Facebook Pixel
Microsoft Certification Training
Search classes by keyword:
Search classes by category:
Microsoft Certification and Microsoft Training, Cisco Certification and MCSE Certification
CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ space


CompTIA A+/ Network+/ Security+/ CySA+/ CASP+/ PenTest+ Certification

CompTIA A+/ Network+/ Security+/ CySA+/ CASP+/ PenTest+

Course Number: #CED-1761
Course Length: 30 days
Number of Exams: 7
Certifications: CompTIA A+
CompTIA Network+
CompTIA Security+
CompTIA Cybersecurity Analyst (CySA+)
CompTIA CASP+
CompTIA PenTest+

DoD Approved 8570: IAT Level I
DoD Approved 8570: IAT Level II, IAM Level I
DoD Approved 8570: CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder, CSSP Auditor

Grants (discounts) are available for multiple students for the same or different courses.

Guaranteed to Run Guaranteed to Run


Upcoming Dates Class Times Class Format Quote
1/6 - 2/14, 2025Guaranteed to Run 10:00 AM - 6:00 PM ET
9:00 AM - 5:00 PM CT
7:00 AM - 3:00 PM PT
5:00 AM - 1:00 PM HT
Instructor-Led Instant Quote
1/27 - 3/7, 2025Guaranteed to Run 10:00 AM - 6:00 PM ET
9:00 AM - 5:00 PM CT
7:00 AM - 3:00 PM PT
5:00 AM - 1:00 PM HT
Instructor-Led Instant Quote
2/17 - 3/28, 2025Guaranteed to Run 10:00 AM - 6:00 PM ET
9:00 AM - 5:00 PM CT
7:00 AM - 3:00 PM PT
5:00 AM - 1:00 PM HT
Instructor-Led Instant Quote
3/10 - 4/18, 2025Guaranteed to Run 10:00 AM - 6:00 PM ET
9:00 AM - 5:00 PM CT
7:00 AM - 3:00 PM PT
5:00 AM - 1:00 PM HT
Instructor-Led Instant Quote

Instructor-Led

  • Certified Instructor
  • Includes all course materials

Can't travel or you want to stay with your family or business. No problem!

Stay in your own city and save the additional expenses of roundtrip airfare, lodging, transportation, and meals and receive the same great instruction live from our instructors in our Live Instructor-Led Remote Classroom Training.

Remote Classroom Training

Our Remote Classroom Training is a live class with students observing the instructor and listening through your computer speakers.

You will see the instructor's computer, slides, notes, etc., just like in the classroom. You will be following along, doing work, labs, and individual assignments.


CED Solutions Rewards Points Program

CED Solutions Rewards Points Program


The CompTIA® A+® Core 1 and Core 2 (Exams 220-1101 and 220-1102) course provides the background knowledge and skills you will require to be a successful A+ technician. It will help you prepare to take the CompTIA A+ Core Series certification examinations, in order to become a CompTIA A+ Certified Professional.

The CompTIA Network+ (Exam N10-008) certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate and configure basic network infrastructure, describe networking technologies, basic design principles, and adhere to wiring standards and use testing tools.

CompTIA Security+ (Exam SY0-701) is the primary course you will need to take if your job responsibilities include securing network services, network devices, and network traffic. It is also the main course you will take to prepare for the CompTIA Security+ examination. In this course, you'll build on your knowledge and professional experience with computer hardware, operating systems, and networks as you acquire the specific skills required to implement basic security services on any type of computer network.

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

The CompTIA Advanced Security Practitioner (CASP+) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus at the enterprise level.

CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.


A+ Certification

CompTIA A+ certified professionals are proven problem solvers. They support today's core technologies from security to networking to virtualization and more. CompTIA A+ is the industry standard for launching IT careers into today's digital world.

CompTIA A+ is the only industry recognized credential with performance testing to prove pros can think on their feet to perform critical IT support tasks. It is trusted by employers around the world to identify the go-to person in end point management & technical support roles. CompTIA A+ appears in more tech support job listings than any other IT credential.

The CompTIA A+ Core Series requires candidates to pass two exams: Core 1 (220-1101) and Core 2 (220-1102) covering the following new content, emphasizing the technologies and skills IT pros need to support a hybrid workforce.

  • Increased reliance on SaaS applications for remote work
  • More on troubleshooting and how to remotely diagnose and correct common software, hardware, or connectivity problems
  • Changing core technologies from cloud virtualization and IoT device security to data management and scripting
  • Multiple operating systems now encountered by technicians on a regular basis, including the major systems, their use cases, and how to keep them running properly
  • Reflects the changing nature of the job role, where many tasks are sent to specialized providers as certified personnel need to assess whether it's best to fix something on site, or to save time and money by sending proprietary technologies directly to vendors

Jobs that use A+

  • Help Desk Tech
  • Desktop Support Specialist
  • Field Service Technician
  • Help Desk Technician
  • Associate Network Engineer
  • System Support Technician
  • Junior Systems Administrator

Target Student:

This course is designed for individuals who have basic computer user skills and who are interested in obtaining a job as an entry-level IT technician. This course is also designed for students who are seeking the CompTIA A+ certification and who want to prepare for the CompTIA A+ 220-1101 (Core 1) Certification Exam and the CompTIA A+ 220-1102 (Core 2) Certification Exam.

Prerequisites:

To ensure your success in this course, you should have experience with basic computer user skills, be able to complete tasks in a Microsoft® Windows® environment, be able to search for, browse, and access information on the Internet, and have basic knowledge of computing concepts.

