|Number of Exams:
CompTIA Security+ (Exam SY0-501) is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management - making it an important stepping stone of an IT security career.
IT security is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it's essential to have effective security practices in place. That's where CompTIA Security+ comes in. Get the Security+ certification to show that you have the skills to secure a network and deter hackers and you're ready for the job.
Security+ is government approved
CompTIA Security+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. Once you obtain your Security+ you automatically have the CE designation required in the DoD Directive 8570.01 manual and going forward must comply with the CE program requirement of completing 50 CEUs in three years to maintain the credential. Security+ is also compliant with government regulations under Federal Information Security Management Act (FISMA).
Security+ is globally recognized
CompTIA Security+ is a globally recognized credential with certified professionals working in over 147 countries throughout the world.
Security+ provides substantial earnings potential
According to the Bureau of Labor Statistics, Security Specialists, Administrators and Managers earn over $86,000 per year.
The CompTIA Security+ certification is aimed at an IT security professional who has:
- A minimum of two years' experience in IT administration with a focus on security
- Day-to-day technical information security experience
- Broad knowledge of security concerns and implementation, including the topics in the domain list
1.0 Threats, Attacks and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
- Logic bomb
1.2 Compare and contrast types of attacks
- Social engineering
- Application/service attacks
- Wireless attacks
- Cryptographic attacks
1.3 Explain threat actor types and attributes.
- Types of actors
- Attributes of actors
- Use of open-source intelligence
1.4 Explain penetration testing concepts.
- Active reconnaissance
- Passive reconnaissance
- Initial exploitation
- Escalation of privilege
- Black box
- White box
- Gray box
- Penetration testing vs. vulnerability scanning
1.5 Explain vulnerability scanning concepts.
- Passively test security controls
- Identify vulnerability
- Identify lack of security controls
- Identify common misconfigurations
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
1.6 Explain the impact associated with types of vulnerabilities.
- Race conditions
- Improper input handling
- Improper error handling
- Misconfiguration/weak configuration
- Default configuration
- Resource exhaustion
- Untrained users
- Improperly configured accounts
- Vulnerable business processes
- Weak cipher suites and implementations
- Memory/buffer vulnerability
- System sprawl/undocumented assets
- Architecture/design weaknesses
- New threats/zero day
- Improper certificate and key management
2.0 Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
- VPN concentrator
- Load balancer
- Access point
- Mail gateway
- SSL/TLS accelerators
- SSL decryptors
- Media gateway
- Hardware security module
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
- Protocol analyzer
- Network scanners
- Wireless scanners/cracker
- Password cracker
- Vulnerability scanner
- Configuration compliance scanner
- Exploitation frameworks
- Data sanitization tools
- Steganography tools
- Backup utilities
- Banner grabbing
- Passive vs. active
- Command line tools
2.3 Given a scenario, troubleshoot common security issues.
- Unencrypted credentials/clear text
- Logs and events anomalies
- Permission issues
- Access violations
- Certificate issues
- Data exfiltration
- Misconfigured devices
- Weak security configurations
- Personnel issues
- Unauthorized software
- Baseline deviation
- License compliance violation (availability/integrity)
