What you'll learn

Explain types of malware, Compare and contrast various types of attacks, Analyze potential indicators of compromise.
Install and configure network components, Given a scenario, use the appropriate tool to assess organizational security.
Implement secure network architecture concepts,Explain secure systems design
Install and configure identity and access services. Implement identity and access management controls.
Explain the importance of policies, plans, and procedures. Summarize business impact analysis concepts.
Compare and contrast basic concepts of cryptography. Given a scenario, install and configure wireless security settings.
Explain the importance of threat intelligence. Given an incident, utilize basic forensic tools.
Compare and contrast various types of controls. Explain the importance of policies, plans, and procedures related to organizational security.

Course content

6 sections • 110 lectures • 30h 19m total length

Course Overview5:37

Examining Security Control Categories12:22
Examining Security Control Types19:23
Examining the Principles of Security18:57
Explore security fundamentals through the CIA triad—confidentiality, integrity, and availability—with practical methods like encryption, access control, authentication, non-repudiation, and backups.
Examining Authentication Factors15:36
Examining Authorization and Access Control Models23:24
Examining Authentication, Authorization, and Accounting (AAA)14:21
Examining the Principles of Zero Trust17:51
Adopt a never trust, always verify zero trust mindset, using policy enforcement points, data and control planes, and adaptive identity to enable conditional, policy-driven access.
Examining Physical Security20:35
Examining Deception and Disruption Technology11:38
Business Processes and Security Operations18:20
Explore how change management affects business processes and security operations, detailing stakeholders, ownership, impact analysis, approval processes, maintenance windows, and back-out planning.
Change Management Implications & Documentation19:10
Examining Encryption Solutions24:59
Explore a high-level view of encryption, including symmetric and asymmetric ciphers, block and stream modes, encryption levels from file to database, and secure transport through TLS.
Examining Public Key Infrastructure (PKI)22:57
Examining Digital Certificates23:27
Examining Asymmetric Encryption15:59
Examining Symmetric Encryption15:47
Explore symmetric encryption, a single-key method that encrypts and decrypts data, and compare block and stream ciphers with examples like AES, Twofish, ChaCha20, Salsa, and RC4 (deprecated).
Examining Hashing and Obfuscation24:51

Threat Actors25:27
Explore threat actors from script kiddies to nation-state hackers, detailing motivations such as financial gain, espionage, and political aims, with examples like APTs, insider threats, hacktivists, and ransomware gangs.
Social Engineering23:35
Business Email Compromise19:59
Explore how business email compromise uses social engineering and lookalike domains to impersonate vendors, CEOs, or lawyers, targeting finance, HR, and executives, with defenses like MFA and DMARC.
Digital System Threats24:08
Explore digital system threats through app vulnerabilities, client-based and agentless risks, web application flaws and network services, and practical defense ideas, including OWASP top 10 and mitigation strategies.
Network Based Threats23:09
Explore wired and wireless threats, from physical access and VLAN hopping to ARP poisoning, rogue devices, and Bluetooth attacks, emphasizing encryption and secure configurations.
Removable Media Threats14:09
Supply Chain Attacks15:18
Application Vulnerabilities24:51
Operating System Vulnerabilities22:07
Web Based Vulnerabilities25:23
Hardware Vulnerabilities24:20
Cloud Vulnerabilities19:35
Virtualization Vulnerabilities12:48
Cryptographic Vulnerabilities20:17
Mobile Device Vulnerabilities23:52
Zero Day Vulnerabilities11:28
Indicators of Malware Attacks22:12
Indicators of Physical Attacks22:29
Indicators of Network Attacks26:55
Indicators of Application Attacks26:21
Indicators of Crypographic Attacks8:03
Indicators of Password Attacks18:06
Identify indicators of password attacks, including brute-force, dictionary, and mutation techniques, and detect them by monitoring Linux auth.log and Windows security event IDs.
Cybersecurity Mitigation Techniques19:27

Cloud-Related Concepts22:11
Network Infrastructure Concepts17:48
Virtualization Concepts10:29
Explore virtualization concepts and security for virtual machines and containers, including Kubernetes, container orchestration, and security groups and network ACLs in cloud environments.
IoT and SCADA14:09
Architectural Model Considerations18:53
Security Infrastructure Considerations14:16
Network Appliances24:11
Port Security20:08
Firewall Types10:42
Secure Communication and Access15:02
Selecting Effective Controls7:42
Data Types7:57
Data Classifications9:45
Data Considerations11:30
Methods to Secure Data18:51
HA and Site Considerations18:51
Explore high availability concepts and site considerations, including load balancing versus clustering, horizontal scaling, hot, warm, and cold sites, and metrics like RTO, RPO, and five nines.
Platform Diversity and Multi-Cloud Systems10:14
Compare single-vendor versus multi-vendor IT strategies, with Cisco, Palo Alto, Dell, Aruba, and Splunk across network, security, and monitoring, plus multi-cloud choices AWS, Azure, and Google Cloud.
Continuity of Operations and Capacity Planning12:58
Testing14:37
Backups11:48
Power7:41

