CompTIA® Security+ Certification Prep 2

About This Course

The U.S. Department of Labor forecasts that computer security and related computer-support specialties will be among the fastest-growing occupations through 2018. CompTIA's Security+ certificate is widely regarded as the entry-level certificate for this fast-growing field. Getting that certificate requires passing CompTIA's challenging SY0-301 exam.

This course, the second of two courses, reviews the key terminology and concepts needed to ace the exam, all in a condensed format for rapid reading. The course provides helpful study tools, including crossword puzzles, games, and practice questions to aid your learning. All of the content is geared toward helping you prepare to pass the SY0-301 exam, so you can leave the test center with your Security+ passing score in hand.

Please note that you will be subject to a CompTIA Security+ renewal process every three years.

About The Instructor

This course includes a knowledgeable and caring instructor who will guide you through your lessons, facilitate discussions, and answer your questions. The instructor for this course will be Ron Gilster.

Ron Gilster is a best-selling author with more than 40 titles in print. He writes on topics including information technology (IT) certifications, real estate, and business. Ron has held a variety of IT-related positions, ranging from computer operator to senior manager. He has worked in consulting, manufacturing, software development, telecommunications, and higher education. He has an MBA and holds A+, Network+, i-Net+, CCNA, and AAGG certifications. He has developed and facilitated numerous courses and has taught in A+, Network+, and CCNA boot camps.

His books include CCNA For Dummies, A+ Certification for Dummies, Server+ For Dummies, Network+ For Dummies, i-Net+ For Dummies, Cisco Networking For Dummies, MCSA For Dummies, CCDA For Dummies, Microsoft Office SharePoint Server 2007: A Beginner's Guide, CEA-CompTIA DHTI+ Digital Home Technology Integrator All-In-One Exam Guide, and PC Hardware: A Beginner's Guide.

Syllabus

A new section of each course starts monthly. If enrolling in a series of two or more courses, please be sure to space the start date for each course at least two months apart.

Week 1

Wednesday - Lesson 01

We'll start off with a brief review of the Security+ exam and its objectives. Then we'll jump right into talking about access control. Authentication—verifying that a user requesting entry to a system or network is who they claim to be—is the first step in access control, which protects valuable and sensitive resources from unauthorized users and evildoers. In this lesson, we'll explore authentication, as well as its methods, protocols, and devices.

Friday - Lesson 02

Last time, we talked about the authentication step in access control. In this lesson, we're going to continue our exploration of access control with a closer look at authorization and types of access control. Both of these are extremely important parts of the security policies protecting network resources. We'll take a detailed look at the elements that make up these two processes.

Week 2

Wednesday - Lesson 03

In this lesson, we'll cover the policy and administration of accounts in a secure environment. First, we'll go over the different types of accounts you might work with, including individual accounts and group accounts. Then we'll talk about password policies, which govern how to make passwords as strong as possible, when passwords should expire, and how to deal with lost or forgotten passwords. Lastly, we'll discuss permissions, privileges, and the administrative actions required to minimize vulnerability.

Friday - Lesson 04

As network administrators, we're constantly managing risk. But what does that really mean? In this lesson, we'll investigate the elements of the risk management process, including vulnerabilities, threats, risks, and likelihood and the methods used to identify, determine, or calculate each. The ultimate goal of risk management is to reduce risk to a level that's acceptable to the system and organization. In this lesson, you'll discover the methods we use to figure out what level of risk is acceptable.

Week 3

Wednesday - Lesson 05

Do you know the differences between penetration testing and vulnerability scanning? When is it best to use each? In this lesson, you'll find out the answers to those questions. We'll take a look at the six phases of the penetration testing process, and you'll find out how vulnerability management works. Then we'll look at methods of software vulnerability testing, including black box, white box, and gray box testing. We'll wrap up the lesson with a discussion of disaster recovery plans and data backup methods.

Friday - Lesson 06

How do we protect the crucial data that allows our organizations to function day in and day out? That's the question we'll address in this lesson. We'll start with a look at data loss prevention systems, which manage, identify, and protect data in its various states. You'll get acquainted with data encryption applications and hardware-based encryption devices. And we'll cover some considerations for off-site and remote data storage—what should you keep in mind about data when deciding where to store it and back it up? Maintaining your data's integrity and security is incredibly important, so you won't want to miss this lesson.

Week 4

Wednesday - Lesson 07

In Lesson 7, we'll focus on the security of application software. There are a few ways to make applications more secure, including application hardening and careful patch management. We'll see how these work, and we'll take a look at some common application attacks. You'll also see how to make sure the in-house software development process is as secure as you can make it. We'll even look at the ways in which a host computer is secured both internally and externally.

Friday - Lesson 08

As businesses go global and standard business hours no longer apply, mobile devices are becoming more common in organizational networks. In this lesson, we'll look at the threats mobile devices introduce and the security methods for removing these threats. We'll investigate some internal measures for dealing with mobile devices, including what you can to protect data if a device is lost or stolen. We'll also explore what you should include in external security policies for mobile devices, and you'll see how technologies like mobile biometrics, voice encryption, and GPS tracking can help on the mobile security front. Mobile devices are only getting more essential to both our business and personal lives, so securing them is an increasingly important priority.

Week 5

Wednesday - Lesson 09

If you're working in IT these days, chances are you're working with virtualization in some form. But what exactly is virtualization? In this lesson, we'll build on what you learned about it in the first course. You'll find out how server virtualization works, and we'll explore virtualization software and hardware. You'll also learn how virtualization can benefit an organization, and we'll discuss the particular security concerns that come along with it. We'll finish up with a look at the various types of cloud computing available today.

Friday - Lesson 10

If you work in network security, being cryptic is just part of the job! Cryptography, or encryption, is what we use to prevent unauthorized people from being able to understand or use intercepted data. In Lesson 10, we'll explore the concepts behind encryption and the primary types of encryption in use. We'll talk about the most common encryption algorithms and ciphers, and you'll learn about the secure transport of encrypted data.

Week 6

Wednesday - Lesson 11

With the Internet so integrated into our everyday lives, we depend on a security and validation system that most of us take for granted: the public key infrastructure (PKI). The PKI protects us, often unknowingly, against people and companies we don't know and may not trust if we did. In this lesson, you'll learn about the PKI and the security elements that work to protect you. We'll also talk about how and why they work.

Friday - Lesson 12

The CompTIA Security+ exam covers a wide-range of security concepts, topics, terminology, and practices, as well as a bit of hardware and software. In this lesson, which is the last of the two prep courses for the Security+ exam, we'll review the key terms and concepts you'll see on the exam. We'll revisit what you really must know, and I'll give you some final tips for taking a CompTIA exam.

Requirements

Prospective students should complete my CompTIA® Security+ Certification Prep 1 course prior to enrolling in this course. In addition, CompTIA recommends that you have A+ and Network+ certifications and two years of on-the-job networking experience, prior to taking this exam. These certifications and the work experience aren't absolutely required, but you should have substantial knowledge of TCP/IP networking and computer and networking hardware to get the most out of this course and understand the concepts and terminology required for the exam.

You'll need Internet access, email, the Microsoft Internet Explorer or Mozilla Firefox Web browser, and the Adobe Flash and PDF plug-ins (two free and simple downloads you obtain at http://www.adobe.com/downloads by clicking Get Adobe Flash Player and Get Adobe Reader).