CompTIA Security+ Certification | CTU Training Solutions
Loading...
ONLINE APPLICATION
×

CompTIA Security+

CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT. The CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT. Security threats are increasing in number and severity, and the gap between the need for security professionals and qualified IT personnel is the largest of any IT specialty, according to a 2008 CompTIA study. Even in a troubled economy, most businesses plan to maintain or increase their investment in security.
Duration: 5 Days   |   Location : Online
Course Prerequisites:
CompTIA A+ and Network+
Request A Quote View CompTIA Roadmap

Virtual Interactive Lecturer-led Teaching (VILT)

Virtual instruction environments are designed to simulate the traditional classroom or learning experience. Instructor-led training is still the number one delivery method of choice because it allows you to interact and discuss the training material, either individually or in a group setting, and you gain access to expert knowledge from certified instructors. This form of guided learning is impactful and produces positive learning outcomes. Day, evening and Saturday classes are offered.

Course Content

1.0 Network Security

1.1 Implement security configuration parameters on network devices and other technologies.

  • Firewalls
  • Routers
  • Switches
  • Load Balancers
  • Proxies
  • Web security gateways
  • VPN concentrators
  • NIDS and NIPS
  • Behavior based
  • Signature based
  • Anomaly based
  • Heuristic
  • Protocol analyzers
  • Spam filter
  • UTM security appliances
  • URL filter
  • Content inspection
  • Malware inspection
  • Web application firewall vs. network firewall
  • Application aware devices
  • Firewalls
  • IPS
  • IDS
  • Proxies

See fewer details

1.2 Given a scenario, use secure network administration principles.

  • Rule-based management
  • Firewall rules
  • VLAN management
  • Secure router configuration
  • Access control lists
  • Port Security
  • 802.1x
  • Flood guards
  • Loop protection
  • Implicit deny
  • Network separation
  • Log analysis
  • Unified Threat Management

+ See more details

1.3 Explain network design elements and components.

  • DMZ
  • Subnetting
  • VLAN
  • NAT
  • Remote Access
  • Telephony
  • NAC
  • Virtualization
  • Cloud Computing
  • Platform as a Service
  • Software as a Service
  • Infrastructure as a Service
  • Private
  • Public
  • Hybrid
  • Community
  • Layered security / Defense in depth

+ See more details

1.4 Given a scenario, implement common protocols and services.

  • Protocols
  • IPSec
  • SNMP
  • SSH
  • DNS
  • TLS
  • SSL
  • TCP/IP
  • FTPS
  • HTTPS
  • SCP
  • ICMP
  • IPv4
  • IPv6
  • iSCSI
  • Fibre Channel
  • FCoE
  • FTP
  • SFTP
  • TFTP
  • TELNET
  • HTTP
  • NetBIOS
  • Ports
  • 21
  • 22
  • 25
  • 53
  • 80
  • 110
  • 139
  • 143
  • 443
  • 3389
  • OSI relevance

+ See more details

1.5 Given a scenario, troubleshoot security issues related to wireless networking.

  • WPA
  • WPA2
  • WEP
  • EAP
  • PEAP
  • LEAP
  • MAC filter
  • Disable SSID broadcast
  • TKIP
  • CCMP
  • Antenna Placement
  • Power level controls
  • Captive portals
  • Antenna types
  • Site surveys
  • VPN (over open wireless)

+ See more details

2.0 Compliance and Operational Security

2.1 Explain the importance of risk related concepts.

  • Control types
  • Technical
  • Management
  • Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk
  • Privacy policy
  • Acceptable use
  • Security policy
  • Mandatory vacations
  • Job rotation
  • Separation of duties
  • Least privilege
  • Risk calculation
  • Likelihood
  • ALE
  • Impact
  • SLE
  • ARO
  • MTTR
  • MTTF
  • MTBF
  • Quantitative vs. qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability / threat likelihood
  • Risk-avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated with Cloud Computing and Virtualization
  • Recovery time objective and recovery point objective

+ See more details

2.2 Summarize the security implications of integrating systems and data with third parties.

  • On-boarding/off-boarding business partners
  • Social media networks and/or applications
  • Interoperability agreements
  • SLA
  • BPA
  • MOU
  • ISA
  • Privacy considerations
  • Risk awareness
  • Unauthorized data sharing
  • Data ownership
  • Data backups
  • Follow security policy and procedures
  • Review agreement requirements to verify compliance and performance standards