- Asset management
- Authentication issues
2.4 Given a scenario, analyze and interpret output from security technologies.
- File integrity check
- Host-based firewall
- Application whitelisting
- Removable media control
- Advanced malware tools
- Patch management tools
- Data execution prevention
- Web application firewall
2.5 Given a scenario, deploy mobile devices securely.
- Connection methods
- Mobile device management concepts
- Enforcement and monitoring
- Deployment models
2.6 Given a scenario, implement secure protocols.
3.0 Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
- Industry-standard frameworks and reference architectures
- Benchmarks/secure configuration guides
- Defense-in-depth/layered security
3.2 Given a scenario, implement secure network architecture concepts.
- Security device/technology placement
3.3 Given a scenario, implement secure systems design.
- Hardware/firmware security
- Operating systems
3.4 Explain the importance of secure staging deployment concepts.
- Secure baseline
- Integrity measurement
3.5 Explain the security implications of embedded systems.
- Smart devices/IoT
- Camera systems
- Special purpose
3.6 Summarize secure application development and deployment concepts.
- Development life-cycle models
- Secure DevOps
- Version control and change management
- Provisioning and deprovisioning
- Secure coding techniques
- Code quality and testing
- Compiled vs. runtime code
3.7 Summarize cloud and virtualization concepts.
- VM sprawl avoidance
- VM escape protection
- Cloud storage
- Cloud deployment models
- On-premise vs. hosted vs. cloud
- Cloud access security broker
- Security as a Service
3.8 Explain how resiliency and automation strategies reduce risk.
- Master image
- Distributive allocation
- Fault tolerance
- High availability
3.9 Explain the importance of physical security controls.
- Security guards
- Secure cabinets/enclosures
- Protected distribution/Protected cabling
- Faraday cage
- Lock types
- Environmental controls
- Cable locks
- Screen filters
- Motion detection
- Infrared detection
- Key management
4.0 Identity and Access Management
4.1 Compare and contrast identity and access management concepts
- Identification, authentication, authorization and accounting (AAA)
- Multifactor authentication
- Single sign-on
- Transitive trust
4.2 Given a scenario, install and configure identity and access services.
- OpenID Connect
- Secure token
4.3 Given a scenario, implement identity and access management controls.
- Access control models
- Physical access control
- Biometric factors
- Certificate-based authentication
- File system security
- Database security
4.4 Given a scenario, differentiate common account management practices.
- Account types
- General Concepts
- Account policy enforcement
5.0 Risk Management
5.1 Explain the importance of policies, plans and procedures related to organizational security.
- Standard operating procedure
- Agreement types
- Personnel management
- General security policies
5.2 Summarize business impact analysis concepts.
- Mission-essential functions
- Identification of critical systems
- Single point of failure
- Privacy impact assessment
- Privacy threshold assessment
5.3 Explain risk management processes and concepts.
- Threat assessment
- Risk assessment
- Change management
5.4 Given a scenario, follow incident response procedures.
- Incident response plan
- Incident response process
5.5 Summarize basic concepts of forensics.
- Order of volatility
- Chain of custody
- Legal hold
- Data acquisition
- Strategic intelligence/counterintelligence gathering
- Track man-hours
5.6 Explain disaster recovery and continuity of operation concepts.
- Recovery sites
- Order of restoration
- Backup concepts
- Geographic considerations
- Continuity of operation planning
5.7 Compare and contrast various types of controls.
5.8 Given a scenario, carry out data security and privacy practices.
- Data destruction and media sanitization
- Data sensitivity labeling and handling
- Data roles
- Data retention
- Legal and compliance
6.0 Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography.
- Symmetric algorithms
- Modes of operation
- Asymmetric algorithms
- Salt, IV, nonce
- Elliptic curve
- Weak/deprecated algorithms
- Key exchange
- Digital signatures
- Stream vs. block
- Key strength
- Session keys
- Ephemeral key
- Secret algorithm
- Random/pseudo-random number generation
- Key stretching
- Implementation vs. algorithm selection
- Perfect forward secrecy
- Security through obscurity
- Common use cases
6.2 Explain cryptography algorithms and their basic characteristics.
- Symmetric algorithms
- Cipher modes
- Asymmetric algorithms
- Hashing algorithms
- Key stretching algorithms
6.3 Given a scenario, install and configure wireless security settings.
- Cryptographic protocols
- Authentication protocols
6.4 Given a scenario, implement public key infrastructure.
- Types of certificates
- Certificate formats
Alabama Computer Solutions is your best choice for Security+,
Security+ certification boot camp,
Security+ boot camp,
Security+ certification training,
Security+ boot camp training,
Security+ boot camp certification,
Security+ certification course,
boot camp Security+,
certification Security+ boot camp,
certification Security+ training,
boot camp Security+ training,
certification Security+ course.