Security+ Part 3
First step in getting certified
My Study Approach
Even though I have completed reading and studying the entire study guide book, I still feel overwhelmed by the abundance of information and concepts that I have not fully grasped. This is where preparation, research, and practice come into play. Topics like RAID and Kerberos are particularly challenging for me to comprehend, which is why it is crucial for me to have a solid understanding of these subjects before proceeding further.
I will now move to the second part of the study approach, doing the practice exam to understand what issues or topics Im having a hard time understanding. I will also go through the prepaway guide to help me revise. The free exam has 26 tests in general and 15 tests on different topics. For this party of my study approach Ill create a new post.
Resoruces
Mistakes
After studying the last half of Security+ below are my notes/mistakes:
- SSL Stripping Attack
- Active/Active designed to spread the traffic among active nodes while active/passive good for disaster recovery
- IPV6 does not include NAT because there are so many IP addresses available.
- Agent-based pre-admission has the greatest amount of information about a machine and the most control over what connects to the network and what can impact other systems.
- DNSSEC does not encrypt data but does rely on the digital signature
- Volatility Framework is a memory forensics toolkit that includes Memdump
- Timestamp is not included in the Forensic information but can help build a case that shows when an event occurs
- Firmware can be accessed through memory forensic techniques and a direct hardware interface instead of removing the chip or shutting down the device.
- Interview is the best starting point when a person performed the action that needs to be reviewed
- Data Controller is the one who determines the reason for processing personal information, and Data Steward is responsible for carrying out the intent of the data control. Data Custodians are responsible for the safekeeping of information. Data Processors service providers that process personal information on behalf of a data controller.