A+ Network+ Server+ Linux+ Mobility+ Cloud+ IT Fundamentals

CompTIA Security+ Training

Getting certified with a CompTIA Security+ will allow you to gain the skills and knowledge necessary to handle high pressure roles that involve securing networks and managing risks

Online
Classroom
In-House
New 901 & 902 CompTIA A+ 5 Day Classroom Special Offer. Exams Included Guaranteed pass. Enquire for more pricing/information.

What Is The CompTIA Security+?

The CompTIA Security+™ certification is designed for learners whose job responsibilities include securing network services, devices, and traffic. Our self-paced online course content will prepare you for the CompTIA Security+ examination, the SY0-401.

CompTIA’s Security+ syllabus covers the most important principles for securing a network and managing risks in a working enterprise environment. This course will build your knowledge and professional experience with computer hardware, operating systems, and networks – undertaking this training program will allow you to acquire the specific skills required to implement basic security services on any type of computer network.

This course has been built for Information Technology (IT) professionals who have networking and administrative skills in Windows-based TCP/IP networks and familiarity with operating systems such as NetWare, OS X, UNIX/Linux, and OS/2. These IT professionals will be looking to further their career in IT by acquiring a foundational knowledge of security topics and earn an official qualification as they do so.

Key Areas

The main areas that are covered in this course are:

