CompTIA Security+ (Exam SY0-601): ITPRO TV Videos and Labs
R 2501.25
($)
CompTIA Security+ (Exam SY0-601): ITPRO TV Videos and Labs
Course Specifications
Course Number: ITP76–003_rev1.0
Course Length: 28 hours 48 minutes
Course Description
This series is focused on CompTIA Security+ certifications. Security+ is a vendor-neutral certification that is recognized worldwide as a benchmark for information system security best practices. The series is intended for aspiring IT security professionals entering into security. The series follows the CompTIA specified objectives for the SY0-601 exam.
Course Content
Course Content
Threats, Attacks, and Vulnerabilities (19 Episodes: 5 Hours 6 Minutes)
Overview (5minutes)
This series is focused on CompTIA’s Security+ certifications. Security+ is a vendor-neutral certification that is recognized worldwide as a benchmark for information system security best practices. The series is intended for aspiring IT security professionals entering into security. The series follows the CompTIA specified objectives for the SY0-601 exam.
Social Engineering Techniques (20 minutes)
In this episode, we discuss the methods used by bad actors to deceptively manipulate individuals into divulging confidential information through social engineering. We will compare and contrast different types of social engineering techniques like phishing, whaling, spam, spear phishing and more.
Malware (20 minutes)
In this episode, the viewer will dive into the world of malware as we compare and contrast the most common malware types such as worms, trojans, rootkits, ransomware bots and more.
Password Attacks - Types (12 minutes)
In this episode, the viewer will identify various types of password-based attacks such as spraying, brute force, dictionary attacks, and rainbow tables.
Password Attacks - Tools (14 minutes)
In this episode, the viewer will identify the tools used to accomplish password attacks like Burp Suite, CeWL, John the Ripper, hashcat and the typical process to perform these attacks.
Application Attacks - Injections (18 minutes)
In this episode, the viewer will analyze a type of common injection-based attacks in order to identify and explain these attacks.
Application Attacks - System Resources (20 minutes)
In this episode, the viewer will identify the types of application-based attacks that affect system resources such as driver manipulation, memory leaks and resource exhaustion.
Application Attacks - XSS and XSRF (11 minutes)
In this episode, the viewer will analyze the characteristics of XSS and XSRF.
Application Attacks - Replay Attacks (12 minutes)
In this episode, the viewer will identify the characteristics of replay attacks.
Network Attacks - DNS Attacks (20 minutes)
In this episode, the viewer will identify the characteristics of DNS-based attacks such as DNS poisoning and DNS hijacking.
Network Attacks - Layer 2 Attacks (19 minutes)
In this episode, the viewer will identify the characteristics of layer 2 attacks such as ARP poisoning and MAC flooding attack as well as MAC cloning.
Cable Management (17 minutes)
In this episode, the viewer will identify techniques to organize cable distribution systems suchs as patch panels, fiber distribution panels, and variants of punchdown blocks such as 110s, 60s, Krones and Bixes.
Network Attacks - DoS and DDoS (13 minutes)
In this episode, the viewer will identify the characteristics of denial of service or DoS and distributed denial of service or DDos attacks as well as different types of DDoS attacks like reflected, amplified, and coordinated DDoS attacks.
Network Attacks - MiTM and MiTB (11 minutes)
In this episode, the viewer will identify the characteristics of man-in-the-middle attacks or MiTM as well as man-in-the-browser or MiTB attacks. The viewer will see how an MiTM attack could be executed.
Network Attacks - Wireless (20 minutes)
In this episode, the viewer wil identify common attacks associated wireless networks such as disassociation attacks, the difference between bluejacking and bluesnarfing. The viewer will also identify evil twins as well rogue access points and explain the difference between the two.
Vulnerabilities (19 minutes)
In this episode, the viewer will identify situations that lead IT infrastructure into vulnerable positions such as weak configurations, third-party risk, weak patch management and legacy platforms.
Threat Intelligence - OSINT (12 minutes)
In this episode, the viewer will identify what Open Source Intelligence is, what it is used for as well as examples like Shodan, Censys and ICANN domain lookups.
