CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:
- Network security
- Compliance and operational security
- Threats and vulnerabilities
- Application, data and host security
- Access control and identity management
- Cryptography
CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it ensures that security personnel are anticipating security risks and guarding against them.
Candidate job roles include security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator. Organizations that employ CompTIA Security+ certified staff include Hitachi Information Systems (Japan), Trendmicro (Philippines), Lockheed Martin, General Dynamics and Northrop Grumman. CompTIA Security+ is one of the options for certifications required by the U.S. Department of Defense 8570.1, for military personnel or military contractors engaged in information assurance activities. With Network Security being the fast growing sector within IT having your Security+ will put you or your team ahead of the competition!
Unit 01
Topic A: System Maintenance
- Causes of Compromised Security
- Technology Weaknesses
- Configuration Weaknesses
- Policy Weaknesses
- Human Error and Malice
- Securing the Operating System
- Microsoft Update
- Windows Update Categories
- Demo – A-2: Updating the Operating System
- Patch Management
- Demo – A-3: Managing Software Patches
- Service Packs
- Demo – A-4: Checking for and Installing Service Packs
- BIOS Version
- BIOS Update
- Demo – A-5: Determining Whether you Need to Update your Computer’s BIOS
- Windows Firewall
- User Account Control
- Demo – A-6: Configuring Windows Firewall
Topic B: Application Security
- Application Vulnerabilities
- Countermeasures
- Demo – B-1: Managing Application Security
Topic C: Physical Security
- Physical Access Control
- Smart Card and Reader
- Fingerprint Scanner
- Biometric Devices
- Plant Security
- Cipher Lock
- Man-trap
Topic D: Malware
- Malware Varieties
- Malware Effects Anti-malware
- Antivirus Software
- Anti-malware Products
- Demo – D-2: Installing Antivirus Software
- Windows Defender
- Demo – D-3: Scanning your System for Spyware
Topic E: Social Engineering
- Social Engineering
- Types of Social Engineering
- Social Engineering Countermeasures
- Phishing
- Demo – E-2: Examining Phishing
- Spam
- Social Networking
Unit 01 Review
Unit 02 – Cryptography
Topic A: Symmetric Cryptography
- ROT13 Cipher
- Keys
- Symmetric Encryption in Action
- Common Symmetric Ciphers
- Hashes
- Uses for Hashes
- MD5 Hash Algorithm
- SHA
- Hash Vulnerabilities
- Demo – A-2: Calculating Hashes
- Steganography
- Demo – A-3: Sharing a Secret Message with Steganography
Topic B: Public Key Cryptography
- Public Key Cryptography
- Asymmetric Encryption in Action
- Common Asymmetric Ciphers
- Demo – B-1: Exploring Public Key Cryptography
- Digital Signatures
- Signature Process
- Features of Signatures
- Digital Certificates
- Certificate Types
- Demo – B-2: Examining Certificates
- Public Key Infrastructure
- Certificate Policy
- Certificate Practice Statement
- Trust Models
- Single-authority Trust Model
- Hierarchical Trust Model
- Web of Trust Model
- Demo – B-3: Examining Certificate Trusts Single- and Dual-key Certificates
- Quantum Cryptography
Unit 02 Review
Unit 03 – Authentication
Topic A: Authentication Factors and Requirements
- Three Steps to Secure Resources
- Authentication Factors
- One-factor Authentication
- Two-factor Authentication
- Three-factor Authentication
- Considerations
