CompTIA Security+ Certification kursus /course. In English. Also Remote

This is a course for those interested in pursuing CompTIA Security+ certification.

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. The course includes an exam voucher and our on-site testing centre allows you to take the exam when you're ready.

Jobs that use CompTIA Security+

• Security Administrator
• Helpdesk Manager / Analyst
• Security Engineer / Analyst
• IT Auditor
• Systems Administrator
• Network / Cloud Engineer
• DevOps / Software Developer
• IT Project Manager

Prerequisites

It is recommended that you hold CompTIA Network+ Certification and have two years of experience in IT administration with a security focus.

Duration

5 days. Hands-on.

Course Objectives

IT security is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place. That’s where CompTIA Security+ comes in. Get the Security+ certification to show that you have the skills to secure a network and deter hackers and you’re ready for the job.

CompTIA Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management – making it an important stepping stone of an IT security career.

CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:

• Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions.
• Monitor and secure hybrid environments, including cloud, mobile, and IoT.
• Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance.
• Identify, analyze, and respond to security events and incidents.

Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Why is it different?

• More choose Security+
• Chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.
• Security+ proves hands-on skills
• The only baseline cybersecurity certification emphasizing hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today’s complex issues.
• More job roles turn to Security+ to supplement skills
• Baseline cybersecurity skills are applicable across more of today’s job roles to secure systems, software and hardware.
• Security+ is aligned to the latest trends and techniques
• Covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.

The primary goal of this course is to help you pass the exam required to earn the Security+ certification. To do this, your knowledgeable instructor will blend hands-on labs with tailored lectures and practice exams to help you prepare. The course includes an exam voucher and our on-site testing centre allows you to take the exam when you're ready.

What skills will you learn?

• Attacks, Threats and Vulnerabilities
• Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events.
• Architecture and Design
• Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.
• Implementation
• Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.
• Operations and Incident Response
• Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.
• Governance, Risk and Compliance
• Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Course Content

This outline includes all topics relevant to the required exam, however, due to the flexible nature of this course, your instructor will customise your training to focus on topics you need to fill the knowledge gap in order for you to successfully pass the exam and earn your certification.

Threats, Attacks and Vulnerabilities

Compare and contrast different types of social engineering techniques
Phishing
Smishing
Vishing
Spam
Spam over Internet messaging (SPIM)
Spear phishing
Dumpster diving
Shoulder surfing
Pharming
Tailgating
Eliciting information
Whaling
Prepending
Identity fraud
Invoice scams
Credential harvesting
Reconnaissance
Hoax
Impersonation
Watering hole attack
Typo squatting
Influence campaigns
Principles (reasons for effectiveness)

Given a scenario, analyze potential indicators to determine the type of attack
Malware
Password attacks
Physical attacks
Adversarial artificial intelligence (AI)
Supply-chain attacks
Cloud-based vs. on-premises attacks
Cryptographic attacks

Given a scenario, analyze potential indicators associated with application attacks
Privilege escalation
Cross-site scripting
Injections
Pointer/object dereference
Directory traversal
Buffer overflows
Race conditions
Error handling
Improper input handling
Replay attack
Integer overflow
Request forgeries
Application programming interface (API) attacks
Resource exhaustion
Memory leak
Secure sockets layer (SSL) stripping
Driver manipulation
Pass the hash

Given a scenario, analyze potential indicators associated with network attacks
Wireless
Man in the middle
Man in the browser
Layer 2 attacks
Domain name system (DNS)
Distributed denial of service (DDoS)
Malicious code or script execution

Explain different threat actors, vectors, and intelligence sources
Actors and threats
Attributes of actors
Vectors
Threat intelligence sources
Research sources

Explain the security concerns associated with various types of vulnerabilities
Cloud-based vs. on-premises vulnerabilities
Zero-day
Weak configurations
Third-party risks
Improper or weak patch management
Legacy platforms
Impacts

Summarize the techniques used in security assessments
Threat hunting
Vulnerability scans
Syslog/Security information and event management (SIEM)
Security orchestration, automation, response (SOAR)

Explain the techniques used in penetration testing
Penetration testing
Passive and active reconnaissance
Exercise types

Architecture and Design

Explain the importance of security concepts in an enterprise environment
Configuration management
Data sovereignty
Data protection
Hardware security module (HSM)
Geographical considerations
Cloud access security broker (CASB)
Response and recovery controls
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
Hashing
API considerations
Site resiliency
Deception and disruption

Summarize virtualization and cloud computing concepts
Cloud models
Cloud service providers
Managed service provider (MSP)/Managed security service provider (MSSP)
On-premises vs. off-premises
Fog computing
Edge computing
Thin client
Containers
Micro-services/API
Infrastructure as code
Serverless architecture
Services integration
Resource policies
Transit gateway
Virtualization

Summarize secure application development, deployment, and automation concepts
Environment
Provisioning and deprovisioning
Integrity measurement
Secure coding techniques
Open Web Application Security Project (OWASP)
Software diversity
Automation/scripting
Elasticity
Scalability
Version control

