SKILL BENCHMARK
CompTIA Security+ (SY0-701): Security Operations Literacy (Beginner Level)
- 30m
- 30 questions
The Security Operations Literacy (Beginner Level) benchmark measures your knowledge and skills in dealing with the operational aspects of maintaining and defending secure environments. You will be evaluated on your recognition of practical cryptography concepts, security monitoring and alerting methods, identity and access management approaches, and automation and incident response processes. A learner who scores high on this benchmark demonstrates literacy regarding the application of practical cryptography, monitoring security systems, and managing alerts. They are also knowledgeable about ensuring resilience and recovery in the event of a security breach, identity and access management, and the use of automation and orchestration for efficient incident response.
Topics covered
- compare access control models including mandatory, discretionary, role-based, rule-based, attribute-based, time-of-day, and least privilege
- compare cryptographic tools like Trusted Platform Module (TPM), hardware security module (HSM), key management systems, secure enclaves, key stretching, obfuscation with steganography, tokenization, and data masking
- compare disaster recovery sites like hot, cold, warm, cloud, geographic dispersion
- compare encryption levels including full disk, partition, file, volume, database, and record
- compare multi-factor authentication (MFA) categories
- define federation and single sign-on solutions such as Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), Security Assertion Markup Language (SAML), interoperability, and attestation
- define hashing, salting, and hash-based message authentication codes (HMACs)
- define privileged access management (PAM) and tools like just-in-time permissions, password vaulting, and ephemeral credentials
- define security orchestration, automation, and response (SOAR) systems
- define training and testing of incident response (IR) with techniques like tabletop exercises and simulations
- describe antivirus systems and data loss prevention (DLP)
- describe blockchain technology
- describe NetFlow and NetFlow records
- describe PKI, including certificate authorities (CAs), certificate signing request (CSR) generation, certificate revocation lists (CRLs), Online Certificate Status Protocol (OCSP), self-signed certificates, third-party certification, Wildcard certificates, and root of trust (RoT)
- describe security information and event management (SIEM) systems and their benefits
- identify various automation and scripting use cases
- outline digital signatures and certificates
- outline testing techniques such as tabletop exercises, failover, simulation, and parallel processing
- outline the digital forensics process with legal hold, chain of custody, acquisition, reporting, preservation, and e-discovery
- outline the incident response process, including preparation, detection, analysis, containment, eradication, recovery, and lessons learned
- outline the process of investigating data sources with firewall logs, application logs, endpoint logs, OS-specific security logs, IPS/IDS logs, network logs, metadata, vulnerability scans, automated reports, dashboards, and packet captures
- outline the use of biometric authentication modalities
- provide an overview of automation considerations such as complexity, cost, single point of failure, technical debt, and ongoing supportability
- provide an overview of capacity planning including people, technology, and infrastructure
- provide an overview of key exchange
- provide an overview of power considerations like generators and uninterruptible power supply (UPS)
- provide an overview of Security Content Automation Protocol (SCAP), including its importance and specifications
- provide an overview of Simple Network Management Protocol (SNMP) traps
- provide an overview of the concepts of continuity of operations and multicloud
- provide an overview of threat hunting and root cause analysis
