CompTIA Security+ (SY0-701) Study Guide

Cybersecurity threats are real. Get prepared with our CompTIA Security+ (SY0-701) training course.

(SY0-701.AB1) / ISBN : 978-1-64459-581-7

This course includes

Interactive Lessons

Gamified TestPrep

Hands-On Labs

AI Tutor (Add-on)

Get A Free Trial

This course includes:

Free pre-assessment and first 2 lessons

30+ Interactive Lessons | 592+ Exercises

Accessible on mobile and tablet too

Certificate of completion

About This Course

This CompTIA Security+ (SY0-701) study guide gives you everything you need to excel in cybersecurity. We'll explore core security concepts, delve into exam objectives, and teach you how to combat evolving threats like malware and social engineering. You'll master cryptography for secure communication, identity, access management, incident response, and digital forensics.

Skills You’ll Get

Grasp fundamental cybersecurity concepts, threats, and controls.

Understand the key areas tested on the Security+ (SY0-701) exam.

Identify and mitigate evolving cybersecurity threats.

Implement effective security measures to combat malware, social engineering, and network attacks.

Apply cryptographic concepts for secure communication.

Master user authentication, authorization, and access control principles.

Design secure networks and protect endpoints like operating systems and mobile devices.

Navigate the security complexities of cloud and virtualized environments.

Monitor security events, respond to incidents effectively, and conduct digital forensics investigations.

Comprehend the importance of security policies, compliance frameworks, and risk management practices.

Interactive Lessons

30+ Interactive Lessons | 592+ Exercises | 267+ Quizzes | 678+ Flashcards | 678+ Glossary of terms

Gamified TestPrep

90+ Pre Assessment Questions | 2+ Full Length Tests | 90+ Post Assessment Questions | 180+ Practice Test Questions

Hands-On Labs

48+ LiveLab | 48+ Video tutorials | 02+ Hours

Lesson Plan

Introduction

Goals and Methods
Who Should Read This Course?
CompTIA Security+ Exam Topics

Comparing and Contrasting the Various Types of Controls

Control Categories
Control Types
Review Key Topics
Review Questions

Summarizing Fundamental Security Concepts

Confidentiality, Integrity, and Availability (CIA)
Non-repudiation
Authentication, Authorization, and Accounting (AAA)
Gap Analysis
Zero Trust
Physical Security
Deception and Disruption Technology
Review Key Topics
Review Questions

Understanding Change Management’s Security Impact

Business Processes Impacting Security Operations
Technical Implications
Documentation
Version Control
Review Key Topics
Review Questions

Understanding the Importance of Using Appropriate Cryptographic Solutions

Public Key Infrastructure (PKI)
Encryption
Transport/Communication
Symmetric Versus Asymmetric Encryption
Key Exchange
Algorithms
Key Length
Tools
Trusted Platform Module
Hardware Security Module
Key Management System
Secure Enclave
Obfuscation
Steganography
Hashing
Salting
Digital Signatures
Key Stretching
Blockchain
Open Public Ledger
Certificates
Review Key Topics
Review Questions

Comparing and Contrasting Common Threat Actors and Motivations

Threat Actors
Attributes of Actors
Motivations
War
Review Key Topics
Review Questions

Understanding Common Threat Vectors and Attack Surfaces

Message-Based
Image-Based
File-Based
Voice Call
Removable Device
Vulnerable Software
Unsupported Systems and Applications
Unsecure Networks
Open Service Ports
Default Credentials
Supply Chain
Human Vectors/Social Engineering
Review Key Topics
Review Questions

Understanding Various Types of Vulnerabilities

Application
Operating System (OS)–Based
Web-Based
Hardware
Virtualization
Cloud Specific
Supply Chain
Cryptographic
Misconfiguration
Mobile Device
Zero-Day Vulnerabilities
Review Key Topics
Review Questions

Understanding Indicators of Malicious Activity

Malware Attacks
Physical Attacks
Network Attacks
Application Attacks
Cryptographic Attacks
Password Attacks
Indicators
Review Key Topics
Review Questions

Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise

Segmentation
Access Control
Isolation
Patching
Encryption
Monitoring
Least Privilege
Configuration Enforcement
Decommissioning
Hardening Techniques
Review Key Topics
Review Questions

Comparing and Contrasting Security Implications of Different Architecture Models

Architecture and Infrastructure Concepts
Considerations
Review Key Topics
Review Questions

Applying Security Principles to Secure Enterprise Infrastructure

Infrastructure Considerations
Secure Communication/Access
Selection of Effective Controls
Review Key Topics
Review Questions

Comparing and Contrasting Concepts and Strategies to Protect Data

Data Types
Data Classifications
General Data Considerations
Methods to Secure Data
Review Key Topics
Review Questions

Understanding the Importance of Resilience and Recovery in Security Architecture

High Availability
Site Considerations
Platform Diversity
Multi-Cloud System
Continuity of Operations
Capacity Planning
Testing
Backups
Power
Review Key Topics
Review Questions

Applying Common Security Techniques to Computing Resources

Secure Baselines
Hardening Targets
Wireless Devices
Mobile Solutions
Connection Methods
Wireless Security Settings
Application Security
Sandboxing
Monitoring
Review Key Topics
Review Questions

Understanding the Security Implications of Hardware, Software, and Data Asset Management

Acquisition/Procurement Process
Assignment/Accounting
Monitoring/Asset Tracking
Disposal/Decommissioning
Review Key Topics
Review Questions

Understanding Various Activities Associated with Vulnerability Management

Identification Methods
Analysis
Vulnerability Response and Remediation
Validation of Remediation
Reporting
Review Key Topics
Review Questions

Understanding Security Alerting and Monitoring Concepts and Tools

Monitoring and Computing Resources
Activities
Tools
Review Key Topics
Review Questions

Modifying Enterprise Capabilities to Enhance Security

Firewall
IDS/IPS
Web Filter
Operating System Security
Implementation of Secure Protocols
DNS Filtering
Email Security
File Integrity Monitoring
DLP
Network Access Control (NAC)
Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
User Behavior Analytics
Review Key Topics
Review Questions

Implementing and Maintaining Identity and Access Management

Provisioning/De-provisioning User Accounts
Permission Assignments and Implications
Identity Proofing
Federation
Single Sign-On (SSO)
Interoperability
Attestation
Access Controls
Multifactor Authentication (MFA)
Password Concepts
Privileged Access Management Tools
Review Key Topics
Review Questions

Understanding the Importance of Automation and Orchestration Related to Secure Operations

Use Cases of Automation and Scripting
Benefits
Other Considerations
Review Key Topics
Review Questions

Understanding Appropriate Incident Response Activities

Process
Training
Testing
Root Cause Analysis
Threat Hunting
Digital Forensics
Review Key Topics
Review Questions

Using Data Sources to Support an Investigation

Log Data
Data Sources
Review Key Topics
Review Questions

Summarizing Elements of Effective Security Governance

Guidelines
Policies
Standards
Procedures
External Considerations
Monitoring and Revision
Types of Governance Structures
Roles and Responsibilities for Systems and Data
Review Key Topics
Review Questions

Understanding Elements of the Risk Management Process

Risk Identification
Risk Assessment
Risk Analysis
Risk Register
Risk Tolerance
Risk Appetite
Risk Management Strategies
Risk Reporting
Business Impact Analysis
Review Key Topics
Review Questions

Understanding the Processes Associated with Third-Party Risk Assessment and Management

Vendor Assessment
Vendor Selection
Agreement Types
Vendor Monitoring
Questionnaires
Rules of Engagement
Review Key Topics
Review Questions

Summarizing Elements of Effective Security Compliance

Compliance Reporting
Consequences of Non-compliance
Compliance Monitoring
Attestation and Acknowledgment
Privacy
Review Key Topics
Review Questions

Understanding Types and Purposes of Audits and Assessments

Attestation
Internal
External
Penetration Testing
Review Key Topics
Review Questions

