CompTIA Security+ SY0-701 ยท 116 Chapters

Security+ Study Hub

Interactive learning materials based on Prof. Messer's SY0-701 course. Stories, flashcards, quizzes, tricks, and timed practice exams.

116
Chapters
812
Study Pages
7
Page Types
16
Practice Exams

Practice Exams

Timed ยท Auto-graded

Exam: Ch 1โ€“5

Security controls, CIA triad, non-repudiation, AAA, gap analysis. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 6โ€“11

Zero trust, physical security, deception, change management, PKI. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 12โ€“15

Encryption, key exchange, crypto technologies, obfuscation. 20 questions ยท 30 min.

Start Exam โ†’

Exam: Ch 16โ€“18

Hashing, blockchain, digital certificates. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 19โ€“25

Threat actors, social engineering, phishing, impersonation, watering hole. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 26โ€“32

Memory injection, buffer overflows, race conditions, malicious updates, OS vulnerabilities, SQLi, XSS. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 33โ€“34

Hardware vulnerabilities, firmware patching, EOL/EOSL, legacy platforms, virtualization attacks, VM escape. 20 questions ยท 20 min.

Start Exam โ†’

Exam: Ch 36โ€“39

Supply chain, misconfigurations, mobile device vulnerabilities, zero-day attacks. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 40โ€“43

Malware overview, viruses & worms, spyware & bloatware, keyloggers, logic bombs & rootkits. 20 questions ยท 25 min.

Start Exam โ†’

Exam: Ch 44โ€“53

Physical, DoS, DNS, wireless, on-path, replay, malicious code, application, cryptographic & password attacks. 20 questions ยท 30 min.

Start Exam โ†’

Exam: Ch 102–107

Incident Planning, Digital Forensics, Log Data, Security Policies, Security Standards, Security Procedures. 20 questions · 25 min.

Start Exam →

Exam: Ch 95–101

Endpoint Security, IAM, Access Controls, MFA, Password Security, Scripting & Automation, Incident Response. 20 questions · 25 min.

Start Exam →

Exam: Ch 108–112

Security Considerations, Data Roles, Risk Management, Risk Analysis, Risk Strategies. 20 questions · 25 min.

Start Exam →

Exam: Ch 113–117

Business Impact Analysis, Third-party Risk, Agreement Types, Compliance, Privacy. 20 questions · 25 min.

Start Exam →

Exam: Ch 118–121

Audits & Assessments, Penetration Tests, Security Awareness, User Training. 20 questions · 25 min.

Start Exam →

🏆 Full Mock Exam โ€” SY0-701

90 questions ยท 120 minutes ยท all five domains ยท randomised questions and answer order ยท instant results with category breakdown.

Start Mock Exam โ†’

All Chapters

Story ยท Glossary ยท Concepts ยท Examples ยท Flashcards ยท Quiz ยท Tricks
Foundations (Ch 1โ€“5)
๐Ÿ”’
Chapter 1

Security Controls

Technical, managerial, operational & physical controls. Preventive, detective, corrective and more.

๐Ÿ”บ
Chapter 2

The CIA Triad

Confidentiality, Integrity, and Availability โ€” the foundational principles of information security.

โœ๏ธ
Chapter 3

Non-Repudiation

Proof of integrity and proof of origin. Hashing, digital signatures, and cryptographic accountability.

๐Ÿ”‘
Chapter 4

AAA Framework

Authentication, Authorization, and Accounting. Certificate auth, authorization models, and VPN access.

๐Ÿ“Š
Chapter 5

Gap Analysis

Current state vs desired state. NIST 800-171, ISO 27001 baselines, and building the gap analysis report.

Architecture & Access (Ch 6โ€“11)
๐Ÿšซ
Chapter 6

Zero Trust

Never trust, always verify. Planes of operation, adaptive identity, PEP, PDP, and security zones.

๐Ÿข
Chapter 7

Physical Security

Bollards, vestibules, fencing, CCTV, guards, access badges, lighting, and sensors.

๐Ÿฏ
Chapter 8

Deception & Disruption

Honeypots, honeynets, honeyfiles, DNS sinkholes, and fake telemetry to mislead attackers.

๐Ÿ“‹
Chapter 9

Change Management

CAB, approval workflows, change requests, rollback procedures, and risk assessment.

โš™๏ธ
Chapter 10

Technical Change Management

Patching, version control, configuration baselines, dependencies, and regression testing.

๐Ÿ›๏ธ
Chapter 11

Public Key Infrastructure

Certificate authorities, trust chains, key pairs, certificate types, and PKI hierarchy design.

Cryptography (Ch 12โ€“18)
๐Ÿ”
Chapter 12

Encrypting Data

BitLocker, EFS, column-level encryption, IPsec VPN, key stretching, and Kerckhoffs's principle.

๐Ÿค
Chapter 13

Key Exchange

Out-of-band vs in-band, session keys, ephemeral keys, forward secrecy, DH/DHE/ECDHE, TLS handshake.

๐Ÿ–ฅ๏ธ
Chapter 14

Encryption Technologies

TPM, HSM, KMS, Secure Enclave, measured boot, PCRs, and tamper-responsive hardware.

๐ŸŽญ
Chapter 15

Obfuscation

LSB steganography, tokenization, token vaults, PCI scope reduction, static and dynamic data masking.

