CompTIA

CompTIA Security+ (SY0-601)

Lessons
Lab
TestPrep
238 Reviews
Get A Free Trial

Skills You’ll Get

The CompTIA Security+ SY0-601 exam verifies that a candidate can assess an enterprise's security posture and recommend and implement appropriate security solutions; monitor and secure hybrid environments, such as cloud, mobile, and IoT; and operate with an understanding of applicable laws and policies, such as governance, risk, and compliance.
Download Course Outline

1

Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • CompTIA Security+ Exam Topics
2

Comparing and Contrasting Different Types of Social Engineering Techniques

  • Social Engineering Fundamentals
  • User Security Awareness Education
  • Review Key Topics
3

Analyzing Potential Indicators to Determine the Type of Attack

  • Malicious Software (Malware)
  • Password Attacks
  • Physical Attacks
  • Adversarial Artificial Intelligence
  • Supply-Chain Attacks
  • Cloud-based vs. On-premises Attacks
  • Cryptographic Attacks
  • Review Key Topics
4

Analyzing Potential Indicators Associated with Application Attacks

  • Privilege Escalation
  • Cross-Site Scripting (XSS) Attacks
  • Injection Attacks
  • Pointer/Object Dereference
  • Directory Traversal
  • Buffer Overflows
  • Race Conditions
  • Error Handling
  • Improper Input Handling
  • Replay Attacks
  • Request Forgeries
  • Application Programming Interface (API) Attacks
  • Resource Exhaustion
  • Memory Leaks
  • Secure Socket Layer (SSL) Stripping
  • Driver Manipulation
  • Pass the Hash
  • Review Key Topics
5

Analyzing Potential Indicators Associated with Network Attacks

  • Wireless Attacks
  • On-Path Attacks
  • Layer 2 Attacks
  • Domain Name System (DNS) Attacks
  • Distributed Denial-of-Service (DDoS) Attacks
  • Malicious Code or Script Execution Attacks
  • Review Key Topics
6

Understanding Different Threat Actors, Vectors, and Intelligence Sources

  • Actors and Threats
  • Attributes of Threat Actors
  • Attack Vectors
  • Threat Intelligence and Threat Intelligence Sources
  • Research Sources
  • Review Key Topics
7

Understanding the Security Concerns Associated with Various Types of Vulnerabilities

  • Cloud-based vs. On-premises Vulnerabilities
  • Zero-day Vulnerabilities
  • Weak Configurations
  • Third-party Risks
  • Improper or Weak Patch Management
  • Legacy Platforms
  • The Impact of Cybersecurity Attacks and Breaches
  • Review Key Topics
8

Summarizing the Techniques Used in Security Assessments

  • Threat Hunting
  • Vulnerability Scans
  • Logs and Security Information and Event Management (SIEM)
  • Security Orchestration, Automation, and Response (SOAR)
  • Review Key Topics
9

Understanding the Techniques Used in Penetration Testing

  • Penetration Testing
  • Passive and Active Reconnaissance
  • Exercise Types
  • Review Key Topics
10

Understanding the Importance of Security Concepts in an Enterprise Environment

  • Configuration Management
  • Data Sovereignty and Data Protection
  • Site Resiliency
  • Deception and Disruption
  • Review Key Topics
11

Summarizing Virtualization and Cloud Computing Concepts

  • Cloud Models
  • Cloud Service Providers
  • Cloud Architecture Components
  • Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection
  • Review Key Topics
12

Summarizing Secure Application Development, Deployment, and Automation Concepts

  • Software Development Environments and Methodologies
  • Application Provisioning and Deprovisioning
  • Software Integrity Measurement
  • Secure Coding Techniques
  • Open Web Application Security Project (OWASP)
  • Software Diversity
  • Automation/Scripting
  • Elasticity and Scalability
  • Review Key Topics
13

Summarizing Authentication and Authorization Design Concepts

  • Authentication Methods
  • Biometrics
  • Multifactor Authentication (MFA) Factors and Attributes
  • Authentication, Authorization, and Accounting (AAA)
  • Cloud vs. On-premises Requirements
  • Review Key Topics
14

Implementing Cybersecurity Resilience

  • Redundancy
  • Replication
  • On-premises vs. Cloud
  • Backup Types
  • Non-persistence
  • High Availability
  • Restoration Order
  • Diversity
  • Review Key Topics
15

Understanding the Security Implications of Embedded and Specialized Systems

  • Embedded Systems
  • Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
  • Internet of Things (IoT)
  • Specialized Systems
  • Voice over IP (VoIP)
  • Heating, Ventilation, and Air Conditioning (HVAC)
  • Drones
  • Multifunction Printers (MFP)
  • Real-Time Operating Systems (RTOS)
  • Surveillance Systems
  • System on a Chip (SoC)
  • Communication Considerations
  • Embedded System Constraints
  • Review Key Topics
16

