CompTIA Security+ (SY0-601) Course with Practice Exam

سرفصل های دوره

Full Practice Exam | Simulated PBQs | Video Lessons | Everything you need to pass the CompTIA Security+ SY0-601 exam

1. About the course and exam

1. About the course and certification

2. About the course author.html

3. Pre-requisites

4. Tools and tips to help you study more efficiently

5. Study techniques that will help you pass.html

6. What surprised me the most about the exam

7. Join our Discord community for support and interaction.html

8. Acronym definitions and study template.html

2. Domain 1 Threats, Attacks, and Vulnerabilities

1. About threats, attacks, and vulnerabilities

3. 1.1 Compare and contrast social engineering techniques

1. What is social engineering

2. Principles

3. Spam

4. Blocking and Managing Spam

5. Phishing

6. Smishing

7. Vishing

8. Spear phishing

9. Whaling

10. Impersonation

11. Dumpster diving

12. Shoulder surfing

13. Pharming

14. Tailgating

15. Eliciting information

16. Prepending

17. Identity fraud

18. Invoice scams

19. Credentials harvesting

20. Reconnaissance

21. Hoax

22. Watering hole attack

23. Typo squatting and URL Hijacking

24. Influence campaigns

25. Hybrid warfare

26. Knowledge check.html

4. 1.2 Analyze potential indicators to determine the type of attack

1. What is malware

2. Malware classification

3. Virus

4. Worms

5. Backdoor

6. Trojans

7. Remote access Trojan (RAT)

8. Ransomware and Crypto Malware

9. How does ransomware work

10. Potentially unwanted programs (PUPs)

11. Spyware

12. Adware & Malvertising

13. Keyloggers

14. Fileless malware

15. Logic bombs

16. Rootkit

17. Bots and Botnets

18. Command and control

19. What are password attacks

20. Plaintext, encrypted, and hashed passwords

21. Brute force

22. Dictionary attacks

23. Spraying attacks

24. Rainbow and hash tables

25. Credential stuffing

26. What are physical attacks

27. Malicious universal serial bus (USB) cable

28. Malicious flash drive

29. Card cloning

30. Skimming

31. What is adversarial AI and tainted training for ML

32. Supply-chain attacks

33. Cloud-based vs. on-premises attacks

34. Cryptography concepts

35. Cryptographic attacks

36. Knowledge Check 1.2.1.html

37. Knowledge Check 1.2.2.html

38. Knowledge Check 1.2.3.html

5. 1.3 Analyze potential indicators associated with application attacks

1. Privilege escalation

2. Improper input handling

3. Improper error handling

4. Cross-Site Scripting (XSS)

5. Structured query language (SQL Injections)

6. Dynamic Link Library (DLL Injections)

7. Lightweight directory access protocol (LDAP Injections)

8. Extensible Markup Language (XML) and XPATH Injections

9. XXE Injections

10. Directory traversal

11. Request forgeries

12. Application Programming Interface (API) attacks

13. Secure Sockets Layer (SSL) stripping

14. Replay attack (session replays)

15. Pass the hash

16. Race conditions (time of check and time of use)

17. Resource exhaustion

18. Memory leak

19. Pointerobject dereference

20. Integer overflow

21. Buffer overflows

22. Driver manipulation (shimming and refactoring)

23. Knowledge Check 1.3.1.html

24. Knowledge Check 1.3.2.html

6. 1.4 Analyze potential indicators of network attacks

1. What are wireless attacks

2. Distributed Denial of Service (DDoS)

3. Rogue access point and Evil Twin

4. Bluesnarfing and Bluejacking

5. Disassociation and Jamming

6. Radio Frequency Identifier (RFID) attacks

7. Near Field Communication (NFC) attacks

8. Initialization Vector (IV)

9. Man in the middle

10. Man in the browser

11. What are layer 2 attacks

12. Address resolution protocol (ARP) poisoning

13. Media access control (MAC) flooding

14. MAC cloning & spoofing

15. What are Domain Name System (DNS) attacks and defenses

16. Domain hijacking

17. DNS poisoning

18. Universal resource locator (URL) redirection

19. Domain reputation

20. Knowledge Check.html

7. 1.5 Explain threat actors, vectors, and intelligence sources

1. What are actors and threats

2. Attributes of actors

3. Vectors

4. Insider threats

5. State actors

6. Hacktivists

7. Script kiddies

8. Hackers (white hat, black hat, gray hat)

9. Criminal syndicates

10. Advanced persistent threat (APT)

11. Shadow IT

12. Competitors

13. Threat intelligence sources (OSINT and others)

14. Using threat intelligence

15. Research sources

16. Knowledge Check.html

8. 1.6 Security concerns associated with various vulnerabilities

1. Cloud-based vs. on-premises vulnerabilities

2. Zero-day vulnerabilities

3. Weak configurations

4. Weak encryption, hashing, and digital signatures

5. Third-party risks

6. Improper or weak patch management

7. Legacy platforms

8. Impacts

9. Knowledge Check.html

9. 1.7 Summarizing techniques used in security assessments

1. Threat hunting

2. Vulnerability scans

3. SyslogSecurity information and event management (SIEM)

4. Security orchestration, automation, response (SOAR)

5. Knowledge Check.html

10. 1.8 Explaining techniques used in penetration testing

1. Important pentesting concepts

2. Bug bounties

3. Exercise types (red, blue, white, and purple teams)

4. Passive and active reconnaissance

5. Knowledge Check.html

11. Domain 2 Architecture and Design

1. About architecture and design.html

12. 2.1 Explaining the importance of security concepts in an enterprise environment

