CompTIA SecurityX+ Beta Notes

Chapter 1 Objective 1.1 Security Program Documentation Policies → Formalized statements that define the organization’s position on an particular issue, its guiding principles & its overall intentions Establish the organization’s stance and expectations. Ex. A data protection policy might state that all employees must encrypt sensitive data before transmitting it over the internet Ex. Security Policy, Privacy Policy Procedures → Detailed, step-by-step instructions on how to perform specific tasks or operations Provide specific directions for performing tasks....

Chapter 2 Objective 2.1 Firewall → A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Placement: Perimeter Firewall: Positioned at the network boundary to filter traffic between internal and external networks. Internal Firewall: Placed within the network to segment and protect different network segments. Configuration: Rule Setting: Define rules to allow or block traffic based on IP addresses, ports, and protocols....

Chapter 3 Objective 3.1 Subject Access Control Subject access control involves defining and managing the permissions and access rights for different entities (subjects) in an IT environment, such as users, processes, devices, and services. User Access Control → User access control manages the permissions and access rights of individual users based on their roles and responsibilities. Objective: Ensure users have appropriate access based on their roles. Approach: Use role-based access control (RBAC) and attribute-based access control (ABAC)....

Chapter 4 Objective 4.1 Security Information and Event Management (SIEM) NOTES Event Parsing → Event parsing is the process of interpreting and normalizing raw event data from various sources into a consistent format. Scenario: An organization receives logs from various devices (e.g., firewalls, routers, servers). Action: Use a SIEM tool to parse and normalize these logs into a standardized format for easier analysis. Event Duplication → Event duplication occurs when identical or similar events are recorded multiple times, leading to redundant data and potential alert fatigue....