Understanding the Importance of Physical Security Controls

  • Bollards/Barricades
  • Access Control Vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-Circuit Television (CCTV)
  • Industrial Camouflage
  • Personnel
  • Locks
  • USB Data Blockers
  • Lighting
  • Fencing
  • Fire Suppression
  • Sensors
  • Drones
  • Visitor Logs
  • Faraday Cages
  • Air Gap
  • Screened Subnet (Previously Known as Demilitarized Zone [DMZ])
  • Protected Cable Distribution
  • Secure Areas
  • Secure Data Destruction
  • Review Key Topics
17

Summarizing the Basics of Cryptographic Concepts

  • Digital Signatures
  • Key Length
  • Key Stretching
  • Salting
  • Hashing
  • Key Exchange
  • Elliptic-Curve Cryptography
  • Perfect Forward Secrecy
  • Quantum
  • Post-Quantum
  • Ephemeral
  • Modes of Operation
  • Blockchain
  • Cipher Suites
  • Symmetric vs. Asymmetric Encryption
  • Lightweight Cryptography
  • Steganography
  • Homomorphic Encryption
  • Common Use Cases
  • Limitations
  • Review Key Topics
18

Implementing Secure Protocols

  • Protocols
  • Use Cases
  • Review Key Topics
19

Implementing Host or Application Security Solutions

  • Endpoint Protection
  • Antimalware
  • Next-Generation Firewall
  • Host-based Intrusion Prevention System
  • Host-based Intrusion Detection System
  • Host-based Firewall
  • Boot Integrity
  • Database
  • Application Security
  • Hardening
  • Self-Encrypting Drive/Full-Disk Encryption
  • Hardware Root of Trust
  • Trusted Platform Module
  • Sandboxing
  • Review Key Topics
20

Implementing Secure Network Designs

  • Load Balancing
  • Network Segmentation
  • Virtual Private Network
  • DNS
  • Network Access Control
  • Out-of-Band Management
  • Port Security
  • Network Appliances
  • Access Control List
  • Route Security
  • Quality of Service
  • Implications of IPv6
  • Port Spanning/Port Mirroring
  • Monitoring Services
  • File Integrity Monitors
  • Review Key Topics
21

Installing and Configuring Wireless Security Settings

  • Cryptographic Protocols
  • Authentication Protocols
  • Methods
  • Installation Considerations
  • Review Key Topics
22

Implementing Secure Mobile Solutions

  • Connection Methods and Receivers
  • Mobile Device Management
  • Mobile Device Management Enforcement and Monitoring
  • Mobile Devices
  • Deployment Models
  • Review Key Topics
23

Applying Cybersecurity Solutions to the Cloud

  • Cloud Security Controls
  • Solutions
  • Cloud Native Controls vs. Third-Party Solutions
  • Review Key Topics
24

Implementing Identity and Account Management Controls

  • Identity
  • Account Types
  • Account Policies
  • Review Key Topics
25

Implementing Authentication and Authorization Solutions

  • Authentication Management
  • Authentication/Authorization
  • Access Control Schemes
  • Review Key Topics
26

Implementing Public Key Infrastructure

  • Public Key Infrastructure
  • Types of Certificates
  • Certificate Formats
  • PKI Concepts
  • Review Key Topics
27

Using the Appropriate Tool to Assess Organizational Security

  • Network Reconnaissance and Discovery
  • File Manipulation
  • Shell and Script Environments
  • Packet Capture and Replay
  • Forensics
  • Exploitation Frameworks
  • Password Crackers
  • Data Sanitization
  • Review Key Topics
28

Summarizing the Importance of Policies, Processes, and Procedures for Incident Response

  • Incident Response Plans
  • Incident Response Process
  • Exercises
  • Attack Frameworks
  • Stakeholder Management
  • Communication Plan
  • Disaster Recovery Plan
  • Business Continuity Plan
  • Continuity of Operations Planning (COOP)
  • Incident Response Team
  • Retention Policies
  • Review Key Topics
29

Using Appropriate Data Sources to Support an Investigation

  • Vulnerability Scan Output
  • SIEM Dashboards
  • Log Files
  • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth Monitors
  • Metadata
  • NetFlow/sFlow
  • Protocol Analyzer Output
  • Review Key Topics
30

Applying Mitigation Techniques or Controls to Secure an Environment

  • Reconfigure Endpoint Security Solutions
  • Configuration Changes
  • Isolation
  • Containment
  • Segmentation
  • SOAR
  • Review Key Topics
31

Understanding the Key Aspects of Digital Forensics

  • Documentation/Evidence
  • Acquisition
  • On-premises vs. Cloud
  • Integrity
  • Preservation
  • E-discovery
  • Data Recovery
  • Nonrepudiation
  • Strategic Intelligence/Counterintelligence
  • Review Key Topics
32

Comparing and contrasting the Various Types of Controls

  • Control Category
  • Control Types
  • Review Key Topics
33

Understanding the Importance of Applicable Regul...orks That Impact Organizational Security Posture

  • Regulations, Standards, and Legislation
  • Key Frameworks
  • Benchmarks and Secure Configuration Guides
  • Review Key Topics
34

