CompTIA

CompTIA Security+ (SY0-701)

(CYBISU-SY0-701.AB1)
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Instructor-Led (Add-on)
Get A Free Trial

Skills You’ll Get

The CompTIA Security+ certification exam ensures that a successful candidate has the knowledge and skills necessary to evaluate the security posture of an enterprise environment. This includes suggesting and implementing suitable security solutions, securing hybrid environments covering cloud, mobile, and IoT, and operating with an understanding of relevant laws and policies, incorporating governance, risk, and compliance principles.

Get the support you need. Enroll in our Instructor-Led Course.

Download Course Outline

1

Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • CompTIA Security+ Exam Topics
2

Comparing and Contrasting Different Types of Social Engineering Techniques

  • Social Engineering Fundamentals
  • User Security Awareness Education
  • Review Key Topics
3

Analyzing Potential Indicators to Determine the Type of Attack

  • Malicious Software (Malware)
  • Password Attacks
  • Physical Attacks
  • Adversarial Artificial Intelligence
  • Supply-Chain Attacks
  • Cloud-based vs. On-premises Attacks
  • Cryptographic Attacks
  • Review Key Topics
4

Analyzing Potential Indicators Associated with Application Attacks

  • Privilege Escalation
  • Cross-Site Scripting (XSS) Attacks
  • Injection Attacks
  • Pointer/Object Dereference
  • Directory Traversal
  • Buffer Overflows
  • Race Conditions
  • Error Handling
  • Improper Input Handling
  • Replay Attacks
  • Request Forgeries
  • Application Programming Interface (API) Attacks
  • Resource Exhaustion
  • Memory Leaks
  • Secure Socket Layer (SSL) Stripping
  • Driver Manipulation
  • Pass the Hash
  • Review Key Topics
5

Analyzing Potential Indicators Associated with Network Attacks

  • Wireless Attacks
  • On-Path Attacks
  • Layer 2 Attacks
  • Domain Name System (DNS) Attacks
  • Distributed Denial-of-Service (DDoS) Attacks
  • Malicious Code or Script Execution Attacks
  • Review Key Topics
6

Understanding Different Threat Actors, Vectors, and Intelligence Sources

  • Actors and Threats
  • Attributes of Threat Actors
  • Attack Vectors
  • Threat Intelligence and Threat Intelligence Sources
  • Research Sources
  • Review Key Topics
7

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

  • Cloud-based vs. On-premises Vulnerabilities
  • Zero-day Vulnerabilities
  • Weak Configurations
  • Third-party Risks
  • Improper or Weak Patch Management
  • Legacy Platforms
  • The Impact of Cybersecurity Attacks and Breaches
  • Review Key Topics
8

Summarizing the Techniques Used in Security Assessments

  • Threat Hunting
  • Vulnerability Scans
  • Logs and Security Information and Event Management (SIEM)
  • Security Orchestration, Automation, and Response (SOAR)
  • Review Key Topics
9

Understanding the Techniques Used in Penetration Testing

  • Penetration Testing
  • Passive and Active Reconnaissance
  • Exercise Types
  • Review Key Topics
10

Understanding the Importance of Security Concepts in an Enterprise Environment

  • Configuration Management
  • Data Sovereignty and Data Protection
  • Site Resiliency
  • Deception and Disruption
  • Review Key Topics
11

Summarizing Virtualization and Cloud Computing Concepts

  • Cloud Models
  • Cloud Service Providers
  • Cloud Architecture Components
  • Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
  • Review Key Topics
12

Summarizing Secure Application Development, Deployment, and Automation Concepts

  • Software Development Environments and Methodologies
  • Application Provisioning and Deprovisioning
  • Software Integrity Measurement
  • Secure Coding Techniques
  • Open Web Application Security Project (OWASP)
  • Software Diversity
  • Automation/Scripting
  • Elasticity and Scalability
  • Review Key Topics
13

Summarizing Authentication and Authorization Design Concepts

  • Authentication Methods
  • Biometrics
  • Multifactor Authentication (MFA) Factors and Attributes
  • Authentication, Authorization, and Accounting (AAA)
  • Cloud vs. On-premises Requirements
  • Review Key Topics
14

Implementing Cybersecurity Resilience

  • Redundancy
  • Replication
  • On-premises vs. Cloud
  • Backup Types
  • Non-persistence
  • High Availability
  • Restoration Order
  • Diversity
  • Review Key Topics
15

Understanding the Security Implications of Embedded and Specialized Systems

  • Embedded Systems
  • Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
  • Internet of Things (IoT)
  • Specialized Systems
  • Voice over IP (VoIP)
  • Heating, Ventilation, and Air Conditioning (HVAC)
  • Drones
  • Multifunction Printers (MFP)
  • Real-Time Operating Systems (RTOS)
  • Surveillance Systems
  • System on a Chip (SoC)
  • Communication Considerations
  • Embedded System Constraints
  • Review Key Topics
16

