CompTIA Security+ (SY0-601)

(SY0-601.AB1)/ISBN:978-1-64459-295-3

This course includes
Lessons
TestPrep
Hand-on Lab
Instructor Led (Add-on)
AI Tutor (Add-on)

Gain hands-on experience to pass the CompTIA Security+ certification exam with the CompTIA Security+ (SY0-601) course and lab. Interactive chapters and hands-on labs comprehensively cover the SY0-601 exam objectives and provide knowledge in areas such as security concepts, operating systems, application systems, and many more. The CompTIA Security+ study guide will help you get a full understanding of the challenges you'll face as a security professional.

Here's what you will get

The CompTIA Security+ SY0-601 exam verifies that a candidate can assess an enterprise's security posture and recommend and implement appropriate security solutions; monitor and secure hybrid environments, such as cloud, mobile, and IoT; and operate with an understanding of applicable laws and policies, such as governance, risk, and compliance.

Lessons

37+ Lessons | 34+ Exercises | 379+ Quizzes | 791+ Flashcards | 791+ Glossary of terms

TestPrep

104+ Pre Assessment Questions | 2+ Full Length Tests | 104+ Post Assessment Questions | 208+ Practice Test Questions

Hand on lab

64+ LiveLab | 65+ Video tutorials | 02:30+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • CompTIA Security+ Exam Topics

Lessons 2: Comparing and Contrasting Different Types of Social Engineering Techniques

  • Social Engineering Fundamentals
  • User Security Awareness Education
  • Review Key Topics

Lessons 3: Analyzing Potential Indicators to Determine the Type of Attack

  • Malicious Software (Malware)
  • Password Attacks
  • Physical Attacks
  • Adversarial Artificial Intelligence
  • Supply-Chain Attacks
  • Cloud-based vs. On-premises Attacks
  • Cryptographic Attacks
  • Review Key Topics

Lessons 4: Analyzing Potential Indicators Associated with Application Attacks

  • Privilege Escalation
  • Cross-Site Scripting (XSS) Attacks
  • Injection Attacks
  • Pointer/Object Dereference
  • Directory Traversal
  • Buffer Overflows
  • Race Conditions
  • Error Handling
  • Improper Input Handling
  • Replay Attacks
  • Request Forgeries
  • Application Programming Interface (API) Attacks
  • Resource Exhaustion
  • Memory Leaks
  • Secure Socket Layer (SSL) Stripping
  • Driver Manipulation
  • Pass the Hash
  • Review Key Topics

Lessons 5: Analyzing Potential Indicators Associated with Network Attacks

  • Wireless Attacks
  • On-Path Attacks
  • Layer 2 Attacks
  • Domain Name System (DNS) Attacks
  • Distributed Denial-of-Service (DDoS) Attacks
  • Malicious Code or Script Execution Attacks
  • Review Key Topics

Lessons 6: Understanding Different Threat Actors, Vectors, and Intelligence Sources

  • Actors and Threats
  • Attributes of Threat Actors
  • Attack Vectors
  • Threat Intelligence and Threat Intelligence Sources
  • Research Sources
  • Review Key Topics

Lessons 7: Understanding the Security Concerns Associated with Various Types of Vulnerabilities

  • Cloud-based vs. On-premises Vulnerabilities
  • Zero-day Vulnerabilities
  • Weak Configurations
  • Third-party Risks
  • Improper or Weak Patch Management
  • Legacy Platforms
  • The Impact of Cybersecurity Attacks and Breaches
  • Review Key Topics

Lessons 8: Summarizing the Techniques Used in Security Assessments

  • Threat Hunting
  • Vulnerability Scans
  • Logs and Security Information and Event Management (SIEM)
  • Security Orchestration, Automation, and Response (SOAR)
  • Review Key Topics

Lessons 9: Understanding the Techniques Used in Penetration Testing

  • Penetration Testing
  • Passive and Active Reconnaissance
  • Exercise Types
  • Review Key Topics

Lessons 10: Understanding the Importance of Security Concepts in an Enterprise Environment

