CompTIA Security+ - Austin Peay State University
IT and Software Development

CompTIA Security+

30 Hours

This course, offered by our accredited school partners, explains how the Security+ exam covers the most important foundational principles for securing a network and managing risk. Access control, identity management and cryptography are important topics on the exam, as well as selection of appropriate mitigation and deterrent techniques to address network attacks and vulnerabilities. Security concerns associated with cloud computing, BYOD and SCADA are addressed in the SY0-501 exam. Enroll through one of our accredited university or college partners today!

Chapter 01 – Identifying Security Fundamentals
Topic A: Identify Information Security Concepts
Information Security
Goals of Information Security
Types of Controls
The Security Management Process
Demo – Identifying Information Security Basics
Topic B: Identify Basic Security Controls
The CIA Triad
Authentication Factors
Access Control
Accounting and Auditing
Principle of Least Privilege
Privilege Management
Demo – Identifying Basic Security
Topic C: Identify Basic Authentication and Authorization Concepts
Keystroke Authentication
Multi-factor Authentication
Mutual Authentication
Demo – Identifying Basic Authentication and Authorization Concepts
Topic D: Identify Basic Cryptography Concepts
Encryption and Decryption
Encryption and Security Goals
A Key
Symmetric Encryption
Asymmetric Encryption
Demo – Identifying Basic Cryptography Concepts
Chapter 01 Review

Chapter 02 – Analyzing Risk
Topic A: Analyze Organizational Risk
Risk Management
Components of Risk Analysis
Phases of Risk Analysis
Categories of Threat Types
Risk Analysis Methods
Risk Calculation
Risk Response Techniques
Risk Mitigation and Control Types
Change Management
Guidelines for Analyzing Risk
Demo – Analyzing Risks to the Organization
Topic B: Analyze the Business Impact of Risk
Impact Scenarios
Privacy Assessments
Critical Systems and Functions
Maximum Tolerable Downtime
Recovery Point Objective
Recovery Time Objective
Mean Time to Failure
Mean Time to Repair
Mean Time Between Failures
Guidelines for Performing a Business Impact Analysis
Demo – Performing a Business Impact Analysis
Chapter 02 Review

Chapter 03 – Identifying Security Threats
Topic A: Identify Types of Attackers
Hackers and Attackers
Threat Actors
Threat Actor Attributes
Open-Source Intelligence
Demo – Identifying Types of Attackers
Topic B: Identify Social Engineering Attacks
Social Engineering
Phishing and Related Attacks
Physical Exploits
Watering Hole Attacks
Demo – Identifying Social Engineering Attacks
Topic C: Identify Malware
Malicious Code
Trojan Horses
Remote Access Trojans
Logic Bombs
Advance Persistent Threats
Demo – Identifying Types of Malware
Topic D: Identify Software-Based Threats
Software Attacks
Password Attacks
Types of Password Attacks
Cryptographic Attacks
Types of Cryptographic Attacks
Backdoor Attacks
Application Attacks
Types of Application Attacks
Driver Manipulation
Privilege Escalation
Demo – Identifying Password Attacks
Topic E: Identify Network-Based Threats
TCP/IP Basics
Spoofing Attacks
IP and MAC Address Spoofing
ARP Poisoning
DNS Poisoning
Port Scanning Attacks
Scan Types
Eavesdropping Attacks
Man-in-the-Middle Attacks
Man-in-the-Browser Attacks
Replay Attacks
DoS Attacks
DDoS Attacks
Hijacking Attacks
Amplification Attacks
Pass the Hash Attacks
Demo – Identifying Threats to DNS
Demo – Identifying Port Scanning Threats
Topic F: Identify Wireless Threats
Rogue Access Points
Evil Twins
Near Field Communication Attacks
RFID System Attacks
War Driving, War Walking, and War Chalking
Packet Sniffing
IV Attacks
Wireless Replay Attacks
WEP and WPA Attacks
WPS Attacks
Wireless Disassociation
Demo – Identifying Wireless Threats
Topic G: Identify Physical Threats
Physical Threats and Vulnerabilities
Hardware Attacks
Environmental Threats and Vulnerabilities
Demo – Identifying Physical Threats
Chapter 03 Review

