HVAC Checks.com

CompTIA Security+ (SY0-701) Master Study Tool

Full Objective Coverage • Flashcards • 100-Question Exam Simulator

Study Guide
Flashcards
Quiz & Exam

Security+ Core – Security Fundamentals

Core Concepts +

CIA Triad – Confidentiality, Integrity, Availability
AAA – Authentication, Authorization, Accounting
Non-repudiation & Authenticity
Least Privilege & Zero Trust
Defense in Depth & Layered Security
Security Controls: Administrative, Technical, Physical
Risk Management: Identification, Analysis, Mitigation

Threats & Vulnerabilities +

Malware Types – Virus, Worm, Trojan, Ransomware, Rootkit
Social Engineering – Phishing, Vishing, Smishing, Tailgating
Application Attacks – SQL Injection, XSS, CSRF, Command Injection
Network Attacks – MITM, DDoS, ARP Spoofing, DNS Poisoning
Vulnerabilities – Unpatched Software, Misconfigurations, Weak Passwords
Mitigations – MFA, Firewalls, IDS/IPS, Network Segmentation

Identity & Access Management +

Authentication Methods – Passwords, Tokens, Biometric
Multi-Factor Authentication (MFA)
Single Sign-On (SSO) & Identity Federation (SAML, OAuth)
Access Control Models – RBAC, ABAC, DAC, MAC
Privilege Creep & Account Lifecycle Management

Security+ Core – Architecture & Design

Network & Security Architecture +

Firewalls – Packet Filtering, Stateful, Next-Gen
Virtual Private Networks (IPSec, SSL/TLS)
Demilitarized Zones (DMZ) & Segmentation
VPN Split Tunneling
Wireless Security – WPA2/WPA3, Rogue AP Detection
Cloud Security – IaaS, PaaS, SaaS Responsibilities

Cryptography & PKI +

Symmetric Encryption – AES, DES
Asymmetric Encryption – RSA, ECC
Hashing – SHA, HMAC
Digital Signatures & Certificates
Public Key Infrastructure (PKI) Concepts
Key Management, Escrow, and Storing Keys Securely

Security+ Core – Operations & Response

Security Operations +

Incident Response Lifecycle – Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned
SIEM & SOAR Tools Overview
Backup Types – Full, Incremental, Differential
Recovery Objectives – RTO & RPO
Forensics & Chain of Custody
Hardening & Patch Management

Monitoring & Threat Detection +

Vulnerability Scanning & Penetration Testing
Credentialed vs Non-Credentialed Scans
Red, Blue, Purple Teams
Honeypots & Honeynets
Alerting, Logging & Event Correlation

Security+ Core – Governance & Compliance

Risk Management & Policy +

Risk Formula: ALE = SLE × ARO
Risk Strategies: Avoidance, Mitigation, Transference, Acceptance
Compliance Frameworks – NIST, ISO 27001, SOC 2, GDPR
Security Policies & Awareness Training
Vendor Risk & Third-Party Management
Data Privacy & Regulations