Get the detailed information you need to prepare for the Security Operations domain of the CompTIA Security+ exam, version SY0-701.
Overview
Syllabus
Introduction
- Security operations
- Study resources
- Developing security baselines
- Leveraging industry standards
- Customizing security standards
- Operating system security
- Malware prevention
- Application management
- Host-based network security controls
- File integrity monitoring
- Data loss prevention
- Data encryption
- Hardware and firmware security
- Linux file permissions
- Web content filtering
- Change management
- Configuration management
- Physical asset management
- Disposal and decommissioning
- Mobile connection methods
- Mobile device security
- Mobile device management
- Mobile device tracking
- Mobile application security
- Mobile security enforcement
- Bring your own device (BYOD)
- Mobile deployment models
- Understanding wireless networking
- Wireless encryption
- Wireless authentication
- RADIUS
- Wireless signal propagation
- Wireless networking equipment
- Code review
- Software testing
- Code security tests
- Fuzz testing
- Acquired software
- Package monitoring
- Threat intelligence
- Intelligence sharing
- Threat hunting
- What is vulnerability management?
- Identify scan targets
- Scan configuration
- Scan perspective
- Security Content Automation Protocol (SCAP)
- Common Vulnerability Scoring System (CVSS )
- Analyzing scan reports
- Correlating scan results
- Vulnerability response and remediation
- Penetration testing
- Responsible disclosure
- Bug bounty
- Logging security information
- Security information and event management
- Monitoring activities
- Endpoint monitoring
- Automation and orchestration
- TLS and SSL
- IPSec
- Securing common protocols
- DKIM, DMARC, and SPF
- Email gateways
- Identification, authentication, authorization, and accounting
- Usernames and access cards
- Biometrics
- Registration and identity proofing
- Authentication factors
- Multifactor authentication
- Something you have
- Password policy
- Password managers
- Passwordless authentication
- Single sign-on and federation
- Kerberos and LDAP
- SAML
- OAUTH and OpenID Connect
- Certificate-based authentication
- Understanding authorization
- Mandatory access controls
- Discretionary access controls
- Access control lists
- Advanced authorization concepts
- Understanding account and privilege management
- Privileged access management
- Provisioning and deprovisioning
- Build an incident response program
- Incident identification
- Escalation and notification
- Mitigation
- Containment techniques
- Incident eradication and recovery
- Post-incident activities
- Incident response training and testing
- Introduction to forensics
- System and file forensics
- Chain of custody
- E-discovery and evidence production
- Investigation data sources
- Continuing your studies
Taught by
Mike Chapple