CompTIA Security+ Certification Course - SY0-701

Learning Objective: This section details social engineering techniques, determine the type of attack, associate application, and network attacks, explain different threat actors, vectors, and sources and understand different vulnerabilities. 

Topics:

• Security Policy

• Threat Actors

• Social Engineering 

• Phishing & Types of Malware 

• Trojans and Spyware 

• Security Control Types 

• Defense in Depth 

• Frameworks and Compliance 

• Vulnerability Scanning and Pen Tests 

• Security Assessment Techniques 

• Pen Testing Concepts

• Vulnerability Scanning Concepts 

• Exploitation Frameworks

Learning Objective: This section details social engineering techniques, determine the type of attack, associate application, and network attacks, explain different threat actors, vectors, and sources and understand different vulnerabilities. 

Topics:

• Security Policy

• Threat Actors

• Social Engineering 

• Phishing & Types of Malware 

• Trojans and Spyware 

• Security Control Types 

• Defense in Depth 

• Frameworks and Compliance 

• Vulnerability Scanning and Pen Tests 

• Security Assessment Techniques 

• Pen Testing Concepts

• Vulnerability Scanning Concepts 

• Exploitation Frameworks

Learning Objective: Learn the basics of cryptographic concepts, implement symmetric, and asymmetric algorithms, understand attacks and how to mitigate them. 

Topics:

• Cryptographic Terminology and Ciphers 

• Cryptographic Products 

• Hashing Algorithms 

• Symmetric Algorithms

• Asymmetric Algorithms 

• Diffie-Hellman and Elliptic Curve 

• Transport Encryption 

• Cryptographic Attacks

• PKI Standards 

• Digital Certificates 

• Certificate Authorities 

• Types of Certificate 

• Implementing PKI 

• Storing and Distributing Keys 

• Key Status and Revocation 

• PKI Trust Models 

• PGP / GPG

Learning Objective: Learn about the authentication and authorization design concepts, account management controls, and understand LDAP and Active Directory. 

Topics:

• Access Control Systems 

• Identification & Authentication 

• LAN Manager / NTLM 

• Kerberos 

• PAP, CHAP, and MS-CHAP

• Password Attacks

• Token-based & Biometric Authentication 

• Common Access Card 

• Authorization 

• Directory Services 

• RADIUS and TACACS+ 

• Federation and Trusts 

• Federated Identity Protocols

• Formal Access Control Models 

• Account Types 

• Windows Active Directory 

• Creating and Managing Accounts 

• Account Policy Enforcement 

• Credential Management Policies 

• Account Restrictions 

• Accounting and Auditing

Learning Objective: Understand the network security, implement secure network design, and install and configure security appliances. 

Topics:

• Network Zones and Segments 

• Subnetting 

• Switching Infrastructure 

• Switching Attacks and Hardening 

• Endpoint Security 

• Network Access Control 

• Routing Infrastructure 

• Network Address Translation 

• Software-Defined Networking

• Basic & Stateful Firewalls 

• Implementing a Firewall or Gateway 

• Web Application Firewalls 

• Proxies and Gateways 

• Denial of Service Attacks

• Load Balancers

Learning Objective: Explain and study the implications of embedded and specialized systems, host applications security solutions, configure wireless security solutions, learn hardening concepts, deploying secure host embedded systems. 

Topics:

• Wireless LANs 

• WEP and WPA 

• Wi-Fi Authentication 

• Extensible Authentication Protocol 

• Wi-Fi Site Security 

• Personal Area Networks 

• Trusted Computing 

• Hardware / Firmware Security 

• Peripheral Device Security 

• Secure Configurations 

• OS Hardening 

• Patch Management 

• Embedded Systems 

• Security for Embedded System

Learning Objective: Understand the important security protocols used, secure network access protocols, and secure network applications. 

Topics:

• DHCP Security 

• DNS Security 

• Network Management Protocols 

• HTTP and Web Servers 

• SSL / TLS and HTTPS 

• Web Security Gateways 

• Email Services 

• S/MIME 

• File Transfer 

• Voice and Video Services 

• Voice over IP (VoIP)

• Remote Access Architecture 

• Virtual Private Networks 

• IPsec and IKE 

• Remote Access Servers 

• Remote Administration Tools 

• Hardening Remote Access Infrastructure

Learning Objective: Study the cloud computing basics, the importance of physical security controls, secure mobile applications, apply cybersecurity solutions to the cloud. 

Topics:

• Mobile Device Deployments

• Mobile Connection Methods 

• Mobile Access Control Systems 

• Enforcement and Monitoring

• Virtualization Technologies 

• Virtualization Security Best Practices 

• Cloud Computing 

• Cloud Security Best Practices

• Site Layout and Access 

• Gateways and Locks

• Alarm Systems 

• Surveillance 

• Hardware Security 

• Environmental Controls

Learning Objective: Study application development, deployment, and automation concepts, risk management, and the importance of application regulations, standards, and frameworks. 

Topics:

• Business Impact Analysis 

• Identification of Critical Systems 

• Risk Assessment 

• Risk Mitigation 

• Application Vulnerabilities 

• Application Exploits 

• Web Browser Exploits 

• Secure Application Design 

• Secure Coding Concepts 

• Auditing Applications 

• Secure DevOps

Learning Objective: Study the importance of cybersecurity resilience, digital forensics, disaster recovery concepts, organizational security, privacy, and security data concepts. 

Topics:

• Continuity of Operations Planning 

• Disaster Recovery Planning 

• Resiliency Strategies 

• Recovery Sites 

• Backup Plans and Policies 

• Resiliency and Automation Strategies

• Corporate Security Policy 

• Personnel Management Policies 

• Interoperability Agreements 

• Data Roles 

• Data Sensitivity Labeling and Handling 

• Data Wiping and Disposal 

• Privacy and Employee Conduct Policies 

• Security Policy Training

• Forensic Procedures 

• Collecting Evidence 

• Capturing System Images 

• Handling and Analyzing Evidence

CertOcean’s CompTIA Security Training Certificate is designed and developed to prepare professionals who want to establish a career in cybersecurity. Post the completion of the course, you will develop core knowledge and hands-on experience in troubleshooting networks, techniques in risk management, risk mitigation, threat management, intrusion detection, etc.

Post the completion of the course, you will learn about:

• Potent vulnerabilities and threats that may cause harm to a system or network 

• Corrective measures for incident response

• Implement cryptographic standards and products

• Install, configure, and deploy network components, identity and access services (Identity & Access Management), and management controls

• Learn the principles of organizational security and the elements of effective security policies

• Implement secure network system design and architecture concepts 

• Remote access and wireless security is enforced

• Risks and take corrective measures for risk mitigation and management

• Identify strategies for fault tolerance, ensuring business continuity, and disaster recovery

To clear the exam, you need a minimum score of 750. The exam duration is 90 minutes and includes 90 questions.

The eligibility requirements include:

• At least two years of experience in IT security administration

• Hands-on experience in technical information security

• Broad knowledge of security concepts