Ready for some profound insights into the world of cybersecurity? Fasten your seatbelts, as Professor Jrod guides us through the latest updates on the new Security Plus exam. CompTIA, in an unprecedented move, is allowing aspirants to take both the 601 and 701 exams in parallel until July 31st, 2024. Yes, you heard it right! The score still stands at 750 out of 900, but there's a fascinating twist - the objectives have dwindled from 35 to a lean 28. Find out how this shift is pointing towards an exciting redesign, addressing current trends and structural improvements.
But guess what? The excitement doesn't end here. We walk you through the labyrinth of differences between the CompTIA Security+ and Network+ exams. The terrain of topics each exam covers and the inherent degree of complexity becomes a whole lot clearer. Moreover, we underline the importance of taking the A+ and Network+ exams before setting foot into the challenging world of the Security+ exam. We also traverse through critical subjects like vulnerability management, security alerting, and monitoring, and the need to tweak enterprise capabilities to bolster security. Join us in this riveting journey to unravel the mysteries of cybersecurity. Hurry, we're already on air!
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Ready for some profound insights into the world of cybersecurity? Fasten your seatbelts, as Professor Jrod guides us through the latest updates on the new Security Plus exam. CompTIA, in an unprecedented move, is allowing aspirants to take both the 601 and 701 exams in parallel until July 31st, 2024. Yes, you heard it right! The score still stands at 750 out of 900, but there's a fascinating twist - the objectives have dwindled from 35 to a lean 28. Find out how this shift is pointing towards an exciting redesign, addressing current trends and structural improvements.
But guess what? The excitement doesn't end here. We walk you through the labyrinth of differences between the CompTIA Security+ and Network+ exams. The terrain of topics each exam covers and the inherent degree of complexity becomes a whole lot clearer. Moreover, we underline the importance of taking the A+ and Network+ exams before setting foot into the challenging world of the Security+ exam. We also traverse through critical subjects like vulnerability management, security alerting, and monitoring, and the need to tweak enterprise capabilities to bolster security. Join us in this riveting journey to unravel the mysteries of cybersecurity. Hurry, we're already on air!
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
And welcome to technology tap on Professor Jayrod. And this episode we're going to discuss the new security plus exam. That's right, you heard me. The new security plus exam, let's get it. Hey, everyone, how are we getting closer to the holidays, right? So happy Thanksgiving everyone in the US and Canada. Does Canada separate? Nope, I think it was last month. Anyway, welcome to technology tap.
Speaker 1:I'm Professor Jayrod. For those of you who don't know me, I am a college professor in the New York area and I do these podcasts. You know I try to do two a month and it's all based most of it is based on CompTIA and technology at large, and is Professor Jayrod JROD like the baseball player, a rod, except they said Jay instead. All right, welcome. And on this week's edition we're going to talk about the new security plus. Can you imagine that? Right? I think I did a recording on when it went from five to six and now it is going to six, from 601 to 701.
Speaker 1:Now, those of you who are probably studying for the 601, you probably panic mode saying, oh my god, I missed my window. Fear not, comptia does. Let you give out both tests parallel. So you have up to July 31st of next year, of 2024 to take the 601 exam. That's the good thing about CompTIA they run it parallel because you know you just the exam just came out right and you know you just, you know you're still studying for it. So but that puts pressure on you which is a good thing to get the exam done by July 31st of next year. So those of you interested, we could always do question answer sessions, right, if you want, on technology tab, you just got to let me know. Email me at professor Jayrod, that's professor Jay ROD, at gmailcom, and we can work something out. Always love to interact with my fans and always, always, always, looking forward to you passing your CompTIA exams anyway, any, any of them.
