CompTIA Security+ Training
About CompTIA Security+ Training:
CompTIA security+ study guide for building skills in cyber security or IT security. Computer security provides protection to the computer systems from any kind of damages or theft of the hardware or software information on them. It includes control and manage physical access to the hardware and protecting against harm that come via network access, due to malpractice by operators, which causes due to, accidental, intentional or any deviation from secure procedure.
CompTIA security+ training assist you to prepare for the CompTIA security certification, which is globally valid. It’s a vendor neutral security skills and knowledge. Comptia security+ exam includes the essential principles for network security and risk management. We provide best Comptia security+ tutorial to learn this subject.
Why Learn CompTIA Security+ Training:
CompTIA security+ is vendor neutral certification which ensures your security skills. This course help you to learn about best security practices in the IT industry. KernelTraining CompTIA security+ training begins with basics of Network security, fundamentals of Threats and Vulnerabilities, wireless security, deep understanding of control and identity management. KernelTraining faculty will also teach you Cryptography concepts. COmpTIA Security+ certification help to boost your career
CompTIA security+ Tutorial Pre-requisites:
- You need to have knowledge or experience in management of windows or Unix or Linux system.
- Students, professionals need to be aware of TCP/IP concepts.
CompTIA Security+ Training course Targeted Audience:
- Security Consultant
- Security or Systems Administrator
- Security Specialist/Administrator
- Security managers
- Network Administrator
- Professionals who are looking for bright career.
CompTIA security+ Training Target:
- Overview of network security
- Basic concepts of compliance and operational security.
- In depth understanding of threats and vulnerabilities.
- Explanation of application, data and host security.
- Understanding of access control and identity management concepts.
- Explanation of Cryptography.
CompTIA Security+ Training Format:
Upon registering, you will part of our CompTIA security+ online training program. You will be allowed to take part in online classes. All sessions will be interactive and are led by instructor. You will also have access to practice lab by which you can develop as well as enhance your IT skills. By this real time solution you can learn various concepts. You will have access to LMS (Learning management system) which includes recorded sessions, CompTIA security plus study guide, lab manuals and many more.
CompTIA security+ certification, exam Details:
- Exam Code: SY0-401
- Number of questions: 90
- Test Duration: 90 Minutes
- Passing score: 750 ( 100-900 scale)
- Test offered in Languages: English, Portuguese and Japanese
- Types of questions: multiple choice and performance based.
COMPTIA Security+ Certification:
Kernel provides cyber security certifications course certification letter at the end of the course; it’s a professional document work as a proof to show that a potential job candidate has completed a course and is eligible for a particular job. You will receive after the completion of CompTIA security+ online classes. The certification consists of your grade/marks achieved according to the performance of the real-time live project you have done. The security+ CompTIA certification card will be labeled with course name, course duration along with a grade.
In case you have a low grade for the first time, you can have a complete assistance from kernel in finishing the project with help from our instructors. We are here to help you 24×7.
CompTIA security+ SY0-401 Course curriculum:
Module 1: Network Security
Goal set: In this module of CompTIA security+ online course, you need to understand about Firewalls, switches, routers, VLAN, WAP, remote access, NAC, virtualization, protocols, SSL, TCP/IP, HTTPS, TELNET, DNS and ports
Goal set: 1.1 Implement security configuration parameters on network devices and other technologies
Firewalls, Routers, Switches, Load Balancers, Proxies, Web security gateways, VPN concentrators, NIDS and NIPS: Behavior based, Signature based, Anomaly based And Heuristic, Protocol analyzers, Spam filter, UTM security appliances : URL filter, Content inspection, Malware inspection, Web application firewall vs. network firewall, Application aware devices: Firewalls, IPS, IDS and Proxies.
1.2 Given a scenario, use secure network administration principles
Rule-based management, Firewall rules, VLAN management, Secure router configuration, Access control lists, Port Security, 802.1x, Flood guards, Loop protection, Implicit deny, Network separation, Log analysis, Unified Threat Management.
1.3 Explain network design elements and components
DMZ, Sub-netting, VLAN, NAT, Remote Access, Telephony, NAC, Virtualization, Cloud Computing, Platform as a Service, Software as a Service, Infrastructure as a Service, Private, Public, Hybrid, Community, Layered security / Defense in depth.
