CompTIA – Security+ (SY0-601) Training Course

What the specialist says

Security courses like this are popular because they teach ‘how things break’ — that’s how you learn to protect.

Aniket Joshi Cybersecurity Trainer

Acquire Key Security Skills: Master Cybersecurity, Earn Certification, Launch Your IT Security Career! DevLustro Academy has firmly positioned itself at the forefront of the cybersecurity education sector. Our meticulously designed course provides an in-depth, all-encompassing curriculum that prepares participants to tackle the complex landscape of modern cybersecurity threats. With a blend of theoretical knowledge and practical skills, this course ensures that students are well-equipped to safeguard information systems and respond effectively to security incidents. Course was selected for our collection of top-rated courses trusted by businesses worldwide.

Our Core Highlights

World Class Instructor Mentorship from global experts

1:1 with Industry Expert Personalised coaching tailored to you

Global Hiring Network 400+ hiring partners around the world

Average Salary Hike 55% average hike for our alumni

Course Description

Acquire Key Security Skills: Master Cybersecurity, Earn Certification, Launch Your IT Security Career! Elysium Academy has firmly positioned itself at the forefront of the cybersecurity education sector. Our meticulously designed course provides an in-depth, all-encompassing curriculum that prepares participants to tackle the complex landscape of modern cybersecurity threats. With a blend of theoretical knowledge and practical skills, this course ensures that students are well-equipped to safeguard information systems and respond effectively to security incidents. Course was selected for our collection of top-rated courses trusted by businesses worldwide.

CompTIA – Security+ (SY0-601) Training Course

Cybersecurity and Networking Course

Course Details

Globally Recognized Certification

Gain expertise in cryptographic techniques and PKI.

Understand and apply security policies and regulations

Develop practical skills through hands-on labs and real-world simulations.

Cybersecurity is the protective infrastructure set-up that safeguards data.

Incident Response is where security breaches will be addressed, and vulnerabilities mitigated.

Security Analysts understand cybersecurity threats and derive actionable insights.

Cybersecurity is the foundation on which secure systems and networks are built.

Course Goals

Master cybersecurity fundamentals, including risk management, network security, and compliance.
Dive into advanced concepts such as threat analysis and incident response.
Learn to implement secure network protocols and architectures.

Future Scope of this Course

Industry Based Projects

Our Career Service

Personalized coordinator.
Trainer feedback.
Trainer availability post sessions.
Get your staff certified.
Certificate from governing bodies.

Our Training Program Benefits

Hands on assignment
Curriculum that focuses on the learner.
Live, interactive training by DevLustro experts.
Curriculum aligned with current industry practices.
Portfolio / project support for real-world use.

01Chapter-1 Different Types of Social Engineering Techniques

01.01Phishing
01.02Smishing
01.03Vishing
01.04Spam
01.05Spam over instant messaging (SPIM)
01.06Spear phishing
01.07Dumpster diving
01.08Shoulder surfing
01.09Pharming
01.10Tailgating
01.11Eliciting information
01.12Whaling
01.13Prepending
01.14Identity fraud
01.15Invoice scams
01.16Credential harvesting
01.17Reconnaissance
01.18Hoax
01.19Impersonation
01.20Watering hole attack
01.21Typosquatting
01.22Pretexting
01.23Influence campaigns
01.24Hybrid Warfare
01.25Social Media
01.26Authority
01.27Intimidation
01.28Consensus
01.29Scarcity
01.30Familiarity
01.31Trust
01.32Urgency

02Chapter-2 Analyze Potential Indicators to Determine the Type of Attack

02.01Ransomware
02.02Trojans
02.03Worms
02.04Potentially unwanted programs (PUPs)
02.05Fileless virus
02.06Command and control
02.07Bots
02.08Cryptomalware
02.09Logic bombs
02.10Spyware
02.11Keyloggers
02.12Remote access Trojan (RAT)
02.13Rootkit
02.14Backdoor
02.15Password attacks
02.16Spraying
02.17Dictionary
02.18Brute Force
02.19Offline
02.20Online
02.21Rainbow table
02.22Plaintext/unencrypted
02.23Malicious Universal
02.24Serial Bus (USB) cable
02.25Malicious flash drive
02.26Card cloning
02.27Skimming
02.28Tainted training data for machine learning (ML)
02.29Security of machine learning algorithms
02.30Supply-chain attacks
02.31Cloud based vs. on-premises attacks
02.32Crytographic attacks
02.33Birthday
02.34Collision
02.35Downgrade

