CompTIA Security+ Certification SY0-501: The Total Course

Table of Contents

Chapter 1 : Risk Management

Introduction to the CompTIA Security+ Exam SY0-501

The CIA of Security

Threat Actors

What is Risk?

Managing Risk

Using Guides for Risk Assessment

Security Controls

Interesting Security Controls

Defense in Depth

IT Security Governance

Security Policies

Frameworks

Quantitative Risk Calculations

Business Impact Analysis

Organizing Data

Security Training

Third Party Agreements

Chapter 2 : Cryptography

Cryptography Basics

Cryptographic Methods

Symmetric Cryptosystems

Symmetric Block Modes

RSA Cryptosystems

Diffie-Hellman

PGP/GPG

Hashing

HMAC

Steganography

Certificates and Trust

Public Key Infrastructure

Cryptographic Attacks

Chapter 3 : Identity and Access Management

Identification

Authorization Concepts

Access Control List

Password Security

Linux File Permissions

Windows File Permissions

User Account Management

AAA

Authentication Methods

Single Sign-On

Chapter 4 : Tools of the Trade

OS Utilities, Part 1

OS Utilities, Part 2

Network Scanners

Protocol Analyzers

SNMP

Logs

Chapter 5 : Securing Individual Systems

Denial of Service

Host Threats

Man-in-the-Middle

System Resiliency

RAID

NAS and SAN

Physical Hardening

RFI, EMI and ESD

Host Hardening

Data and System Security

Disk Encryption

Hardware/Firmware Security

Secure OS Types

Securing Peripherals

Malware

Analyzing Output

IDS and IPS

Automation Strategies

Data Destruction

Chapter 6 : The Basic LAN

LAN Review

Network Topologies Review

Network Zone Review

Network Access Controls

The Network Firewall

Proxy Servers

Honeypots

Virtual Private Networks

IPSec

NIDS/NIPS

SIEM

Chapter 7 : Beyond the Basic LAN

Wireless Review

Living in Open Networks

Vulnerabilities with Wireless Access Points

Cracking 802.11 - WEP

Cracking 802.11 - WPA

Cracking 802.11 - WPS

Wireless Hardening

Wireless Access Points

Virtualization Basics

Virtual Security

Containers

IaaS

PaaS

SaaS

Deployment Models

Static Hosts

Mobile Connectivity

Deploying Mobile Devices

Mobile Enforcement

Mobile Device Management

Physical Controls

HVAC

Fire Suppression

Chapter 8 : Secure Protocols

Secure Applications and Protocols

Network Models

Know Your Protocols - TCP/IP

Know Your Protocols - Applications

Transport Layer Security (TLS)

Internet Service Hardening

Protecting Your Servers

Secure Code Development

Secure Deployment Concepts

Code Quality and Testing

Chapter 9 : Testing Your Infrastructure

Vulnerability Scanning Tools

Vulnerability Scanning Assessment

Social Engineering Principles

Social Engineering Attacks

Attacking Web Sites

Attacking Applications

Exploiting a Target

Vulnerability Impact

Chapter 10 : Dealing with Incidents

Incident Response

Digital Forensics

Contingency Planning

Backups