Curriculum

9 Topics
Confidentiality Integrity and Availability (CIA)
Non-repudiation
Authentication Authorization and Accounting (AAA)
Gap analysis
Zero Trust
Physical security
Deception and disruption technology
Security control categories
Security control types

15 Topics
Threat actors
Attributes of actors
Motivations
Message-based
Image-based
File-based
Voice call
Removable device
Vulnerable software
Unsupported systems and applications
Unsecure networks
Open service ports
Default credentials
Supply chain
Human vectors/social engineering

11 Topics
Public key infrastructure (PKI)
Encryption
Tools
Obfuscation
Hashing
Salting
Digital signatures
Key stretching
Blockchain
Open public ledger
Certificates

11 Topics
Provisioning/de-provisioning user accounts
Permission assignments and implications
Identity proofing
Federation
Single sign-on (SSO)
Interoperability
Attestation
Access controls
Multifactor authentication
Password concepts
Privileged access management tools

5 Topics
Architecture and infrastructure concepts
Considerations
Infrastructure considerations
Secure communication/access
Selection of effective controls

13 Topics
High availability
Site considerations
Platform diversity
Multi-cloud systems
Continuity of operations
Capacity planning
Testing
Backups
Power
Acquisition/procurement process
Assignment/accounting
Monitoring/asset tracking
Disposal/decommissioning

16 Topics
Application
Operating system (OS)-based
Web-based
Hardware
Virtualization
Cloud-specific
Supply chain
Cryptographic
Misconfiguration
Mobile device
Zero-day
Identification methods
Analysis
Vulnerability response and remediation
Validation of remediation
Reporting

20 Topics
Secure baselines
Hardening targets
Wireless devices
Mobile solutions
Wireless security settings
Application security
Sandboxing
Monitoring
Firewall
IDS/IPS
Web filter
Operating system security
Implementation of secure protocols
DNS filtering
Email security
File integrity monitoring
DLP
Network access control (NAC)
Endpoint detection and response (EDR)/extended detection and response (XDR)
User behavior analytics

11 Topics
Segmentation
Access control
Application allow list
Isolation
Patching
Encryption
Monitoring
Least privilege
Configuration enforcement
Decommissioning
Hardening techniques

11 Topics
Monitoring computing resources
Activities
Tools
Process
Training
Testing
Root cause analysis
Threat hunting
Digital forensics
Log data
Data sources

7 Topics
Malware attacks
Physical attacks
Network attacks
Application attacks
Cryptographic attacks
Password attacks
Indicators

14 Topics
Business processes impacting security operation
Technical implications
Documentation
Version control
Use cases of automation and scripting
Benefits
Guidelines
Policies
Standards
Procedures
External considerations
Monitoring and revision
Types of governance structures
Roles and responsibilities for systems and data

19 Topics
Risk identification
Risk assessment
Risk analysis
Risk register
Risk tolerance
Risk appetite
Risk management strategies
Risk reporting
Business impact analysis
Vendor assessment
Vendor selection
Agreement types
Vendor monitoring
Questionnaires
Rules of engagement
Attestation
Internal
External
Penetration testing

14 Topics
Data types
Data classifications
General data considerations
Methods to secure data
Compliance reporting
Consequences of non-compliance
Compliance monitoring
Privacy
Phishing
Anomalous behavior recognition
User guidance and training
Reporting and monitoring
Development
Execution

  Write a Review

CompTIA Security (SY0-701) Exam - Certification Training Course

Go to Paid Course