1.4 Given a scenario, implement common protocols and services
Protocols, IPSec, SNMP, SSH, DNS, TLS, SSL, TCP/IP, FTPS, HTTPS, SCP, ICMP, IPv4,IPv6,iSCSI,Fibre Channel, FCoE, FTP, SFTP, TFTP, TELNET, HTTP, NetBIOS, Ports, 21, 22,25, 53, 80, 110,139,143,443, 3389, OSI relevance
1.5 Given a scenario, troubleshoot security issues related to wireless networking
WPA,WPA2,WEP,EAP,PEAP,LEAP,MAC filter, Disable SSID broadcast, TKIP, CCMP, Antenna Placement, Power level controls, Captive portals, Antenna types, Site surveys, VPN (over open wireless).
Module 2: Compliance and Operational Security
Goal set: At the end of this module you need to understand about control types, risk calculation, change management, order of volatility, data breach, reporting, role based training, HVAC, disaster recovery, safety, integrity, availability.
2.1 Explain the importance of risk related concepts
2.2 Summarize the security implications of integrating systems and data with third parties
On-boarding/off-boarding business partners, Social media networks and/or applications, Interoperability agreements, SLA, BPA, MOU, ISA, Privacy considerations, Risk awareness, Unauthorized data sharing, Data ownership, Data backups, Follow security policy and procedures, Review agreement requirements to verify compliance and performance, standard.
2.3 Given a scenario, implement appropriate risk mitigation strategies
Change management, Incident management, User rights and permissions reviews, Perform routine audits, Enforce policies and procedures to prevent data loss or theft, Enforce technology controls, Data Loss Prevention (DLP).
2.4 Given a scenario, implement basic forensic procedures
Order of volatility, Capture system image, Network traffic and logs, Capture video, Record time offset, Take hashes, Screenshots, Witnesses, Track man hours and expense, Chain of custody, Big Data analysis,
2.5 Summarize common incident response procedures
Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery/reconstitution procedures, First responder, Incident isolation,Quarantine, Device removal, Data breach, Damage and loss control.
2.6 Explain the importance of security related awareness and training
Security policy training and procedures, Role-based training, Personally identifiable information, Information classification, High, Medium, Low, Confidential, Private, Public, Data labeling, handling and disposal, Compliance with laws, best practices and standards, User habits, Password behaviors, Data handling, Clean desk policies, Prevent tailgating, Personally owned devices, New threats and new security trends/alerts, New viruses, Phishing attacks, Zero-day exploits, Use of social networking and P2P, Follow up and gather training metrics to validate compliance and security, posture.
2.7 Compare and contrast physical security and environmental controls
Environmental controls, HVAC, Fire suppression, EMI shielding, Hot and cold aisles, Environmental monitoring, Temperature and humidity controls, Physical security, Hardware locks, Mantraps, Video Surveillance, Fencing, Proximity readers, Access list, Proper lighting, Signs, Guards, Barricades, Biometrics, Protected distribution (cabling), Alarms, Motion detection, Control types,Deterrent,Preventive,Detective,Compensating,Technical,Administrative.
2.8 Summarize risk management best practices
Business continuity concepts, Business impact analysis, Identification of critical systems and components, Removing single points of failure, Business continuity planning and testing, Risk assessment, Continuity of operations, Disaster recovery, IT contingency planning, Succession planning, High availability, Redundancy, Tabletop exercises, Fault tolerance, Hardware, RAID, Clustering, Load balancing, Servers, Disaster recovery concepts, Backup plans/policies, Backup execution/frequency, Cold site, Hot site, Warm site
2.9 Given a scenario, select the appropriate control to meet the goals of security
Confidentiality, Encryption, Access controls, Steganography, Integrity, Hashing, Digital signatures, Certificates, Non-repudiation, Availability, Redundancy, Fault tolerance, Patching, Safety, Fencing, Lighting, Locks, CCTV, Escape plans, Drills, Escape routes, Testing controls3.0 Threats and Vulnerabilities.
Module 3: Threats and Vulnerabilities
Goal set: By the end of this module of this CompTIA security+ Online training, How to get cyber security certification, you need to understand about Adware, Trojan, Dos, Spam, Phishing, shoulder surfing, Rogue access point, SQL injection, WPS attacks, monitoring system logs and reporting.
