Pearson CompTIA: Security SY0-401

(pearson-SY0-401-complete)/ISBN:978-1-61691-515-5

This course includes
Lessons
TestPrep
Lab

Gain hands-on expertise in CompTIA Security+ certification exam by Pearson CompTIA: Security+ SY0-401 course and performance-based labs. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. Pearson CompTIA: Security+ SY0-401 course and performance-based labs cover all the objectives of CompTIA Security+ SY0-401 exam which include the application of security controls to identify risk, participate in risk mitigation activities, provide infrastructure, information, operational, and application security.

Here's what you will get

CompTIA Security+ is a standalone certification from CompTIA with the exam code SY0-401. This certification covers the most important principles for securing a network and managing risk. The CompTIA Network+ certification is recommended before taking the Security+ exam. CompTIA Security+ is an entry-level, international, vendor-neutral credential designed for IT security professionals to maintain confidentiality, integrity, and availability; identification of appropriate technologies and products; troubleshooting security events and incidents, and much more. 

Lessons

21+ Lessons | 100+ Quizzes | 276+ Flashcards | 176+ Glossary of terms

TestPrep

105+ Pre Assessment Questions | 2+ Full Length Tests | 100+ Post Assessment Questions | 160+ Practice Test Questions

Hand on lab

128+ LiveLab | 51+ Video tutorials | 25+ Minutes

Video Lessons

31+ Videos | 04:45+ Hours

Here's what you will learn

Download Course Outline

Lessons 1:

Lessons 2: Introduction to Security

  • Security 101
  • Think Like a Hacker
  • Chapter Review Activities

Lessons 3: Computer Systems Security

  • Computer Systems Security Threats
  • Implementing Security Applications
  • Securing Computer Hardware, Peripherals, and Mobile Devices
  • Chapter Review Activities
  • Case Studies for Chapter 2

Lessons 4: OS Hardening and Virtualization

  • Hardening Operating Systems
  • Virtualization Technology
  • Chapter Review Activities
  • Case Studies for Chapter 3

Lessons 5: Application Security

  • Securing the Browser
  • Securing Other Applications
  • Secure Programming
  • Chapter Review Activities
  • Case Studies for Chapter 4

Lessons 6: Network Design Elements

  • Network Design
  • Cloud Security and Server Defense
  • Chapter Review Activities
  • Case Studies for Chapter 5

Lessons 7: Networking Protocols and Threats

  • Ports and Protocols
  • Malicious Attacks
  • Chapter Review Activities
  • Case Studies for Chapter 6

Lessons 8: Network Perimeter Security

  • Firewalls and Network Security
  • NIDS Versus NIPS
  • Chapter Review Activities
  • Case Studies for Chapter 7

Lessons 9: Securing Network Media and Devices

  • Securing Wired Networks and Devices
  • Chapter Review Activities
  • Case Studies for Chapter 8

Lessons 10: Physical Security and Authentication Models

  • Physical Security
  • Authentication Models and Components
  • Chapter Review Activities
  • Case Studies for Chapter 9

Lessons 11: Access Control Methods and Models

  • Access Control Models Defined
  • Rights, Permissions, and Policies
  • Chapter Review Activities
  • Case Studies for Chapter 10

Lessons 12: Vulnerability and Risk Assessment

  • Conducting Risk Assessments
  • Assessing Vulnerability with Security Tools
  • Chapter Review Activities
  • Case Studies for Chapter 11

Lessons 13: Monitoring and Auditing

  • Monitoring Methodologies
  • Using Tools to Monitor Systems and Networks
  • Conducting Audits
  • Chapter Review Activities
  • Case Studies for Chapter 12

Lessons 14: Encryption and Hashing Concepts

  • Cryptography Concepts
  • Encryption Algorithms
  • Hashing Basics
  • Chapter Review Activities
  • Case Studies for Chapter 13

Lessons 15: PKI and Encryption Protocols

  • Public Key Infrastructure
  • Web of Trust
  • Security Protocols
  • Chapter Review Activities
  • Case Studies for Chapter 14

Lessons 16: Redundancy and Disaster Recovery

  • Redundancy Planning
  • Disaster Recovery Planning and Procedures
  • Chapter Review Activities
  • Case Study for Chapter 15

Lessons 17: Policies, Procedures, and People

  • Environmental Controls
  • Social Engineering
  • Legislative and Organizational Policies
  • Chapter Review Activities
  • Case Studies for Chapter 16

Lessons 18: Taking the Real Exam

  • Getting Ready and the Exam Preparation Checklist
  • Tips for Taking the Real Exam
  • Beyond the CompTIA Security+ Certification
  • Case Study for Chapter 17

Appendix A: Glossary

Appendix B: Q&A Flash Cards

Appendix C: Activities and Facts

Hands-on LAB Activities (Performance Labs)

Introduction to Security

  • Joining SpyNet community using Windows Defender

Computer Systems Security

  • Configuring Windows firewall settings
  • Identifying types of viruses
  • Identifying the filename extension
  • Identifying types of malware
  • Understanding classification of viruses
  • Scanning the computer
  • Protecting a computer by blocking communications
  • Downloading and installing the Avast antivirus, and scanning the system
  • Creating a new inbound rule
  • Blocking a connection
  • Identifying measures for spamming protection
  • Identifying Intrusion detection key terms
  • Understanding passive responses of intrusion
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • Identifying primary areas of security topologies
  • Working with a host-based IDS
  • Identifying causes of compromised security
  • Viewing the Generate Random Password screenshot
  • Enabling BitLocker
  • Viewing the current version of BIOS
  • Understanding security measures for mobile devices

