CompTIA Security+: Survey of Malicious Activities

CompTIA Security+: Survey of Malicious Activities

• discover the key concepts covered in this course
• compare malware attacks, including ransomware, trojan horses, remote access trojans (RATs), worms, viruses, spyware and bloatware, keyloggers, logic bombs, and rootkits
• define physical attacks, such as brute force, radio-frequency identification (RFID) cloning, and environmental
• describe network attacks, including denial-of-service (DoS)/distributed denial-of-service (DDoS), domain name system (DNS) attacks, wireless, on-path, credential replay, and malicious code
• provide an overview of different application attacks, such as injection, buffer overflow, replay, privilege escalation, forgery, and directory traversal
• compare cryptographic attacks like downgrade, collision, birthday, brute force, and side-channel
• define password attacks, including spraying, brute force, and wordlists
• describe various indicators of compromise like account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, out-of-cycle logging, and missing logs
• summarize the key concepts covered in this course

CompTIA Security+: Threat Actors & Vectors

CompTIA Security+: Threat Actors & Vectors

• discover the key concepts covered in this course
• compare threat actor types including nation-state, unskilled attacker, hacktivist, insider threat, and organized crime, and attributes such as internal/external, resources/funding, sophistication, and capability levels
• define threat actor motivations such as data exfiltration, espionage, service disruption, blackmail, financial gain, political beliefs, ethical, revenge, disruption/chaos, and war
• outline human vectors and social engineering including phishing, business email compromise, vishing, smishing, disinformation, impersonation, hoaxing, pretexting, brand impersonation, typosquatting, and watering hole
• outline common attack surfaces like removable devices, vulnerable software, client-based vs. agentless, unsupported systems and applications, unsecure networks, open service ports, and default credentials
• outline supply chain vulnerabilities including managed service providers, vendors, suppliers, service providers, and hardware and software providers
• compare application vulnerabilities including memory injection, buffer overflow, race conditions, time-of-check (TOC)/time-of-use (TOU), malicious updates, and zero days
• outline OS-based and web-based vulnerabilities such as misconfiguration, unpatched, outdated, SQLi, cross-site scripting (XSS), and request forgeries
• recognize hardware and virtualization vulnerabilities including firmware, end-of-life, legacy issues, virtual machine escape, sprawl, and resource reuse
• outline the CSA list of cloud vulnerabilities
• define mobile device vulnerabilities like side loading, jailbreaking, and rooting
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Architecture & Infrastructure Concepts

SY0-701 - CompTIA Security+: Architecture & Infrastructure Concepts

• discover the key concepts covered in this course
• describe architectural considerations like high availability, durability, resilience, cost, responsiveness, scalability, ease of deployment, risk transference, patching, and power
• provide an overview of cloud computing, including cloud responsibility matrix, hybrid considerations, third-party vendors, and on-premises cloud
• define Infrastructure as Code
• compare serverless technologies
• describe containers and microservices
• provide an overview of network infrastructure, including concepts such as physical isolation, air gaps, logical segmentation, and software-defined networking
• compare centralized to decentralized design
• describe virtualization
• define industrial control systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems
• define the Internet of Things, including embedded systems, real-time operating systems, and smart systems
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Audits, Assessments, & Awareness

SY0-701 - CompTIA Security+: Audits, Assessments, & Awareness

• discover the key concepts covered in this course
• provide an overview of internal audit and attestation, including compliance, audit committee, and self-assessments
• define external audit and attestation with regulatory, examinations, assessment, and independent third-party audits
• provide an overview of penetration testing, including known environment, partially known environment, unknown environment, physical, offensive, defensive, integrated, passive, and active reconnaissance
• provide an overview of user guidance and training involving policy/handbooks, situational awareness, insider threats, password management, removable media and cables, social engineering, operational security, anomalous behavior recognition, and hybrid/remote work environments best practices
• identify how to recognize a phishing attempt and respond to reported suspicious messages
• explain security training monitoring and reporting techniques
• summarize the key concepts covered in this course

A security audit is a systematic and methodical examination of an organization’s security infrastructure, policies, and procedures. The goal is to identify vulnerabilities, weaknesses, and potential threats to sensitive information assets, physical assets, and personnel. In this final course, the learner will be exposed to topics such as internal and external audit and attestation, penetration testing audits, user guidance and training, phishing campaigns, and security training monitoring and reporting. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