#๏ธโƒฃ
Chapter 16

Hashing & Digital Signatures

MD5, SHA-256, salting, rainbow tables, bcrypt/Argon2, HMAC, digital signatures, non-repudiation.

โ›“๏ธ
Chapter 17

Blockchain

Hash chaining, genesis block, proof of work/stake, 51% attacks, smart contracts, permissioned ledgers.

๐Ÿ“œ
Chapter 18

Digital Certificates

X.509, CA hierarchy, CSR, self-signed certs, wildcard vs SAN, CRL, OCSP Stapling, Heartbleed.

Threats & Social Engineering (Ch 19โ€“25)
๐Ÿ•ต๏ธ
Chapter 19

Threat Actors

Nation-state APTs, hacktivists, organized crime, insider threats, unskilled attackers, shadow IT, TTPs, MITRE ATT&CK.

๐ŸŽช
Chapter 20

Social Engineering

Cialdini's 6 principles, BEC anatomy, pretexting, tailgating, vishing, smishing, whaling, quid pro quo.

๐Ÿ›ฃ๏ธ
Chapter 21

Common Threat Vectors

Message, image, file, voice, USB, software, unsupported systems, unsecure networks, open ports, default credentials, supply chain.

๐ŸŽฃ
Chapter 22

Phishing

Typosquatting, pretexting, vishing, smishing, BEC, fake check scam, CEO scam, advance-fee scam, caller ID spoofing.

๐ŸŽญ
Chapter 23

Impersonation

Display name spoofing, cousin domains, ARP/DNS spoofing, deepfakes, SIM swapping, badge cloning, DAI.

๐Ÿ’ง
Chapter 24

Watering Hole Attacks

Drive-by downloads, exploit kits, malvertising, SolarWinds SUNBURST, island hopping, SBOM, browser isolation.

๐Ÿ—‘๏ธ
Chapter 25

Other Social Attacks

Spam, SPIM, hoaxes, disinformation, elicitation, USB drops, HID devices, invoice fraud, influence ops.

Application Attacks (Ch 26โ€“39)
๐Ÿ’‰
Chapter 26

Memory Injection

DLL injection, reflective DLL, process hollowing, fileless malware, LSASS/Mimikatz, DEP, ASLR, CFG.

๐Ÿ“ฆ
Chapter 27

Buffer Overflows

Stack smashing, return address hijacking, heap overflows, ROP chains, stack canaries, DEP, ASLR, safe languages.

โฑ๏ธ
Chapter 28

Race Conditions

TOCTOU attacks, race windows, atomic operations, mutex locking, deadlock, double-spend exploits, privilege escalation via timing.

๐Ÿ”„
Chapter 29

Malicious Updates

Supply chain attacks, build pipeline compromise, SolarWinds SUNBURST, dependency confusion, code signing limits, SBOM, and behavioral detection.

๐Ÿ–ฅ๏ธ
Chapter 30

OS Vulnerabilities

RCE, EoP, security feature bypass, information disclosure, DoS, spoofing โ€” Patch Tuesday, zero-days, staged rollouts, MSRC.

๐Ÿ’‰
Chapter 31

SQL Injection

Code injection, SQLi mechanics, OR 1=1, authentication bypass, UNION-based extraction, parameterized queries, WAF, least privilege defense stack.

๐Ÿ–ฅ๏ธ
Chapter 32

Cross-Site Scripting

XSS trust exploitation, reflected vs. stored XSS, JavaScript as attack vector, Subaru 2017, output encoding, CSP, XSS worms.

๐Ÿ”ฉ
Chapter 33

Hardware Vulnerabilities

Firmware patching limits, IoT attack surface, EOL vs. EOSL, legacy platforms, compensating controls: firewall rules, IPS signatures, network segmentation.

๐Ÿ’ป
Chapter 34

Virtualization Vulnerabilities

VM escape, Pwn2Own 2017 three-step chain, resource reuse memory leakage, VM sprawl, hypervisor patching, memory scrubbing, VM lifecycle management.

๐Ÿ”—
Chapter 36

Supply Chain Vulnerabilities

Island hopping, Target/HVAC service provider attack, counterfeit hardware, SolarWinds SUNBURST build pipeline compromise, code signing limits, vendor management, SBOM.

โš™๏ธ
Chapter 37

Misconfiguration Vulnerabilities

Open permissions, unsecured admin accounts, insecure protocols, default settings, open ports, firewall rule creep.

๐Ÿ“ฑ
Chapter 38

Mobile Device Vulnerabilities

Jailbreaking, rooting, sideloading, MDM enforcement limits, AUP policy, BYOD risks, app store vetting.

๐Ÿ”“
Chapter 39

Zero-Day Vulnerabilities

Zero-day lifecycle, why signature detection fails, Chrome/Microsoft/Apple 2023 examples, CVE system, EDR behavioral defense.

Malware & Attack Techniques (Ch 40โ€“53)
๐Ÿฆ 
Chapter 40

An Overview of Malware

Nine malware types surveyed: virus, worm, ransomware, trojan, rootkit, keylogger, spyware, bloatware, logic bomb. Multi-stage attack chains, infection vectors, four defense fundamentals.

