CompTIA Security+ (SY0-701)
Lessons
32+ Lessons | 396+ Exercises | 267+ Quizzes | 678+ Flashcards | 678+ Glossary of terms
TestPrep
4+ Full Length Tests | 360+ Practice Test Questions
Hands-On Labs
44+ LiveLab | 00+ Minutes
Need guidance and support? Click here to check our Instructor Led Course.
Here's what you will learn
Download Course OutlineLessons 1: Introduction
- Goals and Methods
- Who Should Read This Course?
- CompTIA Security+ Exam Topics
Lessons 2: Comparing and Contrasting the Various Types of Controls
- Control Categories
- Control Types
- Review Key Topics
- Review Questions
Lessons 3: Summarizing Fundamental Security Concepts
- Confidentiality, Integrity, and Availability (CIA)
- Non-repudiation
- Authentication, Authorization, and Accounting (AAA)
- Gap Analysis
- Zero Trust
- Physical Security
- Deception and Disruption Technology
- Review Key Topics
- Review Questions
Lessons 4: Understanding Change Management’s Security Impact
- Business Processes Impacting Security Operations
- Technical Implications
- Documentation
- Version Control
- Review Key Topics
- Review Questions
Lessons 5: Understanding the Importance of Using Appropriate Cryptographic Solutions
- Public Key Infrastructure (PKI)
- Encryption
- Transport/Communication
- Symmetric Versus Asymmetric Encryption
- Key Exchange
- Algorithms
- Key Length
- Tools
- Trusted Platform Module
- Hardware Security Module
- Key Management System
- Secure Enclave
- Obfuscation
- Steganography
- Hashing
- Salting
- Digital Signatures
- Key Stretching
- Blockchain
- Open Public Ledger
- Certificates
- Review Key Topics
- Review Questions
Lessons 6: Comparing and Contrasting Common Threat Actors and Motivations
- Threat Actors
- Attributes of Actors
- Motivations
- War
- Review Key Topics
- Review Questions
Lessons 7: Understanding Common Threat Vectors and Attack Surfaces
- Message-Based
- Image-Based
- File-Based
- Voice Call
- Removable Device
- Vulnerable Software
- Unsupported Systems and Applications
- Unsecure Networks
- Open Service Ports
- Default Credentials
- Supply Chain
- Human Vectors/Social Engineering
- Review Key Topics
- Review Questions
Lessons 8: Understanding Various Types of Vulnerabilities
- Application
- Operating System (OS)–Based
- Web-Based
- Hardware
- Virtualization
- Cloud Specific
- Supply Chain
- Cryptographic
- Misconfiguration
- Mobile Device
- Zero-Day Vulnerabilities
- Review Key Topics
- Review Questions
Lessons 9: Understanding Indicators of Malicious Activity
- Malware Attacks
- Physical Attacks
- Network Attacks
- Application Attacks
- Cryptographic Attacks
- Password Attacks
- Indicators
- Review Key Topics
- Review Questions
Lessons 10: Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise
- Segmentation
- Access Control
- Isolation
- Patching
- Encryption
- Monitoring
- Least Privilege
- Configuration Enforcement
- Decommissioning
- Hardening Techniques
- Review Key Topics
- Review Questions
Lessons 11: Comparing and Contrasting Security Implications of Different Architecture Models
- Architecture and Infrastructure Concepts
- Considerations
- Review Key Topics
- Review Questions
Lessons 12: Applying Security Principles to Secure Enterprise Infrastructure
- Infrastructure Considerations
- Secure Communication/Access
- Selection of Effective Controls
- Review Key Topics
- Review Questions
Lessons 13: Comparing and Contrasting Concepts and Strategies to Protect Data
- Data Types
- Data Classifications
- General Data Considerations
- Methods to Secure Data
- Review Key Topics
- Review Questions
Lessons 14: Understanding the Importance of Resilience and Recovery in Security Architecture
- High Availability
- Site Considerations
- Platform Diversity
- Multi-Cloud System
- Continuity of Operations
- Capacity Planning
- Testing
- Backups
- Power
- Review Key Topics
- Review Questions
Lessons 15: Applying Common Security Techniques to Computing Resources
- Secure Baselines
- Hardening Targets
- Wireless Devices
- Mobile Solutions
- Connection Methods
- Wireless Security Settings
- Application Security
- Sandboxing
- Monitoring
- Review Key Topics
- Review Questions
Lessons 16: Understanding the Security Implications of Hardware, Software, and Data Asset Management
- Acquisition/Procurement Process
- Assignment/Accounting
- Monitoring/Asset Tracking
- Disposal/Decommissioning
- Review Key Topics
- Review Questions
Lessons 17: Understanding Various Activities Associated with Vulnerability Management
- Identification Methods
- Analysis
- Vulnerability Response and Remediation
- Validation of Remediation
- Reporting
- Review Key Topics
- Review Questions
Lessons 18: Understanding Security Alerting and Monitoring Concepts and Tools
- Monitoring and Computing Resources
- Activities
- Tools
- Review Key Topics
- Review Questions
Lessons 19: Modifying Enterprise Capabilities to Enhance Security
- Firewall
- IDS/IPS
- Web Filter
- Operating System Security
- Implementation of Secure Protocols
- DNS Filtering
- Email Security
- File Integrity Monitoring
- DLP
- Network Access Control (NAC)
- Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
