CompTIA Security+ (Exam SY0-601) Training

Upcoming Instructor Led Online and Public CompTIA Security+ (Exam SY0-601) classes
Virtual Instructor-Led
CompTIA Security+ (Exam SY0-601) Training/Class 17 May, 2021 - 21 May, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
Virtual Instructor-Led
CompTIA Security+ (Exam SY0-601) Training/Class 21 June, 2021 - 25 June, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
Virtual Instructor-led
CompTIA Security+ (Exam SY0-601) Training/Class 26 July, 2021 - 30 July, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
Virtual Instructor-led
CompTIA Security+ (Exam SY0-601) Training/Class 16 August, 2021 - 20 August, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
Virtual Instructor-led
CompTIA Security+ (Exam SY0-601) Training/Class 13 September, 2021 - 17 September, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
Virtual Instructor-led
CompTIA Security+ (Exam SY0-601) Training/Class 4 October, 2021 - 8 October, 2021 $2090
HSG Training Center 1624 Market Street, Suite 202
Denver, CO 80202
Hartmann Software Group Training Registration
We offer private customized training for groups of 3 or more attendees.

Course Description

 

CompTIA Security+ (Exam SY0-601) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. You can also take this course to prepare for the CompTIA Security+ certification examination. In this course, you will build on your knowledge of and professional experience with security fundamentals, networks, and organizational security as you acquire the specific skills required to implement basic security services on any type of computer network. This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-601) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today's job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your computer security skill set so that you can confidently perform your duties in any security-related role.

Course Length: 5 Days
Course Tuition: $2090 (US)

Prerequisites

To ensure your success in your course, you should possess basic Windows user skills and a fundamental understanding of computer and networking concepts.

Course Outline

 

 

1.0 THREATS, ATTACKS, AND VULNERABILITIES

 
Compare and contrast different types of social engineering techniques.
Phishing
Smishing
Vishing
Spam
Spam over instant messaging (SPIM)
Spear phishing
Dumpster diving
Shoulder surfing
Pharming
Tailgating
Eliciting information
Whaling
Prepending
Identity fraud
Invoice scams
Credential harvesting
Reconnaissance
Hoax
Impersonation
Watering hole attack
Typosquatting
Pretexting
Influence campaigns
Principles (reasons for effectiveness)
 
Given a scenario, analyze potential indicators to determine the type of attack.
Malware
Password attacks
Physical attacks
Adversarial artificial intelligence (AI)
Supply-chain attacks
Cloud-based vs. on-premises attacks
Cryptographic attacks
 
Given a scenario, analyze potential indicators associated with application attacks.
Privilege escalation
Cross-site scripting
Injections
Pointer/object dereference
Directory traversal
Buffer overflows
Race conditions
Error handling
Improper input handling
Replay attack
Integer overflow
Request forgeries
Application programming interface (API) attacks
Resource exhaustion
Memory leak
Secure Sockets Layer (SSL) stripping
Driver manipulation
Pass the hash
 
Given a scenario, analyze potential indicators associated with network attacks.
Wireless
On-path attack
Layer 2 attacks
Domain name system (DNS)
Distributed denial-of-service (DDoS)
 
Malicious code or script execution
Explain different threat actors, vectors, and intelligence sources.
Actors and threats
Attributes of actors
Vectors
Threat intelligence sources
Research sources
 
Explain the security concerns associated with various types of vulnerabilities.
Cloud-based vs. on-premises vulnerabilities
Zero-day
Weak configurations
Third-party risks
Improper or weak patch management
Legacy platforms
Impacts
 
Summarize the techniques used in security assessments.
Threat hunting
Vulnerability scans
Syslog/Security information and event management (SIEM
Security orchestration, automation, and response (SOAR)
 
Explain the techniques used in penetration testing.
Penetration testing
Passive and active reconnaissance
Exercise types
 
2.0 ARCHITECTURE AND DESIGN
 
Explain the importance of security concepts in an enterprise environment.
Configuration management
Data sovereignty
Data protection
Geographical considerations
Response and recovery controls
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
Hashing
API considerations
Site resiliency
Deception and disruption
 
Summarize virtualization and cloud computing concepts.
Cloud models
Cloud service providers
Managed service provider (MSP)/ managed security service provider (MSSP)
On-premises vs. off-premises
Fog computing
Edge computing
Thin client
Containers
Microservices/API
Infrastructure as code
Serverless architecture
Services integration
Resource policies
Transit gateway
Virtualization
 
Summarize secure application development, deployment, and automation concepts.
Environment
Provisioning and deprovisioning
Integrity measurement
Secure coding techniques
Open Web Application Security Project (OWASP)
Software diversity
Automation/scripting
Elasticity
Scalability
Version control
 
Summarize authentication and authorization design concepts.
Authentication methods
Biometrics
Multifactor authentication (MFA) factors and attributes
Authentication, authorization, and accounting (AAA)
Cloud vs. on-premises requirements
 