๐Ÿ›
Chapter 41

Viruses and Worms

Virus types (program, boot sector, script, macro, fileless), worm autonomous propagation, EternalBlue SMB exploit, WannaCry 2017 ransomware worm.

๐Ÿ‘๏ธ
Chapter 42

Spyware and Bloatware

Browser monitoring, keylogger credential theft, affiliate fraud, scareware delivery, Lenovo Superfish 2015, Carrier IQ 2011, bloatware attack surface risk, Malwarebytes.

๐Ÿ’ฃ
Chapter 43

Other Malware Types

Keyloggers bypass encryption, DarkComet RAT, logic bombs and time bombs, South Korea 2013, Ukraine 2016 SCADA attack, rootkits hiding in the kernel, Secure Boot prevention.

๐Ÿ”‘
Chapter 44

Physical Attacks

Physical brute force, RFID badge cloning ($50 device), MFA as the defense, environmental attacks on power and HVAC, fire suppression as denial-of-service, man-traps.

๐ŸŒŠ
Chapter 45

Denial of Service

DoS vs. DDoS, friendly DoS (L2 loops, bandwidth saturation), botnets and Zeus (3.6M devices), asymmetric threat, DNS amplification 86ร—, NTP 550ร—, smokescreen attacks.

๐ŸŒ
Chapter 46

DNS Attacks

DNS poisoning (server, host file, on-path), domain hijacking โ€” Brazil bank 2016 (36 domains, 6 hours, 5M customers), URL hijacking, typosquatting, brandjacking, DNSSEC defense.

๐Ÿ“ก
Chapter 47

Wireless Attacks

802.11 deauthentication attacks, 802.11w Management Frame Protection, Rogue AP, Evil Twin, fox hunting with Yagi antenna, WPS PIN attacks, channel jamming.

๐Ÿ”€
Chapter 48

On-Path Attacks

ARP poisoning, Dynamic ARP Inspection (DAI), on-path browser (MITB), SSL interception, victim-to-attacker-to-gateway chain, layer 2 vs layer 7 MITM.

๐Ÿ”
Chapter 49

Replay Attacks

Pass-the-hash (NTLM challenge-response reuse), session hijacking, Firesheep cookie capture, session token theft, anti-replay sequence numbers, credential reuse without cracking.

๐Ÿ’€
Chapter 50

Malicious Code

WannaCry ransomware+worm hybrid, kill switch domain, British Airways Magecart formjacking, client-side script injection into payment pages, supply chain code compromise.

โšก
Chapter 51

Application Attacks

SQL injection (admin'-- auth bypass), CSRF hidden image tags, directory traversal, command injection, IDOR, privilege escalation through application-layer vulnerabilities.

๐Ÿงฎ
Chapter 52

Cryptographic Attacks

Birthday attack (โˆšN collisions), MD5 weaknesses (collisions 2004, CA forgery 2008), POODLE downgrade + padding oracle, SSL stripping, HSTS, TLS_FALLBACK_SCSV.

๐Ÿ”‘
Chapter 53

Password Attacks

Plaintext storage, password spraying (many accounts, few passwords), online vs offline brute force, salting defeats rainbow tables, account lockout limits, MFA as universal backstop.

Incident Response & Mitigation (Ch 54โ€“57)
๐Ÿ”
Chapter 54

Indicators of Compromise

Account lockouts, blocked content, impossible travel, resource consumption spikes, log anomalies โ€” recognizing attack evidence across network, host, and application layers.

๐Ÿ”’
Chapter 55

Segmentation and Access Control

VLANs, ACLs, screened subnets, jump servers, privileged access workstations โ€” enforcing least privilege at the network and access layer.

๐Ÿ›ก๏ธ
Chapter 56

Mitigation Techniques

Patching cadence, SOAR playbooks, SIEM correlation, network segmentation, deception technologies, and quarantine workflows for active incidents.

โš™๏ธ
Chapter 57

Hardening Techniques

CIS benchmarks, secure baselines, default credential changes, unnecessary service removal, endpoint protection, host-based firewall, and full-disk encryption.

Network & Cloud Infrastructure (Ch 58โ€“67)
โ˜๏ธ
Chapter 58

Cloud Infrastructure

IaaS/PaaS/SaaS shared responsibility model, cloud-native security controls, IAM in the cloud, microsegmentation, and data sovereignty considerations.

๐ŸŒ
Chapter 59

Network Infrastructure Concepts

Air gaps, physical segmentation, VLANs (802.1Q), inter-VLAN routing, SDN data/control/management planes, VLAN hopping prevention, management plane attack surface.

๐Ÿ–ฅ๏ธ
Chapter 60

Other Infrastructure Concepts

On-prem vs. cloud trade-offs, hypervisor/VM/container isolation, IoT weak defaults, SCADA/ICS air-gap requirements, RTOS constraints, high availability active/passive vs. active/active.

๐Ÿ“Š
Chapter 61

Infrastructure Considerations

Availability SLAs (five nines), MTTR/MTTF/MTBF, scalability and elasticity security, orchestration vs. manual deployment, cybersecurity insurance, inability-to-patch compensating controls, UPS and generator layers.

๐Ÿ—๏ธ
Chapter 62

Secure Infrastructures

Device placement (firewalls, honeypots, jump servers, load balancers, sensors), security zones (trusted/untrusted/DMZ), attack surface reduction, IPsec site-to-site VPNs, and defense-in-depth layering.