Threat Intelligence - Threat Maps and Feeds (13 minutes)
In this episode, the viewer will identify various components and attributes of threat feeds as well as threat feeds. The viewer will identify examples of threat maps as well as threat feeds.
Threat Intelligence Vulnerability Databases Feed (18 minutes)
In this episode, the viewer will identify and be able to explain the purpose of vulnerability databases and vulnerability feeds.
Threat Actors and Vectors (20 minutes)
In this episode, the viewer will identify the threat actors they will face in today's security-centric environment. The viewer will also identify the attack vectors and attributes of these threat actors.
Cryptography (9 Episodes: 3 Hours 10 Minutes)
Cryptography Concepts (21 minutes)
In this episode. the viewer will identify concepts surrounding cryptography in today's information technology systems as well as topics such as lightweight cryptography, post-quantum, blockchain and more.
Encryption and Steganography (13 minutes)
In this episode the viewer will identify the basics of encryption and hashing, including modes of operation, stream vs. block cipher message digests, salting and more.
Hashing (18 minutes)
In this episode, the viewer identify the basic concepts of hashing algorithms, including the hashing algorithm types such as MD5, SHA-1, SHA-2, RIPEMD, CRC32 and HMAC as well as salting.
Secure Protocols (24 minutes)
See Errata:
In this episode, the viewer will identify the purpose and characteristics of secure protocols. The viewer will identify the various protocols used to protect system communications such as SSH, SFTP, HTTPS, SRTP, DNSSEC and SNMP.
Symmetric vs. Asymmetric Encryption (23 minutes)
In this episode, the viewer will identify the basic concepts of cryptography such as asymmetric vs. symmetric key encryption and identify the algorithms as well as digital signatures and key exchange.
PKI Concepts (23 minutes)
In this episode, the viewer will identify the individual components that make up a public key infrastructure\(PKI|). The viewer will learn where each component fits within the PKI and its function.
Certificates (18 minutes)
In this episode, the viewer will identify different types of certificates that are used for a variety of reasons such as code signing, email as well as user and machine authentication and more. The viewer will also see how to determine the certificate format basic on the use case such as exporting the private key, format requirements and email.
Keys (22 minutes)
In this episode, the viewer will continue the concepts from the "Symmetric and Asymmetric Encryption" episode, by defining keys, key length, key exchange, Diffie-hellman and key management.
IPSec (23 minutes)
In this episode, the viewer will identify the component of IPSec or Internet Protocol Security such as the protocols like Authentication Header, Encapsulation Security Payload, Phase 1 vs. Phase 2 SAs and transport mode vs. tunnel mode.
Identity and Access Management (12 Episodes: 3 Hours 21 Minutes)
Authentication and Authorization (23 minutes)
In this episode, the viewer will identify the based concepts and components of identify, authentication, authorization and accounting or IAAA. The viewer will identify authentication factors as well as authentication management technologies such as password key, password vaults, TPMs and HSMs.
Authentication Methods (21 minutes)
In this episode, the viewer will identify various authentication methods such as directory services, federation, one-time passwords such as TOTPs and HOTPs as well as tokens, token types and examples.
Additional Authentication Methods (11 minutes)
In this episode, the viewer will identify authentication methods such as , one-time passwords such as TOTPs and HOTPs as well as tokens, token types and examples.
Biometrics (16 minutes)
In this episode, the viewer will identify various forms of biometric types, including fingerprint retina, iris, voice and facial recognition scanners. The viewer will also identify efficacy rates and concepts such as false acceptance and rejection rates as well as the crossover error rate.
Authentication Protocols - PAP and CHAP (12 minutes)
In this episode, the viewer will identify authentication protocols such EAP, CHAP RADIUS, TACACS+ and Kerberos.