Given a scenario, implement cybersecurity resilience.
Redundancy
Replication
On-premises vs. cloud
Backup types
Non-persistence
High availability
Restoration order
Diversity
 
Explain the security implications of embedded and specialized systems.
Embedded systems
Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
Internet of Things (IoT)
Specialized
Voice over IP (VoIP)
Heating, ventilation, air conditioning (HVAC)
Drones
Multifunction printer (MFP)
Real-time operating system (RTOS)
Surveillance systems
System on chip (SoC)
Communication considerations
Constraints
 
Explain the importance of physical security controls.
Bollards/barricades
Access control vestibules
Badges
Alarms
Signage
Cameras
Closed-circuit television (CCTV)
Industrial camouflage
Personnel
Locks
USB data blocker
Lighting
Fencing
Fire suppression
Sensors
Drones
Visitor logs
Faraday cages
Air gap
Screened subnet (previously known as demilitarized zone)
Protected cable distribution
Secure areas
Secure data destruction
 
Summarize the basics of cryptographic concepts.
Digital signatures
Key length
Key stretching
Salting
Hashing
Key exchange
Elliptic-curve cryptography
Perfect forward secrecy
Quantum
Post-quantum
Ephemeral
Modes of operation
Blockchain
Cipher suites
Symmetric vs. asymmetric
Lightweight cryptography
Steganography
Homomorphic encryption
Common use cases
Limitations
 
3.0 IMPLEMENTATION
 
Given a scenario, implement secure protocols.
Protocols
Use cases
 
Given a scenario, implement host or application security solutions.
Endpoint protection
Boot integrity
Database
Application security
Hardening
Self-encrypting drive (SED)/ full-disk encryption (FDE)
Hardware root of trust
Trusted Platform Module (TPM)
Sandboxing
 
Given a scenario, implement secure network designs.
Load balancing
Network segmentation
Virtual private network (VPN)
DNS
Network access control (NAC)
Out-of-band management
Port security
Network appliances
Access control list (ACL)
Route security
Quality of service (QoS)
Implications of IPv6
Port spanning/port mirroring
Monitoring services
File integrity monitors
 
Given a scenario, install and configure wireless security settings.
Cryptographic protocols
Authentication protocols
Methods
Installation considerations
 
Given a scenario, implement secure mobile solutions
Connection methods and receivers
Mobile device management (MDM)
Mobile devices
Enforcement and monitoring
Deployment models
 
Given a scenario, apply cybersecurity solutions to the cloud.
Cloud security controls
Solutions
Cloud native controls vs. third-party solutions
 
Given a scenario, implement identity and account management controls.
Identity
Account types
Account policies
 
Given a scenario, implement authentication and authorization solutions.
Authentication management
Authentication/authorization
Access control schemes
Given a scenario, implement public key infrastructure.
Public key infrastructure (PKI)
Types of certificates
Certificate formats
Concepts
 
4.0 OPERATIONS AND INCIDENT RESPONSE
 
Given a scenario, use the appropriate tool to assess organizational security.
Network reconnaissance and discovery
File manipulation
Shell and script environments
Packet capture and replay
Forensics
Exploitation frameworks
Password crackers
Data sanitization
 
Summarize the importance of policies, processes, and procedures for incident response.
Incident response plans
Incident response process
Exercises
Attack frameworks
Stakeholder management
Communication plan
Disaster recovery plan
Business continuity plan
Continuity of operations planning (COOP)
Incident response team
Retention policies
 
Given an incident, utilize appropriate data sources to support an investigation.
Vulnerability scan output
SIEM dashboards
Log files
syslog/rsyslog/syslog-ng
journalctl
NXLog
Bandwidth monitors
Metadata
Netflow/sFlow
Protocol analyzer output
 
Given an incident, apply mitigation techniques or controls to secure an environment
Reconfigure endpoint security solutions
Configuration changes
Isolation
Containment
Segmentation
SOAR
 
Explain the key aspects of digital forensics.
Documentation/evidence
Acquisition
On-premises vs. cloud
Integrity
Preservation
E-discovery
Data recovery
Non-repudiation
Strategic intelligence/ counterintelligence
 
5.0 GOVERNANCE, RISK, AND COMPLIANCE
 
Compare and contrast various types of controls.
Category
Control type
 
Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.
Regulations, standards, and legislation
Key frameworks
Benchmarks /secure configuration guides
 
Explain the importance of policies to organizational security.
Personnel
Diversity of training techniques
Third-party risk management
Data
Credential policies
Organizational policies
 
Summarize risk management processes and concepts.
Risk types
Risk management strategies
Risk analysis
Disasters
Business impact analysis
 
Explain privacy and sensitive data concepts in relation to security
Organizational consequences of privacy and data breaches
Notifications of breaches
Data types
Privacy enhancing technologies
Roles and responsibilities
Information life cycle
Impact assessment
Terms of agreement
Privacy notice

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.