๐Ÿšจ
Chapter 63

Intrusion Prevention

IDS vs. IPS (detect vs. block), fail-open vs. fail-closed failure modes, active inline monitoring, passive SPAN/tap monitoring, signature-based and anomaly-based detection, and IPS tuning to prevent false-positive outages.

๐Ÿ”€
Chapter 64

Network Appliances

Jump servers (bastion hosts), forward and reverse proxies, open proxy risks, transparent vs. explicit proxies, load balancer active/active and active/passive modes, SSL/TLS offloading, content switching, and SIEM correlation engines.

๐Ÿ”
Chapter 65

Port Security

EAP (Extensible Authentication Protocol), IEEE 802.1X Port-based Network Access Control, the supplicant/authenticator/authentication server three-component model, EAP-TLS vs. PEAP, RADIUS integration with Active Directory, and MAC Authentication Bypass for legacy devices.

๐Ÿ”ฅ
Chapter 66

Firewall Types

Traditional network-based firewalls (Layer 4), Unified Threat Management (UTM) all-in-one appliances, Next-Generation Firewalls (NGFW) with deep packet inspection and application-layer control, and Web Application Firewalls (WAF) for SQL injection and XSS protection โ€” and when to deploy each.

๐Ÿ”’
Chapter 67

Secure Communication

VPN concentrators, IPsec encrypted tunnel packet structure, SSL/TLS remote access VPN (TCP 443), site-to-site IPsec VPN, always-on VPN, SD-WAN for cloud-era routing, and SASE โ€” the unified cloud networking and security platform with ZTNA, CASB, FWaaS, and more.

Data Security (Ch 68โ€“70)
๐Ÿ—‚๏ธ
Chapter 68

Data Types and Classifications

Regulated data, trade secrets, intellectual property, legal and financial information, human-readable vs. non-human-readable formats, PII, PHI, proprietary data, and the full classification spectrum โ€” from Public to Critical โ€” and how classification determines the security controls applied to each data set.

๐Ÿ’พ
Chapter 69

States of Data

Data at rest (stored), data in transit (in motion), and data in use (in RAM) โ€” three states requiring different controls. Full disk, database, and file encryption for stored data; TLS and IPsec for network data; why RAM is almost always decrypted and the Target breach proves it. Plus data sovereignty (GDPR) and geolocation access control.

๐Ÿ›ก๏ธ
Chapter 70

Protecting Data

Geographic restrictions and geofencing (GPS, 802.11, IP geolocation), encryption vs. hashing vs. tokenization โ€” and why each is chosen. Obfuscation and data masking as view-layer controls. Tokenization in mobile payments (Apple Pay / Google Pay). Data segmentation to limit breach blast radius. Permission restrictions: authentication controls and post-login authorization (least privilege, separation of duties).

Resiliency & Recovery (Ch 71โ€“75)
๐Ÿ”„
Chapter 71

Resiliency

High availability (active/active) vs. mere redundancy, server clustering (shared storage, same OS), and load balancing (servers unaware of each other, different OSes OK). Hot site (exact replica, real-time sync), warm site (middle ground), and cold site (empty building). Geographic dispersion, platform diversity to spread OS vulnerability risk, multi-cloud provider dispersion, and COOP manual procedures when all technology fails.

๐Ÿ“Š
Chapter 72

Capacity Planning

Matching supply to demand across people, technology, and infrastructure โ€” the three dimensions of capacity. People capacity is the hardest and slowest to scale. Web services scale via load balancers; databases via clustering and sharding; cloud via on-demand auto-scaling. Vertical scaling adds resources to one server (ceiling exists); horizontal scaling adds more servers (no ceiling, built-in redundancy). Elasticity eliminates the fixed-capacity dilemma. Physical infrastructure is CapEx with weeks of lead time; cloud is OpEx in minutes. Right-sizing, monitoring, and forecasting complete the discipline.

๐Ÿ”
Chapter 73

Recovery Testing

Validating disaster recovery plans before real events occur. Rules of engagement keep tests from disrupting production. Tabletop exercises surface procedural and coordination gaps through discussion โ€” no systems touched. Failover testing verifies redundant infrastructure switches automatically and transparently (users should notice nothing). Phishing simulations measure two independent defenses: email filter controls and human behavior. Parallel processing distributes work across multiple CPUs for both performance and graceful degradation โ€” partial failure loses capacity, not the whole service.

๐Ÿ’พ
Chapter 74

Backups

Complete backup strategy across six dimensions: data volume, backup type, media, storage location, software, and schedule. On-site is fast; off-site survives disasters โ€” most organizations use both. Backup frequency determines RPO. Encryption is mandatory for off-site and cloud (stolen tapes must be unreadable); recovery key must be stored separately. Snapshots capture full VMs instantly; every snapshot after the first is incremental (changes only). Recovery testing verifies backups actually restore. Replication is near-real-time but propagates ransomware โ€” cannot replace periodic backups. Journaling prevents corruption from interrupted writes by recording intent before committing to storage.

