Security+: Implementation Competency (Intermediate Level)

Topics covered

• compare IoT security like sensors, smart devices, facility automation, specialized systems, medical systems, vehicles, aircraft, and smart meters
• compare various mobile connection methods and receivers, such as cellular, WiFi, Bluetooth, NFC, infrared, USB, RFID, and GPS
• configure common account policies for AWS Identity and Access Management
• contrast symmetric and asymmetric cryptosystems
• define mobile deployment models, as in BYOD, COPE, CYOD, corporate-owned, and VDI
• define network segmentation and zoning concepts, such as a virtual local area network (VLAN), PVLAN, DMZ, east-west traffic, extranets, intranets, and zero-trust deployments
• define SCADA security issues such as facilities, industrial, manufacturing, energy, and logistics
• describe access control schemes like Attribute-based Access Control, Role-based Access Control, Rule-based Access Control, Mandatory Access Control, and Discretionary Access Control
• describe a cryptographic key including key length, strength, stretching, and perfect forward secrecy
• describe advanced account policy methods such as time of day, network location, geofencing, geotagging, and geolocation
• describe an array of secure protocols including DNSSEC, SSH, S/MIME, SRTP, LDAPS, FTPS, SFTP, and SNMPv3
• describe cameras and surveillance techniques such as CCTV, webcams, motion and object detection, and lighting
• describe embedded system security, such as in raspberry pi, FPGA, and Arduino, and constraints such as power, compute, network, crypto, inability to patch, authentication, range, cost, and implied trust
• describe installation considerations, as in site surveys, heat maps, Wi-Fi analysis, channel overlays, and WAP placement
• describe IPsec in terms of Authentication Header (AH), Encapsulated Security Payload (ESP), and tunnel vs. transport mode
• describe mobile device management concepts like MDM vs. MAM, content management, remote wipe, geofencing, geolocation, screen locks, push notifications, passwords, pins, and biometrics
• describe mobile device types, like MicroSD HSM and SEAndroid
• describe specialty systems like VoIP, HVAC, drones, AVs, MFP, RTOS, surveillance systems, SoC, 5g, narrow-band, baseband radio, and SIM cards
• describe various authentication management techniques like password keys, password vaults , TPM, HSM, and knowledge-based authentication
• describe various identity controls such as identity providers, attributes, certificates, tokens, SSH keys, and smart cards
• describe various load balancing concepts and techniques, including active/active, active/passive, elastic, scheduling, virtual IP addresses, and persistence
• recognize different barrier types such as bollards, barricades, gates, and fences
• survey common authentication protocols such as EAP-CHAP, password authentication protocol, 802.1x, and RADIUS
• survey mobile enforcement and monitoring concepts, such as third-party app stores, rooting, jailbreaking, sideloading, custom firmware, carrier unlocking, and firmware OTA updates
• survey protocols and services used for federation and single-sign-on like SAML 2.0, TACACS+, OAuth, OIDC, and Kerberos