CompTIA Security+ (SY0-601)
(SY0-601.AB1)
/ ISBN: 978-1-64459-295-3
This course includes
Lessons
TestPrep
LiveLab
Instructor Led (Add-on)
Mentoring (Add-on)
Exam Voucher
Your exam voucher code will be delivered via email within 24 hours of purchase
CompTIA Security+ (SY0-601)
Gain hands-on experience to pass the CompTIA Security+ certification exam with the CompTIA Security+ (SY0-601) course and lab. Interactive chapters and hands-on labs comprehensively cover the SY0-601 exam objectives and provide knowledge in areas such as security concepts, operating systems, application systems, and many more. The CompTIA Security+ study guide will help you get a full understanding of the challenges you'll face as a security professional.
The CompTIA Security+ SY0-601 exam verifies that a candidate can assess an enterprise's security posture and recommend and implement appropriate security solutions; monitor and secure hybrid environments, such as cloud, mobile, and IoT; and operate with an understanding of applicable laws and policies, such as governance, risk, and compliance.
Lessons
-
37+ Lessons
-
34+ Exercises
-
379+ Quizzes
-
791+ Flashcards
-
791+ Glossary of terms
TestPrep
-
104+ Pre Assessment Questions
-
2+ Full Length Tests
-
104+ Post Assessment Questions
-
208+ Practice Test Questions
LiveLab
-
64+ LiveLab
-
65+ Video tutorials
-
02:30+ Hours
- Goals and Methods
- Who Should Read This Course?
- CompTIA Security+ Exam Topics
- Social Engineering Fundamentals
- User Security Awareness Education
- Review Key Topics
- Malicious Software (Malware)
- Password Attacks
- Physical Attacks
- Adversarial Artificial Intelligence
- Supply-Chain Attacks
- Cloud-based vs. On-premises Attacks
- Cryptographic Attacks
- Review Key Topics
- Privilege Escalation
- Cross-Site Scripting (XSS) Attacks
- Injection Attacks
- Pointer/Object Dereference
- Directory Traversal
- Buffer Overflows
- Race Conditions
- Error Handling
- Improper Input Handling
- Replay Attacks
- Request Forgeries
- Application Programming Interface (API) Attacks
- Resource Exhaustion
- Memory Leaks
- Secure Socket Layer (SSL) Stripping
- Driver Manipulation
- Pass the Hash
- Review Key Topics
- Wireless Attacks
- On-Path Attacks
- Layer 2 Attacks
- Domain Name System (DNS) Attacks
- Distributed Denial-of-Service (DDoS) Attacks
- Malicious Code or Script Execution Attacks
- Review Key Topics
- Actors and Threats
- Attributes of Threat Actors
- Attack Vectors
- Threat Intelligence and Threat Intelligence Sources
- Research Sources
- Review Key Topics
- Cloud-based vs. On-premises Vulnerabilities
- Zero-day Vulnerabilities
- Weak Configurations
- Third-party Risks
- Improper or Weak Patch Management
- Legacy Platforms
- The Impact of Cybersecurity Attacks and Breaches
- Review Key Topics
- Threat Hunting
- Vulnerability Scans
- Logs and Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
- Review Key Topics
- Penetration Testing
- Passive and Active Reconnaissance
- Exercise Types
- Review Key Topics
- Configuration Management
- Data Sovereignty and Data Protection
- Site Resiliency
- Deception and Disruption
- Review Key Topics
- Cloud Models
- Cloud Service Providers
- Cloud Architecture Components
- Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
- Review Key Topics
- Software Development Environments and Methodologies
- Application Provisioning and Deprovisioning
- Software Integrity Measurement
- Secure Coding Techniques
- Open Web Application Security Project (OWASP)
- Software Diversity
- Automation/Scripting
- Elasticity and Scalability
- Review Key Topics
- Authentication Methods
- Biometrics
- Multifactor Authentication (MFA) Factors and Attributes
- Authentication, Authorization, and Accounting (AAA)
- Cloud vs. On-premises Requirements
- Review Key Topics