Summarize authentication and authorization design concepts
Authentication methods
Biometrics
Multifactor authentication (MFA) factors and attributes
Authentication, authorization, and accounting (AAA)
Cloud vs. on-premises requirements

Given a scenario, implement cybersecurity resilience
Redundancy
Replication
On-premises vs. cloud
Backup types
Non-persistence
High availability
Restoration order
Diversity

Explain the security implications of embedded and specialized systems
Embedded systems
System control and data acquisition (SCADA)/industrial control system (ICS)
Internet of Things (IoT)
Specialized
Voice over IP (VoIP)
Heating, ventilation, air conditioning (HVAC)
Drones/AVs
Multifunction printer (MFP)
Real-time operating system (RTOS)
Surveillance systems
System on chip (SoC)
Communication considerations
Constraints

Explain the importance of physical security controls
Bollards/barricades
Mantraps
Badges
Alarms
Signage
Cameras
Closed-circuit television (CCTV)
Industrial camouflage
Personnel
Locks
USB data blocker
Lighting
Fencing
Fire suppression
Sensors
Drones/UAV
Visitor logs
Faraday cages
Air gap
Demilitarized zone (DMZ)
Protected cable distribution
Secure areas
Secure data destruction

Summarize the basics of cryptographic concepts
Digital signatures
Key length
Key stretching
Salting
Hashing
Key exchange
Elliptical curve cryptography
Perfect forward secrecy
Quantum
Post-quantum
Ephemeral
Modes of operation
Blockchain
Cipher suites
Symmetric vs. asymmetric
Lightweight cryptography
Steganography
Homomorphic encryption
Common use cases
Limitations

Implementation

Given a scenario, implement secure protocols
Protocols
Use cases

Given a scenario, implement host or application security solutions
Endpoint protection
Boot integrity
Database
Application security
Hardening
Self-encrypting drive (SED)/full disk encryption (FDE)
Hardware root of trust
Trusted Platform Module (TPM)
Sandboxing

Given a scenario, implement secure network designs
Load balancing
Network segmentation
Virtual private network (VPN)
DNS
Network access control (NAC)
Out-of-band management
Port security
Network appliances
Access control list (ACL)
Route security
Quality of service (QoS)
Implications of IPv6
Port spanning/port mirroring
Monitoring services
File integrity monitors

Given a scenario, install and configure wireless security settings
Cryptographic protocols
Authentication protocols
Methods
Installation considerations

Given a scenario, implement secure mobile solutions
Connection methods and receivers
Mobile device management (MDM)
Mobile devices
Enforcement and monitoring
Deployment models

Given a scenario, apply cybersecurity solutions to the cloud
Cloud security controls
Solutions
Cloud native controls vs. third-party solutions

Given a scenario, implement identity and account management controls
Identity
Account types
Account policies

Given a scenario, implement authentication and authorization solutions
Authentication management
Authentication
Access control schemes

Given a scenario, implement public key infrastructure
Public key infrastructure (PKI)
Types of certificates
Certificate formats
Concepts

Operations and Incident Response

Given a scenario, use the appropriate tool to assess organizational security
Network reconnaissance and discovery
File manipulation
Shell and script environments
Packet capture and replay
Forensics
Exploitation frameworks
Password crackers
Data sanitization

Summarize the importance of policies, processes, and procedures for incident response
Incident response plans
Incident response process
Exercises
Attack frameworks
Stakeholder management
Communication plan
Disaster recovery plan
Business continuity plan
Continuity of operation planning (COOP)
Incident response team
Retention policies

Given an incident, utilize appropriate data sources to support an investigation
Vulnerability scan output
SIEM dashboards
Log files
syslog/rsyslog/syslog-ng
journalctl
nxlog
Retention
Bandwidth monitors
Metadata
Netflow/sflow
Protocol analyzer output

Given an incident, apply mitigation techniques or controls to secure an environment
Reconfigure endpoint security solutions
Configuration changes
Isolation
Containment
Segmentation
Secure Orchestration, Automation, and Response (SOAR)

Explain the key aspects of digital forensics
Documentation/evidence
Acquisition
On-premises vs. cloud
Integrity
Preservation
E-discovery
Data recovery
Non-repudiation
Strategic intelligence/counterintelligence

Governance, Risk, and Compliance

Compare and contrast various types of controls
Categories
Control types

Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture
Regulations, standards, and legislation
Key frameworks
Benchmarks/secure configuration guides

Explain the importance of policies to organizational security
Personnel
Diversity of training techniques
Third-party risk management
Data
Credential policies
Organizational policies

Summarize risk management processes and concepts
Risk types
Risk management strategies
Risk analysis
Disasters
Business impact analysis

Explain privacy and sensitive data concepts in relation to security
Organizational consequences of privacy breaches
Notifications of breaches
Data types
Privacy enhancing technologies
Roles and responsibilities
Information life cycle
Impact assessment
Terms of agreement
Privacy notice

Subject to change after publishing