SY0-701 - CompTIA Security+: Automation, Orchestration, & Incident Response

SY0-701 - CompTIA Security+: Automation, Orchestration, & Incident Response

• discover the key concepts covered in this course
• identify various automation and scripting use cases
• recognize the benefits of automation, including efficiency/time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, and workforce multiplier
• provide an overview of automation considerations such as complexity, cost, single point of failure, technical debt, and ongoing supportability
• outline the incident response process, including preparation, detection, analysis, containment, eradication, recovery, and lessons learned
• define training and testing of incident response (IR) with techniques like tabletop exercises and simulations
• provide an overview of threat hunting and root cause analysis
• outline the digital forensics process with legal hold, chain of custody, acquisition, reporting, preservation, and e-discovery
• outline the process of investigating data sources with firewall logs, application logs, endpoint logs, OS-specific security logs, IPS/IDS logs, network logs, metadata, vulnerability scans, automated reports, dashboards, and packet captures
• summarize the key concepts covered in this course

Automation offers many advantages to information technology including higher production rates and increased productivity, more efficient use of resources, both physical and logical, better product/service quality, and improved security and safety. In this course, the learner will tackle concepts such as automation and scripting use cases, continuous integration and testing, application programming interfaces (APIs), the benefits of automation, automation considerations, the incident response process, training, testing, tabletop exercises, simulations, threat hunting, root cause analysis, digital forensics, and investigation data sources. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

SY0-701 - CompTIA Security+: Computing Resources Security Techniques

SY0-701 - CompTIA Security+: Computing Resources Security Techniques

• discover the key concepts covered in this course
• define secure baselines
• describe hardening targets, such as mobile devices, switches, routers, cloud infrastructure, industrial control system (ICS)/Supervisory Control and Data Acquisition (SCADA), embedded systems, real-time operating system (RTOS), and Internet of Things (IoT) devices
• provide an overview of wireless device installation issues like site surveys and heat maps
• compare mobile device solutions, including mobile device management (MDM), sandboxing, Bring Your Own Device (BYOD), corporate-owned, personally enabled (COPE), and Choose Your Own Device (CYOD) deployment models; and compare connection methods like cellular, Wi-Fi, and Bluetooth
• describe wireless security settings such as Wi-Fi Protected Access 3 (WPA3), authentication, authorization, and accounting (AAA)/Remote Authentication Dial-In User Services (RADIUS), cryptographic protocols, and authentication protocols
• define application security techniques like input validation, secure cookies, static code analysis, and code signing
• describe asset management elements, including the acquisition/procurement process
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Data Protection Concepts & Strategies

SY0-701 - CompTIA Security+: Data Protection Concepts & Strategies

• discover the key concepts covered in this course
• compare data at rest, data in transit, and data in use
• compare data classifications including sensitive, confidential, public, restricted, private, and critical
• outline data types such as regulated, trade secrets, intellectual property, Protected Health Information (PHI), personally identifiable information (PII), legal information, financial information, and human- and non-human readable data
• identify the stages of the data life cycle
• outline geographic and cultural data issues as they relate to data security
• provide and overview encryption and hashing and how they are used to protect data
• outline how to use masking, obfuscation, and tokenization to protect data
• outline how to use segmentation and compartmentalization to protect data
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Effective Security Governance

SY0-701 - CompTIA Security+: Effective Security Governance

• discover the key concepts covered in this course
• define security governance
• compare types of governance structures like boards, committees, government entities, and centralized/decentralized structures
• define roles and responsibilities such as owners, controllers, processors, custodians, stewards, and officers
• describe external governance considerations like regulatory, legal, industry, local/regional, national, and global
• provide an overview of various organizations that specialize in security guidelines, standards, and best practices
• define standards such as password, access control, and encryption; and policies like acceptable use policy (AUP), Information security, business continuity, and change management
• describe security governance procedures, including playbooks, monitoring, and revision
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Enterprise Infrastructure Security Principles

SY0-701 - CompTIA Security+: Enterprise Infrastructure Security Principles

• discover the key concepts covered in this course
• describe infrastructure considerations like device placement, security zones, attack surface, connectivity, failure modes, and device attributes
• compare various network appliances, including jump servers, proxy servers, intrusions prevention systems (IPSs)/intrusion detection systems (IDSs), sensors, and load balancers
• define port security, including IEEE 802.1X, and Extensible Authentication Protocol (EAP)
• compare firewall types, including access control lists (ACLs), unified threat management (UTM), next-generation firewall (NGFW), layer 4/layer 7, and web application firewall (WAF)
• describe a VPN
• describe IPsec for IPv4 and IPv6
• define transport layer security
• describe software-defined wide area networks (SD-WANs) and secure access service edge (SASE)
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Enterprise Security Capabilities