3.1 Explain types of malware
Adware, Virus, Spyware, Trojan, Rootkits, Backdoors, Logic bomb, Botnets, Ransomware, Polymorphic malware, Armored virus
3.2 Summarize various types of attacks
Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Vishing, Spear phishing, Xmas attack, Pharming, Privilege escalation, Malicious insider threat, DNS poisoning and ARP poisoning, Transitive access, Client-side attacks, Password attacks, Brute force, Dictionary attacks, Hybrid, Birthday attacks, Rainbow tables, Typo squatting/URL hijacking, Watering hole attack.
3.3 Summarize social engineering attacks and the associated effectiveness with each attack
Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Whaling, Vishing, Principles (reasons for effectiveness), Authority, Intimidation, Consensus/Social proof., Scarcity, Urgency, Familiarity/liking, Trust.
3.4 Explain types of wireless attacks
Rogue access points, Jamming/Interference, Evil twin, War driving, Bluejacking, Bluesnarfing, War chalking, IV attack, Packet sniffing, Near field communication, Replay attacks, WEP/WPA attacks, WPS attacks.
3.5 Explain types of application attacks
Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, LSO (Locally Shared Objects),Flash Cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution / remote code execution,
3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent, techniques
Monitoring system logs, Event logs, Audit logs, Security logs, Access logs, Hardening, Disabling unnecessary services, Protecting management interfaces and applications, Password protection, Disabling unnecessary accounts, Network security, MAC limiting and filtering,802.1x,Disabling unused interfaces and unused application service ports. Rogue machine detection, Security posture, Initial baseline configuration, Continuous security monitoring, Remediation, Reporting, Alarms, Alerts, Trends, Detection controls vs. prevention controls, IDS vs. IPS, Camera vs. guard
3.7 Given a scenario, use appropriate tools and techniques to discover security, threats and vulnerabilities,
Interpret results of security assessment tools, Tools, Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner, Passive vs. active tools, Banner grabbing, Risk calculations, Threat vs. likelihood, Assessment types, Risk, Threat, Vulnerability, Assessment technique, Baseline reporting, Code review, Determine attack surface, Review architecture, Review designs
3.8 Explain the proper use of penetration testing versus vulnerability scanning,
Penetration testing, Verify a threat exists, Bypass security controls, Actively test security controls, Exploiting vulnerabilities, Vulnerability scanning, Passively testing security controls, Identify vulnerability, Identify lack of security controls, Identify common mis-configurations, Intrusive vs. non-intrusive, Credentialed vs. non-credentialed, False positive, Black box, White box, Gray box.
Module 4: Application, Data and Host Security:
Goal set: In this module of CompTIA security +certification exam, you need to understand about Fuzzing, device security, application security, BYOD, patch management, data policies, and hardware security.
4.1 Explain the importance of application security controls and techniques.,
Fuzzing, Secure coding concepts, Error and exception handling, Input validation, Cross-site scripting prevention, Cross-site Request Forgery (XSRF) prevention, Application configuration baseline (proper settings),Application hardening, Application patch management, NoSQL databases vs. SQL databases, Server-side vs. Client-side validation.
4.2 Summarize mobile security concepts and technologies
Device security, Full device encryption, Remote wiping, Lockout, Screen-locks, GPS, Application control, Storage segmentation, Asset tracking, Inventory control, Mobile device management, Device access control, Removable storage, Disabling unused features, Application security, Key management, Credential management, Authentication, Geo-tagging, Encryption, Application whitelisting, Transitive trust/authentication, BYOD concerns, Data ownership, Support ownership, Patch management, Antivirus management, Forensics, Privacy, On-boarding/off-boarding, Adherence to corporate policies, User acceptance, Architecture/infrastructure considerations, Legal concerns, Acceptable use policy, On-board camera/video.
4.3 Given a scenario, select the appropriate solution to establish host security
Operating system security and settings, OS hardening, Anti-malware, Antivirus, Anti-spam, Anti-spyware, Pop-up blockers, Patch management, White listing vs. black listing applications, Trusted OS, Host-based firewalls, Host-based intrusion detection, Hardware security, Cable locks, Safe, Locking cabinets, Host software base lining, Virtualization, Snapshots, Patch compatibility, Host availability/elasticity, Security control testing, Sandboxing.
