# SEC+ preparation #1

## INTRO

After finishing all of the books and making a short break it’s time to prepare for Sec+ certification.

I use [Sec+ bootcamp](https://www.hackers-arise.com/security) at hackers-arise as first step. It’s a really good place to learn. Master OTW is professional and a really good teacher. I really enjoyed the books that I’ve red and did practice tasks.

The books that I’ve already finished are:

1. Linux Basics for Hackers
    
2. Network Basics for Hackers
    
3. Getting Started Becoming a Master Hacker
    

The knowledge that I’ve acquired is priceless. I really like the vision to the Cybersecurity world now, after finishing those books.

My plan was to first read these books to get the knowledge necessary for a decent understanding.

Preparation for the Sec+ is going to be easier after those books.

Let’s begin.

First lesson is a grasp about what I’m going to learn.

I’ll write blogs as a knowledge base for myself before taking exam.

Hope it’ll be interesting for readers to follow my cyber journey.

## DOMAIN 1: General Security Concepts

### Talking about security

If we talk about security we have 3 objectives:

1. Confidentiality
    
2. Integrity
    
3. Availability
    
    Or CIA as an acronym.
    

Usually we cannot optimize all 3 of them. When we try to optimize one, we loose the other.

### Concepts

Obfuscation - attacker tries to keep away the understanding of what the attack is doing. It usually happens in really good attacks.

## Domain 2: Threats, Vulnerabilities and Mitigations

* There are people who want to make as much money as they can while hacking. They’re called cyber criminals. Good example of this are ransomware attacks.
    
* Not all people are interested in money. They are called APT (Advanced Persistent Threat). Usually these are governments which are attacking. Their objectives are usually national secrets.
    
* Some of the Chinese hackers are seeking for intellectual property.
    
* Chinese also after the information about the public. Maybe it is a long term strategy, who knows.
    

## Domain 3: Security Architecture

* Compare security implications of different architecture models.
    
    * What does your network look like?
        
    * Building LANs and systems.
        
* Apply security principles.
    
* On the exam they’ll ask - What would be the best architecture option for this scenario?
    
* Compare concepts and strategies to protect data.
    
* Explain the importance of recovery.
    

### Concepts

Resilience - ability do withstand the attack. (one of the tactics is to have multiple websites. For example like Hackers-Arise does). Redundancy (more than 1) gives you resilience. Backups is also an option.

## Domain 4: Security Operations

* Common security techniques.
    
* Vulnerability Management
    
* Security alerting tools and concepts. SIEM and stuff.
    
* Modifying enterprise capabilities to enhance security.
    
* Access Management
    
* Importance of automation.
    
* Incident response
    
* Data sources for investigation.
    

## Domain 5: Security Program Management and Oversight

* How to maximize the efficiency of security in organization.
    
* Elements of effective security
    
* Elements of risk management process (**usually it is more difficult topic, keep in mind**)
    
* Types and purposes of audits. (audit is kind of a test for security)
    
    * There’s an industry of Cyber security auditors. It’s very lucrative career. If it’s your thing, it’s really nice career. You’ll probably work in a big organizations as a consultant.
        
* Implement security practices. (it’s an important topic)
    
    * Social engineering
        
    * Making aware the users about available scenarios.
        
    * Security awareness are organized every 6 months.
        

### Outro

See you in the next lesson blog.