03Chapter-3 Analyze Potential Indicators Application Attacks

03.01Privilege escalation
03.02Cross-site scripting
03.03Injections
03.04Structured query language (SQL)
03.05Dynamic-link library (DLL)
03.06Lightweight Directory Access Protocol (LDAP)
03.07Extensible Markup Language (XML)
03.08Pointer/object dereference
03.09Directory traversal
03.10Buffer overflows
03.11Race conditions
03.12Time of check/time of use (TOC/TOU)
03.13Error handling
03.14Improper input handling
03.15Replay attack
03.16Integer overflow
03.17Request forgeries
03.18Server-side
03.19Cross-site
03.20Application programming interface (API) attacks
03.21Resource exhaustion
03.22Memory leak
03.23Secure Sockets Layer (SSL) stripping
03.24Driver manipulation
03.25Shimming
03.26Refactoring
03.27Pass the hash

04Chapter-4 Analyze Potential Indicators Network Attacks

04.01Radio frequency identification (RFID)
04.02Near-field communication (NFC)
04.03Initialization vector (IV)
04.04On-path attack (previously known as man-in-the-middle attack / man-in-the-browser attack)
04.05Address Resolution Protocol (ARP) poisoning
04.06Media access control (MAC) flooding
04.07MAC cloning
04.08Domain hijacking
04.09DNS poisoning
04.10Uniform Resource Locator (URL) redirection
04.11Domain reputation
04.12Network
04.13Application
04.14Operational technology (OT)
04.15PowerShell
04.16Python
04.17Bash
04.18Macros
04.19Visual Basic for Applications (VBA)

05Chapter-5 Different Threat Actors, Vectors, and Intelligence Sources

05.01Advanced persistent threat (APT)
05.02Insider threats
05.03State actors
05.04Hacktivists
05.05Script kiddies
05.06Criminal syndicates
05.07Hackers
05.08Authorized
05.09Unauthorized
05.10Semi-authorized
05.11Internal/external
05.12Level of sophistication/capability
05.13Resources/funding
05.14Intent/motivation
05.15Direct access
05.16Wireless
05.17Email
05.18Supply chain
05.19Social media
05.20Removable media
05.21Cloud
05.22Open-source intelligence (OSINT)
05.23Closed/proprietary
05.24Vulnerability databases
05.25Public/private information-sharing centers
05.26Dark web
05.27Indicators of compromise
05.28Automated Indicator Sharing (AIS)
05.29Structured Threat Information eXpression (STIX) / Trusted Automated eXchange of Intelligence Information (TAXII)
05.30Predictive analysis
05.31Threat maps
05.32File/code repositories
05.33Vendor websites
05.34Vulnerability feeds
05.35Conferences
05.36Academic journals
05.37Request for comments (RFC)
05.38Local industry groups
05.39Social media
05.40Threat feeds
05.41Adversary tactics, techniques, and procedures (TTP)

06Chapter-6 Various Types of Vulnerabilities

06.01Cloud-based vs. on-premises vulnerabilities
06.02Zero-day
06.03Weak configurations
06.04Open permissions
06.05Unsecure root accounts
06.06Errors
06.07Weak encryption
06.08Unsecure protocols
06.09Default settings
06.10Open ports and services
06.11Third-party risks
06.12Vendor management
06.13System integration
06.14Lack of vendor support
06.15Supply chain
06.16Outsourced code development
06.17Data storage
06.18Improper or weak patch management
06.19Firmware
06.20Operating system (OS)
06.21Applications
06.22Legacy platforms
06.23Data loss
06.24Data breaches
06.25Data exfiltration
06.26Identity theft
06.27Financial
06.28Reputation
06.29Availability loss

07Chapter-7 Security Assessments

07.01Threat hunting
07.02Intelligence fusion
07.03Threat feeds
07.04Advisories and bulletins
07.05Maneuver
07.06Vulnerability scans
07.07False positives
07.08False negatives
07.09Log reviews
07.10Credentialed vs. non-credentialed
07.11Intrusive vs. non-intrusive
07.12Application
07.13Web application
07.14Network
07.15Common Vulnerabilities and Exposures (CVE) / Common Vulnerability Scoring System (CVSS)
07.16Configuration review
07.17Syslog/Security information and event management (SIEM)
07.18Review reports
07.19Packet capture
07.20Data inputs
07.21User behavior analysis
07.22Sentiment analysis
07.23Security monitoring
07.24Log aggregation
07.25Log collectors
07.26Security orchestration, automation, and response (SOAR)

08Chapter-8 Penetration Testing

08.01Penetration testing
08.02Known environment
08.03Unknown environment
08.04Partially known environment
08.05Rules of engagement
08.06Lateral movement
08.07Privilege escalation
08.08Persistence
08.09Cleanup
08.10Bug bounty
08.11Pivoting
08.12Passive and active reconnaissance
08.13Drones
08.14War flying
08.15War driving
08.16Footprinting
08.17OSINT
08.18Exercise types
08.19Red-team
08.20Blue-team
08.21White-team
08.22Purple-team