- Redundancy
- Replication
- On-premises vs. Cloud
- Backup Types
- Non-persistence
- High Availability
- Restoration Order
- Diversity
- Review Key Topics
- Embedded Systems
- Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
- Internet of Things (IoT)
- Specialized Systems
- Voice over IP (VoIP)
- Heating, Ventilation, and Air Conditioning (HVAC)
- Drones
- Multifunction Printers (MFP)
- Real-Time Operating Systems (RTOS)
- Surveillance Systems
- System on a Chip (SoC)
- Communication Considerations
- Embedded System Constraints
- Review Key Topics
- Bollards/Barricades
- Access Control Vestibules
- Badges
- Alarms
- Signage
- Cameras
- Closed-Circuit Television (CCTV)
- Industrial Camouflage
- Personnel
- Locks
- USB Data Blockers
- Lighting
- Fencing
- Fire Suppression
- Sensors
- Drones
- Visitor Logs
- Faraday Cages
- Air Gap
- Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
- Protected Cable Distribution
- Secure Areas
- Secure Data Destruction
- Review Key Topics
- Digital Signatures
- Key Length
- Key Stretching
- Salting
- Hashing
- Key Exchange
- Elliptic-Curve Cryptography
- Perfect Forward Secrecy
- Quantum
- Post-Quantum
- Ephemeral
- Modes of Operation
- Blockchain
- Cipher Suites
- Symmetric vs. Asymmetric Encryption
- Lightweight Cryptography
- Steganography
- Homomorphic Encryption
- Common Use Cases
- Limitations
- Review Key Topics
- Protocols
- Use Cases
- Review Key Topics
- Endpoint Protection
- Antimalware
- Next-Generation Firewall
- Host-based Intrusion Prevention System
- Host-based Intrusion Detection System
- Host-based Firewall
- Boot Integrity
- Database
- Application Security
- Hardening
- Self-Encrypting Drive/Full-Disk Encryption
- Hardware Root of Trust
- Trusted Platform Module
- Sandboxing
- Review Key Topics
- Load Balancing
- Network Segmentation
- Virtual Private Network
- DNS
- Network Access Control
- Out-of-Band Management
- Port Security
- Network Appliances
- Access Control List
- Route Security
- Quality of Service
- Implications of IPv6
- Port Spanning/Port Mirroring
- Monitoring Services
- File Integrity Monitors
- Review Key Topics
- Cryptographic Protocols
- Authentication Protocols
- Methods
- Installation Considerations
- Review Key Topics
- Connection Methods and Receivers
- Mobile Device Management
- Mobile Device Management Enforcement and Monitoring
- Mobile Devices
- Deployment Models
- Review Key Topics
- Cloud Security Controls
- Solutions
- Cloud Native Controls vs. Third-Party Solutions
- Review Key Topics
- Identity
- Account Types
- Account Policies
- Review Key Topics
- Authentication Management
- Authentication/Authorization
- Access Control Schemes
- Review Key Topics
- Public Key Infrastructure
- Types of Certificates
- Certificate Formats
- PKI Concepts
- Review Key Topics
- Network Reconnaissance and Discovery
- File Manipulation
- Shell and Script Environments
- Packet Capture and Replay
- Forensics
- Exploitation Frameworks
- Password Crackers
- Data Sanitization
- Review Key Topics
- Incident Response Plans
- Incident Response Process
- Exercises
- Attack Frameworks
- Stakeholder Management
- Communication Plan
- Disaster Recovery Plan
- Business Continuity Plan
- Continuity of Operations Planning (COOP)
- Incident Response Team
- Retention Policies
- Review Key Topics
- Vulnerability Scan Output
- SIEM Dashboards
- Log Files
- syslog/rsyslog/syslog-ng
- journalctl
- NXLog
- Bandwidth Monitors
- Metadata
- NetFlow/sFlow
- Protocol Analyzer Output
- Review Key Topics
- Reconfigure Endpoint Security Solutions
- Configuration Changes
- Isolation
- Containment
- Segmentation
- SOAR
- Review Key Topics
- Documentation/Evidence
- Acquisition
- On-premises vs. Cloud
- Integrity
- Preservation
- E-discovery
- Data Recovery
- Nonrepudiation
