CompTIA Security+ (SY0-601)

Lessons

Lab

TestPrep

238 Reviews

Get A Free Trial

This course includes:

Free pre-assessment and first 2 lessons

37+ Interactive Lessons | 34+ Exercises

Accessible on mobile and tablet too

Certificate of completion

Are you an instructor?

Access detailed information about the course content, learning objectives, activities, and assessments before adding it to your curriculum.

Exam Voucher

Your exam voucher code will be delivered via email within 24 hours of purchase. Buy it separately.

Skills You’ll Get

The CompTIA Security+ SY0-601 exam verifies that a candidate can assess an enterprise's security posture and recommend and implement appropriate security solutions; monitor and secure hybrid environments, such as cloud, mobile, and IoT; and operate with an understanding of applicable laws and policies, such as governance, risk, and compliance.

Interactive Lessons

37+ Interactive Lessons | 34+ Exercises | 379+ Quizzes | 791+ Flashcards | 791+ Glossary of terms

Gamified TestPrep

104+ Pre Assessment Questions | 2+ Full Length Tests | 104+ Post Assessment Questions | 208+ Practice Test Questions

Hands-On Labs

64+ LiveLab | 65+ Video tutorials | 02:30+ Hours

Download Course Outline

Introduction

Goals and Methods
Who Should Read This Course?
CompTIA Security+ Exam Topics

Comparing and Contrasting Different Types of Social Engineering Techniques

Social Engineering Fundamentals
User Security Awareness Education
Review Key Topics

Analyzing Potential Indicators to Determine the Type of Attack

Malicious Software (Malware)
Password Attacks
Physical Attacks
Adversarial Artificial Intelligence
Supply-Chain Attacks
Cloud-based vs. On-premises Attacks
Cryptographic Attacks
Review Key Topics

Analyzing Potential Indicators Associated with Application Attacks

Privilege Escalation
Cross-Site Scripting (XSS) Attacks
Injection Attacks
Pointer/Object Dereference
Directory Traversal
Buffer Overflows
Race Conditions
Error Handling
Improper Input Handling
Replay Attacks
Request Forgeries
Application Programming Interface (API) Attacks
Resource Exhaustion
Memory Leaks
Secure Socket Layer (SSL) Stripping
Driver Manipulation
Pass the Hash
Review Key Topics

Analyzing Potential Indicators Associated with Network Attacks

Wireless Attacks
On-Path Attacks
Layer 2 Attacks
Domain Name System (DNS) Attacks
Distributed Denial-of-Service (DDoS) Attacks
Malicious Code or Script Execution Attacks
Review Key Topics

Understanding Different Threat Actors, Vectors, and Intelligence Sources

Actors and Threats
Attributes of Threat Actors
Attack Vectors
Threat Intelligence and Threat Intelligence Sources
Research Sources
Review Key Topics

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

Cloud-based vs. On-premises Vulnerabilities
Zero-day Vulnerabilities
Weak Configurations
Third-party Risks
Improper or Weak Patch Management
Legacy Platforms
The Impact of Cybersecurity Attacks and Breaches
Review Key Topics

Summarizing the Techniques Used in Security Assessments

Threat Hunting
Vulnerability Scans
Logs and Security Information and Event Management (SIEM)
Security Orchestration, Automation, and Response (SOAR)
Review Key Topics

Understanding the Techniques Used in Penetration Testing

Penetration Testing
Passive and Active Reconnaissance
Exercise Types
Review Key Topics

Understanding the Importance of Security Concepts in an Enterprise Environment

Configuration Management
Data Sovereignty and Data Protection
Site Resiliency
Deception and Disruption
Review Key Topics

Summarizing Virtualization and Cloud Computing Concepts

Cloud Models
Cloud Service Providers
Cloud Architecture Components
Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
Review Key Topics

Summarizing Secure Application Development, Deployment, and Automation Concepts

Software Development Environments and Methodologies
Application Provisioning and Deprovisioning
Software Integrity Measurement
Secure Coding Techniques
Open Web Application Security Project (OWASP)
Software Diversity
Automation/Scripting
Elasticity and Scalability
Review Key Topics

Summarizing Authentication and Authorization Design Concepts

Authentication Methods
Biometrics
Multifactor Authentication (MFA) Factors and Attributes
Authentication, Authorization, and Accounting (AAA)
Cloud vs. On-premises Requirements
Review Key Topics

