CompTIA Security+ (Exam SY0-701): ITPRO TV Videos, Labs and Practice Tests
R 2501.25
($)
CompTIA Security+ (Exam SY0-701), ITPRO TV Videos, Labs and Practice Tests
Course Specifications
Course Number: ITP76–024_rev1.0
Course Length: 30 hours 19 minutes
Course Description
This course is designed to equip you with the knowledge and skills required to excel in the dynamic field of cybersecurity and achieve the CompTIA Security+ certification.
In this course, you will learn how to assess the security posture of an enterprise environment, enabling you to recommend and implement appropriate security solutions. You will delve into the intricacies of monitoring and securing hybrid environments, covering cloud, mobile, and Internet of Things (IoT) technologies. Our expert instructors will guide you through the essential principles of governance, risk, and compliance, ensuring you operate with a keen awareness of applicable regulations and policies. Moreover, you will gain proficiency in identifying, analyzing, and responding to security events and incidents, a crucial skillset in the ever-evolving world of cybersecurity.
By the end of this course, you will not only be prepared to ace the CompTIA Security+ certification exam but also be well-equipped to tackle real-world security challenges and secure vital systems and data. Join us on this educational journey, and take the first step toward a fulfilling career in cybersecurity.
Course Content
General Security Concepts (17 Episodes: 5 Hours 19 Minutes)
Examining Security Control Categories (12 minutes)
In this episode, the learner will examine and identify common security control categories. We will explore examples and a demonstration of implementing technical security controls in client workstations.
Examining Security Control Types (19 minutes)
In this episode, the learner will examine and identify common security control types such as preventative, deterrent, detective and more. We will explore common examples of these control types and their significance in security.
Examining the Principles of Security (18 minutes)
In this episode, the learner will examine the security triangle and the goals of security. We will also explore methods to accomplish the principles of security.
Examining Authentication Factors (15 minutes)
In this episode, the learner will examine authentication, authentication factors and multifactor authentication or MFA.
Examining Authorization and Access Control Models (23 minutes)
In this episode, the learner will examine the process of authorization and access control models such as Discretionary Access Control, Role-based Access Control and more.
Examining Authentication, Authorization, and Accounting (AAA) (14 minutes)
In this episode, the learner will examine a technology used to centrally manage authentication, authorization and accounting called the Remote Authentication Dial-in User Service or RADIUS.
Examining the Principles of Zero Trust (17 minutes)
In this episode, the learner will examine the modern security strategy called Zero Trust. We will explore how the Zero Trust model is applied to the control and data planes in networking.
Examining Physical Security (20 minutes)
In this episode, the learner will examine the importance of physical security to protect assets. We will explore common methods used when implementing physical security infrastructure.
Examining Deception and Disruption Technology (11 minutes)
In this episode, the learner will examine deceptive technologies used to lure potential attackers, such as honeypots and honeynets.
Business Processes and Security Operations (18 minutes)
In this episode, the learner will examine some of the technical implications of change management to security, including the benefits and challenges facing security professionals.
Change Management Implications & Documentation (19 minutes)
In this episode, the learner will examine some of the technical implications of change management to security, including the benefits and challenges facing security professionals.
Examining Encryption Solutions (24 minutes)
In this episode, the learner will examine encryption, cryptographic keys and tools. We will examine key length, key stretching, TPMs, HSMs, salting and more.
Examining Public Key Infrastructure (PKI) (22 minutes)
In this episode, the learner will examine public key infrastructure. We will explore the common components such as certificate authorities, public keys, Certificate Signing Requests, Certificate Revocation Lists and more.
Examining Digital Certificates (23 minutes)
In this episode, the learner will examine digital certificates, digital signatures and certificate formats. We will explore the file extensions and where these certificates are utilized.
Examining Asymmetric Encryption (15 minutes)
In this episode, the learner will examine asymmetric encryption and how the process works. We will explore a variety of asymmetric encryption algorithms.
Examining Symmetric Encryption (15 minutes)
In this episode, the learner will examine symmetric encryption and how the process works. We will explore a variety of symmetric encryption algorithms.
Examining Hashing and Obfuscation (24 minutes)
In this episode, the learner will examine hashing algorithms and their importance in security. We will also explore methods to obscure data from being easily viewable through obfuscation, steganography, tokenization and data masking.
Threats, Vulnerabilities, and Mitigation (23 Episodes: 7 Hours 53 Minutes)
Threat Actors (25 minutes)
In this episode, we will explore the different types of threat actor such as Script-Kiddies, Hacktivists, and Nation State Hackers.
Social Engineering (23 minutes)
In this episode, we will explore Social Engineering which is the human element of cybersecurity. We will define what Social Engineering is as well as the common SE tactics used by threat actors.
Business Email Compromise (19 minutes)
In this episode, we will discuss Business Email Compromise(BEC) and explore the common BEC scams and their details so that you will be equipped to spot BEC attacks.
Digital System Threats (24 minutes)
In this episode we will investigate and define the different threat vectors and attack surfaces related to common digital systems such as Operating Systems, Web Applications, and Network Services.
Network Based Threats (23 minutes)
In this episode, we will dive into the common network-based threats that affect wired, wireless, and bluetooth systems.
Removable Media Threats (14 minutes)
In this episode, we will explore how removable-media devices, like USB drives, can be utilized by attackers to gain unauthorized access into your systems.
Supply Chain Attacks (15 minutes)
In this episode, we will define Supply-Chain Attacks, discuss their impact, and explore how they have been used by threat actors in massive cyber attacks.
Application Vulnerabilities (24 minutes)
In this episode, we will list and define the common vulnerabilities related to software applications such as Buffer Overflow, DLL Injection, Race Conditions, and Malicious Updates.
Operating System Vulnerabilities (22 minutes)
In this episode, we will explore vulnerabilities common to Operating System such as Windows and Linux to learn how attackers can exploit them to gain access to these systems.
Web Based Vulnerabilities (25 minutes)
In this episodes, we will discuss the many vulnerabilities that plague most web applications such as SQL Injections and Cross-Site Scripting.
Hardware Vulnerabilities (24 minutes)
In this episode, we will dive into vulnerabilities to hardware such as Firmware hacking, hardware debugging ports, Side-Channel, and Supply-Chain attacks.
Cloud Vulnerabilities (19 minutes)
In this episode, we investigate vulnerabilities that are common to cloud services such as insecure cloud storage, IAM misconfigurations, application weaknesses, insufficient security controls, and Denial of Service attacks.
Virtualization Vulnerabilities (12 minutes)
In this episode, we will explore vulnerabilities specific to virtualization technologies like VM Escape and Resource Reuse.
Cryptographic Vulnerabilities (20 minutes)
In this episode, we will learn how attackers can take advantage of vulnerabilities such as Downgrades and Collisions that affect systems that utilize cryptography and/or hashing functions.
Mobile Device Vulnerabilities (23 minutes)
In this episode, we discuss mobile device vulnerabilities. Threat actors commonly target mobile devices that have weaknesses such as allowing open Bluetooth connections, have been jailbroken or rooted, or are installing and running insecure applications.
Zero Day Vulnerabilities (11 minutes)
In this episode, we'll define what a "Zero-Day" vulnerability is and how they can create an opportunity for threat actors to gain access to your systems.
Indicators of Malware Attacks (22 minutes)
In this episode, we will learn what the common indicators of a malware attack are, so that we can implement a defensive response. These indicators include, but are not limited to, high CPU/Memory/Network/DIsk utilization, disabled security controls, unusual network activity, and random system crashes/reboots.
Indicators of Physical Attacks (22 minutes)
In this episode, we'll explore the common "tell-tale" signs of a physical attack against your organization. Here we'll discuss attack indicators such as unknown persons in secure areas, propped open doors, signs of lock tampering, unauthorized devices and cables, and RFID cloning.
Indicators of Network Attacks (26 minutes)
In this episode, we will examine the common indicators of a network attack. These attack indicators are varied and could be aimed at network services such as DNS, or could be attempting to deny access to network services by way of a DDoS attack. Other network attack indicators include wireless attacks, Man-In-The-Middle or "On-Path" attacks, and credential replay attacks.
Indicators of Application Attacks (26 minutes)
In this episode, we'll look at a variety of evidence that are common indicators of application attacks. This includes indicators such as unusual event logs, presence of malware, random system crashes, and/or unusual administrative changes.
Indicators of Crypographic Attacks (8 minutes)
In this episode, we discuss the indicators of cryptographic attacks such as Downgrade and Collision attacks.
Indicators of Password Attacks (18 minutes)
In this episode we will explore the indicators of common password attacks such as Brute-Force, Dictionary, Spraying, and Stuffing attacks.
Cybersecurity Mitigation Techniques (19 minutes)
In this episode, we will explore the common strategies and techniques used by cybersecurity professionals to mitigate and defend their networks against attacks.
Security Architecture (21 Episodes: 4 Hours 59 Minutes)
Cloud-Related Concepts (22 minutes)
In this episode, we will discuss the security implications of a cloud-based architectural model. This includes a discussion of responsibility matrixes, hybrid considerations, 3rd party vendors, Infrastructure as Code (IaC), and serverless and microservice architectures.
Network Infrastructure Concepts (17 minutes)
In this episode, you will learn about the network security implications of various important network infrastructure concepts including logical segmentation, SDN, and more.
Virtualization Concepts (10 minutes)
In this episode, you will learn about security implications as they relate to virtualization and containerization.
IoT and SCADA (14 minutes)
In this episode, you will learn about security implications involved with IoT and SCADA architectural models.
Architectural Model Considerations (18 minutes)
In this episode, you will learn about just some of the many considerations you should consider when it comes to security implications with architectural models.
Security Infrastructure Considerations (14 minutes)
In this episode, you will learn about just some of the many considerations you should take into account when planning a security infrastructure for an organization.
Network Appliances (24 minutes)
In this episode, you will learn about just some of the network appliances found in organizations today.
Port Security (20 minutes)
In this episode, you will learn about port security, both simple MAC address implementations as well as more complex 802.1X environments using EAP.
Firewall Types (10 minutes)
In this episode, you will learn about several different types of firewalls you might find in a network today - these include L4/L7, Web Application Firewalls, Unified Threat Management firewalls, and Next-Generation firewalls.
Secure Communication and Access (15 minutes)
In this episode, you will learn about the latest advancements in secure communication and access for the modern enterprise. This information includes remote access, VPNs, tunneling, SD-WAN and SASE.
Selecting Effective Controls (7 minutes)
In this episode, you will review some of the different categories of security controls. You will learn some of the important considerations when selecting such controls.
Data Types (7 minutes)
In this episode, you will learn about just some of the classifications that organizations will use to describe the different types of data in their data ecosystem.
Data Classifications (9 minutes)
In this episode, you will learn about different methods of classifying data. First, some example methods are listed for internal, private organizations. Then, this episode discusses the classification scheme used by the US Government.
Data Considerations (18 minutes)
In this episode, you will learn about some key considerations that organizations should have today when it comes to protecting their data.
Methods to Secure Data (18 minutes)
In this episode, you will learn about just some of the methods to protect data in the modern enterprise. Some of these options include encryption, hashing, and tokenization.
HA and Site Considerations (18 minutes)
In this episode, you will learn about some of the key characteristics that you should be aware of when it comes to high availability and various site considerations.
Platform Diversity and Multi-Cloud Systems (10 minutes)
In this episode, you will learn about some of the key advantages and disadvantages to platform diversity and multi-cloud systems as used in modern IT infrastructures.
Continuity of Operations and Capacity Planning (12 minutes)
In this episode, you will learn the importance of continuity of operations planning and preparation as found in modern enterprises. You will also learn about capacity planning and its important areas of people, technology, and infrastructure.
Testing (14 minutes)
In this episode, you will learn about just some of the testing methods used when dealing with resilience and recovery settings in security architectures.
Backups (11 minutes)
In this episode, you will learn about just some of the backup technologies and techniques used in modern enterprises today.
Power (7 minutes)
In this episode, you will learn about just some of the important technologies and considerations in modern IT infrastructures regarding power.
Security Operations (24 Episodes: 8 Hours 14 Minutes)
Examining Identity and Access Management (10 minutes)
In this episode, the learner will examine the components of identity and access management or IAM solutions. We will explore the role this technology play in organizational security.
Examining Wireless Security (27 minutes)
In this episode, the learner will examine various security technologies for implementing wireless security. We will explore authentication and cryptographic protocols and more.
Examining Operating System Security (22 minutes)
In this episode, the learner will examine techniques to strengthen the security of an operating system. We will explore various technologies such as host-based security software, strong authentication, file integrity monitoring, SELinux, Group Policy and more.
Examining Firewalls and Intrusion Detection Devices (22 minutes)
In this episode, the learner will examine the importance of firewalls, intrusion detection and prevention systems. We will explore how to configure a firewall rule to increase enterprise security.
