CompTIA Security+ (SY0-601)

Analyze threat actor types, attack vectors, and threat intelligence to assess vulnerability, threat, and risk; apply threat modeling and guard against insider threats and evolving attack surfaces.

Identify diverse threat intelligence sources—from academia, open source feeds, honeypots, and ISACs to social media—and use tactics, techniques and procedures, indicators of compromise, and indicators of attack to detect threats.

Profile threat actor types most likely to threaten your business. Identify industry-relevant threat research sources and evaluate threat intelligence platforms, including proprietary and open source data feeds, with sector-specific data.

Develop skills to assess organizational security using network reconnaissance tools, covering ping sweeps, ARP, route tracing, port scanning, service discovery, fingerprinting, and packet capture with tcpdump, wireshark, and nessus.

Explain security concerns linked to general vulnerability types, including patch management, software and firmware vulnerabilities, weak configurations, data breach versus data exfiltration, third-party risks, and cloud versus on-premises storage.

Explore vulnerability scanning techniques, compare automated and manual scanners, intrusive and non-intrusive scans, credentialed vs non-credentialed access, and how CVE and CVSS drive risk in vulnerability assessments and threat hunting.

Explain penetration testing concepts and techniques, including pen tests, rules of engagement, black/white/grey box models, red/blue teams, and active, intrusive methods to identify vulnerabilities and test security controls.

Identify procedures and tools to scan the attack surface for vulnerabilities, run scans, review results, remediate via CVEs, and conduct threat hunting and structured penetration testing across the kill chain.

Identify malware types and indicators to determine attack types and use tools to assess security. Covers viruses, worms, trojans, gray wear, adware, spyware, keyloggers, backdoors, botnets, rootkits, ransomware, and cryptojacking.

Explore how a fork bomb malware operates by spawning processes in an infinite loop, driving CPU and memory usage to the limit, crashing a virtual machine, and illustrating malware behavior.

Build defenses by training employees to recognize social engineering, phishing and farming attempts, vishing, spam; use security filters and limited privileges, and deploy sandbox analysis tools with threat data feeds.

Explore how digital signatures use public key cryptography and hashing to provide integrity and authentication. Understand how TLS and diffie-hellman key exchange achieve perfect forward secrecy in transport encryption.

Explore quantum computing concepts, post-quantum cryptography, and their potential impact on key distribution and cryptanalysis. Examine homomorphic encryption, blockchain's public ledger, and steganography for covert channels.

Summarize cryptographic functions and their use in hybrid encryption to provide confidentiality, integrity, authentication, and resilience, identify limitations, weaknesses, attack types, and concepts like quantum blockchain, homomorphic encryption, and steganography.

Explore how to implement a public key infrastructure with certificate authorities, digital certificates, and certificate chaining across SSL, TLS, and VPN systems.

Demonstrates implementing a PKI with OpenSSL and Active Directory Certificate Services, creating RSA keys, CSRs, root and subordinate CAs, templates, auto enrollment, CRLs, and key archival.

Evaluate single versus intermediate certificate authorities, implement offline certificate handling, define policies, types, and templates, ensure valid subjects and common name, manage requests, revocation, and key escrow, and troubleshoot.

Define authentication design concepts within identity and access management and CIA triad. Apply factors such as something you know, something you have, and something you are to enable multi-factor authentication.

Explore how smart cards and tokens support authentication, certificate-based methods, and multifactor solutions, guided by EAP, RADIUS, and TACACS+ architectures, with HSM and TPM protection.

Explore biometric authentication concepts, including enrollment and sensor tuning, fingerprints and facial and vein, retina, or iris scans. Assess throughput, false rejection and false acceptance rates, and privacy considerations.

Implement Windows account policies and group policy objects to enforce identity and access controls, including location-based restrictions. Apply password rules, time-based restrictions, and recertification audits to prevent authorization creep.

Compare access control models like dac, mac, rbac, and abac, and explain federation, directory services, and attestation for secure authentication and authorization.

Explain how personnel policies safeguard security by defining conduct and acceptable use. Learn about bring your own device, shadow IT, clean desk standards, and role-based training including phishing simulations.

Implement secure network designs by configuring secure routing and switching, wireless infrastructure, and load balancers. Understand network weaknesses, zoning, DMZs, and zero trust, focusing on segmentation, availability, and proper documentation.

Implement secure switching and routing across zones and analyze indicators of network attacks. Defend against man-in-the-middle, ARP poisoning, MAC flooding, and loops with spanning tree and port security.

Demonstrates practical network attack techniques in a lab, including mac flooding with a dsniff tool, CDP flooding, ICMP floods, and ping of death, analyzed with Wireshark.

implement secure wireless infrastructure by configuring WPA2 or WPA3 with enterprise authentication (802.1x and EAP variants) and conducting site surveys, channel planning, and rogue access point defenses.

Design segmented network zones based on business workflows, using VLANs, subnets, and firewall policies to meet security requirements and support DMZ, zero-trust, and IPv6.

Implement secure network designs by configuring firewalls and proxy servers, applying ACLs, and using stateless, stateful, and application-aware filtering with NAT and IP tables.

Explore basic network monitoring concepts, including IDS and IPS, taps, and inline deployment. Learn about next-generation firewalls, secure gateways, UTMs, WAFs, and host-based protections like file integrity monitoring.

Explore how a SIEM aggregates and normalizes logs from multiple devices, enabling correlation, threat intelligence, and alerting for indicators of compromise across the network.