CompTIA Security+: SY0-501

The CompTIA Security+ certification is a vendor-neutral credential. The CompTIA Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe.

The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks,and devices;perform threat analysis and respond with appropriate mitigation techniques;participatein risk mitigation activities;andoperate with an awareness of applicable policies, laws, and regulations. The successful candidate will perform these tasks to supportthe principles of confidentiality, integrity,and availability.

The CompTIA Security+ certification is aimed at an IT security professional who has:

  • A minimum of two years’experience in ITadministration with a focus on security
  • Day-to-day technicalinformation security experience
  • Broad knowledge of security concerns and implementation including the topics in the domain list below

Module 1: Threats, Attacksand Vulnerabilities

Types of malware

  • Viruses
  • Crypto-malware
  • Ransomware
  • Worm
  • Trojan
  • Rootkit
  • Keylogger
  • Adware
  • Spyware
  • Bots
  • Logic bomb
  • RAT
  • Backdoor

Compare and contrast types of attacks.

  • Social engineering
  • Application/service attacks
  • Wireless attacks
  • Cryptographic attacks

Threat actor types and attributes.

  • Types of actors
  • Attributes of actors
  • Use of open-source intelligence

Explain penetration testing concepts.

  • Active reconnaissance
  • Passive reconnaissance
  • Pivot
  • Initial exploitation
  • Persistence
  • Escalation of privilege
  • Black box
  • White box
  • Gray box
  • Pen testing vs. vulnerability scanning

Vulnerability scanning concepts.

  • Passively test security controls
  • Identify vulnerability
  • Identify lack of security controls
  • Identify common misconfigurations
  • Intrusive vs. non-intrusive
  • Credentialed vs. non-credentialed
  • False positive

The impactassociated with types of vulnerabilities.

  • Race conditions
  • Vulnerabilities
  • Improper input handling
  • Improper error handling
  • Misconfiguration/weak configuration
  • Default configuration
  • Resource exhaustion
  • Untrained users
  • Improperly configured accounts
  • Vulnerable business processes
  • Weak cipher suites and implementations
  • Memory/buffer vulnerability
  • System sprawl/undocumented assets
  • Architecture/design weaknesses
  • New threats/zero day
  • Improper certificate and key management

Module 2: Technologies and Tools

Install and configure network components

  • Firewall
  • VPN concentrator
  • NIPS/NIDS
  • Router
  • Switch
  • Proxy
  • Load balancer
  • Access point
  • SIEM
  • DLP
  • NAC
  • Mail gateway
  • Bridge
  • SSL/TLS accelerators
  • SSL decryptors
  • Media gateway
  • Hardware security module

Use appropriate software toolsto assess the security posture of an organization

  • Protocol analyzer
  • Network scanners
  • Wireless scanners/cracker
  • Password cracker
  • Vulnerability scanner
  • Configuration compliance scanner
  • Exploitation frameworks
  • Data sanitization tools
  • Steganography tools
  • Honeypot
  • Backup utilities
  • Banner grabbing
  • Passive vs. active
  • Command line tools

Troubleshoot common security issues.

  • Unencrypted credentials/clear text
  • Logs and eventsanomalies
  • Permission issues
  • Access violations
  • Certificate issues
  • Data exfiltration
  • Misconfigured devices
  • Weak security configurations
  • Personnel issues
  • Unauthorized software
  • Baseline deviation
  • License compliance violation(availability/integrity)
  • Asset management
  • Authentication issues

Analyze and interpret output from securitytechnologies

  • HIDS/HIPS
  • Antivirus
  • File integrity check
  • Host-based firewall
  • Application whitelisting
  • Removable media control
  • Advanced malware tools
  • Patch management tools
  • UTM
  • DLP
  • Data execution prevention
  • Web application firewall

Deploy mobile devices securely.

  • Connection methods
  • Mobile device management concepts
  • Enforcementand monitoring
  • Deployment models

Implement secure protocols.

  • Protocols
  • Use cases

Module 3: Architecture and Design

Explain use cases and purpose for frameworks

  • Industry-standard frameworks and reference architectures
  • Benchmarks/secure configuration guides
  • Defense-in-depth/layered security

Implement secure network architecture concepts.

  • Zones/topologies
  • Segregation/segmentation/isolation
  • Tunneling/VPN
  • Security device/technology placement
  • SDN

Implement secure systems design.

  • Hardware/firmware security
  • Operating systems
  • Peripherals

Explain the importance of secure staging deployment concepts.

  • Sandboxing
  • Environment
  • Secure baseline
  • Integrity measurement

Explain the security implications of embedded systems.

  • SCADA/ICS
  • Smart devices/IoT
  • HVAC
  • SoC
  • RTOS
  • Printers/MFDs
  • Camera systems
  • Special purpose

Summarize secure application development and deployment concepts.

