CompTIA Security+ Break Down

Posted on November 3, 2010. Filed under: CompTIA Security+ |


CompTIA Security+ certification (also known as CompTIA Security Plus) is an international industry credential that validates the knowledge of information security professionals. Two years of hands-on experience is Recommended but not required.

Number of questions: 100

Length of test: 90 minutes

Passing score: 750 on a scale of 100-900

Cost: $258

The author created this free CompTIA Security+ study guide by collecting various free multimedia resources from the network, including a lot of youtube videos.

Lesson 1 – SCompTIA Security+ OverviewIn this lesson you will learn what CompTIA Security+ test is and the six domains the exam tests, you will do a high level overview of the security threats and threats mitigation.

Lesson 2 – Redundancy and Fault ToleranceIn this video you will learn to eliminate single points of failures by implementing fault tolerance and redundancy.

  • Single Points of Failure
  • Fault Tolerance
  • Redundant Array of Inexpensive Disk (RAID)
  • Heating Ventilation and Air Conditioning (HVAC)
  • Fire Suppression
  • Redundancy
  • Server Redundancy
  • Network Redundancy
  • Redundant Sites
  • Environmental Components

Lesson 3 – Implementing Disaster RecoveryIn this video you will learn to prepare a disaster recovery plan. Plus, you will work hands-on to implement your own disaster recovery program.

  • Disaster Recovery Planning
  • System & Data Backup & Restore – Types of Backup Jobs
  • System & Data Backup & Restore – Rotation Schemes
  • Disaster Recovery Exercise

Lesson 4 – Incident ResponseIn this video you will learn how to utilize forensics to protect the integrity of potential evidence of an IT security breach, as it’s being collected. Plus, you will work hands-on to implement incident response procedures when a network or system attack occurs, so that you are ready to take the appropriate actions before systems or data are compromised.

  • Forensics
  • Incident Response
  • Chain of Custody
  • Collection of Evidence

Lesson 5 – Social EngineeringIn this video you will learn how to combat several different types of social engineering attacks.

  • Globomantics Scenario
  • Social Engineering
  • Social Engineering Tactics
  • Phishing
  • Hoaxes
  • Dumpster Diving
  • Tail Gating
  • Shoulder Surfing
  • User Education and Awareness

Lesson 6 – Organizational PoliciesIn this video you will learn how to create an IT security policy document that includes outlining a security policy for IT components, information and data.

  • Globomantics Scenario
  • Policies Overview
  • Due Care, Due Diligence, and Due Process
  • Security Controls
  • IT Security Policy Components
  • Regulatory Compliance
  • Risk Management
  • Separation of Duties
  • Change Management
  • Security Related HR Policies
  • Management Involvement in IT Security

Lesson 7 – System Scanning and MonitoringIn this video you will learn how to identify the types of monitoring that your IT department has in place. Plus, you will learn the details of several different monitoring strategies so that you will be able to recommend the best monitoring system for your IT environment.

  • Globomantics Scenario
  • System Monitors
  • Agent Based System Monitors
  • Simple Network Management Protocol (SNMP) System Monitors
  • Performance Monitoring
  • Network Tools
  • Port Scanner
  • Protocol Analyzer
  • Network Mapper
  • Vulnerability Scanner
  • Intrusion Detection System (IDS)
  • Network-based vs. Host-based IDS
  • Signature-based IDS vs. Anomaly-based IDS
  • Passive vs. Reactive IDS
  • Penetration Testing

Lesson 8 – Logging and AuditingIn this video you will learn how to take advantage of logging and how to properly use the information in logs to benefit your company. Plus, you will learn how to continually audit user access and rights to assess the potential level of risk that is posed to the company by client computer useage.

  • Globomantics Scenario
  • Logging
  • Logging and Log Management
  • Centralized vs. Distributed Logging
  • Log Rotation and Retention
  • System Logs
  • Application Logs
  • Security Logs
  • Auditing
  • User Access and Rights Review
  • Risk Assessment and Mitigation
  • Logging Demonstration

Lesson 9 – Network Design ComponentsIn this video you will learn about the network design considerations you should examine when designing a network. Plus, you will discover how to utilize security zones to design different areas of your network with different security requirements.

  • Globomantics Scenario
  • N-Tier Architecture
  • Network Access Control (NAC)
  • Network Access Translation (NAT)
  • Security Zones
  • Demilitarized Zones (DMZ)
  • Intranet
  • Extranet
  • VLAN

Lesson 10 – Networking ComponentsIn this video you will learn about the different types of network cabling, the various speeds of different network cables, and the security implications as they apply to these network cables. Plus, you will discover the pros and cons of several different network devices and the differences between three different types of firewalls.

  • Coaxial Cable
  • Twisted Pair Cable
  • Fiber Optic Cable
  • Network Devices
  • Hubs
  • Switches
  • Routers
  • Modems and Remotes Access Server (RAS)
  • Packet Filtering Firewalls
  • Application Layer Firewalls
  • Stateful Inspection Firewalls

Lesson 11 – Networking Protocols and ExploitationsIn this video you will learn about different networking protocols, especially the most common networking protocol, TCP/IP. Plus, you will discover several different protocol exploits that can be used by hackers to take advantage of the weak points of your IT security.

  • OSI 7 Layer Model
  • Networking Protocols
  • TCP/IP
  • Globomantics Scenario
  • Spoofing
  • Man In The Middle (MITM)
  • TCP/IP Hijacking
  • Null Session
  • Replay Attacks
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • DNS Poisoning

Lesson 12 – Remote Access SecurityIn this video you will learn how to secure private data on a public network using the different types of Virtual Private Networks. Plus, you will examine the various Remote Access Protocols, how they differ from each other, and different security issues that these protocols face.