  • Configuration Management
  • Data Sovereignty and Data Protection
  • Site Resiliency
  • Deception and Disruption
  • Review Key Topics

Lessons 11: Summarizing Virtualization and Cloud Computing Concepts

  • Cloud Models
  • Cloud Service Providers
  • Cloud Architecture Components
  • Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
  • Review Key Topics

Lessons 12: Summarizing Secure Application Development, Deployment, and Automation Concepts

  • Software Development Environments and Methodologies
  • Application Provisioning and Deprovisioning
  • Software Integrity Measurement
  • Secure Coding Techniques
  • Open Web Application Security Project (OWASP)
  • Software Diversity
  • Automation/Scripting
  • Elasticity and Scalability
  • Review Key Topics

Lessons 13: Summarizing Authentication and Authorization Design Concepts

  • Authentication Methods
  • Biometrics
  • Multifactor Authentication (MFA) Factors and Attributes
  • Authentication, Authorization, and Accounting (AAA)
  • Cloud vs. On-premises Requirements
  • Review Key Topics

Lessons 14: Implementing Cybersecurity Resilience

  • Redundancy
  • Replication
  • On-premises vs. Cloud
  • Backup Types
  • Non-persistence
  • High Availability
  • Restoration Order
  • Diversity
  • Review Key Topics

Lessons 15: Understanding the Security Implications of Embedded and Specialized Systems

  • Embedded Systems
  • Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
  • Internet of Things (IoT)
  • Specialized Systems
  • Voice over IP (VoIP)
  • Heating, Ventilation, and Air Conditioning (HVAC)
  • Drones
  • Multifunction Printers (MFP)
  • Real-Time Operating Systems (RTOS)
  • Surveillance Systems
  • System on a Chip (SoC)
  • Communication Considerations
  • Embedded System Constraints
  • Review Key Topics

Lessons 16: Understanding the Importance of Physical Security Controls

  • Bollards/Barricades
  • Access Control Vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-Circuit Television (CCTV)
  • Industrial Camouflage
  • Personnel
  • Locks
  • USB Data Blockers
  • Lighting
  • Fencing
  • Fire Suppression
  • Sensors
  • Drones
  • Visitor Logs
  • Faraday Cages
  • Air Gap
  • Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
  • Protected Cable Distribution
  • Secure Areas
  • Secure Data Destruction
  • Review Key Topics

Lessons 17: Summarizing the Basics of Cryptographic Concepts

  • Digital Signatures
  • Key Length
  • Key Stretching
  • Salting
  • Hashing
  • Key Exchange
  • Elliptic-Curve Cryptography
  • Perfect Forward Secrecy
  • Quantum
  • Post-Quantum
  • Ephemeral
  • Modes of Operation
  • Blockchain
  • Cipher Suites
  • Symmetric vs. Asymmetric Encryption
  • Lightweight Cryptography
  • Steganography
  • Homomorphic Encryption
  • Common Use Cases
  • Limitations
  • Review Key Topics

Lessons 18: Implementing Secure Protocols

  • Protocols
  • Use Cases
  • Review Key Topics

Lessons 19: Implementing Host or Application Security Solutions

  • Endpoint Protection
  • Antimalware
  • Next-Generation Firewall
  • Host-based Intrusion Prevention System
  • Host-based Intrusion Detection System
  • Host-based Firewall
  • Boot Integrity
  • Database
  • Application Security
  • Hardening
  • Self-Encrypting Drive/Full-Disk Encryption
  • Hardware Root of Trust
  • Trusted Platform Module
  • Sandboxing
  • Review Key Topics

Lessons 20: Implementing Secure Network Designs

  • Load Balancing
  • Network Segmentation
  • Virtual Private Network
  • DNS
  • Network Access Control
  • Out-of-Band Management
  • Port Security
  • Network Appliances
  • Access Control List
  • Route Security
  • Quality of Service
  • Implications of IPv6
  • Port Spanning/Port Mirroring
  • Monitoring Services
  • File Integrity Monitors
  • Review Key Topics