1. Configuration management

2. Data sovereignty

3. Data protection

4. Hardware security module (HSM) and Trusted Platform Module (TPM)

5. Geographical considerations

6. Cloud access security broker (CASB)

7. Response and recovery controls

8. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) inspection

9. Hashing

10. API considerations

11. Site resiliency

12. Deception and disruption

13. Knowledge Check 2.1.html

13. 2.2 Virtualization and cloud computing concepts

1. Comparing cloud models

2. Cloud service providers

3. Virtualization

4. Containers

5. Microservices and APIs

6. Serverless architecture

7. MSPs and MSSPs

8. On-premises vs. off-premises.html

9. Edge computing

10. Fog computing

11. Thin client

12. Infrastructure as Code (IaC)

13. Services integration

14. Resource policies

15. Transit gateway

16. Knowledge Check 2.2.html

14. 2.3 Secure application development, deployment, and automation concepts

1. Understanding development environments

2. Automation and scripting

3. Version control

4. Secure coding techniques

5. Open Web Application Security Project (OWASP)

6. Integrity measurement

7. Software diversity

8. Provisioning and deprovisioning

9. Elasticity

10. Scalability

11. Knowledge Check 2.3.html

15. 2.4 Authentication and authorization design concepts

1. Important authentication and authorization concepts

2. Multifactor authentication (MFA) factors and attributes

3. MFA factors and attributes.html

4. Authentication technologies

5. Biometrics techniques and concepts

6. Authentication, authorization, and accounting (AAA)

7. Cloud vs. on-premises requirements

8. Knowledge Check 2.4.html

16. 2.5 Implementing cybersecurity resilience

1. What is redundancy

2. Disk redundancy (RAID levels)

3. Network redundancy

4. Power redundancy

5. Replication

6. Backup types (full, incremental, differential, and snapshot)

7. Backup types practice scenarios.html

8. Backup devices and strategies

9. Backup types, devices, and strategies.html

10. Non-persistence

11. Restoration order

12. Diversity

13. Knowledge Check 2.5.html

17. 2.6 Security implications of embedded and specialized systems

1. What are embedded systems

2. System on a Chip (SoC)

3. SCADA and ICS

4. Internet of Things (IoT)

5. Specialized systems

6. VoIP, HVAC, DronesAVs, MFP, RTOS, Surveillance systems

7. Communication considerations

8. Important constraints

18. 2.7 Importance of physical security controls

1. Bollardsbarricades, Mantraps, Badges, Alarms, Signage

2. Lighting and fencing

3. Cameras and Closed-circuit television (CCTV)

4. Industrial camouflage

5. Personnel, robots, dronesUAVs

6. Locks

7. Different sensors

8. Fire suppression

9. Protected cable distribution (PCD)

10. Secure areas (air gap, faraday cages, DMZ, etc)

11. Hot and cold aisles

12. Secure data destruction

13. USB data blocker

14. Knowledge Check 2.7.html

19. 2.8 Basics of cryptography

1. Common use cases

2. Key length

3. Key stretching

4. Salting, hashing, digital signatures.html

5. Perfect forward secrecy

6. Elliptic curve cryptography

7. Ephemeral

8. Symmetric vs. asymmetric encryption

9. Key exchange

10. Cipher suites

11. Modes of operation

12. Lightweight cryptography and Homomorphic encryption

13. Steganography

14. Blockchain

15. Quantum and post-quantum

16. Limitations

17. Knowledge Check 2.8.1.html

20. Domain 3 Implementation

1. About implementation.html

21. 3.1 Implement Secure Protocols

1. Important protocols to know and use cases

2. Important email secure protocols

3. IPsec and VPN

4. FTPS, SFTP, SCP

5. DNSSEC

7. DHCP

8. SNMP and SNMPv3

22. 3.2 Implement host or application security solutions

1. Endpoint protection

2. Self-encrypting drive (SED), full disk encryption (FDE), and file-level encrypti

3. Boot integrity

4. Database and data security.html

5. Application security

6. Hardening hosts

7. Sandboxing

23. 3.3 Implement secure network designs

1. DNS.html

2. Load balancing

3. Network segmentation

4. East-West and North-South

5. Jump servers (bastion hosts)

6. NAT Gateways

7. Proxy servers

8. Out-of-band management

9. Virtual Private Networks (VPNs) and IPsec

