Fatskills
Practice. Master. Repeat.
Study Guide: CompTIA Security+ SY0-601 Exam Key Facts To Know - Domain 2.0: Architecture and Design
Source: https://www.fatskills.com/comptia-security-certification/chapter/comptia-security-sy0-601-exam-key-facts-to-know-domain-20-architecture-and-design

CompTIA Security+ SY0-601 Exam Key Facts To Know - Domain 2.0: Architecture and Design

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~7 min read

1. Recovery sites can be hot, warm, or cold. A hot site is an operational ready-to-go data center; it has the fastest recovery time and highest cost. A cold backup site is the opposite; it has a longer recovery window with a lower cost. A warm site is a compromise between the two.
2. Honeypots and honeynets are used to study the actions of hackers and distract them from more valuable data.
3. An HSM is a combination of hardware and software/firmware that is attached to or contained inside a computer to provide cryptographic functions for tamper protection and increased performance.
4. DLP is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose.
5. A public cloud provides shared resources over the Internet.

6. Three common public cloud models are SaaS, PaaS, and IaaS:
SaaS involves the delivery of a licensed application to customers over the Internet for use as a service on demand.
PaaS involves the delivery of a computing platform, often an operating system with associated services, over the Internet without downloads or installation.
IaaS involves the delivery of computer infrastructure in a hosted service model over the Internet.

7. A hypervisor is a software- or hardware-layer program that permits the use of many instances of an operating system or instances of different operating systems on the same machine, independent of each other.
8. A Type I native or bare-metal hypervisor is software that runs directly on a hardware platform.
9. A Type II, or hosted, hypervisor is software that runs within an operating system environment.
10. Scalability is based on the capability to handle the changing needs of a system within the confines of the current resources.
11. Elasticity is the capability to expand and reduce resources as needed at any given point in time.
12. SDN is a method for organizations to manage network services through a decoupled underlying infrastructure, allowing quick adjustments to changing business requirements.
13. IAAS clouds consist of workloads deployed across subnets within one or more isolated availability zones that make up the VPC deployed within a geographic region.
14. An IaaS transit gateway allows for the connection of on-premise networks to cloud-hosted networks.
15. A HIDS is implemented to monitor event and application logs, port access, and other running processes.
16. Authentication factors are something you are, something you have, something you know, somewhere you are, and something you do.
17. Biometrics, such as iris scans and fingerprints, are examples of physical access controls.
18. Identification is presenting credentials or keys; authentication is verifying presented credentials.
19. The TOTP algorithm relies on a shared secret and a moving factor or counter, which is the current time.
20. The HOTP algorithm relies on a shared secret and a moving factor or counter.
21. Username and password combinations are the most common form of authentication.
22. Token-based authentication is a strong form requiring possession of the token item.
23. Biometric authentication uses parts of the human body for authentication.
24. Password lockout prevents brute-force attacks.
25. Formal backup types include full, incremental, and differential. In addition, snapshots and copies meet requirements for certain backup use cases.
26. A differential backup includes all data that has changed since the last full backup, regardless of whether or when the last differential backup was made. It does not reset the archive bit
27. A differential backup never requires more than two backups for restore operations (the last full backup and the latest differential backup).
28. An incremental backup includes all the data that has changed since the last incremental backup. It does reset the archive bit.
29. An incremental backup requires the last full backup and every incremental backup since the last full backup.
30. With multiple disks and a RAID scheme, a system can stay up and running when a disk fails, as well as during the time the replacement disk is being installed and data is being restored.

31. RAID organizes multiple disks into a large, high-performance logical disk. These are the most commonly used types of RAID:
RAID 0: Striped disk array without fault tolerance
RAID 1: Mirroring and duplexing
RAID 5: Independent data disks with distributed parity blocks
RAID 10: RAID 1 and RAID 0; requires a minimum of four disks

32. CASB solutions address security requirements such as visibility, data protection, threat protection, and compliance across public cloud services.
33. Network load balancers are servers configured in a cluster to provide scalability and high availability.
34. Common physical detective controls include motion detectors, CCTV monitors, and alarms.
35. An access control vestibule is a holding area between two entry points in which one door cannot be unlocked and opened until the other door has been closed and locked.
36. With HVAC systems, overcooling causes condensation on equipment, and too-dry environments lead to excessive static.
37. A wet-pipe fire-suppression system is the system most people think of when discussing indoor sprinkler systems. Dry-pipe systems work in exactly the same way as wet-pipe systems, except that the pipes are filled with pressurized air instead of water.

38. The following are fire classes and suppression remedies:
For Class A fires (trash, wood, and paper), water decreases the fire’s temperature and extinguishes its flames.
Foam is usually used to extinguish Class B fires, which are fueled by flammable liquids, gases, and grease.
Class C fires (energized electrical equipment, electrical fires, and burning wires) are put out using extinguishers based on carbon dioxide.
Class D fires involve combustible metals. The extinguishing agents for Class D fires are sodium chloride and a copper-based dry powder.

39. The purpose of a PDS is to make physical access difficult by enclosing equipment and to make electronic access difficult by using different cables and patch panels.
40. Data centers and server farms make use of alternating rows facing opposing directions. Fan intakes draw in cool air vented to racks facing the cold aisle, and then fan output of hot air is vented to the alternating hot aisles for removal from the data center.
41. EMI shielding seeks to reduce electronic signals that “leak” from computer and electronic equipment. The shielding can be local, can cover an entire room, or can cover a whole building. The two types are TEMPEST shielding and Faraday cages.
42. Cryptographic technology provides for confidentiality, integrity, nonrepudiation, and authentication.
43. Exchanging keys often happens securely “in band” during the need to establish a secure session. Any type of out-of-band key exchange relies on having been shared in advance.
44. Encryption can be applied to data state, which includes data at rest, in transit, and in use.
45. Confusion refers to the level of change from the plaintext input to the ciphertext output, which should be significant.
46. Diffusion ensures that any change, even minor, to the plaintext input results in significant change to the ciphertext output.
47. Symmetric key algorithms depend on a shared single key for encryption and decryption. Examples include DES, 3DES, RC5, and AES.
48. Asymmetric key algorithms use a public key for encryption and a private key for decryption. Examples include the RSA, Diffie-Hellman, El Gamal, and elliptic curve cryptography standards.
49. Nonrepudiation ensures proof or origin, submission, delivery, and receipt.
50. Block ciphers are not as fast, but they encrypt on blocks of a fixed length and have a higher level of diffusion compared to stream ciphers, in which encryption is performed bit by bit.
51. Elliptic curve cryptography is most common in mobile and wireless use cases.
52. A hashing algorithm uses a mathematical formula to verify data integrity. If hash values are different, the file has been modified.
53. Proven, well-known cryptographic technologies should be used in implementations.
54. ROT13 is a substitution cipher. The first half of the Roman alphabet corresponds to the second half, and it is inverse in nature.
55. After a session is complete, when both sides in the communication process destroy the keys, this is known as perfect forward secrecy or just forward secrecy.
56. Ephemeral key agreement protocols such as DHE and ECDHE provide perfect forward secrecy.
57. Bcrypt and PBKDF2 are key derivation functions (KDFs) that are primarily used for key stretching, which provides a means to “stretch” a key or password, making an existing key or password stronger.
58. Blockchains are digital ledgers with transactions grouped into cryptographically linked blocks.
59. Adding a salt prevents a rainbow table attack on password hashes.



ADVERTISEMENT