Lessons 21: Installing and Configuring Wireless Security Settings

  • Cryptographic Protocols
  • Authentication Protocols
  • Methods
  • Installation Considerations
  • Review Key Topics

Lessons 22: Implementing Secure Mobile Solutions

  • Connection Methods and Receivers
  • Mobile Device Management
  • Mobile Device Management Enforcement and Monitoring
  • Mobile Devices
  • Deployment Models
  • Review Key Topics

Lessons 23: Applying Cybersecurity Solutions to the Cloud

  • Cloud Security Controls
  • Solutions
  • Cloud Native Controls vs. Third-Party Solutions
  • Review Key Topics

Lessons 24: Implementing Identity and Account Management Controls

  • Identity
  • Account Types
  • Account Policies
  • Review Key Topics

Lessons 25: Implementing Authentication and Authorization Solutions

  • Authentication Management
  • Authentication/Authorization
  • Access Control Schemes
  • Review Key Topics

Lessons 26: Implementing Public Key Infrastructure

  • Public Key Infrastructure
  • Types of Certificates
  • Certificate Formats
  • PKI Concepts
  • Review Key Topics

Lessons 27: Using the Appropriate Tool to Assess Organizational Security

  • Network Reconnaissance and Discovery
  • File Manipulation
  • Shell and Script Environments
  • Packet Capture and Replay
  • Forensics
  • Exploitation Frameworks
  • Password Crackers
  • Data Sanitization
  • Review Key Topics

Lessons 28: Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

  • Incident Response Plans
  • Incident Response Process
  • Exercises
  • Attack Frameworks
  • Stakeholder Management
  • Communication Plan
  • Disaster Recovery Plan
  • Business Continuity Plan
  • Continuity of Operations Planning (COOP)
  • Incident Response Team
  • Retention Policies
  • Review Key Topics

Lessons 29: Using Appropriate Data Sources to Support an Investigation

  • Vulnerability Scan Output
  • SIEM Dashboards
  • Log Files
  • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth Monitors
  • Metadata
  • NetFlow/sFlow
  • Protocol Analyzer Output
  • Review Key Topics

Lessons 30: Applying Mitigation Techniques or Controls to Secure an Environment

  • Reconfigure Endpoint Security Solutions
  • Configuration Changes
  • Isolation
  • Containment
  • Segmentation
  • SOAR
  • Review Key Topics

Lessons 31: Understanding the Key Aspects of Digital Forensics

  • Documentation/Evidence
  • Acquisition
  • On-premises vs. Cloud
  • Integrity
  • Preservation
  • E-discovery
  • Data Recovery
  • Nonrepudiation
  • Strategic Intelligence/Counterintelligence
  • Review Key Topics

Lessons 32: Comparing and contrasting the Various Types of Controls

  • Control Category
  • Control Types
  • Review Key Topics

Lessons 33: Understanding the Importance of Applicable Regul...orks That Impact Organizational Security Posture

  • Regulations, Standards, and Legislation
  • Key Frameworks
  • Benchmarks and Secure Configuration Guides
  • Review Key Topics

Lessons 34: Understanding the Importance of Policies to Organizational Security

  • Personnel Policies
  • Diversity of Training Techniques
  • Third-Party Risk Management
  • Data Concepts
  • Credential Policies
  • Organizational Policies
  • Review Key Topics

Lessons 35: Summarizing Risk Management Processes and Concepts

  • Risk Types
  • Risk Management Strategies
  • Risk Analysis
  • Disaster Analysis
  • Business Impact Analysis
  • Review Key Topics

Lessons 36: Understanding Privacy and Sensitive Data Concepts in Relation to Security

  • Organizational Consequences of Privacy and Data Breaches
  • Notifications of Breaches
  • Data Types and Asset Classification
  • PII
  • PHI
  • Privacy Enhancing Technologies
  • Roles and Responsibilities
  • Information Lifecycle
  • Impact Assessment
  • Terms of Agreement
  • Privacy Notice
  • Review Key Topics

