CompTIA Security+ Certification (SY0-401) FastTrack Study Guide + Practice Labs
ALL you need to qualify with CompTIA’s Security+ certification exam
- Prepares for SY0-401 exam
- Fully-integrated with Professor Messer’s training videos
- CompTIA CAQC approved with an outstanding 5/5 Procert Labs score
- Available as Skillpipe eBook with instant activation
- Over 200 exam practice questions included
- Includes Practice Labs for SY0-401, practice your skills on real equipment
This money-saving bundle includes both our CAQC-approved Skillpipe eBook AND live Practice Labs – perfect exam preparation from gtslearning!
This book is for anyone wishing to qualify with the latest CompTIA Security+ Certification exam (SY0-401). CompTIA Security+ is aimed at IT professionals with job roles such as security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator and network administrator.
Professor Messer videos are fully integrated into the book with quicklinks taking you to video content that matches the section you are studying. This is unique and exclusive to gtslearning.
Skillpipe eReader gives browser or app-based access to the full content with full bookmarking and annotation features. Find out more about Skillpipe
An activation key to your Skillpipe content is emailed on purchase.
Content may be printed on a chapter-by-chapter basis for personal use only.
What should you know?
We recommend that you have already qualified with CompTIA Network+ and have around 24 months experience of networking support/IT administration
Irrespective of your experience, you should:
- Know the function and basic features of PC components
- Able to use Windows to create and manage files and use basic administrative features (Explorer, Control Panel and Management Consoles)
- Know basic network terminology and functions (such as OSI Model, toplogy, Ethernet, TCP/IP, switches and routers)
- Understand TCP/IP addressing, core protocols and troubleshooting tools
Module 1: Security Threats and Controls
- Security Controls • Why is Security Important? • Security Policy • Security Controls • Identification • Authentication • Authorization • Basic Authorization Policies • Accounting
- Threats and Attacks • Vulnerability, Threat, and Risk • Social Engineering • Phishing • Malware • Trojans and Spyware • Preventing Malware • Anti-Virus Software • Removing Malware
- Network Attacks • Network Fundamentals • Sniffers and Protocol Analyzers • ARP Attacks • IP Spoofing and Hijacking • Network Mappers and Port Scanners • Denial of Service Attacks
- Assessment Tools and Techniques • Vulnerability Assessments and Pentests • Security Assessment Techniques • Vulnerability Scanners • Honeypots and Honeynets
Module 2: Cryptography and Access Control
- Cryptography Uses of Cryptography • Cryptographic Terminology and Ciphers • Encryption Technologies • Cryptographic Hash Functions • Symmetric Encryption • Asymmetric Encryption • Diffie-Hellman • ECC and Quantum Cryptography • Transport Encryption • Cryptographic Attacks • Steganography • Labs • Steganography
- Public Key Infrastructure • PKI and Certificates • Certificate Authorities • Implementing PKI • Creating Keys • Key Recovery Agents • Key Status and Revocation • PKI Trust Models • Cryptographic Standards • PGP / GPG • Labs • Configuring Certificate Services
- Password Authentication • LAN Manager / NTLM • Kerberos • PAP and CHAP • Password Protection • Password Attacks
- Strong Authentication • Token-based Authentication • Biometric Authentication • Common Access Card • Extensible Authentication Protocol • RADIUS and TACACS+ • Federation and Trusts
- Authorization and Account Management • Privilege Policies • Directory Services • Lightweight Directory Access Protocol • Windows Active Directory • Creating and Managing User Accounts • Managing Group Accounts • Account Policy Enforcement • User Rights, Permissions, and Access Reviews
Module 3: Network Security
- Secure Network Design • Secure Network Topologies • Demilitarized Zones • Other Security Zones • Network Device Exploitation • Switches and VLANs • Switch Vulnerabilities and Exploits • Routers • Network Address Translation
Security Appliances and Applications • Basic Firewalls • Stateful Firewalls • Proxies and Gateways • Implementing a Firewall or Gateway • Web and Email Security Gateways • Intrusion Detection Systems • IDS Analysis Engines • Monitoring System Logs
- Wireless Network Security • Wireless LANs • WEP and WPA • Wi-Fi Authentication • Additional Wi-Fi Security Settings • Wi-Fi Site Security
- VPN and Remote Access Security • Remote Access • Virtual Private Networks • IPSec • Remote Access Servers • Remote Administration Tools • Hardening Remote Access Infrastructure
- Network Application Security • Application Layer Security • DHCP Security • DNS Security • SNMP Security • Storage Area Network Security • IPv4 versus IPv6 • Telephony
Module 4: Host, Data, and Application Security
- Host Security • Computer Hardening • Host Security Management Plan • OS Hardening • Patch Management • Endpoint Security • Network Access Control • Labs • Network Access Protection
- Data Security • Data Handling • Data Encryption • Data Loss Prevention • Backup Plans and Policies • Backup Execution and Frequency • Restoring Data and Verifying Backups • Data Wiping and Disposal
- Web Services Security • HyperText Transport Protocol • SSL / TLS • Web Servers • Load Balancers • File Transfer
Web Application Security • Web Application Technologies • Web Application Databases • Web Application Exploits • Web Application Browser Exploits • Secure Web Application Design • Auditing Web Applications • Web Browser Security
- Virtualization and Cloud Security • Virtualization Technologies • Virtual Platform Applications • Virtualization Best Practices • Cloud Computing • Risks of Cloud Computing
Module 5: Operational Security
- Site Security • Site Layout and Access • Gateways and Locks • Alarm Systems • Surveillance • Hardware Security • Environmental Controls • Hot and Cold Aisles • RFI / EMI • Fire Prevention and Suppression
- Mobile and Embedded Device Security • Static Environments • Mitigating Risk in Static Environments • Mobile Device Security • Mobile Device Management • BYOD Concerns • Mobile Application Security • Bluetooth and NFC
- Risk Management • Business Continuity Concepts • Risk Calculation • Risk Mitigation • Integration with Third Parties • Service Level Agreements • Change and Configuration Management
- Disaster Recovery • Disaster Recovery Planning • IT Contingency Planning • Clusters and Sites
- Incident Response and Forensics • Incident Response Procedures • Preparation • Detection, and Analysis • Containment • Eradication, and Recovery • Forensic Procedures • Collection of Evidence • Handling and Analyzing Evidence
- Security Policies and Training • Corporate Security Policy • Operational Policies • Privacy and Employee Policies • Standards and Best Practice • Security Policy Training and User Habits
About our live Practice Labs
Buy this bundle and you will get 12 months access to real, live computer equipment through your web browser. Practice Labs are not simulations, just a risk-free way for you to guarantee your understanding of practical tasks and concepts without any possibility of making damaging mistakes.
- REAL equipment Practice Labs gives you access to dedicated live equipment (not simulations)
- Perfect for self-study learning Complement theory with Practice Labs to give a complete learning experience
- Practice makes perfect Improve practical IT skills
- Certification ready Significantly increase chances of certification success
- No hardware or software needed No complicated software installation
- Totally flexible. Courses can be modified to meet specific requirements. Sections can be removed. New content added. One or more titles can be combined. Whatever your training requirements, our courseware can help you meet that need.
- 24×7 access Accessible through the internet, from anywhere, 24×7