Authentication Protocols - EAP and 802.1X (15 minutes)
In this episode, the viewer will identify authentication protocols such the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP)
Authentication Protocols - RADIUS and TACACS (14 minutes)
In this episode, the viewer will identify authentication protocols RADIUS and TACACS+
Authentication Protocols - Kerberos (11 minutes)
In this episode, the viewer will identify authentication protocol used in Windows domains called Kerberos.
Access Control Schemes (23 minutes)
In this episode, the viewer will identify the type of access control schemes such as discretionary access control, mandatory access control, rule-based access control, conditional access, privilege management and filesystem permissions.
Account Management - Account Types (21 minutes)
In this episode, the viewer will identify the viewer will identify various account types such as user and guest accounts, service accounts as well as shared accounts.
Account Management - Password Policies (14 minutes)
In this episode, the viewer will examine different attributes of password policies such as password length, history, complexity requirements.
Account Management - Account Policies (13 minutes)
In this episode, the viewer will examine different attributes of account policies such as time restrictions, lockouts and disablement.
Implementing Security (16 Episodes: 5 Hours 13 Minutes)
Application Security (18 minutes)
In this episode, the viewer will identify techniques to secure applications such as input validation, code signing, application white and blacklisting, fuzzing, as well as the differences between static and dynamic code analysis.
Physical Security (25 minutes)
In this episode, the viewer will identify the common controls implemented to physically secure access to buildings and secure or restricted areas. The viewer will determine how and where these controls are implemented.
Wireless Security (27 minutes)
In this episode, the viewer will identify components, techniques and solutions to secure wireless networks such as cryptographic protocols, authentication protocols and installation considerations.
Secure Data Destruction (17 minutes)
In this episode, the viewer will identify the techniques to securely destroy data such as shredding, burning, pulping, pulverizing and degaussing.
Host Security - Endpoint Protection (24 minutes)
In this episode, the viewer will identify common technologies that assist companies in endpoint protection such as antivirus, anti-malware, host-based intrusion detection and prevention systems, host-based firewalls as well as next-generation firewalls.
Host Security - Hardening (24 minutes)
In this episode, the viewer will identify techniques to secure a host through a process called hardening. This includes closing unused ports, registry protection, disk encryption, patch management, auto-updates as well as third-party updates
Mobile Device Deployment (20 minutes)
In this episode, the viewer will identify mobile device management concepts like MDM and SEAndroid as well as deployment models such as BYOD, COPE and CYOD.
Mobile Device Management and Enforcement (21 minutes)
In this episode, the viewer identify solutions to manage and secure mobile devices such as mobile application management, unified endpoint management, mobile device management. The viewer will identify deployment models such as bring your own device \(BYOD\), choose your own device \(CYOD\) and corporate owned devices as well as the techniques that secure these devices like geofencing, geolocation, remote wipes, sideloading and more.
Mobile Device Connections (15 minutes)
In this episode, the viewer will identify the various connection methods that are utilized by today's mobile devices such as cellular, WiFi, Bluetooth, RFID, NFC, GPS, USB and infrared.
Specialized Systems (19)
In this episode, the viewer will identify specialized systems such as SCADA/ICS systems, VoIP, system-on-a-chip, embedded systems, HVACs, IoT devices and more as well as some specialized devices such as medical, aircraft, smart meters and medical devices.
Network Security - Segmentation (22 minutes)
In this episode, the viewer will identify the purpose of network segmentation through virtual local area networks \(VLANS\), perimeter networks commonly called DMZs as well as intranets and extranets.
Network Security - VPNs (19 minutes)
In this episode, the viewer will identify the virtual private network \(VPN\) communications as well as the benefits of implementing VPNs. The viewer will also compare and contrast different types of VPN implementations such as remote-access, site-to-site, Always-on, split vs. full tunneling and tunneling protocols such as point-to-point tunneling \(PPTP\) and layer 2 tunneling protocol \(L2TP\).
Network Security - Proxies and Load Balancing (17 minutes)
In this episode, the viewer will identify the proxy server implementations such as forward and reverse proxies as well as common load balancing techniques such as scheduling, virtual IPs, active/active vs. active/passive.
