I'm a paragraph. Click here to add your own text and edit me. It's easy.

I'm a paragraph. Click here to add your own text and edit me. It's easy.

I'm a paragraph. Click here to add your own text and edit me. It's easy.

SMART STUDY TECHNIQUES for CompTIA Security+ SY0-601

STUDY DAY 1

The SkillMentor Smart Study Techniques is a 7 Day Program that is based on scientific studies that maximize retention of material.

This format is designed around the process of Distributive Practice. The philosophy around Distributed Practice is the fact that a delay in testing learned material significantly improves retention as compared to immediate testing of material just learned. This is because the material just learned is still in your memory and does not really test your  recall capabilities, recalling information, is what you must do to be successful on official exams.

 

DAY 1

The first day SESSION 1 process begins with the study of the exam Study Facts, then exam Terms, Acronyms and Graphic Question Study.  This is followed by a Flash Card Review of the material and a re-reading of the facts that were incorrectly chosen in the Flash Card Review.

Schedule It

Plan and schedule a time to study – Create a consistent daily study time routine.

  • First Study Day – SESSION 1 – LEARNING - Begin with 3 sets of learning of 20 min each separated by short 10 minute breaks to rest between each Study Set.

  • 30 Minute Break after Study Session 1

  • SESSION 2 – Repeat the LEARNING process for Session 2

___________________________________________________________________________________________

DAY 2

SESSION 1 of day 2 and each subsequent study day, begins with a Recall Practice Multiple Choice exam that covers the Day 1 material, followed by SESSION 2 that is a Study Session of new material. The Day 2 process repeats for each subsequent study day.

The Following can be studied over Study Session 1 & Session 2 on the first day

Prep Study Facts

Terms List

Acronym List

Graphics Study

Flash Cards – Covers Study Facts, Terms & Acronyms

Re-Read incorrect items

___________________________________________________________________________________________

 

DAY 1

SESSION 1 – LEARNING

Threats, Attacks & Vulnerabilities

Social Engineering is the most effective to carry out a Domain Hijacking attack.

For input validation the most important character to restrict to prevent a Cross Site Scripting attack is <

The following exhibit is Website Defacement for political message purposes most likely executed by a Hacktivist.

I'm a paragraph. Click here to add your own text and edit me. It's easy.

Threat Sources

Adversarial – Attacks by malicious users

Accidental – Errors made by untrained employees.

Structural – Hardware, software failures

Environmental – Natural Disasters

The purpose of a DNS amplification attacks is resource exhaustion.

Pixie Dust attacks are used to retrieve WPS pin codes.

2 major categories of attacks against device drivers are Shimming & Refactoring.

DNSSEC can prevent DNS Poisoning attacks

Black Hat Hackers are now called “Unauthorized.”

White Hat Hackers are now called “Authorized.”

Grey Hat Hackers are now called “Semi-authorized.”

 

Common Attacker Types

Script Kiddies – Unskilled hackers that depend on script downloads.

Hacktivists – Hackers that want to make a political or ideological statement.

Criminal Syndicates – Organized Crime seeking financial gain.

Competitors – Unethical competing businesses.

Insiders – Disgruntled employees or contractors.

Nation-States – Government sanctioned cyberwarfare teams

 

Attacker Qualities

Intent / Motivation – Personal, financial or political

Sophistication – Script Kiddies – inexperienced, Nation State Actors, most experienced.

Resources / Funding – Lone Attackers, limited funding, Nation Stated, significant funding

Location – Insiders or outside attacker

Target Information – Based on reconnaissance, some specific targets, others whatever they can find.

I'm a paragraph. Click here to add your own text and edit me. It's easy.

Disabling Open Resolution will prevent a DNS amplification attack.

Backdoors are an example of an adversary seeking “Persistence”.

Web Application Firewalls can detect SQL Injection attacks