Implementing Cybersecurity Resilience

Redundancy
Replication
On-premises vs. Cloud
Backup Types
Non-persistence
High Availability
Restoration Order
Diversity
Review Key Topics

Understanding the Security Implications of Embedded and Specialized Systems

Embedded Systems
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
Internet of Things (IoT)
Specialized Systems
Voice over IP (VoIP)
Heating, Ventilation, and Air Conditioning (HVAC)
Drones
Multifunction Printers (MFP)
Real-Time Operating Systems (RTOS)
Surveillance Systems
System on a Chip (SoC)
Communication Considerations
Embedded System Constraints
Review Key Topics

Understanding the Importance of Physical Security Controls

Bollards/Barricades
Access Control Vestibules
Badges
Alarms
Signage
Cameras
Closed-Circuit Television (CCTV)
Industrial Camouflage
Personnel
Locks
USB Data Blockers
Lighting
Fencing
Fire Suppression
Sensors
Drones
Visitor Logs
Faraday Cages
Air Gap
Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
Protected Cable Distribution
Secure Areas
Secure Data Destruction
Review Key Topics

Summarizing the Basics of Cryptographic Concepts

Digital Signatures
Key Length
Key Stretching
Salting
Hashing
Key Exchange
Elliptic-Curve Cryptography
Perfect Forward Secrecy
Quantum
Post-Quantum
Ephemeral
Modes of Operation
Blockchain
Cipher Suites
Symmetric vs. Asymmetric Encryption
Lightweight Cryptography
Steganography
Homomorphic Encryption
Common Use Cases
Limitations
Review Key Topics

Implementing Secure Protocols

Protocols
Use Cases
Review Key Topics

Implementing Host or Application Security Solutions

Endpoint Protection
Antimalware
Next-Generation Firewall
Host-based Intrusion Prevention System
Host-based Intrusion Detection System
Host-based Firewall
Boot Integrity
Database
Application Security
Hardening
Self-Encrypting Drive/Full-Disk Encryption
Hardware Root of Trust
Trusted Platform Module
Sandboxing
Review Key Topics

Installing and Configuring Wireless Security Settings

Cryptographic Protocols
Authentication Protocols
Methods
Installation Considerations
Review Key Topics

Implementing Secure Mobile Solutions

Connection Methods and Receivers
Mobile Device Management
Mobile Device Management Enforcement and Monitoring
Mobile Devices
Deployment Models
Review Key Topics

Applying Cybersecurity Solutions to the Cloud

Cloud Security Controls
Solutions
Cloud Native Controls vs. Third-Party Solutions
Review Key Topics

Implementing Identity and Account Management Controls

Identity
Account Types
Account Policies
Review Key Topics

Implementing Authentication and Authorization Solutions

Authentication Management
Authentication/Authorization
Access Control Schemes
Review Key Topics

Implementing Public Key Infrastructure

Public Key Infrastructure
Types of Certificates
Certificate Formats
PKI Concepts
Review Key Topics

Using the Appropriate Tool to Assess Organizational Security

Network Reconnaissance and Discovery
File Manipulation
Shell and Script Environments
Packet Capture and Replay
Forensics
Exploitation Frameworks
Password Crackers
Data Sanitization
Review Key Topics

Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

Incident Response Plans
Incident Response Process
Exercises
Attack Frameworks
Stakeholder Management
Communication Plan
Disaster Recovery Plan
Business Continuity Plan
Continuity of Operations Planning (COOP)
Incident Response Team
Retention Policies
Review Key Topics

Using Appropriate Data Sources to Support an Investigation

Vulnerability Scan Output
SIEM Dashboards
Log Files
syslog/rsyslog/syslog-ng
journalctl
NXLog
Bandwidth Monitors
Metadata
NetFlow/sFlow
Protocol Analyzer Output
Review Key Topics

Applying Mitigation Techniques or Controls to Secure an Environment

Reconfigure Endpoint Security Solutions
Configuration Changes
Isolation
Containment
Segmentation
SOAR
Review Key Topics

Understanding the Key Aspects of Digital Forensics

Documentation/Evidence
Acquisition
On-premises vs. Cloud
Integrity
Preservation
E-discovery
Data Recovery
Nonrepudiation
Strategic Intelligence/Counterintelligence
Review Key Topics

Comparing and contrasting the Various Types of Controls

Control Category
Control Types
Review Key Topics

Understanding the Importance of Applicable Regul...orks That Impact Organizational Security Posture