  • Virtual Private Network (VPN)
  • Globomantics Scenario
  • VPN Tunneling Protocols
  • Point to Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)
  • Internet Protocol Security (IPSec)
  • Tunneling Protocol Comparison
  • Secure Shell (SSH)
  • 802.1X

Lesson 13 – Wireless NetworksIn this video you will learn about the different types of wireless protocols that allow wireless communication to occur. Plus, you will discover the several different wireless exploits used by hackers to take advantage of and use your own wireless network against your company.

  • Wireless Communications Overview
  • Wireless Access Points
  • Wireless Transport Layer Security
  • IEEE Wireless Standards
  • Protecting Wireless Networks
  • Passive and Active Attacks
  • Wardriving
  • Bluetooth Vulnerabilities and Protection
  • Site Survey

Lesson 14 – System SecurityIn this video you will learn how to secure your system hardware, which will include focusing on how USB drives can be a critical security threat. Plus, you will work hands-on with a server baseline security checklist to prevent these hardware vulnerabilities.

  • Securing BIOS
  • Securing USB Devices
  • Securing Directly Attached Storage
  • Security Templates
  • Configuration Baseline
  • Hotfixes, Patches and Service Packs
  • Patch Management
  • System Hardening

Lesson 15 – System Security ThreatsIn this video you will learn about the different types of malware that can attack your servers. Plus, you will discover the steps you can take to make sure you can keep these threats from adversely effecting your IT environment.

  • Default Accounts and Passwords
  • Password Strength
  • Back Doors
  • Privilege Escalation
  • Malware
  • Root Kits
  • Trojan Horses
  • Viruses
  • Worms
  • Spyware
  • Spam
  • Logic Bombs

Lesson 16 – Security ApplicationsIn this video you will learn how to apply different security applications to your environment to improve your overall IT security.

  • Globomantics Scenario
  • Personal Software Firewalls
  • Host-Based Intrusion Detection Systems
  • Proxy Servers
  • Honey Pots
  • Virtualization Security Considerations

Lesson 17 – Email SecurityIn this video you will learn how email works so that you can better understand how to secure your email messaging system. Plus, you will discover some email vulnerabilities and how you can address them in your own infrastructure.

  • Background Vocabulary
  • Globomantics Scenario
  • E-Mail Overview
  • E-Mail Protocols
  • Multipurpose Internet Mail Extensions (MIME)
  • Secure Multipurpose Internet Mail Extensions (S/MIME)
  • Pretty Good Privacy (PGP)
  • E-Mail Vulnerabilities: SMTP Open Relays and Human Behavior

Lesson 18 – Web SecurityIn this video you will learn how to lock down your web servers to make sure they are secure when being deployed as public facing web servers.

  • Web Server Security
  • Building Secure Web Services
  • Web Services Description Language (WSDL)
  • Content Filters
  • Browser Protocols
  • Instant Messaging

Lesson 19 – Web Based VulnerabiltiesIn this video you will learn how to improve your IT security by utilizing various programming languages that can be used in specific situations. Plus, you will learn about different web vulnerabilities and how you can properly deal with these vulnerabilities in you IT environment.

  • Globomantics Scenario
  • Browser Vulnerabilities and Hardening
  • Java
  • Code Signing
  • ActiveX
  • Common Gateway Interface (CGI)
  • Buffer Overflow
  • Cross Site Scripting (XSS)
  • Cookies

Lesson 20 – File Transfer Protocol (FTP) SecurityIn this video you will learn how to securely access an FTP server. Plus, you will examine the various FTP vulnerabilities and how you can deal with these to securely transfer files within your organization.

  • Globomantics Scenario
  • File Transfer Protocol (FTP) Overview
  • FTP Access
  • FTP Authentication
  • FTP Vulnerabilities
  • Securing File Transfer

Lesson 21 – Access Control ModelsIn this video you will walk through the steps you need to take to properly apply access controls to the resources in your server environment.

  • Access Control Overview
  • Classification of Information
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
  • Role Base Access Control (RBAC)

Lesson 22 – Logical and Physical Access ControlsIn this video you will work hands-on to establish an access control model on your computer systems using logical access controls. Plus, you will examine how to secure your physical environment by implementing physical access controls.

  • Logical Access Controls
  • User Names and Passwords
  • Logon Time Restrictions
  • Account Expiration
  • Group Policy
  • Tokens
  • Physical Access Controls
  • Identification
  • Physical Access Logs and Lists
  • Man-Trap
  • Door Access Systems
  • Video Surveillance

Lesson 23 – Authentication ModelsIn this video you will learn how the different types of authentication models can be applied to your server environment to bolster your security from an authentication standpoint.

  • Identification vs. Authentication
  • Multi-Tiered Authentication
  • Single Sign-on
  • Kerberos
  • Mutual Authentication
  • Lightweight Directory Access Protocol (LDAP)
  • Terminal Access Control Access Control System (TACACS)
  • Remote Access Dial In User Service (RADIUS)
  • Password Authentication Protocol (PAP)
  • Challenge Handshake Authentication Protocols (CHAP)

Lesson 24 – Cryptographic AlgorithmsIn this lesson you will learn the basic concepts of cryptographic algorithms and how encryption uses these technologies to provide security to your IT environment.

Lesson 25 – Using CryptographyIn this video you will learn how to utilize cryptography to secure your IT environment. Plus, you will delve into the practice of steganography, which allows you to hide data in file so that people cannot detect that the extra data exists.

  • Cryptographic Key Pair Usage
  • X.509
  • Digital Certificates
  • Single vs. Dual Sided Certificates
  • Digital Signatures
  • Data Encryption
  • Steganography

Lesson 26 – Public Key Infrastructure (PKI)In this lesson you will learn about the building blocks of PKI and how you can use PKI to manage every aspect of digital certificates.

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: