WIXLIB

Security 401 Course IntroductionTable of ContentsCompTIA Security (SY0-401) Introduction . 2Notices . 3Security SY0-401 Course Objectives . 4Gap Area . 7A Security Certified Professional. 8About the Security SY0-401 Exam -1 . 10About the Security Sy0-401 Exam -2 . 12Get the most from this course . 13Page 1 of 15

CompTIA Security (SY0-401) IntroductionCompTIA Security (SY0-401)Introduction 2014 Carnegie Mellon University**001 Instructor: Hi, I'mDean Bushmiller, and we're going totalk about Security version 4. ThisPage 2 of 15

NoticesNotices 2014 Carnegie Mellon UniversityThis material is distributed by the Software Engineering Institute (SEI) only to course attendees for theirown individual study.Except for the U.S. government purposes described below, this material SHALL NOT be reproduced orused in any other manner without requesting formal permission from the Software Engineering Institute atpermission@sei.cmu.edu.This material was created in the performance of Federal Government Contract Number FA8721-05-C-0003with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally fundedresearch and development center. The U.S. government's rights to use, modify, reproduce, release,perform, display, or disclose this material are restricted by the Rights in Technical Data-NoncommercialItems clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained in the above identifiedcontract. Any reproduction of this material or portions thereof marked with this legend must also reproducethe disclaimers contained on this slide.Although the rights granted by contract do not require course attendance to use this material for U.S.government purposes, the SEI recommends attendance to ensure proper understanding.THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY ANDALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OFFITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL,MERCHANTABILITY, AND/OR NON-INFRINGEMENT).CERT is a registered mark owned by Carnegie Mellon University.2**002 is an introduction to the course.Page 3 of 15

Security SY0-401 Course ObjectivesSecurity SY0-401 Course ObjectivesIntent Provide a review of the Security “Domains”. Supplement preparation for the Security certification exam.Security Domains (and percentage of questions on exam) Network SecurityCompliance and Operational SecurityThreats and VulnerabilitiesApplication, Data, and Host SecurityAccess Control and Identity ManagementCryptography20%18%20%15%15%12%4**004 What you want to be able todo is to understand these six majorsections of the technology andsecurity in a way that you're notconfused when you get to the exam.Now, one of the nice things is youmay have taken a Networking course, so you have some of thatbasic background information. If youdon't have the Network , a lot oftimes you're going to come upontopics where I'm going to assumethat knowledge is there. The nicething is, is you can pause, take aminute, and say, "Okay, I need tolook up this. I need to understandPage 4 of 15

this protocol. I need to know howthis service works."I'm going to focus in primarily on thesecurity aspects of each one of theseprotocols when we talk aboutnetwork security. When we talkabout compliance and operationssecurity, I'm going to talk about howto actually achieve compliance,maybe even audit and be preparedfor auditing concepts and beprepared in your job for that.I really like to play the game that Icall Threats and Controls, which herewe're going to talk about threats andvulnerabilities. Those threats andvulnerabilities to your organization-how do you deal with them? How doyou put controls in place that makethe organization secure, or how doyou recognize that these particularthreats and vulnerabilities are presentwithin your organization? And thenwe'll dig into the application data andthe host security-- how do weactually protect and defend the host-whether that's locally on the box withantivirus, or whether that's through anetwork standpoint when we dointrusion detection or intrusionprevention.Then we'll talk about one of myfavorite topics. If I had to pick onething that I could clearly say that I'man expert in, it would be accesscontrol and identity management.And then finally, something near anddear to my heart is cryptography,and we're going to talk aboutPage 5 of 15

cryptography and we're going to talkabout the code talkers and theEnigma machine, and then how doyou apply cryptography in yourenvironment.Now, notice the percentages here.One of the things that I worry aboutfor people who are coming into thisclass is that they focus on networksecurity, they focus on threats andvulnerabilities, and they ignorecryptography, and then when theyget to the cryptography section, theytotally bomb that section. And youprobably could bomb one section andstill pass the exam, but you need tohave a balanced understanding ofsecurity in order to get past the testand actually make it out there in thereal world.Page 6 of 15

