The CompTIA Security+ Certification (Exam SY0-401) is a vendor neutral credential. The CompTIA Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, troubleshoot security events and incidents, and operate with an awareness of applicable policies, laws, and regulations.
The CompTIA Security+ Certification is aimed at an IT security professional who has:
- A minimum of 2 years’ experience in IT administration with a focus on security
- Day to day technical information security experience.
- Broad knowledge of security concerns and implementation.
1.0 NETWORK SECURITY
- 1.1 Implement security configuration parameters on network devices and other technologies.
- 1.2 Given a scenario, use secure network administration principles.
- 1.3 Explain network design elements and components.
- 1.4 Given a scenario, implement common protocols and services.
- 1.5 Given a scenario, troubleshoot security issues related to wireless networking.
2.0 COMPLIANCE AND OPERATIONAL SECURITY
- 2.1 Explain the importance of risk related concepts.
- 2.2 Summarize the security implications of integrating systems and data with third parties.
- 2.3 Given a scenario, implement appropriate risk mitigation strategies.
- 2.4 Given a scenario, implement basic forensic procedures.
- 2.5 Summarize common incident response procedures.
- 2.6 Explain the importance of security related awareness and training.
- 2.7 Compare physical security and environmental controls.
- 2.8 Summarize risk management best practices.
- 2.9 Given a scenario, select the appropriate control to meet the goals of security.
3.0 THREATS AND VULNERABILITIES
- 3.1 Explain types of malware.
- 3.2 Summarize various types of attacks.
- 3.3 Summarize social engineering attacks and the associated effectiveness with each attack.
- 3.4 Explain types of wireless attacks.
- 3.5 Explain types of application attacks.
- 3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
- 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
- 3.8 Explain the proper use of penetration testing versus vulnerability scanning.
4.0 APPLICATION, DATA AND HOST SECURITY
- 4.1 Explain the importance of application security controls and techniques.
- 4.2 Summarize mobile security concepts and technologies.
- 4.3 Given a scenario, select the appropriate solution to establish host security.
- 4.4 Implement the appropriate controls to ensure data security.
- 4.5 Compare alternative methods to mitigate security risks in static environments.
5.0 ACCESS CONTROL AND IDENTITY MANAGEMENT
- 5.1 Compare the function and purpose of authentication services.