Welcome to ONLC Training Centers


CompTIA On-Demand: CompTIA Security + Certification Training Course Outline

 (5 days)
Version SY0-501

*** Note: This is an On-Demand Self Study Class, 5-days of content, 6-month unlimited access, $1295***
(Applicable State and Local taxes may be added for On-Demand purchases, depending on your location.)
CompTIA On-Demand is a self-study training solution that is a great fit for individuals with considerable IT experience who don't need a traditional 5-day class to prepare for a CompTIA exam.

Overview
You may take this course at any time; there are no set dates. The course includes hours of videos, demonstrations, lab exercises and printed courseware that will teach students about identifying security fundamentals and threats, analyzing risk, conducting security assessments, implementing network, operational, host, and software security, managing identity and access, implementing cryptography, addressing security issues, and ensuring business continuity.

Target Student
The CompTIA Security+ course is aimed at IT professionals with job roles such as security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator and network administrator. It is recommended that students have taken CompTIA Network+ certification course and exam, together with 24 months experience in networking support/IT administration

Prerequisites
Students should meet the following criteria prior to taking the course:
Recommended that students have taken CompTIA Network+ certification course and exam, together with 24 months experience in networking support/IT administration
Know the function and basic features of the components of a PC
Use Windows Server to create and manage files and use basic administrative features (Explorer, Control Panel, Management Consoles, Command Line Tools)
Operate the Linux OS using basic command-line tools Know basic network terminology and functions (such as OSI Model, Topology, Ethernet, Wi-Fi, switches, routers)
Understand TCP/IP addressing, core protocols, and troubleshooting tools

Additional Notes Regarding CompTIA Certification Exams
As with most professional IT certifications, many additional hours of study are required before the class (meeting the prerequisites) and after the class (reviewing exam objectives and practice questions). Expect to spend a significant number of hours studying before you take a CompTIA or any other IT professional exam. CompTIA certification exams are very rigorous and challenging. By studying using the practice exams, you will greatly improve your chances of passing the actual certification exam the first time.
Note: For the most up-to-date exam and exam prerequisite information, please visit: https://certification.comptia.org/training/exam-objectives

ONLC Extras
ONLC Training Centers bundles in valuable extras with our CompTIA On-Demand Courses. These extras are not available from other training companies.

Certification Exam Voucher Included (A $340 value!) All of our CompTIA classes include the cost of the CompTIA exam voucher. Students must schedule when and where they will take the exam through Pearson Vue, the CompTIA testing service.

Exam Prep Software. This web-based practice exam will help you prepare for you actual certification exam. These dynamic practice tests provide links to the training content. If you answer a question wrong, you can go back to that topic for review.

Classroom Live Labs.These labs give you access to real equipment without the need for time-consuming installation and setup. You get easy browser-based access to the equipment you need to work through the labs that align with the course content. Requires only a browser and high-speed internet access.

24/7 Online Support. You will be able to chat online with a content matter expert while you are taking your On-Demand class. And, with your permission, the expert can even take over your computer to provide assistance with your labs. (3-Month Access.)

ONLC’s Exam Pass Guarantee
ONLC’s CompTIA certification classes come with an Exam Pass Guarantee. What that essentially means is that we want to make sure that everyone is taking advantage of the Practice Test that we are providing and achieve a score of 85% or better in Certification Mode prior to us releasing the initial exam voucher.
The practice test is ordered upon request. Once you provide a copy of the course Certificate of Completion along with lab completion documentation we will email the web-based practice test. After achieving a score of 85% or better, email proof to exam@onlc.com and we will go ahead and release the exam voucher to you within 24 business hours. Should you fail the exam on the first attempt, after submitting your authorized exam score and additional study, we will then provide a second voucher. However, should you decide to not take the practice exam or to take the exam without first achieving the 85% in certification mode, the Exam Pass is null and void. Please read through our:
Exam Pass Guarantee

Do You Still Prefer a Live, Instructor-led Class?
Already know On-Demand training is not right for you? We also offer this course in a live, instructor-led format. For more details, click on the link below:
Instructor-led CompTIA Security+ Certification Training

Duration
This course takes 5 days to complete and includes 16h 19m of video presentation plus hours of practice labs.