Speaker 1:So one of the big things about this CompTIA one, and that I saw doing some research, is CompTIA initially did not, even though they released some objectives, they didn't do the score, they didn't give a score. So that speculated some people to believe that it was going to be like the CompTIA CASP exam the CASP, which, if you didn't know, and I didn't know until recently, is pass, fail, right. So a lot of people thought that it maybe this exam was going to be pass failed. But they, they did release the score and it's the same. It's 750 out of 900 in order to pass this exam. So at least they did that. They didn't change that. But they, they do say that they have done a significant amount of change in this new one. They're saying that the number of exam domains has come down. You know, actually, let me rephrase that the number of domains have remained the same, but it's fewer objectives from 28 it's 28 objectives used to be 35 on the 601 and it's due to being more focused job role in a maturing industry. Several the exam domains and exam objectives were reordered and redained to address and structural design improvements. Plus, comptia is constantly reviewing exam content and updating questions to ensure wellness and exam integrity. So they've changed it. You know that's a seven domains, is is uh, it's pretty significant. And about 20 of the exam objectives were updated to include current trends, the latest trends in threats, attacks, vulnerabilities, automation, zero trust, which is fairly new risk and internet of things.
Speaker 1:Ot and cloud environments are emphasized, as well as communication, reporting and teamwork. Collaboration is key. That's what I always say. My classrooms, my students, probably tired of hearing me saying that, but I always say collaboration is key in IT. Right, because in the overall scheme of things right when you break it down to its essential. It is really in the communication business and you have to learn how to communicate with your team. Hybrid environments the latest techniques for cybersecurity professionals working in hybrid environments that are located in the cloud or on premise. Cybersecurity professionals should be familiar with both worlds.
Speaker 1:Let's take a look at the domains that they have here. So just to compare it to the 601, the 601 had attacks and threats and vulnerabilities, which was 24% of the exam. Architecture and design 21%. Implementation 25%. Operations and incident response 16%. And governance, risk and compliance was at 14%. So this is the new exam, the 701. It is the general. Security concepts is 12%. Threats, vulnerabilities and mitigation is 22%. Security architecture is 18%. It looked like that went down. Security operations it's at 28%. That looks like it went up. From what is it? Security operations? So operation and incident response so up from 16%. And security program management and oversight it's 20%. Looks like that's one of the newer concepts that they have, or they might have merged some domains here. So let's take a look at some of the objectives here from CompTIA. It's very interesting every time they come up with a new exam and the new things that they do.
Speaker 1:People freak out. I know it's. I find it to be a little bit funny. All right. So general security concepts right. Categories technical managerial operations still have that. Control types right, they still have that. Summarized fundamental security concepts again CIA still there. Aaa still there. Zero trust they implemented See. Explain the importance of change management process right, change management is well last five, 10 years. Explain the importance of using appropriate cryptographic solutions right. Public key structure encryption still asymmetric. Symmetric tools again. Tokenization, data masking, hashing, salting, digital signatures still in there. All still in there.
Speaker 1:Threats, vulnerabilities and mitigation they talk about threat actors, attributes, their motivation, common threat, attacks and attack services. They have message base emails, sms and instant message, image base, voice call, removable devices. Talk about unsecured network, both wireless and Bluetooth, open service fault supply chain. And talk about again my best topic, social engineering fishing, fishing smishing, misinformation, impersonation, business email, compromise pretext water and hill type was squatting. I actually heard of a new said fishing, fishing smishing. Smishing is fairly new and it was another one I forgot. If I remember, I'll post it, but I know there's another one, it's a newer one nowadays. Explained various type of vulnerabilities to talk about buffer overflow, race conditions, operating system-based, web-based, hardware-based virtualization Again. Supply chain, mobile devices like siloing and jailbreaking they talk about giving a scenario.
Speaker 1:Analyze indicators of malicious activity modwares, physical attacks, network attack, application attacks, cryptographic attacks, password spraying attacks that's a new one. Indicators, account lockouts, block content, impossible travel that sounds like it's new. So a lot of new stuff here from the other as compared to the other exam, like you may know it, but they're just putting it on the exam now. Explained the purpose of mitigation techniques used to secure the enterprise. Again, least privilege is still there application allow, list isolation, patching, segmentation, decommissioning that's new Right. What are you gonna do with the products that you already have been using and you kind of wanna get rid of them because they're old, right?
