CompTIA Security+ Certification Training Course

Guaranteed to Run

Upcoming Dates	Class Times	Class Format	Quote
10/2 - 10/6, 2023	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
10/23 - 10/27, 2023	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
11/13 - 11/17, 2023	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
11/27 - 1/3, 2024	6:00 PM - 9:30 PM ET 5:00 PM - 8:30 PM CT 3:00 PM - 6:30 PM PT 12:00 PM - 3:30 PM HT	Night Class Monday & Wednesday	Instant Quote
12/11 - 12/15, 2023	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
1/22 - 1/26, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
2/19 - 2/23, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
3/11 - 3/15, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
4/8 - 4/12, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
5/6 - 5/10, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
6/3 - 6/7, 2024	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Instant Quote
	Self-Paced	Online Self-Study	Instant Quote

Online Self-Study courses allow you to study around your busy schedule, remain working as you train, work at your own pace.

Online Self-Study

Payment Plan Available

• 40 hours
• 16 Course Videos

• CompTIA Official Courseware
• CompTIA Official Video
• CompTIA Official Labs
• Lifetime access to Courseware
• Videos and Labs are available for 1 year from date of redemption
• Apply Cost to Instructor-led Training of Same Course

Instant Quote

Instructor-Led

• Certified Instructor
• Security+ Video of the Course for Pre-Study
• Official CompTIA Security+ Courseware
• Security+ Exam Voucher
• CompTIA Official Practice Test Questions
• Security+ Exam Pass Guarantee & Free Retake
• CompTIA Approved Security+ Exam Review Guide
• Security+ Exam Review Sessions
• Security+ Exam Delivery Support

Can't travel or you want to stay with your family or business. No problem!

Stay in your own city and save the additional expenses of roundtrip airfare, lodging, transportation, and meals and receive the same great instruction live from our instructors in our Live Instructor-Led Remote Classroom Training.

Remote Classroom Training

Our Remote Classroom Training is a live class with students observing the instructor and listening through your computer speakers.

You will see the instructor's computer, slides, notes, etc., just like in the classroom. You will be following along, doing work, labs, and individual assignments.

"The Security+ class was very informative and covered all materials. The Security+ instructor was extremely knowledgeable and very helpful! He's an excellent teacher. He is by far the best instructor I have ever had for a technical class. Throughout my career I have been to hundreds of classes and seminars but this instructor stands head and shoulders above the rest. I would take any class he was teaching and would highly recommend him to anyone who was taking any technical course."

-S. Boudreaux, Baton Rouge, LA

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

Why is it different?

More choose Security+ - chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.

Security+ proves hands-on skills - the only baseline cybersecurity certification emphasizing hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today's complex issues.

More job roles turn to Security+ to supplement skills - baseline cybersecurity skills are applicable across more of today's job roles to secure systems, software and hardware.

Security+ is aligned to the latest trends and techniques - covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.

What Skills Will You Learn?

Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events.

Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.

Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.

Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.

Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Jobs that use CompTIA Security+

• Security Administrator
• Systems Administrator
• Helpdesk Manager / Analyst
• Network / Cloud Engineer
• Security Engineer / Analyst
• DevOps / Software Developer
• IT Auditors
• IT Project Manager

Exam: SY0-601

CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:

• Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
• Monitor and secure hybrid environments, including cloud, mobile, and IoT
• Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
• Identify, analyze, and respond to security events and incidents

Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Course Content

1.0 Threats, Attacks, and Vulnerabilities

Compare and contrast different types of social engineering techniques.

• Phishing
• Smishing
• Vishing
• Spam
• Spam over instant messaging (SPIM)
• Spear phishing
• Dumpster diving
• Shoulder surfing
• Pharming
• Tailgating
• Eliciting information
• Whaling
• Prepending
• Identity fraud
• Invoice scams
• Credential harvesting
• Reconnaissance
• Hoax
• Impersonation
• Watering hole attack
• Typosquatting
• Pretexting
• Influence campaigns
• Principles (reasons for effectiveness)

Given a scenario, analyze potential indicators to determine the type of attack.