Chapter 04 – Conducting Security Assessments
Topic A: Identify Vulnerabilities
Host Vulnerabilities
Software Vulnerabilities
Encryption Vulnerabilities
Network Architecture Vulnerabilities
Account Vulnerabilities
Operations Vulnerabilities
Demo – Identifying Vulnerabilities
Topic B: Assess Vulnerabilities
Security Assessment
Security Assessment Techniques
Vulnerability Assessment Tools
Types of Vulnerability Scans
False Positives
Guidelines for Assessing Vulnerabilities
Demo – Capturing Network Data with Wireshark
Demo – Scanning for General Vulnerabilities
Topic C: Implement Penetration Testing
Penetration Testing
Penetration Testing Techniques
Box Testing Methods
Penetration Testing Tools
Guidelines for Implementing Penetration Testing
Demo – Implementing Penetration Testing
Chapter 04 Review

Chapter 05 – Implementing Host and Software Security
Topic A: Implement Host Security
Operating System Security
Operating System Hardening Techniques
Trusted Computing Base
Hardware and Firmware Security
Security Baselines
Software Updates
Application Blacklisting and Whitelisting
Anti-malware Software
Types of Anti-malware Software
Hardware Peripheral Security
Embedded Systems
Security Implications for Embedded Systems
Guidelines for Securing Hosts
Demo – Implementing Auditing
Demo – Hardening a Server
Topic B: Implement Cloud and Virtualization Security
Virtual Desktop Infrastructure
Virtualization Security
Cloud Computing
Cloud Deployment Models
Cloud Service Types
Guidelines for Securing Virtualized and Cloud
-Based Resources
– Securing Virtual Machine Networking
Topic C: Implement Mobile Device Security
Mobile Device Connection Methods
Mobile Device Management
Mobile Device Security Controls
Mobile Device Monitoring and Enforcement
Mobile Deployment Models
BYOD Security Controls
Guidelines for Implementing Mobile Device Security
Demo – Implementing Mobile Device Security
Topic D: Incorporate Security in the Software Development Lifecycle
Software Development Lifecycle
Software Development Models
Secure Coding Techniques
Code Testing Methods
Guidelines for Incorporating Security in the Software Development Lifecycle
Demo – Performing Static Code Analysis
Chapter 05 Review

Chapter 06 – Implementing Network Security
Topic A: Configure Network Security Technologies
Network Components
Network Devices
Load Balancer
Network Scanners and Analysis Tools
Intrusion Detection Systems
Network IDS
Intrusion Prevention Systems
Network IPS
Types of Network Monitoring Systems
Security Information and Event Management
Data Loss/Leak Prevention
Virtual Private Networks
VPN Concentrators
Security Gateways
Unified Threat Management
Guidelines for Configuring Network Security Technologies
Demo – Configuring a Network IDS
Topic B: Secure Network Design Elements
Network Access Control
Demilitarized Zones
Network Isolation
Virtual Local Area Networks
Network Security Device Placement
Network Address Translation
Software-Defined Networking
Guidelines for Securing Network Design Elements
Demo – Securing Network Design Elements
Topic C: Implement Secure Networking Protocols and Services
The Open Systems Interconnection Model
OSI Model and Security
Internet Protocol Suite
Domain Name System
Hypertext Transfer Protocol
Secure Sockets Layer/Transport Layer Security
HTTP Secure
Secure Shell
Simple Network Management Protocol
Real-Time Transport Protocol
Internet Control Message Protocol
Internet Protocol Security
Network Basic Input/Output System
File Transfer Protocols
Email Protocols
Additional Networking Protocols and Services
Ports and Port Ranges
Demo – Installing an Internet Information Services Web Server with Basic Security
Demo – Securing Network Traffic Using IPSec
Topic D: Secure Wireless Traffic
Wireless Networks
Wireless Antenna Types
802.11 Protocols
Wireless Cryptographic Protocols
Wireless Authentication Protocols
VPNs and Open Wireless
Wireless Client Authentication Methods
Wireless Access Point Security
Captive Portals
Site Surveys
Guidelines for Securing Wireless Traffic
Demo – Securing Wireless Traffic
Chapter 06 Review

