Contenu du cours
CompTIA Security+ SY0‑701
La certification CompTIA Security+ est une certification reconnue mondialement dans le domaine de la sécurité informatique. Elle est particulièrement adaptée aux professionnels débutants ou intermédiaires qui souhaitent établir des bases solides dans la cybersécurité.
0/10
Présentation : CompTIA Security+ SY0‑701
Fiche mémo
Modalités d’examens
Documents
Quiz Module 1: Attacks, Threats, and Vulnerabilities
00:10:00
Quiz - Module 2 : Architecture and Design
Quiz - Module 3 : Implementation
Quiz Module 4 – Facturation, Tarification et Support
Quiz – Module 5: Security Operations
Quiz – Module 6: Cryptography & PKI
CompTIA Security+ SY0‑701 – KIT GRATUIT

CompTIA Security+ SY0-701 Exam Study Sheet

This document provides a concise overview of key topics and concepts from the CompTIA Security+ SY0-701 exam objectives. Reviewing the complete list of acronyms from the “CompTIA+Security++701+Acronyms+List.pdf” is also highly encouraged as part of your comprehensive exam preparation program.

Section 1: Fundamental Security Concepts

  • Information Security Basics:
    • CIA Triad:
      • Confidentiality: Data is accessed only by authorized individuals, achieved via encryption, passwords, biometrics, 2FA.
      • Integrity: Data has not been tampered with or altered, ensured by hashing and checksums.
      • Availability: Data and resources are accessible when needed, achieved through network access, server, and data availability.
    • DAD Triad:
      • Disclosure: Unauthorized data access (e.g., trojans, brute force).
      • Alteration: Data compromise or tampering (e.g., malware, SQL injection).
      • Deniability: Data not available to those who need it (e.g., DoS, DDoS, ransomware).
    • Non-repudiation: A subject cannot deny an action like creating or sending a resource.
  • NIST Cybersecurity Framework:
    • Identify: Evaluate risks, threats, vulnerabilities; recommend controls.
    • Protect: Implement security throughout hardware/software lifecycle.
    • Detect: Monitor controls for effectiveness against new threats.
    • Respond: Identify, analyze, contain, eradicate threats.
    • Recover: Implement resilience to restore systems/data.
  • Gap Analysis: Process to identify deviations from required/recommended security frameworks, often involving third‑party consultants.
  • Control Objectives:
    • Defense‑in‑Depth: Multiple overlapping layers of diverse controls.
    • Security Control Baselines: Minimum standards for an environment.
    • Fine‑Tuning Controls:
      • Scoping: Eliminating inapplicable baseline recommendations.
      • Tailoring: Customizing baselines to align with objectives.
      • Compensating: Substituting a recommended control with a similar one.
      • Supplementing: Adding to baseline recommendations.
  • Security Control Categories:
    • Technical (Logical): System‑implemented (e.g., firewalls, anti-malware, OS access control).
    • Operational: People‑implemented (e.g., security guards, training programs).
    • Managerial: Oversight (e.g., risk identification tools, security policies).
  • Security Control Functional Types:
    • Preventive: Reduce likelihood of attack (e.g., ACLs, anti-malware).
    • Detective: Identify/record intrusion attempts (e.g., logs, audits).
    • Corrective: Reduce impact of intrusion (e.g., backups, patch management).
    • Physical: Deter physical access (e.g., alarms, cameras, guards).
    • Deterrent: Discourage attackers psychologically (e.g., warning signs).
    • Compensating: Substitute for a principal control, offering similar protection.
  • Security Roles & Responsibilities:
    • Security Policy: Formal statement defining security implementation.
    • SOC (Security Operations Center): Facility where security professionals monitor and protect assets.
    • DevSecOps: Integrates security into every stage of software development (“shift left”).
    • CIRT/CSIRT/CERT: Single point of contact for security incidents.

