Course curriculum

  • 1

    Introduction to CompTIA Security +

    • 1 - Introduction to CompTIA Security +
  • 2

    Basic Security Concepts

    • 2 - Basic Security Concepts

    • 3 - Privacy-Integrity-Availability

    • 4 - Encryption and Access Control

    • 5 - 3 A Rule (Authentication, Authorization and Accounting)

    • 6 - Threat

    • 7 - What is a Hacker

    • 8 - What is Attack and What are the Stages

    • 9 -Single Point Of Failure (SPOF)

    • 10 - Resource Versus Security Constraints
  • 3

    Identity Management

    • 11 - What is Identity Management

    • 12 - KERBEROS & NTLM&LDAP

    • 13 - Single Sign-On (SSO)

    • 14 - Smart Cards

    • 15 - Tokens or Key Fobs

    • 16 - Biometric Methods

    • 17 - Dual-Factor and Multifactor Authentication

    • 18 - PAP CHAP MS-CHAP

    • 19 - RADIUS
  • 4

    Summary-1

    • 20 - Summary -1
  • 5

    Users

    • 21 - Create a User

    • 22 - Managing Accounts - 1

    • 23 - Managing Accounts - 2

    • 24 - Passwords

    • 25 - Password Policy
  • 6

    Comparing Access Control Models

    • 26 - Comparing Access Control Models

    • 27 - Role-Based Access Control

    • 28 - Establishing Access with Group-Based Privileges

    • 29 - Rule Based and Discretionary Access Control

    • 30 - Mandatory Access Control

    • 31 - Establishing Access
  • 7

    Virtualization

    • 32 - What is Virtualization

    • 33 - Virtualization Technologies

    • 34 - Benefits of Virtualization

    • 35 - Security Issues of Virtualization
  • 8

    Network Technologies

    • 36 - Basic Network Concepts

    • 37 - Domain Name Services(DNS)