Understanding the Importance of Physical Security Controls

  • Bollards/Barricades
  • Access Control Vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-Circuit Television (CCTV)
  • Industrial Camouflage
  • Personnel
  • Locks
  • USB Data Blockers
  • Lighting
  • Fencing
  • Fire Suppression
  • Sensors
  • Drones
  • Visitor Logs
  • Faraday Cages
  • Air Gap
  • Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
  • Protected Cable Distribution
  • Secure Areas
  • Secure Data Destruction
  • Review Key Topics
17

Summarizing the Basics of Cryptographic Concepts

  • Digital Signatures
  • Key Length
  • Key Stretching
  • Salting
  • Hashing
  • Key Exchange
  • Elliptic-Curve Cryptography
  • Perfect Forward Secrecy
  • Quantum
  • Post-Quantum
  • Ephemeral
  • Modes of Operation
  • Blockchain
  • Cipher Suites
  • Symmetric vs. Asymmetric Encryption
  • Lightweight Cryptography
  • Steganography
  • Homomorphic Encryption
  • Common Use Cases
  • Limitations
  • Review Key Topics
18

Implementing Secure Protocols

  • Protocols
  • Use Cases
  • Review Key Topics
19

Implementing Host or Application Security Solutions

  • Endpoint Protection
  • Antimalware
  • Next-Generation Firewall
  • Host-based Intrusion Prevention System
  • Host-based Intrusion Detection System
  • Host-based Firewall
  • Boot Integrity
  • Database
  • Application Security
  • Hardening
  • Self-Encrypting Drive/Full-Disk Encryption
  • Hardware Root of Trust
  • Trusted Platform Module
  • Sandboxing
  • Review Key Topics
20

Implementing Secure Network Designs

  • Load Balancing
  • Network Segmentation
  • Virtual Private Network
  • DNS
  • Network Access Control
  • Out-of-Band Management
  • Port Security
  • Network Appliances
  • Access Control List
  • Route Security
  • Quality of Service
  • Implications of IPv6
  • Port Spanning/Port Mirroring
  • Monitoring Services
  • File Integrity Monitors
  • Review Key Topics
21

Installing and Configuring Wireless Security Settings

  • Cryptographic Protocols
  • Authentication Protocols
  • Methods
  • Installation Considerations
  • Review Key Topics
22

Implementing Secure Mobile Solutions

  • Connection Methods and Receivers
  • Mobile Device Management
  • Mobile Device Management Enforcement and Monitoring
  • Mobile Devices
  • Deployment Models
  • Review Key Topics
23

Applying Cybersecurity Solutions to the Cloud

  • Cloud Security Controls
  • Solutions
  • Cloud Native Controls vs. Third-Party Solutions
  • Review Key Topics
24

Implementing Identity and Account Management Controls

  • Identity
  • Account Types
  • Account Policies
  • Review Key Topics
25

Implementing Authentication and Authorization Solutions

  • Authentication Management
  • Authentication/Authorization
  • Access Control Schemes
  • Review Key Topics
26

Implementing Public Key Infrastructure

  • Public Key Infrastructure
  • Types of Certificates
  • Certificate Formats
  • PKI Concepts
  • Review Key Topics
27

Using the Appropriate Tool to Assess Organizational Security

  • Network Reconnaissance and Discovery
  • File Manipulation
  • Shell and Script Environments
  • Packet Capture and Replay
  • Forensics
  • Exploitation Frameworks
  • Password Crackers
  • Data Sanitization
  • Review Key Topics
28

Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

  • Incident Response Plans
  • Incident Response Process
  • Exercises
  • Attack Frameworks
  • Stakeholder Management
  • Communication Plan
  • Disaster Recovery Plan
  • Business Continuity Plan
  • Continuity of Operations Planning (COOP)
  • Incident Response Team
  • Retention Policies
  • Review Key Topics
29

Using Appropriate Data Sources to Support an Investigation

  • Vulnerability Scan Output
  • SIEM Dashboards
  • Log Files
  • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth Monitors
  • Metadata
  • NetFlow/sFlow
  • Protocol Analyzer Output
  • Review Key Topics
30

Applying Mitigation Techniques or Controls to Secure an Environment

  • Reconfigure Endpoint Security Solutions
  • Configuration Changes
  • Isolation
  • Containment
  • Segmentation
  • SOAR
  • Review Key Topics
31

Understanding the Key Aspects of Digital Forensics

  • Documentation/Evidence
  • Acquisition
  • On-premises vs. Cloud
  • Integrity
  • Preservation
  • E-discovery
  • Data Recovery
  • Nonrepudiation
  • Strategic Intelligence/Counterintelligence
  • Review Key Topics
32