Examining Password Security (24 minutes)
In the episode, the learner will examine password security concepts such as complexity, length, age, and reuse. We will explore additional password considerations such as passwordless options, one-time passwords, MFA, and more.
Examining Web Filtering (13 minutes)
In this episode, the learner will examine components of web filtering such as URL scanning, content categorization, reputation-based filtering and more.
Examining the Incident Response Process and Activities (14 minutes)
In this episode, the learner will examine component and activities of the incident response process. We will explore root cause analysis, threat hunting, tabletop exercises and more.
Examining Endpoint Detection and Response (EDR) (23 minutes)
In this episode, the learner will examine endpoint detection and response or EDR concepts. We explore an EDR implementation that expands endpoint security functionality, called extended detection and response or XDR.
Examining Single Sign-on (18 minutes)
In this episode, the learner will examine single sign-on or SSO technologies and the importance and components of security. We will explore identity federation, identity providers or IdPs, SAML, OAuth, and OpenID concepts.
Examining Secure Network Protocols and Services (22 minutes)
In this episode, the learner will examine various secure protocols and port numbers. We will explore various scenarios in which these protocols are implemented.
Examining Automation and Scripting Uses (27 minutes)
In this episode, the learner will examine how automation and scripting can benefit security in various scenarios. We will explore considerations when leveraging automation and scripting.
Examining Asset Management (24 minutes)
In this episode, the learner will examine the components and importance of asset management. We will explore ownership, classification, procurement, enumeration, decommissioning and more.
Examining Privileged Identity Management (15 minutes)
In this episode, the learner will examine the importance and components of Privilege Identity Management or PIM. We will explore the benefits that PIM solutions can bring to organizations.
Examining Application Security (21 minutes)
In this episode, the learner will examine the importance of implementing application security in various scenarios. We will explore techniques such as static code analysis, input validation, secure cookies and more.
Examining Investigation Data Sources and Log Data (19 minutes)
In this episode, the learner will find data sources that support investigations, such as security dashboards, packet captures and vulnerability scans. We will explore various logs that support investigative activities.
Examining Security for Mobile Devices (23 minutes)
In this episode, the learner will examine technologies and techniques for strengthening the security of mobile devices.
Examining Vulnerability Analysis (19 minutes)
In this episode, the learner will examine resources and techniques utilized in vulnerability analysis. We will explore CVEs, CVSS, classification and prioritization.
Examining Digital Forensics Activities (14 minutes)
In this episode, the learner will examine the components of the digital forensics process. We will explore activities such as chain of custody, legal hold, preservation, E-discovery and more.
Vulnerability Response, Remediation and Reporting (17 minutes)
In this episode, the learner will examine the activities, strategies, an importance of vulnerability response, remediation and reporting.
Examining Security Baselines and Hardening (22 minutes)
In this episode, the learner will examine a technique in cybersecurity called hardening. We will explore techniques that can be implemented across a variety of system types.
Examining User Onboarding and Offboarding (20 minutes)
In this episode, the learner will examine the process of onboarding and offboarding new users into an organization's systems, applications and resources. We will explore the process and considerations of account provisioning and deprovisioning.
Examining Email Security (19 minutes)
In this episode, the learner will examine various techniques to secure email communications. We will explore S/MIME, email verification technologies, Data Loss Prevention or DLP and more.
Examining Security Monitoring and Alerting (26 minutes)
In this episode, the learner will examine security alerts and monitoring. We will explore computing resources to monitor common activities and tools related to security monitoring and alerting.
Identifying Vulnerabilities (24 minutes)
In this episode, the learner will examine methods to identify organizational vulnerabilities. We will explore open-source intelligence or OSINT, commercial intelligence, threat feeds, application security and more.
Security Programs Management and Oversight (24 Episodes: 3 Hours 46 Minutes)
Guidelines and Policies (12 minutes)
In this episode, we will discuss the use of guidelines and policies to help a business achieve its business goals and to meet the objectives of IT security teams. Specific examples are covered including things like an Acceptable Use Policy (AUP) and a Software Development Lifecycle (SDLC).
Standards and Procedures (13 minutes)
In this episode, you will learn about just some of the standards and procedures that you would often find in a modern enterprise. Sample standards include passwords, access control, physical security, and encryption. Examples of procedures include change management, onboarding/offboarding, and playbooks.