SY0-701 - CompTIA Security+: Enterprise Security Capabilities

• discover the key concepts covered in this course
• review various firewall implementations like rule-based, access lists, ports and protocols, and screened subnets
• compare intrusion detection to intrusion prevention services
• outline the use of web filters, including agent-based, centralized proxies, URL scanning, content categorization, block rules, and reputation filtering
• provide an overview of operating system security like group policy and SELinux
• outline how to implement secure protocols, including protocol selection, port selection, and transport method
• provide an overview of DNS filtering, including DNSSEC and OpenDNS solutions
• outline the use of email security mechanisms like Domain-based Message Authentication Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and gateways
• provide an overview of file integrity monitoring
• outline data loss prevention initiatives and solutions
• provide an overview of network access (or admission) control (NAC)
• outline the use of endpoint detection and response (EDR) solutions, including extended detection and response (XDR) and user behavior analytics (UBA)
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Fundamental Security Concepts

SY0-701 - CompTIA Security+: Fundamental Security Concepts

• discover the key concepts covered in this course
• outline the use of gap analysis in the context of security
• provide an overview of the Zero Trust control plane including adaptive identity, threat scope reduction, policy-driven access control, and Policy Administrator
• provide an overview of the Zero Trust data plane which includes implicit trust zones, subject/system, and Policy Enforcement Points
• compare deception technologies such as honeypots, honeynets, honeyfiles, and honeytokens
• define preventative physical security controls like bollards, access control vestibule, access badges/cards, fencing, gates, mantraps, and security guards
• outline detective physical security controls like video surveillance, lighting, and infrared, pressure, microwave, and ultrasonic sensors
• outline change management business processes including approval, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, and standard operating procedures
• define change management technical implications like allow lists, deny lists, restricted activities, downtime, service restart, application restart, legacy applications, and dependencies
• understand the importance of comprehensive documentation and version control
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Identity and Access Management

SY0-701 - CompTIA Security+: Identity and Access Management

• discover the key concepts covered in this course
• provision and deprovision user accounts including permission assignments and implications, and identity proofing
• explain password concepts like best practices, length, complexity, reuse, expiration, age, password managers, and passwordless solutions
• define federation and single sign-on solutions such as Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), Security Assertion Markup Language (SAML), interoperability, and attestation
• compare access control models including mandatory, discretionary, role-based, rule-based, attribute-based, time-of-day, and least privilege
• compare multi-factor authentication (MFA) categories
• outline the use of biometric authentication modalities
• define privileged access management (PAM) and tools like just-in-time permissions, password vaulting, and ephemeral credentials
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Mitigation Techniques

SY0-701 - CompTIA Security+: Mitigation Techniques

• discover the key concepts covered in this course
• describe segmentation and isolation techniques
• compare access controls, including access control lists (ACLs), network access control lists (NACLs), permissions, allow-lists, and cloud solution provider (CSP) security groups
• define configuration management and patch management
• define the least privilege and separation of duties principles
• describe how encryption contributes to access control
• compare monitoring and visibility techniques for access controls
• compare decommissioning and offboarding
• describe hardening through encryption, endpoint detection and response (EDR), host intrusion detection system (HIDS)/host intrusion prevention system (HIPS), disabling ports/protocols, default password changes, and removal of unnecessary software
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Practical Cryptography

SY0-701 - CompTIA Security+: Practical Cryptography

• discover the key concepts covered in this course
• describe symmetric cryptography
• describe asymmetric cryptography
• compare encryption levels including full disk, partition, file, volume, database, and record
• define hashing, salting, and hash-based message authentication codes (HMACs)
• provide an overview of key exchange
• outline digital signatures and certificates
• describe PKI, including certificate authorities (CAs), certificate signing request (CSR) generation, certificate revocation lists (CRLs), Online Certificate Status Protocol (OCSP), self-signed certificates, third-party certification, Wildcard certificates, and root of trust (RoT)
• compare cryptographic tools like Trusted Platform Module (TPM), hardware security module (HSM), key management systems, secure enclaves, key stretching, obfuscation with steganography, tokenization, and data masking
• describe blockchain technology
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Resilience & Recovery

