E-Learning: CompTIA Security+ Platinum Bundle (CM Learn, CM Practice, CM Labs, Exam) (SECPLUS-PLATINUM)

This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience whose job role is focused on system security.  CompTIA Security+ is an international, vendor-neutral certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.  CompTIA Security+ is aimed at IT professionals with job roles such as security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator.

This course will teach you the fundamental principles of installing and configuring cybersecurity controls and participating in incident response and risk mitigation.   The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations.

The following are included with this product:

• 1 x CompTIA CertMaster Learn for Security+ (SY0-501) license
• 1 x CompTIA CertMaster Practice for Security+ (SY0-501) license
• 1 x CompTIA CertMaster Labs for Security+ (SY0-501) license
• 1 x CompTIA PenTest+ Exam Voucher

Licenses expire 12 months from date of purchase if not activated.   Once activated, each license is valid for 12 months.  Registration instructions will be sent via email after your purchase is complete.  

Please see below for more information about CompTIA CertMaster Learn, CompTIA CertMaster Practice and CompTIA Labs.

CompTIA CertMaster Learn

CertMaster Learn is a self-paced, comprehensive online learning experience that helps you gain the knowledge and practical skills necessary to be successful on your CompTIA certification exam, and in your IT career.  Interactive and flexible, CertMaster Learn is the ideal first step in your training journey. Instructional lessons are combined with videos, practice questions, and performance-based questions to provide hours of content aligned with the CompTIA exam objectives. A Learning Plan helps you stay on track with your studies, while robust analytics bring awareness of your strengths and weaknesses.

• Lessons cover all exam objectives with integrated videos
• Hundreds of practice questions test your knowledge
• Performance-based questions apply what you’ve learned in a scenario
• Flashcards ensure you know the terminology and acronyms required for the exam
• The Learning Plan keeps you on track with your studies

CompTIA CertMaster Practice

CompTIA CertMaster Practice is an online knowledge assessment and training companion tool to help you prepare for your CompTIA certification exam. Featuring an adaptive question-first design, CertMaster Practice quickly assesses what you already know and what you still need to learn. For those topics where you need more support, CertMaster Practice provides personalized remediation and feedback. Once you’re ready, you can demonstrate your knowledge on a timed practice test complete with performance-based questions.

• Speed-up learning
• Increase retention
• Build confidence

CompTIA CertMaster Labs

CompTIA Labs allow for hands on practice and skill development in actual software applications through a remote lab environment. The browser-based virtual labs align with CompTIA exam objectives and are based on scenarios found in the workplace. The labs within each course are independent of each other and can be used in any order.   A full list of labs is included in the contents section.

After completing this course, you should be able to:

• Identify network attack strategies and defenses.
• Understand the principles of organizational security and the elements of effective security policies.
• Know the technologies and uses of cryptographic standards and products.
• Identify network- and host-based security technologies and practices.
• Describe how wireless and remote access security is enforced.
• Describe the standards and products used to enforce security on web and communications technologies.
• Identify strategies for ensuring business continuity, fault tolerance, and disaster recovery.
• Summarise application and coding vulnerabilities and identify development and deployment methods designed to mitigate them.

Module 1 / Threats, Attacks, and Vulnerabilities

Indicators of Compromise

• Why is Security Important?
• Security Policy
• Threat Actor Types
• The Kill Chain
• Social Engineering
• Phishing
• Malware Types
• Trojans and Spyware
• Open Source Intelligence

Critical Security Controls

• Security Control Types
• Defence in Depth
• Frameworks and Compliance
• Vulnerability Assessments and Pentests
• Security Assessment Techniques
• Pen Testing Concepts
• Vulnerability Scanning Concepts
• Exploit Frameworks

Security Posture Assessment Tools

• Topology Discovery
• Service Discovery
• Packet Capture
• Packet Capture Tools
• Remote Access Trojans
• Honeypots and Honeynets

Incident Response

• Incident Response Procedures
• Preparation Phase
• Identification Phase
• Containment Phase
• Eradication and Recovery Phases

Module 2 / Identity and Access Management

Cryptography

• Uses of Cryptography
• Cryptographic Terminology and Ciphers
• Cryptographic Products
• Hashing Algorithms
• Symmetric Algorithms
• Asymmetric Algorithms
• Diffie-Hellman and Elliptic Curve
• Transport Encryption
• Cryptographic Attacks

Public Key Infrastructure

• PKI Standards
• Digital Certificates
• Certificate Authorities
• Types of Certificate
• Implementing PKI
• Storing and Distributing Keys
• Key Status and Revocation
• PKI Trust Models
• PGP / GPG

Identification and Authentication

• Access Control Systems
• Identification
• Authentication
• LAN Manager / NTLM
• Kerberos
• PAP, CHAP, and MS-CHAP
• Password Attacks
• Token-based Authentication
• Biometric Authentication
• Common Access Card