โšก
Chapter 75

Power Resiliency

Power is the foundation of all technology โ€” and organizations can't control their utility provider. Three disturbances: blackout (zero voltage), brownout (voltage drop, causes instability), surge (overvoltage, damages hardware). Three UPS types: offline/standby (basic, brief transfer delay), line-interactive (active voltage regulation, best for brownout-prone areas), online/double-conversion (zero transfer time, equipment always runs from battery/inverter, used in data centers). Generators provide long-term backup but need 60โ€“90 seconds to start โ€” the UPS bridges that gap. UPS and generator are partners, not alternatives.

Security Hardening & Configuration (Ch 76โ€“80)
๐Ÿ“‹
Chapter 76

Security Baselines

Standardized security configurations that every application instance must follow โ€” firewall settings, patch levels, OS file versions. Build from manufacturer sources (application developer, OS vendor, appliance maker; Microsoft SCT for Windows). Deploy via automation: Active Directory Group Policy, MDM, configuration management tools. Monitor for configuration drift through continuous integrity measurements. Update when new vulnerabilities emerge, applications are upgraded, or OS changes occur. Audit for compliance evidence.

๐Ÿ”ฉ
Chapter 77

Hardening Targets

No default configuration is secure. Nine distinct targets each need platform-specific hardening: mobile devices (MDM, data segmentation, updates), workstations (OS/app/firmware patches, remove unused software, Group Policy), network infrastructure (change defaults, embedded OS, rare but critical firmware patches), cloud (secure management workstation, least privilege, EDR, C2C backup), servers (patches, account controls, limit network access, EDR), SCADA/ICS (air-gap, no internet access, physical consequence if breached), embedded systems (segment + firewall when patching is impossible), RTOS (deterministic timing, isolation, minimum services), IoT (change defaults, patch quickly, dedicated VLAN).

๐Ÿ“ถ
Chapter 78

Securing Wireless and Mobile

Site surveys map the RF environment before deployment โ€” heat maps visualize coverage, spectrum analyzers find non-Wi-Fi interference (microwave, cordless phone) that survey tools miss. MDM enforces security policy across BYOD and corporate devices: feature control, data segmentation, screen lock, remote wipe. Three ownership models: BYOD (employee-owned, org manages work profile), COPE (company-owned, personal use allowed, full org control), CYOD (company-owned, employee picks from approved list). Three Wi-Fi threats: data capture (encrypt), on-path/rogue AP (WPA3 + certs), deauthentication DoS (802.11w). Cellular risks: traffic monitoring, location tracking, global exposure. Bluetooth: pairing protects against unauthorized connections; disable when not in use.

๐Ÿ”
Chapter 79

Wireless Security Settings

Three wireless security objectives: confidentiality (encrypt), authentication (who gets access), integrity (MIC). WPA2 PSK flaw: four-way handshake transmits a crackable hash โ€” offline brute-force with no lockout or rate limit; no forward secrecy. WPA3 fixes both: GCMP (AES encryption + GMAC integrity in one algorithm); SAE/dragonfly handshake (Diffie-Hellman derivation, no hash transmitted, mutual auth, per-session keys, forward secrecy). Three modes: Open (no auth), WPA3-Personal/PSK (shared key, SAE-protected), WPA3-Enterprise/802.1X (individual RADIUS auth). AAA: Identification โ†’ Authentication โ†’ Authorization โ†’ Accounting. RADIUS: centralized AAA protocol; 802.1X: port-based NAC; EAP: extensible auth framework (EAP-TLS, PEAP, EAP-TTLS). Three 802.1X roles: Supplicant (asks), Authenticator/AP (enforces โ€” does NOT validate), Authentication Server/RADIUS (decides).

๐Ÿ’ป
Chapter 80

Application Security

Secure coding balances speed against security โ€” vulnerabilities not found in QA are found by attackers. Input validation enforces expected type, length, format, and character set on every input; normalization decodes/standardizes input first so encoded bypass attacks fail. Fuzzing tests with automated random/malformed input to find edge cases. Secure cookies use the Secure attribute (HTTPS only) and HttpOnly (no JS access); never store sensitive data in cookies. SAST scans source code for buffer overflows, SQL injection, insecure function calls โ€” cannot evaluate cryptographic correctness, auth logic, or business logic; false positives require human review. Code signing: CA signs developer's public key; developer signs code with private key; OS validates using developer's public key. Sandboxing limits blast radius after compromise (VMs, mobile OS, browser iframes, Windows UAC). Application monitoring: real-time visibility, blocked attack logs, audit trails, anomaly detection.

Asset & Vulnerability Management (Ch 81โ€“86)
📦
Chapter 81

Asset Management

Procurement: user request → IT/purchasing review → supplier negotiation (price, terms, SLA) → purchase/delivery → invoice/payment. Assignment: central asset tracking system; ownership associates device to responsible person; classification: hardware=CapEx (depreciates), software=OpEx (does not depreciate). Monitoring: full inventory of all assets; enumeration documents individual components (CPU, RAM, storage, peripherals); asset tags (barcode, RFID, visible number) link physical device to database record — also theft deterrence. Media sanitization: secure overwrite for reuse; physical destruction for decommission; one-way process. Destruction methods: shredding/pulverization, drilling/hammering, degaussing (HDDs only — NOT SSDs), incineration. Certificate of destruction: third-party confirmation with serial numbers — chain-of-custody for compliance. Data retention: regulatory compliance (HIPAA, SOX, FINRA), operational recovery (backup/DR), data type differentiation.

