Scribd
Upload
5 views3 pages

Secure An Environment

Module 4 of the CompTIA Security+ Certification SY0-601 training focuses on securing an environment through various mitigation techniques, including firewall rules, data loss prevention, and email content filtering. It emphasizes the importance of endpoint mitigation strategies like application whitelisting and patch management, as well as the role of security automation and SOAR solutions in managing security operations. The module outlines methods for isolating devices and restricting access to enhance overall security posture.

Uploaded by

vyasmeet2304
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
5 views3 pages

Secure An Environment

Module 4 of the CompTIA Security+ Certification SY0-601 training focuses on securing an environment through various mitigation techniques, including firewall rules, data loss prevention, and email content filtering. It emphasizes the importance of endpoint mitigation strategies like application whitelisting and patch management, as well as the role of security automation and SOAR solutions in managing security operations. The module outlines methods for isolating devices and restricting access to enhance overall security posture.

Uploaded by

vyasmeet2304
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 3
SYO-601 peeeeeee Complete Training Course Module 04 Module 4: Secure an Environment — 04/05 Device Mitigation Techniques Firewall Rules - Changes to allowed ingress and egress traffic Data Loss Prevention ~ Catalogue and run updates to prevent data exfiltration Email Content Filtering — Limited allowed attachment types, sanitize hyperlinks and documents Web Content Filtering ~ Content fitering based on domain health and reputation Restrict | Block Admin Privileges ~ Restrict or Remove admin privileges, local admins etc. Linn, Security+ Nats Zone Mitiga' Isolation + Disconnect device from network + Disconnect the network from other trusted or untrusted networks n Techniques Sandbox - Setup non-persistent virtualized sandboxed environment for risky activities Segmentation + Constrain devices with low assurance like BYOD and loT + Restrict user access to network drives and data repositories based on duties CompTIA Security+ Certification - SY0-601 Training Module 4: Secure an Environment — 04/05 Endpoint Mitigation Techniques Applications Allow / Approved List - Selected approved applications based on extensions Application Block / Deny List ~ Allows all applications to run unless the ones in block list Quarantine ~ Storage area to isolate infected / suspicious files which were not cleaned at the time of detection Patch OS and Application - Keeping systerns updated with latest patches to avoid any ‘vulnerabilities Linn, Security+ Natisd Security Automation ‘Automatic handling of security operations related tasks like scanning for vulnerabilities or searching for logs without human intervention + Automation is critical when volume of tasks is overwhelming + Automation allows the security professionals to focus on solving problems which requires human intervention SOAR SOAR (Security, Orchestration, Automation, Response) solutions and tools to automate mitigation techniques + SOAR response “runbook” consists of series of conditional steps to perform actions lke threat containment, sending notifications and alerts as part of security operations process CompTIA Security+ Certification - SY0-601 Training

You might also like