CompTIA Security SY0 601 Domain 2 Architecture and Design
                     CompTIA Security+ SY0-601 Domain 2: 
Architecture and Design
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Security+SY0-601 Domains
www.infosectrain.com | [email protected]
The latest version of Security+ SY0-601 have 5 Domains:
•Domain 1.0: Attacks, Threats, and Vulnerabilities (24%)
•Domain 2.0: Architecture and Design (21%)
•Domain 3.0: Implementation (25%)
•Domain 4.0: Operations and Incident Response (16%)
•Domain 5.0: Governance, Risk, and Compliance (14%)
In this blog, we discuss the second domain, Architecture and 
Design.
www.infosectrain.com | [email protected]
Architecture and Design
A well-managed Information Security environment depends heavily on 
architecture and design. This domain will show you how to put security 
measures into effect and establish a safe working environment for your 
organization. The weightage of this domain is 21%. The subtopics covered 
in this domain are listed below.
1.Importance of security concepts in an enterprise environment.
2.Virtualization and cloud computing concepts.
3.Secure application development, deployment, and automation concepts.
4.Authentication and authorization design concepts.
5.Implement cybersecurity resilience.
6.Security implications of embedded and specialized systems.
7.Importance of physical security controls.
www.infosectrain.com | [email protected]
Importance of security concepts in an enterprise environment
In this part, we will learn Configuration management and its 
subtopics Diagrams, Baseline Configuration, Standard naming conventions, 
Internet protocol schema.
We cover Data sovereignty, Data protection, Geographical considerations, 
Response and recovery controls, SSL (Secure Sockets Layer)/ TLS (Transport 
Layer Security) inspection, API considerations, Site resiliency- Hot site- Cold 
site- Warm site, and we understand Deception and disruption concept
•Honeypots
•Honeyfiles
•Honeynets
•Fake Telemetry
•DNS Sinkhole
www.infosectrain.com | [email protected]
Virtualization and Cloud Computing Concepts: The core premise behind 
cloud computing is that you’ll access and control your applications and data from 
any computer, everywhere in the world, while virtualization hides or abstracts the 
storage technique and location.
To conduct a breach in a cloud, a hacker just requires a good Internet connection 
and a dictionary of obtained password hashes or SSH (Secure Shell) keys. A lack of 
supervision in cloud providers’ security processes can greatly raise a business’s 
danger.
As a security expert, you should be able to analyze the dangers and weaknesses 
associated with cloud service and delivery models, as well as the virtualization 
technologies that support them.
So in this part, we cover Cloud Service Models- Infrastructure as a Service (laaS), 
Software as a Service (SaaS), Platform as a Service (PaaS). We understand 
Virtualization Technologies concepts, VM Escape protection, VM Sprawl 
Avoidance, Cloud Security Controls, and we cover Infrastructure as Code.
www.infosectrain.com | [email protected]
Secure Application Development, Deployment, and Automation 
Concepts: Development (programming and scripting) is at the foundation 
of secure network administration and management, including automation 
techniques for durability, disaster recovery, and incident response. Along 
with your career, secure application development will become increasingly 
important. In this lesson, we will cover Secure Coding Techniques- Input 
validation, Normalization, and Output Encoding, Server-side and Client-side 
Validation, Data Exposure and Memory Management, Software development 
kit (SDK), Stored procedures. We understand what Automation is and what it 
provides? Scalability, Elasticity. We also cover a Secure Application 
Development Environment- Development, Test, Staging, Production. In 
Automation/scripting we learn deeply Automated courses of action, 
Continuous Monitoring, Continuous Validation, Continuous Integration, 
Continuous Delivery, Continuous deployment.
www.infosectrain.com | [email protected]
Authentication and authorization design concepts: In this lesson, we will 
learn Authentication Methods, Biometrics concepts, Multi-Factor 
Authentication Factors, Authentication Attributes, we also cover AAA 
(Authentication, Authorization, and Accounting) and Cloud versus On-premises 
Requirements. In Authentication Methods, we cover Directory Services, 
Federation, Attestation, Smart Card Authentication, Authentication 
Technologies like- TOTP (Time-based One- time password), HOTP (HMAC-based 
one-time password), Short message service (SMS), Token key, Static codes, 
Authentication applications, Push notifications, Phone call. In Biometrics we 
learn how it works and about its various topics like Fingerprint, Retina, Iris, 
Facial, Voice, Vein, Gait analysis, Efficacy rates, False acceptance, False rejection, 
Crossover error rate. In the Authentication Factor, we learn some 
authentication factors which ensure that the account can only be used by the 
account user. The factors are Something you know, Something you have, 
Something you are. And in Authentication Attributes, we cover Somewhere you 
are, Something you can do, Something you exhibit, Someone you know.
www.infosectrain.com | [email protected]
Implement cybersecurity resilience: In this lesson, we learn how to 
secure the whole organization. The topics we cover inside this are 
Redundancy, Replication, Backup types, Non-persistence, High 
availability, Scalability, Restoration order, Diversity. Let’s see what sub-
topics we will learn, in Redundancy we cover, Geographic dispersal, Disk,  
Redundant array of inexpensive disks (RAID) levels, Multipath, Network, 
Load balancers, Network interface card (NIC) teaming, Power, 
Uninterruptible power supply (UPS), Generator, Dual supply, Managed 
power distribution units (PDUs). Inside Replication, we learn Storage area 
networks and VM. In Backup, we understand types of backup like Full, 
Incremental, Snapshot, Differential, Tape, Disk, Copy, Network-attached 
storage (NAS), Storage area network, Cloud, Image, Online and offline, 
Offsite storage, Distance considerations.
www.infosectrain.com | [email protected]
Security implications of embedded and specialized systems: In 
this lesson, we learn Embedded systems, Specialized, Supervisory control 
and data acquisition (SCADA)/industrial control system (ICS), Supervisory 
control and data acquisition (SCADA)/industrial control system (ICS), 
Communication considerations, Constraints, Voice over IP (VoIP), Heating, 
ventilation, air conditioning (HVAC), Drones, Multifunction printer (MFP), 
Real-time operating system (RTOS), Surveillance systems, System on chip 
(SoC). In Embedded Systems we cover Raspberry Pi, Field-programmable 
gate array (FPGA), Arduino. In Specialized we cover Medical systems, 
Vehicles, Aircraft, Smart meters. Inside the Internet of Things (IoT) we 
learn about, Sensors, Smart devices, Wearables, Facility automation, 
Weak defaults.
www.infosectrain.com | [email protected]
Importance of physical security controls : In this lesson, we will learn about 
the importance of physical security. This part will clear your concepts on 
Bollards/barricades, Access control vestibules, Badges, Alarms, Signage, Cameras, 
USB data blocker, Lighting, Fencing, Fire suppression, Sensors, Drones, Visitor logs, 
Faraday cages, Air gap, Screened subnet (previously known as demilitarized zone), 
Protected cable distribution, Secure data destruction. Inside Sensors, we cover 
Motion detection, Noise detection, Proximity reader, Moisture detection, Cards, 
Temperature. We also cover secure data destruction sub-topics like Burning, 
Shredding, Pulping, Pulverizing, Degaussing, Third-party solutions.
Learn Security+ With Us
Infosec Train is a leading provider of IT security training and consulting 
organizations. We have certified and experienced trainers in our team whom you 
can easily interact with and solve your doubts anytime. If you are interested and 
looking for live online training, Infosec Train provides the best online security+ 
certification training. You can check and enroll in our CompTIA
 Security+ Online Certification Training to prepare for the certification exam.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com