CompTIA Security+

Welcome

Download the Study Guide

100% Pass Guarantee

How to Use CertMaster Labs

Labs: Exploring the Lab Environment

Overview of Security

CIA Triad

AAA of Security

Security Threats

Mitigating Threats

Hackers

Threat Actors

Threat Intelligence and Sources

Threat Hunting

Attack Frameworks

Quiz: Overview of Security

Malware

Viruses

Worms

Trojans

Demo: Viruses and Trojans

Ransomware

Spyware

Rootkits

Spam

Summary of Malware

Labs: Installing, Using, and Blocking a Malware-based Backdoor

Quiz: Malware

Malware Infections

Common Delivery Methods

Demo: Phishing

Botnets and Zombies

Active Interception and Privilege Escalation

Demo: Privilege Escalation

Backdoors and Logic Bombs

Symptoms of Infection

Labs: Identifying Malicious Code

Removing Malware

Preventing Malware

Malware Exploitation

Labs: Performing Network Reconnaissance and Vulnerability Scanning

Quiz: Malware Infection

Security Applications and Devices

Software Firewalls

Demo: Software Firewalls

IDS

Pop-up Blockers

Data Loss Prevention (DLP)

Securing the BIOS

Securing Storage Devices

Disk Encryption

Endpoint Analysis

Labs: Implementing Endpoint Protection

Quiz: Security Applications and Devices

Mobile Device Security

Securing Wireless Devices

Mobile Malware

SIM Cloning & ID Theft

Bluetooth Attacks

Mobile Device Theft

Security of Apps

BYOD

Hardening Mobile Devices

Quiz: Mobile Device Security

Hardening

Unnecessary Applications

Restricting Applications

Demo: Unnecessary Services

Trusted Operating System

Updates and Patches

Patch Management

Group Policies

Demo: Group Policies

Labs: Implementing PowerShell Security

File Systems and Hard Drives

Labs: Configuring Mitigation Controls

Quiz: Hardening

Supply Chain Assessment

Root of Trust

Trusted Firmware

Secure Processing

Quiz: Supply Chain Management

Virtualization

Hypervisors

Demo: How to create a VM

Threats to VMs

Securing VMs

Demo: Securing VMs

Quiz: Virtualization

Application Security

Web Browser Security

Web Browser Concerns

Demo: Web Browser Configuration

Labs: Identifying a Browser Attack

Securing Applications

Labs: Identifying Application Attack Indicators

Quiz: Application Security

Software Development

SDLC Principles

Testing Methods

Software Vulnerabilities and Exploit

Buffer Overflows

Demo: Buffer Overflow Attack

XSS and XSRF

SQL Injection

Demo: SQL Injection

XML Vulnerabilities

Race Conditions

Design Vulnerabilities

Labs: Identifying Application Attacks

Quiz: Secure Software Development

Network Security

The OSI Model

Switches

Routers

Network Zones

Jumpbox

Network Access Control

VLANs

Subnetting

Network Address Translation

Telephony

Labs: Implementing a Secure Network Design

Quiz: Network Design

Perimeter Security

Firewalls

Demo: SOHO Firewall

Labs: Configuring a Firewall

Proxy Servers

Honeypots and Honeynets

Data Loss Prevention

NIDS and NIPS

Labs: Configuring an Intrusion Detection Systems

Unified Threat Management

Quiz: Perimeter Security

Cloud Computing

Cloud Types

As a Service

Cloud Security

Defending Servers

Cloud-based Infrastructure

CASB

API

FAAS and Serverless

Cloud Threats

Quiz: Cloud Security

Workflow Orchestration

CI/CD

DevSecOps

IAC

Machine Learning

Quiz: Automation

Network Attacks

Ports and Protocols

Memorization of Ports

Unnecessary Ports

Denial of Service

DDoS

Stopping a DDoS

Spoofing

Hijacking

Replay Attack

Demo: Null Sessions

Transitive Attacks

DNS Attacks

ARP Poisoning

Labs: Implementing Secure Network Addressing Services

Quiz: Network Attacks

Securing Networks

Securing Network Devices

Labs: Securing the Network Infrastructure

Securing Network Media

Securing WiFi Devices

Wireless Encryption

Wireless Access Points