Governance Structures (10 minutes)
In this episode, you will learn about typical types of governance structures found in companies today including boards, committees, government entities, and centralized/decentralized structures.
Roles and Responsibilities (9 minutes)
In this episode, you will learn about typical roles for system and data usage. These roles include owners, controllers, processors, custodians, and stewards.
Risk Identification and Assessment (9 minutes)
In this episode, you will learn about two critical areas of risk management for corporations - the identification of risks and the assessment of these risks.
Risk Analysis (11 minutes)
In this episode, you will learn about risk analysis as it might be performed in a modern organization today. This risk analysis discussion includes coverage of qualitative vs quantitative, single loss expectancy, annualized loss expectancy, annualized rate of occurrence, probability, likelihood, exposure factor, and impact.
Risk Register, Tolerance, and Appetite (10 minutes)
In this episode, you will learn about the concepts of the risk register, risk tolerance, and risk appetite as they apply to the topic of risk management in corporations today.
Risk Management Strategies (7 minutes)
In this episode, you will learn about some of the common strategies for risk management in the modern enterprise. These strategies include transfer, accept, avoid, and mitigate.
Risk Reporting And BIA (9 minutes)
In this episode, you will learn about risk reporting and business impact analysis work that is very typical in risk management procedures in companies today. This includes an analysis of recovery time objectives (RTO), recovery point objectives (RPO), mean time to repair (MTTR), and mean time before failures (MTBF).
Vendor Assessment and Selection (8 minutes)
In this episode, you will learn about common practices associated with third party vendor assessments and vendor selection. This discussion includes penetration testing, right-to-audit clause, evidence of internal audits, independent assessments, and supply chain analysis. This episode also discusses due diligence and conflict of interest as commonly practiced in vendor selection.
Agreement Types (8 minutes)
In this episode, you will learn about some of the common agreement types that might exist between your organization and a partner organization. These agreement types include the service level agreement (SLA), the memorandum of agreement (MOA), the memorandum of understanding (MOU), the master service agreement (MSA), the work order (WO), the statement of work (SOW), the nondisclosure agreement (NDA), and the business partners agreement (BPA).
Additional Vendor Considerations (7 minutes)
In this episode, you will learn about some of the common considerations held by companies as they work with risk management and third parties. This information includes vendor monitoring, questionnaires, and rules of engagement.
Compliance (9 minutes)
In this episode, you will learn about both internal and external compliance. You will also learn about just some of the possible consequences for non-compliance including fines, sanctions, reputational damage, loss of license, and contractual impacts.
Compliance Monitoring (6 minutes)
In this episode, you will learn about compliance monitoring as typically found in an organization today. This includes topics such as due diligence, attestation and acknowledgement, internal and external, and automation.
Privacy (8 minutes)
In this episode, you will learn about the importance of privacy when it comes to effective security compliance. This includes subjects like legal implications, data subject, controller vs processor, ownership, data inventory and retention, and right to be forgotten.
Attestation (6 minutes)
In this episode, you will learn about the importance of attestation as it would be used as part of an audit and assessment phase of security program management.
Audits (8 minutes)
In this episode, you will learn about both internal and external audits as part of an audit and assessment phase of security program management.
Penetration Testing (11 minutes)
In this episode, you will learn about just some of the key considerations you should have when you are working with penetration testing as part of your security management program.
Phishing (14 minutes)
In this episode, you will learn about key elements in an effective security awareness training program in the important area of phishing.
Anomalous Behavior Recognition (6 minutes)
In this episode, you will learn about the importance of anomalous behavior recognition and its role in a cybersecurity awareness program.
User Guidance and Training (9 minutes)
In this episode, you will learn about key aspects of user guidance and training in the area of cybersecurity within the organization.
Reporting and Monitoring (8 minutes)
In this episode, you will learn about a well-structured monitoring and reporting approach when conducting security awareness initiatives in your organization. Careful reporting and monitoring not only helps organizations assess the impact of their end user security awareness training program but also allows them to continuously improve and adapt to the changing threat landscape. It fosters a culture of security awareness and proactive risk mitigation throughout the organization.
Development and Execution (10 minutes)
In this episode, you will learn about common considerations when working with the development and execution phases of an effective security awareness training program in a modern enterprise.
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.jpg){kind=logo}
.png){kind=logo}
