Security+: Given a Scenario, Troubleshoot Common Security Issues

Introduction

Domain 2.3 of the Security+ Sy0-501 exam is a new addition to this version of the certification that seeks to determine your understanding of basic security-related troubleshooting and fault-finding. The exam requires a certain level of real-world understanding on the part of the test candidate, so we will take a look at how you can best prepare yourself for this subdomain.

Unencrypted Credentials and Clear Text

The exam expects you to understand that clear text transmissions and unencrypted credentials as a means of authentication are no longer acceptable on modern networks and the internet. CompTIA tests your understanding in this regard and you can expect questions that touch on this, either directly or indirectly. This has real-world relevance as well, so your key takeaway from this is that you do not want to use unencrypted communications that transmit credentials.

In addition, candidates should know about secure methods of encryption such as VPN protocols like TLS, SSH and IPSec. Candidates are expected to know that some versions of FTP, Telnet, and unencrypted HTTP are useful for some troubleshooting exercises where packet sniffers can inspect traffic and determine what data is vulnerable.

Logs and Events Anomalies

The Sy0-501 tests your knowledge about log storage and what the best practices are, such as what data needs to be stored, as well as what to do in the event of your log storage system becoming affected or compromised. Outlining how to mitigate any potential information loss and external manipulation is important in these scenarios, so be sure to understand the concepts involved here. You should be familiar with logging services, log file permissions, and where to look for specific anomalies in the log files. Candidates should also be aware of solutions such as backup restorations, localized system repairs to centralized log, and (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/nLWFQX0NJ0Y/