09Chapter-9 Importance of Security Concepts

09.01Configuration management
09.02Diagrams
09.03Baseline configuration
09.04Standard naming conventions
09.05Internet protocol (IP) schema
09.06Data sovereignty
09.07Data protection
09.08Data loss prevention (DLP)
09.09Masking
09.10Encryption
09.11At rest
09.12In transit/motion
09.13In processing
09.14Tokenization
09.15Rights management
09.16Geographical considerations
09.17Response and recovery controls
09.18Secure Sockets Layer (SSL) / Transport Layer Security (TLS) inspection
09.19Hashing
09.20API considerations
09.21Site resiliency
09.22Hot site
09.23Cold site
09.24Warm site
09.25Deception and disruption
09.26Honeypots
09.27Honeyfiles
09.28Honeynets
09.29Fake telemetry
09.30DNS sinkhole

10Chapter-10 Cloud Computing Concepts

10.01Cloud models
10.02Infrastructure as a service (IaaS)
10.03Platform as a service (PaaS)
10.04Software as a service (SaaS)
10.05Anything as a service (XaaS)
10.06Public
10.07Community
10.08Private
10.09Hybrid
10.10Cloud service providers
10.11Managed service provider (MSP) / managed security service provider (MSSP)
10.12On-premises vs. off-premises
10.13Fog computing
10.14Edge computing
10.15Thin client
10.16Containers
10.17Microservices/APIs
10.18Infrastructure as code
10.19Software-defined networking (SDN)
10.20Software-defined visibility (SDV)
10.21Serverless architecture
10.22Services integration
10.23Transit gateway
10.24Virtualization
10.25Virtual machine (VM)
10.26Sprawl avoidance
10.27VM escape protection

11Chapter-11 Automation Concepts

11.01Development
11.02Test
11.03Staging
11.04Production
11.05Quality assurance (QA)
11.06Provisioning and deprovisioning
11.07Integrity measurement
11.08Secure coding techniques
11.09Normalization
11.10Stored procedures
11.11Obfuscation/camouflage
11.12Code reuse/dead code
11.13Server-side vs. client-side execution and validation
11.14Memory management
11.15Use of third-party libraries and SDKs
11.16Data exposure
11.17Open Web Application Security Project (OWASP)
11.18Software diversity
11.19Compiler
11.20Binary
11.21Automation/scripting
11.22Automated courses of action
11.23Continuous monitoring
11.24Continuous validation
11.25Continuous integration
11.26Continuous delivery
11.27Continuous deployment
11.28Elasticity
11.29Scalability
11.30Version control

12Chapter-12 IAM Concepts

12.01Directory services
12.02Federation
12.03Attestation
12.04Technologies
12.05Time-based one-time password (TOTP)
12.06HMAC-based one-time password (HOTP)
12.07Short message service (SMS)
12.08Token key
12.09Private
12.10Hybrid
12.11Cloud service providers
12.12Managed service provider (MSP) / managed security service provider (MSSP)
12.13On-premises vs. off-premises
12.14Fog computing
12.15Edge computing
12.16Thin client
12.17Containers
12.18Microservices/AP
12.19Infrastructure as code
12.20Software-defined networking (SDN)
12.21Software-defined visibility (SDV)
12.22Serverless architecture
12.23Services integration
12.24Transit gateway
12.25Virtualization
12.26Virtual machine (VM)
12.27Sprawl avoidance
12.28VM escape protection
12.29Something you exhibit
12.30Someone you know
12.31Authentication, authorization, and accounting (AAA)
12.32Cloud vs. on-premises requirements

13Chapter-13 Implement Cybersecurity Resilience

13.01Redundancy
13.02Geographic dispersal
13.03Disk
13.04Redundant array of inexpensive disks (RAID) levels
13.05Multipath
13.06Network
13.07Load balancers
13.08Network interface card (NIC) teaming
13.09Power
13.10Uninterruptible power supply (UPS)
13.11Generator
13.12Dual supply
13.13Managed power distribution units (PDUs)
13.14Replication
13.15Storage area network
13.16On-premises vs. cloud
13.17Backup types
13.18Full
13.19Incremental
13.20Snapshot
13.21Differential
13.22Tape
13.23Disk
13.24Copy
13.25Network-attached storage (NAS)
13.26Storage area network
13.27Cloud
13.28Image
13.29Online vs. offline
13.30Offsite storage
13.31Distance considerations
13.32Non-persistence
13.33Revert to known state
13.34Last known-good configuration
13.35Live boot media
13.36High availability
13.37Scalability
13.38Restoration order
13.39Diversity
13.40Technologies
13.41Vendors
13.42Crypto
13.43Controls