Comparing and contrasting the Various Types of Controls

  • Control Category
  • Control Types
  • Review Key Topics
33

Understanding the Importance of Applicable Regul...orks That Impact Organizational Security Posture

  • Regulations, Standards, and Legislation
  • Key Frameworks
  • Benchmarks and Secure Configuration Guides
  • Review Key Topics
34

Understanding the Importance of Policies to Organizational Security

  • Personnel Policies
  • Diversity of Training Techniques
  • Third-Party Risk Management
  • Data Concepts
  • Credential Policies
  • Organizational Policies
  • Review Key Topics
35

Summarizing Risk Management Processes and Concepts

  • Risk Types
  • Risk Management Strategies
  • Risk Analysis
  • Disaster Analysis
  • Business Impact Analysis
  • Review Key Topics
36

Understanding Privacy and Sensitive Data Concepts in Relation to Security

  • Organizational Consequences of Privacy and Data Breaches
  • Notifications of Breaches
  • Data Types and Asset Classification
  • PII
  • PHI
  • Privacy Enhancing Technologies
  • Roles and Responsibilities
  • Information Lifecycle
  • Impact Assessment
  • Terms of Agreement
  • Privacy Notice
  • Review Key Topics
37

Final Preparation

  • Hands-on Activities
  • Suggested Plan for Final Review and Study
  • Summary

1

Comparing and Contrasting Different Types of Social Engineering Techniques

  • Detecting a Phishing Site Using Netcraft
2

Analyzing Potential Indicators Associated with Network Attacks

  • Performing ARP Spoofing
  • Spoofing MAC Address with SMAC
  • Enabling Debug Logging on the DNS Server
  • Preventing Zone Transfers
  • Simulating a DoS Attack
3

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

  • Installing the Web Server IIS Server Role
4

Summarizing the Techniques Used in Security Assessments

  • Remediating Vulnerabilities on the Network 
  • Running a Security Scan to Identify Vulnerabilities
5

Understanding the Techniques Used in Penetration Testing

  • Remediating Vulnerabilities on the Local Workstation
6

Implementing Cybersecurity Resilience

  • Configuring Secondary Virtual Hard Disk
  • Importing a Virtual Machine
  • Creating a Virtual Switch
  • Creating a Virtual Machine
  • Creating a Backup Schedule
  • Installing Windows Server Backup
  • Creating a Backup Once
7

Summarizing the Basics of Cryptographic Concepts

  • Observing an MD5-Generated Hash Value
8

Implementing Secure Protocols

  • Configuring a Static TCP/IP Address
9

Implementing Host or Application Security Solutions

  • Managing Windows Firewall
  • Configuring Windows Firewall
  • Implementing Data Execution Prevention
  • Enabling Intrusion Prevention and Detection
  • Configuring a Perimeter Firewall
  • Using Windows Defender
  • Using BitLocker in Windows 10
10

Implementing Secure Network Designs

  • Installing and Configuring NLB
  • Configuring NLB Operations
  • Verifying Network Services
  • Installing Remote Access Services
  • Configuring Remote Access VPN
  • Working with Task Manager
  • Using Network Monitoring
11

Implementing Identity and Account Management Controls

  • Assigning Permissions to Folders
  • Securing Default Accounts
  • Managing a User Account
  • Managing Services with Group Policy
  • Configuring Group Policy Settings
  • Enabling Audit Policies
  • Enabling Object Access Auditing
  • Configuring Audit Group Policy
  • Restricting Local Accounts
12

Implementing Authentication and Authorization Solutions

  • Configuring Kerberos Policy Settings
13

Implementing Public Key Infrastructure

  • Configuring the SSL Port Setting
  • Using OpenSSL to Create a Public/Private Key Pair
  • Configuring SSL Connections
  • Adding a Certificate to MMC
14

Using the Appropriate Tool to Assess Organizational Security

  • Viewing Results of Live Hosts
  • Observing Traffic Patterns Using Wireshark
  • Analyzing Protocols with Wireshark
15

Using Appropriate Data Sources to Support an Investigation

  • Viewing Running Processes on a Linux-based Machine
16

Understanding the Importance of Policies to Organizational Security

  • Configuring Account Policies
  • Creating a User Account and Configuring Restrictions
  • Creating a Fine-Grained Password Policy
  • Resetting a Password

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

CompTIA Network+ and two years of experience in IT administration with a focus on security.

USD 219

Pearson VUE

Multiple choice and performance-based questions

The exam contains 90 questions.

90 minutes

750

(on a scale of 100-900)

Three years

Know more about the CYBISU-SY0-701.AB1

Related Courses

All Courses