Course Outline

Chapter 01 - Identifying Security Fundamentals
Topic A: Identify Information Security Concepts
Information Security
Goals of Information Security
Risk
Vulnerabilities
Threats
Attacks
Controls
Types of Controls
The Security Management Process
Topic B: Identify Basic Security Controls
The CIA Triad
Non-repudiation
Identification
Authentication
Authentication Factors
Authorization
Access Control
Accounting and Auditing
Principle of Least Privilege
Privilege Management
Topic C: Identify Basic Authentication and Authorization Concepts
Passwords
Tokens
Biometrics
Geolocation
Keystroke Authentication
Multi-factor Authentication
Mutual Authentication
Topic D: Identify Basic Cryptography Concepts
Cryptography
Encryption and Decryption
Encryption and Security Goals
Ciphers
A Key
Symmetric Encryption
Asymmetric Encryption
Hashing
Steganography

Chapter 02 - Analyzing Risk
Topic A: Analyze Organizational Risk
Risk Management
Components of Risk Analysis
Phases of Risk Analysis
Categories of Threat Types
Risk Analysis Methods
Risk Calculation
Risk Response Techniques
Risk Mitigation and Control Types
Change Management
Guidelines for Analyzing Risk
Topic B: Analyze the Business Impact of Risk
BIA
Impact Scenarios
Privacy Assessments
Critical Systems and Functions
Maximum Tolerable Downtime
Recovery Point Objective
Recovery Time Objective
Mean Time to Failure
Mean Time to Repair
Mean Time Between Failures
Guidelines for Performing a Business Impact Analysis

Chapter 03 - Identifying Security Threats
Topic A: Identify Types of Attackers
Hackers and Attackers
Threat Actors
Threat Actor Attributes
Open-Source Intelligence
Topic B: Identify Social Engineering Attacks
Social Engineering
Effectiveness
Impersonation
Phishing and Related Attacks
Hoaxes
Physical Exploits
Watering Hole Attacks
Topic C: Identify Malware
Malicious Code
Viruses
Worms
Adware
Spyware
Trojan Horses
Keyloggers
Remote Access Trojans
Logic Bombs
Botnets
Ransomware
Advance Persistent Threats
Topic D: Identify Software-Based Threats
Software Attacks
Password Attacks
Types of Password Attacks
Cryptographic Attacks
Types of Cryptographic Attacks
Backdoor Attacks
Application Attacks
Types of Application Attacks
Driver Manipulation
Privilege Escalation
Topic E: Identify Network-Based Threats
TCP/IP Basics
Spoofing Attacks
IP and MAC Address Spoofing
ARP Poisoning
DNS Poisoning
Port Scanning Attacks
Scan Types
Eavesdropping Attacks
Man-in-the-Middle Attacks
Man-in-the-Browser Attacks
Replay Attacks
DoS Attacks
DDoS Attacks
Hijacking Attacks
Amplification Attacks
Pass the Hash Attacks
Topic F: Identify Wireless Threats
Rogue Access Points
Evil Twins
Jamming
Bluejacking
Bluesnarfing
Near Field Communication Attacks
RFID System Attacks
War Driving, War Walking, and War Chalking
Packet Sniffing
IV Attacks
Wireless Replay Attacks
WEP and WPA Attacks
WPS Attacks
Wireless Disassociation
Topic G: Identify Physical Threats
Physical Threats and Vulnerabilities
Hardware Attacks
Environmental Threats and Vulnerabilities

Chapter 04 - Conducting Security Assessments
Topic A: Identify Vulnerabilities
Host Vulnerabilities
Software Vulnerabilities
Encryption Vulnerabilities
Network Architecture Vulnerabilities
Account Vulnerabilities
Operations Vulnerabilities
Topic B: Assess Vulnerabilities
Security Assessment
Security Assessment Techniques
Vulnerability Assessment Tools
Types of Vulnerability Scans
False Positives
Guidelines for Assessing Vulnerabilities
Topic C: Implement Penetration Testing
Penetration Testing
Penetration Testing Techniques
Box Testing Methods
Penetration Testing Tools
Guidelines for Implementing Penetration Testing