Course Content

CompTIA A+ 220-1101 (Core 1)

1.0 Mobile Devices
Given a scenario, install and configure laptop hardware and components.
  • Hardware/device replacement
  • Physical privacy and security components
Compare and contrast the display components of mobile devices.
  • Liquid crystal display (LCD)
  • Organic light-emitting diode (OLED)
  • Mobile display components
  • WiFi antenna connector/ placement
  • Camera/webcam
  • Microphone
  • Touch screen/digitizer
  • Inverter
Given a scenario, set up and configure accessories and ports of mobile devices.
  • Connection methods
  • Accessories
  • Docking station
  • Port replicator
  • Trackpad/drawing pad
Given a scenario, configure basic mobile-device network connectivity and application support.
  • Wireless/cellular data network (enable/disable)
  • Bluetooth
  • Location services
  • Mobile device management (MDM)/mobile application management (MAM)
  • Mobile device synchronization
2.0 Networking
Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.
  • Ports and protocols
  • TCP vs. UDP
Compare and contrast common networking hardware.
  • Routers
  • Switches
  • Access points
  • Patch panel
  • Firewall
  • Power over Ethernet (PoE)
  • Hub
  • Cable modem
  • Digital subscriber line (DSL)
  • Optical network terminal (ONT)
  • Network interface card (NIC)
  • Software-defined networking (SDN)
Compare and contrast protocols for wireless networking.
  • Frequencies
  • Channels
  • Bluetooth
  • 802.11
  • Long-range fixed wireless
  • NFC
  • Radio-frequency identification (RFID)
Summarize services provided by networked hosts.
  • Server roles
  • Internet appliances
  • Legacy/embedded systems
  • Internet of Things (IoT) devices
Given a scenario, install and configure basic wired/wireless small office/home office (SOHO) networks.
  • IPv4
  • IPv6
  • Automatic Private IP Addressing (APIPA)
  • Static
  • Dynamic
  • Gateway
Compare and contrast common network configuration concepts.
  • DNS
  • DHCP
  • Virtual LAN (VLAN)
  • Virtual private network (VPN)
Compare and contrast Internet connection types, network types, and their features.
  • Internet connection types
  • Network types
Given a scenario, use networking tools.
  • Crimper
  • Cable stripper
  • WiFi analyzer
  • Toner probe
  • Punchdown tool
  • Cable tester
  • Loopback plug
  • Network tap
3.0 Hardware
Explain basic cable types and their connectors, features, and purposes.
  • Network cables
  • Peripheral cables
  • Video cables
  • Hard drive cables
  • Adapters
  • Connector types
Given a scenario, install the appropriate RAM.
  • RAM types
  • Single-channel
  • Dual-channel
  • Triple-channel
  • Quad-channel
Given a scenario, select and install storage devices.
  • Hard drives
  • SSDs
  • Drive configurations
  • Removable storage
Given a scenario, install and configure motherboards, central processing units (CPUs), and add-on cards.
  • Motherboard form factor
  • Motherboard connector types
  • Motherboard compatibility
  • Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) settings
  • Encryption
  • CPU architecture
  • Expansion cards
  • Cooling
Given a scenario, install or replace the appropriate power supply.
  • Input 110-120 VAC vs. 220-240 VAC
  • Output 3.3V vs. 5V vs. 12V
  • 20-pin to 24-pin motherboard adapter
  • Redundant power supply
  • Modular power supply
  • Wattage rating
Given a scenario, deploy and configure multifunction devices/ printers and settings.
  • Properly unboxing a device - setup location considerations
  • Use appropriate drivers for a given OS
  • Device connectivity
  • Public/shared devices
  • Configuration settings
  • Security
  • Network scan services
  • Automatic document feeder (ADF)/flatbed scanner
Given a scenario, install and replace printer consumables.
  • Laser
  • Inkjet
  • Thermal
  • Impact
  • 3-D printer
4.0 Virtualization and Cloud Computing
Summarize cloud-computing concepts.
  • Common cloud models
  • Cloud characteristics
  • Desktop virtualization
Summarize aspects of client-side virtualization.
  • Purpose of virtual machines
  • Resource requirements
  • Security requirements
5.0 Hardware and Network Troubleshooting
Given a scenario, apply the best practice methodology to resolve problems.
  • Identify the problem
  • Establish a theory of probable cause (question the obvious)
  • Test the theory to determine the cause
  • Establish a plan of action to resolve the problem and implement the solution
  • Verify full system functionality and, if applicable, implement preventive measures
  • Document the findings, actions, and outcomes
Given a scenario, troubleshoot problems related to motherboards, RAM, CPU, and power.
  • Power-on self-test (POST) beeps
  • Proprietary crash screens (blue screen of death [BSOD]/ pinwheel)
  • Black screen
  • No power
  • Sluggish performance
  • Overheating
  • Burning smell
  • Intermittent shutdown
  • Application crashes
  • Grinding noise
  • Capacitor swelling
  • Inaccurate system date/time
Given a scenario, troubleshoot and diagnose problems with storage drives and RAID arrays.
  • Light-emitting diode (LED) status indicators
  • Grinding noises
  • Clicking sounds
  • Bootable device not found
  • Data loss/corruption
  • RAID failure
  • Self-monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) failure
  • Extended read/write times
  • Input/output operations per second (IOPS)
  • Missing drives in OS
Given a scenario, troubleshoot video, projector, and display issues.
  • Incorrect data source
  • Physical cabling issues
  • Burned-out bulb
  • Fuzzy image
  • Display burn-in
  • Dead pixels
  • Flashing screen
  • Incorrect color display
  • Audio issues
  • Dim image
  • Intermittent projector shutdown
Given a scenario, troubleshoot common issues with mobile devices.
  • Poor battery health
  • Swollen battery
  • Broken screen
  • Improper charging
  • Poor/no connectivity
  • Liquid damage
  • Overheating
  • Digitizer issues
  • Physically damaged ports
  • Malware
  • Cursor drift/touch calibration
Given a scenario, troubleshoot and resolve printer issues.
  • Lines down the printed pages
  • Garbled print
  • Toner not fusing to paper
  • Paper jams
  • Faded print
  • Incorrect paper size
  • Paper not feeding
  • Multipage misfeed
  • Multiple prints pending in queue
  • Speckling on printed pages
  • Double/echo images on the print
  • Incorrect color settings
  • Grinding noise
  • Finishing issues
  • Incorrect page orientation
Given a scenario, troubleshoot problems with wired and wireless networks.
  • Intermittent wireless connectivity
  • Slow network speeds
  • Limited connectivity
  • Jitter
  • Poor Voice over Internet Protocol (VoIP) quality
  • Port flapping
  • High latency
  • External interference

CompTIA A+ 220-1102 (Core 2)