• Malware
• Password attacks
• Physical attacks
• Adversarial artificial intelligence (AI)
• Supply-chain attacks
• Cloud-based vs. on-premises attacks
• Cryptographic attacks

Given a scenario, analyze potential indicators associated with application attacks.

• Privilege escalation
• Cross-site scripting
• Injections
• Pointer/object dereference
• Directory traversal
• Buffer overflows
• Race conditions
• Error handling
• Improper input handling
• Replay attack
• Integer overflow
• Request forgeries
• Application programming interface (API) attacks
• Resource exhaustion
• Memory leak
• Secure Sockets Layer (SSL) stripping
• Driver manipulation
• Pass the hash

Given a scenario, analyze potential indicators associated with network attacks.

• Wireless
• On-path attack
• Layer 2 attacks
• Domain name system (DNS)
• Distributed denial-of-service (DDoS)
• Malicious code or script execution

Explain different threat actors, vectors, and intelligence sources.

• Actors and threats
• Attributes of actors
• Vectors
• Threat intelligence sources
• Research sources

Explain the security concerns associated with various types of vulnerabilities.

• Cloud-based vs. on-premises vulnerabilities
• Zero-day
• Weak configurations
• Third-party risks
• Improper or weak patch management
• Legacy platforms
• Impacts

Summarize the techniques used in security assessments.

• Threat hunting
• Vulnerability scans
• Syslog/Security information and event management (SIEM
• Security orchestration, automation, and response (SOAR)

Explain the techniques used in penetration testing.

• Penetration testing
• Passive and active reconnaissance
• Exercise types

2.0 Architecture and Design

Explain the importance of security concepts in an enterprise environment.

• Configuration management
• Data sovereignty
• Data protection
• Geographical considerations
• Response and recovery controls
• Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
• Hashing
• API considerations
• Site resiliency
• Deception and disruption

Summarize virtualization and cloud computing concepts.

• Cloud models
• Cloud service providers
• Managed service provider (MSP)/ managed security service provider (MSSP)
• On-premises vs. off-premises
• Fog computing
• Edge computing
• Thin client
• Containers
• Microservices/API
• Infrastructure as code
• Serverless architecture
• Services integration
• Resource policies
• Transit gateway
• Virtualization

Summarize secure application development, deployment, and automation concepts.

• Environment
• Provisioning and deprovisioning
• Integrity measurement
• Secure coding techniques
• Open Web Application Security Project (OWASP)
• Software diversity
• Automation/scripting
• Elasticity
• Scalability
• Version control

Summarize authentication and authorization design concepts.

• Authentication methods
• Biometrics
• Multifactor authentication (MFA) factors and attributes
• Authentication, authorization, and accounting (AAA)
• Cloud vs. on-premises requirements

Given a scenario, implement cybersecurity resilience.

• Redundancy
• Replication
• On-premises vs. cloud
• Backup types
• Non-persistence
• High availability
• Restoration order
• Diversity

Explain the security implications of embedded and specialized systems.

• Embedded systems
• Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
• Internet of Things (IoT)
• Specialized
• Voice over IP (VoIP)
• Heating, ventilation, air conditioning (HVAC)
• Drones
• Multifunction printer (MFP)
• Real-time operating system (RTOS)
• Surveillance systems
• System on chip (SoC)
• Communication considerations
• Constraints

Explain the importance of physical security controls.

• Bollards/barricades
• Access control vestibules
• Badges
• Alarms
• Signage
• Cameras
• Closed-circuit television (CCTV)
• Industrial camouflage
• Personnel
• Locks
• USB data blocker
• Lighting
• Fencing
• Fire suppression
• Sensors
• Drones
• Visitor logs
• Faraday cages
• Air gap
• Screened subnet (previously known as demilitarized zone)
• Protected cable distribution
• Secure areas
• Secure data destruction

Summarize the basics of cryptographic concepts.

