CompTIA® Security+® Certification Support Skills

CompTIA® Security+® (Exam SY0-401) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. You can also take this course to prepare for the CompTIA Security+ certification examination. In this course, you will build on your knowledge of and professional experience with security fundamentals, networks, and organizational security as you acquire the specific skills required to implement basic security services on any type of computer network.


This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-401) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today's job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your computer security skill set so that you can confidently perform your duties in any security-related role.


Upon successful completion of this course, students will be able to:

  • Identify the fundamental concepts of computer security.

  • Identify security threats and vulnerabilities.

  • Manage data, application, and host security.

  • Implement network security.

  • Identify and implement access control and account management security measures.

  • Manage certificates.

  • Identify and implement compliance and operational security measures.

  • Manage risk.

  • Troubleshoot and manage security incidents.

  • Plan for business continuity and disaster recovery


 

Course Outline

odule 1 – Security Threats and Controls

  • Security Controls • Why is Security Important? • Security Policy • Security Controls • Identification • Authentication • Authorization • Basic Authorization Policies • Accounting

  • Threats and Attacks • Vulnerability, Threat, and Risk • Social Engineering • Phishing • Malware • Trojans and Spyware • Preventing Malware • Anti-Virus Software • Removing Malware

  • Network Attacks • Network Fundamentals • Sniffers and Protocol Analyzers • ARP Attacks • IP Spoofing and Hijacking • Network Mappers and Port Scanners • Denial of Service Attacks

  • Assessment Tools and Techniques • Vulnerability Assessments and Pentests • Security Assessment Techniques • Vulnerability Scanners • Honeypots and Honeynets


Module 2 – Cryptography and Access Control

  • Cryptography Uses of Cryptography • Cryptographic Terminology and Ciphers • Encryption Technologies • Cryptographic Hash Functions • Symmetric Encryption • Asymmetric Encryption • Diffie-Hellman • ECC and Quantum Cryptography • Transport Encryption • Cryptographic Attacks • Steganography • Labs • Steganography

  • Public Key Infrastructure • PKI and Certificates • Certificate Authorities • Implementing PKI • Creating Keys • Key Recovery Agents • Key Status and Revocation • PKI Trust Models • Cryptographic Standards • PGP / GPG • Labs • Configuring Certificate Services

  • Password Authentication • LAN Manager / NTLM • Kerberos • PAP and CHAP • Password Protection • Password Attacks

  • Strong Authentication • Token-based Authentication • Biometric Authentication • Common Access Card • Extensible Authentication Protocol • RADIUS and TACACS+ • Federation and Trusts

  • Authorization and Account Management • Privilege Policies • Directory Services • Lightweight Directory Access Protocol • Windows Active Directory • Creating and Managing User Accounts • Managing Group Accounts • Account Policy Enforcement • User Rights, Permissions, and Access Reviews


Module 3 – Network Security

  • Secure Network Design • Secure Network Topologies • Demilitarized Zones • Other Security Zones • Network Device Exploitation • Switches and VLANs • Switch Vulnerabilities and Exploits • Routers • Network Address Translation
    Security Appliances and Applications • Basic Firewalls • Stateful Firewalls • Proxies and Gateways • Implementing a Firewall or Gateway • Web and Email Security Gateways • Intrusion Detection Systems • IDS Analysis Engines • Monitoring System Logs

  • Wireless Network Security • Wireless LANs • WEP and WPA • Wi-Fi Authentication • Additional Wi-Fi Security Settings • Wi-Fi Site Security

  • VPN and Remote Access Security • Remote Access • Virtual Private Networks • IPSec • Remote Access Servers • Remote Administration Tools • Hardening Remote Access Infrastructure

  • Network Application Security • Application Layer Security • DHCP Security • DNS Security • SNMP Security • Storage Area Network Security • IPv4 versus IPv6 • Telephony


Module 4 – Host, Data, and Application Security

  • Host Security • Computer Hardening • Host Security Management Plan • OS Hardening • Patch Management • Endpoint Security • Network Access Control • Labs • Network Access Protection

  • Data Security • Data Handling • Data Encryption • Data Loss Prevention • Backup Plans and Policies • Backup Execution and Frequency • Restoring Data and Verifying Backups • Data Wiping and Disposal

  • Web Services Security • HyperText Transport Protocol • SSL / TLS • Web Servers • Load Balancers • File Transfer
    Web Application Security • Web Application Technologies • Web Application Databases • Web Application Exploits • Web Application Browser Exploits • Secure Web Application Design • Auditing Web Applications • Web Browser Security

  • Virtualization and Cloud Security • Virtualization Technologies • Virtual Platform Applications • Virtualization Best Practices • Cloud Computing • Risks of Cloud Computing


Module 5 – Operational Security

  • Site Security • Site Layout and Access • Gateways and Locks • Alarm Systems • Surveillance • Hardware Security • Environmental Controls • Hot and Cold Aisles • RFI / EMI • Fire Prevention and Suppression

  • Mobile and Embedded Device Security • Static Environments • Mitigating Risk in Static Environments • Mobile Device Security • Mobile Device Management • BYOD Concerns • Mobile Application Security • Bluetooth and NFC

  • Risk Management • Business Continuity Concepts • Risk Calculation • Risk Mitigation • Integration with Third Parties • Service Level Agreements • Change and Configuration Management

  • Disaster Recovery • Disaster Recovery Planning • IT Contingency Planning • Clusters and Sites

  • Incident Response and Forensics • Incident Response Procedures • Preparation • Detection, and Analysis • Containment • Eradication, and Recovery • Forensic Procedures • Collection of Evidence • Handling and Analyzing Evidence

  • Security Policies and Training • Corporate Security Policy • Operational Policies • Privacy and Employee Policies • Standards and Best Practice • Security Policy Training and User Habits

Audience

CompTIA Security+ is aimed at IT professionals with job roles such as security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator and network administrator.

Available Course Dates

08/21/2017 9:00 am - 08/25/2017 5:00 pmGuaranteed to Run
10/09/2017 11:00 am - 10/13/2017 7:00 pm
12/04/2017 11:00 am - 12/08/2017 7:00 pm
Click here to sign up for this class