1.0 Operating Systems
Identify basic features of Microsoft Windows editions.
  • Windows 10 editions
  • Feature differences
  • Upgrade paths
Given a scenario, use the appropriate Microsoft command-line tool.
  • Navigation
  • Command-line tools
Given a scenario, use features and tools of the Microsoft Windows 10 operating system (OS).
  • Task Manager
  • Microsoft Management Console (MMC) snap-in
  • Additional tools
Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility.
  • Internet Options
  • Devices and Printers
  • Programs and Features
  • Network and Sharing Center
  • System
  • Windows Defender Firewall
  • Mail
  • Sound
  • User Accounts
  • Device Manager
  • Indexing Options
  • Administrative Tools
  • File Explorer Options
  • Power Options
  • Ease of Access
Given a scenario, use the appropriate Windows settings.
  • Time and Language
  • Update and Security
  • Personalization
  • Apps
  • Privacy
  • System
  • Devices
  • Network and Internet
  • Gaming
  • Accounts
Given a scenario, configure Microsoft Windows networking features on a client/desktop.
  • Workgroup vs. domain setup
  • Local OS firewall settings
  • Client network configuration
  • Establish network connections
  • Proxy settings
  • Public network vs. private network
  • File Explorer navigation - network paths
  • Metered connections and limitations
Given a scenario, apply application installation and configuration concepts.
  • System requirements for applications
  • OS requirements for applications
  • Distribution methods
  • Other considerations for new applications
Explain common OS types and their purposes.
  • Workstation OSs
  • Cell phone/tablet OSs
  • Various filesystem types
  • Vendor life-cycle limitations
  • Compatibility concerns between OSs
Given a scenario, perform OS installations and upgrades in a diverse OS environment.
  • Boot methods
  • Types of installations
  • Partitioning
  • Drive format
  • Upgrade considerations
  • Feature updates
Identify common features and tools of the macOS/desktop OS.
  • Installation and uninstallation of applications
  • Apple ID and corporate restrictions
  • Best practices
  • System Preferences
  • Features
  • Disk Utility
  • FileVault
  • Terminal
  • Force Quit
Identify common features and tools of the Linux client/desktop OS.
  • Common commands
  • Best practices
  • Tools
2.0 Security
Summarize various security measures and their purposes.
  • Physical security
  • Physical security for staff
  • Logical security
  • Mobile device management (MDM)
  • Active Directory
Compare and contrast wireless security protocols and authentication methods.
  • Protocols and encryption
  • Authentication
Given a scenario, detect, remove, and prevent malware using the appropriate tools and methods.
  • Malware
  • Tools and methods
Explain common social-engineering attacks, threats, and vulnerabilities.
  • Social engineering
  • Threats
  • Vulnerabilities
Given a scenario, manage and configure basic security settings in the Microsoft Windows OS.
  • Defender Antivirus
  • Firewall
  • Users and groups
  • Login OS options
  • NTFS vs. share permissions
  • Run as administrator vs. standard user
  • BitLocker
  • BitLocker To Go
  • Encrypting File System (EFS)
Given a scenario, configure a workstation to meet best practices for security.
  • Data-at-rest encryption
  • Password best practices
  • End-user best practices
  • Account management
  • Change default administrator's user account/password
  • Disable AutoRun
  • Disable AutoPlay
Explain common methods for securing mobile and embedded devices.
  • Screen locks
  • Remote wipes
  • Locator applications
  • OS updates
  • Device encryption
  • Remote backup applications
  • Failed login attempts restrictions
  • Antivirus/anti-malware
  • Firewalls
  • Policies and procedures
  • Internet of Things (IoT)
Given a scenario, use common data destruction and disposal methods.
  • Physical destruction
  • Recycling or repurposing best practices
  • Outsourcing concepts
Given a scenario, configure appropriate security settings on small office/home office (SOHO) wireless and wired networks.
  • Home router settings
  • Wireless specific
  • Firewall settings
Given a scenario, install and configure browsers and relevant security settings.
  • Browser download/installation
  • Extensions and plug-ins
  • Password managers
  • Secure connections/sites - valid certificates
  • Settings
3.0 Software Troubleshooting
Given a scenario, troubleshoot common Windows OS problems.
  • Common symptoms
  • Common troubleshooting steps
Given a scenario, troubleshoot common personal computer (PC) security issues.
  • Common symptoms
  • Browser-related symptoms
Given a scenario, use best practice procedures for malware removal.
  • Investigate and verify malware symptoms
  • Quarantine infected systems
  • Disable System Restore in Windows
  • Remediate infected systems
  • Schedule scans and run updates
  • Enable System Restore and create a restore point in Windows
  • Educate the end user
Given a scenario, troubleshoot common mobile OS and application issues.
  • Application fails to launch
  • Application fails to close/crashes
  • Application fails to update
  • Slow to respond
  • OS fails to update
  • Battery life issues
  • Randomly reboots
  • Connectivity issues
  • Screen does not autorotate
Given a scenario, troubleshoot common mobile OS and application security issues.
  • Security concerns
  • Common symptoms
4.0 Operational Procedures
Given a scenario, implement best practices associated with documentation and support systems information management.
  • Ticketing systems
  • Asset management
  • Types of documents
  • Knowledge base/articles
Explain basic change-management best practices.
  • Documented business processes
  • Change management
Given a scenario, implement workstation backup and recovery methods.
  • Backup and recovery
  • Backup testing
  • Backup rotation schemes
Given a scenario, use common safety procedures.
  • Electrostatic discharge (ESD) straps
  • ESD mats
  • Equipment grounding
  • Proper power handling
  • Proper component handling and storage
  • Antistatic bags
  • Compliance with government regulations
  • Personal safety
Summarize environmental impacts and local environmental controls.
  • Material safety data sheet (MSDS)/documentation for handling and disposal
  • Temperature, humidity-level awareness, and proper ventilation
  • Power surges, under-voltage events, and power failures
Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts.
  • Incident response
  • Licensing/digital rights management (DRM)/end-user license agreement (EULA)
  • Regulated data
Given a scenario, use proper communication techniques and professionalism.
  • Professional appearance and attire
  • Use proper language and avoid jargon, acronyms, and slang, when applicable
  • Maintain a positive attitude/ project confidence
  • Actively listen, take notes, and avoid interrupting the customer
  • Be culturally sensitive
  • Be on time (if late, contact the customer)
  • Avoid distractions
  • Dealing with difficult customers or situations
  • Set and meet expectations/time line and communicate status with the customer
  • Deal appropriately with customers' confidential and private materials

[ back to top ]

Network+ certification

CompTIA Network+ (Exam N10-009) validates the core skills necessary to establish, maintain, troubleshoot and secure networks in any environment, preparing you for a rewarding career in networking and cybersecurity.

