Priprema za ispit iz sigurnosti

Aug 27, 2024

Security Plus Exam Preparation

Key Study Tips

  • Emphasize practicing with scenario-based questions.
  • Aim for at least 80% on practice questions to gauge readiness.
  • Be aware that practice questions may not cover all exam objectives.
  • Download and familiarize yourself with the exam objectives from official sources.

Exam Content Overview

  • Types of Questions: Expect scenario-based questions.
  • Exam Objectives: Diversified; ensure comprehensive understanding.
  • Practice Material: Access additional resources like courses and extended question sets.

Sample Practice Questions Overview

Physical Security

  • Scenario: Data center server racks accessible to all employees.
  • Solution: Install locks on server racks (physical control).

Technical Control

  • Scenario: Unusual outgoing traffic suggesting data exfiltration.
  • Solution: Install a firewall for traffic control.

Deterrent Controls

  • Scenario: Prevent tailgating in secure areas.
  • Solution: Install surveillance cameras.

System Access

  • Scenario: Accessing unavailable smartphone features.
  • Solution: Jailbreaking.

CIA Triad

  • Scenario: Ensuring data confidentiality and integrity.
  • Solution: Encrypt stored data.

Discrepancy Analysis

  • Scenario: Aligning current security posture with desired state.
  • Solution: Conduct a gap analysis.

Physical Security Measures

  • Scenario: Prevent vehicle-based threats.
  • Solution: Erect bollards to block vehicles.

Project Approval

  • Scenario: Implementing new firewall systems.
  • Solution: Obtain formal approval from management.

Team Roles

  • Security Teams:
    • Blue Team: Defense.
    • Red Team: Offensive testing.
    • Purple Team: Combine both roles.

Evidence Handling

  • Correct Handling: Ensure chain of custody for evidence integrity.

Key Exchange

  • Secure Method: Use Diffie-Hellman for symmetric key exchange.

Password Storage

  • Best Practice: Use hashing to protect passwords.

Certificate Management

  • Revocation Lists: Utilize CRLs for compromised certificates.

Insider Threats

  • Identification: Recognize employee-based threats as insider threats.

Cyber Attacks

  • Example: Watering hole attacks target groups via deceptive websites.

Device Security

  • Quick Action: Patch vulnerable IoT devices promptly.

Social Engineering

  • Technique: Vishing involves phone calls to solicit information fraudulently.

File Metadata

  • Usage: Check metadata for file creator and creation date.

Virtualization Risks

  • Threat: VM escape allows control of host from VM.

Software Policies

  • Strategy: Implement application allow lists to prevent unauthorized installations.

Malware Types

  • Example: Worms replicate and spread across networks.

Log Management

  • Issue: Investigate missing logs for potential security incidents.

Network Security

  • Technique: Use host-based firewalls for server protection.

Hosting Models

  • On-Premises: Host data within physical facilities.

Industrial Control Systems

  • Monitoring: Use IDS for threat detection.

Changes Monitoring

  • System: File integrity monitoring for tracking modifications.

Remote Access

  • Security: Use VPNs for secure remote desktop access.

High Availability

  • Solution: Load balancing during peak times.

Device Authorization

  • Measure: Use NAC to control switch port access.

Code Review

  • Technique: Employ static code analysis for vulnerabilities.

Software Licensing

  • Action: Renew expired software licenses.

Project Documentation

  • Time Estimation: Outlined in the Statement of Work.

Real-Time Alerts

  • Tool: Utilize SIEM systems for security alerts.

Facility Access Control

  • Methods: Use badge systems and access control vestibules.

Privilege Management

  • Concept: Implement just-in-time permissions.

Automation Benefits

  • Primary Benefit: Cost reduction.

Application Logs

  • Purpose: Track user actions and errors.

Risk Documentation

  • Register: Maintain a risk register for recording risks.

RFID Security

  • Threat: Cloning attacks on RFID tags.

Network Traffic Attacks

  • Type: On-path (formerly man-in-the-middle) attacks.

Mobile Device Management

  • Security Objective: Endpoint security for employee devices.

Information Gathering

  • Type: Passive reconnaissance for external data.

Multi-factor Authentication

  • Implementation: Enhances user authentication.

Traffic Analysis

  • Action: Conduct threat hunting for potential attacks.

Data Encryption

  • Purpose: Ensure confidentiality of data on lost devices.

Network Isolation

  • Technique: Implement air-gapping for secure segments.

Laptop Security

  • Strategy: Use disk encryption to protect data.

Code Authenticity

  • Method: Use code signing for authenticity verification.

Network Segmentation

  • Objective: Use VLANs for security segmentation.

Fire Safety

  • Setup: Security mechanisms should fail open for safety.

Conclusion

  • Utilize various resources and practice extensively.
  • Understand the theory behind security measures.
  • Familiarize yourself with acronyms and exam objectives.