4.4 Implement the appropriate controls to ensure data security
Cloud storage, SAN, Handling Big Data, Data encryption, Full disk, Database, Individual files ,Removable media, Mobile devices, Hardware based encryption devices, TPM, HSM, USB encryption, Hard drive Data in-transit, Data at-rest, Data in-use, Permissions/ACL, Datapolicies, Wiping, Disposing, Retention, Storage.
4.5 Compare and contrast alternative methods to mitigate security risks in static environments
Environments, SCADA, Embedded (Printer, Smart TV, HVAC control),Android. iOS, Mainframe, Game consoles, In-vehicle computing systems, Methods, Network segmentation, Security layers, Application firewalls, Manual updates, Firmware version control, Wrappers, Control redundancy and diversity.
Module 5: Access Control and Identity Management
Goal set: In this module you need to understand about LDAP, Radius, authorization, authentication, account policy enforcement, continuous monitoring, group based privileges.
5.1 Compare and contrast the function and purpose of authentication services
RADIUS, TACACS+, Kerberos, LDAP, XTACACS, SAML, Secure LDAP.
5.2 Given a scenario, select the appropriate authentication, authorization or, access control
Identification vs. authentication vs. authorization, Authorization, Least privilege, Separation of duties, ACLs, Mandatory access, Discretionary access, Rule-based access control, Role-based access control, Time of day restrictions, Authentication, Tokens, Common access card, Smart card, Multifactor authentication, TOTP, HOTP, CHAP, PAP, Single sign-on, Access control, Implicit deny, Trusted OS, Authentication factors, Something you are, Something you have, Something you know, Somewhere you are, Something you do, Identification, Biometrics, Personal identification verification card, Username, Federation, Transitive trust/authentication,
5.3 Install and configure security controls when performing account management, based on best practices
Mitigate issues associated with users with multiple account/roles and/or,shared accounts, Account policy enforcement, Credential management, Group policy, Password complexity, Expiration, Recovery, Disablement, Lockout, Password history, Password reuse, Password length, Generic account prohibition, Group based privileges, User assigned privileges, User access reviews, Continuous monitoring,
Module 6: Cryptography
Goal set: At the end of this module of CompTIA security+ certification online training, you need to understand about session keys, SHA, MD5, hashing, Ephemeral key, recovery agent, public and private key, trust models, PKI.
6.1 Given a scenario, utilize general cryptography concepts
Symmetric vs. asymmetric, Session keys, In-band vs. out-of-band key exchange, Fundamental differences and encryption methods, Block vs. stream, Transport encryption, Non-repudiation, Hashing, Key escrow, Steganography, Digital signatures, Use of proven technologies, Elliptic curve and quantum cryptography, Ephemeral key, Perfect forward secrecy,
6.2 Given a scenario, use appropriate cryptographic methods
WEP vs. WPA/WPA2 and pre-shared key,MD5,SHA, RIPEMD,AES,DES,3DES,HMAC,RSA,Diffie-Hellman,RC4,One-time pads,NTLM,NTLMv2,Blowfish,PGP/GPG,TwoFish,DHE,ECDHE,CHAP,PAP,Comparative strengths and performance of algorithms, Use of algorithms/protocols with transport encryption, SSL,TLS, IPSec, SSH,HTTPS, Cipher suites, Strong vs. weak ciphers, Key stretching,PBKDF2,Bcrypt,
6.3 Given a scenario, use appropriate PKI, certificate management and associated, components
Certificate authorities and digital certificates, CA, CRLs, OCSP, CSR,PKI, Recovery agent, Public key, Private key, Registration, Key escrow, Trust models
CompTIA security+ Demo Class Recording
Welcome, To CompTIA security+ training.
How it Works?
- This is a online CompTIA security+ training with Instructor led LIVE and Interactive Sessions.
- This CompTIA security+ course contains Practical Work involving Practical Hands-on, Lab Assignments, and Real World Case Studies. This practical work can be done at your own pace. Learn Oracle coherence online by expert. Our trainer may assist you on CompTIA security plus practice test.
- You will have access to 24×7 Technical Support. You can request for assistance for any problem you might face or for any clarifications you may require during the course. Take assistance of CompTIA security+ online tutorial. Our trainer may also help you in knowing compTIA security+ certification cost.
- At the end of the CompTIA security+ online course, you will have to work on a Project. You will receive a Grade and a Verifiable Certificate on the successful completion of this project.
Frequently Asked Question
Enjoyed the openness
No Reviews found for this course.