The Premier Early Career Networking Certification

Gain a wide range of technical and hands-on skills required of today’s early-career network administrators.

Exclusively Validates Vendor Neutral Network Management Knowledge

CompTIA Network+ is the only certification on the market that covers the core skills necessary to support networks in any environment.

Network+ is Approved for DoD 8140.03

CompTIA Network+ shows what you can do, not just what you know for the work roles of Technical Support Specialist, Network Operations Specialist and Systems Administrator.

What Skills Will You Learn?

Networking Concepts

Explain basic networking concepts, including the OSI model, network appliances, applications, cloud concepts, connectivity options and more.

Network Implementations

Understand routing technologies and important factors of physical installations; configure switching technologies and wireless devices.

Network Operations

Monitor and optimize networks to ensure business continuity.

Network Security

Understand security concepts and network attacks to harden networks against threats.

Network Troubleshooting

Explain the troubleshooting methodology and address common issues related to networking, including cable, connectivity, and software problems.

The CompTIA Network+ certification exam will certify the successful candidate has the knowledge and skills required to:

  • Establish network connectivity by deploying wired and wireless devices.
  • Explain the purpose of documentation and maintain network documentation.
  • Configure common network services.
  • Explain basic data-center, cloud, and virtual-networking concepts.
  • Monitor network activity and troubleshoot performance and availability issues.
  • Implement network security hardening techniques.
  • Manage, configure, and troubleshoot network infrastructure.
1.0 Networking Concepts
Explain concepts related to the Open Systems Interconnection (OSI) reference model.
  • Layer 1 - Physical
  • Layer 2 - Data link
  • Layer 3 - Network
  • Layer 4 - Transport
  • Layer 5 - Session
  • Layer 6 - Presentation
  • Layer 7 - Application
Compare and contrast networking appliances, applications, and functions.
  • Physical and virtual appliances
  • Applications
  • Functions
Summarize cloud concepts and connectivity options.
  • Network functions virtualization (NFV)
  • Virtual private cloud (VPC)
  • Network security groups
  • Network security lists
  • Cloud gateways
  • Cloud connectivity options
  • Deployment models
  • Service models
  • Scalability
  • Elasticity
  • Multitenancy
Explain common networking ports, protocols, services, and traffic types.
  • Internet Protocol (IP) types
  • Traffic types
Compare and contrast transmission media and transceivers.
  • Wireless
  • Wired
  • Transceivers
  • Connector types
Compare and contrast network topologies, architectures, and types.
  • Mesh
  • Hybrid
  • Star/hub and spoke
  • Spine and leaf
  • Point to point
  • Three-tier hierarchical model
  • Collapsed core
  • Traffic flows
Given a scenario, use appropriate IPv4 network addressing.
  • Public vs. private
  • Subnetting
  • IPv4 address classes
Summarize evolving use cases for modern network environments.
  • Software-defined network (SDN) and software-defined wide area network (SD-WAN)
  • Virtual Extensible Local Area Network (VXLAN)
  • Zero trust architecture (ZTA)
  • Secure Access Secure Edge (SASE)/Security Service Edge (SSE)
  • Infrastructure as code (IaC)
  • IPv6 addressing
2.0 Network Implementation
Explain characteristics of routing technologies.
  • Static routing
  • Dynamic routing
  • Route selection
  • Address translation
  • First Hop Redundancy Protocol (FHRP)
  • Virtual IP (VIP)
  • Subinterfaces
Given a scenario, configure switching technologies and features.
  • Virtual Local Area Network (VLAN)
  • Interface configuration
  • Spanning tree
  • Maximum transmission unit (MTU)
Given a scenario, select and configure wireless devices and technologies.
  • Channels
  • Frequency options
  • Service set identifier (SSID)
  • Network types
  • Encryption
  • Guest networks
  • Authentication
  • Antennas
  • Autonomous vs. lightweight access point
Explain important factors of physical installations.
  • Important installation implications
  • Power
  • Environmental factors
3.0 Network Operations
Explain the purpose of organizational processes and procedures.
  • Documentation
  • Life-cycle management
  • Change management
  • Configuration management
Given a scenario, use network monitoring technologies.
  • Methods
  • Solutions
Explain disaster recovery (DR) concepts.
  • DR metrics
  • DR sites
  • High-availability approaches
  • Testing
Given a scenario, implement IPv4 and IPv6 network services.
  • Dynamic addressing
  • Name resolution
  • Time protocols
Compare and contrast network access and management methods.
  • Site-to-site VPN
  • Client-to-site VPN
  • Connection methods
  • Jump box/host
  • In-band vs. out-of-band management
4.0 Network Security
Explain the importance of basic network security concepts.
  • Logical security
  • Physical security
  • Deception technologies
  • Common security terminology
  • Audits and regulatory compliance
  • Network segmentation enforcement
Summarize various types of attacks and their impact to the network.
  • Denial-of-service (DoS)/ distributed denial-of-service (DDoS)
  • VLAN hopping
  • Media Access Control (MAC) flooding
  • Address Resolution Protocol (ARP) poisoning
  • ARP spoofing
  • DNS poisoning
  • DNS spoofing
  • Rogue devices and services
  • Evil twin
  • On-path attack
  • Social engineering
  • Malware
Given a scenario, apply network security features, defense techniques, and solutions.
  • Device hardening
  • Network access control (NAC)
  • Key management
  • Security rules
  • Zones
5.0 Network Troubleshooting
Explain the troubleshooting methodology.
  • Identify the problem
  • Establish a theory of probable cause
  • Test the theory to determine the cause
  • Establish a plan of action to resolve the problem and identify potential effects
  • Implement the solution or escalate as necessary
  • Verify full system functionality and implement preventive measures if applicable
  • Document findings, actions, outcomes, and lessons learned throughout the process
Given a scenario, troubleshoot common cabling and physical interface issues.
  • Cable issues
  • Interface issues
  • Hardware issues
Given a scenario, troubleshoot common issues with network services.
  • Switching issues
  • Route selection
  • Address pool exhaustion
  • Incorrect default gateway
  • Incorrect IP address
  • Incorrect subnet mask
Given a scenario, troubleshoot common performance issues.
  • Congestion/contention
  • Bottlenecking
  • Bandwidth
  • Latency
  • Packet loss
  • Jitter
  • Wireless
Given a scenario, use the appropriate tool or protocol to solve networking issues.
  • Software tools
  • Hardware tools