- Identification and Authentication
- Identity Proofing
- Single Sign-on
Topic B: Authentication Systems
- Authentication Protocols
- NTLM
- NTLM Challenge-response
- NTLM Vulnerabilities
- Kerberos
- Kerberos System Composed of:
- Kerberos Data Types:
- Kerberos Authentication Process
- Cross-realm Authentication
- Kerberos Security Weaknesses
- Null Sessions
Topic C: Authentication System Variables
- Authentication Vulnerabilities
- Secure Passwords
- Password Realities
- Least Privilege
- Demo – C-1: Identifying Authentication Vulnerabilities
- Wireshark
- Demo – C-2: Capturing Passwords with a Protocol Analyzer
- Password Cracking
- Password Guessing
- SAM and SYSTEM Files
- Demo – C-3: Cracking Passwords
Unit 03 Review
Unit 04 – User – and Role-based Security
Topic A: Baseline Security Policies
- Security Baselines
- Demo – A-1: Using MBSA to Analyze Security
- Group Policy Settings
- Local GPO Types
- GPO Editor
- Local Computer GPO Nodes
- Demo – A-2: Creating a Console to Manage Local Security Policies
- Policy Properties Dialog Box
- Container Types
- Types of Domain GPOs
- GPOs Applied in this Order
- Demo – A-3: Using the GPMC
Topic B: Resource Access
- Groups
- Demo – B-1: Creating Users and Groups Based on Security Needs
- Permissions
- File System Security
- Access Control Models
- Demo – B-2: Securing File Resources
Unit 04 Review
Unit 05 – Peripheral Security
Topic A: File and Disk Encryption
- File and Disk Encryption
- File-level Encryption
- Demo – A-1: Enabling File-based Encryption
- Whole Disk Encryption
- Windows BitLocker
- BitLocker Life Cycle
- Recovery
- Other Disk Encryption Tools
- Demo – A-2: Creating an Encrypted Volume
- Demo – A-3: Mounting, Using, and Dismounting an Encrypted Volume
Topic B: Peripheral and Component Security
- Peripherals and Components
- USB Drives
- Laptops
- Shredding Standards
- Demo – B-2: Using Windows Policies to Mitigate the Risks of Peripherals
Topic C: Mobile Device Security
- Mobile Device Risks
- Additional Concerns
- Mitigating Risks
- Screen Lock
- Android Security Settings
- WaveSecure
- Risks and Threats
Unit 05 Review
Unit 06 – Public Key Infrastructure
Topic A: Public Key Cryptography
- Management
- Setup and Initialization Phase
- Administration Phase
- Cancellation and Key History
- Administrative Responsibilities
Topic B: Implementing Public Key Infrastructure
- Microsoft Certificate Services
- AD Integration Options
- Demo – B-1: Installing a Standalone Root Certificate Authority
- Demo – B-2: Installing an Enterprise Subordinate CA
- Demo – B-3: Implementing a File-based Certificate Request
- Demo – B-4: Managing your Certificate Server
- User Certificates
- Demo – B-5: Requesting a User Certificate
- Certificate Revocation
- Demo – B-6: Revoking a Certificate
- Key Escrow and Recovery
- Key Recovery Agent
- Demo – B-7: Enabling the EFS Recovery Agent Template
- Demo – B-8: Enrolling for a Recovery Agent Certificate
- Demo – B-9: Enabling Key Archival
- Demo – B-10: Re-enrolling All Certificates
Topic C: Web Server Security with PKI
- Securing Web Servers
- Commercial Certificate
- Demo – C-1: Requesting and Installing a Web Server Certificate
- Demo – C-2: Enabling SSL for the Certificate Server Website
- HTTPS Connections
- Demo – C-3: Making a Secure Connection
- Demo – C-4: Requesting a Client Certificate via the Web
Unit 06 Review
Unit 07 – Application and Messaging Security
Topic A: Application Security
- Application Security