    • 38 - What is the port How does it work

    • 39 - What is the Network Address

    • 40 - Combining the IP Address and the Port

    • 41 - Switches

    • 42 - Bridge

    • 43 - Routers

    • 44 - Understanding NAT and PAT

    • 45 - Network Separation

    • 46 - Proxy Servers

    • 47 - Types of Using Network Technologies - 1

    • 48 - Types of Using Network Technologies - 2
  • 9

    Wireless Networks

    • 49 - Reviewing Basic Wireless Network Information

    • 50 - Wireless Cryptographic Protocols

    • 51 - Authentication Protocols for Wireless Networks
  • 10

    Summary-2

    • 52 - Summary-2
  • 11

    Network Security Technologies

    • 53 - Firewalls

    • 54 - Network Access Control

    • 55 - Implementing a Secure Network
  • 12

    Intrusion Detection Systems

    • 56 - Understanding IDSs and IPSs

    • 57 - Detection Methods

    • 58 - Honeypots
  • 13

    Virtual Private Network(VPN) Technologies

    • 59 - Using VPNs for Remote Access

    • 60 - VPN Tunnel Protocols

    • 61 - Site-to-Site VPNs
  • 14

    Security Threats

    • 62 - Understanding Threat Actors

    • 63 - Viruses

    • 64 - Logic Bombs

    • 65 - Trojans

    • 66 - Ransomware

    • 67 - Spyware

    • 68 - Bots and Botnets

    • 69 - Unified Threat Management(UTM)
  • 15

    Securing Wireless Networks

    • 70 - Disable SSID Broadcasting or Not

    • 71 - Enable MAC Filtering
  • 16

    Understanding Wireless Attacks

    • 72 - Disassociation Attacks

    • 73 - WPS and WPS Attacks

    • 74 - Rogue AP

    • 75 - Evil Twin

    • 76 - Jamming Attacks

    • 77 - Bluetooth Attacks

    • 78 - RFID Attack

    • 79 - Wireless Replay Attacks
  • 17

    Summary-3

    • 80 - Summary-3
  • 18

    Network Attacks

    • 81 - Network Attacks

    • 82 - SYN Flood Attack

    • 83 - MAC Flood Attacks

    • 84 - Man-in-the-Middle Attacks

    • 85 - ARP Poisoning Attacks

    • 86 - DNS Attacks
  • 19

    Password Attacks

    • 87 - Brute Force Attacks

    • 88 - Password Hashes

    • 89 - Birthday Attacks

    • 90 - Replay Attacks

    • 91 - Hijacking and Related Attacks

    • 92 - Driver Manipulation

    • 93 - Zero-Day Attacks
  • 20

    Code Attacks

    • 94 - Code Reuse and SDKs

    • 95 - Code Quality and Testing

    • 96 - Development Life-Cycle Models

    • 97 - Secure DevOps

    • 98 - Version Control and Change Management

    • 99 - Provisioning and Deprovisioning
  • 21

    Web Server Attacks

    • 100 - Web Servers

    • 101 - SQL Injection Attacks

    • 102 - Protecting Against SQL Injection Attacks

    • 103 - DLL Injection

    • 104 - Cross-Site Scripting
  • 22

    Social Engineering Attacks

    • 105 - Social Engineering

    • 106 - Shoulder Surfing

    • 107 - Tricking Users with Hoaxes

    • 108 - Tailgating and Mantraps

    • 109 - Dumpster Diving

    • 110 - Watering Hole Attacks

    • 111 - Spam

    • 112 - Phishing

    • 113 - Whaling

    • 114 - Vishing

    • 115 - Beware of Email from Friends

    • 116 - Why Social Engineering Works
  • 23

    Summary-4

    • 117 - Summary-4
  • 24

    Memory Buffer Vulnerabilities

    • 118 - Memory Leak

    • 119 - Buffer Overflow Attacks

    • 120 - Pointer Dereference

    • 121 - Compiled Versus Runtime Code

    • 122 - Proper Input Validation

    • 123 - Side Input Validation

    • 124 - Avoiding Race Conditions

    • 125 - Proper Error Handling

    • 126 - Cryptographic Techniques
  • 25

    Preventing Attacks

    • 127 - Protecting Systems from Malware

    • 128 - Antivirus and Anti-Malware Software

    • 129 - Advanced Malware Tools

    • 130 - Educating Users

    • 131 - Implementing Defense in Depth
  • 26

    Server Security

    • 132 - Implementing Secure Systems

    • 133 - Operating systems

    • 134 - Secure Operating System Configurations

    • 135 - Resiliency and Automation Strategies

    • 136 - Change Management Policy

    • 137 - Secure Staging and Deployment

    • 138 - Peripherals

    • 139 - EMI and EMP

    • 140 - Hardware Security Module

    • 141 - Cloud Deployment Models

    • 142 - Cloud Services

    • 143 - Security Responsibilities with Cloud Models
  • 27

    Mobile Devices

    • 144 - Deploying Mobile Devices Securely

    • 145 - Deployment Models

    • 146 - Mobile Device Management

    • 147 - Unauthorized Software

    • 148 - Hardware Control

    • 149 - Unauthorized Connections
  • 28

    Exploring Embedded Systems

    • 150 - Exploring Embedded Systems

    • 151 - Understanding Stuxnet

    • 152 - Real-Time Operating Systems
  • 29

    Summary-5

    • 153 - Summary-5
  • 30

    Data Security

    • 154 - Protecting Data

    • 155 - Data Loss Prevention
  • 31

    Database Security

    • 156 - Database Concepts

    • 157 - Normalization

    • 158 - SQL Queries

    • 159 - Database Security
  • 32

    Risk Management

    • 160 - Understanding Risk Management

    • 161 - Risk Management

    • 162 - Threats and Threat Assessments

    • 163 - Vulnerabilities

    • 164 - Risk Assessment

    • 165 - Risk Registers
  • 33

    Checking for Vulnerabilities

    • 166 - Checking for Vulnerabilities

    • 167 - Password Crackers

    • 168 - Network Scanners

    • 169 - Wireless Scanners - Cracker

    • 170 - Banner Grabbing

    • 171 - Vulnerability Scanning
  • 34

    Penetration Tests

    • 172 - Penetration Tests

    • 173 - Passive & Active Reconnaissance

    • 174 - Initial Exploitation

    • 175 - White, Gray and Black Box Testing

    • 176 - Intrusive and Non-Intrusive Testing

    • 177 - Passive Versus Active Tools
  • 35

    Physical Security Precautions

    • 178 - Comparing Physical Security Controls

    • 179 - Comparing Door Lock Types

    • 180 - Preventing Tailgating with Mantraps

    • 181 - Increasing Physical Security with Guards

    • 182 - Using Hardware Locks

    • 183 - Asset Management

    • 184 - Implementing Environmental Controls
  • 36

    Summary-6

    • 185 - Summary-6
  • 37

    Single Point of Failure

    • 186 - Single Point of Failure

    • 187 - Disk Redundancies

    • 188 - Server Redundancy and High Availability

    • 189 - Backup
  • 38

    Business Continuity Plans

    • 190 - Comparing Business Continuity Elements

    • 191 - Impact

    • 192 - Recovery Time Objective

    • 193 - Recovery Sites

    • 194 - Disaster Recovery
  • 39

    Examination of Logs

    • 195 - Monitoring Logs for Event Anomalies

    • 196 - OtherLogs-SIEM

    • 197 - Continuous Monitoring
  • 40

    Controls

    • 198 - Understanding Control Types

    • 199 - Control Goals
  • 41

    Cryptography and PKI

    • 200 - Introducing Cryptography Concepts

    • 201 - Hashing

    • 202 - MD5

    • 203 - SHA

    • 204 - HMAC

    • 205 - Hashing Files

    • 206 - Digital Signatures, Certificates and Non-repudiation

    • 207 - Hashing Messages

    • 208 - Providing Confidentiality with Encryption

    • 209 - Block Versus Stream Ciphers

    • 210 - Symmetric Encryption

    • 211 - Symmetric Encryption Methods

    • 212 - Asymmetric Encryption

    • 213 - Certificates

    • 214 - Steganography And Obfuscation

    • 215 - Using Cryptographic Protocols

    • 216 - Cipher Suites

    • 217 - Exploring PKI Components

    • 218 - Recovery Agent

    • 219 - Comparing Certificate Types

    • 220 - Certificate Formats
  • 42

    New ChaptProtecting Emailer

    • 221 - Protecting Email

    • 222 - Encrypting Email

    • 223 - HTTPS Transport Encryption
  • 43

    Risk Mitigation Methods

    • 224 - Exploring Security Policies

    • 225 - Personnel Management Policies

    • 226 - Background Check

    • 227 - NDA

    • 228 - Policy Violations and Adverse Actions

    • 229 - Agreement Types

    • 230 - PII and PHI

    • 231 - Responding to Incidents

    • 232 - Providing Training

    • 233 - Troubleshooting Personnel Issues
  • 44

    Summary-7

    • 234 - Summary-7
  • 45

    Conclusion

    • 235 - Conclusion