[ back to top ]

Security+ certification

CompTIA Security+ (SY0-701) is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

Open the Door to Your Cybersecurity Career

Launch a successful cybersecurity career

Develop a core foundation of essential skills, paving the way for a fulfilling career. More job roles use Security+ for baseline cybersecurity skills than any other certification in the industry.

Assess on-the-job skills

Security+ is the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market with hands-on, performance-based questions on the certification exam. These practical questions assess your ability to effectively problem solve in real-life situations and demonstrate your expertise to potential employers immediately.

Embrace the latest trends

Understand and use the most recent advancements in cybersecurity technology, terms, techniques, and tools. By acquiring early career skills in the latest trends such as automation, zero trust, risk analysis, operational technology, and IoT, you will be well-equipped to excel in the ever-evolving cybersecurity landscape.

Exam SY0-701

The new CompTIA Security+ represents the latest and greatest in cybersecurity, covering the most in-demand skills related to current threats, automation, zero trust, IoT, risk - and more. Once certified, you'll understand the core skills needed to succeed on the job - and employers will notice too. The Security+ exam verifies you have the knowledge and skills required to:

  • Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions.
  • Monitor and secure hybrid environments, including cloud, mobile, Internet of Things (IoT), and operational technology.
  • Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.
  • Identify, analyze, and respond to security events and incidents.

CompTIA Security+ is compliant with ISO 17024 standards and approved by the U.S. DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

What Skills Will You Learn?

General Security Concepts

Includes key cybersecurity terminology and concepts up front to provide a foundation for security controls discussed throughout the exam.

Threats, Vulnerabilities & Mitigations

Focuses on responding to common threats, cyberattacks, vulnerabilities, and security incidents and appropriate mitigation techniques to monitor and secure hybrid environments.

Security Architecture

Includes security implications of different architecture models, principles of securing enterprise infrastructure, and strategies to protect data.

Security Operations

Includes applying and enhancing security and vulnerability management techniques, as well as security implications of proper hardware, software, and data management.

Security Program Management & Oversight

Updated to better reflect the reporting and communication skills required for Security+ job roles relating to governance, risk management, compliance, assessment, and security awareness.

Jobs You Can Land With CompTIA Security+

  • Cloud Penetration Tester
  • Network Security Operations
  • Penetration Tester
  • Network Security Analyst
  • Web App Penetration Tester
  • Security Architect