Section 2: Threat Actors and Threat Vectors

  • Key Definitions:
    • Vulnerability: A weakness that can be exploited.
    • Threat: Potential for harm.
    • Risk: Probability of an event occurring and its impact.
    • Attack Vector: Path or tool used by a malicious threat actor.
  • Attributes of Threat Actors:
    • Location: Internal (insider) vs. External.
    • Intent/Motivation: What they hope to achieve vs. why (greed, curiosity, grievance).
    • Structure: Structured (targeted) vs. Unstructured (opportunistic).
    • Sophistication/Capability: Technical abilities and resources.
  • Types of Threat Actors:
    • Script Kiddie: Uses tools without deep understanding.
    • Black Hat: Malicious hackers for financial gain.
    • White Hat: Authorized penetration testers.
    • Gray Hat: Mix of black‑ and white‑hat tactics.
    • Hacktivist: Hacking for social/political causes.
    • State Actors & APT: Nation‑state sponsored, prolonged campaigns.
    • Criminal Syndicates: Organized crime groups.
    • Insider Threats: Disgruntled or negligent employees, spies, shadow IT.
  • Attack Surface: All exploitable entry points; minimization via restricted endpoints, protocols, services.
  • Attack Vectors:
    • Direct Access (e.g., unlocked workstation, stolen device).
    • Wired Network (unauthorized port access).
    • Wireless Network (stolen credentials, protocol exploits).
    • Cloud Access (compromised accounts or CSP vulnerabilities).
    • Bluetooth (misconfigurations).
    • Default Credentials.
    • Open Service Ports (TCP/UDP).
    • Removable Media (USB drop attacks).
    • Executable Files (Trojans).
    • Document/Image Files with embedded malware.
    • Email Phishing.
    • SMS (Smishing).
    • Instant Messaging exploits.
    • Web/Social Media malware.
    • Zero-click exploits.
  • Social Engineering:
    • Phishing, Spear Phishing, Angler Phishing, Whaling.
    • Vishing (voice), Smishing (SMS).
    • Hoaxes, Baiting (infected media).
    • Tailgating, Shoulder Surfing, Dumpster Diving.
    • Credential Harvesting, Pharming, Watering Hole, Typo Squatting.
    • Influence Campaigns.
  • Third‑Party Risks:
    • Vendor Management.
    • Data Access and Compliance Monitoring.

Section 3: Cryptographic Solutions

  • Cryptography Fundamentals:
    • Plaintext vs. Ciphertext.
    • Cipher algorithms and Cryptanalysis.
  • Types of Algorithms:
    • Hashing: SHA‑256, MD5, collisions, birthday attacks.
    • Symmetric: Stream ciphers (IV), Block ciphers.
    • Asymmetric (PKC): RSA key pairs.
  • Digital Signatures: Hashing + public key for authenticity and integrity.
  • PKI & Certificates:
    • Certificate Authorities (CA) and trust models (single, hierarchical).
    • CSR, Common Name (CN), SAN, wildcard domains.
    • Certificate types: DV, EV, code signing, self‑signed.
  • Cipher Suites: Combinations of key exchange, encryption, hashing.
  • Advanced Techniques: Salting, key stretching (PBKDF2), homomorphic encryption, blockchain, steganography.
  • Key & Certificate Management: Lifecycle: issuance, renewal, revocation, suspension.

Section 4: Identity and Access Management (IAM)

  • Phases: Identify, Authenticate, Authorize, Audit.
  • Factors: Know (password), Have (token), Are (biometric), plus adaptive attributes.
  • MFA: 2FA, 3FA combinations.
  • Biometrics: Enrollment, FRR, FAR, CER, modalities (fingerprint, facial, iris, voice, gait).
  • Access Controls: DAC, RBAC, MAC, ABAC, rule‑based.
  • Directory Services & Federation: LDAP, SSO, OAuth, OpenID Connect.
  • PAM & JIT/ZSP: Just‑in‑Time privileges, secure admin workstations.
  • Local/Network/Remote Auth: Windows (Kerberos/NTLM), Linux (PAM), VPN, SSH.

Section 5: Secure Enterprise Network Architecture

  • Devices: Switches, Routers, Firewalls, Load Balancers, WAPs, DNS servers.
  • Segmentation & Zones: VLANs, DMZs, intranet/extranet/guest.
  • Control Deployment: Inline vs. monitor mode, active vs. passive, fail‑open/closed.
  • Protocol Security: HTTPS, SIPS, SRTP, NTS, SFTP, FTPS, LDAPS, SSH, DNSSEC.
  • Routing/Switching Security: DHCP snooping, MAC filtering, NAC, route validation.
  • Firewalls & Proxies: Packet‑filtering, stateful, NGFW, UTM, reverse/forward proxies.
  • Remote Access: VPN (IPSec, OpenVPN, SSTP), split/full tunnel, OOB management, SSH.

Section 6: Secure Cloud Network Architecture

  • Deployment Models: Public, Private, Hosted Private, Community.
  • Service Models: IaaS, PaaS, SaaS, FaaS, SECaaS.
  • Shared Responsibility: Divided between CSP and customer.
  • Cloud Security: VPCs, CASB, cloud firewalls, HA, replication (hot/cold, GRS).
  • IaC: Idempotence, immutable infrastructure.
  • Zero Trust: Continuous verification, microsegmentation (NIST SP800-207).
  • Edge/Fog Computing: Processing closer to IoT devices.
  • Operational Technology: ICS/SCADA, IoT, SoC, FPGA constraints.

Section 7: Resiliency and Site Security Concepts

  • Backups: RPO, full/incremental/differential, snapshots, 3‑2‑1 rule, media types.
  • HA & Fault Tolerance: MTD, scalability, RAID levels, geographic replication.
  • Active Defense: Honeypots, honeynets, honeyfiles, DNS sinkholes.
  • Physical Security: Fencing, lighting, locks, biometrics, CCTV, PDS, Faraday cages, fire suppression, degaussing.
  • Site Resiliency: Hot/warm/cold sites, master images, non‑persistence.