Network Security - Port Security (16 minutes)
In this episode, the viewer will identify the common techniques to prevent loops in switching, Bridge Protocol Data Unit (BPDU) Guard, DHCP snooping, MAC filtering and port mirroring.
Network Security - Firewalls (15 minutes)
In this episode, the viewer will identify the various firewalls such as stateful vs. stateless, host-based vs. network-based, hardware vs. software firewalls, content and URL filtering, NAT gateway, web application firewalls and appliance vs. virtual firewalls.
Network Security - NIDS and NIPS (7 minutes)
In this episode, the viewer will identify network intrusion detection systems, network intrusion prevention systems and compare and contrast the two. The viewer will also identify different detection methods such as signature-based, heuristic-based, behavior-based and anomaly-based detection.
Cloud and Virtualization (6 Episodes: 5 Hours 52 Minutes)
Virtualization (23 minutes)
In this episode, the viewer will identify, compare and contrast virtualization concepts and technologies that are essential to cloud services. The viewer will examine host and guest machines, the difference between Type 1 and Type 2 hypervisors as well as the components of virtual networks and virtual resources.
Cloud Concepts (23 minutes)
In this episode, the viewer will identify basic cloud concepts such as measured service, rapid elasticity, resource pooling, on-demand self-service, broad network access.
Cloud Services (18 minutes)
In this episode, the viewer will identify various cloud services offerings such as IaaS, PaaS, SaaS and XaaS.
Cloud Models (12 minutes)
In this episode, the viewer will identify various cloud models such as public, private, community and hybrid. The viewer will examine computing types such as fog and edge computing as well as managed service providers or MSPs and managed security solutions providers.
Computing Types (16 minutes)
In this episode, the viewer will identify computing types such as fog and edge computing as well as managed service providers (MSPs) and managed security service providers (MSSPs)
Cloud Security Controls (18 minutes)
In this episode, the viewer will identify cloud security technologies and concepts such as high availability, resource policies, replication, encryption, segmentation, container security as well as various cloud security solutions such as cloud access security brokers or CASBs, secure web gateways and application security.
Operational Resiliency (4 Episodes: 1 Hours 26 Minutes)
Hardware Redundancy (26 minutes)
In this episode, the viewer will identify hardware redundancy concepts such as redundant array of independent disks or RAID, multipathing, load balancers, NIC teaming and power redundancy.
Site Redundancy (14 minutes)
In this episode, the viewer will identify site redundancy concepts such as cold, warm and hot sites.
Non-persistence Concepts (22 minutes)
In this episode, the viewer will identify non-persistence concepts such as configuration states, last known good and live boot media.
Backup and Recovery (23 minutes)
In this episode, the viewer will identify core backup and recovery concepts to support resiliency such as comparing and contrasting backup types like incremental, differential and full as well as storage locations such as network-attached storage and storage area networks.
Operational Security and Incident Response (11 Episodes: 3 Hours 14 Minutes)
Network Reconnaissance and Discovery (17 minutes)
In this episode, the viewer will identify techniques to assess organizational security through network reconnaissance and discovery using utilities such as tracert, nmap, nslookup and dig, hping, arp, route and more.
Packet Capture and Replay (25 minutes)
In this episode, the viewer will identify how to use *tcpdump* to capture network packets as well as viewing and extracting data from a capture file with file manipulation. The viewer will also identify how to create a capture file to be viewed in WireShark. Finally the viewer will see how to replay the capture packets using *tcpreplay*.
Vulnerability Scans (15 minutes)
In this episode, the viewer will identify the types of vulnerability scans such as credentialed vs. non-credentialed, intrusive vs. non-intrusive as well as scan results type like false positives and negatives as well as true positives and negatives.
SIEM and SOAR Systems (13 minutes)
In this episode, the viewer will identify the components that make up a security information and event management \(SIEM\) solution as well as security orchestration, automation and response systems \(SOAR\).
Pentesting Techniques (21 minutes)
In this episode, the viewer will identify the techniques used in penetration testing such as white and black box testing, rules of engagement, persistence, pivoting, lateral movement, privilege escalation, cleanup and bug bounties.
