CompTIA Security+


CompTIA Security+ TRAINING

CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.

Threats, Attacks and Vulnerabilities 21%

Given a scenario, analyze indicators of compromise
and determine the type of malware.

1. Viruses
2. Crypto-malware
3. Ransomware
4. Worm
5. Trojan
6. Rootkit
7. Keylogger
8. Adware
9. Spyware
10. Bots
11. RAT
12. Logic bomb
13. Backdoor

Compare and contrast types of attacks.

1. Social engineering
Phishing
Spear phishing
Whaling
Vishing
Tailgating
Impersonation
Dumpster diving
Shoulder surfing
Hoax
Watering hole attack
Principles (reasons for effectiveness)
Authority
Intimidation
Consensus
Scarcity
Familiarity
Trust
Urgency

2. Application/service attacks

DoS
DDoS
Man-in-the-middle
Buffer overflow
Injection
Cross-site scripting
Cross-site request forgery
Privilege escalation
ARP poisoning
Amplification
DNS poisoning
Domain hijacking
Man-in-the-browser
Zero day
Replay
Pass the hash
Hijacking and related attacks
Clickjacking
Session hijacking
URL hijacking
Typo squatting
Driver manipulation
Shimming
Refactoring
MAC spoofing
IP spoofing
3. Wireless attacks
Replay
IV
Evil twin
Rogue AP
Jamming
WPS
Bluejacking
Bluesnarfing
RFID
NFC
Disassociation

4. Cryptographic attacks

Birthday
Known plain text/cipher text
Rainbow tables
Dictionary
Brute force
Online vs. offline
Collision
Downgrade
Replay
Weak implementations
Explain threat actor types and attributes. 1. Types of actors
Script kiddies
Hacktivist
Organized crime
Nation states/APT
Insiders
Competitors

2. Attributes of actors

Internal/external
Level of sophistication
Resources/funding
Intent/motivation

 

3. Use of open-source intelligence

 

Explain penetration testing concepts. 1. Active reconnaissance
2. Passive reconnaissance
3. Pivot
4. Initial exploitation
5. Persistence
6. Escalation of privilege
7. Black box
8. White box
9. Gray box

10. Penetration testing vs. vulnerability scanning

 

Explain vulnerability scanning concepts.

 

1.Passively test security controls
2. Identify vulnerability
3. Identify lack of security controls
4. Identify common misconfigurations
5. Intrusive vs. non-intrusive
6. Credentialed vs. non-credentialed
7. False positive

Explain the impact associated with types of vulnerabilities.

 

1. Race conditions

2. Vulnerabilities due to:
End-of-life systems
Embedded systems
Lack of vendor support
3. Improper input handling
4. Improper error handling
5. Misconfiguration/weak configuration
6. Default configuration
7. Resource exhaustion
8. Untrained users
9. Improperly configured accounts
10. Vulnerable business processes
11. Weak cipher suites and implementations
12. Memory/buffer vulnerability

 

Memory leak

Integer overflow
Buffer overflow
Pointer dereference
DLL injection

13. System sprawl/undocumented assets
14. Architecture/design weaknesses
15. New threats/zero day
16. Improper certificate and key management

 

Technologies and Tools 22%

 

Install and configure network components, both hardware and software-based, to support organizational security.
1. Firewall

ACL
Application-based vs. network-based
Stateful vs. stateless
Implicit deny

2. VPN concentrator

Remote access vs. site-to-site
IPSec
Tunnel mode
Transport mode
AH
ESP
Split tunnel vs. full tunnel
TLS
Always-on VPN

3. NIPS/NIDS

Signature-based
Heuristic/behavioral
Anomaly
Inline vs. passive
In-band vs. out-of-band
Rules
Analytics
False positive
False negative

4. Router

ACLs
Antispoofing
?

5. Switch

Port security
Layer 2 vs. Layer 3
Loop prevention
Flood guard

6. Proxy

Forward and reverse proxy
Transparent
Application/multipurpose

7. Load balancer

Scheduling
Affinity
Round-robin
Active-passive
Active-active
Virtual IPs

8. Access point

SSID
MAC filtering
Signal strength
Band selection/width
Antenna types and placement
Fat vs. thin
Controller-based vs. standalone

9. SIEM

Aggregation
Correlation
Automated alerting and triggers
Time synchronization
Event deduplication
Logs/WORM

10. DLP

USB blocking
Cloud-based
Email

11. NAC

Dissolvable vs. permanent
Host health checks
Agent vs. agentless

12. Mail gateway

Spam filter
DLP
Encryption
13. Bridge
14. SSL/TLS accelerators
15. SSL decryptors
16. Media gateway
17. Hardware security module

 

Given a scenario, use appropriate software tools to assess the security posture of an organization.

