- Copyright 2021
- Edition: 1st
- ISBN-10: 0-13-728104-8
- ISBN-13: 978-0-13-728104-6
19+ Hours of Video Instruction
CompTIA Security+ (SY0-601) Complete Video Course is an engaging self-paced video training solution that provides learners with more than 19 hours of personal training from security expert Sari Greene. Through the use of topic-focused instructional videos, you will gain an in-depth understanding of each objective in the CompTIA Security+ (SY0-601) exam, as well as a deeper understanding of security foundations and principles to ensure exam success.
CompTIA Security+ (SY0-601) Complete Video Course contains more than 19 hours of training with content divided into 5 modules with 35 content-targeted lessons. This title covers every objective in the newly updated CompTIA Security+ SY0-601 exam and includes screencast teaching, [do you have whiteboard?], deep dives on security theory and everyday practices, question reviews, and live demos/labs showing how to complete tasks in real time. Most lessons end with a "Security in Action" segment, which takes the security knowledge youve learned to the next level.
The video lessons in this course review each exam objective, so you can use it as a complete study tool for taking the CompTIA Security+ exam.
This course also includes:
Major sections are as follows:
- End-of-lesson quizzes
- Performance-based exercises to help you learn and retain knowledge
- A practice exam that runs in the Pearson test prep software
Skill LevelLearn How To
- Threats, Attacks and Vulnerabilities
- Architecture and Design
- Operations and Incident Response
- Governance, Risk & Compliance
Who Should Take This Course
- Every objective on the CompTIA Security+ exam
- Tips to prepare for exam success
- Real-world security configuration skills
- Anyone preparing for the CompTIA Security+ examination
- Secondary audience: Anyone interested in learning security fundamentals
- A minimum of two years of experience in IT administration with a focus on security
- Day-to-day technical information security experience
- Broad knowledge of security concerns and implementation including the topics in the domain list above
Module 1, Threats, Attacks, and Vulnerabilities, corresponds to the first CompTIA domain. 24% of the exam questions will relate to this domain, and each lesson within Module 1 aligns with the eight exam objectives. Module 1 will cover social engineering principles, tactics, techniques, attack vectors, malware families and attributes, password attacks, physical attacks, adversarial artificial intelligence, and identifying Indicators of Compromise. The lessons will then move into application weaknesses, validation issues, injection, XSS and forgery attacks, and explore various system attacks. Next up, it will take a look at Digital Infrastructure Attacks, Wireless Attacks, and Malicious Code or Script Execution including using PowerShell, Python and Bash. The lessons also discuss adversaries including means and motivation, threat modeling, and how to use OSINTopen source intelligence. The later lessons in this module cover some of the most common and dangerous operational vulnerabilities; risks associated with third-parties; as well as threat hunting, vulnerability identification, and automation tools, including SIEM and SOAR. Lastly, the module discusses the importance of penetration testing, pen testing options, and how pen testing really works.
Module 2, Architecture and Design, corresponds to the second CompTIA domain, which makes up 21% of the exam questions. Within this module, configuration management, data protection concepts, deception and disruption techniques, and tactics are covered. It then examines the security and performance features of virtualization, cloud deployment, and cloud service models. Secure staging workflow, secure coding techniques, and the role of automation with a focus on identify management, authentication factors, attributes and methods, as well as a deep dive into biometrics. The lesson then discusses resiliency, non-persistence, redundancy, and backup and recovery techniques including RAID and replication. Next up is defining what embedded and IoT systems are, look at why and when they are embedded they are vulnerable to attack, and discuss best practices for securing embedded and IoT systems. The module then focuses attention on building and facility design considerations and controls, environmental issues such as air flow, heat, humidity, electrostatic discharge, date emanation, fire, and power as well as secure data destruction. The next lesson begins with a primer, and then surveys cryptographic and related use cases and techniques including steganography, symmetric encryption, asymmetric encryption, hashing, digital signatures, and emerging cryptography.
Module 3, Implementation, corresponds to 25% of the exam questions and covers a lot. The module starts by looking at the practical application and use cases of secure communications and network protocols including SSl/TLS, SSH, DNSSEC, SNMPv3, and Secure Email Protocols. Then, it surveys trusted computing-base components and endpoint security solutions, as well as meeting security objectives by implementing zone, segmentation, and isolation options and network appliances including jump servers, proxy servers, IDS/IPS, NACS, firewalls and VPNS. The lesson ends with a look at the TCP/IP model. The module continues with a dive into wireless design and configuration options with an emphasis on planning a secure wireless network, as well as looking at mobile device connection methods, mobile device deployment options, Mobile Device Management Solutions (commonly known as MDM), and mobile device concerns including attack vectors. Next up is revisiting the cloud environmentthis time from an infrastructure perspective. The module looks at design options; use of virtual private clouds and critically cloud security controls; explores the entire user identity and access management lifecycle; and dives into the configuration elements of network and web services including LDAP, Kerberos, TACACS+, RADIUS, CHAP, PAP, SAML, OpenID Connect, OAuth, and Shibboleth as well as access control and authorization models. Lastly, the module focuses on creating and managing digital certificates and the cryptovariable (key) management and best practices.
Module 4, Operations and Incident Response, covers about 16% of the exam and starts by surveying network reconnaissance and discovery approaches; tools and techniques including scanning, packet capture, and netflows; as well as covering Linux operating system commands security practitioners should be familiar with. Then, the importance of incident response preparedness is discussed, as well as defining the elements of an incident response plan, identifying the phases of incident response, reviewing the process, and studying attack frameworks. Next, the module revisits a number of data sources including scans, logs, and metadata from an investigative perspective. The final lessons of this module discuss a variety of manual and automated mitigation, containment and eradication techniques and controls, and then tackles forensic fundamentals including evidence collection, data acquisition and breach disclosure, and notification requirements.
Module 5, Governance, Risk and Compliance, is the smallest domain and covers about 14% of the exam. The module starts by taking a close look at control management, control classifications, and control objectives, which taken together comprise an defense-in-depth environment. It then dives into cybersecurity and privacy related regulations and obligations and how to build a compliance information security program incorporating frameworks, benchmarks, and audit standards. The module then examines the role of policies and supporting governance documents, identify key personnel and operational policies and practices, as well as third-party and supply chain risk management. Next, the module identifies fundamental risk management and assessment concepts, teaches how to conduct a quantitative risk assessment and walks through the fundamental concepts of business continuity, including facilitating a business impact assessment. Lastly, it focuses on data classification, privacy requirements and obligations, roles and responsibilities, privacy enhancing technologies, and the relationship between cybersecurity and privacy.About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.
Learn more about Pearson Video training at http://www.informit.com/video.