Lessons 37: Final Preparation

  • Hands-on Activities
  • Suggested Plan for Final Review and Study
  • Summary

Hands-on LAB Activities

Comparing and Contrasting Different Types of Social Engineering Techniques

  • Using SET
  • Performing Website Reconnaissance

Analyzing Potential Indicators to Determine the Type of Attack

  • Cracking a Password Using the John the Ripper Tool
  • Simulating a DoS Attack
  • Using Rainbow Tables
  • Detecting Rootkits
  • Creating a Remote Access Trojan (RAT)
  • Using NetBus in Windows 10

Analyzing Potential Indicators Associated with Application Attacks

  • Defending Against a Buffer Overflow Attack
  • Performing Session Hijacking Using Burp Suite
  • Exploiting a Website Using SQL Injection

Analyzing Potential Indicators Associated with Network Attacks

  • Performing ARP Spoofing

Understanding the Techniques Used in Penetration Testing

  • Identifying Search Options in Metasploit
  • Using OWASP ZAP

Understanding the Importance of Security Concepts in an Enterprise Environment

  • Setting Up a Honeypot

Implementing Cybersecurity Resilience

  • Configuring RAID 5
  • Taking an Incremental Backup
  • Taking a Full Backup

Summarizing the Basics of Cryptographic Concepts

  • Observing an MD5-Generated Hash Value
  • Performing Symmetric Encryption
  • Examining Asymmetric Encryption
  • Hiding Text Using Steganography

Implementing Secure Protocols

  • Configuring an SSH Server
  • Configuring DNSSEC on an Active Directory Integrated Zone
  • Configuring IPSec

Implementing Host or Application Security Solutions

  • Configuring Inbound Rules for a Firewall
  • Using Windows Firewall

Implementing Secure Network Designs

  • Configuring a Tunnel Group for Clientless SSL VPN
  • Configuring Clientless SSL VPNs on ASA
  • Configuring Site-to-Site IPsec VPN Topology
  • Performing IDS Configuration with Snort
  • Using Performance Monitor
  • Creating a VLAN and Viewing its Assignment to Port Mapping
  • Creating a DMZ Zone
  • Setting Up a VPN Server with Windows Server 2016
  • Implementing Port Security
  • Configuring a BPDU Guard on a Switch Port
  • Configuring NetFlow and NetFlow Data Export

Implementing Secure Mobile Solutions

  • Turning on Airplane Mode of an iPhone
  • Setting Up a VPN in Android

Applying Cybersecurity Solutions to the Cloud

  • Performing a MITM Attack

Implementing Identity and Account Management Controls

  • Stopping Permissions Inheritance
  • Managing NTFS Permissions
  • Creating a User Account in the Active Directory

Implementing Authentication and Authorization Solutions

  • Creating a Network Policy for 802.1X

Implementing Public Key Infrastructure

  • Revoking and Exporting a Certificate
  • Examining PKI Certificates

Using the Appropriate Tool to Assess Organizational Security

  • Performing Memory Analysis with Volatility
  • Using Wireshark
  • Manipulating a File in Linux
  • Conducting Vulnerability Scanning Using Nessus
  • Using the theHarvester Tool
  • Creating Reverse and Bind Shells Using Netcat
  • Using the netstat Command
  • Using the hping Program
  • Using pathping and ping Commands
  • Scanning Live Systems Using Nmap
  • Using dig and nslookup Commands
  • Tracing a Route Using Tracert
  • Using the ifconfig Command

Using Appropriate Data Sources to Support an Investigation

  • Viewing the System Logs
  • Using Windows Event Viewer

Understanding the Key Aspects of Digital Forensics

  • Completing the Chain of Custody
  • Analyzing Forensics with Autopsy

Exam FAQs

CompTIA Security+ and two years of experience in IT administration with a focus on security.

USD 370

The exam contains 90 questions.

90 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the SY0-601 examination, CompTIA retake policy is:

  • CompTIA does not require a waiting period between the first and second attempts to pass such an examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least fourteen calendar days from the date of your last attempt before you can retake the exam.
  • If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  • A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  • Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

Three years