Comptia Security + 501

Course Overview
Welcome to the CompTIA Security+ Course
Topics Covered in this Course
1.0: Threats, Attacks, and Vulnerabilities
1.1 Given a scenario analyze indicators of compromise and determine the type of malware.
12 Topics | 1 Quiz
1.1.1 Virus
1.1.2 Crypto-malware/Ransomware
1.1.3 Worm
1.1.4 Trojan Horse
1.1.5 Rootkit
1.1.6 Keylogger
1.1.7 Adware
1.1.8 Spyware
1.1.9 Bots
1.1.10 RAT
1.1.11 Logic Bomb
1.1.12 Backdoor
Quiz: Threats, Attacks, and Vulnerabilities
1.2 Compare and contrast types of attacks (Important Study Focus!)
6 Topics | 1 Quiz
1.2.1 Social Engineering
1.2.2 Social Engineering (Important Study Focus – Simulation Answers!)
1.2.3 Principles (Reasons for Effectiveness)
1.2.4: Application/Service Attacks
1.2.5 Wireless Attacks
1.2.6 Cryptographic Attacks
Quiz: Compare and contrast types of attacks
1.3 Explain threat actor types and attributes
3 Topics | 1 Quiz
1.3.1 Types of Actors
1.3.2 Attributes of Actors
1.3.3 Use of Open-Source Intelligence
Quiz: Explain threat actor types and attributes
1.4 Explain penetration testing concepts
10 Topics | 1 Quiz
1.4.1 Active Reconnaissance
1.4.2 Passive Reconnaissance
1.4.3 Pivot
1.4.4 Initial Exploitation
1.4.5 Persistence
1.4.6 Escalation of privilege
1.4.7 Black Box
1.4.8 White Box
1.4.9 Gray Box
1.4.10 Pen Testing vs. Vulnerability Scanning
Quiz: Explain penetration testing concepts
1.5 Explain vulnerability scanning concepts
7 Topics | 1 Quiz
1.5.1 Passively test security controls
1.5.2 Identify vulnerability
1.5.3 Identify lack of security controls
1.5.4 Identify common misconfigurations
1.5.5 Intrusive vs. non-intrusive
1.5.6 Credentialed vs. non-credentialed
1.5.7 False Positive
Quiz: Explain vulnerability scanning concepts
1.6 Explain the impact associated with types of vulnerabilities
15 Topics | 1 Quiz
1.6.1 Race Conditions
1.6.2 Vulnerabilities to due:
1.6.3 Improper error/input handling
1.6.4 Misconfiguration/Weak Configuration
1.6.5 Default Configuration
1.6.6 Resource Exhaustion
1.6.7 Untrained Users
1.6.8 Improperly Configured Accounts
1.6.9 Vulnerable Business Processes
1.6.10 Weak Cipher Suites and Implementations
1.6.11 Memory/Buffer Vulnerability
1.6.12 System sprawl/Undocumented Assets
1.6.13 Architecture/Design Weaknesses
1.6.14 New Threats/Zero Day
1.6.15 Improper Certificate and Key Management
Quiz: Explain the impact associated with types of vulnerabilities
Section 1.0: Test Your Knowledge
Section 1: Test Preparation
3 Topics
Section 1 – Flash Cards Game
Section 1 – Mix & Match Game
Section 1 – Familiarize Game
Section 1.0: Identifying Scenario & Questions
Section 1: Performance Based Questions
2.0: Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
17 Topics | 1 Quiz
2.1.1 Firewall
2.1.2 VPN Concentrator
2.1.3 NIPS/NIDS
2.1.4 Router
2.1.5 Switch
2.1.6 Proxy
2.1.7 Load Balancer
2.1.8 Access Point
2.1.9 SIEM
2.1.10 DLP
2.1.11 NAC
2.1.12 Mail Gateway
2.1.13 Bridge
2.1.14 SSL/TLS Accelerators
2.1.15 SSL Decryptors
2.1.16 Media Gateway
2.1.17 Hardware Security Module
Quiz: Install and configure network components
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
14 Topics | 1 Quiz
2.2.1 Protocol Analyzer
2.2.2 Network Scanners
2.2.3 Wireless Scanner/Cracker
2.2.4 Password Cracker
