The video lessons in this course review each exam objective, so you can use it as a complete study tool for taking the CompTIA Security+ exam.

This course also includes:

• A practice exam that runs in the Pearson test prep software
Major sections are as follows:
• Threats, Attacks and Vulnerabilities
• Architecture and Design
• Implementation
• Operations and Incident Response
• Governance, Risk & Compliance
About the Instructor



Sari is the author of Security Program and Policies: Principles and Practices and is currently being used in undergraduate and graduate programs nationwide. She is also the author and presenter of the best-selling Security + SY0-501 Complete Video Course as well as the CISSP Complete Video Course and the CISA Complete Video Course. Sari has published numerous articles related to cybersecurity; has been quoted in the New York Times, Wall Street Journal, CNN, and CNBC; speaks regularly at cybersecurity, legal, financial, and healthcare conferences around the country; and is a frequent guest lecturer.



Sari holds multiple industry accreditations including CISSP-ISSMP, CRISC, CISM, CISA, MCSE, Sec+, and NSA/IAM. She is a strong proponent of certification and continuing education. Sari is committed to training the next generation of cybersecurity practitioners who are dedicated to protecting their company, their community, and their country.


You can contact Sari at sari@sarigreenegroup.com , follow her on Twitter at @sari_greene or visit her website http://www.sarigreenegroup.com .

Skill Level

• Beginner
Learn How To
• Confidently understand every objective on the CompTIASecurity+ exam—this course covers every objective and topic in depth.
• Prepare for exam success—Sari shares her best practices forstudying for and taking the Security+ exam.
• Enhance your real-world cybersecurity skills and knowledge
Who Should Take This Course
• Anyone preparing for the CompTIA Security+ examination. Secondaryaudiences: IT professionals
• Anyone interested in learning security fundamentals
Course Requirements
• Day-to-day information technology or cybersecurity experience.
• Note: CompTIA recommends but does not require at least twoyears of experience in IT administration with a focus on security prior totaking the certification exam.
Lesson Descriptions



Module 1, “Threats, Attacks, and Vulnerabilities,” corresponds to the firstCompTIA domain. 24% of the exam questions will relate to this domain, and eachlesson within Module 1 aligns with the eight exam objectives. Module 1 willcover social engineering principles, tactics, techniques, attack vectors,malware families and attributes, password attacks, physical attacks,adversarial artificial intelligence, and identifying indicators of compromise(IOC). The lessons will then move into application weaknesses, validationissues, injection, XSS and forgery attacks, and explore various system attacks.Next up, it will take a look at digitalinfrastructure attacks, wireless attacks, and malicious code or script executionincluding using PowerShell, Python. and Bash. The lessons also discussadversaries including means and motivation, threat modeling, and how to useOSINT—open source intelligence. The later lessons in this module cover some ofthe most common and dangerous operational vulnerabilities, risks associatedwith third-parties, threat hunting, vulnerability identification, andautomation tools including SIEM and SOAR. Lastly, the module discusses the importance of penetrationtesting, pen testing options, and how pen testing really works.



Module 2, “Architecture and Design,” corresponds to the second CompTIA domain, which makes up 21% of the exam questions. Within this module, configuration management, data protection concepts, deception and disruption techniques, and tactics are covered. It then examines the security and performance features of virtualization, cloud deployment, and cloud service models. Secure staging workflow, secure coding techniques, and the role of automation with a focus on identify management, authentication factors, attributes and methods, as well as a deep dive into biometrics. The lesson then discusses resiliency, non-persistence, redundancy, and backup and recovery techniques including RAID and replication. Next up is defining what embedded and IoT systems are, look at why and when they are embedded they are vulnerable to attack, and discuss best practices for securing embedded and IoT systems. The module then focuses attention on building and facility design considerations and controls, environmental issues such as air flow, heat, humidity, electrostatic discharge, date emanation, fire, and power as well as secure data destruction. The next lesson begins with a primer, and then surveys cryptographic and related use cases and techniques including steganography, symmetric encryption, asymmetric encryption, hashing, digital signatures, and emerging cryptography.



Module 3, “Implementation,” corresponds to 25% of the exam questions and covers a lot. The module starts by looking at the practical application and use cases of secure communications and network protocols including SSl/TLS, SSH, DNSSEC, SNMPv3, and secure email protocols. Then, it surveys trusted computing-base components and endpoint security solutions, as well as meeting security objectives by implementing zone, segmentation, and isolation options and network appliances including jump servers, proxy servers, IDS/IPS, NACS, firewalls and VPNS. The lesson ends with a look at the TCP/IP model. The module continues with a dive into wireless design and configuration options with an emphasis on planning a secure wireless network, as well as looking at mobile device connection methods, mobile device deployment options, Mobile device management solutions (commonly known as MDM), and mobile device concerns including attack vectors. Next up is revisiting the cloud environment—this time from an infrastructure perspective. The module looks at design options; use of virtual private clouds and critically cloud security controls; explores the entire user identity and access management lifecycle; and dives into the configuration elements of network and web services including LDAP, Kerberos, TACACS+, RADIUS, CHAP, PAP, SAML, OpenID Connect, OAuth 2.0, and Shibboleth as well as access control and authorization models. Lastly, the module focuses on creating and managing digital certificates as well as cryptovariable (key) management and best practices.



Module 4, “Operations and Incident Response,” covers about 16% of the exam and starts by surveying network reconnaissance and discovery approaches; tools and techniques including scanning, packet capture, and netflows; and introduces Linux operating system commands security practitioners should be familiar with. Then, the importance of incident response preparedness is discussed, as well as defining the elements of an incident response plan, identifying the phases of incident response, reviewing the process, and studying attack frameworks. Next, the module revisits a number of data sources including scans, logs, and metadata from an investigative perspective. The final lessons of this module discuss a variety of manual and automated mitigation, containment and eradication techniques and controls, and then tackles forensic fundamentals including evidence collection, data acquisition and breach disclosure, and notification requirements.



Module 5, “Governance, Risk and Compliance,” covers about 14% of the exam. The module starts by taking a close look at control management, control classifications, and control objectives, which taken together comprise an defense-in-depth environment. It then dives into cybersecurity and privacy related regulations and obligations and how to build a compliance information security program incorporating frameworks, benchmarks, and audit standards. The module then examines the role of policies and supporting governance documents, identify key personnel and operational policies and practices, as well as third-party and supply chain risk management. Next, the module identifies fundamental risk management and assessment concepts, teaches how to conduct a quantitative risk assessment and walks through the fundamental concepts of business continuity, including facilitating a business impact assessment. Lastly, it focuses on data classification, privacy requirements and obligations, roles and responsibilities, privacy enhancing technologies, and the relationship between cybersecurity and privacy.

About Pearson Video Training



Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.



Learn more about Pearson Video training at http://www.informit.com/video .