- Strategic Intelligence/Counterintelligence
- Review Key Topics
- Control Category
- Control Types
- Review Key Topics
- Regulations, Standards, and Legislation
- Key Frameworks
- Benchmarks and Secure Configuration Guides
- Review Key Topics
- Personnel Policies
- Diversity of Training Techniques
- Third-Party Risk Management
- Data Concepts
- Credential Policies
- Organizational Policies
- Review Key Topics
- Risk Types
- Risk Management Strategies
- Risk Analysis
- Disaster Analysis
- Business Impact Analysis
- Review Key Topics
- Organizational Consequences of Privacy and Data Breaches
- Notifications of Breaches
- Data Types and Asset Classification
- PII
- PHI
- Privacy Enhancing Technologies
- Roles and Responsibilities
- Information Lifecycle
- Impact Assessment
- Terms of Agreement
- Privacy Notice
- Review Key Topics
- Hands-on Activities
- Suggested Plan for Final Review and Study
- Summary
Hands on Activities (Live Labs)
- Using SET
- Performing Website Reconnaissance
- Cracking a Linux Password Using the John the Ripper Tool
- Simulating a DoS Attack
- Using Rainbow Tables
- Detecting Rootkits
- Creating a Remote Access Trojan (RAT)
- Using NetBus in Windows 10
- Defending Against a Buffer Overflow Attack
- Performing Session Hijacking Using Burp Suite
- Exploiting a Website Using SQL Injection
- Performing ARP Spoofing
- Identifying Search Options in Metasploit
- Using OWASP ZAP
- Setting Up a Honeypot
- Configuring RAID 5
- Taking an Incremental Backup
- Taking a Full Backup
- Observing an MD5-Generated Hash Value
- Performing Symmetric Encryption
- Examining Asymmetric Encryption
- Hiding Text Using Steganography
- Configuring an SSH Server
- Configuring DNSSEC on an Active Directory Integrated Zone
- Configuring IPSec
- Configuring Inbound Rules for a Firewall
- Using Windows Firewall
- Configuring a Tunnel Group for Clientless SSL VPN
- Configuring Clientless SSL VPNs on ASA
- Configuring Site-to-Site IPsec VPN Topology
- Performing IDS Configuration with Snort
- Using Performance Monitor
- Creating a VLAN and Viewing its Assignment to Port Mapping
- Creating a DMZ Zone
- Setting Up a VPN Server with Windows Server 2016
- Implementing Port Security
- Configuring a BPDU Guard on a Switch Port
- Configuring NetFlow and NetFlow Data Export
- Turning on Airplane Mode of an iPhone
- Setting Up a VPN in Android
- Performing a MITM Attack
- Stopping Permissions Inheritance
- Managing NTFS Permissions
- Creating a User Account in the Active Directory
- Creating a Network Policy for 802.1X
- Revoking and Exporting a Certificate
- Examining PKI Certificates
- Performing Memory Analysis with Volatility
- Using Wireshark
- Manipulating a File in Linux
- Conducting Vulnerability Scanning Using Nessus
- Using the theHarvester Tool
- Creating Reverse and Bind Shells Using Netcat
- Using the netstat Command
- Using the hping Program
- Using pathping and ping Commands
- Scanning Live Systems Using Nmap
- Using dig and nslookup Commands
- Tracing a Route Using Tracert
- Using the ifconfig Command
- Viewing the System Logs
- Using Windows Event Viewer
- Completing the Chain of Custody
- Analyzing Forensics with Autopsy
| What are the prerequisites for this exam? | CompTIA Security+ and two years of experience in IT administration with a focus on security. |
|---|---|
| What is the exam registration fee? | USD 370 |
| How many questions are asked in the exam? | The exam contains 90 questions. |
| What is the duration of the exam? | 90 minutes |
| What is the passing score? | 750 (on a scale of 100-900) |
| What is the exam's retake policy? | In the event that you fail your first attempt at passing the SY0-601 examination, CompTIA retake policy is:
|
| What is the validity of the certification? | Three years |
×
