CompTIA

CompTIA Security+ (SY0-701)

This course includes

Lessons

TestPrep

Lab

Hands-On Labs (Add-on)

AI Tutor (Add-on)

Lessons

32+ Lessons | 396+ Exercises | 267+ Quizzes | 678+ Flashcards | 678+ Glossary of terms

TestPrep

4+ Full Length Tests | 360+ Practice Test Questions

Hands-On Labs

44+ LiveLab | 00+ Minutes

Need guidance and support? Click here to check our Instructor Led Course.

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

Goals and Methods
Who Should Read This Course?
CompTIA Security+ Exam Topics

Lessons 2: Comparing and Contrasting the Various Types of Controls

Control Categories
Control Types
Review Key Topics
Review Questions

Lessons 3: Summarizing Fundamental Security Concepts

Confidentiality, Integrity, and Availability (CIA)
Non-repudiation
Authentication, Authorization, and Accounting (AAA)
Gap Analysis
Zero Trust
Physical Security
Deception and Disruption Technology
Review Key Topics
Review Questions

Lessons 4: Understanding Change Management’s Security Impact

Business Processes Impacting Security Operations
Technical Implications
Documentation
Version Control
Review Key Topics
Review Questions

Lessons 5: Understanding the Importance of Using Appropriate Cryptographic Solutions

Public Key Infrastructure (PKI)
Encryption
Transport/Communication
Symmetric Versus Asymmetric Encryption
Key Exchange
Algorithms
Key Length
Tools
Trusted Platform Module
Hardware Security Module
Key Management System
Secure Enclave
Obfuscation
Steganography
Hashing
Salting
Digital Signatures
Key Stretching
Blockchain
Open Public Ledger
Certificates
Review Key Topics
Review Questions

Lessons 6: Comparing and Contrasting Common Threat Actors and Motivations

Threat Actors
Attributes of Actors
Motivations
War
Review Key Topics
Review Questions

Lessons 7: Understanding Common Threat Vectors and Attack Surfaces

Message-Based
Image-Based
File-Based
Voice Call
Removable Device
Vulnerable Software
Unsupported Systems and Applications
Unsecure Networks
Open Service Ports
Default Credentials
Supply Chain
Human Vectors/Social Engineering
Review Key Topics
Review Questions

Lessons 8: Understanding Various Types of Vulnerabilities

Application
Operating System (OS)–Based
Web-Based
Hardware
Virtualization
Cloud Specific
Supply Chain
Cryptographic
Misconfiguration
Mobile Device
Zero-Day Vulnerabilities
Review Key Topics
Review Questions

Lessons 9: Understanding Indicators of Malicious Activity

Malware Attacks
Physical Attacks
Network Attacks
Application Attacks
Cryptographic Attacks
Password Attacks
Indicators
Review Key Topics
Review Questions

Lessons 10: Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise

Segmentation
Access Control
Isolation
Patching
Encryption
Monitoring
Least Privilege
Configuration Enforcement
Decommissioning
Hardening Techniques
Review Key Topics
Review Questions

Lessons 11: Comparing and Contrasting Security Implications of Different Architecture Models

Architecture and Infrastructure Concepts
Considerations
Review Key Topics
Review Questions

Lessons 12: Applying Security Principles to Secure Enterprise Infrastructure

Infrastructure Considerations
Secure Communication/Access
Selection of Effective Controls
Review Key Topics
Review Questions

Lessons 13: Comparing and Contrasting Concepts and Strategies to Protect Data

Data Types
Data Classifications
General Data Considerations
Methods to Secure Data
Review Key Topics
Review Questions

Lessons 14: Understanding the Importance of Resilience and Recovery in Security Architecture

High Availability
Site Considerations
Platform Diversity
Multi-Cloud System
Continuity of Operations
Capacity Planning
Testing
Backups
Power
Review Key Topics
Review Questions

Lessons 15: Applying Common Security Techniques to Computing Resources

Secure Baselines
Hardening Targets
Wireless Devices
Mobile Solutions
Connection Methods
Wireless Security Settings
Application Security
Sandboxing
Monitoring
Review Key Topics
Review Questions

Lessons 16: Understanding the Security Implications of Hardware, Software, and Data Asset Management

Acquisition/Procurement Process
Assignment/Accounting
Monitoring/Asset Tracking
Disposal/Decommissioning
Review Key Topics
Review Questions

Lessons 17: Understanding Various Activities Associated with Vulnerability Management

Identification Methods
Analysis
Vulnerability Response and Remediation
Validation of Remediation
Reporting
Review Key Topics
Review Questions

Lessons 18: Understanding Security Alerting and Monitoring Concepts and Tools

Monitoring and Computing Resources
Activities
Tools
Review Key Topics
Review Questions

Lessons 19: Modifying Enterprise Capabilities to Enhance Security

Firewall
IDS/IPS
Web Filter
Operating System Security
Implementation of Secure Protocols
DNS Filtering
Email Security
File Integrity Monitoring
DLP
Network Access Control (NAC)
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
User Behavior Analytics
Review Key Topics
Review Questions