- User Behavior Analytics
- Review Key Topics
- Review Questions
Lessons 20: Implementing and Maintaining Identity and Access Management
- Provisioning/De-provisioning User Accounts
- Permission Assignments and Implications
- Identity Proofing
- Federation
- Single Sign-On (SSO)
- Interoperability
- Attestation
- Access Controls
- Multifactor Authentication (MFA)
- Password Concepts
- Privileged Access Management Tools
- Review Key Topics
- Review Questions
Lessons 21: Understanding the Importance of Automation and Orchestration Related to Secure Operations
- Use Cases of Automation and Scripting
- Benefits
- Other Considerations
- Review Key Topics
- Review Questions
Lessons 22: Understanding Appropriate Incident Response Activities
- Process
- Training
- Testing
- Root Cause Analysis
- Threat Hunting
- Digital Forensics
- Review Key Topics
- Review Questions
Lessons 23: Using Data Sources to Support an Investigation
- Log Data
- Data Sources
- Review Key Topics
- Review Questions
Lessons 24: Summarizing Elements of Effective Security Governance
- Guidelines
- Policies
- Standards
- Procedures
- External Considerations
- Monitoring and Revision
- Types of Governance Structures
- Roles and Responsibilities for Systems and Data
- Review Key Topics
- Review Questions
Lessons 25: Understanding Elements of the Risk Management Process
- Risk Identification
- Risk Assessment
- Risk Analysis
- Risk Register
- Risk Tolerance
- Risk Appetite
- Risk Management Strategies
- Risk Reporting
- Business Impact Analysis
- Review Key Topics
- Review Questions
Lessons 26: Understanding the Processes Associated with Third-Party Risk Assessment and Management
- Vendor Assessment
- Vendor Selection
- Agreement Types
- Vendor Monitoring
- Questionnaires
- Rules of Engagement
- Review Key Topics
- Review Questions
Lessons 27: Summarizing Elements of Effective Security Compliance
- Compliance Reporting
- Consequences of Non-compliance
- Compliance Monitoring
- Attestation and Acknowledgment
- Privacy
- Review Key Topics
- Review Questions
Lessons 28: Understanding Types and Purposes of Audits and Assessments
- Attestation
- Internal
- External
- Penetration Testing
- Review Key Topics
- Review Questions
Lessons 29: Implementing Security Awareness Practices
- Phishing
- Anomalous Behavior Recognition
- User Guidance and Training
- Reporting and Monitoring
- Development
- Execution
- Review Key Topics
- Review Questions
Lessons 30: Final Preparation
- Hands-on Activities
- Suggested Plan for Final Review and Study
- Summary
Lessons 31: Glossary
Lessons 32: Practice Set
- test set A
- test set B
- test set C
- test set D
Hands-on LAB Activities (Performance Labs)
Understanding the Importance of Using Appropriate Cryptographic Solutions
- Examining PKI Certificates
- Creating Asymmetric Key Pairs
- Using Symmetric Encryption
- Configuring BitLocker with a TPM
- Steganography using OpenStego
- Creating Certificates with OpenSSL
- Encrypting Files with EFS
Understanding Common Threat Vectors and Attack Surfaces
- Scanning the Network
- Using Social Engineering Techniques to Plan an Attack
Understanding Various Types of Vulnerabilities
- Exploiting a TOCTOU Vulnerability
- Exploiting an Overflow Vulnerability
- Examining Application Vulnerabilities
- Performing SQL Injection in DVWA
- Performing an XSS Attack in DVWA
- Detecting Virtualization
Understanding Indicators of Malicious Activity
- Fuzzing Using OWASP ZAP
- Examining Spyware
- Launching a DoS Attack
- Spoofing MAC Address with SMAC
- Conducting a Cross-Site Request Forgery Attack
- Observing an MD5-Generated Hash Value
- Cracking Passwords
- Cracking a Linux Password Using John the Ripper
Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise
- Using the chmod Command
Applying Security Principles to Secure Enterprise Infrastructure
- Examining Kerberos Settings
- Allowing SSL Connection
- Configuring a VPN
Comparing and Contrasting Concepts and Strategies to Protect Data
- Creating File Hashes
Understanding the Importance of Resilience and Recovery in Security Architecture
- Gathering site information
- Scheduling a Server Backup
Applying Common Security Techniques to Computing Resources
- Enforcing a Security Template
- Enforcing Password Policies
- Installing a RADIUS Server
Understanding Security Alerting and Monitoring Concepts and Tools
- Conducting Vulnerability Scanning Using Nessus
- Consulting a Vulnerability Database
Modifying Enterprise Capabilities to Enhance Security
- Configuring a Network Firewall
Implementing and Maintaining Identity and Access Management
- Examining Active Directory Objects
Understanding Appropriate Incident Response Activities
- Examining MITRE ATT&CK
Using Data Sources to Support an Investigation
- Viewing Windows Event Logs
- Viewing Linux Event Logs
- Capturing Credentials On-path
Summarizing Elements of Effective Security Governance
- Cracking Passwords with Rainbow Tables
Understanding Types and Purposes of Audits and Assessments
- Using the theHarvester Tool
Implementing Security Awareness Practices
- Using Anti-phishing Tools