+ See more details

2.3 Given a scenario, implement appropriate risk mitigation strategies.

  • Change management
  • Incident management
  • User rights and permissions reviews
  • Perform routine audits
  • Enforce policies and procedures to prevent data loss or theft
  • Enforce technology controls
  • Data Loss Prevention (DLP)

+ See more details

2.4 Given a scenario, implement basic forensic procedures.

  • Order of volatility
  • Capture system image
  • Network traffic and logs
  • Capture video
  • Record time offset
  • Take hashes
  • Screenshots
  • Witnesses
  • Track man hours and expense
  • Chain of custody
  • Big Data analysis

+ See more details

2.5 Summarize common incident response procedures.

  • Preparation
  • Incident identification
  • Escalation and notification
  • Mitigation steps
  • Lessons learned
  • Reporting
  • Recovery/reconstitution procedures
  • First responder
  • Incident isolation
  • Quarantine
  • Device removal</li
  • Data breach
  • Damage and loss control

+ See more details

2.6 Explain the importance of security related awareness and training.

  • Security policy training and procedures
  • Role-based training
  • Personally identifiable information
  • Information classification
  • High
  • Medium
  • Low
  • Confidential
  • Private
  • Public
  • Data labeling, handling and disposal
  • Compliance with laws, best practices and standards
  • User habits
  • Password behaviors
  • Data handling
  • Clean desk policies
  • Prevent tailgating
  • Personally owned devices
  • New threats and new security trends/alerts
  • New viruses
  • Phishing attacks
  • Zero-day exploits
  • Use of social networking and P2P
  • Follow up and gather training metrics to validate compliance and security posture

+ See more details

2.7 Compare and contrast physical security and environmental controls.

  • Environmental controls
  • HVAC
  • Fire suppression
  • EMI shielding
  • Hot and cold aisles
  • Environmental monitoring
  • Temperature and humidity controls
  • Physical security
  • Hardware locks
  • Mantraps
  • Video Surveillance
  • Fencing
  • Proximity readers
  • Access list
  • Proper lighting
  • Signs
  • Guards
  • Barricades
  • Biometrics
  • Protected distribution (cabling)
  • Alarms
  • Motion detection
  • Control types
  • Deterrent
  • Preventive
  • Detective
  • Compensating
  • Technical
  • Administrative

+ See more details

2.8 Summarize risk management best practices.

  • Business continuity concepts
  • Business impact analysis
  • Identification of critical systems and components
  • Removing single points of failure
  • Business continuity planning and testing
  • Risk assessment
  • Continuity of operations
  • Disaster recovery
  • IT contingency planning
  • Succession planning
  • High availability
  • Redundancy
  • Tabletop exercises
  • Fault tolerance
  • Hardware
  • RAID
  • Clustering
  • Load balancing
  • Servers
  • Disaster recovery concepts
  • Backup plans/policies
  • Backup execution/frequency
  • Cold site
  • Hot site
  • Warm site

+ See more details

2.9 Given a scenario, select the appropriate control to meet the goals of security.

  • Confidentiality
  • Encryption
  • Access controls
  • Steganography
  • Integrity
  • Hashing
  • Digital signatures
  • Certificates
  • Non-repudiation
  • Availability
  • Redundancy
  • Fault tolerance
  • Patching
  • Safety
  • Fencing
  • Lighting
  • Locks
  • CCTV
  • Escape plans
  • Drills
  • Escape routes
  • Testing controls

+ See more details

3.0 Threats and Vulnerabilities

3.1 Explain types of malware.

  • Adware
  • Virus
  • Spyware
  • Trojan
  • Rootkits
  • Backdoors
  • Logic bomb
  • Botnets
  • Ransomware
  • Polymorphic malware
  • Armored virus

+ See more details

3.2 Summarize various types of attacks.

  • Man-in-the-middle
  • DDoS
  • DoS
  • Replay
  • Smurf attack
  • Spoofing
  • Spam
  • Phishing
  • Spim
  • Vishing
  • Spear phishing
  • Xmas attack
  • Pharming
  • Privilege escalation
  • Malicious insider threat
  • DNS poisoning and ARP poisoning
  • Transitive access
  • Client-side attacks
  • Password attacks
  • Brute force
  • Dictionary attacks
  • Hybrid
  • Birthday attacks
  • Rainbow tables
  • Typo squatting/URL hijacking
  • Watering hole attack

+ See more details

3.3 Summarize social engineering attacks and the associated effectiveness with each attack.

  • Shoulder surfing
  • Dumpster diving
  • Tailgating
  • Impersonation
  • Hoaxes
  • Whaling
  • Vishing
  • Principles (reasons for effectiveness)
  • Authority
  • Intimidation
  • Consensus/Social proof
  • Scarcity
  • Urgency
  • Familiarity/liking
  • Trust