• Digital signatures
• Key length
• Key stretching
• Salting
• Hashing
• Key exchange
• Elliptic-curve cryptography
• Perfect forward secrecy
• Quantum
• Post-quantum
• Ephemeral
• Modes of operation
• Blockchain
• Cipher suites
• Symmetric vs. asymmetric
• Lightweight cryptography
• Steganography
• Homomorphic encryption
• Common use cases
• Limitations

3.0 Implementation

Given a scenario, implement secure protocols.

• Protocols
• Use cases

Given a scenario, implement host or application security solutions.

• Endpoint protection
• Boot integrity
• Database
• Application security
• Hardening
• Self-encrypting drive (SED)/ full-disk encryption (FDE)
• Hardware root of trust
• Trusted Platform Module (TPM)
• Sandboxing

Given a scenario, implement secure network designs.

• Load balancing
• Network segmentation
• Virtual private network (VPN)
• DNS
• Network access control (NAC)
• Out-of-band management
• Port security
• Network appliances
• Access control list (ACL)
• Route security
• Quality of service (QoS)
• Implications of IPv6
• Port spanning/port mirroring
• Monitoring services
• File integrity monitors

Given a scenario, install and configure wireless security settings.

• Cryptographic protocols
• Authentication protocols
• Methods
• Installation considerations

Given a scenario, implement secure mobile solutions

• Connection methods and receivers
• Mobile device management (MDM)
• Mobile devices
• Enforcement and monitoring
• Deployment models

Given a scenario, apply cybersecurity solutions to the cloud.

• Cloud security controls
• Solutions
• Cloud native controls vs. third-party solutions

Given a scenario, implement identity and account management controls.

• Identity
• Account types
• Account policies

Given a scenario, implement authentication and authorization solutions.

• Authentication management
• Authentication/authorization
• Access control schemes

Given a scenario, implement public key infrastructure.

• Public key infrastructure (PKI)
• Types of certificates
• Certificate formats
• Concepts

4.0 Operations and Incident Response

Given a scenario, use the appropriate tool to assess organizational security.

• Network reconnaissance and discovery
• File manipulation
• Shell and script environments
• Packet capture and replay
• Forensics
• Exploitation frameworks
• Password crackers
• Data sanitization

Summarize the importance of policies, processes, and procedures for incident response.

• Incident response plans
• Incident response process
• Exercises
• Attack frameworks
• Stakeholder management
• Communication plan
• Disaster recovery plan
• Business continuity plan
• Continuity of operations planning (COOP)
• Incident response team
• Retention policies

Given an incident, utilize appropriate data sources to support an investigation.

• Vulnerability scan output
• SIEM dashboards
• Log files
• syslog/rsyslog/syslog-ng
• journalctl
• NXLog
• Bandwidth monitors
• Metadata
• Netflow/sFlow
• Protocol analyzer output

Given an incident, apply mitigation techniques or controls to secure an environment

• Reconfigure endpoint security solutions
• Configuration changes
• Isolation
• Containment
• Segmentation
• SOAR

Explain the key aspects of digital forensics.

• Documentation/evidence
• Acquisition
• On-premises vs. cloud
• Integrity
• Preservation
• E-discovery
• Data recovery
• Non-repudiation
• Strategic intelligence/ counterintelligence

5.0 Governance, Risk, and Compliance

Compare and contrast various types of controls.

• Category
• Control type

Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.

• Regulations, standards, and legislation
• Key frameworks
• Benchmarks /secure configuration guides

Explain the importance of policies to organizational security.

• Personnel
• Diversity of training techniques
• Third-party risk management
• Data
• Credential policies
• Organizational policies

Summarize risk management processes and concepts.

• Risk types
• Risk management strategies
• Risk analysis
• Disasters
• Business impact analysis

Explain privacy and sensitive data concepts in relation to security

• Organizational consequences of privacy and data breaches
• Notifications of breaches
• Data types
• Privacy enhancing technologies
• Roles and responsibilities
• Information life cycle
• Impact assessment
• Terms of agreement
• Privacy notice

CED Solutions is your best choice for CompTIA Security+, CompTIA Security+ training, CompTIA Security+ certification, CompTIA Security+ boot camp, CompTIA Security+ certification training, CompTIA Security+ certification course, CompTIA Security+ course, CompTIA Security+ class.