Gap AreaGap AreaYou should consider and use other sources in preparation forthe Security exam!Scope of the Security DomainsThe knowledge gapother sources can fillScope of the this review courseScope of the exam5**005 Now, whenwe look at the scope of this courseand we look at the scope of theexam, there is going to be a gapthere, and you've got to fill that gapup with your knowledge. If you'renew to this, if you've never been insecurity before and you say, "Well,I've got plenty of years of networkingexperience, but I don't have anysecurity experience," then what I'mgoing to say to you is: Go out andpractice and play.But remember, you don't have toknow everything in the exam, butyou have to know enough of theconcepts and have them veryPage 7 of 15

ingrained in what you do. Becauseas soon as you're finished the test,well then, the test is over with;you've got the Security certification.That may have fulfilled some sort ofrequirement in order for you to keepyour job, but now it's time for you tobe opened up to all of the securitythat's out there.A Security Certified ProfessionalA Security Certified ProfessionalSecurity certification This is an introductory security certification. A first (or second) step in your security certification path— After Network Security Certified Professionals Participate in risk identification and mitigation Provide security in infrastructure, application, information, andoperational contexts Apply security controls to maintain confidentiality, integrity, andavailability Informed of policies, laws, and regulationsThis is a technical certification 2 years of day-to-day technical security experience6**006 As a Security certifiedprofessional, remember, this is anintroduction to security. So thisshould spark your interest in a wholebunch of different areas. Youshould-- when you're a professional,after this-- you should participate inPage 8 of 15

risk identification and risk mitigation.Maybe you do risk assessments foryour organization. Even in your littletiny scope that you have, I think thatyou can become more as far assecurity is concerned.You're going to apply securitycontrols that protect theconfidentiality, the integrity, theavailability and the nonrepudiation ofyour organization. And you need toknow about the regulations and thelaws. I don't think you have to knowabout all the regulations and thelaws; I think you have to look at theones that are relevant to yourorganization and to the jurisdictionthat you're in.Now, when you go to take this test.Either you know it or youdon't know it. Now the answers maybe long and complex and require youto go through a line of logic toactually get the answer, but there'salways one right answer, and it's thetechnical answer.Page 9 of 15

About the Security SY0-401 Exam -1About the Security SY0-401 Exam -190 Minutes90 Questions Multiple choice Performance-based— Near the beginning of the test— Simulated environment— Perform a task or solve a problem— Watch your time, part of the 90 minutes— Can be saved and returned to laterSome questions are being “tested”, and not graded.Must score 750 out of 9007**007 Now let's talk about theexam. It's 90 minutes long and it's90 questions. It's multiple choice.Now, what's really nice is you can goonline and you can do practice teststhat show you how all of the buttonswork within the interface before yougo there. I strongly urge you to takethe time to go to CompTIA, let themdo the practice demo test-- theyactually have a practice demo testthat you can work through-- so thatyou know how each one of thequizzing interfaces actually workswhen you go to sit down and plunkdown your money.Page 10 of 15

Now, 90 minutes, 90 questions.Multi-part questions count the same.Ninety minutes, 90 questions-- thepotential is there to run out of time.So you really have to focus onwatching your time as you're goingalong. The nice thing is, it's acomputer-based test. You can lookat exactly how much time you have.That means that you have to have allthis knowledge at your fingertips.Now, there are some seed questionsthat are dropped into the exam thatdon't count, but you don't knowwhich ones those are, so you have toact as if every single one of these isthe last question that could make thedifference between passing andfailing.Your score has to be 750 out of 900.That's a little bit more than 80percent, is about the number thatyou have to come down to. So oneout of every five questions you canget wrong, but you don't know whichones, so shoot for the moon.Page 11 of 15

About the Security Sy0-401 Exam -2About the Security Sy0-401 Exam -2The Security Exam Objectives Key areas of knowledge— It will NOT help you pass the exam— BUT – it can help you focus Acronym certifications/security.aspx8**008 Now, when you talk aboutthe exam objectives, you want to goto CompTIA and look on their site,and the URL is listed down at thebottom here. Take the time to goread those knowledge areas andunderstand what's going on, and beable to check off that list and say,"Yes, I can do these objectives. Yes,I can do these activities." Now, someof those are going to be reallycomplex activities. Setting up apublic key interface, actuallyinstalling the software for a Linux boxor a Microsoft box-- and you can getboth of those operating systemsfreely available-- and actuallyimplementing PKI and actuallyPage 12 of 15

running through the whole certificateprocess-- that could take hours.Get the most from this courseGet the most from this courseConfidentiality, Integrity , Non-repudation, AvailabilityHow can you promote each?What are the threats to each asset?What are the vulnerabilities?What are the controls?9**009 Now, I want you to get themost from this course, and here's mylast piece of advice, and you need toget ready for this piece of advice,because this is not an easy thing todo. It's an easy thing to say, not aneasy thing to do.For every single slide and everysingle thing that we talk about, everysingle slide that pops up, stop for asecond and ask yourself, "Okay,based on the concepts ofconfidentiality and integrity"-- thosePage 13 of 15