Speaker 1:Number three security architecture. Compare and contrast security implications of different architect models. That architecture and infrastructure concept cloud, serverless right. They have cloud, responsible matrix, hybrid considerations. Third party infrastructure has a code serverless, micro servers, network infrastructure on premise, centralized versus decentralized, containerization, virtualization, internet of things, embedded system, real time operating system considerations availability, costs, responsiveness, patch, available, inability to patch, power and compute All right.
Speaker 1:Next one giving a scenario apply security principles to secure enterprise infrastructures. They talk about infrastructure considerations, device placements, security zones attack surface, failure mods, network compliance, ips, ids still in there. Secure communication access, vpn, remote access, tunneling right, still in there. Compare and contrast concepts through strategies to protect data, data types, regulated trace secrets, intellectual properties, data classification they still have. General data considerations right, data at rest and transient use methods to secure data, geographic restrictions, encryption, hashing all that's still there. See, explaining the importance of resiliency and recovery and security architecture, high availability, platform diversity right, don't use the same company for everything. Multi-cloud system right. Testing, tabletop exercise, failover simulations, parallel process right Still there. You know if you taking. You know power generators, ups you know again. Now listen, let me pause this while we will go over two more.
Speaker 1:One of the things I like to say is, with security plus and I might get people who say, hey, professor, you're out of your mind, but I think in a lot of cases but the security plus is a little bit easier than network plus. Now tell me if you're wrong. I've had both and I I found the security plus even though the topic is harder. I think the exam is easier because it's more of Knowing what they're asking, right. So it's, if you study Terms and definitions and what they do, you should be able to pass this exam.
Speaker 1:Where network plus it's, you know, because of, I guess, subnetting and binary that's in there and I be addressing it's a little bit. I find it's a little bit more difficult, though. Subnetting was really difficult for me in the Beginning. It's now, of course, easy because I've been teaching this for years and the method that I learned subnetting is is is fabulous. I Feel that network was a little bit harder Than security plus, though I did have to. I felt like I had a study more for security plus.
Speaker 1:I don't know, that's weird, but let me know if you, if you, if you agree or disagree, email me, professor J Rod J R O D at gmailcom. I want to know what you think. Did you think that those of you who have both, do you think network and security plus Were harder? I should do pole Right, that would be a good idea. Do a poll question and, of course, a lot of this stuff.
Speaker 1:Scaffold right, like the, the, the biggest mistake that I made, that I see in in people who want to change the careers and I'm all for it. Believe me, guys, you'll never get a bigger fan than me as far as you want to change career to it, regardless of what you were doing prior, right? Because I'm I believe that this is a field that has plenty of opportunities, plenty of opportunity for employment, planning of opportunities for advancement and plenty of opportunities to make money. But I find it interesting that people want to jump right away to security plus. I know that's the one that the a lot of people really, really want, especially the government. But I find that, if you, this is, this is not easy, right? So, if you know, I almost said tell my students, you know, it's like jumping in front of the line, right? You want to jump ahead in front of the line because you want to be able to say to yourself hey, this is this one out, it's gonna make me more money. And, yes, it's true, you might get hired for a job Making more money because you have the security plus.