Chapter 05 - Implementing Host and Software Security
Topic A: Implement Host Security
Hardening
Operating System Security
Operating System Hardening Techniques
Trusted Computing Base
Hardware and Firmware Security
Security Baselines
Software Updates
Application Blacklisting and Whitelisting
Logging
Auditing
Anti-malware Software
Types of Anti-malware Software
Hardware Peripheral Security
Embedded Systems
Security Implications for Embedded Systems
Guidelines for Securing Hosts
Topic B: Implement Cloud and Virtualization Security
Virtualization
Hypervisors
Virtual Desktop Infrastructure
Virtualization Security
Cloud Computing
Cloud Deployment Models
Cloud Service Types
Guidelines for Securing Virtualized and Cloud-Based Resources
Topic C: Implement Mobile Device Security
Mobile Device Connection Methods
Mobile Device Management
Mobile Device Security Controls
Mobile Device Monitoring and Enforcement
Mobile Deployment Models
BYOD Security Controls
Guidelines for Implementing Mobile Device Security
Topic D: Incorporate Security in the Software Development Lifecycle
Software Development Lifecycle
Software Development Models
DevOps
Versioning
Secure Coding Techniques
Code Testing Methods
Guidelines for Incorporating Security in the Software Development Lifecycle

Chapter 06 - Implementing Network Security
Topic A: Configure Network Security Technologies
Network Components
Network Devices
Routers
Switches
Proxies
Firewalls
Load Balancer
Network Scanners and Analysis Tools
Intrusion Detection Systems
Network IDS
Intrusion Prevention Systems
Network IPS
Types of Network Monitoring Systems
Security Information and Event Management
Data Loss/Leak Prevention
Virtual Private Networks
VPN Concentrators
Security Gateways
Unified Threat Management
Guidelines for Configuring Network Security Technologies
Topic B: Secure Network Design Elements
Network Access Control
Demilitarized Zones
Network Isolation
Virtual Local Area Networks
Network Security Device Placement
Network Address Translation
Software-Defined Networking
Guidelines for Securing Network Design Elements
Topic C: Implement Secure Networking Protocols and Services
The Open Systems Interconnection Model
OSI Model and Security
Internet Protocol Suite
Domain Name System
Hypertext Transfer Protocol
Secure Sockets Layer/Transport Layer Security
HTTP Secure
Secure Shell
Simple Network Management Protocol
Real-Time Transport Protocol
Internet Control Message Protocol
Internet Protocol Security
Network Basic Input/Output System
File Transfer Protocols
Email Protocols
Additional Networking Protocols and Services
Ports and Port Ranges
Topic D: Secure Wireless Traffic
Wireless Networks
Wireless Antenna Types
802.11 Protocols
Wireless Cryptographic Protocols
Wireless Authentication Protocols
VPNs and Open Wireless
Wireless Client Authentication Methods
Wireless Access Point Security
Captive Portals
Site Surveys
Guidelines for Securing Wireless Traffic

Chapter 07 - Managing Identity and Access
Topic A: Implement Identity and Access Management
Identity and Access Management
Access Control Models
Physical Access Control Devices
Biometric Devices
Certificate-Based Authentication
File System and Database Access
Guidelines for Implementing IAM
Topic B: Configure Directory Services
Directory Services
Lightweight Directory Access Protocol
Secure LDAP
Common Directory Services
Topic C: Configure Access Services
Remote Access Methods
Tunneling
Remote Access Protocols
HMAC-Based One-Time Password
Time-Based OTP
Password Authentication Protocol
Challenge-Handshake Authentication Protocol
NT LAN Manager
Authentication, Authorization, and Accounting
Remote Authentication Dial-In User Service
Terminal Access Controller Access-Control System
Kerberos
Topic D: Manage Accounts
Account Management
Account Privileges
Account Types
Account Policy
Password Policy
Multiple Accounts
Shared Accounts
Account Management Security Controls
Credential Management
Group Policy
Identity Federation
Identity Federation Methods
Guidelines for Managing Accounts