2.2.5 Vulnerability Scanner
2.2.6 Configuration Compliance Scanner
2.2.7 Exploitation Frameworks
2.2.8 Data Sanitization Tools
2.2.9 Steganography Tools
2.2.10 Honeypot
2.2.11 Backup Utilities
2.2.12 Banner Grabbing
2.2.13 Passive vs. Active
2.2.14 Command Line Tools
Quiz: Using appropriate software tools to assess the security posture of an organization.
2.3 Given a scenario, troubleshoot common security issues.
14 Topics | 1 Quiz
2.3.1 Unencrypted Credentials/Clear Text
2.3.2 Logs and Events Anomalies
2.3.3 Permissions Issues
2.3.4 Access Violations
2.3.5 Certificate Issues
2.3.6 Data Exfiltration
2.3.7 Misconfigured Devices
2.3.8 Weak Security Configurations
2.3.9 Personnel Issues
2.3.10 Unauthorized Software
2.3.11 Baseline Deviation
2.3.12 License Compliance Violation (availability/integrity)
2.3.13 Asset Management
2.3.14 Authentication Issues
Quiz: Troubleshoot common security issues.
2.4 Given a scenario, analyze and interpret output from security technologies.
12 Topics | 1 Quiz
2.4.1 HIDS/HIPS
2.4.2 Antivirus
2.4.3 File Integrity Check
2.4.4 Host-based Firewall
2.4.5 Application Whitelisting
2.4.6 Removable Media Control
2.4.7 Advanced Malware Tools
2.4.8 Patch Management Tools
2.4.9 UTM
2.4.10 DLP
2.4.11 Data Execution Prevention
2.4.12 Web Application Firewall
Quiz: Analyze and interpret output from security technologies.
2.5 Given a scenario, deploy mobile devices securely.
5 Topics | 1 Quiz
2.5.1 Connection Methods
2.5.2 Mobile Device Management Concepts
Mobile Device Management Concepts (Important Study Focus – Simulation Answers!)
2.5.3 Enforcement and Monitoring for:
2.5.4 Deployment Models
Quiz: Deploy mobile devices securely.
2.6 Given a Scenario, implement secure protocols.
4 Topics | 1 Quiz
2.6.1 Protocols
Protocols (Important Study Focus – Simulation Answers!)
2.6.2 Use Cases
Configure the firewall (Important Study Focus – Simulation Answers!)
Quiz: Implement secure protocols.
Section 2.0: Test Your Knowledge
Section 2: Test Preparation
3 Topics
Section 2 – Flash Cards Game
Section 2 – Mix & Match Game
Section 2 – Familiarize Game
Section 2.0: Identifying Scenario & Questions
Section 2: Performance Based Questions
3.0: Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
3 Topics | 1 Quiz
3.1.1 Industry-Standard Frameworks and Reference Architectures
3.1.2 Benchmarks/Secure Configuration Guides
3.1.3 Defense-in-depth/Layered Security
Quiz: Best practices and secure configuration guides.
3.2 Given a scenario, implement secure network architecture concepts.
5 Topics | 1 Quiz
3.2.1 Zones/Topologies
3.2.2 Segregation/Segmentation/Isolation
3.2.3 Tunneling/VPN
3.2.4 Security Device/Technology Placement
3.2.5 SDN
Quiz: Implement secure network architecture concepts.
1 of 3
Previous Lesson
Next Topic

1.5.1 Passively test security controls

Comptia Security + 501 1.5 Explain vulnerability scanning concepts 1.5.1 Passively test security controls
Lesson Progress
0% Complete

TERM

DEFINITION

LAYMAN'S TERM

Passively Test Security Controls

A method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction. does have limitations.

Vulnerability scans these controls because no actual exploits are attempted on potential vulnerabilities.

Previous Lesson
Back to Lesson
Next Topic