Author: Christopher Rees
In order to help you prepare for the CompTIA Security+ exam, these courses align with objectives that are specific to the certification, which covers the best ways to apply security tools and identify threats.
CompTIA Security+ (2014 Objectives) prepares networking and IT professionals with the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will be given the skills to be able to accurately apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, and troubleshoot security events and incidents.
This course prepares students for the compliance and operational security section of the CompTIA Security+ (SY0-401) exam. This course deals with security issues such as compliance, risk mitigation, basic forensic procedures and environmental controls used to increase reliability, resiliency, and maintain business continuity. The importance of mitigating risk and calculating the likelihood and expected losses of various risks is covered, along with dealing with 3rd party integration, SLAs, and maintaining operations through business continuity best practices. Environmental controls including HVAC, hot and cold aisles, high availability, and fault tolerant best practices are also discussed. Confidentiality, Integrity and Availability (CIA) best practices are also covered to ensure data is secure, verified, and accessible.
This course covers the material that comprises Domain 3.0 of the CompTIA Security+ SY0-401 certification exam. Topics include types of malware, adware, viruses, spyware and backdoors, along with various types of attacks, including man-in-the-middle attacks, DDoS, Smurf attacks, phishing, xmas attacks, bluesnarfing, bluejacking, dumpster diving, etc. Also covered are various types of application attacks including XSS, XSRF, LDAP injection, SQL injection attacks and the privacy concerns created by cookies, evercookies, LSO, and Flash cookies. Penetration testing and vulnerability scanning is also covered, along with ways to calculate risk when doing security assessments, code, design, and architecture reviews.
This course covers the material that comprises Domain 4.0 of the CompTIA Security+ SY0-401 certification exam. Topics include application security concepts such as fuzzing, cross-site scripting, cross-site request forgery, application and database hardening, device security, encryption, data-wiping, SCADA and embedded systems security, virtualization and cloud security concepts, mobile device security, and the various methods used to implement security best practices.
Access control and identity management is crucial to maintaining and secure environment. Various hardware controls like RADIUS, TACACS+ and XTACACS are covered, along with directory services and authentication services like Kerberos, LDAP, SAML, and Secure LDAP. The differences between identification, authentication, and authorization are covered, along with the various tools used to ensure users are connected securely with access to resources they need. Technologies and concepts including tokens, multi-authentication, TOTP, HOTP, CHAP, and PAP are covered, along with authentication factors.
CompTIA Security+ (2014 Objectives) prepares networking and IT professionals with the required knowledge and skills to understand the concepts and technologies involved with encryption, cryptography, PKI, and the associated benefits and risks.
No prerequisites are necessary, but it is recommended that you have two or more years of experience in IT administration in addition to the Network+ certification.