- Programmer’s Perspective
- Administrator’s Perspective
- User’s Perspective
- Application Attacks
Topic B: E-mail Security
- E-mail Security
- E-mail Application Security
- Demo – B-2: Configuring an E-mail Client to Use Secure Authentication
- Signed and Encrypted Mail
- PGP
- PGP Certificates
- S/MIME
- X.509 Certificates
- PGP vs. S/MIME
- Demo – B-3: Examining S/MIME Features
- Using PGP
- Demo – B-4: Installing Gnu Privacy Guard and Enigmail
- Demo – B-5: Creating an OpenPGP Certificate and Key Pair
- Signed Message
- Demo – B-6: Sending a Signed Message
Topic C: Social Networking and Messaging
- Social Networking
- Instant Messaging
- IM Ports
Unit 07 Review
Unit 08 – Ports and Protocols
Topic A: TCP/IP Basics
- TCP/IP Architecture
- Application-layer Protocols
- HTTP
- HTTPS Connections
- FTP
- Trivial File Transfer Protocol
- SFTP
- Telnet
- DNS
- Additional Protocols
- Transport-layer Protocols
- Port Numbers
- Service Port Numbers
- Demo – A-3: Using Port Numbers
- IPv4 Classes
- IPv4 Header
- CIDR and NAT
- IPv6 Header
- IPv6 Scopes
- IPv6 Address Types
- Demo – A-4: Comparing IPv4 and IPv6 Packets
Topic B: Protocol-based Attacks
- DoS Attacks
- TCP Three-way Handshake
- Smurf Attack
- Ping-of-Death Attacks
- Xmas Attacks
- Demo – B-1: Preventing Common Protocol-based Attacks
- DDoS Attacks
- DDoS Attack Protection
- Demo – B-2: Assessing your Vulnerability to DDoS Attacks
- Man-in-the-Middle Attacks
- Spoofing
- IP Address Spoofing
- Demo – B-3: Scanning Ports
- ARP Poisoning
- Demo – B-4: Checking the ARP Cache
- Spoofing Attacks
- Replay Attacks
- TCP/IP Hijacking
Unit 08 Review
Unit 09 – Network Security
Topic A: Network Devices
- OSI Reference Model
- Networking Devices
- Repeaters, Hubs, Switches
- Switch Security
- Routers
- Router State Management
- NAT and PAT
- Port Address Translation
- Firewalls and Proxies
- Firewall Categories
- Security Issues
- Overcoming Weaknesses
Topic B: Secure Network Topologies
- Security Zones
- Intranet Zone
- Perimeter Network
- DMZ Options
- Screened Host
- Bastion Host
- Three-homed Firewall
- Back-to-back Firewalls
- Dead Zone
- Traffic Filtering
- Network Bridging
- VLAN
- Network Access Control
- VPN
- IPSec Encryption
Topic C: Secure Networking
- Firewall Administration
- Rule Planning
- Demo – C-1: Configuring Firewall Rules
- Port Security
- Demo – C-2: Blocking Ports with the Windows Firewall
- VLAN Security
- Secure Router Configuration
Topic D: Virtualization and Cloud Computing
- Virtual Computers
- Citrix XenServer
- Virtualization Concerns and Risks
- Cloud Computing
- Cloud Deployment
- Cloud Categories
- Risks and Concerns
Unit 09 Review
Unit 10 – Wireless Security
Topic A: Wireless Network Security
- 802.11 Standard
- 802.11 Family
- 802.11 Networking
- Wireless Security Threats
- Wireless Security
- Transmission Encryption
- Configuration Options
- Demo – A-2: Configuring a Wireless Access Point
- Configuring Wireless Clients
- RADIUS
- Demo – A-3: Configuring a Wireless Client
- Wireless Network Vulnerabilities
- Wi-Fi Scanners
- War Chalking Symbols
Topic B: Mobile Device Security
- Infrastructure Issues
- Protecting Against Attacks
Unit 10 Review
Unit 11 – Remote Access Security
Topic A: Remote Access
- AAA
- RADIUS
- RADIUS Authentication
- Realms
- RADIUS Security
- RADIUS Benefits
- LDAP and Remote Access
- LDAP Security
- LDAP Authentication/Authorization
- TACACS+
- TACACS+ versus RADIUS
- 802.1X
- Network Policy Server (NPS)