14Chapter - 14 Embedded and Specialized Systems

14.01Raspberry Pi
14.02Field-programmable gate array (FPGA)
14.03Arduino
14.04Supervisory control and data acquisition (SCADA) / industrial control system (ICS)
14.05Facilities
14.06Industrial
14.07Manufacturing
14.08Energy
14.09Logistics
14.10Internet of Things (IoT)
14.11Sensors
14.12Smart devices
14.13Wearables
14.14Facility automation
14.15Weak defaults
14.16Specialized
14.17Medical systems
14.18Vehicles
14.19Aircraft
14.20Smart meters
14.21Voice over IP (VoIP)
14.22Heating, ventilation, air conditioning (HVAC)
14.23Drones
14.24Multifunction printer (MFP)
14.25Real-time operating system (RTOS)
14.26Surveillance systems
14.27System on chip (SoC)
14.28Communication considerations
14.29Narrow-band
14.30Baseband radio
14.31Subscriber identity module (SIM) cards
14.32Zigbee

15Chapter - 15 Physical Security Controls

15.01Bollards/Barricades
15.02Access Control Vestibules
15.03Badges
15.04Alarms
15.05Signage
15.06Cameras
15.07Motion recognition
15.08Object detection
15.09Closed-circuit television (CCTV)
15.10Industrial Camouflage
15.11Personnel
15.12Guards
15.13Robot sentries
15.14Reception
15.15Two-person integrity/control
15.16Locks
15.17Biometrics
15.18Electronic
15.19Physical
15.20Cable locks
15.21USB Data Blocker
15.22Lighting
15.23Fencing
15.24Fire Suppression
15.25Sensors
15.26Motion detection
15.27Noise detection
15.28Proximity reader
15.29Moisture detection
15.30Cards
15.31Temperature
15.32Drones
15.33Visitor Logs
15.34Faraday Cages
15.35Air Gap
15.36Screened Subnet (previously known as Demilitarized Zone)
15.37Protected Cable Distribution
15.38Secure Areas
15.39Air gap
15.40Vault
15.41Safe
15.42Hot aisle
15.43Cold aisle
15.44Secure Data Destruction
15.45Burning
15.46Shredding
15.47Pulping
15.48Pulverizing
15.49Degaussing
15.50Third-party solutions

16Chapter - 16 Cryptographic Concepts

16.01Digital Signatures
16.02Key Length
16.03Key Stretching
16.04Salting
16.05Hashing
16.06Key Exchange
16.07Elliptic-Curve Cryptography
16.08Perfect Forward Secrecy
16.09Quantum
16.10Communications
16.11Computing
16.12Post-Quantum
16.13Ephemeral
16.14Modes of Operation
16.15Authenticated
16.16Unauthenticated
16.17Counter
16.18Blockchain
16.19Public Ledgers
16.20Cipher Suites
16.21Stream
16.22Block
16.23Symmetric vs. Asymmetric
16.24Lightweight Cryptography
16.25Steganography
16.26Audio
16.27Video
16.28Image
16.29Homomorphic Encryption
16.30Common Use Cases
16.31Low Power Devices
16.32Low Latency
16.33High Resiliency
16.34Supporting Confidentiality
16.35Supporting Integrity
16.36Supporting Obfuscation
16.37Supporting Authentication
16.38Supporting Non-Repudiation
16.39Limitations
16.40Speed
16.41Size
16.42Weak Keys
16.43Time
16.44Longevity
16.45Predictability
16.46Reuse
16.47Entropy
16.48Computational Overheads
16.49Resource vs. Security Constraints

17Chapter - 17 Implement Secure Protocols

17.01Domain Name System Security Extensions (DNSSEC)
17.02SSH (Secure Shell)
17.03Secure/Multipurpose Internet Mail Extensions (S/MIME)
17.04Secure Real-time Transport Protocol (SRTP)
17.05Lightweight Directory Access Protocol Over SSL (LDAPS)
17.06File Transfer Protocol, Secure (FTPS)
17.07SSH File Transfer Protocol (SFTP)
17.08Simple Network Management Protocol, version 3 (SNMPv3)
17.09Hypertext Transfer Protocol over SSL/TLS (HTTPS)
17.10IPSec (Internet Protocol Security)
17.11Authentication Header (AH) / Encapsulating Security Payloads (ESP)
17.12Tunnel/Transport
17.13Post Office Protocol (POP) / Internet Message Access Protocol (IMAP)
17.14Voice and video
17.15Time synchronization
17.16Email and web
17.17File transfer
17.18Directory services
17.19Remote access
17.20Domain name resolution
17.21Routing and switching
17.22Network address allocation
17.23Subscription services

