CompTIA Security+ SY0-601 Domain 4 Operation and Incident Response
                     CompTIA Security+ SY0-601 Domain 4: 
Operation and Incident Response
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Security+ SY0-601 Domains
The new version of Security+ SY0-601 has 5 domains:
www.infosectrain.com | [email protected]
•Domain 1.0: Attacks, Threats, and Vulnerabilities (24%)
•Domain 2.0: Architecture and Design (21%)
•Domain 3.0: Implementation (25%)
•Domain 4.0: Operations and Incident Response (16%)
•Domain 5.0: Governance, Risk, and Compliance (14%)
In this blog, we discuss domain 4.0 Operations and Incident 
Response.
www.infosectrain.com | [email protected]
Operations and Incident Response
This domain focuses on the security specialist’s responsibility in incident 
response. Everything from incident response to disaster recovery and 
business continuity is covered in this domain. Both technical and 
administrative subjects are included in the examination. It not only includes 
forensics, network reconnaissance, and discovery ideas, and the capacity to 
configure systems for incident mitigation, but it also includes the planning 
phase, which includes everything from tabletop exercises and simulations to 
the development of strategies. This domain covers 16% of weightage in the 
examination.
The topics covered in security+ domain 4.0 are listed below:
1.Given a scenario, use the appropriate tool to assess organizational security
2.Summarize the importance of policies, processes, and procedures for 
incident response
3.Given an incident, utilize appropriate data sources to support an 
investigation
4.Given an incident, apply mitigation techniques or controls to secure an 
environment
5.Explain the key aspects of digital forensics
www.infosectrain.com | [email protected]
1. Given a scenario, use the appropriate tool to assess 
organizational security
In this lesson, we will cover various topics and their subtopics. 
The very first topic we will understand is Network 
reconnaissance and discovery. In this topic, we will learn how 
to work tracert/traceroute, nslookup/dig, ipconfig/ifconfig, 
nmap, ping/pathping, hping, netstat, netcat, IP scanners, arp, 
route, curl, theHarvester, sn1per, scanless – dnsenum, Nessus, 
Cuckoo. We learn how to do file manipulation and its 
commands like head, tail, cat, grep, chmod, logger. We explore 
concepts like forensic and commands, dd, Memdump, WinHex, 
FTK imager, Autopsy. We will also understand Exploitation 
frameworks, Password crackers, Data sanitization.
www.infosectrain.com | [email protected]
2. Summarize the importance of policies, processes, and procedures for 
incident response
In this subdomain, we understand the Incident response process. Inside 
this Incident response process, we cover the following subtopics:
•Preparation
•Identification
•Containment
•Eradication
•Recovery
•Lessons learned
We understand the Attack frameworks:
•MITRE ATT&CK
•The Diamond Model of Intrusion Analysis
•Cyber Kill Chain
We also cover the concept of Stakeholder management, Communication 
plan, Disaster recovery plan, Business continuity plan, Continuity of 
operations planning (COOP), Incident response team, and Retention 
policies.
www.infosectrain.com | [email protected]
3. Given an incident, utilize appropriate data sources to 
support an investigation
In this subdomain, we will learn about how Vulnerability 
scan output works. Understand SIEM dashboards and the 
following subtopics:
•Sensor
•Sensitivity
•Trends
•Alerts
•Correlation
www.infosectrain.com | [email protected]
We will learn about Log files. Inside Log files, we cover the 
following subtopics:
•Network
•System
•Application
•Security
•Web
•DNS
•Authentication
•Dump files
•VoIP and call managers
•Session Initiation Protocol (SIP) traffic
We also cover Metadata, Netflow/sFlow, Protocol analyzer 
output.
www.infosectrain.com | [email protected]
4. Given an incident, apply mitigation techniques or 
controls to secure an environment
In this lesson, we will get familiar with reconfigure endpoint 
security solutions. Inside this we will cover the following 
subtopics:
•Application approved list
•Application blocklist/deny list
•Quarantine
Explain Configuration changes  and  subtopics are:
Firewall rules
MDM
DLP
Content filter/URL filter
Update or revoke certificates
Also, understand Isolation, Containment, Segmentation, 
SOAR concepts.
www.infosectrain.com | [email protected]
5. Explain the key aspects of digital forensics
Whereas incident response focuses on eradicating malicious 
activity as soon as possible, digital forensics needs patient 
acquisition, preservation, and examination of evidence using 
verified methodologies. In this subdomain, we will learn basic 
concepts of digital forensics, explain documentation, evidence, 
and admissibility. Inside this we will cover the following 
subtopics:
•Legal hold
•Chain of custody
•Timelines
•Event Logs and Network Traffic
www.infosectrain.com | [email protected]
We understand E-discovery, Preservation, Data 
recovery, Non-repudiation, Strategic 
intelligence/counterintelligence. We will get familiar 
with Data Acquisition and subtopics like Order of 
volatility, Disk, Random-access memory (RAM), 
Swap/pagefile, OS, Device, Firmware, Network, 
Artifacts. Concept of on-premises vs cloud, Right to 
audit clauses, Regulation/jurisdiction, Data breach 
notification laws. We will also cover Integrity, Hashing, 
Checksums, Provenance.
www.infosectrain.com | [email protected]
Learn Security+ With Us
InfosecTrain is a leading provider of IT security training and 
consulting organization, focusing on a wide range of IT 
security training. The training sessions will be delivered by 
highly qualified and professional trainers with years of 
industry experience whom you can easily interact with and 
solve your doubts anytime. If you are interested and looking 
for live online training, InfosecTrain provides the best online 
security+ certification training. You can check and enroll in 
our CompTIA Security+ Online Certification Training to 
prepare for the certification exam.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com