Examining Identity and Access Management10:37
Explore identity and access management as a centralized lifecycle that authenticates identities, validates credentials, and authorizes access to resources across directory and cloud environments.
Examining Wireless Security27:47
Examining Operating System Security22:32
Examining Firewalls and Intrusion Detection Devices22:29
Explore firewalls and intrusion detection devices, compare IDS and IPS, and learn how ACLs, implicit deny, and rule processing strengthen enterprise security, including DMZs and screen subnets.
Examining Password Security24:50
Examining Web Filtering13:32
Examining the Incident Response Process and Activities14:31
Explore the NIST-based incident response process, covering preparation, detection, analysis, containment, eradication, recovery, and post-event lessons learned to continuously improve security.
Examining Endpoint Detection and Response (EDR)23:18
Explore endpoint detection and response (edr) and its evolution to extended detection and response (xdr), covering endpoints, telemetry, detection, investigation, automated responses, and threat hunting.
Examining Single Sign-on18:06
Examining Secure Network Protocols and Services22:34
Examining Automation and Scripting Uses27:26
Examining Asset Management24:03
Examining Privileged Identity Management15:02
Examining Application Security21:25
Examining Investigation Data Sources and Log Data19:08
Examining Security for Mobile Devices23:20
Examining Vulnerability Analysis19:03
Examining Digital Forensics Activities14:05
Vulnerability Response, Remediation and Reporting17:49
Examining Security Baselines and Hardening22:19
Examining User Onboarding and Offboarding20:38
Examining Email Security19:09
Examining Security Monitoring and Alerting26:40
Identifying Vulnerabilities24:02

Guidelines and Policies12:54
Standards and Procedures13:49
Discover how standards and procedures shape organizational security, covering password management, multi-factor authentication, access control, encryption, change management, onboarding, and playbooks.
External Considerations and Revisions7:03
Governance Structures10:35
Roles and Responsibilities9:42
Risk Identification and Assessment9:29
Perform risk identification and assessment by analyzing threats, vulnerabilities, and assets, then evaluate impact and likelihood to produce prioritized risk scenarios and ongoing mitigation and monitoring.
Risk Analysis11:24
Risk Register, Tolerance, and Appetite10:32
Risk Management Strategies7:54
Apply the risk management framework, transferring risk, accepting risk, avoiding risk, and mitigating risk, using cloud examples like AWS and external contractors to balance risk and reward.
Risk Reporting And BIA9:11
Vendor Assessment and Selection8:20
Explore vendor assessment and selection with a security lens, covering penetration testing rules, auditing versus testing, independent assessments, supply chain, and building a due-diligence committee to reduce conflicts of interest.
Agreement Types8:03
Additional Vendor Considerations7:57
Compliance9:05
Explore how governance shapes internal and external compliance in security program management, covering policies, training, and metrics to protect customer data and avoid fines, sanctions, and reputational damage.
Compliance Monitoring6:20
Privacy8:58
Attestation6:27
Attestation is a formal, documentation-driven process that proves to third parties that security controls are effective, with independent auditors gathering evidence, defining scope, and performing a gap analysis.
Audits8:42
Explore internal and external audits, audit committees, governance, and self-assessments to improve compliance, train employees against phishing, and reduce bias with independent assessments.
Penetration Testing11:16
Phishing14:02
Learn to recognize phishing, including spear phishing and smishing, by training end users to inspect sender name and domain, greetings, urgent language, report threats, and participate in anti-phishing campaigns.
Anomalous Behavior Recognition6:41
User Guidance and Training9:03
Reporting and Monitoring8:15
Development and Execution10:47

Requirements

The CompTIA Security+ certification typically does not have strict prerequisites, making it an entry-level certification in the realm of cybersecurity. However, it's recommended that candidates have some foundational knowledge and experience in IT and networking before attempting the exam. CompTIA suggests that candidates ideally have the CompTIA Network+ certification and two years of work experience in IT with a security focus.

Description

The new CompTIA Security+ (SY0-701) represents the latest and greatest in cybersecurity, covering the most in-demand skills related to current threats, automation, zero trust, IoT, risk – and more. Once certified, you’ll understand the core skills needed to succeed on the job – and employers will notice too. The Security+ exam verifies you have the knowledge and skills required to:

· Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions.

· Monitor and secure hybrid environments, including cloud, mobile, Internet of Things (IoT), and operational technology.

· Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.

· Identify, analyze, and respond to security events and incidents.

CompTIA Security+ is compliant with ISO 17024 standards and approved by the U.S. DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program.

This course is designed to equip you with the knowledge and skills required to excel in the dynamic field of cybersecurity and achieve the CompTIA Security+ certification.

Who this course is for:

The CompTIA Security+ certification is designed for IT professionals who want to establish a career in cybersecurity.
The certification is suitable for anyone looking to validate their knowledge and skills in foundational cybersecurity concepts, regardless of their specific job role within the IT industry.

What you'll learn

Explore related topics

Course content

Course Overview1 lecture • 6min

General Security Concepts17 lectures • 5hr 20min

Threats, Vulnerabilities, and Mitigation23 lectures • 7hr 54min

Security Architecture21 lectures • 5hr

Security Operations24 lectures • 8hr 14min

Security Programs Management and Oversight24 lectures • 3hr 46min

Requirements

Description

Who this course is for: