CompTIA Security+ Objectives

822 views
719 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
822
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CompTIA Security+ Objectives

  1. 1. CompTIA Security+ Certification Exam Objectives 1 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.Certification ExamObjectives: SY0-301INTRODUCTIONThe CompTIA Security+ Certification is a vendor neutral credential. The CompTIA Security+exam is an internationally recognized validation of foundation-level security skills and knowledge,and is used by organizations and security professionals around the globe.The CompTIA Security+ exam will certify that the successful candidate has the knowledge andskills required to identify risk and participate in risk mitigation activities, provide infrastructure,application, operational and information security, apply security controls to maintainconfidentiality, integrity and availability, identify appropriate technologies and products, andoperate with an awareness of applicable policies, laws and regulations.The CompTIA Security+ Certification is aimed at an IT security professional who has: A minimum of 2 years experience in IT administration with a focus on security Day to day technical information security experience Broad knowledge of security concerns and implementation including the topics in thedomain list belowCompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard and,as such, undergoes regular reviews and updates to the exam objectives. The following CompTIASecurity+ objectives reflect the subject areas in this edition of this exam, and result from subjectmatter expert workshops and industry-wide survey results regarding the skills and knowledgerequired of an information security professional with two years of experience.This examination blueprint includes domain weighting, test objectives, and example content.Example topics and concepts are included to clarify the test objectives and should not beconstrued as a comprehensive listing of all the content of this examination.The table below lists the domain areas measured by this examination and the approximate extentto which they are represented in the examination:Domain % of Examination1.0 Network Security 21%2.0 Compliance and Operational Security 18%3.0 Threats and Vulnerabilities 21%4.0 Application, Data and Host Security 16%5.0 Access Control and Identity Management 13%6.0 Cryptography 11%Total 100%**Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists.Other examples of technologies, processes or tasks pertaining to each objective may also be included onthe exam although not listed or covered in this objectives document.
  2. 2. CompTIA Security+ Certification Exam Objectives 2 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.1.0 Network Security1.1 Explain the security function and purpose of network devices andtechnologies Firewalls Routers Switches Load Balancers Proxies Web security gateways VPN concentrators NIDS and NIPS (Behavior based, signature based, anomaly based,heuristic) Protocol analyzers Sniffers Spam filter, all-in-one security appliances Web application firewall vs. network firewall URL filtering, content inspection, malware inspection1.2 Apply and implement secure network administration principles Rule-based management Firewall rules VLAN management Secure router configuration Access control lists Port Security 802.1x Flood guards Loop protection Implicit deny Prevent network bridging by network separation Log analysis1.3 Distinguish and differentiate network design elements and components DMZ Subnetting VLAN NAT Remote Access Telephony NAC Virtualization Cloud Computingo Platform as a Serviceo Software as a Serviceo Infrastructure as a Service1.4 Implement and use common protocols IPSec SNMP
  3. 3. CompTIA Security+ Certification Exam Objectives 3 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice. SSH DNS TLS SSL TCP/IP FTPS HTTPS SFTP SCP ICMP IPv4 vs. IPv61.5 Identify commonly used default network ports FTP SFTP FTPS TFTP TELNET HTTP HTTPS SCP SSH NetBIOS1.6 Implement wireless network in a secure manner WPA WPA2 WEP EAP PEAP LEAP MAC filter Disable SSID broadcast TKIP CCMP Antenna Placement Power level controls2.0 Compliance and Operational Security2.1 Explain risk related concepts Control typeso Technicalo Managemento Operational False positives Importance of policies in reducing risko Privacy policyo Acceptable useo Security policyo Mandatory vacations
  4. 4. CompTIA Security+ Certification Exam Objectives 4 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.o Job rotationo Separation of dutieso Least privilege Risk calculationo Likelihoodo ALEo Impact Quantitative vs. qualitative Risk-avoidance, transference, acceptance, mitigation, deterrence Risks associated to Cloud Computing and Virtualization2.2 Carry out appropriate risk mitigation strategies Implement security controls based on risk Change management Incident management User rights and permissions reviews Perform routine audits Implement policies and procedures to prevent data loss or theft2.3 Execute appropriate incident response procedures Basic forensic procedureso Order of volatilityo Capture system imageo Network traffic and logso Capture videoo Record time offseto Take hasheso Screenshotso Witnesseso Track man hours and expense Damage and loss control Chain of custody Incident response: first responder2.4 Explain the importance of security related awareness and training Security policy training and procedures Personally identifiable information Information classification: Sensitivity of data (hard or soft) Data labeling, handling and disposal Compliance with laws, best practices and standards User habitso Password behaviorso Data handlingo Clean desk policieso Prevent tailgatingo Personally owned devices Threat awarenesso New viruseso Phishing attackso Zero days exploits Use of social networking and P2P2.5 Compare and contrast aspects of business continuity Business impact analysis
  5. 5. CompTIA Security+ Certification Exam Objectives 5 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice. Removing single points of failure Business continuity planning and testing Continuity of operations Disaster recovery IT contingency planning Succession planning2.6 Explain the impact and proper use of environmental controls HVAC Fire suppression EMI shielding Hot and cold aisles Environmental monitoring Temperature and humidity controls Video monitoring2.7 Execute disaster recovery plans and procedures Backup / backout contingency plans or policies Backups, execution and frequency Redundancy and fault toleranceo Hardwareo RAIDo Clusteringo Load balancingo Servers High availability Cold site, hot site, warm site Mean time to restore, mean time between failures, recovery time objectivesand recovery point objectives2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA)3.0 Threats and Vulnerabilities3.1 Analyze and differentiate among types of malware Adware Virus Worms Spyware Trojan Rootkits Backdoors Logic bomb Botnets3.2 Analyze and differentiate among types of attacks Man-in-the-middle DDoS DoS Replay Smurf attack
  6. 6. CompTIA Security+ Certification Exam Objectives 6 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice. Spoofing Spam Phishing Spim Vishing Spear phishing Xmas attack Pharming Privilege escalation Malicious insider threat DNS poisoning and ARP poisoning Transitive access Client-side attacks3.3 Analyze and differentiate among types of social engineering attacks Shoulder surfing Dumpster diving Tailgating Impersonation Hoaxes Whaling Vishing3.4 Analyze and differentiate among types of wireless attacks Rogue access points Interference Evil twin War driving Bluejacking Bluesnarfing War chalking IV attack Packet sniffing3.5 Analyze and differentiate among types of application attacks Cross-site scripting SQL injection LDAP injection XML injection Directory traversal/command injection Buffer overflow Zero-day Cookies and attachments Malicious add-ons Session hijacking Header manipulation3.6 Analyze and differentiate among types of mitigation and deterrent techniques Manual bypassing of electronic controlso Failsafe/secure vs. failopen Monitoring system logso Event logso Audit logs
  7. 7. CompTIA Security+ Certification Exam Objectives 7 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.o Security logso Access logs Physical securityo Hardware lockso Mantrapso Video surveillanceo Fencingo Proximity readerso Access list Hardeningo Disabling unnecessary serviceso Protecting management interfaces and applicationso Password protectiono Disabling unnecessary accounts Port securityo MAC limiting and filteringo 802.1xo Disabling unused ports Security postureo Initial baseline configurationo Continuous security monitoringo remediation Reportingo Alarmso Alertso Trends Detection controls vs. prevention controlso IDS vs. IPSo Camera vs. guard3.7 Implement assessment tools and techniques to discover security threats andvulnerabilities Vulnerability scanning and interpret results Toolso Protocol analyzero Sniffero Vulnerability scannero Honeypotso Honeynetso Port scanner Risk calculationso Threat vs. likelihood Assessment typeso Risko Threato Vulnerability Assessment techniqueo Baseline reportingo Code reviewo Determine attack surfaceo Architectureo Design reviews3.8 Within the realm of vulnerability assessments, explain the proper use ofpenetration testing versus vulnerability scanning