Identity and Access Services

• Authorization
• Directory Services
• RADIUS and TACACS+
• Federation and Trusts
• Federated Identity Protocols

Account Management

• Formal Access Control Models
• Account Types
• Windows Active Directory
• Creating and Managing Accounts
• Account Policy Enforcement
• Credential Management Policies
• Account Restrictions
• Accounting and Auditing

Module 3 / Architecture and Design (1)

Secure Network Design

• Network Zones and Segments
• Subnetting
• Switching Infrastructure
• Switching Attacks and Hardening
• Endpoint Security
• Network Access Control
• Routing Infrastructure
• Network Address Translation
• Software Defined Networking

Firewalls and Load Balancers

• Basic Firewalls
• Stateful Firewalls
• Implementing a Firewall or Gateway
• Web Application Firewalls
• Proxies and Gateways
• Denial of Service Attacks
• Load Balancers

IDS and SIEM

• Intrusion Detection Systems
• Configuring IDS
• Log Review and SIEM
• Data Loss Prevention
• Malware and Intrusion Response

Secure Wireless Access

• Wireless LANs
• WEP and WPA
• Wi-Fi Authentication
• Extensible Authentication Protocols
• Additional Wi-Fi Security Settings
• Wi-Fi Site Security
• Personal Area Networks

Physical Security Controls

• Site Layout and Access
• Gateways and Locks
• Alarm Systems
• Surveillance
• Hardware Security
• Environmental Controls

Module 4 / Architecture and Design (2)

Secure Protocols and Services

• DHCP Security
• DNS Security
• Network Management Protocols
• HTTP and Web Servers
• SSL / TSL and HTTPS
• Web Security Gateways
• Email Services
• S/MIME
• File Transfer
• Voice and Video Services (VoIP and VTC)

Secure Remote Access

• Remote Access Architecture
• Virtual Private Networks
• IPSec
• Remote Access Servers
• Remote Administration Tools
• Hardening Remote Access Infrastructure

Secure Systems Design

• Trusted Computing
• Hardware / Firmware Security
• Peripheral Device Security
• Secure Configurations
• OS Hardening
• Patch Management
• Embedded Systems
• Security for Embedded Systems

Secure Mobile Device Services

• Mobile Device Deployments
• Mobile Connection Methods
• Mobile Access Control Systems
• Enforcement and Monitoring

Secure Virtualization and Cloud Services

• Virtualization Technologies
• Virtualization Security Best Practices
• Cloud Computing
• Cloud Security Best Practices

Module 5 / Risk Management

Forensics

• Forensic Procedures
• Collecting Evidence
• Capturing System Images
• Handling and Analyzing Evidence

Disaster Recovery and Resiliency

• Continuity of Operations Plans
• Disaster Recovery Planning
• Resiliency Strategies
• Recovery Sites
• Backup Plans and Policies
• Resiliency and Automation Strategies

Risk Management

• Business Impact Analysis
• Identification of Critical Systems
• Risk Assessment
• Risk Mitigation

Secure Application Development

• Application Vulnerabilities
• Application Exploits
• Web Browser Exploits
• Secure Application Design
• Secure Coding Concepts
• Auditing Applications
• Secure DevOps

Organizational Security

• Corporate Security Policy
• Personnel Management Policies
• Interoperability Agreements
• Data Roles
• Data Sensitivity Labeling and Handling
• Data Wiping and Disposal
• Privacy and Employee Conduct Policies
• Security Policy Training

Labs Available:

• Exploring the Lab Environment
• Determining Malware Types
• Performing Network Scanning with Software Tools
• Analyzing Network Traffic with Packet Sniffing Software Tools
• Concealing Data with Steganography Tools
• Identifying Vulnerabilities with Scanning Software Tools
• Implementing Certificate Services
• Deploying Certificates and Implementing Key Recovery
• Cracking Passwords using Software Tools
• Managing Accounts in a Windows Domain
• Implementing a Secure Network Design
• Installing and Configuring a Firewall
• Installing and Configuring an Intrusion Detection System
• Implementing Secure Network Addressing Services
• Implementing a Virtual Private Network
• Installing and Configuring a Secure Email Service
• Using Forensic Tools
• Identifying a Man-in-the-Browser Attack

Ideally, you should have successfully completed the "CompTIA Network+ Support Skills" course and have around 24 months' experience of networking support or IT administration. It is not necessary that you pass the Network+ exam before completing Security+ certification, but it is recommended. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

• Know the function and basic features of the components of a PC.
• Use Windows Server to create and manage files and use basic administrative features (Explorer, Control Panel, Server Manager, and Management Consoles).
• Operate the Linux OS using basic command-line tools.
• Know basic network terminology and functions (such as OSI Model, Topology, Ethernet, Wi-Fi, switches, routers).
• Understand TCP/IP addressing, core protocols, and troubleshooting tools.