  • Development life-cycle models
  • Secure DevOps
  • Version control and change management
  • Provisioningand deprovisioning
  • Secure coding techniques
  • Code quality and testing
  • Compiled vs. runtime code

Summarize cloud and virtualization concepts

  • Hypervisor
  • VM sprawl avoidance
  • VM escapeprotection
  • Cloud storage
  • Cloud deployment models
  • On-premise vs. hosted vs. cloud
  • VDI/VDE
  • Cloud access security broker
  • Security as a Service

How resiliency and automation strategies reduce risk.

  • Automation/scripting
  • Templates
  • Master image
  • Non-persistence
  • Elasticity
  • Scalability
  • Distributive allocation
  • Redundancy
  • Fault tolerance
  • High availability
  • RAID

Explain the importance of physical security controls.

  • Lighting
  • Signs
  • Fencing/gate/cage
  • Security guards
  • Alarms
  • Safe
  • Secure cabinets/enclosures
  • Protected distribution/Protected cabling
  • Airgap
  • Mantrap
  • Faraday cage
  • Lock types
  • Biometrics
  • Barricades/bollards
  • Tokens/cards
  • Environmental controls
  • Cable locks
  • Screen filters
  • Cameras
  • Motion detection
  • Logs
  • Infrared detection
  • Key management

Module 4: Identity and Access Management

Compare and contrast identity and access management concepts.

  • Identification, authentication, authorization and accounting (AAA)
  • Multifactor authentication
  • Federation
  • Single sign-on
  • Transitive trus

Install and configure identity and access services.

  • LDAP
  • Kerberos
  • TACACS+
  • CHAP
  • PAP
  • MSCHAP
  • RADIUS
  • SAML
  • OpenID Connect
  • OAUTH
  • Shibboleth
  • Secure token
  • NTLM

Implement identity and access management controls.

  • Access control models
  • Physical access control
  • Biometricfactors
  • Tokens
  • Certificate-based authentication
  • File system security
  • Database security

Differentiatecommon account managementpractices.

  • Account types
  • General Concepts
  • Account policy enforcement

Module 5: Risk Management

Importance of policies.

  • Standard operating procedure
  • Agreement types
  • Personnel management
  • General security policies

Summarize business impact analysisconcepts.

  • RTO/RPO
  • MTBF
  • MTTR
  • Mission-essential functions
  • Identification of critical systems
  • Single point of failure
  • Impact
  • Privacy impact assessment
  • Privacy threshold assessment

Risk management processes and concepts.

  • Threat assessment
  • Risk assessment
  • Change management

Follow incident responseprocedures.

  • Incident response plan
  • Incident response process

Summarizebasic concepts of forensics.

  • Order of volatility
  • Chain of custody
  • Legal hold
  • Data acquisition
  • Preservation
  • Recovery
  • Strategicintelligence/counterintelligence gathering
  • Track man-hours

Disaster recoveryand continuity of operation concepts.

  • Recovery sites
  • Order of restoration
  • Backup concepts
  • Geographic considerations
  • Continuity of operationplanning

Compare and contrast various types of controls.

  • Deterrent
  • Preventive
  • Detective
  • Corrective
  • Compensating
  • Technical
  • Administrative
  • Physical

Carry out data security and privacypractices.

  • Data destruction and media sanitization
  • Data sensitivity labeling and handling
  • Data roles
  • Data retention
  • Legal and compliance

Module 6: Cryptography and PKI

Compare and contrast basic concepts of cryptography.

  • Symmetric algorithms
  • Modes of operation
  • Asymmetric algorithms
  • Hashing
  • Salt, IV, nonce
  • Elliptic curve
  • Weak/deprecated algorithms
  • Key exchange
  • Digital signatures
  • Diffusion
  • Confusion
  • Collision
  • Steganography
  • Obfuscation
  • Stream vs. block
  • Key strength
  • Session keys
  • Ephemeral key
  • Secret algorithm
  • Data-in-transit
  • Data-at-rest
  • Data-in-use
  • Random/pseudo-random number generation
  • Key stretching
  • Implementation vs. algorithm selection
  • Perfect forward secrecy
  • Security through obscurity
  • Common use cases

Cryptography algorithms and their basic characteristics.

  • Symmetric algorithms
  • Cipher modes
  • Asymmetric algorithms
  • Hashing algorithms
  • Key stretching algorithms
  • Obfuscation

Install and configure wireless security settings.

  • Cryptographic protocols
  • Authentication protocols
  • Methods

Implement public key infrastructure.

  • Components
  • Concepts
  • Types of certificates
  • Certificate formats

More CompTIA

CASP+

CySA+

CompTIA A+

CompTIA Network+

CompTIA Cloud+