  8. 8. CompTIA Security+ Certification Exam Objectives 8 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice. Penetration testingo Verify a threat existso Bypass security controlso Actively test security controlso Exploiting vulnerabilities Vulnerability scanningo Passively testing security controlso Identify vulnerabilityo Identify lack of security controlso Identify common misconfiguration Black box White box Gray box4.0 Application, Data and Host Security4.1 Explain the importance of application security Fuzzing Secure coding conceptso Error and exception handlingo Input validation Cross-site scripting prevention Cross-site Request Forgery (XSRF) prevention Application configuration baseline (proper settings) Application hardening Application patch management4.2 Carry out appropriate procedures to establish host security Operating system security and settings Anti-malwareo Anti-viruso Anti-spamo Anti-spywareo Pop-up blockerso Host-based firewalls Patch management Hardware securityo Cable lockso Safeo Locking cabinets Host software baselining Mobile deviceso Screen locko Strong passwordo Device encryptiono Remote wipe/sanitizationo Voice encryptiono GPS tracking Virtualization4.3 Explain the importance of data security
  9. 9. CompTIA Security+ Certification Exam Objectives 9 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice. Data Loss Prevention (DLP) Data encryptiono Full disko Databaseo Individual fileso Removable mediao Mobile devices Hardware based encryption deviceso TPMo HSMo USB encryptiono Hard drive Cloud computing5.0 Access Control and Identity Management5.1 Explain the function and purpose of authentication services RADIUS TACACS TACACS+ Kerberos LDAP XTACACS5.2 Explain the fundamental concepts and best practices related to authentication,authorization and access control Identification vs. authentication Authentication (single factor) and authorization Multifactor authentication Biometrics Tokens Common access card Personal identification verification card Smart card Least privilege Separation of duties Single sign on ACLs Access control Mandatory access control Discretionary access control Role/rule-based access control Implicit deny Time of day restrictions Trusted OS Mandatory vacations Job rotation5.3 Implement appropriate security controls when performing accountmanagement Mitigates issues associated with users with multiple account/roles Account policy enforcement
  10. 10. CompTIA Security+ Certification Exam Objectives 10 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.o Password complexityo Expirationo Recoveryo Lengtho Disablemento Lockout Group based privileges User assigned privileges6.0 Cryptography6.1 Summarize general cryptography concepts Symmetric vs. asymmetric Fundamental differences and encryption methodso Block vs. stream Transport encryption Non-repudiation Hashing Key escrow Steganography Digital signatures Use of proven technologies Elliptic curve and quantum cryptography6.2 Use and apply appropriate cryptographic tools and products WEP vs. WPA/WPA2 and preshared key MD5 SHA RIPEMD AES DES 3DES HMAC RSA RC4 One-time-pads CHAP PAP NTLM NTLMv2 Blowfish PGP/GPG Whole disk encryption TwoFish Comparative strengths of algorithms Use of algorithms with transport encryptiono SSLo TLSo IPSeco SSHo HTTPS
  11. 11. CompTIA Security+ Certification Exam Objectives 11 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.6.3 Explain the core concepts of public key infrastructure Certificate authorities and digital certificateso CAo CRLs PKI Recovery agent Public key Private key Registration Key escrow Trust models6.4 Implement PKI, certificate management and associated components Certificate authorities and digital certificateso CAo CRLs PKI Recovery agent Public key Private keys Registration Key escrow Trust models
  12. 12. CompTIA Security+ Certification Exam Objectives 12 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.SECURITY+ ACRONYMS3DES – Triple Digital Encryption StandardAAA – Authentication, Authorization, and AccountingACL – Access Control ListAES - Advanced Encryption StandardAES256 – Advanced Encryption Standards 256bitAH - Authentication HeaderALE - Annualized Loss ExpectancyAP - Access PointAPI - Application Programming InterfaceASP - Application Service ProviderARO - Annualized Rate of OccurrenceARP - Address Resolution ProtocolAUP - Acceptable Use PolicyBCP – Business Continuity PlanningBIOS – Basic Input / Output SystemBOTS – Network RobotsCA – Certificate AuthorityCAC - Common Access CardCAN - Controller Area NetworkCCMP – Counter-Mode/CBC-Mac ProtocolCCTV - Closed-circuit televisionCERT – Computer Emergency Response TeamCHAP – Challenge Handshake Authentication ProtocolCIRT – Computer Incident Response TeamCMM – Capability Maturity ModelCOOP – Continuity of Operation PlanningCP – Contingency PlanningCRC – Cyclical Redundancy CheckCRL – Certification Revocation ListCSU – Channel Service UnitDAC – Discretionary Access ControlDDOS – Distributed Denial of ServiceDEP – Data Execution PreventionDES – Digital Encryption StandardDHCP – Dynamic Host Configuration ProtocolDLL - Dynamic Link LibraryDLP - Data Loss PreventionDMZ – Demilitarized ZoneDNS – Domain Name Service (Server)DOS – Denial of Service