Pentesting Exercise Types (15 minutes)
In this episode, the viewer will identify the techniques used in penetration exercise types commonly known and red, blue, purple and white team exercises.
Digital Forensics Concepts (21 minutes)
In this episode, the viewer will identify key aspects of digital forensics such as documentation and evidence gathering, chain of custody, information acquisition and preservation concepts like order of volatility and location, maintaining integrity through hashing, checksums and more.
Investigational Data Sources (23 minutes)
In this episode, the viewer will identify the appropriate data sources to support an investigation such as SIEM dashboards, log files, logging utilities such as syslog, rsyslog and journalctl as well as metadata netflow and bandwidth monitors.
Incident Response Process (13 minutes)
In this episode, the viewer will identify key incident response plan concepts including incident response team, business continuity plans, disaster recovery plans, continuity of operations and exercise types.
Incident Response Plans (13 minutes)
In this episode, the viewer will identify key incident response plan concepts including incident response team, business continuity plans, disaster recovery plans, continuity of operations and exercise types.
Attack Frameworks (14 minutes)
In this episode, the viewer will identify key component of attack frameworks used to identify adversaries, tactics and techniques used by threat actors against victims used by cybersecurity analysts such as MITRE ATT&CK and the Diamond Model of Intrusion Analysis. The viewer will also identify the cyber kill chain that represents the steps an attacker uses to exploit a victim.
Governance, Risk and Compliance (15 Episodes: 5 Hours 23 Minutes)
Security Controls (19 minutes)
In this episode, the viewer will identify various types of security controls, their categories and control types such as preventative, detective, corrective, managerial, operational, technical and more.
Regulations, Standards and Frameworks (27 minutes)
In this episode, the viewer will identify the importance of various regulations and standards such as PCI DSS as well as key frameworks like CIS, NIST, ISO and the Cloud security alliance.
Spotlight on General Data Protection Regulation (25 minutes)
In this episode, the viewer will identify the importance of the GDPR.
Organizational Security Policies - Personnel (25 minutes)
In this episode, the viewer will identify the importance of organizational security policies related to personnel such as mandatory vacations, separation of duties, onboarding and offboarding procedures.
Organizational Security Policies - 3rd Party Risk (24 minutes)
In this episode, the viewer will identify the importance of organizational security policies related to third-party risk management.
Organizational Security Policies - Data (18 minutes)
In this episode, the viewer will identify the importance of organizational security policies related to data management.
Organizational Security Policies - Other Areas (15 minutes)
In this episode, the viewer will identify the importance of organizational security policies related to management of other areas.
Risk Management Concepts - Vocabulary (17 minutes)
In this episode, the viewer will identify the vocabulary of risk management.
Risk Management Concepts - Types & Strategies (25 minutes)
In this episode, the viewer will identify the concepts and processes involved in risk management including risk types and management strategies.
Risk Management Concepts - Risk Analysis (22minutes)
In this episode, the viewer will identify the concepts and processes involved in risk analysis.
Risk Management Concepts Business Impact Analysis (28 minutes)
In this episode, the viewer will identify the concepts and processes involved in Business Impact Analysis.
Privacy and Data Sensitivity Breaches & Data Types (20 minutes)
In this episode, the viewer will identify the concepts related to sensitive data security as well as privacy concepts such as data types and the consequences of privacy breaches.
Privacy, Data Sensitivity - Privacy Enhancing Tech (20 minutes)
In this episode, the viewer will identify the concepts related to sensitive data security as well as privacy concepts such as privacy enhancing technologies.
Privacy, Data Sensitivity, Roles, Responsibilities (15 minutes)
In this episode, the viewer will identify the concepts related to sensitive data security as well as privacy concepts such as roles and responsibilities over data.
Privacy and Data Sensitivity - Other Areas (16 minutes)
In this episode, the viewer will identify the concepts related to privacy and sensitive data security.
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.png){kind=logo}
