CompTIA^® Security+ Exam Notes : Purpose For Frameworks,and Secure Configuration Guides

3. Architecture and Design

3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides

Web Server:

All web applications such as Web servers, News servers, email servers etc. need to be configured as secure as possible. This can be achieved by

• Removing all unnecessary services. These are the services that are installed but not used. For example, you might have installed TFTP, but not using it. It is better to remove the application or service that is not used as it may provide an opportunity to a hacker to abuse the resource.
• Remove all unnecessary protocols: These are the protocols that are installed but not used. For example, you might have installed Novell Netware protocol but not necessary. It is preferable to remove that protocol.

Enable server and application logs: The logs provide an opportunity to look into the activity on the server over the past few hours or days. Check for any unusual activity such as failed login attempts etc.

Example: You are administering a web server that is hosting an e-commerce web site for your company. The manufacturer of the web server has released a new patch that plugs some critical security loopholes. What needs to be done?

Solution: It is wise to implement software updates on a web server located in the lab, and then implement the same on production web server. It is also important to take a backup of the web server before implementing any software updates. In the event that anything goes wrong during the update, you can always restore the systems back to its previous state using the backup.

• 1. Threats, Attacks and Vulnerabilities
  • 1.1 Given a scenario, analyze and determine the type of malware
  • 1.2 Compare and contrast types of attacks
  • 1.3 Explain threat actor types and attributes
  • 1.4 Explain penetration testing concepts
  • 1.5 Explain vulnerability scanning concepts
  • 1.6 Explain the impact associated with types of vulnerabilities
• 2. Technologies and Tools
  • 2.1 Install and configure network components, both hardware and software-based, to support organizational security
  • 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization
  • 2.3 Given a scenario, troubleshoot common security issues
  • 2.4 Given a scenario, analyze and interpret output from security technologies
  • 2.5 Given a scenario, deploy mobile devices securely
  • 2.6 Given a scenario, implement secure protocols
• 3. Architecture and Design
  • 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides
  • 3.2 Given a scenario, implement secure network architecture concepts
  • 3.3 Given a scenario, implement secure systems design
  • 3.4 Summarize secure application development and deployment concepts
  • 3.5 Summarize cloud and virtualization concepts
  • 3.6 Explain how resiliency and automation strategies reduce risk
  • 3.7 Explain the importance of physical security controls
• 4. Identity and Access Management
  • 4.1 Compare and contrast identity and access management concepts
  • 4.2 Given a scenario, install and configure identity and access services
  • 4.3 Given a scenario, implement identity and access management controls
  • 4.4 Given a scenario, differentiate common account management practices
• 5. Risk Management
  • 5.1 Explain the importance of policies, plans and procedures related to organizational security
  • 5.2 Summarize business impact analysis concepts
  • 5.3 Explain risk management processes and concepts
  • 5.4 Explain disaster recovery and continuity of operations concepts
  • 5.5 Compare and contrast various types of controls
• 6. Cryptography and PKI
  • 6.1 Compare and contrast basic concepts of cryptography
  • 6.2 Explain cryptography algorithms and their basic characteristics
  • 6.3 Given a scenario, install and configure wireless security settings
  • 6.4 Given a scenario, implement public key infrastructure