 

1. Protocol analyzer
2. Network scanners

Rogue system detection
Network mapping
3. Wireless scanners/cracker
4. Password cracker
5. Vulnerability scanner
6. Configuration compliance scanner
7. Exploitation frameworks
8. Data sanitization tools
9. Steganography tools
10. Honeypot
11. Backup utilities
12. Banner grabbing
13. Passive vs. active
14. Command line tools

ping
netstat
tracert
nslookup/dig
arp
ipconfig/ip/ifconfig
tcpdump
nmap
netcat

Given a scenario, troubleshoot common security issues.

1. Unencrypted credentials/clear text
2. Logs and events anomalies
3. Permission issues
4. Access violations
5. Certificate issues
6. Data exfiltration
7. Misconfigured devices
Firewall
Content filter
Access points
8. Weak security configurations
9. Personnel issues

Policy violation
Insider threat
Social engineering
Social media
Personal email
10. Unauthorized software
11. Baseline deviation
12. License compliance violation (availability/integrity)
13. Asset management
14. Authentication issues

Given a scenario, analyze and interpret output from security technologies.

1. HIDS/HIPS
2. Antivirus
3. File integrity check
4. Host-based firewall
5. Application whitelisting
6. Removable media control
7. Advanced malware tools
8. Patch management tools
9. UTM
10. DLP
11. Data execution prevention
12. Web application firewall

Given a scenario, deploy mobile devices securely.

1. Connection methods
Cellular
WiFi
SATCOM
Bluetooth
NFC
ANT
Infrared
USB

2. Mobile device management concepts

Application management
Content management
Remote wipe
Geofencing
Geolocation
Screen locks
Push notification services
Passwords and pins
Biometrics
Context-aware authentication
Containerization
Storage segmentation
Full device encryption

3. Enforcement and monitoring for:

Third-party app stores
Rooting/jailbreaking
Sideloading
Custom firmware
Carrier unlocking
Firmware OTA updates
Camera use
SMS/MMS
External media
USB OTG
Recording microphone
GPS tagging
WiFi direct/ad hoc
Tethering
Payment methods

4. Deployment models

BYOD
COPE
CYOD
Corporate-owned
VDI
Given a scenario, implement secure protocols. 1. Protocols
DNSSEC
SSH
S/MIME
SRTP
LDAPS
FTPS
SFTP
SNMPv3
SSL/TLS
HTTPS
Secure POP/IMAP

2. Use cases

Voice and video
Time synchronization
Email and web
File transfer
Directory services
Remote access
Domain name resolution
Routing and switching
Network address allocation
Subscription services
Architecture and Design 15%
Explain use cases and purpose for frameworks, best practices and secure configuration guides. 1. Industry-standard frameworks and reference architectures
Regulatory
Non-regulatory
National vs. international
Industry-specific frameworks

2. Benchmarks/secure configuration guides

Platform/vendor-specific guides
Web server
Operating system
Application server
Network infrastructure devices
General purpose guides

3. Defense-in-depth/layered security

Vendor diversity
Control diversity
Administrative
Technical
User training
Given a scenario, implement secure network architecture concepts. 1. Zones/topologies
DMZ
Extranet
Intranet
Wireless
Guest
Honeynets
NAT
Ad hoc

2. Segregation/segmentation/isolation

Physical
Logical (VLAN)
Virtualization
Air gaps

3. Tunneling/VPN

Site-to-site
Remote access

4. Security device/technology placement

Sensors
Collectors
Correlation engines
Filters
Proxies
Firewalls
VPN concentrators
SSL accelerators
Load balancers
DDoS mitigator
Aggregation switches
Taps and port mirror

5. SDN

Given a scenario, implement secure systems design.

1. Hardware/firmware security
FDE/SED
TPM
HSM
UEFI/BIOS
Secure boot and attestation
Supply chain
Hardware root of trust
EMI/EMP

2. Operating systems

Types
Network
Server
Workstation
Appliance
Kiosk
Mobile OS
Patch management
Disabling unnecessary ports and services
Least functionality
Secure configurations
Trusted operating system
Application whitelisting/blacklisting
Disable default accounts/passwords

3. Peripherals

Wireless keyboards
Wireless mice
Displays
WiFi-enabled MicroSD cards
Printers/MFDs
External storage devices
Digital cameras

Explain the importance of secure staging deployment concepts.

1. Sandboxing
2. Environment
Development
Test
Staging
Production
3. Secure baseline
Integrity measurement

Explain the security implications of embedded systems.