- Demo – A-5: Installing Network Policy and Access Services
- Demo – A-6: Configuring an NPS Network Policy
- Demo – A-7: Configuring NPS Accounting
Topic B: Virtual Private Networks
- Virtual Private Networks
- VPN Technologies
- VPN Security Models
- VPN Protocols
- PPTP versus L2TP
- IPSec Protocols
- Encryption Modes
- Secure Shell (SSH)
- VPN Solutions
- Service Provider Tunneling
- Demo – B-2: Installing Routing and Remote Access Services
- Demo – B-3: Enabling a VPN
- Demo – B-4: Configuring NPS to Provide RADIUS Authentication for your VPN
Unit 11 Review
Unit 12 – Vulnerability Testing and Monitoring
Topic A: Risk and Vulnerability Assessment
- Assessment Types
- Vulnerability Assessments
- Vulnerability Testing Tools
- Penetration Testing
- Penetration vs. Vulnerability
- Demo – A-2: Scanning the Network
Topic B: Auditing and Logging
- Event Viewer
- Windows Server 2008 Event Viewer
- Events
- Event Types
- Event Details
- Demo – B-1: Viewing Event Logs
- Device and Application Logging
Topic C: Intrusion Detection and Prevention Systems
- Intrusion Detection
- Events
- NIDS
- IDScenter for Snort
- Example Snort Rule
- HIDS
- HIDS Advantages Over NIDS
- Honeypots and Honeynets
- Honeypot Examples
- Honeypot Deployment
Topic D: Incident Response
- Computer Forensics
- Evidence-Gathering Principles
- Chain of Custody
- Remediation
Unit 12 Review
Unit 13 – Organizational Security
Topic A: Organizational Policies
- CIA Triad
- Control Types
- Risk Assessment
- Security Policy Contents
- Acceptable-Use Policy
- Due Care
- Privacy
- Separation of Duties
- Need to Know
- Password Management
- Service-level Agreement
- Disposal and Destruction
- Human Resources Policies
- Incident Response Policy
- Incident Response Policy Contents
- Preparation
- Detection
- Containment
- Eradication
- Recovery
- Follow-up
- Hiring
- Employee Review and Maintenance
- Post-employment
- Code of Ethics
- Change Management
- Change Documentation
Topic B: Education and Training
- Education
- Communication
- User Awareness
- Types of Training
Topic C: Disposal and Destruction
- Disposal
- Data Security and Destruction
- Disposal of Electronics
- Disposal of Computer Equipment
Unit 13 Review
Unit 14 – Business Continuity
Topic A: Business Continuity Planning
- Business Impact Assessment
- Threats
- Business Continuity Teams
- Contingency Plan
- Documentation
- Disaster or Service Failure
- Utility Services
- Redundant Locations
- Disaster Recovery Exercises
Topic B: Disaster Recovery
- Fault Tolerance
- RAID Level 0
- RAID Level 1
- RAID Level 3
- RAID Level 5
- RAID 0+1 (or RAID 01)
- RAID 1+0 (or RAID 10)
- RAID Considerations
- Level-specific Considerations
- Software vs. Hardware RAID
- Backup Tools
- Backup Types
- Backup Media
- Backup Storage
- Grandfather Method
- Tower of Hanoi
- Incremented Media Backup
- Backup Storage (Cont.)
- Data Restoration
- Demo – B-4: RAID Configuration (Software)
Test Details | |
Number of questions | 100 |
Length of test | 90 minutes |
Passing score | 750 (on a scale of 100-900) |
Recommended experience | CompTIA Network+ certification and two years of technical networking experience, with an emphasis on security. |
Languages | English, Korean, German, Japanese |
Exam codes | SY0-301, JK0-018 |
CompTIA Network+ certification and two years of technical networking experience, with an emphasis on security.
QUICK ENQUIRY
- 91-95007 10004
- helpdesk@kalvigroup.com
- 91-95432 18687
- helpdesk@kalvigroup.com