Description

Overview

Together with CompTIA A+ and Network+, the Security+ certification is one of the must have foundational certifications for IT professionals. Organizations place a high value on the CompTIA Security+ certification because it focuses on industry-wide information assurance topics, like systems and network security, network infrastructure, access control, assessments and audits, cryptography, and organizational security.

Surveys of organizations prove that they choose Security+ professionals over other certifications because this certification reinforces an individual’s baseline security skills and fulfils the DoD 8570 compliance requirement. Banks, software companies, and hundreds of other industries trust individuals with this certification to secure systems, software and hardware.

Individuals who study Security+ will learn how to analyze an enterprise environment and make recommendations for security solutions, including cloud, mobile, and IoT. They’ll also gain a solid understanding and awareness of applicable laws and policies, including principles of governance, and risk and compliance while identifying, analyzing, and responding to security incidents and perceived threats.

  • 28:46:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

Course Details

Objectives

  • Assess the Cyber Security posture of an enterprise environment
  • Recommend and implement appropriate Cyber Security solutions
  • Monitor and secure hybrid environments
  • Operate with an awareness of applicable laws and policies
  • Identify, analyze and respond to Cyber Security events and incidents
  • How to utilize appropriate data sources to support an investigation
  • How to use mitigation techniques or controls to secure an environment
  • How to compare various types of controls

Audience

  • Junior IT professionals whose job responsibilities include securing network services, devices, and data confidentiality.
  • Network administrators, IT support professionals, systems administrators and IT managers who wish to advance their career and become cyber security experts.
  • Individuals building the foundation required for more advanced cyber security certifications such CompTIA CySA+, PenTest+ and CASP+.

Prerequisites

  • Before starting your journey to become CompTIA Security+ certified, we recommend that you meet the following prerequisites:

Prior to starting Security+ exam preparation

  • CompTIA A+ and Network+ certification.
  • 1 year experience as an IT professional.

Prior to taking the CompTIA Security+ exam:

  • 2 years of hands-on experience in IT administration with a security focus.
  • Completion of ourCompTIA Security+ training program.
  • Thorough understanding of all topics detailed in the exam objectives.

Course Outline

The Security+ curriculum covers threats, attacks, and vulnerabilities; architecture and design; implementation; operations and incident response; and governance, risk, and compliance. Each piece of the curriculum builds on the other and creates a strong foundation to pass the certification exam.

Threats, Attacks, and Vulnerabilities

  • Compare and contrast different types of social engineering techniques.
  • Given a scenario, analyze potential indicators to determine the type of attack.
  • Given a scenario, analyze potential indicators associated with application attacks.
  • Given a scenario, analyze potential indicators associated with network attacks.
  • Explain different threat actors, vectors, and intelligence sources.
  • Explain the security concerns associated with various types of vulnerabilities.
  • Summarize the techniques used in security assessments.
  • Explain the techniques used in penetration testing.

Architecture and Design

  • Explain the importance of security concepts in an enterprise environment.
  • Summarize virtualization and cloud computing concepts.
  • Summarize secure application development, deployment, and automation concepts.
  • Summarize authentication and authorization design concepts.
  • Given a scenario, implement Cyber Security
  • Explain the security implications of embedded and specialized systems.
  • Explain the importance of physical security controls.
  • Summarize the basics of cryptographic concepts.

Implementation

  • Given a scenario, implement secure protocols.
  • Given a scenario, implement host or application security solutions.
  • Given a scenario, implement secure network designs.
  • Given a scenario, install and configure wireless security settings.
  • Given a scenario, implement secure mobile solutions.
  • Given a scenario, apply Cyber Security solutions to the cloud.
  • Given a scenario, implement identity and account management controls.
  • Given a scenario, implement authentication and authorization solutions.
  • Given a scenario, implement public key infrastructure.

Operations and Incident Response

  • Given a scenario, use the appropriate tool to assess organizational security.
  • Summarize the importance of policies, processes, and procedures for incident response.
  • Given an incident, utilize appropriate data sources to support an investigation.
  • Given an incident, apply mitigation techniques or controls to secure an environment.
  • Explain the key aspects of digital forensics.