SY0-701 - CompTIA Security+: Resilience & Recovery

• discover the key concepts covered in this course
• define load balancing and clustering techniques
• compare backup strategies such as onsite/offsite, frequency, encryption, snapshots, recovery, replication, and journaling
• provide an overview of the concepts of continuity of operations and multicloud
• compare disaster recovery sites like hot, cold, warm, cloud, geographic dispersion
• provide an overview of capacity planning including people, technology, and infrastructure
• outline testing techniques such as tabletop exercises, failover, simulation, and parallel processing
• provide an overview of power considerations like generators and uninterruptible power supply (UPS)
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Risk Management

SY0-701 - CompTIA Security+: Risk Management

• discover the key concepts covered in this course
• define risk management
• describe risk identification and assessment, including ad hoc, recurring, one-time, and continuous
• provide an overview of risk analysis, including concepts like qualitative and quantitative risk analysis, probability/likelihood, and impact/magnitude
• describe risk treatment and handling methods such as transfer, accept, and exemption, and risk appetite approaches like expansionary, conservative, and neutral
• define risk registers and ledgers, key risk indicators, risk owners, and risk thresholds
• describe risk reporting techniques
• provide an overview of business impact analysis, including concepts like Recovery Time Objective (RTO), Recovery Point Objective (RPO), mean time to repair (MTTR), and mean time between failures (MTBF)
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Security Compliance & Third-Party Risk

SY0-701 - CompTIA Security+: Security Compliance & Third-Party Risk

• discover the key concepts covered in this course
• provide an overview of compliance monitoring, including concepts such as due diligence/care, attestation, acknowledgment, and compliance automation
• describe internal and external compliance reporting
• identify the consequences of non-compliance
• outline privacy considerations like legal implications, data subjects, ownership, and the right to be forgotten
• describe vendor assessment and selection using penetration testing, the right-to-audit clause, supply chain analysis, due diligence, conflict of interest, and rules of engagement
• compare various agreement types including the non-disclosure agreement (NDA), memorandum of agreement (MOA), memorandum of understanding (MOU), service-level agreement (SLA), master service agreement (MSA), work order (WO), statement of work (SOW), and business partners agreement (BPA)
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Security Goals & Controls

SY0-701 - CompTIA Security+: Security Goals & Controls

• discover the key concepts covered in this course
• provide an overview of the CIA Triad which includes confidentiality, integrity, and availability
• define non-repudiation
• compare authentication, authorization, and accounting
• outline how to authenticate people
• outline how to authenticate systems
• compare authorization models
• compare control categories like technical, managerial, operational, and physical
• compare control types including preventive, deterrent, detective, corrective, compensating, and directive
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Security Monitoring & Alerting

SY0-701 - CompTIA Security+: Security Monitoring & Alerting

• discover the key concepts covered in this course
• describe monitoring computing resources like systems, applications, and infrastructure with agents and agentless solutions
• define monitoring activities such as log aggregation, alerting, scanning, reporting, archiving, alert response and remediation, and validation
• provide an overview of Security Content Automation Protocol (SCAP), including its importance and specifications
• describe security information and event management (SIEM) systems and their benefits
• define security orchestration, automation, and response (SOAR) systems
• describe antivirus systems and data loss prevention (DLP)
• provide an overview of Simple Network Management Protocol (SNMP) traps
• describe NetFlow and NetFlow records
• summarize the key concepts covered in this course

SY0-701 - CompTIA Security+: Vulnerability Management

SY0-701 - CompTIA Security+: Vulnerability Management

• discover the key concepts covered in this course
• provide an overview of various threat feeds, including open-source intelligence (OSINT), proprietary/third-party, information-sharing organizations, dark web, Common Vulnerability Scoring System (CVSS), and Common Vulnerability Enumeration (CVE)
• outline application vulnerability assessments, including static analysis, dynamic analysis, and package monitoring
• outline concepts of vulnerability scanning, including accuracy confirmation
• describe penetration testing and the penetration testing life cycle
• provide an overview of vulnerability response and remediation, including topics like patching, insurance, segmentation, compensating controls, and exceptions and exemptions
• validate and report on remediation processes and procedures
• summarize the key concepts covered in this course