18Chapter 18 - Host or Application Security Solutions

18.01Endpoint protection
18.02Antivirus
18.03Anti-malware
18.04Endpoint detection and response (EDR)
18.05Data loss prevention (DLP)
18.06Next-generation firewall (NGFW)
18.07Host-based intrusion prevention system (HIPS)
18.08Host-based intrusion detection system (HIDS)
18.09Host-based firewall
18.10Boot integrity
18.11Boot security/Unified Extensible Firmware Interface (UEFI)
18.12Measured boot
18.13Boot attestation
18.14Database security
18.15Tokenization
18.16Salting
18.17Hashing
18.18Application security
18.19Input validations
18.20Secure cookies
18.21Hypertext Transfer Protocol (HTTP) headers
18.22Code signing
18.23Allow list
18.24Block list/deny list
18.25Secure coding practices
18.26Static code analysis
18.27Manual code review
18.28Dynamic code analysis
18.29Fuzzing
18.30Hardening
18.31Open ports and services
18.32Registry
18.33Disk encryption
18.34OS security
18.35Patch management
18.36Third-party updates
18.37Auto-update
18.38Self-encrypting drive (SED)/full-disk encryption (FDE)
18.39Opal
18.40Hardware root of trust
18.41Trusted Platform Module (TPM)
18.42Sandboxing

19Chapter 19 - Secure Network Designs

19.01Active/active
19.02Active/passive
19.03Scheduling
19.04Virtual IP
19.05Persistence
19.06Virtual local area network (VLAN)
19.07Screened subnet (previously known as demilitarized zone)
19.08East-west traffic
19.09Extranet
19.10Intranet
19.11Zero Trust
19.12Virtual Private Network (VPN)
19.13Always-on
19.14Split tunnel vs. full tunnel
19.15Remote access vs. site-to-site
19.16IPSec
19.17SSL/TLS
19.18HTML5
19.19Layer 2 tunneling protocol (L2TP)
19.20Network Access Control (NAC)
19.21Agent and agentless
19.22Out-of-band Management
19.23Port Security
19.24Network Appliances
19.25Jump servers
19.26Proxy servers
19.27Forward
19.28Reverse
19.29Network-based intrusion detection system (NIDS) / network-based intrusion prevention system (NIPS)
19.30Signature-based
19.31Heuristic/behavior
19.32Anomaly
19.33Inline vs. passive
19.34Sensors
19.35Collectors
19.36Aggregators
19.37Firewalls
19.38Web application firewall (WAF)
19.39Next-generation firewall (NGFW)
19.40Stateful
19.41Stateless
19.42Unified threat management (UTM)
19.43Network address translation (NAT) gateway
19.44Content/URL filter
19.45Open-source vs. proprietary
19.46Hardware vs. software
19.47Appliance vs. host-based vs. virtual
19.48Access Control List (ACL)
19.49Route Security
19.50Quality of Service (QoS)
19.51Implications of IPv6
19.52Port Spanning/Port Mirroring
19.53Port taps
19.54Monitoring Services
19.55File Integrity Monitors

20Chapter 20 - Install and Configure Wireless Security Settings

20.01WiFi Protected Access 2 (WPA2)
20.02WiFi Protected Access 3 (WPA3)
20.03Counter-mode/CBC-MAC Protocol (CCMP)
20.04Simultaneous Authentication of Equals (SAE)
20.05Extensible Authentication Protocol (EAP)
20.06Protected Extensible Authentication Protocol (PEAP)
20.07EAP-FAST
20.08EAP-TLS
20.09EAP-TTLS
20.10IEEE 802.1X
20.11Pre-shared key (PSK) vs Enterprise vs Open
20.12WiFi Protected Setup (WPS)
20.13Captive portals
20.14Site surveys
20.15Heat maps
20.16WiFi analyzers
20.17Channel overlaps
20.18Wireless access point (WAP) placement
20.19Controller and access point security

21Chapter 21 - Implement Secure Mobile Solutions

21.01Implement Secure Mobile Solutions
21.02Connection Methods and Receivers
21.03Mobile Device Management (MDM)
21.04Mobile Devices
21.05Enforcement and Monitoring of
21.06Deployment Models

22Chapter 22 - Cybersecurity Solutions to the Cloud

22.01High availability across zones
22.02Resource policies
22.03Secrets management
22.04Integration and auditing
22.05Storage permissions
22.06Encryption
22.07Replication
22.08Network virtual networks
22.09Public and private subnets
22.10Segmentation
22.11API inspection and integration
22.12Compute security groups
22.13Dynamic resource allocation
22.14Instance awareness
22.15Virtual private cloud (VPC) endpoint
22.16Container security
22.17CASB (Cloud Access Security Broker)
22.18Application security
22.19Next-generation secure web gateway (SWG)
22.20Firewall considerations in a cloud environment
22.21Cost considerations
22.22Need for segmentation
22.23Open Systems Interconnection (OSI) layers

