Home » Training » CompTIA Security+

Title

CompTIA Security+




CompTIA's Security+ is the premier vendor-neutral security certification and demonstrates your knowledge of security concepts, tools, and procedures. It confirms your ability to react to security incidents, and it validates your skill in anticipating security risks and guarding against them.

 

In our Security+ Prep Course, you will learn to:

  • Proactively implement sound security protocols to mitigate security risks
  • Quickly respond to security issues
  • Retroactively identify where security breaches may have occurred
  • Design a network, on-site or in the cloud, with security in mind

 

 


Our Security+ Prep Course prepares you for the Security+ certification exam based on the 2011 objectives (Exam SYO-301), which is included in the approved list of certifications to meet DoD Directive 8570.1 requirements. Our Security+ courseware has received the CompTIA Approved Quality Content (CAQC) symbol assuring you that all test objectives are covered in the training material.

Candidates for the Security+ certification (SY0-301)

CompTIA A+ certification and CompTIA Network+ certification or equivalent experience

1. Mitigating Threats

  • System maintenance
  • Application security
  • Physical security
  • Malware
  • Social engineering

 

2. Cryptography

  • Symmetric cryptography
  • Public key cryptography

 

3. Authentication

  • Authentication factors and requirements
  • Authentication systems
  • Authentication system vulnerabilities

 

4. User- and Role-Based Security

  • Baseline security policies
  • Resource access

 

5. Peripheral Security

  • File and disk encryption
  • Peripheral and component security
  • Mobile device security

 

6. Public Key Infrastructure

  • Public key cryptography
  • Implementing public key infrastructure (PKI)
  • Web server security with PKI

 

7. Application and Messaging Security

  • Application security
  • E-mail security
  • Social networking and messaging

 

8. Ports and Protocols

  • TCP/IP basics
  • Protocol-based attacks

 

9. Network Security

  • Network devices
  • Secure network topologies
  • Secure networking
  • Virtualization and cloud computing

 

10. Wireless Security

  • Wireless network security
  • Mobile device security

 

11. Remote Access Security

  • Remote access
  • Virtual private networks

 

12. Vulnerability Testing

  • Risk and vulnerability assessment
  • Auditing and logging
  • Intrusion detection and prevention systems
  • Incident response

 

13. Organizational Security

  • Organizational policies
  • Education and training
  • Disposal and destruction

 

14. Business Continuity

  • Redundancy planning
  • Disaster recovery
  • Environmental controls

Appendix A: CompTIA Security+ Objectives Map
Appendix B: CompTIA Security+ Acronyms
Labs

Lab activities include instructor-led question and answer sessions, interactive group discussions, as well as hands-on activities.

1. Mitigating Threats Lab Activities

  • Identifying common security threats
  • Updating the operating system
  • Managing software patches
  • Checking for and installing service packs
  • Determining whether you need to update your computer's BIOS
  • Configuring Windows Firewall
  • Managing application security
  • ID-related security concerns
  • Plant security
  • Identifying and differentiating malware
  • Installing antivirus software
  • Scanning your system for spyware
  • Social engineering
  • Phishing
  • Comparing anti-spam measures
  • Evaluating the risks of social networking

 

2. Cryptography Lab Activities

  • Encrypting and decrypting data with a one-time pad
  • Calculating hashes
  • Sharing a secret message with steganography
  • Public key cyptography
  • Certificates
  • Certificate trusts
  • Comparing single- and dual-sided certificates
  • Quantum cryptography

 

3. Authentication Lab Activities

  • Evaluating authentication factors
  • Requirements of a secure authentication system
  • Comparing authentication protocols
  • NTLM authentication
  • Components of Kerberos
  • Null sessions
  • Identifying authentication vulnerabilities
  • Capturing passwords with a protocol analyzer
  • Cracking passwords

 

4. User- and Role-Based Security Lab Activities

  • Using MBSA to analyze security
  • Creating a console to manage local security policies
  • Using the GPMC
  • Creating users and groups based on security needs
  • Securing file resources