Chapter 08 - Implementing Cryptography
Topic A: Identify Advanced Cryptography Concepts
Cryptography Elements
Hashing Concepts
Data States
Key Exchange
Digital Signatures
Cipher Suites
Session Keys
Key Stretching
Special Considerations for Cryptography
Topic B: Select Cryptographic Algorithms
Types of Ciphers
Types of Hashing Algorithms
Types of Symmetric Encryption Algorithms
Types of Asymmetric Encryption Techniques
Types of Key Stretching Algorithms
Substitution Ciphers
Exclusive Or
Cryptographic Modules
Topic C: Configure a Public Key Infrastructure
Public Key Infrastructure
PKI Components
CA Hierarchies
The Root CA
Subordinate CAs
Offline Root CAs
Types of Certificates
X.509
Certificate File Formats
CA Hierarchy Design Options
Topic D: Enroll Certificates
The Certificate Enrollment Process
The Certificate Lifecycle
Certificate Lifecycle Management
The SSL/TLS Connection Process
Topic E: Back Up and Restore Certificates and Private Keys
Private Key Protection Methods
Key Escrow
Private Key Restoration Methods
Private Key Replacement
Topic F: Revoke Certificates
Certificate Revocation
Certificate Revocation List
Online Certificate Status Protocol

Chapter 09 - Implementing Operational Security
Topic A: Evaluate Security Frameworks and Guidelines
Security Frameworks
Security Framework Examples
Security Configuration Guides
Compliance
Layered Security
Defense in Depth
Topic B: Incorporate Documentation in Operational Security
Security Policies
Common Security Policy Types
Personnel Management
Separation of Duties
Job Rotation
Mandatory Vacation
Additional Personnel Management Tasks
Training and Awareness
Business Agreements
Guidelines for Incorporating Documentation in Operational Security
Topic C: Implement Security Strategies
Security Automation
Scalability
Elasticity
Redundancy
Fault Tolerance
Redundant Array of Independent Disks
Non-persistence
High Availability
Deployment Environments
Guidelines for Implementing Security Strategies
Topic D: Manage Data Security Processes
Data Security
Data Security Vulnerabilities
Data Storage Methods
Data Encryption Methods
Data Sensitivity
Data Management Roles
Data Retention
Data Disposal
Guidelines for Managing Data Security
Topic E: Implement Physical Controls
Physical Security Controls
Physical Security Control Types
Environmental Exposures
Environmental Controls
Environmental Monitoring
Safety
Guidelines for Implementing Physical Controls

Chapter 10 - Addressing Security Issues
Topic A: Troubleshoot Common Security Issues
Access Control Issues
Encryption Issues
Data Exfiltration
Anomalies in Event Logs
Security Configuration Issues
Baseline Deviations
Software Issues
Personnel Issues
Asset Management Issues
Topic B: Respond to Security Incidents
Incident Response
Incident Preparation
Incident Detection and Analysis
Incident Containment
Incident Eradication
Incident Recovery
Lessons Learned
Incident Response Plans
First Responders
An Incident Report
Guidelines for Responding to Security Incidents
Topic C: Investigate Security Incidents
Computer Forensics
The Basic Forensic Process
Preservation of Forensic Data
Basic Forensic Response Procedures
Order of Volatility
Chain of Custody
Guidelines for Investigating Security Incidents

Chapter 11 - Ensuring Business Continuity
Topic A: Select Business Continuity and Disaster Recovery Processes
Business Continuity and Disaster Recovery
The Disaster Recovery Process
Recovery Team
Order of Restoration
Recovery Sites
Secure Recovery
Backup Types (Full)
Backup Types (Differential vs. Incremental)
Secure Backups
Geographic Considerations
Guidelines for Selecting Business Continuity and Disaster Recovery Processes
Topic B: Develop a Business Continuity Plan
Business Continuity Plans
Disaster Recovery Plans
IT Contingency Plans
Succession Plans
Failover
Alternate Business Practices
Testing Exercises
After-Action Reports
Guidelines for Developing a BCP

View outline in Word

GSP501

Attend hands-on, instructor-led CompTIA On-Demand: CompTIA Security + Certification Training training classes at ONLC's more than 300 locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Security+ Courses and select the one that's right for you.

Microsoft Gold Partner

Price:$1295

Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Attend computer classes from ONLC Training Centers Request a copy via mail

GENERAL INFO

Class Format
Class Policies
Student Reviews

Bookmark and Share


HAVE QUESTIONS?
First Name

Last Name

Company

Phone

Email

Location

Question/Comment



ONLC TRAINING CENTERS
800-288-8221
www.onlc.com