+ See more details

3.4 Explain types of wireless attacks.

  • Rogue access points
  • Jamming/Interference
  • Evil twin
  • War driving
  • Bluejacking
  • Bluesnarfing
  • War chalking
  • IV attack
  • Packet sniffing
  • Near field communication
  • Replay attacks
  • WEP/WPA attacks
  • WPS attacks

+ See more details

3.5 Explain types of application attacks.

  • Cross-site scripting
  • SQL injection
  • LDAP injection
  • XML injection
  • Directory traversal/command injection
  • Buffer overflow
  • Integer overflow
  • Zero-day
  • Cookies and attachments
  • LSO (Locally Shared Objects)
  • Flash Cookies
  • Malicious add-ons
  • Session hijacking
  • Header manipulation
  • Arbitrary code execution / remote code execution

+ See more details

3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

  • Monitoring system logs
  • Event logs
  • Audit logs
  • Security logs
  • Access logs
  • Hardening
  • Disabling unnecessary services
  • Protecting management interfaces and applications
  • Password protection
  • Disabling unnecessary accounts
  • Network security
  • MAC limiting and filtering
  • 802.1x
  • Disabling unused interfaces and unused application service ports
  • Rogue machine detection
  • Security posture
  • Initial baseline configuration
  • Continuous security monitoring
  • Remediation
  • Reporting
  • Alarms
  • Alerts
  • Trends
  • Detection controls vs. prevention controls
  • IDS vs. IPS
  • Camera vs. guard

+ See more details

3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

  • Interpret results of security assessment tools
  • Tools
  • Protocol analyzer
  • Vulnerability scanner
  • Honeypots
  • Honeynets
  • Port scanner
  • Passive vs. active tools
  • Banner grabbing
  • Risk calculations
  • Threat vs. likelihood
  • Assessment types
  • Risk
  • Threat
  • Vulnerability
  • Assessment technique
  • Baseline reporting
  • Code review
  • Determine attack surface
  • Review architecture
  • Review designs

+ See more details

3.8 Explain the proper use of penetration testing versus vulnerability scanning.

  • Penetration testing
  • Verify a threat exists
  • Bypass security controls
  • Actively test security controls
  • Exploiting vulnerabilities
  • Vulnerability scanning
  • Passively testing security controls
  • Identify vulnerability
  • Identify lack of security controls
  • Identify common misconfigurations
  • Intrusive vs. non-intrusive
  • Credentialed vs. non-credentialed
  • False positive
  • Black box
  • White box
  • Gray box

+ See more details

4.0 Application, Data and Host Security

4.1 Explain the importance of application security controls and techniques.

  • Fuzzing
  • Secure coding concepts
  • Error and exception handling
  • Input validation
  • Cross-site scripting prevention
  • Cross-site Request Forgery (XSRF) prevention
  • Application configuration baseline (proper settings)
  • Application hardening
  • Application patch management
  • NoSQL databases vs. SQL databases
  • Server-side vs. Client-side validation

+ See more details

4.2 Summarize mobile security concepts and technologies.

  • Device security
  • Full device encryption
  • Remote wiping
  • Lockout
  • Screen-locks
  • GPS
  • Application control
  • Storage segmentation
  • Asset tracking
  • Inventory control
  • Mobile device management
  • Device access control
  • Removable storage
  • Disabling unused features
  • Application security
  • Key management
  • Credential management
  • Authentication
  • Geo-tagging
  • Encryption
  • Application whitelisting
  • Transitive trust/authentication
  • BYOD concerns
  • Data ownership
  • Support ownership
  • Patch management
  • Antivirus management
  • Forensics
  • Privacy
  • On-boarding/off-boarding
  • Adherence to corporate policies
  • User acceptance
  • Architecture/infrastructure considerations
  • Legal concerns
  • Acceptable use policy
  • On-board camera/video

+ See more details

4.3 Given a scenario, select the appropriate solution to establish host security.

  • Operating system security and settings
  • OS hardening
  • Anti-malware
  • Antivirus
  • Anti-spam
  • Anti-spyware
  • Pop-up blockers
  • Patch management
  • White listing vs. black listing applications
  • Trusted OS
  • Host-based firewalls
  • Host-based intrusion detection
  • Hardware security
  • Cable locks
  • Safe
  • Locking cabinets
  • Host software baselining
  • Virtualization
  • Snapshots
  • Patch compatibility
  • Host availability/elasticity
  • Security control testing
  • Sandboxing

