Comptia Security + 501

Course Overview
Welcome to the CompTIA Security+ Course
Topics Covered in this Course
1.0: Threats, Attacks, and Vulnerabilities
1.1 Given a scenario analyze indicators of compromise and determine the type of malware.
12 Topics | 1 Quiz
1.1.1 Virus
1.1.2 Crypto-malware/Ransomware
1.1.3 Worm
1.1.4 Trojan Horse
1.1.5 Rootkit
1.1.6 Keylogger
1.1.7 Adware
1.1.8 Spyware
1.1.9 Bots
1.1.10 RAT
1.1.11 Logic Bomb
1.1.12 Backdoor
Quiz: Threats, Attacks, and Vulnerabilities
1.2 Compare and contrast types of attacks (Important Study Focus!)
6 Topics | 1 Quiz
1.2.1 Social Engineering
1.2.2 Social Engineering (Important Study Focus – Simulation Answers!)
1.2.3 Principles (Reasons for Effectiveness)
1.2.4: Application/Service Attacks
1.2.5 Wireless Attacks
1.2.6 Cryptographic Attacks
Quiz: Compare and contrast types of attacks
1.3 Explain threat actor types and attributes
3 Topics | 1 Quiz
1.3.1 Types of Actors
1.3.2 Attributes of Actors
1.3.3 Use of Open-Source Intelligence
Quiz: Explain threat actor types and attributes
1.4 Explain penetration testing concepts
10 Topics | 1 Quiz
1.4.1 Active Reconnaissance
1.4.2 Passive Reconnaissance
1.4.3 Pivot
1.4.4 Initial Exploitation
1.4.5 Persistence
1.4.6 Escalation of privilege
1.4.7 Black Box
1.4.8 White Box
1.4.9 Gray Box
1.4.10 Pen Testing vs. Vulnerability Scanning
Quiz: Explain penetration testing concepts
1.5 Explain vulnerability scanning concepts
7 Topics | 1 Quiz
1.5.1 Passively test security controls
1.5.2 Identify vulnerability
1.5.3 Identify lack of security controls
1.5.4 Identify common misconfigurations
1.5.5 Intrusive vs. non-intrusive
1.5.6 Credentialed vs. non-credentialed
1.5.7 False Positive
Quiz: Explain vulnerability scanning concepts
1.6 Explain the impact associated with types of vulnerabilities
15 Topics | 1 Quiz
1.6.1 Race Conditions
1.6.2 Vulnerabilities to due:
1.6.3 Improper error/input handling
1.6.4 Misconfiguration/Weak Configuration
1.6.5 Default Configuration
1.6.6 Resource Exhaustion
1.6.7 Untrained Users
1.6.8 Improperly Configured Accounts
1.6.9 Vulnerable Business Processes
1.6.10 Weak Cipher Suites and Implementations
1.6.11 Memory/Buffer Vulnerability
1.6.12 System sprawl/Undocumented Assets
1.6.13 Architecture/Design Weaknesses
1.6.14 New Threats/Zero Day
1.6.15 Improper Certificate and Key Management
Quiz: Explain the impact associated with types of vulnerabilities
Section 1.0: Test Your Knowledge
Section 1: Test Preparation
3 Topics
Section 1 – Flash Cards Game
Section 1 – Mix & Match Game
Section 1 – Familiarize Game
Section 1.0: Identifying Scenario & Questions
Section 1: Performance Based Questions
2.0: Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
17 Topics | 1 Quiz
2.1.1 Firewall
2.1.2 VPN Concentrator
2.1.3 NIPS/NIDS
2.1.4 Router
2.1.5 Switch
2.1.6 Proxy
2.1.7 Load Balancer
2.1.8 Access Point
2.1.9 SIEM
2.1.10 DLP
2.1.11 NAC
2.1.12 Mail Gateway
2.1.13 Bridge
2.1.14 SSL/TLS Accelerators
2.1.15 SSL Decryptors
2.1.16 Media Gateway
2.1.17 Hardware Security Module
Quiz: Install and configure network components
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
14 Topics | 1 Quiz
2.2.1 Protocol Analyzer
2.2.2 Network Scanners
2.2.3 Wireless Scanner/Cracker
2.2.4 Password Cracker
2.2.5 Vulnerability Scanner
2.2.6 Configuration Compliance Scanner
2.2.7 Exploitation Frameworks
2.2.8 Data Sanitization Tools
2.2.9 Steganography Tools
2.2.10 Honeypot
2.2.11 Backup Utilities
2.2.12 Banner Grabbing
2.2.13 Passive vs. Active
2.2.14 Command Line Tools
Quiz: Using appropriate software tools to assess the security posture of an organization.
2.3 Given a scenario, troubleshoot common security issues.
14 Topics | 1 Quiz
2.3.1 Unencrypted Credentials/Clear Text
2.3.2 Logs and Events Anomalies
2.3.3 Permissions Issues
2.3.4 Access Violations
