This powerful five-day class is an intense, exam-focused approach to the Security+ certification. CompTIA Security+ is a globally recognized credential with certified professionals working in over 147 countries throughout the world. CompTIA Security+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is also compliant with government regulations under the Federal Information Security Management Act (FISMA). The CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Additional material included in this class covers access control, identity management and cryptography.

 

Course Duration: 5 days
Prerequisites:

There are no prerequisites required for this course.

Course Objectives:
  • 20% — Network Security
  • 18% — Compliance and Operational Security Prerequisites
  • 20% — Threats and Vulnerabilities
  • 15% — Application, Data and Host Security
  • 15% — Access Control and Identity Management
  • 12% — Cryptography
Course Outline:
  • Measuring and Weighing Risk
    • Risk Assessment
    • Computing Risk Assessment
    • Acting on Your Risk Assessment
    • Risks Associated with Cloud Computing
    • Risks Associated with Virtualization
    • Developing Policies, Standards, and Guidelines
    • Implementing Policies
    • Understanding Control Types and False Positives/Negatives
    • Risk Management Best Practices
    • Disaster Recovery

 

  • Monitoring and Diagnosing Networks
    • Monitoring Networks
    • Network Monitors
    • Understanding Hardening
    • Working with Service
    • Patches
    • User Account Control
    • Filesystems
    • Securing the Network
    • Security Posture
    • Continuous Security Monitoring
    • Setting a Remediation Policy
    • Reporting Security Issues
    • Alarms
    • Alerts
    • Trends
    • Detection Controls versus Prevention Controls

 

  • Understanding Devices and Infrastructure
    • Mastering TCP/IP
    • OSI Relevance
    • Working with the TCP/IP Suite
    • IPv4 and IPv6
    • Understanding Encapsulation
    • Working with Protocols and Services
    • Designing a Secure Network
    • Demilitarized Zones
    • Subnetting
    • Virtual Local Area Networks
    • Remote Access
    • Network Address Translation
    • Telephony
    • Network Access Control
    • Understanding the Various Network Infrastructure Devices
    • Firewalls
    • Routers
    • Switches
    • Load Balancers
    • Proxies
    • Web Security Gateway
    • VPNs and VPN Concentrators
    • Intrusion Detection Systems
    • Understanding Intrusion Detection Systems
    • IDS vs. IPS
    • Working with a Network-Based IDS
    • Working with a Host-Based IDS
    • Working with NIPSs
    • Protocol Analyzers
    • Spam Filters
    • UTM Security Appliances

 

  • Access Control, Authentication, and Authorization
    • Understanding Access Control Basics
    • Identification vs. Authentication
    • Authentication (Single Factor) and Authorization
    • Multifactor Authentication
    • Layered Security and Defense in Depth
    • Network Access Control
    • Tokens
    • Federations
    • Potential Authentication and Access Problems
    • Authentication Issues to Consider
    • Authentication Protocols
    • Account Policy Enforcement
    • Users with Multiple Accounts/Roles
    • Generic Account Prohibition
    • Group-based and User-assigned Privileges
    • Understanding Remote Access Connectivity
    • Using the Point-to-Point Protocol
    • Working with Tunneling Protocols
    • Working with RADIUS
    • TACACS/TACACS+/XTACACS
    • VLAN Management
    • SAML
    • Understanding Authentication Services
    • LDAP
    • Kerberos
    • Single Sign-On Initiatives
    • Understanding Access Control
    • Mandatory Access Control
    • Discretionary Access Control
    • Role-Based Access Control
    • Rule-Based Access Control
    • Implementing Access Controlling Best Practices
    • Least Privileges
    • Separation of Duties
    • Time of Day Restrictions
    • User Access Review
    • Smart Cards
    • Access Control Lists
    • Port Security
    • Working with 802.1X
    • Flood Guards and Loop Protection
    • Preventing Network Bridging
    • Log Analysis
    • Trusted OS
    • Secure Router Configuration

 

  • Protecting Wireless Networks
    • Working with Wireless Systems
    • IEEE 802.11x Wireless Protocols
    • WEP/WAP/WPA/WPA2
    • Wireless Transport Layer Security
    • Understanding Wireless Devices
    • Wireless Access Points
    • Extensible Authentication Protocol
    • Lightweight Extensible Authentication Protocol
    • Protected Extensible Authentication Protocol
    • Wireless Vulnerabilities to Know
    • Wireless Attack Analogy

 

  • Securing the Cloud
    • Working with Cloud Computing
    • Software as a Service (SaaS)
    • Platform as a Service (PaaS)
    • Infrastructure as a Service (IaaS)
    • Private Cloud
    • Public Cloud
    • Community Cloud
    • Hybrid Cloud
    • Working with Virtualization
    • Snapshots
    • Patch Compatibility
    • Host Availability/Elasticity
    • Security Control Testing
    • Sandboxing
    • Security and the Cloud
    • Cloud Storage

 

  • Host, Data and Application Security
    • Application Hardening
    • Databases and Technologies
    • Fuzzing
    • Secure Coding
    • Application Configuration Baselining
    • Operating System Patch Management
  • Application Patch Management
    • Host Security
    • Permissions
    • Access Control Lists
    • Antimalware
    • Host Software Baselining
    • Hardening Web Servers
    • Hardening Email Servers
    • Hardening FTP Servers
    • Hardening DNS Servers
    • Hardening DHCP Services
    • Protecting Data Through Fault Tolerance
    • Backups
    • RAID
    • Clustering and Load Balancing
    • Application Security
    • Best Practices for Security
    • Data Loss Prevention
    • Hardware-Based Encryption Devices