OS Hardening and Virtualization

  • Identifying methods of updating an operating system
  • Downloading the Windows 7 service pack
  • Viewing the update history and details
  • Understanding methods of OS hardening
  • Sharing a folder with a different user on a single computer
  • Understanding primary virtualization topics
  • Editing a virtual hard disk file

Application Security

  • Configuring IE settings to avoid disruption in computer operations
  • Configuring the settings in Content Advisor
  • Customizing group and user access with MMC
  • Deleting the web browsing history
  • Understanding web-based applications
  • Identifying ethical hacking approaches
  • Understanding types of application attacks

Network Design Elements

  • Understanding the network infrastructure devices
  • Identifying device for network connectivity
  • Identifying PBX system layers
  • Understanding router protocols
  • Understanding the network devices
  • Identifying TCP/IP architecture layer protocols
  • Understanding application layer protocols
  • Understanding Internet layer protocols
  • Spotting the intranet network
  • Identifying technologies to create less vulnerable networks
  • Identifying cloud computing service models
  • Understanding cloud models
  • Identifying service associated with cloud computing
  • Installing the FTP server under the Web Server role

Networking Protocols and Threats

  • Understanding email protocols
  • Understanding TCP/IP protocols
  • Identifying TCP ports
  • Identifying ports and services
  • Understanding protocols
  • Viewing the ARP table
  • Identifying types of system attack
  • Identifying attacks
  • Preventing IP address spoofing

Network Perimeter Security

  • Identifying types of firewall

Securing Network Media and Devices

  • Enabling LMHOSTS lookup
  • Configuring wireless network settings
  • Creating a network bridge

Physical Security and Authentication Models

  • Understanding WAP security levels
  • Identifying physical security devices
  • Configuring NPS Accounting
  • Configuring NPS network policy
  • Identifying the tunnel
  • Identifying wireless protocols
  • Understanding technologies used to communicate in the 802.11 standard
  • Configuring NPS to provide RADIUS authentication
  • Identifying authentication services
  • Identifying types of authentication services
  • Enabling the network policy server
  • Identifying authentication protocols

Access Control Methods and Models

  • Identifying access control methods
  • Turning off the guest account
  • Configuring account time limits
  • Identifying Information models

Vulnerability and Risk Assessment

  • Identifying risk actions
  • Identifying security factors
  • Understanding measures of risk calculation
  • Identifying key aspects of standard documents
  • Performing penetration testing
  • Understanding quantitative risk assessment values
  • Understanding code-breaking techniques
  • Performing XArp software installation
  • Identifying vulnerability scanning tasks
  • Determining vulnerability of a network to attacks

Monitoring and Auditing

  • Understanding key areas of reporting
  • Viewing disk configuration
  • Viewing memory usage of programs
  • Viewing the running processes of all the users
  • Viewing details of an event in Windows Server
  • Adding counters
  • Understanding security posture methods
  • Viewing different event details

Encryption and Hashing Concepts

  • Checking the integrity of messages through MAC values
  • Identifying approaches of non-mathematical cryptography
  • Creating a virtual volume
  • Mounting and dismounting an encrypted volume
  • Understanding public cryptographic initiatives
  • Identifying asymmetric algorithms
  • Encrypting and decrypting a message
  • Encrypting and decrypting a message using the RSA algorithm
  • Encrypting a picture
  • Understanding PKCS standards
  • Identifying cryptographic attacks
  • Identifying hashing algorithm
  • Creating a hash rule in Windows Server 2012

PKI and Encryption Protocols

  • Identifying the authority process
  • Examining certificate details
  • Examining the Microsoft Root Authority certificate details
  • Installing a subordinate Certification Authority
  • Managing the certificate server using the mmc tool
  • Adding the Active Directory Certificate Services role
  • Creating and backing up an encryption certificate
  • Backing up an encryption certificate and key
  • Understanding trust models
  • Understanding PKI trust models
  • Identifying tunneling protocols
  • Identifying protocols for secure connections

Redundancy and Disaster Recovery

  • Understanding models for improving system performance

Policies, Procedures, and People

  • Identifying retardants of fire extinguishers
  • Identifying social engineering attacks
  • Identifying policies
  • Understanding information categories
  • Identifying areas to consider for the business policy

Exam FAQs

CompTIA Network+ and two years of experience in IT administration with a focus on security.

USD 330

Pricing and taxes may vary from country to country.

Multiple choice and performance-based questions

The exam contains 90 90 questions.

90 90 minutes

750

(on a scale of 100 100-900 900)

In the event that you fail your first attempt at passing the SY0-401 examination, CompTIA's retake policy is:

  1. CompTIA does not require a waiting period between the first and second attempt to pass such examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least 14 calendar days from the date of your last attempt before you can retake the exam.
  2. If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  3. A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  4. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

CompTIA Security+ certification are valid for three years from the date the candidate is certified, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.