ClickCease
Elysium Academy

Elysium Spark Notes

CompTIA Security+

1.Security Basics

1.1 CIA Triad  
Concept Description
Confidentiality Protecting data from unauthorized access (Encryption, Access Control)
Integrity Ensuring data is unaltered (Hashes, Digital Signatures)
Availability Ensuring uptime and accessibility (Backups, Redundancy)
1.2 Security Controls  
Type Description Example
Administrative Policies and training Security policies, awareness training
Technical Technology-based security Firewalls, antivirus, encryption
Physical Protects hardware & facilities Locks, security cameras, fences

2.Threats, Attacks, and Vulnerabilities

2.1 Common Cyber Attacks  
Attack Type Description
Phishing Deceptive emails to steal credentials
Spear Phishing Targeted phishing attack
Smishing SMS-based phishing
Vishing Phone-based phishing
MITM (Man-in-the-Middle) Intercepting communication
DDoS (Distributed Denial of Service) Overwhelming a system with traffic
SQL Injection Injecting SQL commands to manipulate databases
XSS (Cross-Site Scripting) Injecting malicious scripts into web pages
Zero-Day Attack Exploiting an unknown vulnerability
2.2 Malware Types  
Type Description
Virus Attaches to files and spreads
Worm Self-replicating malware
Trojan Disguised as legitimate software
Spyware Secretly gathers information
Ransomware Encrypts files for ransom
Rootkit Hides system-level access

3.Risk Management

3.1 Risk Terminology  
Term Definition
Threat A potential danger
Vulnerability Weakness that can be exploited
Risk Likelihood of a threat exploiting a vulnerability
Mitigation Reducing the impact of risk
3.2 Risk Assessment Types  
Type Description
Qualitative Subjective risk evaluation (e.g., high, medium, low)
Quantitative Uses numerical values (e.g., $$ impact)
  4.Identity and Access Management (IAM) 4.1 Authentication Factors  
Factor Example
Something You Know Password, PIN
Something You Have Smart card, Token
Something You Are Biometrics (Fingerprint, Retina scan)
Somewhere You Are Geolocation-based access
Something You Do Typing patterns, Gait recognition
4.2 Access Control Models  
Model Description
MAC (Mandatory Access Control) Strict access control (Used in military)
DAC (Discretionary Access Control) Owner controls access (Used in small businesses)
RBAC (Role-Based Access Control) Access based on job role
ABAC (Attribute-Based Access Control) Access based on multiple attributes (Time, Location)
4.3 Account Security Best Practices
  • Use Multi-Factor Authentication (MFA).
  • Enforce Least Privilege (Users get minimal access required).
  • Regularly review access permissions.
  • Use strong passwords (12+ characters, mix of uppercase/lowercase, numbers, symbols)

5.Cryptography & PKI

5.1 Encryption Types  
Type Description Example
Symmetric Uses a single key AES, DES
Asymmetric Uses a public/private key pair RSA, ECC
Hashing One-way transformation SHA-256, MD5
5.2 Digital Signatures
  • Provides Integrity, Authentication, Non-Repudiation.
  • Uses Asymmetric Encryption (Private key signs, Public key verifies)
5.3 PKI (Public Key Infrastructure)  
Component Function
CA (Certificate Authority) Issues digital certificates
CSR (Certificate Signing Request) Request for a certificate
CRL (Certificate Revocation List) Lists revoked certificates
OCSP (Online Certificate Status Protocol) Checks certificate status in real-time

6.Network Security

6.1 Security Devices  
Device Function
Firewall Blocks unauthorized traffic
IDS (Intrusion Detection System) Detects attacks
IPS (Intrusion Prevention System) Blocks attacks
Proxy Server Acts as an intermediary between user and internet
6.2 Wireless Security
  • Use WPA3 (Stronger than WPA2, WEP).
  • Disable WPS (Weak security mechanism).
  • Change default SSID and passwords

7.Security Operations

7.1 Incident Response Steps  
Step Description
Preparation Establish security policies, training
Identification Detect potential incidents
Containment Isolate affected systems
Eradication Remove the threat
Recovery Restore systems to normal
Lessons Learned Document findings for improvement
7.2 Disaster Recovery Strategies  
Strategy Description
Backup Copies of data for recovery
RAID Disk redundancy (RAID 1, RAID 5)
Hot Site Fully operational alternate location
Cold Site Empty facility ready for setup
BCP (Business Continuity Plan) Ensures business operations continue

8.Security Policies & Compliance

8.1 Security Frameworks  
Framework Purpose
NIST Cybersecurity best practices
ISO 27001 Information security management
COBIT IT governance framework
8.2 Compliance Regulations  
Regulation Description
GDPR Data protection in Europe
HIPAA Health data security in the U.S.
PCI-DSS Protects credit card data

9.Common Commands for Security+

Windows Commands
Copy Code 


ipconfig /all   # View network settings

netstat -an     # Show active connections

tasklist        # Display running processes
Linux Commands
Copy Code 


ifconfig         # Show IP settings

nmap -sV 192.168.1.1  # Scan open ports

sudo john hash.txt  # Crack password hashes

10.Security+ Exam Tips

  • Understand concepts instead of memorizing.
  • Use CompTIA Security+ practice exams.
  • Know the differences between encryption types.
  • Learn real-world security applications.

11.Security Fundamentals

CIA Triad
Principle Description Example
Confidentiality Protects data from unauthorized access Encryption, Access Control
Integrity Ensures data is accurate and unaltered Hashing, Digital Signatures
Availability Ensures data is accessible when needed Backups, Redundancy
 
Download Elysium Spark Note
Facebook
X
LinkedIn
Pinterest
WhatsApp
Hero-Shape-3
shape-10
Hero-Shape-18
Hero-Shape-1

Obtain Your Accredited Skills Certification With Elysium Academy

Get started now

Elysium Academy provides students with highly effective coaching classes, delivered through immersive classroom sessions and the best teaching methodologies designed to yield valuable results. We take great pride in our identity and are honored to be a part of your business journey.

Icon-facebook Icon-linkedin2 Icon-instagram Pinterest X-twitter Icon-youtube

Company

Student Zone

Elysium Academy provides students with highly effective coaching classes, delivered through immersive classroom sessions and the best teaching methodologies designed to yield valuable results. We take great pride in our identity and are honored to be a part of your business journey.

Icon-facebook Icon-linkedin2 Icon-instagram Pinterest X-twitter Icon-youtube

Company

Student Zone

Our Branch Locations

Copyright © Elysium Academy 2025 | A Part of Elysium Group of Companies