Course Content

1.0 General Security Concepts
Compare and contrast various types of security controls.
  • Categories
  • Control types
Summarize fundamental security concepts.
  • Confidentiality, Integrity, and Availability (CIA)
  • Non-repudiation
  • Authentication, Authorization, and Accounting (AAA)
  • Gap analysis
  • Zero Trust
  • Physical security
  • Deception and disruption technology
Explain the importance of change management processes and the impact to security.
  • Business processes impacting security operation
  • Technical implications
  • Documentation
  • Version control
Explain the importance of using appropriate cryptographic solutions.
  • Public key infrastructure (PKI)
  • Encryption
  • Tools
  • Obfuscation
  • Steganography
  • Tokenization
  • Data masking
  • Hashing
  • Salting
  • Digital signatures
  • Key stretching
  • Blockchain
  • Open public ledger
  • Certificates
2.0 Threats, Vulnerabilities, and Mitigations
Compare and contrast common threat actors and motivations.
  • Threat actors
  • Attributes of actors
  • Motivations
Explain common threat vectors and attack surfaces.
  • Message-based
  • Email
  • Short Message Service (SMS)
  • Instant messaging (IM)
  • Image-based
  • File-based
  • Voice call
  • Removable device
  • Vulnerable software
  • Unsupported systems and applications
  • Unsecure networks
  • Open service ports
  • Default credentials
  • Supply chain
  • Human vectors/social engineering
Explain various types of vulnerabilities.
  • Application
  • Operating system (OS)-based
  • Web-based
  • Hardware
  • Virtualization
  • Cloud-specific
  • Supply chain
  • Cryptographic
  • Misconfiguration
  • Mobile device
  • Zero-day
Given a scenario, analyze indicators of malicious activity.
  • Malware attacks
  • Physical attacks
  • Network attacks
  • Application attacks
  • Cryptographic attacks
  • Password attacks
  • Indicators
Explain the purpose of mitigation techniques used to secure the enterprise.
  • Segmentation
  • Access control
  • Application allow list
  • Isolation
  • Patching
  • Encryption
  • Monitoring
  • Least privilege
  • Configuration enforcement
  • Decommissioning
  • Hardening techniques
3.0 Security Architecture
Compare and contrast security implications of different architecture models.
  • Architecture and infrastructure concepts
  • Considerations
Given a scenario, apply security principles to secure enterprise infrastructure.
  • Infrastructure considerations
  • Secure communication/access
  • Selection of effective controls
Compare and contrast concepts and strategies to protect data.
  • Data types
  • Data classifications
  • General data considerations
  • Methods to secure data
Explain the importance of resilience and recovery in security architecture.
  • High availability
  • Site considerations
  • Platform diversity
  • Multi-cloud systems
  • Continuity of operations
  • Capacity planning
  • Testing
  • Backups
  • Power
4.0 Security Operations
Given a scenario, apply common security techniques to computing resources.
  • Secure baselines
  • Hardening targets
  • Wireless devices
  • Mobile solutions
  • Wireless security settings
  • Application security
  • Sandboxing
  • Monitoring
Explain the security implications of proper hardware, software, and data asset management.
  • Acquisition/procurement process
  • Assignment/accounting
  • Monitoring/asset tracking
  • Disposal/decommissioning
Explain various activities associated with vulnerability management.
  • Identification methods
  • Analysis
  • Vulnerability response and remediation
  • Validation of remediation
  • Reporting
Explain security alerting and monitoring concepts and tools.
  • Monitoring computing resources
  • Activities
  • Tools
Given a scenario, modify enterprise capabilities to enhance security.
  • Firewall
  • IDS/IPS
  • Web filter
  • Operating system security
  • Implementation of secure protocols
  • DNS filtering
  • Email security
  • File integrity monitoring
  • DLP
  • Network access control (NAC)
  • Endpoint detection and response (EDR)/extended detection and response (XDR)
  • User behavior analytics
Given a scenario, implement and maintain identity and access management.
  • Provisioning/de-provisioning user accounts
  • Permission assignments and implications
  • Identity proofing
  • Federation
  • Single sign-on (SSO)
  • Interoperability
  • Attestation
  • Access controls
  • Multifactor authentication
  • Password concepts
  • Privileged access management tools
Explain the importance of automation and orchestration related to secure operations.
  • Use cases of automation and scripting
  • Benefits
  • Other considerations
Explain appropriate incident response activities.
  • Process
  • Training
  • Testing
  • Root cause analysis
  • Threat hunting
  • Digital forensics
Given a scenario, use data sources to support an investigation.
  • Log data
  • Data sources
5.0 Security Program Management and Oversight
Summarize elements of effective security governance.
  • Guidelines
  • Policies
  • Standards
  • Procedures
  • External considerations
  • Monitoring and revision
  • Types of governance structures
  • Roles and responsibilities for systems and data
Explain elements of the risk management process.
  • Risk identification
  • Risk assessment
  • Risk analysis
  • Risk register
  • Risk tolerance
  • Risk appetite
  • Risk management strategies
  • Risk reporting
  • Business impact analysis
Explain the processes associated with third-party risk assessment and management.
  • Vendor assessment
  • Vendor selection
  • Agreement types
  • Vendor monitoring
  • Questionnaires
  • Rules of engagement
Summarize elements of effective security compliance.
  • Compliance reporting
  • Consequences of non-compliance
  • Compliance monitoring
  • Privacy
Explain types and purposes of audits and assessments.
  • Attestation
  • Internal
  • External
  • Penetration testing
Given a scenario, implement security awareness practices.
  • Phishing
  • Anomalous behavior recognition
  • User guidance and training
  • Reporting and monitoring
  • Development
  • Execution

[ back to top ]

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

Overview

As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics-based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. CompTIA CySA+ is for IT professionals looking to gain the following security analyst skills:

  • Configure and use threat detection tools.
  • Perform data analysis.
  • Interpret the results to identify vulnerabilities, threats and risks to an organization.
CySA+ certified skills are in-demand

Properly trained IT security staff who can analyze, monitor and protect cybersecurity resources are in high demand. The U.S. Bureau of Labor Statistics (BLS) predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.

CySA+ is globally recognized

CompTIA CySA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements.

CySA+ provides substantial earnings potential

A career in information security analysis ranked seventh on U.S. News and World Report's list of the 100 best technology jobs for 2017. According to the Bureau of Labor Statistics, the median pay for an information security analyst is $90,120 per year.

Target Student

The CompTIA CySA+ examination is designed for IT security analysts, vulnerability analysts or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization with the end goal of securing and protecting applications and systems within an organization.

Prerequisite

The CompTIA CySA+ exam is an internationally targeted validation of intermediate-level security skills and knowledge. While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus on IT security analytics.

It is recommended for CompTIA CySA+ certification candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+ or equivalent knowledge

Course Content

Threat Management
  • Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
  • Given a scenario, analyze the results of a network reconnaissance.
  • Given a network-based threat, implement or recommend the appropriate response and countermeasure.
  • Explain the purpose of practices used to secure a corporate environment.
Vulnerability Management
  • Given a scenario, implement an information security vulnerability management process.
  • Given a scenario, analyze the output resulting from a vulnerability scan.
  • Compare and contrast common vulnerabilities found in the following targets within an organization.
Cyber Incident Response
  • Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
  • Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
  • Explain the importance of communication during the incident response process.
  • Given a scenario, analyze common symptoms to select the best course of action to support incident response.
  • Summarize the incident recovery and post-incident response process.
Security Architecture and Tool Sets
  • Explain the relationship between frameworks, common policies, controls, and procedures.
  • Given a scenario, use data to recommend remediation of security issues related to identity and access management.
  • Given a scenario, review security architecture and make recommendations to implement compensating controls.
  • Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
  • Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

[ back to top ]

CompTIA Advanced Security Practitioner (CASP+)

CompTIA Advanced Security Practitioner (CASP+) CAS-004 is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise's cybersecurity readiness.

Why is CASP+ Different?

CASP+ is the only hands-on, performance-based certification for advanced practitioners - not managers - at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.

Unlike other certifications, CASP+ covers both security architecture and engineering - CASP+ is the only certification on the market that qualifies technical leaders to assess cyber readiness within an enterprise, and design and implement the proper solutions to ensure the organization is ready for the next attack.

What Skills Will You Learn?

Security Architecture

Expanded coverage to analyze security requirements in hybrid networks to work toward an enterprise-wide, zero trust security architecture with advanced secure cloud and virtualization solutions.

Security Operations

Expanded emphasis on newer techniques addressing advanced threat management, vulnerability management, risk mitigation, incident response tactics, and digital forensics analysis.

Governance, Risk, and Compliance

Expanded to support advanced techniques to prove an organization's overall cybersecurity resiliency metric and compliance to regulations, such as CMMC, PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Security Engineering and Cryptography

Expanded to focus on advanced cybersecurity configurations for endpoint security controls, enterprise mobility, cloud/hybrid environments, and enterprise-wide PKI and cryptographic solutions.

