SKILL BENCHMARK
CompTIA Security+ (SY0-701): Security Architecture Literacy (Beginner Level)
- 30m
- 30 questions
The Security Architecture Literacy (Beginner Level) benchmark measures your knowledge and skills in designing and implementing a secure IT infrastructure. You will be evaluated on your recognition of security architecture and design concepts, enterprise infrastructure security principles and capabilities, strategies for securing data, and mobile and wireless security. A learner who scores high on this benchmark demonstrates literacy in many areas related to architecture and infrastructure, principles of enterprise infrastructure security, strategies for data protection, and methods for securing computing resources.
Topics covered
- compare centralized to decentralized design
- compare firewall types, including access control lists (ACLs), unified threat management (UTM), next-generation firewall (NGFW), layer 4/layer 7, and web application firewall (WAF)
- compare mobile device solutions, including mobile device management (MDM), sandboxing, Bring Your Own Device (BYOD), corporate-owned, personally enabled (COPE), and Choose Your Own Device (CYOD) deployment models; and compare connection methods like cellular, Wi-Fi, and Bluetooth
- compare serverless technologies
- compare various network appliances, including jump servers, proxy servers, intrusions prevention systems (IPSs)/intrusion detection systems (IDSs), sensors, and load balancers
- define application security techniques like input validation, secure cookies, static code analysis, and code signing
- define industrial control systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems
- define Infrastructure as Code
- define port security, including IEEE 802.1X, and Extensible Authentication Protocol (EAP)
- define transport layer security
- describe a VPN
- describe containers and microservices
- describe IPsec for IPv4 and IPv6
- describe software-defined wide area networks (SD-WANs) and secure access service edge (SASE)
- describe virtualization
- describe wireless security settings such as Wi-Fi Protected Access 3 (WPA3), authentication, authorization, and accounting (AAA)/Remote Authentication Dial-In User Services (RADIUS), cryptographic protocols, and authentication protocols
- identify the stages of the data life cycle
- outline data loss prevention initiatives and solutions
- outline geographic and cultural data issues as they relate to data security
- outline how to implement secure protocols, including protocol selection, port selection, and transport method
- outline how to use masking, obfuscation, and tokenization to protect data
- outline how to use segmentation and compartmentalization to protect data
- outline the use of email security mechanisms like Domain-based Message Authentication Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and gateways
- outline the use of endpoint detection and response (EDR) solutions, including extended detection and response (XDR) and user behavior analytics (UBA)
- provide and overview encryption and hashing and how they are used to protect data
- provide an overview of DNS filtering, including DNSSEC and OpenDNS solutions
- provide an overview of file integrity monitoring
- provide an overview of network access (or admission) control (NAC)
- provide an overview of network infrastructure, including concepts such as physical isolation, air gaps, logical segmentation, and software-defined networking
- provide an overview of operating system security like group policy and SELinux
