CompTIA Security+ (SY0-601)

(SY0-601.AB1) / ISBN : 978-1-64459-295-3

Lessons

Lab

TestPrep

AI Tutor (Add-on)

Instructor Led (Add-on)

238 Reviews

Get A Free Trial

This course includes:

Free pre-assessment and first 2 lessons

37+ Interactive Lessons | 34+ Exercises

Accessible on mobile and tablet too

Certificate of completion

About This Course

Gain hands-on experience to pass the CompTIA Security+ certification exam with the CompTIA Security+ (SY0-601) course and lab. Interactive chapters and hands-on labs comprehensively cover the SY0-601 exam objectives and provide knowledge in areas such as security concepts, operating systems, application systems, and many more. The CompTIA Security+ study guide will help you get a full understanding of the challenges you'll face as a security professional.

Skills You’ll Get

The CompTIA Security+ SY0-601 exam verifies that a candidate can assess an enterprise's security posture and recommend and implement appropriate security solutions; monitor and secure hybrid environments, such as cloud, mobile, and IoT; and operate with an understanding of applicable laws and policies, such as governance, risk, and compliance.

Get the support you need. Enroll in our Instructor-Led Course.

Get Started

Interactive Lessons

37+ Interactive Lessons | 34+ Exercises | 379+ Quizzes | 791+ Flashcards | 791+ Glossary of terms

Gamified TestPrep

104+ Pre Assessment Questions | 2+ Full Length Tests | 104+ Post Assessment Questions | 208+ Practice Test Questions

Hands-On Labs

64+ LiveLab | 65+ Video tutorials | 02:30+ Hours

Lesson Plan

Introduction

Goals and Methods
Who Should Read This Course?
CompTIA Security+ Exam Topics

Comparing and Contrasting Different Types of Social Engineering Techniques

Social Engineering Fundamentals
User Security Awareness Education
Review Key Topics

Analyzing Potential Indicators to Determine the Type of Attack

Malicious Software (Malware)
Password Attacks
Physical Attacks
Adversarial Artificial Intelligence
Supply-Chain Attacks
Cloud-based vs. On-premises Attacks
Cryptographic Attacks
Review Key Topics

Analyzing Potential Indicators Associated with Application Attacks

Privilege Escalation
Cross-Site Scripting (XSS) Attacks
Injection Attacks
Pointer/Object Dereference
Directory Traversal
Buffer Overflows
Race Conditions
Error Handling
Improper Input Handling
Replay Attacks
Request Forgeries
Application Programming Interface (API) Attacks
Resource Exhaustion
Memory Leaks
Secure Socket Layer (SSL) Stripping
Driver Manipulation
Pass the Hash
Review Key Topics

Analyzing Potential Indicators Associated with Network Attacks

Wireless Attacks
On-Path Attacks
Layer 2 Attacks
Domain Name System (DNS) Attacks
Distributed Denial-of-Service (DDoS) Attacks
Malicious Code or Script Execution Attacks
Review Key Topics

Understanding Different Threat Actors, Vectors, and Intelligence Sources

Actors and Threats
Attributes of Threat Actors
Attack Vectors
Threat Intelligence and Threat Intelligence Sources
Research Sources
Review Key Topics

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

Cloud-based vs. On-premises Vulnerabilities
Zero-day Vulnerabilities
Weak Configurations
Third-party Risks
Improper or Weak Patch Management
Legacy Platforms
The Impact of Cybersecurity Attacks and Breaches
Review Key Topics

Summarizing the Techniques Used in Security Assessments

Threat Hunting
Vulnerability Scans
Logs and Security Information and Event Management (SIEM)
Security Orchestration, Automation, and Response (SOAR)
Review Key Topics

Understanding the Techniques Used in Penetration Testing

Penetration Testing
Passive and Active Reconnaissance
Exercise Types
Review Key Topics

Understanding the Importance of Security Concepts in an Enterprise Environment

Configuration Management
Data Sovereignty and Data Protection
Site Resiliency
Deception and Disruption
Review Key Topics

Summarizing Virtualization and Cloud Computing Concepts

Cloud Models
Cloud Service Providers
Cloud Architecture Components
Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
Review Key Topics

Summarizing Secure Application Development, Deployment, and Automation Concepts

Software Development Environments and Methodologies
Application Provisioning and Deprovisioning
Software Integrity Measurement
Secure Coding Techniques
Open Web Application Security Project (OWASP)
Software Diversity
Automation/Scripting
Elasticity and Scalability
Review Key Topics

Summarizing Authentication and Authorization Design Concepts

Authentication Methods
Biometrics
Multifactor Authentication (MFA) Factors and Attributes
Authentication, Authorization, and Accounting (AAA)
Cloud vs. On-premises Requirements
Review Key Topics

Implementing Cybersecurity Resilience

Redundancy
Replication
On-premises vs. Cloud
Backup Types
Non-persistence
High Availability
Restoration Order
Diversity
Review Key Topics