Chapter 07 – Managing Identity and Access
Topic A: Implement Identity and Access Management
Identity and Access Management
Access Control Models
Physical Access Control Devices
Biometric Devices
Certificate-Based Authentication
File System and Database Access
Guidelines for Implementing IAM
Demo – Implementing DAC for a File Share
Topic B: Configure Directory Services
Directory Services
Lightweight Directory Access Protocol
Secure LDAP
Common Directory Services
Demo – Backing Up Active Directory
Topic C: Configure Access Services
Remote Access Methods
Remote Access Protocols
HMAC-Based One-Time Password
Time-Based OTP
Password Authentication Protocol Challenge
-Handshake Authentication Protocol
NT LAN Manager
Authentication, Authorization, and Accounting
Remote Authentication Dial-In User Service
Terminal Access Controller Access-Control System
Demo – Configuring a Remote Access Server
Demo – Setting Up Remote Access Authentication
Topic D: Manage Accounts
Account Management
Account Privileges
Account Types
Account Policy
Password Policy
Multiple Accounts
Shared Accounts
Account Management Security Controls
Credential Management
Group Policy
Identity Federation
Identity Federation Methods
Guidelines for Managing Accounts
Demo – Managing Accounts
Chapter 07 Review

Chapter 08 – Implementing Cryptography
Topic A: Identify Advanced Cryptography Concepts
Cryptography Elements
Hashing Concepts
Data States
Key Exchange
Digital Signatures
Cipher Suites
Session Keys
Key Stretching
Special Considerations for Cryptography
Demo – Identifying Advanced Cryptographic Concepts
Topic B: Select Cryptographic Algorithms
Types of Ciphers
Types of Hashing Algorithms
Types of Symmetric Encryption Algorithms
Types of Asymmetric Encryption Techniques
Types of Key Stretching Algorithms
Substitution Ciphers
Exclusive Or Cryptographic Modules
Demo – Selecting Cryptographic Algorithms
Topic C: Configure a Public Key Infrastructure
Public Key Infrastructure
PKI Components
CA Hierarchies
The Root CA
Subordinate CAs
Offline Root CAs
Types of Certificates
Certificate File Formats
CA Hierarchy Design Options
Demo – Installing a CA
Demo – Securing a Windows Server 2016 CA
Topic D: Enroll Certificates
The Certificate Enrollment Process
The Certificate Lifecycle
Certificate Lifecycle Management
The SSL/TLS Connection Process
Demo – Enrolling Certificates
Demo – Securing Network Traffic with Certificates
Topic E: Back Up and Restore Certificates and Private Keys
Private Key Protection Methods
Key Escrow
Private Key Restoration Methods
Private Key Replacement
Demo – Backing Up a Certificate and Private Key
Demo – Restoring a Certificate and Private Key
Topic F: Revoke Certificates
Certificate Revocation
Certificate Revocation List
Online Certificate Status Protocol
Demo – Revoking Certificates
Chapter 08 Review