23Chapter 23 - Identity and Account Management Controls

23.01Identity
23.02Identity provider (IdP)
23.03Attributes
23.04Certificates
23.05Tokens
23.06SSH keys
23.07Smart cards
23.08Account Types
23.09User account
23.10Shared and generic accounts/credentials
23.11Guest accounts
23.12Service accounts
23.13Account Policies
23.14Password complexity
23.15Password history
23.16Password reuse
23.17Network location
23.18Geofencing
23.19Geotagging
23.20Geolocation
23.21Time-based logins
23.22Access policies
23.23Account permissions
23.24Account audits
23.25Impossible travel time/risky login
23.26Lockout
23.27Disablement

24Chapter 24 - Authentication and Authorization Solutions

24.01Authentication Management
24.02Password Keys
24.03Password Vaults
24.04TPM (Trusted Platform Module)
24.05HSM (Hardware Security Module)
24.06Knowledge-Based Authentication
24.07Authentication/Authorization
24.08EAP (Extensible Authentication Protocol)
24.09Challenge-Handshake Authentication Protocol (CHAP)
24.10Password Authentication Protocol (PAP)
24.11802.1X
24.12RADIUS
24.13Single Sign-On (SSO)
24.14Security Assertion Markup Language (SAML)
24.15Terminal Access Controller Access Control System Plus (TACACS+)
24.16OAuth
24.17OpenID
24.18Kerberos
24.19Access Control Schemes
24.20Attribute-Based Access Control (ABAC)
24.21Role-Based Access Control (RBAC)
24.22Rule-Based Access Control

25Chapter 25 - Certificates

25.01Types of Certificates
25.02Machine/Computer
25.03Email
25.04User
25.05Root
25.06Domain Validation
25.07Extended Validation
25.08Certificate Formats
25.09Distinguished Encoding Rules (DER)
25.10Privacy Enhanced Mail (PEM)
25.11Personal Information Exchange (PFX)
25.12Concepts
25.13Online vs. Offline CA
25.14Stapling
25.15Pinning
25.16Trust Model
25.17Key Escrow
25.18Certificate Chaining

26Chapter 26 - Assess Organizational Security

26.01Network Reconnaissance and Discovery
26.02tracert/traceroute
26.03nslookup/dig
26.04ipconfig/ifconfig
26.05nmap
26.06ping/pathping
26.07hping
26.08netstat
26.09netcat
26.10IP scanners
26.11route
26.12curl
26.13theHarvester
26.14sn1per
26.15scanless
26.16dnsenum
26.17Nessus
26.18Cuckoo
26.19File Manipulation
26.20head
26.21tail
26.22grep
26.23chmod
26.24logger
26.25Shell and Script Environments
26.26PowerShell
26.27Python
26.28OpenSSL
26.29Packet Capture and Replay
26.30Tcpreplay
26.31Tcpdump
26.32Wireshark
26.33Forensics
26.34Memdump
26.35WinHex
26.36FTK Imager
26.37Autopsy
26.38Exploitation Frameworks
26.39Introduction to Exploitation Frameworks
26.40Password Crackers
26.41Introduction to Password Crackers
26.42Data Sanitization
26.43Introduction to Data Sanitization

27Chapter 27 - Policies, Processes, and Procedures for Incident Response

27.01Preparation
27.02Identification
27.03Containment
27.04Eradication
27.05Recovery
27.06Lessons Learned
27.07Tabletop
27.08Walkthroughs
27.09Simulations
27.10MITRE ATT&CK
27.11The Diamond Model of Intrusion Analysis
27.12Cyber Kill Chain
27.13Stakeholder Management
27.14Communication Plan
27.15Disaster Recovery Plan
27.16Business Continuity Plan
27.17Continuity of Operations Planning (COOP)
27.18Incident Response Team
27.19Retention Policies

28Chapter 28 - Data Sources to Support an Investigation

28.01Vulnerability Scan Output
28.02SIEM Dashboards
28.03Sensor
28.04Sensitivity
28.05Trends
28.06Alerts
28.07Correlation
28.08Log Files
28.09Network
28.10System
28.11Application
28.12Security
28.13Authentication
28.14Dump Files
28.15VoIP and Call Managers
28.16Session Initiation Protocol (SIP) Traffic
28.17syslog/rsyslog/syslog-ng
28.18journalctl
28.19NXLog
28.20Bandwidth Monitors
28.21Metadata
28.22Configuration Changes
28.23Firewall Rules
28.24Content Filter/URL Filter
28.25Update or Revoke Certificates
28.26Isolation
28.27Containment
28.28Segmentation

