CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT.
CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:
- Network security
- Compliance and operational security
- Threats and vulnerabilities
- Application, data and host security
- Access control and identity management
CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents, it ensures that security personnel are anticipating security risks and guarding against them.
Candidate job roles include security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator. Organizations that employ CompTIA Security+ certified staff include Hitachi Information Systems (Japan), Trendmicro (Philippines), Lockheed Martin, the U.S. State Department, Prestariang Systems Sdn. Bhd. (Malaysia) and U.S. government contractors such as EDS, General Dynamics and Northrop Grumman. CompTIA Security+ is one of the options for certifications required by the U.S. Department of Defense, for military personnel or military contractors engaged in information assurance activities.
The CompTIA Security+ certification is accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).The CompTIA Security+ certification may be kept current through the CompTIA Continuing Education program.
CBTnuggets.com – Try a free video today!
PrepLogic – Free Security+ Practice Exams!
Covers access control, access control models, DAC, MAC, and RBAC.
Covers username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcard authentication.
Covers the different type of attackers, their level of skills and resources, and their motivation.
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.
Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.
Social Engineering Attacks
Covers the human aspect of security.
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.
Remote Access Technologies
Covers remote access services, PPP, VPNs, tunneling, IPSec, SSH, L2TP, PPTP, 802.1x, RADIUS, and TACACS.
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.
Covers security concerns of using switches, routers, PBXs, firewalls, NAT, and mobile devices, as well as security zones such as DMZ and VLANs.
Network and Storage Media*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.
Wireless Network Security
Covers 802.11x, WEP, WAP, WTLS, vulnerabilities and various related wireless security technologies.
Intrusion Detection Systems (IDS)
Covers intrusion detection systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.
Covers asset identification, vulnerability assessment, threat identification, and risk identication.
Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.