.
We cover Data sovereignty, Data protection, Geographical
considerations, Response and recovery controls, SSL (Secure
Sockets Layer)/ TLS (Transport Layer Security) inspection, API
considerations, Site resiliency- Hot site- Cold site- Warm site, and
we understand Deception and disruption concept
• Honeypots
• Honeyfiles
• Honeynets
• Fake Telemetry
• DNS Sinkhole
5. www.infosectrain.com | sales@infosectrain.com 04
Virtualization and Cloud
Computing Concepts
02
The core premise behind cloud computing is that
you’ll access and control your applications and
data from any computer, everywhere in the world,
while virtualization hides or abstracts the storage
technique and location.
To conduct a breach in a cloud, a hacker just
requires a good Internet connection and a
dictionary of obtained password hashes or SSH
(Secure Shell) keys. A lack of supervision in cloud
providers’ security processes can greatly raise a
business’s danger.
As a security expert, you should be able to analyze the dangers and
weaknesses associated with cloud service and delivery models, as
well as the virtualization technologies that support them.
So in this part, we cover Cloud Service Models- Infrastructure as a
Service (laaS), Software as a Service (SaaS), Platform as a Service
(PaaS). We understand Virtualization Technologies concepts, VM
Escape protection, VM Sprawl Avoidance, Cloud Security Controls,
and we cover Infrastructure as Code.
6. www.infosectrain.com | sales@infosectrain.com 05
Secure Application Development,
Deployment, and Automation
Concepts
03
Development (programming and scripting) is at the foundation of
secure network administration and management, including
automation techniques for durability, disaster recovery, and
incident response. Along with your career, secure application
development will become increasingly important. In this lesson, we
will cover Secure Coding Techniques- Input validation,
Normalization, and Output Encoding, Server-side and Client-side
Validation, Data Exposure and Memory Management, Software
development kit (SDK), Stored procedures. We understand what
Automation is and what it provides? Scalability, Elasticity. We also
cover a Secure Application Development Environment
Development, Test, Staging, Production. In Automation/scripting we
learn deeply Automated courses of action, Continuous Monitoring,
Continuous Validation, Continuous Integration, Continuous Delivery,
Continuous deployment.
7. www.infosectrain.com | sales@infosectrain.com 06
Authentication and
authorization design concepts
04
In this lesson, we will learn Authentication Methods, Biometrics
concepts, Multi-Factor Authentication Factors, Authentication
Attributes, we also cover AAA (Authentication, Authorization, and
Accounting) and Cloud versus On-premises Requirements. In
Authentication Methods, we cover Directory Services, Federation,
Attestation, Smart Card Authentication, Authentication
Technologies like- TOTP (Time-based One- time password), HOTP
(HMAC-based one-time password), Short message service (SMS),
Token key, Static codes, Authentication applications, Push
notifications, Phone call.
In Biometrics we learn how it works and about its various topics like
Fingerprint, Retina, Iris, Facial, Voice, Vein, Gait analysis, Efficacy
rates, False acceptance, False rejection, Crossover error rate. In the
Authentication Factor, we learn some authentication factors which
ensure that the account can only be used by the account user.
The factors are Something you know, Something you have,
Something you are. And in Authentication Attributes,
we cover Somewhere you are, Something you can
do, Something you exhibit, Someone you know.
8. www.infosectrain.com | sales@infosectrain.com 07
Implement cybersecurity
resilience
05
In this lesson, we learn how to secure the whole organization. The
topics we cover inside this are Redundancy, Replication, Backup
types, Non-persistence, High availability, Scalability, Restoration
order, Diversity. Let’s see what sub-topics we will learn, in
Redundancy we cover, Geographic dispersal, Disk, Redundant array
of inexpensive disks (RAID) levels, Multipath, Network, Load
balancers, Network interface card (NIC) teaming, Power,
Uninterruptible power supply (UPS), Generator, Dual supply,
Managed power distribution units (PDUs). Inside Replication, we
learn Storage area networks and VM. In Backup, we understand
types of backup like Full, Incremental, Snapshot, Differential, Tape,
Disk, Copy, Network-attached storage (NAS), Storage area network,
Cloud, Image, Online and offline, Offsite storage, Distance
considerations.
9. www.infosectrain.com | sales@infosectrain.com 08
Security implications of
embedded and specialized
systems
06
In this lesson, we learn Embedded systems, Specialized, Supervisory
control and data acquisition (SCADA)/industrial control system
(ICS), Supervisory control and data acquisition (SCADA)/industrial
control system (ICS), Communication considerations, Constraints,
Voice over IP (VoIP), Heating, ventilation, air conditioning (HVAC),
Drones, Multifunction printer (MFP), Real-time operating system
(RTOS), Surveillance systems, System on chip (SoC). In Embedded
Systems we cover Raspberry Pi, Field-programmable gate array
(FPGA), Arduino. In Specialized we cover Medical systems, Vehicles,
Aircraft, Smart meters. Inside the Internet of Things (IoT) we learn
about, Sensors, Smart devices, Wearables, Facility automation,
Weak defaults.
10. www.infosectrain.com | sales@infosectrain.com 09
Importance of physical
security controls
07
In this lesson, we will learn about the importance of physical
security. This part will clear your concepts on Bollards/barricades,
Access control vestibules, Badges, Alarms, Signage, Cameras, USB
data blocker, Lighting, Fencing, Fire suppression, Sensors, Drones,
Visitor logs, Faraday cages, Air gap, Screened subnet (previously
known as demilitarized zone), Protected cable distribution, Secure
data destruction. Inside Sensors, we cover Motion detection, Noise
detection, Proximity reader, Moisture detection, Cards, Temperature.
We also cover secure data destruction sub-topics like Burning,
Shredding, Pulping, Pulverizing, Degaussing, Third-party solutions.