29Chapter 29 - Mitigation Techniques

29.01Reconfigure Endpoint Security Solutions
29.02Application Approved List
29.03Application Blocklist/Deny List
29.04Quarantine
29.05Configuration Changes
29.06Firewall Rules
29.07Content Filter/URL Filter
29.08Update or Revoke Certificates
29.09Isolation
29.10Containment
29.11Segmentation

30Chapter 30 - Key Aspects of Digital Forensics

30.01Documentation/Evidence
30.02Legal Hold
30.03Video
30.04Admissibility
30.05Chain of Custody
30.06Timelines of Sequence of Events
30.07Time Stamps
30.08Time Offset
30.09Tags
30.10Reports
30.11Event Logs
30.12Interviews
30.13Acquisition
30.14Order of Volatility
30.15Disk
30.16Random-Access Memory (RAM)
30.17Swap/Pagefile
30.18Device
30.19Firmware
30.20Snapshot
30.21Cache
30.22Network
30.23Artifacts
30.24On-Premises vs. Cloud
30.25Right-to-Audit Clauses
30.26Regulatory/Jurisdiction
30.27Data Breach Notification Laws
30.28Integrity
30.29Hashing
30.30Checksums
30.31Provenance
30.32Preservation
30.33Preservation Techniques
30.34E-Discovery
30.35E-Discovery Process
30.36Data Recovery
30.37Data Recovery Methods
30.38Non-Repudiation
30.39Ensuring Non-Repudiation
30.40Strategic Intelligence/Counterintelligence
30.41Strategic Intelligence Techniques
30.42Counterintelligence Measures

31Chapter 31 - Various Types of Controls

31.01Category
31.02Managerial
31.03Operational
31.04Technical
31.05Control Type
31.06Preventive
31.07Detective
31.08Corrective
31.09Deterrent
31.10Compensating
31.11Physical

32Chapter 32 - Applicable Regulations, Standards, or Frameworks

32.01Regulations, Standards, and Legislation
32.02General Data Protection Regulation (GDPR)
32.03National, Territory, or State Laws
32.04Payment Card Industry Data Security Standard (PCI DSS)
32.05Key Frameworks
32.06Center for Internet Security (CIS)
32.07National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/ Cybersecurity Framework (CSF)
32.08International Organization for Standardization (ISO) 27001/27002/27701/31000
32.09SSAE SOC 2 Type I/II
32.10Cloud Security Alliance
32.11Cloud Control Matrix
32.12Reference Architecture
32.13Benchmarks/Secure Configuration Guides
32.14Platform/Vendor-Specific Guides
32.15Web Server
32.16Operating System (OS)
32.17Application Server
32.18Network Infrastructure Devices

33Chapter 33 - Importance of Policies to Organizational Security

33.01Personnel
33.02Acceptable Use Policy
33.03Job Rotation
33.04Mandatory Vacation
33.05Separation of Duties
33.06Least Privilege
33.07Clean Desk Space
33.08Background Checks
33.09Non-Disclosure Agreement (NDA)
33.10Social Media Analysis
33.11Onboarding
33.12Offboarding
33.13User Training
33.14Gamification
33.15Capture the Flag
33.16Phishing Campaigns
33.17Phishing Simulations
33.18Computer-Based Training (CBT)
33.19Role-Based Training
33.20Diversity of Training Techniques
33.21Importance of Diverse Training Techniques
33.22Examples and Implementation
33.23Third-Party Risk Management
33.24Vendors
33.25Supply Chain
33.26Business Partners
33.27Service Level Agreement (SLA)
33.28Memorandum of Understanding (MOU)
33.29Measurement Systems Analysis (MSA)
33.30Business Partnership Agreement (BPA)
33.31End of Life (EOL)
33.32End of Service Life (EOSL)
33.33Non-Disclosure Agreement (NDA)
33.34Data
33.35Classification
33.36Governance
33.37Retention
33.38Credential Policies
33.39Personnel
33.40Third-party
33.41Devices
33.42Service Accounts
33.43Administrator/Root Accounts
33.44Organizational Policies
33.45Change Management
33.46Change Control
33.47Asset Management

