CompTIA Security+ Study Notes
#1
@hizeena on Twitter shared some awesome study notes for the Security+ course/exam.
I'd check them out if you're interested in that content.

https://docs.google.com/document/d/1na4k...Jn7Zs/edit

Code:
Index
Network security
Network device configuration
Firewall
How firewalls enforce security policies
Router
Switch
Load balancer
Proxy
Web security gateways
VPN concentrators
Intrusion detection systems (IDS)
Intrusion detection models
Intrusion prevention system (IPS)
Protocol analyzers
Spam filter
Unified Threat Management (UTM) appliances
URL filtering
Web application firewall vs. network firewall
Application-aware devices
Next-generation firewalls
Application-aware IDS/IPS
Application-level proxy
Secure network administration
Rule-based management
Firewall rules
VLAN management
Secure router configuration
Access control lists (ACLs)
Port security
802.1x
Flood guards
Types
Loop protection
Implicit deny
Network separation
Secure network design
DMZ security zones
Subnet
CIDR notation
Determine CIDR from subnet mask
Determine # hosts from a subnet mask
Supernet
NAT
Remote access
Telephony
Network access control (NAC)
Virtualization
Cloud computing
Types
Protocols
IPSec
Simple network management protocol (SNMP)
Secure shell (SSH)
Domain name server (DNS)
Transport layer security (TLS)
Transmission control protocol (TCP/IP)
File transfer protocol (FTP)
Hypertext transfer protocol (HTTP)
Secure file copy (SCP)
IPv4 and IPv6
Fibre channel
Internet small computer system interface (iSCSI)
Telnet
NetBIOS
Secure wireless networking
Service set identifier (SSID)
Wired Equivalent Privacy (WEP)
Wi-fi protected access (WPA)
Wi-fi protected access 2 (WPA2)
Wi-fi protected setup (WPS)
Extensible authentication protocol (EAP)
Protected extensible authentication protocol (PEAP)
Lightweight extensible authentication protocol (LEAP)
CCMP
Wireless operations
MAC filter
Antenna placement
Power level controls
Antenna types
Captive portal
Compliance and operational security
Risk concepts
Risk
Risk management
Risk assessment
Asset
Mitigation
Control types
False positives and negatives
Security program
Privacy policy
Safe harbour
Information classification and handling
Data labeling, handling and disposal
Acceptable use policy (AUP)
Security policy
Qualitative risk assessment
Quantitative risk assessment
Risk calculation
Single loss expectancy (SLE)
Annualized loss expectancy (ALE)
Impact
Availability
Recovery time objective (RTO)
Recovery point objective (RPO)
Quantitative vs. qualitative risk
Vulnerabilities
Threat vectors
Cloud and virtualization risk management
System integration processes
Onboarding and offboarding business partners
Interoperability agreements
Risk management
Change management
Incident management
Routine audits
Data loss or theft
Business continuity concepts
Continuity of operations
Disaster recovery planning
High availability
Redundant array of independent disks (RAID)
Clustering and load balancing
Disaster recovery concepts
Backup plans and policies
Backup strategies
Backup processing facilities
Digital forensics and incident response
Forensic procedures
Evidence
Standards for evidence
3 rules regarding evidence
Handling evidence
Order of volatility
Chain of custody
Incident response procedures
Roles and activities
Data breach
Security awareness and training
Physical security and environmental controls
Fire suppression
Fire extinguishers
Fire detectors
EMI shielding
Hot and cold aisles
Environmental monitoring
Physical security
Video surveillance
Proximity readers
Other physical controls
Control types
Security controls
Threats and vulnerabilities
Malware and attack methods
Adware
Virus
Worm
Spyware
Trojan
Rootkit
Backdoors
Logic bomb
Botnet
Ransomware
Polymorphism
Armored virus
Man in the middle (MITM)
Denial of service (DoS)
Replay
Spoofing
Smurf attack
ARP poisoning
Client-side attacks
Other attacks
Social engineering
Techniques
Principles
Application and wireless attacks
Wireless attacks
Application attacks
Cross-site scripting (XSS)
Cross-site request forgery (XSRF)
Other attacks
Mitigation techniques
Monitoring system logs
System hardening
Password policy
Baseline configuration
Threat and vulnerability discovery
Tools
Assessments
Penetration testing
Application, data and host security
Application security controls
Application hardening
NoSQL databases vs. SQL databases
Mobile device security
Asset control
Bring your own device (BYOD)
Host-based security
OS hardening
Antivirus
Application updates
Host-based firewalls
Host-based intrusion detection
Advantages of HIDS
Disadvantages of HIDS
Modern HIDS
Hardware-based encryption
Securing alternative environments
Supervisory control and data acquisition (SCADA)
Embedded systems
Access control and identity management
Access control and authentication
Types of access control
Types of authentication
Types of factors
Remote access
Remote authentication dial-in user service (RADIUS)
Terminal access controller access control system+ (TACACS+)
Kerberos
Lightweight directory access protocol (LDAP)
Security assertion markup language (SAML)
Account management
Cryptography
Cryptographic concepts
Symmetric
Public key or asymmetric
Session key
Key exchange
Cryptographic methods
Block vs. stream
Elliptic curve cryptography (ECC)
Quantum cryptography
Hashing
Cryptographic objectives
Cryptographic applications
Public key infrastructure (PKI)
Trust and certificate verification
Certificate attributes
Private key protection
CA private key
Key recovery
Public certificate authorities
Trust models
Appendix
OSI model
Common ports
Helpful links
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  LAMP, LDAP, and PostFix, Ubuntu VM security and monitoring measures? QMark 4 2,282 04-26-2019, 12:25 AM
Last Post: Insider
  how to study for network+? QMark 1 2,594 03-14-2019, 02:38 PM
Last Post: MuddyBucket
  What are the best web hosting services for security? Enthusiasm 9 7,262 03-24-2017, 11:48 AM
Last Post: jackluter
  All Versions of Windows Hit By a Critical Security Vulnerability Nerdie 1 3,094 03-09-2016, 01:43 AM
Last Post: Vector