🔍
Chapter 82

Vulnerability Scanning

Scanning vs. pen testing: scanning identifies potential weaknesses without exploiting them (minimally invasive); pen testing actively exploits (invasive). Port scanning: open ports = attack surface, not inherently vulnerable. Internal + external scans both required — external covers internet-facing; internal covers insider threats, unauthorized devices, shadow IT. False positives: verify before acting; severity does not replace verification. SAST: static analysis of code; finds code patterns; cannot find auth design flaws, improper crypto usage, or business logic errors. Fuzzing: dynamic; running application; malformed input → crash/exception/error = vulnerability indicator; synonyms: fault injection, robustness testing, negative testing, syntax testing. History: 1988, Univ. of Wisconsin, Prof. Barton Miller, "Fuzz Generator." CERT BFF. Package monitoring: supply chain risk; CVE tracking for installed dependencies; digital signatures + hash validation + repository auth; tools: OWASP Dependency-Check, Dependabot, Snyk.

🔎
Chapter 83

Threat Intelligence

Threat intelligence: proactive defense by understanding adversaries before they act; used by SOC analysts, IR teams, threat hunters, vuln management, and executives. OSINT: publicly available sources (internet forums, government advisories, commercial data); free but requires validation before operational use — quality varies and disinformation exists. Proprietary intelligence: commercial services with cross-organization correlation; detect campaigns at one client, warn all others; provides IOCs, malware analysis, TTPs. Information-sharing organizations: collective defense; peer organizations share first-hand attack evidence; zero-day and ransomware scenarios. Cyber Threat Alliance (CTA): members submit standardized intelligence → CTA validates and scores → distributes to all members. Dark web: overlay network; requires specialized software (Tor) to access; criminal forums and markets host stolen data, malware, hacking services, access listings; monitor for company names, executive names, credential dumps, planned attack mentions.

🎯
Chapter 84

Penetration Testing

Rules of engagement: required before any testing; defines type of testing, permitted timing, in-scope systems, out-of-scope systems, emergency contacts, sensitive data handling. Four phases: (1) Initial exploitation — first foothold via buffer overflow, phishing, SQL injection, social engineering; (2) Lateral movement — expand to internal systems using stolen credentials, pass-the-hash; internal network is less protected; (3) Persistence — backdoors, unauthorized accounts, startup modification, scheduled tasks survive patching; (4) Pivot — compromised system as relay to reach architecturally isolated segments. Responsible disclosure: researcher reports privately → vendor creates fix → patch deployed → public disclosure; 90-day industry norm. Bug bounty programs: financial reward for valid documented findings submitted privately within defined scope; Google, Microsoft, Meta run major programs.

🔬
Chapter 85

Analyzing Vulnerabilities

False positives and negatives, CVSS scoring, CVE databases, exposure factor, environmental variables, and risk tolerance.

🔧
Chapter 86

Vulnerability Remediation

Patching strategies, cybersecurity insurance, segmentation, compensating controls, exceptions, validation, and continuous reporting.

Monitoring & Active Defense (Ch 87โ€“89)
📡
Chapter 87

Security Monitoring

SIEM log aggregation, continuous scanning, actionable reporting, archiving mandates, real-time alerting, quarantine response, and alert tuning.

🛠
Chapter 88

Security Tools

SCAP standardization, CIS benchmarks, agent vs. agentless, DLP, SNMP polling and traps, NetFlow traffic analysis, and vulnerability scanners.

🔥
Chapter 89

Firewalls

Network-based firewalls and NGFWs, application layer gateways, firewall rules and implicit deny, ACLs, screened subnets, and IPS signature-based and anomaly-based detection.

🖥️
Chapter 91

Operating System Security

Active Directory as the centralized Windows identity store, Group Policy for enterprise-wide configuration enforcement, SELinux adding mandatory access control to Linux, and the DAC vs. MAC access control model distinction.

🌐
Chapter 90

Web Filtering

Content filtering, URL scanning and category-based block rules, agent-based filtering, explicit and transparent proxies, forward proxy, reputation-based filtering, and DNS filtering as a pre-connection defense.

🔒
Chapter 92

Secure Protocols

Insecure-to-secure protocol replacements (Telnet→SSH, FTP→SFTP, HTTP→HTTPS, IMAP→IMAPS), why port numbers do not guarantee encryption, Wireshark verification, open Wi-Fi risks, WPA3 per-session keys, and VPN as a transport-layer wrapper for all applications.

✉️
Chapter 93

Email Security

Why SMTP enables spoofing, the mail gateway as gatekeeper, SPF authorized-server validation, DKIM digital signatures and public-key verification, DMARC disposal policy (none/quarantine/reject) and aggregate reporting, and the correct deployment sequence for all three DNS-based technologies.

📊
Chapter 94

Monitoring Data

File Integrity Monitoring with SFC (Windows) and Tripwire (Linux); DLP across three data states (in use, in motion, at rest); USB blocking and the 2008 DoD agent.btz worm incident; cloud-based DLP; and email DLP for inbound threats and outbound leakage including the 2016 Boeing spreadsheet incident.

Security Operations (Ch 95–101)
🖥️
Chapter 95

Endpoint Security

Defense in depth layers, NAC posture assessment with persistent/dissolvable/agentless agents, EDR behavioral analysis and automated response, XDR cross-domain correlation, and UBA for insider threat detection.