Regulations, Standards, and Legislation
Key Frameworks
Benchmarks and Secure Configuration Guides
Review Key Topics

Understanding the Importance of Policies to Organizational Security

Personnel Policies
Diversity of Training Techniques
Third-Party Risk Management
Data Concepts
Credential Policies
Organizational Policies
Review Key Topics

Summarizing Risk Management Processes and Concepts

Risk Types
Risk Management Strategies
Risk Analysis
Disaster Analysis
Business Impact Analysis
Review Key Topics

Understanding Privacy and Sensitive Data Concepts in Relation to Security

Organizational Consequences of Privacy and Data Breaches
Notifications of Breaches
Data Types and Asset Classification
PII
PHI
Privacy Enhancing Technologies
Roles and Responsibilities
Information Lifecycle
Impact Assessment
Terms of Agreement
Privacy Notice
Review Key Topics

Final Preparation

Hands-on Activities
Suggested Plan for Final Review and Study
Summary

Comparing and Contrasting Different Types of Social Engineering Techniques

Using SET
Performing Website Reconnaissance

Analyzing Potential Indicators to Determine the Type of Attack

Cracking a Password Using the John the Ripper Tool
Simulating a DoS Attack
Using Rainbow Tables
Detecting Rootkits
Creating a Remote Access Trojan (RAT)
Using NetBus in Windows 10

Analyzing Potential Indicators Associated with Application Attacks

Defending Against a Buffer Overflow Attack
Performing Session Hijacking Using Burp Suite
Exploiting a Website Using SQL Injection

Analyzing Potential Indicators Associated with Network Attacks

Performing ARP Spoofing

Understanding the Techniques Used in Penetration Testing

Identifying Search Options in Metasploit
Using OWASP ZAP

Understanding the Importance of Security Concepts in an Enterprise Environment

Setting Up a Honeypot

Implementing Cybersecurity Resilience

Configuring RAID 5
Taking an Incremental Backup
Taking a Full Backup

Summarizing the Basics of Cryptographic Concepts

Observing an MD5-Generated Hash Value
Performing Symmetric Encryption
Examining Asymmetric Encryption
Hiding Text Using Steganography

Implementing Secure Protocols

Configuring an SSH Server
Configuring DNSSEC on an Active Directory Integrated Zone
Configuring IPSec

Implementing Host or Application Security Solutions

Configuring Inbound Rules for a Firewall
Using Windows Firewall

Implementing Secure Mobile Solutions

Turning on Airplane Mode of an iPhone
Setting Up a VPN in Android

Applying Cybersecurity Solutions to the Cloud

Performing a MITM Attack

Implementing Identity and Account Management Controls

Stopping Permissions Inheritance
Managing NTFS Permissions
Creating a User Account in the Active Directory

Implementing Authentication and Authorization Solutions

Creating a Network Policy for 802.1X

Implementing Public Key Infrastructure

Revoking and Exporting a Certificate
Examining PKI Certificates

Using the Appropriate Tool to Assess Organizational Security

Performing Memory Analysis with Volatility
Using Wireshark
Manipulating a File in Linux
Conducting Vulnerability Scanning Using Nessus
Using the theHarvester Tool
Creating Reverse and Bind Shells Using Netcat
Using the netstat Command
Using the hping Program
Using pathping and ping Commands
Scanning Live Systems Using Nmap
Using dig and nslookup Commands
Tracing a Route Using Tracert
Using the ifconfig Command

Using Appropriate Data Sources to Support an Investigation

Viewing the System Logs
Using Windows Event Viewer

Understanding the Key Aspects of Digital Forensics

Completing the Chain of Custody
Analyzing Forensics with Autopsy

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

CompTIA Security+ and two years of experience in IT administration with a focus on security.

USD 370

The exam contains 90 questions.

90 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the SY0-601 examination, CompTIA retake policy is:

CompTIA does not require a waiting period between the first and second attempts to pass such an examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least fourteen calendar days from the date of your last attempt before you can retake the exam.
If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

Three years

This course includes:

Free pre-assessment and first 2 lessons

37+ Interactive Lessons | 34+ Exercises

Accessible on mobile and tablet too

Certificate of completion

Are you an instructor?

Access detailed information about the course content, learning objectives, activities, and assessments before adding it to your curriculum.

Exam Voucher

Your exam voucher code will be delivered via email within 24 hours of purchase. Buy it separately.

CompTIA Security+ (SY0-601)

Are you an instructor?