Understanding the Security Implications of Embedded and Specialized Systems

Embedded Systems
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
Internet of Things (IoT)
Specialized Systems
Voice over IP (VoIP)
Heating, Ventilation, and Air Conditioning (HVAC)
Drones
Multifunction Printers (MFP)
Real-Time Operating Systems (RTOS)
Surveillance Systems
System on a Chip (SoC)
Communication Considerations
Embedded System Constraints
Review Key Topics

Understanding the Importance of Physical Security Controls

Bollards/Barricades
Access Control Vestibules
Badges
Alarms
Signage
Cameras
Closed-Circuit Television (CCTV)
Industrial Camouflage
Personnel
Locks
USB Data Blockers
Lighting
Fencing
Fire Suppression
Sensors
Drones
Visitor Logs
Faraday Cages
Air Gap
Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
Protected Cable Distribution
Secure Areas
Secure Data Destruction
Review Key Topics

Summarizing the Basics of Cryptographic Concepts

Digital Signatures
Key Length
Key Stretching
Salting
Hashing
Key Exchange
Elliptic-Curve Cryptography
Perfect Forward Secrecy
Quantum
Post-Quantum
Ephemeral
Modes of Operation
Blockchain
Cipher Suites
Symmetric vs. Asymmetric Encryption
Lightweight Cryptography
Steganography
Homomorphic Encryption
Common Use Cases
Limitations
Review Key Topics

Implementing Secure Protocols

Protocols
Use Cases
Review Key Topics

Implementing Host or Application Security Solutions

Endpoint Protection
Antimalware
Next-Generation Firewall
Host-based Intrusion Prevention System
Host-based Intrusion Detection System
Host-based Firewall
Boot Integrity
Database
Application Security
Hardening
Self-Encrypting Drive/Full-Disk Encryption
Hardware Root of Trust
Trusted Platform Module
Sandboxing
Review Key Topics

Installing and Configuring Wireless Security Settings

Cryptographic Protocols
Authentication Protocols
Methods
Installation Considerations
Review Key Topics

Implementing Secure Mobile Solutions

Connection Methods and Receivers
Mobile Device Management
Mobile Device Management Enforcement and Monitoring
Mobile Devices
Deployment Models
Review Key Topics

Applying Cybersecurity Solutions to the Cloud

Cloud Security Controls
Solutions
Cloud Native Controls vs. Third-Party Solutions
Review Key Topics

Implementing Identity and Account Management Controls

Identity
Account Types
Account Policies
Review Key Topics

Implementing Authentication and Authorization Solutions

Authentication Management
Authentication/Authorization
Access Control Schemes
Review Key Topics

Implementing Public Key Infrastructure

Public Key Infrastructure
Types of Certificates
Certificate Formats
PKI Concepts
Review Key Topics

Using the Appropriate Tool to Assess Organizational Security

Network Reconnaissance and Discovery
File Manipulation
Shell and Script Environments
Packet Capture and Replay
Forensics
Exploitation Frameworks
Password Crackers
Data Sanitization
Review Key Topics

Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

Incident Response Plans
Incident Response Process
Exercises
Attack Frameworks
Stakeholder Management
Communication Plan
Disaster Recovery Plan
Business Continuity Plan
Continuity of Operations Planning (COOP)
Incident Response Team
Retention Policies
Review Key Topics

Using Appropriate Data Sources to Support an Investigation

Vulnerability Scan Output
SIEM Dashboards
Log Files
syslog/rsyslog/syslog-ng
journalctl
NXLog
Bandwidth Monitors
Metadata
NetFlow/sFlow
Protocol Analyzer Output
Review Key Topics

Applying Mitigation Techniques or Controls to Secure an Environment

Reconfigure Endpoint Security Solutions
Configuration Changes
Isolation
Containment
Segmentation
SOAR
Review Key Topics

Understanding the Key Aspects of Digital Forensics

Documentation/Evidence
Acquisition
On-premises vs. Cloud
Integrity
Preservation
E-discovery
Data Recovery
Nonrepudiation
Strategic Intelligence/Counterintelligence
Review Key Topics

Comparing and contrasting the Various Types of Controls

Control Category
Control Types
Review Key Topics

Understanding the Importance of Applicable Regul...orks That Impact Organizational Security Posture

Regulations, Standards, and Legislation
Key Frameworks
Benchmarks and Secure Configuration Guides
Review Key Topics

Understanding the Importance of Policies to Organizational Security

Personnel Policies
Diversity of Training Techniques
Third-Party Risk Management
Data Concepts
Credential Policies
Organizational Policies
Review Key Topics

Summarizing Risk Management Processes and Concepts

Risk Types
Risk Management Strategies
Risk Analysis
Disaster Analysis
Business Impact Analysis
Review Key Topics

Understanding Privacy and Sensitive Data Concepts in Relation to Security

Organizational Consequences of Privacy and Data Breaches
Notifications of Breaches
Data Types and Asset Classification
PII
PHI
Privacy Enhancing Technologies
Roles and Responsibilities
Information Lifecycle
Impact Assessment
Terms of Agreement
Privacy Notice
Review Key Topics

Final Preparation

Hands-on Activities
Suggested Plan for Final Review and Study
Summary

Hands-on LAB Activities