Chapter 09 – Implementing Operational Security
Topic A: Evaluate Security Frameworks and Guidelines
Security Frameworks
Security Framework Examples
Security Configuration Guides
Layered Security
Defense in Depth
Demo – Evaluating Security Frameworks and Guidelines
Topic B: Incorporate Documentation in Operational Security
Security Policies
Common Security Policy Types
Personnel Management
Separation of Duties
Job Rotation
Mandatory Vacation
Additional Personnel Management Tasks
Training and Awareness
Business Agreements
Guidelines for Incorporating Documentation in Operational Security
Demo – Incorporating Documentation in Operational Security
Topic C: Implement Security Strategies
Security Automation
Fault Tolerance
Redundant Array of Independent Disks
High Availability
Deployment Environments
Guidelines for Implementing Security Strategies
Demo – Implementing Virtual Machine Snapshots
Topic D: Manage Data Security Processes
Data Security
Data Security Vulnerabilities
Data Storage Methods
Data Encryption Methods
Data Sensitivity
Data Management Roles
Data Retention
Data Disposal
Guidelines for Managing Data Security
Demo – Destroying Data Securely
Demo – Encrypting a Storage Device
Topic E: Implement Physical Controls
Physical Security Controls
Physical Security Control Types
Environmental Exposures
Environmental Controls
Environmental Monitoring
Guidelines for Implementing Physical Controls
Demo – Implementing Physical Controls
Chapter 09 Review

Chapter 10 – Addressing Security Issues
Topic A: Troubleshoot Common Security Issues
Access Control Issues Encryption Issues
Data Exfiltration
Anomalies in Event Logs
Security Configuration Issues
Baseline Deviations
Software Issues
Personnel Issues
Asset Management Issues
Demo – Identifying Event Log Anomalies
Topic B: Respond to Security Incidents Incident Response
Incident Preparation
Incident Detection and Analysis
Incident Containment
Incident Eradication
Incident Recovery
Lessons Learned
Incident Response Plans
First Responders
An Incident Report
Guidelines for Responding to Security Incidents
Demo – Responding to a Security Incident
Topic C: Investigate Security Incidents
Computer Forensics
The Basic Forensic Process
Preservation of Forensic Data
Basic Forensic Response Procedures
Order of Volatility
Chain of Custody
Guidelines for Investigating Security Incidents
Demo – Implementing Forensic Procedures
Chapter 10 Review

Chapter 11 – Ensuring Business Continuity
Topic A: Select Business Continuity and Disaster Recovery Processes
Business Continuity and Disaster Recovery
The Disaster Recovery Process
Recovery Team
Order of Restoration
Recovery Sites
Secure Recovery
Backup Types (Full)
Backup Types (Differential vs. Incremental)
Secure Backups
Geographic Considerations
Guidelines for Selecting Business Continuity and Disaster Recovery Processes
Demo – Selecting Business Continuity and Disaster Recovery Processes
Topic B: Develop a Business Continuity Plan
Business Continuity Plans
Disaster Recovery Plans
IT Contingency Plans
Succession Plans
Alternate Business Practices
Testing Exercises
After-Action Reports
Guidelines for Developing a BCP
Demo – Developing a BCP
Chapter 11 Review
Course Closure

CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography.

6 Reasons to Complete Your Training With Us

With our programs, you can learn and study at your own pace with access 24/7/365 for the duration of your program. This means you can learn on your own terms and work around your own schedule.
Our online training comes with access to real, live support personnel that will help you through every step from our admissions adviser who will assist you with selecting the right training for you, to our student adviser who will be there with you during your entire training journey.
We have tailored our programs to provide comprehensive training in the technical and soft skills employers are looking for. With direct input and feedback from industry leaders and hiring managers, our program aligns with exactly what you need to successfully enter the workforce.
Our career training not only gives you the knowledge you need but preparation for the certification exams relevant to your desired career path. If you are pursuing an exciting new career in a field with a national certification, our program will both prepare you to sit for the exam but will often include a voucher for the exam cost.
Simulations and Case Studies
Our training programs have been developed with real learners and professionals in mind, so our programs incorporate real-world case studies and virtual simulations that will provide examples and interactions with real-life situations you may encounter during your career. These allow you to learn by experience with circumstances similar to what will be your daily responsibilities on the job.
Engaging and Interactive
Our training curriculum was developed with you in mind, looking at modern day learners and their needs. Our curriculum contains a mix of formats including reading, listening, watching, and interacting that will immerse you into a fun and engaging learning experience you will not only enjoy but not want to end.

