This blog is here to help those preparing for CompTIA exams. This is designed to help the exam candidate to understand the concepts, rather than trust a brain dump. CHECK OUT THE BLOG INDEXES!!!
CompTIA Security+ Exam Notes
Let Us Help You Pass
Thursday, August 8, 2024
Tuesday, July 30, 2024
Safeguarding Web Traffic: The Role of Secure Web Gateways
URL Filter & Content Filter
SWG stands for "Secure Web Gateway," which is a network security solution that acts as a checkpoint between users and the internet, filtering web traffic to protect organizations from malicious websites, malware, and other online threats by enforcing company policies and blocking access to inappropriate content, essentially safeguarding users from accessing unsafe internet traffic while ensuring compliance with regulations; it does this by inspecting web requests, utilizing features like URL filtering, application control, data loss prevention, and antivirus scanning.
Key points about SWG:
- Function: An SWG analyzes incoming web traffic, identifying and blocking malicious websites, malware, phishing attempts, and other harmful content based on preset security policies.
Features:
- URL filtering: Blocks access to specific websites based on their category (e.g., adult content, gambling, social media).
- Application control: Restricts access to specific applications or protocols (e.g., limiting streaming services during work hours).
- Anti-malware scanning: Scans web traffic for malware before it reaches the user's device.
- HTTPS inspection: Decrypts and inspects encrypted traffic to identify threats within secure connections.
- Data loss prevention (DLP): Monitors web traffic for sensitive data leaks
Benefits:
- Enhanced security: Protects users from accessing malicious websites and downloading malware.
- Compliance enforcement: Helps organizations adhere to data privacy and security regulations
- Improved user productivity: Prevents distractions by restricting access to non-work-related websites
Deployment options:
- On-premise: A physical appliance installed within the organization's network
- Cloud-based: A service delivered through a cloud provider, allowing access from anywhere
This is covered in CompTIA Network+ and Security+.
Monday, July 29, 2024
Certificate Validation: Notes for the Security+ exam
Checking the Validity of Certificates
On this exam, there are only 2 ways to check the validity of a certificate:
- CRL (Certificate Signing Request)
- OCSP (Online Certificate Status Protocol)
CRL
- You can use OCSP in case/instead.
- You have to download it from the CA (Certificate Authority), which is recommended twice daily.
OCSP
- Real-time
- Good, revoked, or unknown
- Public CA
- Internet CA
- You can use a CRL in case/instead
If there is too much traffic to intermediate CA, then use stapling.
Answer for CRL in the question:
- OCSP
Answers for OCSP in the question:
- CRL
- Stapling
Reasons for revoking a certificate:
Employee leaves the organization
A system is decommissioned
A certificate is superseded
The private key is compromised
The certificate was issued fraudulently
Certificates that have expired do not need to be revoked.
Digital Signature: Exam notes CompTIA Security+
Digital Signature
Listed below are the items you need to know for the exam:
Digital signatures provide:
- Non-repudiation
- Authentication
- Integrity
Creating the digital signature is a 2 step process:
- First, hash the email/message
- Second, the private key digitally signs (encrypts) the hash
The digital signature is created with the "sender's" keys.
The digital signature is an encrypted wrapper for the sender's public key.
The recipient's system extracts the public key and decrypts the digital signature to validate the sender.
RSA and DSA (Digital Signature Algorithm) are used to create digital signatures.
Thursday, July 18, 2024
Windows God Mode
God Mode
Here is a great management tool built into Windows. Just right-click on your desktop to create a new Folder. Name it (with brackets):
God Mode. {ED7BA470-8E54-465E-825C-99712043E01C}.
All of your Windows management tools will now be located in one app.
CompTIA CySA+ (Cs0-003) Questions
CompTIA CySA+ (CS0-003)
We will try to add questions as time permits. If this tends to be popular, we will add questions for Security+, the SY0-701 version.
Subscribe to:
Posts (Atom)