CompTIA Security+ Curriculum Outline
Remote Access and Wireless Security
Overview/DescriptionSecurity professionals are increasingly being made responsible for securing remote and wireless environments. This course examines different remote access strategies and technologies such as PPP, VPNs, PPTP, L2TP, IPsec, RADIUS, and TACACS. This course also examines wireless security mechanisms such as WEP, WPA, CCMP, EAP, PEAP, LEAP, MAC filters, SSID broadcast, and antenna placement and the attacks they are designed to fend off. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience, who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)1.5
Lesson Objectives Remote Access and Wireless Security
Recognize the security considerations for remote access devices Recognize the features and vulnerabilities of remote connection protocols Recognize how to secure remote access Recognize how to improve the security of a remote access infrastructure Recognize how to defend against various types of wireless network attacks Describe the most secure wireless encryption technology Differentiate between wireless authentication methods Identify the guidelines for securing a wireless network Recognize how to secure a wireless network Course Number:
cs_styp_a05_it_enus Back to ListControl Fundamentals and Security Threats
Overview/DescriptionUnderstanding the types of threats that exist in an IT infrastructure is incredibly important when you are attempting to control access to network assets and secure an internetwork environment. This course examines control types, authentication, authorization, and access control strategies, along with the various types of malware, social engineering and spam/phishing attacks that a network can face. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Control Fundamentals and Security Threats
Differentiate between the security control types Recognize the principles of availability, integrity, and confidentiality Describe the main processes of an access control system Analyze an information security program Classify the types of malware Recognize how to defend against malware Differentiate between the types of local social engineering attacks Recognize the main motivations of malicious insiders Distinguish between the types of remote social engineering techniques Make recommendations for improving an information security program, in a given scenario Course Number:
cs_styp_a01_it_enus Back to ListNetwork Protocols, Attacks, and Defenses
Overview/DescriptionNetwork security professionals must have a firm understanding of the transport mechanisms and attacks faced by traffic entering and exiting a network environment. This course examines the TCP/IP protocol suite, the OSI model, and the different protocols that operate within the layers of these models. This course also examines various attacks that protocols and ports can face, along with the tools that can be used to detect these attacks. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Network Protocols, Attacks, and Defenses
Describe various network topologies Distinguish between TCP and UDP Recognize the key features of UDP Recognize the most common TCP and UDP ports Compare network topologies Recognize the most common UDP and TCP ports Differentiate between network attacks Differentiate between the three main frameworks for NAC Identify the best practices for port security Recognize when to use a port scanner as part of a vulnerability assessment Recognize when to use a sniffer as part of a vulnerability assessment Recommend a strategy for deterring network attacks, in a given scenario Course Number:
cs_styp_a02_it_enus Back to ListCreating Secure Networks and Performing Security Assessments
Overview/DescriptionSecurity professionals must be able to create secure networking environments using appropriate tools and techniques while also being able to test existing network environments for security weaknesses. This course examines the use of routers and switches to create a secure environment, while also looking at how techniques such as creating subnets, DMZs, and VLANs can be used to secure an environment. This course also examines security assessment techniques and how penetration testing, vulnerability scanning tools, and honeypots can be used to find holes in network security. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day-to-day technical information security experience and who are looking to validate that knowledge. It is recommended that individuals have a minimum of two years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Creating Secure Networks and Performing Security Assessments
Recognize the guidelines for securing switches Recognize the guidelines for securing routers Recognize key elements of a secure network topology Apply the guidelines for securing routers and switches Apply the guidelines for segmenting a network Recognize how to perform a vulnerability assessment Recognize the considerations for planning a penetration test Recognize best practice for performing a penetration test Recognize key tools for use in security assessments Plan and implement an information security assessment, in a given scenario Course Number:
cs_styp_a03_it_enus Back to ListNetwork and System Security Mechanisms
Overview/DescriptionSecurity professionals must understand the hardware and software mechanisms that can be used to secure a network environment. This course examines the different types of firewalls, NIDS and NIPS, proxy servers, all-in-one security appliances, and other mechanisms that can be put in place to make a network environment secure. This course also discusses mitigation and deterrent techniques, security log analysis, and methods to secure DHCP and DNS servers. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. Its recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Network and System Security Mechanisms
Recognize how different types of firewalls work Recognize how to work with incident response-based Intrusion Detection Systems Recognize the functions of host-based and network-based Intrusion Detection Systems Recognize the functions of an Intrusion Prevention System Recognize how security mechanisms can be used to secure host and network devices Recognize which security devices and technologies to deploy as network defense in a given scenario Recognize key methods for mitigating and deterring network attacks Recognize the security considerations for network management software and protocols Recognize how to implement system analysis and security controls Course Number:
cs_styp_a04_it_enus Back to ListAuthentication, Biometrics, and Security Controls
Overview/DescriptionSecurity mechanisms and account management are important parts of creating a secure networking environment. This course examines different authentication services and protocols along with biometric security mechanisms and other access security mechanisms such as tokens and smart cards. This course also examines how LDAP can be used to create security in an environment along with risk reduction mechanisms such as policies for mandatory vacations, job rotation and separation of duties. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Authentication, Biometrics, and Security Controls
Recognize the key characteristics of Kerberos and what its vulnerabilities are Recognize how CHAP works with remote access protocols Describe the advantages and disadvantages of various types of biometrics Identify the considerations for implementing biometric authentication Recognize how tokens can be used for authentication Determine the authentication methods to implement, in a given scenario Recognize how LDAP-based account management works in Windows and Linux Recognize the key elements of a security policy Recognize how to implement various aspects of a security policy Choose security policies to implement, for a given scenario Course Number:
cs_styp_a06_it_enus Back to ListSecuring the IT Environment
Overview/DescriptionSecuring the networking environment is the most important job role that a Security specialist will perform. This course examines the methods, tools, and applications that can be used to secure the data, mobile devices, and operating systems, as well as how to deploy environmental controls and physical access controls. This course looks at locking mechanisms - application and physical - along with encryption schemes for data on servers and mobile devices. This course also examines the different environmental and physical controls that can be used to secure an IT environment. This course helps prepare the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Securing the IT Environment
Recognize how to secure telephony systems and mobile devices Identify the considerations for computer hardening and patch management Recognize security concerns for hosts and operating systems Identify the considerations for environmental controls Identify the key principles of site security Recognize the appropriate use of various alarm types Identify the advantages of video surveillance Recognize how to deploy environmental and physical access controls Course Number:
cs_styp_a07_it_enus Back to ListCryptography and Public Key Infrastructures
Overview/DescriptionGuaranteeing end-to-end security in communication, document, and database infrastructures is incredibly important in internetworking environments. This course examines cryptography and the different algorithms, ciphers and tools that can be used to secure information, and to protect against attacks. Symmetric and asymmetric algorithms are examined, along with block and stream ciphers, one-time pads, and steganography. This course also examines message authentication, digital signatures, Public Key Infrastructures and certification authorization and revocation. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.5
Lesson Objectives Cryptography and Public Key Infrastructures
Define key cryptographic terms Identify the characteristics of quantum cryptography Describe symmetric key algorithms Distinguish between types of asymmetric algorithms Determine the appropriate use for a given message format Recognize types of ciphers Describe various types of cryptanalytic attacks Distinguish between types of algorithms, message formats, ciphers, and cryptanalytic attacks Determine the appropriate cryptography implementation for a given scenario Determine the appropriate hash algorithm to use in a given scenario Recognize characteristics of message authentication codes Identify the characteristics of digital signatures Identify guidelines for key management and distribution Identify characteristics of the XKMS Recognize the appropriate application of the split knowledge method of key management Recognize methods of key distribution Determine the appropriate hashing algorithm to use in a given scenario Evaluate the actions of an individual who is practicing key management Recognize examples of key management methods Course Number:
cs_styp_a08_it_enus Back to ListSecuring Applications, Virtualized Environments, and Cloud Computing
Overview/DescriptionWeb servers, web applications, virtualization, and cloud computing are becoming standard parts of corporate infrastructures. This course examines the communications standards and protocols that are used in the web server environment, along with the ways to harden web servers and web browsers. This course also examines the different types of attacks that web servers and web-based applications can face. Finally, this course looks at virtualized environments, along with cloud computing and the different types of services and challenges that each can offer. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day-to-day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Securing Applications, Virtualized Environments, and Cloud Computing
Identify the risks of web communication protocols Recognize how to harden web browsers Recognize how to harden web servers Identify the features of load balancers Identify common web application exploits Describe key secure programming techniques Recognize how to use reviews to audit web applications Recognize how to secure web applications and servers Recognize when to use various types of virtualization technologies Recognize the risks of virtualized environments Describe virtualization best practices Identify the security considerations for cloud computing Recognize the uses and security considerations for virtualization and cloud computing Course Number:
cs_styp_a09_it_enus Back to ListBusiness Continuity, Disaster Recovery, Security Training, and Forensics
Overview/DescriptionBusiness continuity, disaster recovery, and computer forensics go hand in hand when a security professional trains on ways to create, maintain, and repair network security. This course examines business continuity plans along with risk assessment techniques and the strategies used when creating a risk management process. This course also examines security training for end users and the methodologies and tools used when performing computer forensics. This course helps prepares the learner to write the CompTIA Security+ Certification SYO-301.
Target AudienceIndividuals who have day to day technical information security experience who are looking to validate that knowledge. It is recommended that individuals have a minimum of 2 years experience in IT administration with a focus on security and a broad knowledge of security concerns and implementations.
Expected Duration (hours)2.0
Lesson Objectives Business Continuity, Disaster Recovery, Security Training, and Forensics
Identify activities that occur during the project initiation phase of business continuity planning Perform a business impact analysis on given business functions Recognize key considerations when conducting a business impact analysis Identify best practices for user habits Identify the best practices for data handling Distinguish between the results of qualitative and quantitative risk assessments Match stages of the risk assessment process with corresponding descriptions Label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance Identify key considerations for fault tolerance Describe key considerations for the various backup methods Describe the ways in which you can verify backups Recognize how to mitigate IT-related risk for an organization Recognize how to manage IT-related risk through incident response and computer forensics Recognize how to implement incident response and computer forensics Course Number:
cs_styp_a10_it_enus Back to List
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking
experience, with an emphasis on security. Because human error is the number one cause for a network security breach, CompTIA Security+
is recognized by the technology community as a valuable credential that proves competency with information security.
The unique design of CBT Direct’s CompTIA Security+ certification course incorporates a proven four-step learning process:
presentation, demonstration, guidance and independent practice. This four-step proven learning model for CBT Direct’s CompTIA
Security+ training course ensures the greatest level of retention to prepare you for your CompTIA Security+ certification exam.
CBT Direct also offers online mentoring for over 100 current major certification exams, including CompTIA Security+, for IT
professionals and end-users alike. CBT Direct’s mentors have a minimum of 20 certifications each and are available 24/7*.
* Available for most courses.
This training would be beneficial for individuals looking for IT job positions such as; Senior Field Service Engineer, Network
Technician, LAN Administrator, Windows Administrator, Network Security Specialist or Network Security Administrator.
CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and
general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and
commercial training centers around the world.
CBT Direct boasts the most beneficial online certification training on the market. With online training, you have the flexibility to
study on your schedule, and with the speed and reliability of the internet, CBT Direct’s CompTIA Security+ training course is
accessible anywhere you have an internet connection. Convenience finally costs less with CBT Direct – the most affordable online
training solution today. CBT Direct is also a member of CompTIA.