Course Breakdown

  • 1.0 Network Security
    • 1.1 Implement security configuration parameters on network devices and other technologies.
      • Firewalls
      • Routers
      • Switches
      • Load balancers
      • Proxies
      • Web security gateways
      • VPN concentrators
      • NIDS and NIPS
        • Behavior-based
        • Signature-based
        • Anomaly-based
        • Heuristic
      • Protocol analyzers
      • Spam filter
      • UTM security appliances
        • URL filter
        • Content inspection
        • Malware inspection
      • Web application firewall vs. network firewall
      • Application aware devices
        • Firewalls
        • IPS
        • IDS
        • Proxies
    • 1.2 Given a scenario, use secure network administration principles
      • Rule-based management
      • Firewall rules
      • VLAN management
      • Secure router configuration
      • Access control lists
      • Port security
      • 802.1x
      • Flood guards
      • Loop protection
      • Implicit deny
      • Network separation
      • Log analysis
      • Unified threat management
    • 1.3 Explain network design elements and components.
      • DMZ
      • Subnetting
      • VLAN
      • NAT
      • Remote access
      • Telephony
      • NAC
      • Virtualization
      • Cloud computing
        • PaaS
        • SaaS
        • IaaS
        • Private
        • Public
        • Hybrid
        • Community
    • 1.4 Given a scenario, implement common protocols and services.
      • Protocols
        • IPsec
        • SNMP
        • SSH
        • DNS
        • TLS
        • SSL
        • TCP/IP
        • FTPS
        • HTTPS
        • SCP
        • ICMP
        • IPv4
        • IPv6
        • iSCSI
        • Fibre Channel
        • FCoE
        • FTP
        • SFTP
        • TFTP
        • TELNET
        • HTTP
        • NetBIOS
      • Ports
        • 21
        • 22
        • 25
        • 53
        • 80
        • 110
        • 139
        • 143
        • 443
        • 3389
      • OSI relevance
    • 1.5 Given a scenario, troubleshoot security issues related to wireless networking.
      • WPA
      • WPA2
      • WEP
      • EAP
      • PEAP
      • LEAP
      • MAC filter
      • Disable SSID broadcast
      • TKIP
      • CCMP
      • Antenna placement
      • Power level controls
      • Captive portals
      • Antenna types
      • Site surveys
      • VPN (over open wireless)
    For more information, contact one of our course advisors
  • 2.0 Compliance and Operational Security
    • 2.1 Explain the importance of risk related concepts.
      • Control types
        • Technical
        • Management
        • Operational
      • False positives
      • False negatives
      • Importance of policies in reducing risk
        • Privacy policy
        • Acceptable use
        • Security policy
        • Mandatory vacations
        • Job rotation
        • Separation of duties
        • Least privilege
      • Risk calculation
        • Likelihood
        • ALE
        • Impact
        • SLE
        • ARO
        • MTTR
        • MTTF
        • MTBF
      • Quantitative vs. qualitative
      • Vulnerabilities
      • Threat vectors
      • Probability/threat likelihood
      • Risk avoidance, transference, acceptance, mitigation, deterrence
      • Risks associated with cloud computing and virtualization
      • Recovery time objective and recovery point objective
    • 2.2 Summarize the security implications of integrating systems and data with third parties.
      • On-boarding/off-boarding business partners
      • Social media networks and/or applications
      • Interoperability agreements
        • SLA
        • BPA
        • MOU
        • ISA
      • Privacy considerations
      • Risk awareness
      • Unauthorized data sharing
      • Data ownership
      • Data backups
      • Follow security policy and procedures
      • Review agreement requirements to verify compliance and performance standards
    • 2.3 Given a scenario, implement appropriate risk mitigation strategies.
      • Change management
      • Incident management
      • User rights and permissions reviews
      • Perform routine audits
      • Enforce policies and procedures to prevent data loss or theft
      • Enforce technology controls
        • Data Loss Prevention (DLP)
    • 2.4 Given a scenario, implement basic forensic procedures.
      • Order of volatility
      • Capture system image
      • Network traffic and logs
      • Capture video
      • Record time offset
      • Take hashes
      • Screenshots
      • Witnesses
      • Track man hours and expense
      • Chain of custody
      • Big Data analysis
    • 2.5 Summarize common incident response procedures.
      • Preparation
      • Incident identification
      • Escalation and notification
      • Escalation and notification
      • Lessons learned
      • Reporting
      • Recovery/reconstitution procedures
      • First responder
      • Incident isolation
        • Quarantine
        • Device removal
      • Data breach
      • Damage and loss control
    • 2.6 Explain the importance of security related awareness and training.
      • Security policy training and procedures
      • Role-based training
      • Personally identifiable information
      • Information classification
        • High
        • Medium
        • Low
        • Confidential
        • Private
        • Public
      • Data labeling, handling and disposal
      • Compliance with laws, best practices and standards
      • User habits
        • Password behaviors
        • Data handling
        • Clean desk policies
        • Prevent tailgating