2.3.5 Certificate Issues
2.3.6 Data Exfiltration
2.3.7 Misconfigured Devices
2.3.8 Weak Security Configurations
2.3.9 Personnel Issues
2.3.10 Unauthorized Software
2.3.11 Baseline Deviation
2.3.12 License Compliance Violation (availability/integrity)
2.3.13 Asset Management
2.3.14 Authentication Issues
Quiz: Troubleshoot common security issues.
2.4 Given a scenario, analyze and interpret output from security technologies.
12 Topics | 1 Quiz
2.4.1 HIDS/HIPS
2.4.2 Antivirus
2.4.3 File Integrity Check
2.4.4 Host-based Firewall
2.4.5 Application Whitelisting
2.4.6 Removable Media Control
2.4.7 Advanced Malware Tools
2.4.8 Patch Management Tools
2.4.9 UTM
2.4.10 DLP
2.4.11 Data Execution Prevention
2.4.12 Web Application Firewall
Quiz: Analyze and interpret output from security technologies.
2.5 Given a scenario, deploy mobile devices securely.
5 Topics | 1 Quiz
2.5.1 Connection Methods
2.5.2 Mobile Device Management Concepts
Mobile Device Management Concepts (Important Study Focus – Simulation Answers!)
2.5.3 Enforcement and Monitoring for:
2.5.4 Deployment Models
Quiz: Deploy mobile devices securely.
2.6 Given a Scenario, implement secure protocols.
4 Topics | 1 Quiz
2.6.1 Protocols
Protocols (Important Study Focus – Simulation Answers!)
2.6.2 Use Cases
Configure the firewall (Important Study Focus – Simulation Answers!)
Quiz: Implement secure protocols.
Section 2.0: Test Your Knowledge
Section 2: Test Preparation
3 Topics
Section 2 – Flash Cards Game
Section 2 – Mix & Match Game
Section 2 – Familiarize Game
Section 2.0: Identifying Scenario & Questions
Section 2: Performance Based Questions
3.0: Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
3 Topics | 1 Quiz
3.1.1 Industry-Standard Frameworks and Reference Architectures
3.1.2 Benchmarks/Secure Configuration Guides
3.1.3 Defense-in-depth/Layered Security
Quiz: Best practices and secure configuration guides.
3.2 Given a scenario, implement secure network architecture concepts.
5 Topics | 1 Quiz
3.2.1 Zones/Topologies
3.2.2 Segregation/Segmentation/Isolation
3.2.3 Tunneling/VPN
3.2.4 Security Device/Technology Placement
3.2.5 SDN
Quiz: Implement secure network architecture concepts.
1 of 3
Previous Lesson
Next Topic

1.2.1 Social Engineering

Comptia Security + 501 1.2 Compare and contrast types of attacks (Important Study Focus!) 1.2.1 Social Engineering
Lesson Progress
0% Complete
vishing

 

Phishing

The practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.

 

Spear Phishing

A targeted form of phishing. Spear phishing attacks attempt to target specific groups of users, such as those within a specific organization, or even a single user.

 

 

Whaling

A form of spear phishing that attempts to target high-level executives. When successful. attackers gain confidential company information that they might not be able to get anywhere else.

 

 

Vishing

The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

 

Tailgating

A social engineering attack where one person follows behind another person without using credentials. Man-traps help prevent tailgating.

 

 Impersonation

The act of pretending to be someone else, or even another host, in order to wage an attack on a victim system, network, or person. 

 

 

 

Dumpster Diving

The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helps prevent the success of dumpster diving.

 

 

Shoulder Surfing

The practice of looking over someone’s shoulder to obtain information, such as on a computer screen. A screen filter placed over a monitor helps reduce the success of shoulder surfing.

 

 

 Hoax

A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.

 

 Watering Hole Attack

An attack method that infects web sites that a group is likely to trust and visit.

Previous Lesson
Back to Lesson
Next Topic