Speaker 1:And a lot of people like to Hire people, what I call a taba roaster, like clean slate, like didn't work anywhere. You know, don't have any Other companies, bad habits, they take you and they teach you from the ground up their way. And with security plus, you have the ability to do that and that's why it's a it's a good one to have, but I've you know, since a lot of this stuff scaffolds, right, using my education background, and in what I mean by scaffold is, if you take a plus, and you take network plus and you take security plus, you're gonna see a lot of things that are the same. So by the time you get to security plus, there's a lot of things that you already know, right, and if you're taking one of these Woukamp classes that are very, very popular in this country, you and they don't have time to explain to you a lot of this stuff, right? There's an assumption that you already know this stuff and they won't go over the little stuff I Right that you supposedly learned in order to take up security plus exam, even come tears, says you have to have two years of experience in the field before you take this exam. That's what. That's what they expect, right? They expect you to have two years of experience and this in this field before Before you you be able to take it. So I don't know, it's up to you if you feel like this is, this is something that you should be doing. It's up to you. I don't, you know, if you want to jump straight to security plus, I Don't really recommend it? I recommend that you take Go through the natural a plus that were plus and then go to security plus and not Jumping straight to security plus Because you might find it very difficult. You might find it very difficult, so all right, let's, let's Continue. You got security operations given a scenario. Apply common security techniques to computing resources.
Speaker 1:They talk about security baseline Hardling targets right mode device workstation switches, routers right. How do we do that? Update right. Wireless devices installation considerations, site surveys, heat map, mobile solutions, mdm Right. Use jams Right. If you're using Apple products, the play model, bring your own device, which I absolutely hate. Bless you people who tolerate that. Wireless security Settings. They talk about WPA 3 now Right. Triple a again, radius cryptology, cryptographic protocols, authentication protocols.
Speaker 1:So explain the security, implement, take, implement implications of proper hardware, software and data asset management. So they talk about acquisition, monitoring, asset tracking, inventory, disposal, the commissioning, sanitation, destruction, certification, data retention, if you need it. I Explained various activities associated with vulnerability management, identification methods, application security. They talk about analysis, vulnerability response and remediation, patching, insurance, segmentation, compensating, control. They talk about validation of remediation, rescanning, orderly verification. Explain security alerting and monitoring concept and tools Right. They talk about monitoring computer resources, activities. Tools Right security concept, automation, benchmark agents, anti-virus, dlp's they talk about that, giving a scenario. Modify enterprise capabilities to enhance security firewall, ids, ips, right opening operating system, security group policy, sel, se, linux, dns, filtering, email security Giving a scenario.
Speaker 1:Implement and maintain Identity and access management provisioning, the provisioning of user accounts. Permission assignment and implement. Implement and permission assignments and implications. Identity proofing, single sign-on, which is very popular now. Access control, multi-factor authentication very popular now, and you in, especially with your phone. You know you can't, you can't be without your phone nowadays.
Speaker 1:Explain the importance of automation and orchestration related to security operations that's a new domain. Use case of automation and scripting, the benefits and other considerations. Explain appropriate incident response activities your processes, training, testing, group cost analysis, digital forensics Given a scenario. Use data sources to support and investigations log data, firewalls, logs, your logs, right Data resources, data sources, vulnerability scans, automation reports, etc. Security program and oversight since the last only summarize elements of effective security governance your guidelines, your policies, your standards with password access control, your procedures of change management, onboarding and offboarding Playbooks that's new external considerations regulatory, legal, industry, local, regional, national, global. That's new roles and responsibilities for system and data. Explain and that I think that's that's expanded. They had on the last exam a little bit, a little bit, but I think that has May have expanded.
Speaker 1:Explain the risk, the, the elements of risk management process risk identification, risk assessments Right. Ad hoc recurring one time. A continuous risk analysis still there, right. You expose your factor yes. Single loss expectancy, all that. Risk registers, risk tolerance, risk appetite still there, that hasn't changed, right. Business impact analysis your recovery time objective your recovery point objective still in there. Meantime to repair Hasn't changed.