        • Personally owned devices
      • New threats and new security trends/alerts
        • New viruses
        • Phishing attacks
        • Zero-day exploits
      • Use of social networking and P2P
      • Follow up and gather training metrics to validate compliance and security posture
    • 2.7 Compare and contrast physical security and environmental controls.
      • Environmental controls
        • HVAC
        • Fire suppression
        • EMI shielding
        • Hot and cold aisles
        • Environmental monitoring
        • Temperature and humidity controls
      • Physical security
        • Hardware locks
        • Mantraps
        • Video surveillance
        • Fencing
        • Proximity readers
        • Access list
        • Proper lighting
        • Signs
        • Guards
        • Barricades
        • Biometrics
        • Protected distribution (cabling)
        • Alarms
        • Motion detection
      • Control types
        • Deterrent
        • Preventive
        • Detective
        • Compensating
        • Technical
        • Administrative
    • 2.8 Summarize risk management best practices.
      • Business continuity concepts
        • Business impact analysis
        • Identification of critical systems and components
        • Removing single points of failure
        • Business continuity planning and testing
        • Risk assessment
        • Continuity of operations
        • Disaster recovery
        • IT contingency planning
        • Succession planning
        • High availability
        • Redundancy
        • Tabletop exercises
      • Fault tolerance
        • Hardware
        • RAID
        • Clustering
        • Load balancing
        • Servers
      • Disaster recovery concepts
        • Backup plans/policies
        • Backup execution/frequency
        • Cold site
        • Hot site
        • Warm site
    • 2.9 Given a scenario, select the appropriate control to meet the goals of security.
      • Confidentiality
        • Encryption
        • Access controls
        • Steganography
      • Integrity
        • Hashing
        • Digital signatures
        • Certificates
        • Non-repudiation
      • Availability
        • Redundancy
        • Fault tolerance
        • Patching
      • Safety
        • Fencing
        • Lighting
        • Locks
        • CCTV
        • Escape plans
        • Drills
        • Escape routes
        • Testing controls
    For more information, contact one of our course advisors
  • 3.0 Threats and Vulnerabilities
    • 3.1 Explain types of malware.
      • Adware
      • Virus
      • Spyware
      • Trojan
      • Rootkits
      • Backdoors
      • Logic bomb
      • Botnets
      • Ransomware
      • Polymorphic malware
      • Armored virus
    • 3.2 Summarize various types of attacks.
      • Man-in-the-middle
      • DDoS
      • DoS
      • Replay
      • Smurf attack
      • Spoofing
      • Spam
      • Phishing
      • Spim
      • Vishing
      • Spear phishing
      • Xmas attack
      • Pharming
      • Privilege escalation
      • Malicious insider threat
      • DNS poisoning and ARP poisoning
      • Transitive access
      • Client-side attacks
      • Password attacks
        • Brute force
        • Dictionary attacks
        • Hybrid
        • Birthday attacks
        • Rainbow tables
      • Typo squatting/URL hijacking
      • Watering hole attack
    • 3.3 Summarize social engineering attacks and the associated effectiveness with each attack.
      • Shoulder surfing
      • Dumpster diving
      • Tailgating
      • Impersonation
      • Hoaxes
      • Whaling
      • Vishing
      • Principles (reasons for effectiveness)
        • Authority
        • Intimidation
        • Consensus/social proof
        • Scarcity
        • Urgency
        • Familiarity/liking
        • Trust
    • 3.4 Explain types of wireless attacks.
      • Rogue access points
      • Jamming/interference
      • Evil twin
      • War driving
      • Bluejacking
      • Bluesnarfing
      • War chalking
      • IV attack
      • Packet sniffing
      • Near field communication
      • Replay attacks
      • WEP/WPA attacks
      • WPS attacks
    • 3.5 Explain types of application attacks.
      • Cross-site scripting
      • SQL injection
      • LDAP injection
      • XML injection
      • Directory traversal/command injection
      • Buffer overflow
      • Integer overflow
      • Zero-day
      • Cookies and attachments
      • Locally Shared Objects (LSOs)
      • Flash cookies
      • Malicious add-ons
      • Session hijacking
      • Header manipulation
      • Arbitrary code execution/remote code execution
    • 3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
      • Monitoring system logs
        • Event logs
        • Audit logs
        • Security logs
        • Access logs
      • Hardening
        • Disabling unnecessary services
        • Protecting management interfaces and applications
        • Password protection
        • Disabling unnecessary accounts
      • Network security
        • MAC limiting and filtering
        • 802.1x
        • Disabling unused interfaces and unused application service ports
        • Rogue machine detection
      • Security posture
        • Initial baseline configuration
        • Continuous security monitoring
        • Remediation
      • Reporting
        • Alarms
        • Alerts
        • Trends
      • Detection controls vs. prevention controls
        • IDS vs. IPS
        • Camera vs. guard
    • 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
      • Interpret results of security assessment tools
      • Tools
        • Protocol analyzer