Section 8: Vulnerability Management

  • Discovery: Zero‑day, bug bounty, responsible/ethical/full disclosure.
  • CVE & CVSS: Global catalog, severity scoring.
  • Software Flaws: Buffer overflows, race conditions, DLL injection, PtH.
  • Mobile Risks: Jailbreaking/rooting, sideloading, excessive permissions.
  • Threat Intelligence: OSINT, STIX/TAXII, AIS, threat feeds.
  • Remediation: Scanning (DAST), assessment, pen testing, patch management.

Section 9: Network Security Capabilities

  • Frameworks & Benchmarks: CIS, STIGs, OWASP Top 10.
  • Hardening: Disable defaults, minimal services, secure management.
  • Wi‑Fi Auth: Open, PSK, SAE, WPS, 802.1X (EAP types).
  • Wireless Attacks: Rogue APs, evil twins, jamming, replay, disassociation.
  • NAC: Agent/agentless compliance checks, dynamic VLANs.
  • Monitoring: NIDS, NIPS, NGFW, UTM.
  • Filtering: URL/content filters, SWG, WAF, DLP integration.

Section 10: Endpoint Security Capabilities

  • Endpoint Protection: AV/EPP, HIDS/HIPS, FIM, sandboxing.
  • Segmentation: VLANs, microsegmentation, virtual isolation.
  • Mobile Management: MDM/EMM/MAM, BYOD/COPE/COBO/CYOD.
  • Secure Connections: Remote wipe, encryption, geofencing, containerization.
  • PANs & Tethering: Bluetooth pairing, hotspots, IR, RFID risks.

Section 11: Application Security Capabilities

  • DNS Security: DNSSEC, secure zone transfers.
  • Directory Services: LDAP, LDAPS, SASL binding.
  • Time Sync: NTP, NTS.
  • SNMP Security: Versions, traps, MIBs.
  • Secure Protocols: HTTPS/TLS, FTPS/SFTP, SMTPS/IMAPS/POPS, DMARC/DKIM/SPF.
  • Secure Coding: Input validation, output encoding, CSP, HSTS, error handling.
  • Code Analysis: Static, dynamic, fuzzing, stress testing.

Section 12: Incident Response and Monitoring Concepts

  • IR Lifecycle: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
  • Playbooks & Plans: SOPs, CIRT composition.
  • Frameworks: Cyber Kill Chain, MITRE ATT&CK, Diamond Model.
  • Detection: SIEM, syslog, journald, correlation, trend analysis.
  • Forensics: Chain of Custody, live/static acquisition, volatility order, reporting.
  • Response Tools: TIP, UEBA, SOAR, packet capture.

Section 13: Analyze Indicators of Malicious Activity

  • Malware Classes: Virus, Worm, Trojan, PUP, spyware, backdoor, RAT, botnet, rootkit, ransomware, logic bomb, fileless.
  • IOC/IOA: Signs of compromise vs. attack in progress.
  • Attacks: Password (brute‑force, rainbow tables), injection (SQL, LDAP, XML), CSRF, clickjacking, SSL strip, SSRF.
  • Privilege Escalation: Vertical vs. horizontal.
  • Error & Input Handling: Secure error messages, canonicalization.
  • API & URL Analysis: HTTP methods, percent encoding, API vulnerabilities.

Section 14: Security Governance Concepts

  • Regulations & Standards: SOX, FISMA, GDPR, GLBA, HIPAA, ISO 27000 series, ISO 31000, CSA, SSAE18/SOC 2/3.
  • Governance Structure: Board, execs, CISO, committees, roles.
  • Documents: Policies, standards, baselines, guidelines, procedures, plans, AUP, NDA.
  • Change & Config Management: Types of changes, RFCs, baseline configs, IaC, idempotence.
  • Automation & Orchestration: Scripting, workflows, adversarial uses.

Section 15: Risk Management

  • Process: Identify assets/vulnerabilities, evaluate safeguards, accept/mitigate risks.
  • ERM: Holistic financial, legal, operational risk.
  • Risk Responses: Mitigation, avoidance, transference, acceptance; appetite, residual risk, register.
  • BIA & Metrics: RTO, RPO, MTD, WRT, MTTF, MTBF, MTTR.
  • Disaster Recovery: DRP, exercise types (tabletop, functional, full‑scale).
  • Third‑Party Management: SLAs, MOUs, BPAs, NDAs, root of trust, EOL/EOSL.
  • Audit & Assurance: Audit types, sampling, life cycle management, data roles, classification, sovereignty, breach notification.
  • DLP & PETs: Data minimization, tokenization, masking, compliance monitoring.
  • ETA & Personnel Policies: Training methods, clean desk, BYOD policies.
Précédent
Suivant
Retour en haut