Speaker 1:Explain the process associated with third-party risk assessment and management Vendor assessment, vendor selection, due diligence, conflict of interest that's new Right. Agreement types that has stays the same, uh. Vendor monitoring questionnaires rules of engagement that's new, right. They have the oh, this, right. This vendor assessment. Right to audit clause, evidence of internal audits that's new, good stuff here. Summarize, uh elements of effective security compliance your compliance reporting, consequences of non-compliance, compliance monitoring, privacy Some of this stuff is new guys. Look at that. Uh. Next 5.5. Explain the types and purpose of audits and assessments internal, external penetration testing that's still in there, right, given the scenario.
Speaker 1:Implement security practice You're phishing. Behavioral recognition, risky, unexpected, unintentional user guidelines and training. And other than that, you have policy handbook, situational awareness, insider threat, password management, removal, media and cables, social engineering, uh reporting and monitoring initial, initial and recurring development and execution. So it looks like, and all this I got from the CompTIA objectives. It's a PDF that they that they give you, uh, that you can get. You can find this online.
Speaker 1:Uh, they have a hardware and software list. Now this is new, uh for the Security Plus. Comptia has included this sample list of hardware and software to assist candidates as they prepare for the Security Plus 701, exam. This list may be helpful, helpful for training companies that wish to create a lab component for their training offering. All right, so they have equipment. They have a list of equipment tablet, laptop, web server, firewall, router, switch, ids, ips, wireless access point, virtual machines, wow, spare hardware, nic power supplies, managed switch tools, wi-fi analyzer, network map, per net flow analyzer software, windows Linux, kali Linux, packet capture software, pentesting software and others.
Speaker 1:They have a lot more than you know, than I just mentioned keyloggers, the ACP service, dns service, sample code and then others, access to cloud environment, sample network documentation and diagram and sample logs that you can use for your, you know, to practice. This is a. This is a good idea. I may be wrong, but I think that's the first time I got to look at the other ones, but I think this might be the first time that I see CompTIA do that. But, as you can see. And then they have, of course, their acronym list, which is always helpful for people who need a little bit reminder of what the acronyms are. There's a couple of pages here. We'll see anything new that pops off, but I'm sure they will be just too. Just too long to go through. Anyway, yeah, good luck to anybody who wants to take this new exam. Again, it came out November 7th and again you could still take the 601 and the 701, they're running parallel. They will run parallel until July 31st of next year.
Speaker 1:So if you're studying for your 601 now, you're on the clock, ladies and gentlemen, literally you're on the clock and you know, start doing it. You know, don't, don't. You know those of you who've taken classes or taken a camp course or a class, you know now is the time to start. You know, start studying and start planning a date where you could take the exam. And that's the key, right? You should go to Pearson View and schedule a day that you want to take the exam, right? That way you already have that mind frame set right. Oh, I'm going to take the exam, you know February 15th, right, and then you could always move the date, right I think it's only four hours in advance If you're not comfortable or you're not ready. But the important thing is setting a date right and you could still take the 601 and you know you don't have to worry and it's still going to be valid, right? Nobody really asks you.
Speaker 1:I think the only people who really care about what exams that you, that you have for Security Plus, is really like trainers, right, if you're training for this, if they're hiring you as a trainer to teach Security Plus, a lot of companies want you to have the newest exam. Some they don't care, but a lot of them do. So if you, if you're taking, if you're teaching this, you might have to take this exam. But most people don't. You know, most companies don't care.
Speaker 1:Security Plus is Security Plus, so they're going to end up training you anyway. So you know, if you can take the first one the 601, if that's the one that you're going to take, no harm, no foul. No one's going to tell you like, oh, I'm not going to hire you because you don't have the 701. That's not going to happen. They're still going to hire you because they it's still valid. So again, other than me, no one's going to ask you how you, what was your score. So there's that All right. So that's going to put a bow on on this episode today. I want to thank everyone for listening and I want to wish a very happy Thanksgiving. Spend some time with your family, eat a lot of turkey and we'll see you next time. This has been our Little Chacha Productions, part by Sarah. Music by Joe Kim. If you want to reach me, you can email me at professorjrodsjrodcom, also on Instagram at professorjrod.