Implementing Security Awareness Practices

Phishing
Anomalous Behavior Recognition
User Guidance and Training
Reporting and Monitoring
Development
Execution
Review Key Topics
Review Questions

Final Preparation

Hands-on Activities
Suggested Plan for Final Review and Study
Summary

Hands-on LAB Activities

Summarizing Fundamental Security Concepts

Identifying Access Badge Areas
Implementing Physical Security

Understanding the Importance of Using Appropriate Cryptographic Solutions

Examining PKI Certificates
Creating Asymmetric Key Pairs
Using Symmetric Encryption
Using BitLocker in Windows 10
Performing Steganography Using OpenStego
Encrypting Files with EFS
Creating Certificates with OpenSSL

Understanding Common Threat Vectors and Attack Surfaces

Scanning the Network
Using Social Engineering Techniques to Plan an Attack

Understanding Various Types of Vulnerabilities

Exploiting a TOCTOU Vulnerability
Exploiting an Overflow Vulnerability
Examining Application Vulnerabilities
Performing SQL Injection in DVWA
Performing an XSS Attack in DVWA
Detecting Virtualization

Understanding Indicators of Malicious Activity

Opening OWASP ZAP and Starting Brute Force Attack
Examining Spyware
Spoofing a MAC Address with SMAC
Using Amazon Transcribe and Polly
Observing an MD5-Generated Hash Value
Conducting a Cross-Site Request Forgery Attack
Cracking Passwords Using the Cain & Abel Tool
Cracking a Linux Password Using John the Ripper

Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise

Using the chmod Command

Applying Security Principles to Secure Enterprise Infrastructure

Implementing a Proxy Server
Binding a Site Using IIS
Configuring a VPN
Examining Kerberos Settings

Comparing and Contrasting Concepts and Strategies to Protect Data

Creating File Hashes

Understanding the Importance of Resilience and Recovery in Security Architecture

Gathering Site Information
Scheduling a Server Backup

Applying Common Security Techniques to Computing Resources

Creating and Enforcing a Security Template
Enforcing Password Policies
Installing a RADIUS Server

Understanding Security Alerting and Monitoring Concepts and Tools

Conducting Vulnerability Scanning Using Nessus
Consulting a Vulnerability Database

Modifying Enterprise Capabilities to Enhance Security

Configuring a Network Firewall

Implementing and Maintaining Identity and Access Management

Examining Active Directory Objects

Understanding Appropriate Incident Response Activities

Examining MITRE ATT&CK
Completing the Chain of Custody

Using Data Sources to Support an Investigation

Viewing Linux Event Logs
Viewing Windows Event Logs
Capturing Credentials On-Path

Summarizing Elements of Effective Security Governance

Cracking Passwords Using Rainbow Tables

Understanding Types and Purposes of Audits and Assessments

Using the theHarvester Tool

Implementing Security Awareness Practices

Using Anti-Phishing Tools

Complete A+ Guide to IT Hardware and Software (1101/1102)

ISBN: 978-1-64459-384-4
CompTIA 220-1101-1102-SCH.AB1

Try Buy Now

CompTIA A+ Core 1 (220-1101) and Core 2 (220-1102)

ISBN: 978-1-64459-396-7
CompTIA 220-1101-1102.AB1

Try Buy Now

CompTIA A+ (220-1101 & 220-1102)

ISBN: 978-1-64459-528-2
CompTIA 220-1101-1102.AE2

Try Buy Now

CompTIA A+ (220-1102)

ISBN: 978-1-64459-532-9
CompTIA 220-1102.AE2

Try Buy Now

CASP+ CompTIA Advanced Security Practitioner (CAS-004)

ISBN: 978-1-64459-392-9
CompTIA CAS-004.AE1

Try Buy Now

CompTIA Cloud Essentials (CLO-002)

ISBN: 978-1-64459-530-5
CompTIA CLO-002.AE2

Try Buy Now

CompTIA CYSA+ (CS0-003)

ISBN: 978-1-64459-602-9
CompTIA CS0-003.AE2

Try Buy Now

CompTIA Security+ (SY0-701) Study Guide