 

5. Peripheral Security Lab Activities

  • Enabling file-based encryption
  • Creating an encrypted volume
  • Mounting, using, and dismounting an encrypted volume
  • Risks associated with common peripherals
  • Using Windows Policies to mitigate the security risks of peripherals
  • Vulnerabilities of mobile devices
  • Mobile device security

 

6. PKI Lab Activities

  • Life cycle and management of certificates
  • Installing a stand-alone root certificate authority (CA)
  • Installing an enterprise subordinate CA
  • Implementing a file-based certificate request
  • Managing your certificate server
  • Requesting a user certificate
  • Revoking a certificate
  • Enabling the EFS recovery agent template
  • Enrolling for a recovery agent certificate
  • Enabling key archival
  • Re-enrolling all certificates
  • Requesting and installing a web server certificate
  • Enabling SSL for the certificate server web site
  • Making a secure connection
  • Requesting a client certificate via the web

 

7. Application and Messaging Security Lab Activities

  • Analyzing application risks
  • Distinguishing between application attacks
  • Identifying the security risks of an e-mail system
  • Configuring an e-mail client to use secure authentication
  • S/MIME features
  • Installing Gnu Privacy Guard and Enigmail
  • Creating an Open PGP certificate and key pair
  • Sending a signed message
  • Evaluating the risks of social networking
  • Considering IM security

 

8. Ports and Protocols Lab Activities

  • TCP/IP architecture
  • Protocols in the TCP/IP suite
  • Using port numbers
  • Comparing IPv4 and IPv6 packets
  • Preventing common protocol-based attacks
  • Assessing your vulnerability to DDoS attacks
  • Scanning ports
  • Checking ARP cache
  • Spoofing attacks
  • Replay and hijacking attacks

 

9. Network Security Lab Activities

  • Low-layer networking devices
  • Routers
  • NAT and PAT devices
  • Firewalls and proxy servers
  • Identifying inherent weaknesses in network devices
  • Overcoming device threats
  • Comparing firewall-based secure topologies
  • Disabling connection bridging
  • VLANs
  • Benefits of NAC
  • Security enabled by VPNs
  • Configuring firewall rules
  • Blocking ports with a firewall
  • VLAN security
  • Router security
  • Benefits and risks of virtualization
  • Benefits and risks of cloud computing

 

10. Wireless Security Lab Activities

  • Comparing wireless network protocols
  • Configuring a wireless access point
  • Configuring a wireless client
  • Wireless networking vulnerabilities
  • Scanning for insecure access points
  • Enabling transmission encryption
  • Identifying threats related to cell phones and PDAs

 

11. Remote Access Security Lab Activities

  • RADIUS authentication
  • Role of LDAP in a remote access environment
  • TACACS+ authentication
  • How 802.1x adds security to your network
  • Installing Network Policy and Access Services
  • Configuring an NPS network policy
  • Configuring NPS accounting
  • Comparing VPN protocols
  • Installing Routing and Remote Access Services
  • Enabling a VPN
  • Configuring NPS to provide RADIUS authentication for your VPN

 

12. Vulnerability Testing Lab Activities

  • Vulnerability and penetration testing
  • Scanning the network
  • Viewing event logs
  • Device and application logging
  • IDS characteristics
  • Comparing host-based and network intrusion detection systems
  • Role and use of honeypots and honeynets
  • Examining the forensics process

 

13. Organizational Security Lab Activities

  • CIA, controls, and risk assessment
  • Creating a security policy
  • Creating a human resource policy
  • Incidence response and reporting policies
  • Change management software options
  • Need for user education and training
  • Education opportunities and methods
  • Deciding whether to destroy or dispose of IT equipment

 

14. Business Continuity Lab Activities

  • Creating a business continuity plan
  • RAID levels
  • Selecting backup schemes
  • Identifying appropriate media rotation and storage plans
Updating ....