Governance, Risk, and Compliance

  • Compare and contrast various types of controls.
  • Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.
  • Explain the importance of policies to organizational security.
  • Summarize risk management processes and concepts.
  • Explain privacy and sensitive data concepts in relation to security.

Top of Form

THREATS ATTACKS AND VULNERABILITIES

  • Overview
  • Social Engineering Techniques
  • Malware
  • Password Attacks – Types
  • Password Attacks – Tools
  • Application Attacks – Injections
  • Application Attacks – System Resources
  • Application Attacks – XSS And XSRF
  • Application Attacks – Replay Attacks
  • Network Attacks – DNS Attacks
  • Network Attacks – Layer 2 Attacks
  • Network Attacks – DoS And DDoS
  • Network Attacks – MiTM And MiTB
  • Network Attacks – Wireless
  • Vulnerabilities
  • Threat Intelligence – OSINT
  • Threat Intelligence – Threat Maps And Feeds
  • Threat Intelligence Vulnerability Databases Feed
  • Threat Actors And Vectors

CRYPTOGRAPHY

  • Cryptography Concepts
  • Encryption And Steganography
  • Hashing
  • Symmetric Vs. Asymmetric Encryption
  • Secure Protocols
  • Keys
  • PKI Concepts
  • Certificates
  • IPSec

IDENTITY AND ACCESS MANAGEMENT

  • Authentication And Authorization
  • Authentication Methods
  • Additional Authentication Methods
  • Biometrics
  • Authentication Protocols – PAP And CHAP
  • Authentication Protocols – EAP And 802.1X
  • Authentication Protocols – RADIUS And TACACS
  • Authentication Protocols – Kerberos
  • Access Control Schemes
  • Account Management – Account Types
  • Account Management – Password Policies
  • Account Management – Account Policies

IMPLEMENTING SECURITY

  • Application Security
  • Physical Security
  • Wireless Security
  • Secure Data Destruction
  • Host Security – Endpoint Protection
  • Host Security – Hardening
  • Mobile Device Deployment
  • Mobile Device Management And Enforcement
  • Mobile Device Connections
  • Specialized Systems
  • Network Security – Segmentation
  • Network Security – VPNs
  • Network Security – Proxies And Load Balancing
  • Network Security – Port Security
  • Network Security – Firewalls
  • Network Security – NIDS And NIPS

CLOUD AND VIRTUALIZATION

  • Virtualization
  • Cloud Concepts
  • Cloud Services
  • Cloud Models
  • Computing Types
  • Cloud Security Controls

OPERATIONAL RESILIENCY

  • Hardware Redundancy
  • Site Redundancy
  • Non-Persistence Concepts
  • Backup And Recovery

OPERATIONAL SECURITY AND INCIDENT RESPONSE

  • Network Reconnaissance And Discovery
  • Packet Capture And Replay
  • Vulnerability Scans
  • SIEM And SOAR Systems
  • Pentesting Techniques
  • Pentesting Exercise Types
  • Digital Forensics Concepts
  • Investigational Data Sources
  • Incident Response Process
  • Incident Response Plans
  • Attack Frameworks

GOVERNANCE RISK AND COMPLIANCE

  • Security Controls
  • Regulations, Standards And Frameworks
  • Spotlight On General Data Protection Regulation
  • Organizational Security Policies – Personnel
  • Organizational Security Policies – 3rd Party Risk
  • Organizational Security Policies – Data
  • Organizational Security Policies – Other Areas
  • Risk Management Concepts – Vocabulary
  • Risk Management Concepts – Types & Strategies
  • Risk Management Concepts – Risk Analysis
  • Risk Management Concepts Business Impact Analysis
  • Privacy And Data Sensitivity Breaches & Data Types
  • Privacy, Data Sensitivity – Privacy Enhancing Tech
  • Privacy, Data Sensitivity, Roles, Responsibilities
  • Privacy And Data Sensitivity – Other Areas