Jobs That Use CASP+

  • Security Architect
  • Senior Security Engineer
  • SOC Manager
  • Security Analyst

Class Outline

1.0 Security Architecture

Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
  • Services
  • Segmentation
  • Deperimeterization/zero trust
  • Merging of networks from various organizations
  • Software-defined networking (SDN)
Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
  • Scalability
  • Resiliency
  • Performance
  • Automation
  • Containerization
  • Virtualization
  • Content delivery network
  • Caching
Given a scenario, integrate software applications securely into an enterprise architecture.
  • Baseline and templates
  • Software assurance
  • Considerations of integrating enterprise applications
  • Integrating security into development life cycle
Given a scenario, implement data security techniques for securing enterprise architecture.
  • Data loss prevention
  • Data loss detection
  • Data classification, labeling, and tagging
  • Obfuscation
  • Anonymization
  • Encrypted vs. unencrypted
  • Data life cycle
  • Data inventory and mapping
  • Data integrity management
  • Data storage, backup, and recovery
Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
  • Credential management
  • Password policies
  • Federation
  • Access control
  • Protocols
  • Multifactor authentication (MFA)
  • One-time password (OTP)
  • Hardware root of trust
  • Single sign-on (SSO)
  • JavaScript Object Notation (JSON) web token (JWT)
  • Attestation and identity proofing
Given a set of requirements, implement secure cloud and virtualization solutions
  • Virtualization strategies
  • Provisioning and deprovisioning
  • Middleware
  • Metadata and tags
  • Deployment models and considerations
  • Hosting models
  • Service models
  • Cloud provider limitations
  • Extending appropriate on-premises controls
  • Storage models
Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
  • Privacy and confidentiality requirements
  • Integrity requirements
  • Non-repudiation
  • Compliance and policy requirements
  • Common cryptography use cases
  • Common PKI use cases
Explain the impact of emerging technologies on enterprise security and privacy.
  • Artificial intelligence
  • Machine learning
  • Quantum computing
  • Blockchain
  • Homomorphic encryption
  • Secure multiparty computation
  • Distributed consensus
  • Big Data
  • Virtual/augmented reality
  • 3-D printing
  • Passwordless authentication
  • Nano technology
  • Deep learning
  • Biometric impersonation

2.0 Security Operations

Given a scenario, perform threat management activities.
  • Intelligence types
  • Actor types
  • Threat actor properties
  • Intelligence collection methods
  • Frameworks
Given a scenario, analyze indicators of compromise and formulate an appropriate response.
  • Indicators of compromise
  • Response
Given a scenario, perform vulnerability management activities.
  • Vulnerability scans
  • Security Content Automation Protocol (SCAP)
  • Self-assessment vs. third- party vendor assessment
  • Patch management
  • Information sources
Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
  • Methods
  • Tools
  • Dependency management
  • Requirements
Given a scenario, analyze vulnerabilities and recommend risk mitigations.
  • Vulnerabilities
  • Inherently vulnerable system/application
  • Attacks
Given a scenario, use processes to reduce risk.
  • Proactive and detection
  • Security data analytics
  • Preventive
  • Application control
  • Security automation
  • Physical security
Given an incident, implement the appropriate response.
  • Event classifications
  • Triage event
  • Preescalation tasks
  • Incident response process
  • Specific response playbooks/processes
  • Communication plan
  • Stakeholder management
Explain the importance of forensic concepts.
  • Legal vs. internal corporate purposes
  • Forensic process
  • Integrity preservation
  • Cryptanalysis
  • Steganalysis
Given a scenario, use forensic analysis tools.
  • File carving tools
  • Binary analysis tools
  • Analysis tools
  • Imaging tools
  • Hashing utilities
  • Live collection vs. post-mortem tools

3.0 Security Engineering and Cryptography

Given a scenario, apply secure configurations to enterprise mobility.
  • Managed configurations
  • Deployment scenarios
  • Security considerations
Given a scenario, configure and implement endpoint security controls.
  • Hardening techniques
  • Processes
  • Mandatory access control
  • Trustworthy computing
  • Compensating controls
Explain security considerations impacting specific sectors and operational technologies.
  • Embedded
  • ICS/supervisory control and data acquisition (SCADA)
  • Protocols
  • Sectors
Explain how cloud technology adoption impacts organizational security.
  • Automation and orchestration
  • Encryption configuration
  • Logs
  • Monitoring configurations
  • Key ownership and location
  • Key life-cycle management
  • Backup and recovery methods
  • Infrastructure vs. serverless computing
  • Application virtualization
  • Software-defined networking
  • Misconfigurations
  • Collaboration tools
  • Storage configurations
  • Cloud access security broker (CASB)
Given a business requirement, implement the appropriate PKI solution.
  • PKI hierarchy
  • Certificate types
  • Certificate usages/profiles/templates
  • Extensions
  • Trusted providers
  • Trust model
  • Cross-certification
  • Configure profiles
  • Life-cycle management
  • Public and private keys
  • Digital signature
  • Certificate pinning
  • Certificate stapling
  • Certificate signing requests (CSRs)
  • Online Certificate Status Protocol (OCSP) vs. certificate revocation list (CRL)
  • HTTP Strict Transport Security (HSTS)
Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
  • Hashing
  • Symmetric algorithms
  • Asymmetric algorithms
  • Protocols
  • Elliptic curve cryptography
  • Forward secrecy
  • Authenticated encryption with associated data
  • Key stretching
Given a scenario, troubleshoot issues with cryptographic implementations.
  • Implementation and configuration issues
  • Keys

4.0 Governance, Risk, and Compliance

Given a set of requirements, apply the appropriate risk strategies.
  • Risk assessment
  • Risk handling techniques
  • Risk types
  • Risk management life cycle
  • Risk tracking
  • Risk appetite vs. risk tolerance
  • Policies and security practices
Explain the importance of managing and mitigating vendor risk.
  • Shared responsibility model (roles/responsibilities)
  • Vendor lock-in and vendor lockout
  • Vendor viability
  • Meeting client requirements
  • Support availability
  • Geographical considerations
  • Supply chain visibility
  • Incident reporting requirements
  • Source code escrows
  • Ongoing vendor assessment tools
  • Third-party dependencies
  • Technical considerations
Explain compliance frameworks and legal considerations, and their organizational impact.
  • Security concerns of integrating diverse industries
  • Data considerations
  • Geographic considerations
  • Third-party attestation of compliance
  • Regulations, accreditations, and standards
  • Legal considerations
  • Contract and agreement types
Explain the importance of business continuity and disaster recovery concepts.
  • Business impact analysis
  • Privacy impact assessment
  • Disaster recovery plan (DRP)/ business continuity plan (BCP)
  • Incident response plan
  • Testing plans

[ back to top ]

CompTIA PenTest+

CompTIA PenTest+ (PT0-002) is for cybersecurity professionals tasked with penetration testing and vulnerability management.