34Chapter 34 - Risk Management Processes and Concepts

34.01Risk Types
34.02External
34.03Internal
34.04Legacy Systems
34.05Multiparty
34.06IP Theft
34.07Software Compliance/Licensing
34.08Risk Management Strategies
34.09Acceptance
34.10Avoidance
34.11Transference
34.12Cybersecurity Insurance
34.13Mitigation
34.14Risk Analysis
34.15Risk Register
34.16Risk Matrix/Heat Map
34.17Risk Control Assessment
34.18Risk Control Self-Assessment
34.19Risk Awareness
34.20Inherent Risk
34.21Residual Risk
34.22Control Risk
34.23Risk Appetite
34.24Regulations that Affect Risk Posture
34.25Risk Analysis
34.26Risk Assessment Types
34.27Qualitative
34.28Quantitative
34.29Likelihood of Occurrence
34.30Impact
34.31Asset Value
34.32Single-Loss Expectancy (SLE)
34.33Annualized Loss Expectancy (ALE)
34.34Annualized Rate of Occurrence (ARO)
34.35Disasters
34.36Environmental
34.37Person-Made
34.38Internal vs. External
34.39Business Impact Analysis
34.40Recovery Time Objective (RTO)
34.41Recovery Point Objective (RPO)
34.42Mean Time to Repair (MTTR)
34.43Mean Time Between Failures (MTBF)
34.44Functional Recovery Plans
34.45Single Point of Failure
34.46Disaster Recovery Plan (DRP)
34.47Mission Essential Functions
34.48Identification of Critical Systems
34.49Site Risk Assessment
34.50Privacy Enhancing Technologies
34.51Data Minimization
34.52Data Masking
34.53Tokenization
34.54Anonymization
34.55Pseudo-Anonymization
34.56Roles and Responsibilities
34.57Data Owners
34.58Data Controller
34.59Data Processor
34.60Data Custodian/Steward
34.61Data Protection Officer (DPO)
34.62Information Life Cycle
34.63Overview of Information Life Cycle
34.64Impact Assessment
34.65Conducting an Impact Assessment
34.66Terms of Agreement
34.67Understanding Terms of Agreement
34.68Privacy Notice
34.69Creating and Implementing Privacy Notices

What is the CompTIA Security+ (SY0-601) certification?

The CompTIA Security+ (SY0-601) certification is a globally recognized credential that validates the foundational skills needed to perform core security functions and pursue a career in IT security.

Who should take the CompTIA Security+ (SY0-601) course?

The course is ideal for aspiring cybersecurity professionals, network administrators, IT auditors, security consultants, and anyone looking to strengthen their knowledge in IT security.

What topics are covered in the CompTIA Security+ (SY0-601) course?

Topics include threat analysis, incident response, network security, cryptography, risk management, and compliance with industry regulations.

Do I need any prerequisites to enroll in the Security+ (SY0-601) course?

While there are no mandatory prerequisites, it is recommended that participants have basic knowledge of computer networks and security concepts. Experience with CompTIA Network+ is beneficial.

How is the course delivered?

The course is delivered through a blend of live instructor-led sessions, hands-on labs, and self-paced study materials. This hybrid approach ensures comprehensive learning and practical experience.

What type of projects will I work on during the course?

Participants will engage in real-world cybersecurity projects, including vulnerability assessments, penetration testing, incident response simulations, and the implementation of security protocols.

Will I receive a certificate upon completion of the course?

Yes, participants will receive a certificate of completion from DevLustro Academy. Additionally, successful completion of the course prepares you for the CompTIA Security+ certification exam.

How long is the course, and how much time should I dedicate weekly?

The course duration is typically 8-12 weeks. It is recommended to dedicate around 10-15 hours per week to coursework, including lectures, labs, and self-study.

Is there support available after I complete the course?

Yes, our instructors and support team are available to provide guidance and answer any questions you may have even after the course has ended. Additionally, we offer resources for exam preparation.

How does the CompTIA Security+ (SY0-601) certification benefit my career?

The certification enhances your credibility and demonstrates your expertise in cybersecurity. It opens up various job opportunities, increases earning potential, and is often required by employers for cybersecurity roles.

CompTIA – Security+ (SY0-601) Training Course

Our Core Highlights

Course Description

Course Goals

Future Scope of this Course

Our Career Service

Our Training Program Benefits

What is the CompTIA Security+ (SY0-601) certification?

Who should take the CompTIA Security+ (SY0-601) course?

What topics are covered in the CompTIA Security+ (SY0-601) course?

Do I need any prerequisites to enroll in the Security+ (SY0-601) course?

How is the course delivered?

What type of projects will I work on during the course?

Will I receive a certificate upon completion of the course?

How long is the course, and how much time should I dedicate weekly?

Is there support available after I complete the course?

How does the CompTIA Security+ (SY0-601) certification benefit my career?

Related Courses in Cyber Security And Networking Training Course

CompTIA – Security+ (SY0-601) Training Course

Enroll in CompTIA – Security+ (SY0-601) Training Course