+ See more details

4.4 Implement the appropriate controls to ensure data security.

  • Cloud storage
  • SAN
  • Handling Big Data
  • Data encryption
  • Full disk
  • Database
  • Individual files
  • Removable media
  • Mobile devices
  • Hardware based encryption devices
  • TPM
  • HSM
  • USB encryption
  • Hard drive
  • Data in-transit, Data at-rest, Data in-use
  • Permissions/ACL
  • Data policies
  • Wiping
  • Disposing
  • Retention
  • Storage

+ See more details

4.5 Compare and contrast alternative methods to mitigate security risks in static environments.

  • Environments
  • SCADA
  • Embedded (Printer, Smart TV, HVAC control)
  • Android
  • iOS
  • Mainframe
  • Game consoles
  • In-vehicle computing systems
  • Methods
  • Network segmentation
  • Security layers
  • Application firewalls
  • Manual updates
  • Firmware version control
  • Wrappers
  • Control redundancy and diversity

+ See more details

5.0 Access Control and Identity Management

5.1 Compare and contrast the function and purpose of authentication services.

  • RADIUS
  • TACACS+
  • Kerberos
  • LDAP
  • XTACACS
  • SAML
  • Secure LDAP

+ See more details

5.2 Given a scenario, select the appropriate authentication, authorization or access control.

  • Identification vs. authentication vs. authorization
  • Authorization
  • Least privilege
  • Separation of duties
  • ACLs
  • Mandatory access
  • Discretionary access
  • Rule-based access control
  • Role-based access control
  • Time of day restrictions
  • Authentication
  • Tokens
  • Common access card
  • Smart card
  • Multifactor authentication
  • TOTP
  • HOTP
  • CHAP
  • PAP
  • Single sign-on
  • Access control
  • Implicit deny
  • Trusted OS
  • Authentication factors
  • Something you are
  • Something you have
  • Something you know
  • Somewhere you are
  • Something you do
  • Identification
  • Biometrics
  • Personal identification verification card
  • Username
  • Federation
  • Transitive trust/authentication

+ See more details

5.3 Install and configure security controls when performing account management, based on best practices.

  • Mitigate issues associated with users with multiple account/roles and/or shared accounts
  • Account policy enforcement
  • Credential management
  • Group policy
  • Password complexity
  • Expiration
  • Recovery
  • Disablement
  • Lockout
  • Password history
  • Password reuse
  • Password length
  • Generic account prohibition
  • Group based privileges
  • User assigned privileges
  • User access reviews
  • Continuous monitoring

+ See more details

6.0 Cryptography

6.1 Given a scenario, utilize general cryptography concepts.

  • Symmetric vs. asymmetric
  • Session keys
  • In-band vs. out-of-band key exchange
  • Fundamental differences and encryption methods
  • Block vs. stream
  • Transport encryption
  • Non-repudiation
  • Hashing
  • Key escrow
  • Steganography
  • Digital signatures
  • Use of proven technologies
  • Elliptic curve and quantum cryptography
  • Ephemeral key
  • Perfect forward secrecy

+ See more details

6.2 Given a scenario, use appropriate cryptographic methods.

  • WEP vs. WPA/WPA 2 and preshared key
  • MD5
  • SHA
  • RIPEMD
  • AES
  • DES
  • 3DES
  • HMAC
  • RSA
  • Diffie-Hellman
  • RC4
  • One-time pads
  • NTLM
  • NTLMv2
  • Blowfish
  • PGP/GPG
  • TwoFish
  • DHE
  • ECDHE
  • CHAP
  • PAP
  • Comparative strengths and performance of algorithms
  • Use of algorithms/protocols with transport encryption
  • SSL
  • TLS
  • IPSec
  • SSH
  • HTTPS
  • Cipher suites
  • Strong vs. weak ciphers
  • Key stretching
  • PBKDF2
  • Bcrypt

+ See more details

6.3 Given a scenario, use appropriate PKI, certificate management and associated components.

  • Certificate authorities and digital certificates
  • CA
  • CRLs
  • OCSP
  • CSR
  • PKI
  • Recovery agent
  • Public key
  • Private key
  • Registration
  • Key escrow
  • Trust models

+ See more details

CTU Training Solutions , Updated: May 9th, 2022

Request A Quote

The course information above is subject to change without notification due to market trends in the industry, legislation and/or programme version updates. Terms and Conditions

Open chat
1
Need Help?
Hello
How can we assist you today?