Description
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations.
Voor wie:
CompTIA Security+ is aimed at IT professionals with job roles such as security engineer, security consultant /specialist, information assurance technician, junior auditor / penetration tester, security administrator, systems administrator, and network administrator.
Inhoud:
– Module 1 – Threats, Attacks, and Vulnerabilities
– Indicators of Compromise
– Why is Security Important?
– Security Policy
– Threat Actor Types
– The Kill Chain
– Social Engineering
– Phishing
– Malware Types
– Trojans and Spyware
– Open Source Intelligence
– VM Orientation
– Malware Types
– Critical Security Controls
– Security Control Types
– Defense in Depth
– Frameworks and Compliance
– Vulnerability Scanning and Pen Tests
– Security Assessment Techniques
– Pen Testing Concepts
– Vulnerability Scanning Concepts
– Exploit Frameworks
– Using Vulnerability Assessment Tools
– Security Posture Assessment Tools
– Topology Discovery
– Service Discovery
– Packet Capture
– Packet Capture Tools
– Remote Access Trojans
– Honeypots and Honeynets
– Using NetworkScanning Tools 1
– Using Network Scanning Tools 2
– Using Steganography Tools
– Incident Response
– Incident Response Procedures
– Preparation Phase
– Identification Phase
– Containment Phase
– Eradication and Recovery Phases
– Module 2 – Identity and Access Management
– Cryptography
– Uses of Cryptography
– Cryptographic Terminology and Ciphers
– CryptographicProducts
– Hashing Algorithms
– Symmetric Algorithms
– Asymmetric Algorithms
– Diffie-Hellman and Elliptic Curve
– Transport Encryption
– Cryptographic Attacks
– Implementing Public Key Infrastructure Public Key Infrastructure
– PKI Standards
– Digital Certificates
– Certificate Authorities
– Types of Certificate
– Implementing PKI
– Storing and Distributing Keys
– Key Status and Revocation
– PKI Trust Models
– PGP / GPG
– Deploying Certificates and Implementing Key Recovery
– Identification and Authentication
– Access Control Systems
– Identification
– Authentication
– LAN Manager / NTLM
– Kerberos
– PAP, CHAP, and MS-CHAP
– Password Attacks –
Token-based Authentication
– Biometric Authentication
– Common Access Card
– Using Password Cracking Tools
– Identity and Access Services
– Authorization
– Directory Services
– RADIUS and TACACS+
– Federation and Trusts
– Federated Identity Protocols
– Account Management
– Formal Access Control Models
– Account Types
– Windows Active Directory
– Creating and Managing Accounts
– Account Policy Enforcement
– Credential Management Policies
– Account Restrictions
– Accounting and Auditing
– Using Account Management Tools
– Module 3 – Architecture and Design (1)
– Secure Network Design
– Network Zones and Segments
– Subnetting
– Switching Infrastructure
– Switching Attacks and Hardening
– Endpoint Security
– Network Access Control
– Routing Infrastructure
– Network Address Translation
– Software Defined Networking
– Implementing a Secure Network Design
– Firewalls and Load Balancers
– Basic Firewalls
– Stateful Firewalls
– Implementing a Firewall or Gateway
– Web Application Firewalls
– Proxies and Gateways
– Denial of Service Attacks
– Load Balancers
– Implementing a Firewall
– IDS and SIEM
– Intrusion Detection Systems
– Configuring IDS
– Log Review and SIEM
– Data Loss Prevention
– Malware and Intrusion Response
– Using an Intrusion Detection System
– Secure Wireless Access
– Wireless LANs
– WEP and WPA
– Wi-Fi Authentication
– Extensible Authentication Protocol
– Additional Wi-Fi Security Settings
– Wi-Fi Site Security
– Personal Area Networks
– Physical Security Controls
– Site Layout and Access
– Gateways and Locks
– Alarm Systems
– Surveillance
– Hardware Security
– Environmental Controls
– Module 4 – Architecture and Design (2)
– Secure Protocols and Services
– DHCP Security
– DNS Security
– Network Management Protocols
– HTTP and Web Servers
– SSL / TSL and HTTPS
– Web Security Gateways
– Email Services
– S/MIME
– File Transfer
– Voice and Video Services
– VoIP
– Implementing Secure Network Addressing Services
– Configuring a Secure Email Service
– Secure Remote Access
– Remote Access Architecture
– Virtual Private Networks
– IPSec
– Remote Access Servers
– Remote Administration Tools
– Hardening Remote Access Infrastructure
– Implementing a Virtual Private Network
– Secure Systems Design
– Trusted Computing
– Hardware / Firmware Security
– Peripheral Device Security
– Secure Configurations
– OS Hardening
– Patch Management
– Embedded Systems
– Security for Embedded Systems
– Secure Mobile Device Services
– Mobile Device Deployments
– Mobile Connection Methods
– Mobile Access Control Systems
– Enforcement and Monitoring
– Secure Virtualization and Cloud Services
– Virtualization Technologies
– Virtualization Security Best Practices
– Cloud Computing
– Cloud Security Best Practices
– Module 5 – Risk Management
– Forensics
– Forensic Procedures
– Collecting Evidence
– Capturing System Images
– Handling andmAnalyzing Evidence
– Using Forensic Tools
– Disaster Recovery and Resiliency
– Continuity of Operations Plans
– Disaster Recovery Planning
– Resiliency Strategies
– Recovery Sites
– Backup Plans and Policies
– Resiliency and Automation Strategies
– Risk Management
– Business Impact Analysis
– Identification of Critical Systems
– Risk Assessment
– Risk Mitigation
– Secure Application Development
– Application Vulnerabilities
– Application Exploits
– Web Browser Exploits
– Secure Application Design
– Secure Coding Concepts
– Auditing Applications
– Secure DevOps
– Identifying a Man-in-the-Browser Attack
– Organizational Security
– Corporate Security Policy
– Personnel Management Policies
– Interoperability Agreements
– Data Roles
– Data Sensitivity Labeling and Handling
– Data Wiping and Disposal
– Privacy and Employee Conduct Policies
– Security Policy Training
Exclusief examen:
SY0-601 CompTIA Security+
DutchTrain is een officieel geaccrediteerd Test Center voor Pearson Vue Test, Prometric, Kryterion, Castle Worldwide, Certiport & PSI. U bent bij ons van harte welkom voor examens welke via deze Test Centers beschikbaar zijn. Examens kunnen elke dag, binnen kantooruren, worden afgenomen.
Duur:
5 dagen
Datum:
Wanneer u op onderstaande link klikt zult u de beschikbare data te zien krijgen.
Bij inschrijving kunt u de gewenste trainingsdata aangeven in het notitieveld.
Kalender CompTIA Security+ 2022
Deze training is ook beschikbaar als:
– Education On Demand (E-Learning)
– Maatwerktraining, neem hiervoor contact op met een van onze opleidingsadviseurs.
Voor veelgestelde vragen tijdens het bestelproces, bekijk onze F.A.Q. pagina.