Lessons 20: Implementing and Maintaining Identity and Access Management

Provisioning/De-provisioning User Accounts
Permission Assignments and Implications
Identity Proofing
Federation
Single Sign-On (SSO)
Interoperability
Attestation
Access Controls
Multifactor Authentication (MFA)
Password Concepts
Privileged Access Management Tools
Review Key Topics
Review Questions

Lessons 21: Understanding the Importance of Automation and Orchestration Related to Secure Operations

Use Cases of Automation and Scripting
Benefits
Other Considerations
Review Key Topics
Review Questions

Lessons 22: Understanding Appropriate Incident Response Activities

Process
Training
Testing
Root Cause Analysis
Threat Hunting
Digital Forensics
Review Key Topics
Review Questions

Lessons 23: Using Data Sources to Support an Investigation

Log Data
Data Sources
Review Key Topics
Review Questions

Lessons 24: Summarizing Elements of Effective Security Governance

Guidelines
Policies
Standards
Procedures
External Considerations
Monitoring and Revision
Types of Governance Structures
Roles and Responsibilities for Systems and Data
Review Key Topics
Review Questions

Lessons 25: Understanding Elements of the Risk Management Process

Risk Identification
Risk Assessment
Risk Analysis
Risk Register
Risk Tolerance
Risk Appetite
Risk Management Strategies
Risk Reporting
Business Impact Analysis
Review Key Topics
Review Questions

Lessons 26: Understanding the Processes Associated with Third-Party Risk Assessment and Management

Vendor Assessment
Vendor Selection
Agreement Types
Vendor Monitoring
Questionnaires
Rules of Engagement
Review Key Topics
Review Questions

Lessons 27: Summarizing Elements of Effective Security Compliance

Compliance Reporting
Consequences of Non-compliance
Compliance Monitoring
Attestation and Acknowledgment
Privacy
Review Key Topics
Review Questions

Lessons 28: Understanding Types and Purposes of Audits and Assessments

Attestation
Internal
External
Penetration Testing
Review Key Topics
Review Questions

Lessons 29: Implementing Security Awareness Practices

Phishing
Anomalous Behavior Recognition
User Guidance and Training
Reporting and Monitoring
Development
Execution
Review Key Topics
Review Questions

Lessons 30: Final Preparation

Hands-on Activities
Suggested Plan for Final Review and Study
Summary

Lessons 31: Glossary

Lessons 32: Practice Set

test set A
test set B
test set C
test set D

Hands-on LAB Activities (Performance Labs)

Understanding the Importance of Using Appropriate Cryptographic Solutions

Examining PKI Certificates
Creating Asymmetric Key Pairs
Using Symmetric Encryption
Configuring BitLocker with a TPM
Steganography using OpenStego
Creating Certificates with OpenSSL
Encrypting Files with EFS

Understanding Common Threat Vectors and Attack Surfaces

Scanning the Network
Using Social Engineering Techniques to Plan an Attack

Understanding Various Types of Vulnerabilities

Exploiting a TOCTOU Vulnerability
Exploiting an Overflow Vulnerability
Examining Application Vulnerabilities
Performing SQL Injection in DVWA
Performing an XSS Attack in DVWA
Detecting Virtualization

Understanding Indicators of Malicious Activity

Fuzzing Using OWASP ZAP
Examining Spyware
Launching a DoS Attack
Spoofing MAC Address with SMAC
Conducting a Cross-Site Request Forgery Attack
Observing an MD5-Generated Hash Value
Cracking Passwords
Cracking a Linux Password Using John the Ripper

Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise

Using the chmod Command

Applying Security Principles to Secure Enterprise Infrastructure

Examining Kerberos Settings
Allowing SSL Connection
Configuring a VPN

Comparing and Contrasting Concepts and Strategies to Protect Data

Creating File Hashes

Understanding the Importance of Resilience and Recovery in Security Architecture

Gathering site information
Scheduling a Server Backup

Applying Common Security Techniques to Computing Resources

Enforcing a Security Template
Enforcing Password Policies
Installing a RADIUS Server

Understanding Security Alerting and Monitoring Concepts and Tools

Conducting Vulnerability Scanning Using Nessus
Consulting a Vulnerability Database

Modifying Enterprise Capabilities to Enhance Security

Configuring a Network Firewall

Implementing and Maintaining Identity and Access Management

Examining Active Directory Objects

Understanding Appropriate Incident Response Activities

Examining MITRE ATT&CK

Using Data Sources to Support an Investigation

Viewing Windows Event Logs
Viewing Linux Event Logs
Capturing Credentials On-path

Summarizing Elements of Effective Security Governance

Cracking Passwords with Rainbow Tables

Understanding Types and Purposes of Audits and Assessments

Using the theHarvester Tool

Implementing Security Awareness Practices

Using Anti-phishing Tools

Hands-on LAB Activities