 

  • Cryptography
    • An Overview of Cryptography
    • Historical Cryptography
    • Modern Cryptography
    • Working with Symmetric Algorithms
    • Working with Asymmetric Algorithms
    • What Cryptography Should You Use?
    • Hashing Algorithms
    • Rainbow Tables and Salt
    • Key Stretching
    • Understanding Quantum Cryptography
    • Cryptanalysis Methods
    • Wi-Fi Encryption
    • Using Cryptographic Systems
    • Confidentiality and Strength
    • Integrity
    • Digital Signatures
    • Authentication
    • Nonrepudiation
    • Key Features
    • Understanding Cryptography Standards and Protocols
    • The Origins of Encryption Standards 2
    • Public-Key Infrastructure X.509/Public-Key Cryptography Standards
    • 509
    • SSL and TLS
    • Certificate Management Protocols
    • Secure Multipurpose Internet Mail Extensions
    • Secure Electronic Transaction
    • Secure Shell
    • Pretty Good Privacy
    • HTTP Secure
    • Secure HTTP
    • IP Security
    • Tunneling Protocols
    • Federal Information Processing Standard
    • Using Public-Key Infrastructure
    • Using a Certificate Authority
    • Working with Registration Authorities and Local Registration Authorities
    • Implementing Certificates
    • Understanding Certificate Revocation
    • Implementing Trust Models
    • Hardware-Based Encryption Devices

 

  • Malware, Vulnerabilities and Threats
    • Understanding Malware
    • Surviving Viruses
    • Symptoms of a Virus Infection
    • How Viruses Work
    • Types of Viruses
    • Managing Spam to Avoid Viruses
    • Antivirus Software
    • Understanding Various Types of Attacks
    • Identifying Denial-of-Service and Distributed Denial-of-Service Attacks
    • Spoofing Attacks
    • Pharming Attacks
    • Phishing, Spear Phishing, and Vishing
    • Xmas Attack
    • Man-in-the-Middle Attacks
    • Replay Attacks
    • Smurf Attacks
    • Password Attacks
    • Privilege Escalation
    • Malicious Insider Threats
    • Transitive Access
    • Client-Side Attacks
    • Typo Squatting and URL Hijacking
    • Watering Hole Attack
    • Identifying Types of Application Attacks
    • Cross-Site Scripting and Forgery
    • SQL Injection
    • LDAP Injection
    • XML Injection
    • Directory Traversal/Command Injection
    • Buffer Overflow
    • Integer Overflow
    • Zero-Day Exploits
    • Cookies and Attachments
    • Locally Shared Objects and Flash Cookies
    • Malicious Add-Ons
    • Session Hijacking
    • Header Manipulation
    • Arbitrary Code and Remote Code Execution
    • Tools for Finding Threats
    • Interpreting Assessment Results
    • Tools to Know
    • Risk Calculations and Assessment Types

 

  • Social Engineering and Other Foes
    • Understanding Social Engineering
    • Types of Social Engineering Attacks
    • What Motivates an Attack?
    • The Principles Behind Social Engineering
    • Social Engineering Attack Examples
    • Understanding Physical Security
    • Hardware Locks and Security
    • Mantraps
    • Video Surveillance
    • Fencing
    • Access List
    • Proper Lighting
    • Signs
    • Guards
    • Barricades
    • Biometrics
    • Protected Distribution
    • Alarms
    • Motion Detection
    • Environmental Controls
    • HVAC
    • Fire Suppression
    • EMI Shielding
    • Hot and Cold Aisles
    • Environmental Monitoring
    • Temperature and Humidity Controls
    • Control Types
    • A Control Type Analogy
    • Data Policies
    • Destroying a Flash Drive
    • Some Considerations
    • Optical Discs
  • Security Administration
    • Third-Party Integration
    • Transitioning
    • Ongoing Operations
    • Understanding Security Awareness and Training
    • Communicating with Users to Raise Awareness
    • Providing Education and Training
    • Safety Topics
    • Training Topics
    • Classifying Information
    • Public Information
    • Private Information
    • Information Access Controls
    • Security Concepts
    • Complying with Privacy and Security Regulations
    • The Health Insurance Portability and Accountability Act
    • The Gramm-Leach-Bliley Act
    • The Computer Fraud and Abuse Act
    • The Family Educational Rights and Privacy Act
    • The Computer Security Act of 1987
    • The Cyberspace Electronic Security Act
    • The Patriot Act
    • Familiarizing Yourself with International Efforts
    • Mobile Devices
    • BYOD Issues
    • Alternative Methods to Mitigate Security Risks

 

  • Disaster Recovery and Incident Response
    • Issues Associated with Business Continuity
    • Types of Storage Mechanisms
    • Crafting a Disaster-Recovery Plan
    • Incident Response Policies
    • Understanding Incident Response
    • Succession Planning
    • Tabletop Exercises
    • Reinforcing Vendor Support
    • Service-Level Agreements
    • Code Escrow Agreements
    • Penetration Testing
    • What Should You Test?
    • Vulnerability Scanning