Understanding the Importance of Policies to Organizational Security

  • Personnel Policies
  • Diversity of Training Techniques
  • Third-Party Risk Management
  • Data Concepts
  • Credential Policies
  • Organizational Policies
  • Review Key Topics
35

Summarizing Risk Management Processes and Concepts

  • Risk Types
  • Risk Management Strategies
  • Risk Analysis
  • Disaster Analysis
  • Business Impact Analysis
  • Review Key Topics
36

Understanding Privacy and Sensitive Data Concepts in Relation to Security

  • Organizational Consequences of Privacy and Data Breaches
  • Notifications of Breaches
  • Data Types and Asset Classification
  • PII
  • PHI
  • Privacy Enhancing Technologies
  • Roles and Responsibilities
  • Information Lifecycle
  • Impact Assessment
  • Terms of Agreement
  • Privacy Notice
  • Review Key Topics
37

Final Preparation

  • Hands-on Activities
  • Suggested Plan for Final Review and Study
  • Summary

1

Comparing and Contrasting Different Types of Social Engineering Techniques

  • Using SET
  • Performing Website Reconnaissance
2

Analyzing Potential Indicators to Determine the Type of Attack

  • Cracking a Password Using the John the Ripper Tool
  • Simulating a DoS Attack
  • Using Rainbow Tables
  • Detecting Rootkits
  • Creating a Remote Access Trojan (RAT)
  • Using NetBus in Windows 10
3

Analyzing Potential Indicators Associated with Application Attacks

  • Defending Against a Buffer Overflow Attack
  • Performing Session Hijacking Using Burp Suite
  • Exploiting a Website Using SQL Injection
4

Analyzing Potential Indicators Associated with Network Attacks

  • Performing ARP Spoofing
5

Understanding the Techniques Used in Penetration Testing

  • Identifying Search Options in Metasploit
  • Using OWASP ZAP
6

Understanding the Importance of Security Concepts in an Enterprise Environment

  • Setting Up a Honeypot
7

Implementing Cybersecurity Resilience

  • Configuring RAID 5
  • Taking an Incremental Backup
  • Taking a Full Backup
8

Summarizing the Basics of Cryptographic Concepts

  • Observing an MD5-Generated Hash Value
  • Performing Symmetric Encryption
  • Examining Asymmetric Encryption
  • Hiding Text Using Steganography
9

Implementing Secure Protocols

  • Configuring an SSH Server
  • Configuring DNSSEC on an Active Directory Integrated Zone
  • Configuring IPSec
10

Implementing Host or Application Security Solutions

  • Configuring Inbound Rules for a Firewall
  • Using Windows Firewall
11

Implementing Secure Network Designs

  • Configuring a Tunnel Group for Clientless SSL VPN
  • Configuring Clientless SSL VPNs on ASA
  • Configuring Site-to-Site IPsec VPN Topology
  • Performing IDS Configuration with Snort
  • Using Performance Monitor
  • Creating a VLAN and Viewing its Assignment to Port Mapping
  • Creating a DMZ Zone
  • Setting Up a VPN Server with Windows Server 2016
  • Implementing Port Security
  • Configuring a BPDU Guard on a Switch Port
  • Configuring NetFlow and NetFlow Data Export
12

Implementing Secure Mobile Solutions

  • Turning on Airplane Mode of an iPhone
  • Setting Up a VPN in Android
13

Applying Cybersecurity Solutions to the Cloud

  • Performing a MITM Attack
14

Implementing Identity and Account Management Controls

  • Stopping Permissions Inheritance
  • Managing NTFS Permissions
  • Creating a User Account in the Active Directory
15

Implementing Authentication and Authorization Solutions

  • Creating a Network Policy for 802.1X
16

Implementing Public Key Infrastructure

  • Revoking and Exporting a Certificate
  • Examining PKI Certificates
17

Using the Appropriate Tool to Assess Organizational Security

  • Performing Memory Analysis with Volatility
  • Using Wireshark
  • Manipulating a File in Linux
  • Conducting Vulnerability Scanning Using Nessus
  • Using the theHarvester Tool
  • Creating Reverse and Bind Shells Using Netcat
  • Using the netstat Command
  • Using the hping Program
  • Using pathping and ping Commands
  • Scanning Live Systems Using Nmap
  • Using dig and nslookup Commands
  • Tracing a Route Using Tracert
  • Using the ifconfig Command
18

Using Appropriate Data Sources to Support an Investigation

  • Viewing the System Logs
  • Using Windows Event Viewer
19

Understanding the Key Aspects of Digital Forensics

  • Completing the Chain of Custody
  • Analyzing Forensics with Autopsy

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

CompTIA Security+ and two years of experience in IT administration with a focus on security.

USD 370

The exam contains 90 questions.

90 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the SY0-601 examination, CompTIA retake policy is:

  • CompTIA does not require a waiting period between the first and second attempts to pass such an examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least fourteen calendar days from the date of your last attempt before you can retake the exam.
  • If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  • A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  • Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

Three years

Related Courses

All Course