1. SCADA/ICS
2. Smart devices/IoT
Wearable technology
Home automation
3. HVAC
4. SoC
5. RTOS
6. Printers/MFDs
7. Camera systems
8. Special purpose

Medical devices
Vehicles
Aircraft/UAV

Summarize secure application development and deployment concepts.

1. Development life-cycle models
Waterfall vs. Agile
2. Secure DevOps

Security automation
Continuous integration
Baselining
Immutable systems
Infrastructure as code
3. Version control and change management
4. Provisioning and deprovisioning
5. Secure coding techniques

Proper error handling
Proper input validation
Normalization
Stored procedures
Code signing
Encryption
Obfuscation/camouflage
Code reuse/dead code
Server-side vs. client-side execution and validation
Memory management
Use of third-party libraries and SDKs
Data exposure

6. Code quality and testing

Static code analyzers
Dynamic analysis (e.g., fuzzing)
Stress testing
Sandboxing
Model verification

7. Compiled vs. runtime code

Summarize cloud and virtualization concepts.

1. Hypervisor
Type I
Type II
Application cells/containers
2. VM sprawl avoidance
3. VM escape protection
4. Cloud storage
5. Cloud deployment models

SaaS
PaaS
IaaS
Private
Public
Hybrid
Community
6. On-premise vs. hosted vs. cloud
7. VDI/VDE
8. Cloud access security broker
9. Security as a Service

Explain how resiliency and automation strategies reduce risk.

1. Automation/scripting
Automated courses of action
Continuous monitoring
Configuration validation
2. Templates
3. Master image
4. Non-persistence

Snapshots
Revert to known state
Rollback to known configuration
Live boot media
5. Elasticity
6. Scalability
7. Distributive allocation
8. Redundancy
9. Fault tolerance
10. High availability
11. RAID

Explain the importance of physical security controls.

1. Lighting
2. Signs
3. Fencing/gate/cage
4. Security guards
5. Alarms
6. Safe
7. Secure cabinets/enclosures
8. Protected distribution/Protected cabling
9. Airgap
10. Mantrap
11. Faraday cage
12. Lock types
13. Biometrics
14. Barricades/bollards
15. Tokens/cards
16. Environmental controls
HVAC
Hot and cold aisles
Fire suppression
17. Cable locks
18. Screen filters
19. Cameras
20. Motion detection
21. Logs
22. Infrared detection
23. Key management

Identity and Access Management 16%

Compare and contrast identity and access management concepts

1. Identification, authentication, authorization and accounting (AAA)
2. Multifactor authentication
Something you are
Something you have
Something you know
Somewhere you are
Something you do
3. Federation
4. Single sign-on
5. Transitive trust

Given a scenario, install and configure identity and access services.

1. LDAP
2. Kerberos
3. TACACS+
4. CHAP
5. PAP
6. MSCHAP
7. RADIUS
8. SAML
9. OpenID Connect
10. OAUTH
11. Shibboleth
12. Secure token
13. NTLM

Given a scenario, implement identity and access management controls.

 

1. Access control models
MAC
DAC
ABAC
Role-based access control
Rule-based access control

2. Physical access control

Proximity cards
Smart cards

3. Biometric factors

Fingerprint scanner
Retinal scanner
Iris scanner
Voice recognition
Facial recognition
False acceptance rate
False rejection rate
Crossover error rate

4. Tokens

Hardware
Software
HOTP/TOTP

5. Certificate-based authentication

PIV/CAC/smart card
IEEE 802.1x

6. File system security
7. Database security

 

Given a scenario, differentiate common account management practices.

1. Account types

User account
Shared and generic accounts/credentials
Guest accounts
Service accounts
Privileged accounts

2. General Concepts

Least privilege
Onboarding/offboarding
Permission auditing and review
Usage auditing and review
Time-of-day restrictions
Recertification
Standard naming convention
Account maintenance
Group-based access control
Location-based policies

3. Account policy enforcement

Credential management
Group policy
Password complexity
Expiration
Recovery
Disablement
Lockout
Password history
Password reuse
Password length

Risk Management 14%

Explain the importance of policies, plans and procedures related to organizational security

1. Standard operating procedure

2. Agreement types
BPA
SLA
ISA
MOU/MOA

3. Personnel management

Mandatory vacations
Job rotation
Separation of duties
Clean desk
Background checks
Exit interviews
Role-based awareness training
Data owner
System administrator
System owner
User
Privileged user
Executive user
NDA
Onboarding
Continuing education
Acceptable use policy/rules of behavior
Adverse actions

4. General security policies

Social media networks/applications
Personal email
Summarize business impact analysis concepts.