Why is it different?

CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages. Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.

PenTest+ is the only exam on the market to include all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them.

PenTest+ is the most current penetration testing exam covering the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.

What Skills Will You Learn?

Planning and Scoping

Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.

Information Gathering and Vulnerability Scanning

Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.

Attacks and Exploits

Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation techniques.

Reporting and Communication

Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.

Tools and Code Analysis

Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test. It is important to note that no scripting and coding is required.

Jobs that use CompTIA PenTest+

  • Penetration Tester
  • Security Consultant
  • Cloud Penetration Tester
  • Web App Penetration Tester
  • Cloud Security Specialist
  • Network & Security Specialist

Class Outline

1.0 Planning and Scoping

Compare and contrast governance, risk, and compliance concepts.
  • Regulatory compliance considerations
  • Location restrictions
  • Legal concepts
  • Permission to attack
Explain the importance of scoping and organizational/customer requirements.
  • Standards and methodologies
  • Rules of engagement
  • Environmental considerations
  • Target list/in-scope assets
  • Validate scope of engagement
Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.
  • Background checks of penetration testing team
  • Adhere to specific scope of engagement
  • Identify criminal activity
  • Immediately report breaches/ criminal activity
  • Limit the use of tools to a particular engagement
  • Limit invasiveness based on scope
  • Maintain confidentiality of data/information
  • Risks to the professional

2.0 Information Gathering and Vulnerability Scanning

Given a scenario, perform passive reconnaissance.
  • DNS lookups
  • Identify technical contacts
  • Administrator contacts
  • Cloud vs. self-hosted
  • Social media scraping
  • Cryptographic flaws
  • Company reputation/security posture
  • Data
  • Open-source intelligence (OSINT)
Given a scenario, perform active reconnaissance.
  • Enumeration
  • Website reconnaissance
  • Packet crafting
  • Defense detection
  • Tokens
  • Wardriving
  • Network traffic
  • Cloud asset discovery
  • Third-party hosted services
  • Detection avoidance
Given a scenario, analyze the results of a reconnaissance exercise.
  • Fingerprinting
  • Analyze output
Given a scenario, perform vulnerability scanning.
  • Considerations of vulnerability scanning
  • Scan identified targets for vulnerabilities
  • Set scan settings to avoid detection
  • Scanning methods
  • Nmap
  • Vulnerability testing tools that facilitate automation

3.0 Attacks and Exploits

Given a scenario, research attack vectors and perform network attacks.
  • Stress testing for availability
  • Exploit resources
  • Attacks
  • Tools
Given a scenario, research attack vectors and perform wireless attacks.
  • Attack methods
  • Attacks
  • Tools
Given a scenario, research attack vectors and perform application-based attacks.
  • OWASP Top 10
  • Server-side request forgery
  • Business logic flaws
  • Injection attacks
  • Application vulnerabilities
  • API attacks
  • Directory traversal
  • Tools
  • Resources
Given a scenario, research attack vectors and perform attacks on cloud technologies.
  • Attacks
  • Tools
Explain common attacks and vulnerabilities against specialized systems.
  • Mobile
  • Internet of Things (IoT) devices
  • Data storage system vulnerabilities
  • Management interface vulnerabilities
  • Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of Things (IIoT)/ industrial control system (ICS)
  • Vulnerabilities related to virtual environments
  • Vulnerabilities related to containerized workloads
Given a scenario, perform a social engineering or physical attack.
  • Pretext for an approach
  • Social engineering attacks
  • Physical attacks
  • Impersonation
  • Tools
  • Methods of influence
Given a scenario, perform post-exploitation techniques.
  • Post-exploitation tools
  • Lateral movement
  • Network segmentation testing
  • Privilege escalation
  • Upgrading a restrictive shell
  • Creating a foothold/persistence
  • Detection avoidance
  • Enumeration

4.0 Reporting and Communication

Compare and contrast important components of written reports.
  • Report audience
  • Report contents
  • Storage time for report
  • Secure distribution
  • Note taking
  • Common themes/root causes
Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
  • Technical controls
  • Administrative controls
  • Operational controls
  • Physical controls
Explain the importance of communication during the penetration testing process.
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization
  • Presentation of findings
Explain post-report delivery activities.
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
  • Data destruction process

5.0 Tools and Code Analysis

Explain the basic concepts of scripting and software development.
  • Logic constructs
  • Data structures
  • Libraries
  • Classes
  • Procedures
  • Functions
Given a scenario, analyze a script or code sample for use in a penetration test.
  • Shells
  • Programming languages
  • Analyze exploit code
  • Opportunities for automation
Explain use cases of the following tools during the phases of a penetration test.
  • Scanners
  • Credential testing tools
  • Debuggers
  • OSINT
  • Wireless
  • Web application tools
  • Social engineering tools
  • Remote access tools
  • Networking tools
  • Misc.
  • Steganography tools
  • Cloud tools

[ back to top ]


CED Solutions is your best choice for CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ training, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ certification, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ boot camp, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ certification training, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ certification course, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ course, CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ class.



CompTIA A+ Net+ Security+ CySA+ CASP+ PenTest+ space
Search classes by keyword:
Search classes by category:


Copyright © 2024 CED Solutions. CED Solutions Refund Policy. All Rights Reserved.