CompTIA Security+

Individuals whose job responsibilities include securing network services, devices, and data confidentiality/privacy in your organization and individuals who are preparing for the CompTIA Security+ certification exam.

After completing this course you should be able to:

• Compare security roles and security controls
• Explain threat actors and threat intelligence
• Perform security assessments and identify social engineering attacks and malware types
• Summarize basic cryptographic concepts and implement public key infrastructure
• Implement authentication controls
• Implement identity and account management controls
• Implement secure network designs, network security appliances, and secure network protocols
• Implement host, embedded/Internet of Things, and mobile security solutions
• Implement secure cloud solutions
• Explain data privacy and protection concepts
• Perform incident response and digital forensics
• Summarize risk management concepts and implement cybersecurity resilience
• Explain physical security

Comparing Security Roles and Security Controls

• Compare and Contrast Information Security Roles
• Compare and Contrast Security Control and Framework Types

Explaining Threat Actors and Threat Intelligence

• Explain Threat Actor Types and Attack Vectors
• Explain Threat Intelligence Sources

Performing Security Assessments

• Assess Organizational Security with Network
• Reconnaissance Tools
• Explain Security Concerns with General Vulnerability Types
• Summarize Vulnerability Scanning Techniques
• Explain Penetration Testing Concepts

Identifying Social Engineering and Malware

• Compare and Contrast Social Engineering Techniques
• Analyze Indicators of Malware-Based Attacks

Summarizing Basic Cryptographic Concepts

• Compare and Contrast Cryptographic Ciphers
• Summarize Cryptographic Modes of Operation
• Summarize Cryptographic Use Cases and Weaknesses
• Summarize Other Cryptographic Technologies

Implementing Public Key Infrastructure

• Implement Certificates and Certificate Authorities
• Implement PKI Management

Implementing Authentication Controls

• Summarize Authentication Design Concepts
• Implement Knowledge-Based Authentication
• Implement Authentication Technologies
• Summarize Biometrics Authentication Concepts

Implementing Identity and Account Management Controls

• Implement Identity and Account Types
• Implement Account Policies
• Implement Authorization Solutions
• Explain the Importance of Personnel Policies

Implementing Secure Network Designs

• Implement Secure Network Designs
• Implement Secure Switching and Routing
• Implement Secure Wireless Infrastructure
• Implement Load Balancers

Implementing Network Security Appliances

• Implement Firewalls and Proxy Servers
• Implement Network Security Monitoring
• Summarize the Use of SIEM

Implementing Secure Network Protocols

• Implement Secure Network Operations Protocols
• Implement Secure Application Protocols
• Implement Secure Remote Access Protocols

Implementing Host Security Solutions

• Implement Secure Firmware
• Implement Endpoint Security
• Explain Embedded System Security Implications

Implementing Secure Mobile Solutions

• Implement Mobile Device Management
• Implement Secure Mobile Device Connections

Summarizing Secure Application Concepts

• Analyze Indicators of Application Attacks
• Analyze Indicators of Web Application Attacks
• Summarize Secure Coding Practices
• Implement Secure Script Environments
• Summarize Deployment and Automation Concepts

Implementing Secure Cloud Solutions

• Summarize Secure Cloud and Virtualization Services
• Apply Cloud Security Solutions
• Summarize Infrastructure as Code Concepts

Explaining Data Privacy and Protection Concepts

• Explain Privacy and Data Sensitivity Concepts
• Explain Privacy and Data Protection Controls

Performing Incident Response

• Summarize Incident Response Procedures
• Utilize Appropriate Data Sources for Incident Response
• Apply Mitigation Controls

Explaining Digital Forensics

• Explain Key Aspects of Digital Forensics Documentation
• Explain Key Aspects of Digital Forensics Evidence Acquisition

Summarizing Risk Management Concepts

• Explain Risk Management Processes and Concepts
• Explain Business Impact Analysis Concepts

Implementing Cybersecurity Resilience

• Implement Redundancy Strategies
• Implement Backup Strategies
• Implement Cybersecurity Resiliency Strategies

Explaining Physical Security

• Explain the Importance of Physical Site Security Controls
• Explain the Importance of Physical Host Security Controls

Labs

• 01: Assisted Lab: Exploring the Lab Environment
• 02: Assisted Lab: Scanning and Identifying Network Nodes
• 03: Assisted Lab: Intercepting and Interpreting Network Traffic with Packet Sniffing Tools
• 04: Assisted Lab: Analyzing the Results of a Credentialed Vulnerability Scan 
• 05: Assisted Lab: Installing, Using, and Blocking a Malware-based Backdoor
• 06: Applied Lab: Performing Network Reconnaissance and Vulnerability Scanning  
• 07: Assisted Lab: Managing the Life Cycle of a Certificate
• 08: Assisted Lab: Managing Certificates with OpenSSL
• 09: Assisted Lab: Auditing Passwords with a Password Cracking Utility
• 10: Assisted Lab: Managing Centralized Authentication
• 11: Assisted Lab: Managing Access Controls in Windows Server
• 12: Assisted Lab: Configuring a System for Auditing Policies
• 13: Assisted Lab: Managing Access Controls in Linux
• 14: Applied Lab: Configuring Identity and Access Management Controls
• 15: Assisted Lab: Implementing a Secure Network Design 
• 16: Assisted Lab: Configuring a Firewall
• 17: Assisted Lab: Configuring an Intrusion Detection System
• 18: Assisted Lab: Implementing Secure Network Addressing Services
• 19: Assisted Lab: Implementing a Virtual Private Network
• 20: Assisted Lab: Implementing a Secure SSH Server
• 21: Assisted Lab: Implementing Endpoint Protection
• 22: Applied Lab: Securing the Network Infrastructure
• 23: Assisted Lab: Identifying Application Attack Indicators
• 24: Assisted Lab: Identifying a Browser Attack
• 25: Assisted Lab: Implementing PowerShell Security
• 26: Assisted Lab: Identifying Malicious Code

Attendees should meet the following prerequisites:

• Basic Windows and Linux administrator skills
• The ability to implement fundamental networking appliances and IP addressing concepts
• Six to nine months' experience in networking, including configuring security parameters, are strongly recommended.

• G005 - CompTIA Network+

Recommended as preparartion for the following exams:

• SY0-601 Exam - CompTIA Security +

The following courses are recommended for those students looks to expand their knowledge of cybersecurity.

• GK5867 - CompTIA CySA+
• G015 - CompTIA PenTest+
• GK2951 - CompTIA Advanced Security Practitioner (CASP+)