10. Network Access Control (NAC)

11. Port security

12. Network-based intrusion detection and prevention system (NIDS and NIPS)

13. Firewalls

14. Next-Generation Firewalls

15. Access Control List (ACL) and Security Groups (SGs)

16. Quality of Service (QoS)

17. Implications of IPv6

18. Port scanning and port mirroring

19. File integrity monitors

24. 3.4 Install and configure wireless security settings

1. Cryptographic protocols

2. Methods

3. Authentication protocols

4. Installation considerations

25. 3.5 Implement secure mobile solutions

1. Connection methods and receivers

2. Mobile deployment models

3. Mobile device management (MDM)

4. Mobile devices

5. Enforcement and monitoring

26. 3.6 Apply cybersecurity solutions to the cloud

1. Cloud security controls

2. Secure cloud storage

3. Secure cloud networking

4. Secure cloud compute resources

5. Secure cloud solutions

27. 3.7 Implement identity and account management controls

1. Understanding identity

2. Account types to consider

3. Account policies to consider

28. 3.8 Implement authentication and authorization solutions

1. Authentication management

2. Authentication protocols and considerations

3. Extensible Authentication Protocol (EAP).html

4. RADIUS and TACACS+

5. Kerberos, LDAP, and NTLM

6. Federated Identities

7. Access control schemes

29. 3.9 Implement public key infrastructure

1. What is public key infrastructure

2. Types of certificates

3. Certificate formats

4. Important concepts

30. Domain 4 Operations and Incident Response

1. About operations and incident response.html

31. 4.1 Use the appropriate tools to assess organizational security

1. Network reconnaissance and discovery part 1

2. Network reconnaissance and discovery part 2

3. File manipulation

4. Shell and script environments

5. Packet capture and replay

6. Forensics tools

7. Exploitation frameworks

8. Password crackers

9. Data sanitization

32. 4.2 Policies, processes, and procedures for incident response

1. Incident response plans

2. Incident response process

3. Important exercises

4. Important attack frameworks

5. BCP, COOP, and DRP

6. Incident response team and stakeholder management

7. Retention policies

33. 4.3 Using appropriate data sources to support investigations after an incident

1. Vulnerability scan outputs

2. SIEM dashboards

3. Log files

4. Syslog, rsyslog, syslog-ng

5. Journald and journalctl

6. NXLog

7. Bandwidth and network monitors

8. Important and useful metadata

34. 4.4 Applying mitigation techniques or controls to secure environments during an

1. Reconfiguring endpoint security solutions

2. Configuration changes

3. Isolation, containment, and segmentation

4. Secure Orchestration, Automation, and Response (SOAR)

35. 4.5 Key aspects of digital forensics

1. Documentation and evidence

2. E-discovery, data recovery, and non-repudiation

3. Integrity and preservation of information

4. Acquisition

5. On-premises vs. cloud

6. Strategic intelligence and counterintelligence

36. Domain 5 Governance, Risk, and Compliance

1. About governance, risk and compliance

37. 5.1 Compare and contrast various types of controls

1. Categories

2. Control types

38. 5.2 Applicable regulationsstandardsframeworks that impact security posture

1. Regulations, standards, and legislation

2. Key frameworks to know about

3. Benchmarks and secure configuration guides

39. 5.3 Importance of policies to organizational security

1. Personnel

2. User training

3. Third-party risk management

4. Data

5. Credential policies

6. Organizational policies

40. 5.4 Risk management processes and concepts

1. Types of risks

2. Risk management strategies

3. Risk analysis

4. Disasters

5. Business impact analysis

41. 5.5 Privacy and sensitive data concepts in relation to security

1. Organizational consequences of privacy breaches

2. Notifications of breaches

3. Data types

4. Privacy enhancing technologies

5. Roles and responsibilities

42. Practice Exams and Next Steps

1. What should you do next.html

2. Bonus FREE Performance-Based Questions (PBQs).html

3. Realistic Security+ Practice Exam.html

139,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy-Training