🆔
Chapter 96

Identity and Access Management

Identity lifecycle (hire/transfer/separation), access creep and orphaned accounts, identity proofing, SSO, LDAP directory structure with container and leaf objects, SAML limitations on mobile, OAuth vs. OpenID Connect, and federation.

🔐
Chapter 97

Access Controls

Least privilege, MAC (OS-enforced labels), DAC (owner-controlled), RBAC (group membership and implicit rights), Rule-based (system ACL conditions), ABAC (simultaneous attribute evaluation for zero-trust), and time-of-day restrictions.

📱
Chapter 98

Multifactor Authentication

Four factor categories, smart cards and hardware tokens, SMS OTP SIM-swap weakness, biometrics as mathematical representations (cannot be changed if compromised), FAR/FRR/CER metrics, and location-based authentication.

🔑
Chapter 99

Password Security

Entropy and why length beats complexity, NIST SP 800-63B passphrase guidance, expiration and history policies, password managers (encrypted vault, unique per service, enterprise vs. consumer), passwordless authentication with TPM, JIT permissions with clearinghouse, and password vaulting with session proxying.

⚙️
Chapter 100

Scripting and Automation

Automation benefits (time savings, baseline enforcement, secure scaling, workforce multiplier), use cases (provisioning, guard rails, security groups, ticket creation, escalation, CI/CD, API integration), and scripting risks (complexity, cost, single point of failure, technical debt, ongoing supportability).

🚨
Chapter 101

Incident Response

NIST SP 800-61 four-phase lifecycle, incident go bag contents, detection sources (IPS/AV/FIM/traffic), sandbox analysis and self-destruct malware challenge, eradication and recovery steps, post-incident meeting timing and the four retrospective questions, and IR training (tabletop, simulation, red team).

Security Governance (Ch 102–107)
📋
Chapter 102 · Security Operations

Incident Planning

Tabletop exercises vs. simulations, phishing simulation testing of users and filters, root cause analysis methodology (ask why repeatedly, avoid tunnel vision, multiple root causes, blame-free), and proactive threat hunting using SIEM, EDR, and behavioral analytics.

🔍
Chapter 103 · Security Operations

Digital Forensics

RFC 3227 best practices, legal hold (initiated by legal counsel, custodian ESI preservation), chain of custody (hashes, digital signatures, labeling, sealing), acquisition types by volatility (RAM/disk/firmware/VM/artifacts), preservation from copies, live collection for encrypted systems, and e-discovery vs. forensics.

📊
Chapter 104 · Security Operations

Log Data

Firewall and NGFW logs (source/destination/disposition/application ID), application and OS security logs (Windows Event Viewer, Linux /var/log), IPS/IDS log fields, network device logs (switches/routers/WAPs/VPN), metadata types (email headers, GPS, file author), SIEM correlation and impossible travel detection, dashboards vs. historical reports, and packet captures.

📜
Chapter 105 · Security Program Management

Security Policies

Policy (what+why) vs. technical controls (how), AUP and legal liability through employee acknowledgment, business continuity planning with required testing, disaster recovery sites (cold/warm/hot), RTO and RPO, five incident response roles, NIST SP 800-61 vs. NIST CSF, Agile vs. Waterfall SDLC, and change management policy elements.

📏
Chapter 106 · Security Program Management

Security Standards

Password standards (bcrypt/Argon2/PBKDF2 hashed+salted storage, NIST 800-63B guidance), access control models (MAC/DAC/RBAC/ABAC) and immediate access removal on separation, physical security personnel classification (employee/visitor/contractor) and escort requirements, encryption standards for three data states (at rest/in transit/in use), and ISO/IEC 27001.

⚙️
Chapter 107 · Security Program Management

Security Procedures

Change Control Board (CCB) seven-step workflow and mandatory backout plans, emergency change procedures, onboarding (AUP signing, least privilege account creation, pre-configured hardware), offboarding (disable not delete, hardware recovery, data management), security playbooks with conditional logic, SOAR orchestration and automation, and centralized/decentralized/federated governance structures.

Security Considerations & Risk (Ch 108–112)
⚖️
Chapter 108 · Security Program Management

Security Considerations

SOX (publicly traded companies, financial data integrity), HIPAA (PHI protection, 60-day breach notification, encryption safe harbor), legal hold and spoliation risk, GDPR 72-hour notification, OT/SCADA air-gap and availability priority, cross-border data sovereignty and jurisdictional conflicts.

👤
Chapter 109 · Security Program Management

Data Roles & Responsibilities

Data owner (senior business leader, organizational accountability), data controller (determines purpose and means, primary GDPR liability), data processor (third-party handler under controller instructions), data custodian (day-to-day technical controls, sensitivity labels: public / internal / confidential / restricted).

⚠️
Chapter 110 · Security Program Management

Risk Management

Four risk assessment types: one-time (acquisition, new system), ad hoc (concern-triggered, team forms and disbands), recurring (PCI DSS annual mandate), continuous (integrated into change control). Risk identification, threat assessment, and the change-management risk integration model.