1. RTO/RPO
2. MTBF
3. MTTR
4. Mission-essential functions
5. Identification of critical systems
6. Single point of failure
7. Impact
Life
Property
Safety
Finance
Reputation
8. Privacy impact assessment
9. Privacy threshold assessment

Explain risk management processes and concepts.

1. Threat assessment
Environmental
Manmade
Internal vs. external
2. Risk assessment

SLE
ALE
ARO
Asset value
Risk register
Likelihood of occurrence
Supply chain assessment
Impact
Quantitative
Qualitative
Testing
Penetration testing authorization
Vulnerability testing authorization
Risk response techniques
Accept
Transfer
Avoid
Mitigate

3. Change management

Given a scenario, follow incident response procedures. 1. Incident response plan
Documented incident types/category definitions
Roles and responsibilities
Reporting requirements/escalation
Cyber-incident response teams
Exercise

2. Incident response process

Preparation
Identification
Containment
Eradication
Recovery
Lessons learned

Summarize basic concepts of forensics.

1. Order of volatility
2. Chain of custody
3. Legal hold
4. Data acquisition
Capture system image
Network traffic and logs
Capture video
Record time offset
Take hashes
Screenshots
Witness interviews
5. Preservation
6. Recovery
7. Strategic intelligence/ counterintelligence gathering

Active logging

8. Track man-hours

Explain disaster recovery and continuity of operation concepts.

1. Recovery sites
Hot site
Warm site
Cold site
2. Order of restoration
3. Backup concepts

Differential
Incremental
Snapshots
Full

4. Geographic considerations

Off-site backups
Distance
Location selection
Legal implications
Data sovereignty

5. Continuity of operation planning

Exercises/tabletop
After-action reports
Failover
Alternate processing sites
Alternate business practices
Compare and contrast various types of controls. 1. Deterrent
2. Preventive
3. Detective
4. Corrective
5. Compensating
6. Technical
7. Administrative
8. Physical

Given a scenario, carry out data security and privacy practices.

1. Data destruction and media sanitization

Burning
Shredding
Pulping
Pulverizing
Degaussing
Purging
Wiping

2. Data sensitivity labeling and handling

Confidential
Private
Public
Proprietary
PII
PHI

3. Data roles

Owner
Steward/custodian
Privacy officer
4. Data retention
5. Legal and compliance

Cryptography and PKI 12%

Compare and contrast basic concepts of cryptography.

1. Symmetric algorithms
2. Modes of operation
3. Asymmetric algorithms
4. Hashing
5. Salt, IV, nonce
6. Elliptic curve
7. Weak/deprecated algorithms
8. Key exchange
9. Digital signatures
10. Diffusion
11. Confusion
12. Collision
13. Steganography
14. Obfuscation
15. Stream vs. block
16. Key strength
17. Session keys
18. Ephemeral key
19. Secret algorithm
20. Data-in-transit
21. Data-at-rest
22. Data-in-use
23. Random/pseudo-random number generation
24. Key stretching
25. Implementation vs. algorithm selection
Crypto service provider
Crypto modules
26. Perfect forward secrecy
27. Security through obscurity
28. Common use cases

Low power devices

Low latency
High resiliency
Supporting confidentiality
Supporting integrity
Supporting obfuscation
Supporting authentication
Supporting non-repudiation
Resource vs. security constraints
Explain cryptography algorithms and their basic characteristics. 1. Symmetric algorithms
AES
DES
3DES
RC4
Blowfish/Twofish

2. Cipher modes

CBC
GCM
ECB
CTR
Stream vs. block

3. Asymmetric algorithms

RSA
DSA
Diffie-Hellman
Groups
DHE
ECDHE
Elliptic curve
PGP/GPG
4. Hashing algorithms

MD5
SHA
HMAC
RIPEMD
5. Key stretching algorithms

BCRYPT
PBKDF2

6. Obfuscation

XOR
ROT13
Substitution ciphers

Given a scenario, install and configure wireless security settings.

1. Cryptographic protocols
WPA
WPA2
CCMP
TKIP

2. Authentication protocols

EAP
PEAP
EAP-FAST
EAP-TLS
EAP-TTLS
IEEE 802.1x
RADIUS Federation

3. Methods

PSK vs. Enterprise vs. Open
WPS
Captive portals

Given a scenario, implement public key infrastructure.

1. Components
CA
Intermediate CA
CRL
OCSP
CSR
Certificate
Public key
Private key
Object identifiers (OID)

2. Concepts

Online vs. offline CA
Stapling
Pinning
Trust model
Key escrow
Certificate chaining

3. Types of certificates

Wildcard
SAN
Code signing
Self-signed
Machine/computer
Email
User
Root
Domain validation
Extended validation

4. Certificate formats

DER
PEM
PFX
CER
P12
P7B