        • Vulnerability scanner
        • Honeypots
        • Honeynets
        • Port scanner
        • Passive vs. active tools
        • Banner grabbing
      • Risk calculations
        • Threat vs. likelihood
      • Assessment types
        • Risk
        • Threat
        • Vulnerability
      • Assessment technique
        • Baseline reporting
        • Code review
        • Determine attack surface
        • Review architecture
        • Review designs
    • 3.8 Explain the proper use of penetration testing versus vulnerability scanning.
      • Penetration testing
        • Verify a threat exists
        • Bypass security controls
        • Actively test security controls
        • Exploiting vulnerabilities
      • Vulnerability scanning
        • Passively testing security controls
        • Identify vulnerability
        • Identify lack of security controls
        • Identify common misconfigurations
        • Intrusive vs. non-intrusive
        • Credentialed vs. non-credentialed
        • False positive
      • Black box
      • White box
      • Gray box
    For more information, contact one of our course advisors
  • 4.0 Application, Data and Host Security
    • 4.1 Explain the importance of application security controls and techniques.
      • Fuzzing
      • Secure coding concepts
        • Error and exception handling
        • Input validation
      • Cross-site scripting prevention
      • Cross-site Request Forgery (XSRF) prevention
      • Application configuration baseline (proper settings)
      • Application hardening
      • Application patch management
      • NoSQL databases vs. SQL databases
      • Server-side vs. client-side validation
    • 4.2 Summarize mobile security concepts and technologies.
      • Device security
        • Full device encryption
        • Remote wiping
        • Lockout
        • Screen locks
        • GPS
        • Application control
        • Storage segmentation
        • Asset tracking
        • Inventory control
        • Mobile device management
        • Device access control
        • Removable storage
        • Disabling unused features
      • Application security
        • Key management
        • Credential management
        • Authentication
        • Geo-tagging
        • Encryption
        • Application whitelisting
        • Transitive trust/authentication
      • BYOD concerns
        • Data ownership
        • Support ownership
        • Patch management
        • Antivirus management
        • Forensics
        • Privacy
        • On-boarding/off-boarding
        • Adherence to corporate policies
        • User acceptance
        • Architecture/infrastructure considerations
        • Legal concerns
        • Acceptable use policy
        • On-board camera/video
    • 4.3 Given a scenario, select the appropriate solution to establish host security.
      • Operating system security and settings
      • OS hardening
      • Anti-malware
        • Antivirus
        • Anti-spam
        • Anti-spyware
        • Pop-up blockers
      • Patch management
      • Whitelisting vs. blacklisting applications
      • Trusted OS
      • Host-based firewalls
      • Host-based intrusion detection
      • Hardware security
        • Cable locks
        • Safe
        • Locking cabinets
      • Host software baselining
      • Virtualization
        • Snapshots
        • Patch compatibility
        • Host availability/elasticity
        • Mismatched channels
    • 4.4 Given a scenario, troubleshoot and resolve common copper cable issues.
      • Shorts
      • Opens
      • Incorrect termination (mismatched standards)
        • Straight-through
        • Crossover
      • Cross-talk
        • Near end
        • Far end
      • EMI/RFI
      • Distance limitations
      • Attenuation/Db loss
      • Bad connector
      • Bad wiring
      • Split pairs
      • Tx/Rx reverse
      • Cable placement
      • Bad SFP/GBIC - cable or transceiver
    • 4.5 Given a scenario, troubleshoot and resolve common fiber cable issues.
      • Attenuation/Db loss
      • SFP/GBIC - cable mismatch
      • Bad SFP/GBIC - cable or transceiver
      • Wavelength mismatch
      • Fiber type mismatch
      • Dirty connectors
      • Connector mismatch
      • Bend radius limitations
      • Distance limitations
    • 4.6 Given a scenario, troubleshoot and resolve common network issues.
      • Incorrect IP configuration/default gateway
      • Broadcast storms/switching loop
      • Duplicate IP
      • Speed and duplex mismatch
      • End-to-end connectivity
      • Incorrect VLAN assignment
      • Hardware failure
      • Misconfigured DHCP
      • Misconfigured DNS
      • Incorrect interface/interface misconfiguration
      • Cable placement
      • Interface errors
      • Simultaneous wired/wireless connections
      • Discovering neighboring devices/nodes
      • Power failure/power anomalies
      • MTU/MTU black hole
      • Missing IP routes
      • NIC teaming misconfiguration
        • Active-active vs. active-passive
        • Multicast vs. broadcast
    • 4.7 Given a scenario, troubleshoot and resolve common security issues.
      • Misconfigured firewall
      • Misconfigured ACLs/applications
      • Malware
      • DoS
      • Open/closed ports
      • ICMP related issues
        • Ping of death
        • Unreachable default gateway
      • Unpatched firmware/OSs
      • Malicious users
        • Trusted
        • Untrusted users
        • Packet sniffing
      • Authentication issues
        • TACACS/RADIUS misconfigurations
        • Default passwords/settings
      • Improper access/backdoor access
      • ARP issues
      • Banner grabbing/OUI