  13. 13. CompTIA Security+ Certification Exam Objectives 13 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.DRP – Disaster Recovery PlanDSA – Digital Signature AlgorithmDSL - Digital Subscriber lineDSU – Data Service UnitEAP - Extensible Authentication ProtocolECC - Elliptic Curve CryptographyEFS – Encrypted File SystemEMI – Electromagnetic InterferenceESP – Encapsulated Security PayloadFTP – File Transfer ProtocolGPO – Group Policy ObjectGPU - Graphic Processing UnitGRE - Generic Routing EncapsulationHDD – Hard Disk DriveHIDS – Host Based Intrusion Detection SystemHIPS – Host Based Intrusion Prevention SystemHMAC – Hashed Message Authentication CodeHSM – Hardware Security ModuleHTML – HyperText Markup LanguageHTTP – Hypertext Transfer ProtocolHTTPS – Hypertext Transfer Protocol over SSLHVAC – Heating, Ventilation Air ConditioningIaaS - Infrastructure as a ServiceICMP - Internet Control Message ProtocolID – IdentificationIKE – Internet Key ExchangeIM - Instant messagingIMAP4 - Internet Message Access Protocol v4IP - Internet ProtocolIPSEC – Internet Protocol SecurityIRC - Internet Relay ChatISP – Internet Service ProviderITCP – IT Contingency PlanIV - Initialization VectorKDC - Key Distribution CenterL2TP – Layer 2 Tunneling ProtocolLAN – Local Area NetworkLANMAN – Local Area Network ManagerLDAP – Lightweight Directory Access ProtocolLEAP – Lightweight Extensible Authentication ProtocolMAC – Mandatory Access Control / Media Access ControlMAC - Message Authentication Code
  14. 14. CompTIA Security+ Certification Exam Objectives 14 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.MAN - Metropolitan Area NetworkMBR – Master Boot RecordMD5 – Message Digest 5MPLS – Multi-Protocol Layer SwitchMSCHAP – Microsoft Challenge Handshake AuthenticationProtocolMTBF – Mean Time Between FailuresMTTR – Mean Time to RecoverMTU - Maximum Transmission UnitNAC – Network Access ControlNAT – Network Address TranslationNDA – Non-Disclosure AgreementNIDS – Network Based Intrusion Detection SystemNIPS – Network Based Intrusion Prevention SystemNIST – National Institute of Standards & TechnologyNOS – Network Operating SystemNTFS - New Technology File SystemNTLM – New Technology LANMANNTP - Network Time ProtocolOCSP – Online Certification Security ProtocolOLA – Open License AgreementOS – Operating SystemOVAL – Open Vulnerability Assessment LanguagePAM – Pluggable Authentication ModulesPAP – Password Authentication ProtocolPAT - Port Address TranslationPBX – Private Branch ExchangePCAP – Packet CapturePEAP – Protected Extensible Authentication ProtocolPED - Personal Electronic DevicePGP – Pretty Good PrivacyPII – Personally Identifiable InformationPIV – Personal Identity VerificationPKI – Public Key InfrastructurePOTS – Plain Old Telephone ServicePPP - Point-to-point ProtocolPPTP – Point to Point Tunneling ProtocolPSK – Pre-Shared KeyPTZ – Pan-Tilt-ZoomRA – Recovery AgentRAD - Rapid application developmentRADIUS – Remote Authentication Dial-in User ServerRAID – Redundant Array of Inexpensive Disks
  15. 15. CompTIA Security+ Certification Exam Objectives 15 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.RAS – Remote Access ServerRBAC – Role Based Access ControlRBAC – Rule Based Access ControlRIPEMD – RACE Integrity Primitives Evaluation Message DigestROI – Return of InvestmentRPO – Recovery Point ObjectiveRSA – Rivest, Shamir, & AdlemanRTO – Recovery Time ObjectiveRTP – Real-Time Transport ProtocolS/MIME – Secure / Multipurpose internet Mail ExtensionsSAML – Security Assertions Markup LanguageSaaS - Software as a ServiceSCAP - Security Content Automation ProtocolSCSI - Small Computer System InterfaceSDLC - Software Development Life CycleSDLM - Software Development Life Cycle MethodologySEH – Structured Exception HandlerSHA – Secure Hashing AlgorithmSHTTP – Secure Hypertext Transfer ProtocolSIM – Subscriber Identity ModuleSLA – Service Level AgreementSLE - Single Loss ExpectancySMS - Short Message ServiceSMTP – Simple Mail Transfer ProtocolSNMP - Simple Network Management ProtocolSOAP – Simple Object Access PointSONET – Synchronous Optical Network TechnologiesSPIM - Spam over Internet MessagingSSD – Solid State DriveSSH – Secure ShellSSL – Secure Sockets LayerSSO – Single Sign OnSTP – Shielded Twisted PairTACACS – Terminal Access Controller Access Control SystemTCP/IP – Transmission Control Protocol / Internet ProtocolTKIP - Temporal Key Integrity ProtocolTLS – Transport Layer SecurityTPM – Trusted Platform ModuleTSIG – Transaction SignatureUAT - User Acceptance TestingUEFI – Unified Extensible Firmware InterfaceUPS - Uninterruptable Power Supply
  16. 16. CompTIA Security+ Certification Exam Objectives 16 of 16Copyright 2010 by the Computing Technology Industry Association. All rights reserved.The CompTIA Security+ Certification Exam Objectives are subject to change without notice.URL - Universal Resource LocatorUSB – Universal Serial BusUTP – Unshielded Twisted PairVDI – Virtualization Desktop InfrastructureVLAN – Virtual Local Area NetworkVoIP - Voice over IPVPN – Virtual Private NetworkVTC – Video TeleconferencingWAF- Web-Application FirewallWAP – Wireless Access PointWEP – Wired Equivalent PrivacyWIDS – Wireless Intrusion Detection SystemWIPS – Wireless Intrusion Prevention SystemWPA – Wireless Protected AccessWTLS – Wireless TLSXML – Extensible Markup LanguageXSRF - Cross-Site Request ForgeryXSRF- Cross-Site Request ForgeryXSS - Cross-Site ScriptingVersion 2.0

×