📈
Chapter 111 · Security Program Management

Risk Analysis

Qualitative (traffic light grids, expert judgment) vs. quantitative (SLE = AV × EF, ALE = ARO × SLE) methods. Five impact categories (Life > Property > Safety > Finance > Reputation). Risk appetite vs. tolerance (speed limit vs. ticketing threshold). Risk register: KRIs, risk owners, thresholds.

🛡️
Chapter 112 · Security Program Management

Risk Management Strategies

Six strategies: Transfer (cyber insurance, financial shift), Accept (documented decision), Exemption (policy cannot apply, permanent), Exception (temporary deviation), Avoid (only complete elimination), Mitigate (most common, controls reduce risk). Risk reporting for senior management: critical and emerging risks in business terms.

Business Continuity & Compliance (Ch 113–117)
⏱️
Chapter 113 · Security Program Management

Business Impact Analysis

RTO (max acceptable downtime, business target), RPO (max acceptable data loss, drives backup frequency), MTTR (avg repair time = total repair time ÷ count, must be < RTO), MTBF (avg uptime between failures = total uptime ÷ breakdowns). RTO/RPO are targets; MTTR/MTBF are measurements.

🔍
Chapter 114 · Security Program Management

Third-party Risk Assessment

Penetration test (active exploitation) vs. vulnerability scan (passive identification). Rules of engagement: scope, timing, authorized techniques, emergency contacts. Right-to-audit clause vs. SOC 2. SolarWinds supply chain attack: trusted build pipeline, valid digital signature, 18,000 orgs compromised. Conflict of interest indicators in vendor selection.

📜
Chapter 115 · Security Program Management

Agreement Types

SLA (quantified performance + financial penalties), MOU (broad intent, not binding), MOA (specific commitments, conditionally binding), MSA (legal framework for entire relationship), WO/SOW (specific project under MSA), NDA (unilateral / bilateral / multilateral), BPA (ownership stake, governance rights, contingency provisions).

📋
Chapter 116 · Security Program Management

Compliance

SOX (publicly traded, CEO/CFO attestation, up to 20 years), HIPAA tiers ($50K unknowing, $100K false pretenses, $250K selling PHI), GLBA (financial institutions, Safeguards Rule). Due care (internal controls) vs. due diligence (vendor vetting). Uber: 2016 breach concealed 14 months, CSO convicted. Attestation = personal criminal liability.

🔒
Chapter 117 · Security Program Management

Privacy

GDPR: extraterritorial scope, IP addresses are personal data, up to 4% global turnover penalty. Right to erasure (Article 17): all copies including backups. Data Owner (senior executive, business accountability), Controller (GDPR purpose-setter), Processor (per controller instructions), Custodian (technical implementation). Data inventory required for erasure and breach response.

Security Program Management & Awareness (Ch 118–121)
🔍
Chapter 118 · Security Program Management

Audits and Assessments

Cybersecurity audit: structured IT environment examination. Attestation: formal professional opinion after evidence gathering (not the same as the audit). Audit committee starts AND stops all internal audits. Self-assessments: department evaluates itself. External audits: mandated by SOX/HIPAA/PCI DSS/CMMC/FedRAMP, cannot be skipped. Examination: hands-on evidence gathering phase.

🧪
Chapter 119 · Security Program Management

Penetration Tests

Physical pentest: modify boot, boot from external media, modify OS files. Red team (offensive), Blue team (defensive), Integrated (continuous feedback loop). Known (white box / full disclosure), Partially known (gray box), Unknown (blind / black box). Passive recon: public sources, no network traffic, very hard to detect. Active recon: ping, port scan, OS fingerprint, version scan โ€” generates logs.

🚨
Chapter 120 · Security Program Management

Security Awareness

Phishing campaigns: click rate = primary metric. Anomalous behavior: Risky (dangerous action: hosts file, OS file replacement, unauthorized upload), Unexpected (pattern deviation: foreign login, transfer spike), Unintentional (accident: wrong domain, misplaced USB). Metrics: click rate, MFA adoption, password manager adoption. Minimum awareness baseline + job-function layers.

🎓
Chapter 121 · Security Program Management

User Training

Pre-access training: before any access, includes third parties, must be documented. Situational awareness: digital (phishing, URLs) and physical (USB devices, unlocked doors). Insider threat: least privilege + active monitoring + multiple approvals. BadUSB: firmware-reprogrammed keyboards. OPSEC: attacker's perspective, minimize exposure. Remote work: VPN + EDR/MDM + no family device sharing.

About This Study Hub

This site covers 116 chapters from Prof. Messer's CompTIA Security+ SY0-701 lecture notes and transcripts. Each chapter contains seven learning modes: a story-based learning page with three helper references (Glossary, Concepts Map, Real-World Examples), interactive flashcards, a multi-format quiz, and trick & performance questions to sharpen exam-day thinking. Timed practice exams cover Ch 1โ€“5, Ch 6โ€“11, Ch 12โ€“15, Ch 16โ€“18, Ch 19โ€“25, Ch 26โ€“32, Ch 33โ€“34, Ch 36โ€“39, Ch 40โ€“43, Ch 44โ€“53, Ch 95โ€“101, Ch 102โ€“107, Ch 108โ€“112, Ch 113โ€“117, and Ch 118โ€“121. A full 90-question SY0-701 Mock Exam with a 120-minute timer, randomised question selection across all five exam domains, and instant results with per-domain analysis is available from the Practice Exams section above.