Program Description

This course, offered by our accredited school partners, explains how the Security+ exam covers the most important foundational principles for securing a network and managing risk. Access control, identity management and cryptography are important topics on the exam, as well as selection of appropriate mitigation and deterrent techniques to address network attacks and vulnerabilities. Security concerns associated with cloud computing, BYOD and SCADA are addressed in the SY0-501 exam. Enroll through one of our accredited university or college partners today!


To request more information, you can contact us via online chat, our website contact form, or toll free at 1-855-201-6910.

Online courses are accessible 24/7/365 and self-paced, allowing you to progress at your own pace on your own schedule. They can be taken from anywhere in the world from the comfort of your own home. Classroom courses have a set schedule of the days and times the courses will be held, and you must attend during those specific times.

Find out if online learning is right for you by contacting our team of registration advisers. Our team is available to answer any of your questions about taking an online course before you commit to enrolling. We will walk you through what to expect to ensure you are making the right decision. You can contact a registration adviser today via online chat, our website contact form, or toll free at 1-855-201-6910.

No, you are not required to have a diploma or higher education degree to enroll in an online course. However, some occupations may require minimum educational thresholds for employment or certification. For more information on your desired career requirements, please contact us via online chat, our website contact form, or toll free at 1-855-201-6910.

To take an online course, you will need to have access to an internet connection and an internet ready device such as a laptop, PC, or tablet. For course specific requirements, please visit the course page or contact a registration adviser today.

Our courses are developed with multiple formats including text, audio, video, and interactivity. Our courses also include multiple resources and tools which can include flashcards, games, activities, and more.

No, you can take the online courses from anywhere in the world.

We participate in several financial assistance options including third party funding, both military and non-military. To request more information on the financial assistance options available and check your eligibility, contact us via online chat, our website contact form, or toll free at 1-855-201-6910.

Duration is the amount of time you will receive access to your course. Durations vary by course and range between 1 month and 12 months. If you complete your course before your duration ends you will continue to have access to your course until the duration period ends.

Many of our career training programs include certification vouchers. This means that at the successful completion of your course, at no additional charge, you will receive an exam voucher for the corresponding industry certification. This voucher will allow you to register and sit for the appropriate certification exam to obtain your industry credential.

Our online courses are open enrollment, so you can start immediately. If you are using any third-party funding to cover your course tuition, your start date may be a future date determined by your funding program.

Once enrolled, you will be assigned a client adviser who will provide you with customer and technical support. Your client adviser will supply you with your course access information, any needed materials, and be available to answer any questions you have during your training experience. They will regularly check-in with you to monitor your progress and assist you with staying on track. You will also be assigned to a course mentor who will provide curriculum support throughout your training. Your mentor is available to answer any questions you have on your course curriculum, will monitor your progress and understanding of the curriculum, and may give assignments or quizzes.

If you experience any trouble accessing your course including technical issues or lost login credentials, please contact your client adviser at Austin Peay State University.

Our goal for students is to successfully complete their training course and achieve their career goals. We understand that extenuating circumstances can interfere with your ability to complete your course in the duration given. Because of this we have free or low-cost extensions available for our courses upon request. To discuss or request an extension please contact your client adviser at Austin Peay State University.

Upon successful completion of your course and fulfillment of any outstanding financial obligations, you will receive your certificate of completion. Certificates are provided to you within 30 days of completion. Your certificate will validate the training course you completed with a stamp of completion.

Students that successfully complete our career training programs are assigned a career development adviser who will coordinate placement at a local externship or hands on opportunity. These opportunities are optional and may vary based on availability and occupation. Your career development adviser will also provide job search services such as: resume building, mock interviews, job opportunity resources, and more. Our professional enrichment courses do not come with a career adviser or career services.