      • Domain/local group configurations
      • Jamming
    • 4.8 Given a scenario, troubleshoot and resolve common WAN issues.
      • Loss of Internet connectivity
      • Interface errors
      • Split horizon
      • DNS issues
      • Interference
      • Router configurations
      • Customer premise equipment
        • Smart jack/NIU
        • Demarc
        • Loopback
        • CSU/DSU
        • Copper line drivers/repeaters
      • Company security policy
        • Throttling
        • Blocking
        • Fair access policy/utilization limits
      • Satellite issues
        • Latency
    For more information, contact one of our course advisors
  • 5.0 Access Control and Identity Management
    • 5.1 Compare and contrast the function and purpose of authentication services.
      • RADIUS
      • TACACS+
      • Kerberos
      • LDAP
      • XTACACS
      • SAML
      • Secure LDAP
    • 5.2 Given a scenario, select the appropriate authentication, authorization or access control.
      • Identification vs. authentication vs. authorization
      • Authorization
        • Least privilege
        • Separation of duties
        • ACLs
        • Mandatory access
        • Discretionary access
        • Rule-based access control
        • Role-based access control
        • Time of day restrictions
      • Authentication
        • Tokens
        • Common access card
        • Smart card
        • Multifactor authentication
        • TOTP
        • HOTP
        • CHAP
        • PAP
        • Single sign-on
        • Access control
        • Implicit deny
        • Trusted OS
      • Authentication factors
        • Something you are
        • Something you have
        • Something you know
        • Somewhere you are
        • Something you do
      • Identification
        • Biometrics
        • Personal identification verification card
        • Username
      • Federation
      • Transitive trust/authentication
    • 5.3 Install and configure security controls when performing account management, based on best practices.
      • Mitigate issues associated with users with multiple account/roles and/or shared accounts
      • Account policy enforcement
        • Credential management
        • Group policy
        • Password complexity
        • Expiration
        • Recovery
        • Disablement
        • Lockout
        • Password history
        • Password reuse
        • Password length
        • Generic account prohibition
      • Group based privileges
      • User assigned privileges
      • User access reviews
      • Continuous monitoring
    For more information, contact one of our course advisors
  • 6.0 Cryptography
    • 6.1 Given a scenario, utilize general cryptography concepts.
      • Symmetric vs. asymmetric
      • Session keys
      • In-band vs. out-of-band key exchange
      • Fundamental differences and encryption methods
        • Block vs. stream
      • Transport encryption
      • Non-repudiation
      • Key escrow
      • Steganography
      • Digital signatures
      • Use of proven technologies
      • Elliptic curve and quantum cryptography
      • Ephemeral key
      • Perfect forward secrecy
    • 6.2 Given a scenario, use appropriate cryptographic methods.
      • WEP vs. WPA/WPA2 and preshared key
      • MD5
      • SHA
      • RIPEMD
      • AES
      • DES
      • 3DES
      • HMAC
      • RSA
      • Diffie-Hellman
      • RC4
      • NTLM
      • NTLMv2
      • Blowfish
      • PGP/GPG
      • TwoFish
      • DHE
      • ECDHE
      • CHAP
      • PAP
      • Comparative strengths and performance of algorithms
      • Use of algorithms/protocols with transport encryption
        • SSL
        • TLS
        • IPSec
        • SSH
        • HTTPS
      • Cipher suites
        • Strong vs. weak ciphers
      • Key stretching
        • PBKDF2
        • Bcrypt
    • 6.3 Given a scenario, use appropriate PKI, certificate management and associated components.
      • Certificate authorities and digital certificates
        • CA
        • CRLs
        • OCSP
        • CSR
      • PKI
      • Recovery agent
      • Public key
      • Private key
      • Registration
      • Key escrow
      • Trust models
    For more information, contact one of our course advisors


  • CompTIA Security+ Exam
    • CompTIA Security+ SY0-401
    For more information, contact one of our course advisors
  • Job Role

    Achieving a CompTIA Network+ qualification will unlock a number of doors for you within the IT industry, with salaries for those that hold a Network+ certification averaging at £22,500.

    The roles that you will be qualified for are as follows:

    • IT Support
    • Computer Service Technician
    • Small Office IT maintenance
    • Technical Support
    • Field Service Technician
    For more information, contact one of our course advisors

Training Solution Breakdown:

Free Brochure, Syllabus & Costing

Sign up using the appropriate form below to receive a CompTIA Security+ information pack and free online training demo.

  • Information Pack

    Your Information will never be shared with any third party

Want to Learn about CertMaster?

CompTIA CertMaster is an online learning tool that helps you prepare for your CompTIA certification exam with confidence.

To find out more about CertMaster please click below to...

Find out more »

Train your staff today!

Looking to train your staff? Join the Robust family and be entitled to loads of great benefits:

  • Have 24/7 Email Support
  • Classroom & WebEx Learning
  • Access course anywhere, anytime
  • Many more...

Request a brochure, with a free demo

Please Fill in the form below: