Category: SY0-501 Security+

Security+ SY0-501 Domain 3 Architecture and Design: A look into Proper Input Validation

(By: Guy Nguyen-Phuoc on March 3, 2021) Introduction The best way to stop a disaster is to prepare for it and cyber disasters are no different. Architecture and design, defined by the SY0-501 as, “the practice of checking data for validity before using it”. The act of input validation helps prevent an attacker from sending […]

Security+ SY0-501 Domain 4 Identity and Access Management: A look into common account management practices

(By: Guy Nguyen-Phuoc on October 16, 2020) Introduction In 2016, the Central Intelligence Agency (CIA) experienced a data breach containing up to 34 terabytes of data (34,000,000,000,000 bytes) [1]. Later dubbed as “Vault 7”, these collections of documents (including classified data on cyber tools) were published on WikiLeaks, March 2017 [2]. After internal investigations it […]

Security+ SY0-501 Domain 2 Technologies and Tools: a look into weak security configurations

(By: Guy Nguyen-Phuoc on October 16, 2020) Introduction CISA (Cybersecurity & Infrastructure Security Agency) released an alert from their National Cyber Awareness System on April 29, 2020 for, “Microsoft Office 365 Security Recommendations”. This response is due to a massive surge in a “work from home” workforce. Such an abrupt change demanded rapid deployment of […]

Security+ SY0-501 Domain 6 Cryptography and PKI: A look into AES and Encryption

(By: Guy Nguyen-Phuoc on October 16, 2020) Introduction April 20, 2020. The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform) [1]. This is in response to the security issues plaguing the app [zoom] with concerns for […]