Wireless Attacks

Demo: Wireless Attack

WPA3

Other Wireless Technologies

Quiz: Securing Networks

Physical Security

Surveillance

Door Locks

Demo: Lock Picking

Biometric Readers

Quiz: Physical Security

Facilities Security

Fire Suppression

HVAC

Shielding

Vehicular Vulnerabilities

IoT Vulnerabilities

Embedded System Vulnerabillities

ICS and SCADA Vulnerabilities

Mitigating Vulnerabilities

Premise System Vulnerabilities

Quiz: Facilities Security

Authentication

Authentication Models

802.1x

LDAP and Kerberos

Labs: Configuring aIdentity and Access Management Controls

Remote Desktop Services

Remote Access Service

VPN

RADIUS vs TACACS+

Authentication Summary

Labs: Managing Centralized Authentication

Authentication Attacks

Quiz: Authentication

Access Control

Access Control Models

Best Practices

Users and Groups

Permissions

Usernames and Passwords

Demo: Policies

User Account Control

Labs: Managing Access Controls in Windows Server

Labs: Managing Access Controls in Linux

Quiz: Access Control

Risk Assessments

Qualitative Risk

Quantitative Risk

Methodologies

Security Controls

Types of Risk

Quiz: Risk Assessments

Vulnerability Management

Penetration Testing

Training and Exercises

OVAL

Vulnerability Assessments

Demo: Nmap Scanning

Labs: Scanning and Indentifying Network Nodes

Demo: Vulnerability Scanning

Labs: Analyzing the Results of a Credentialed Vulnerability Scan

Password Analysis

Demo: Password Cracking

Labs: Auditing Passwords with a Password Cracking Utility

Quiz: Vulnerability Management

Monitoring Types

Performance Baselining

Protocol Analyzers

Labs: Intercepting and Interpreting Network Traffic with Packet Sniffing Tools

SNMP

Demo: Analytical Tools

Auditing

Demo: Auditing Files

Labs: Configuring a Systenm for Auditing Policies

Logging

Log Files

SIEM

Syslog

SOAR

Quiz: Monitoring and Auditing

Cryptography

Symmetric vs Asymmetric

Symmetric Algorithms

Public Key Cryptography

Asymmetric Algorithms

Pretty Good Privacy

Key Management

One-Time Pad

Demo: Steganography

Cryptography Considerations

Quiz: Cryptography

Hashing

Demo: Hashing

Hashing Attacks

Increasing Hash Security

Quiz: Hashing

Public Key Infrastructure

Digital Certificates

Demo: Certificates

Labs: Managing the Life Cycle of a Certificate

Certificate Authorities

Web of Trust

Labs: Managing Certificates with OpenSSL

Quiz: Public Key Infrastructure

Security Protocols

S/MIME

SSL and TLS

SSH

Labs: Implement a Secure SSH Server

VPN Protocols

Demo: Setting up a VPN

Labs: Imnplementing a Virtual Private Network

Quiz: Security Protocols

Planning for the Worst

Redundant Power

Backup Power

Data Redundancy

Demo: RAIDs

Network Redundancy

Server Redundancy

Redundant Sites

Data Backup

Tape Rotation

Labs: Backing Up and Restoring Data in Windows and Linux

Disaster Recovery Plan

Business Impact Analysis

Quiz: Planning for the Worst

Social Engineering

Demo: Pretexting

Insider Threat

Phishing

Motivation Factors

More Social Engineering

Fraud and Scams

Influence Campaigns

User Education

Quiz: Social Engineering

Policies and Procedures

Data Classifications

Data Ownership

PII and PHI

Legal Requirements

Privacy Technologies

Security Policies

User Education

Vendor Relationships

Disposal Policies

IT Security Frameworks

Key Frameworks

Quiz: Policies and Procedures

Incident Response Procedures

Incident Response Planning

Investigative Data

Labs: Managing Data Sources for Incident Response

Labs: Managing Incident Response, Mitigation and Recovery

Forensic Procedures

Data Collection Procedures

Demo: Disk Imaging

Labs: Acquiring Digital Forensic Evidence

Security Tools

Quiz: Incident Response and Forensics

Conclusion

BONUS: What's Next?

Practice Exam (SY0-601)