CompTIA Security+

Categoria:
Tecnologie

Security

Ruolo

Engineer, Integration Engineer, Network Engineer, Support Engineer, System Engineer

Vendor

CompTia

Durata

5 Giorni

Al momento non sono disponibili edizioni del corso

2,000.00

Dettagli

Powered by Dadonet Academy Srl
Il corso è composto da 8 lezioni da 5 ore ciascuna
Orario 8:30 – 13:30

PROGRAMMA

Part I: Threats, Attacks, and Vulnerabilities

  1. Social Engineering Techniques

The Social Engineer

Phishing and Related Attacks

Principles of Influence (Reasons for Effectiveness)

  1. Attack Basics

Malware

Physical Attacks

Adversarial Artificial Intelligence (AI)

Password Attacks

Downgrade Attacks

  1. Application Attacks

Race Conditions

Improper Software Handling

Resource Exhaustion

Overflows

Code Injections

Driver Manipulation

Request Forgeries

Directory Traversal

Replay Attack

Secure Sockets Layer (SSL) Stripping

Application Programming Interface (API) Attacks

Pass-the-Hash Attack

  1. Network Attacks

Wireless

Man-in-the-Middle

Layer 2 Attacks

Domain Name System (DNS) Attacks

Denial of Service

Malicious Code and Script Execution

  1. Threat Actors, Vectors, and Intelligence Sources

Threat Actor Attributes

Threat Actor Types

Vectors

Threat Intelligence and Research Sources

  1. Vulnerabilities

Cloud-Based vs. On-Premises

Zero-Day

Weak Configurations

Third-Party Risks

Impacts

  1. Security Assessment Techniques

Vulnerability Scans

Threat Assessment

  1. Penetration Testing Techniques

Testing Methodology

Team Exercises

Part II: Architecture and Design

 

  1. Enterprise Security Concepts

Configuration Management

Data Confidentiality

Deception and Disruption

  1. Virtualization and Cloud Computing

Virtualization

On-Premises vs. Off-Premises

Cloud Models

  1. Secure Application Development, Deployment, and Automation

Application Environment

Integrity Measurement

Change Management and Version Control

Secure Coding Techniques

Automation and Scripting

Scalability and Elasticity

  1. Authentication and Authorization Design

Identification and Authentication, Authorization, and Accounting (AAA)

Multifactor Authentication

Single Sign-on

Authentication Technologies

  1. Cybersecurity Resilience

Redundancy

Backups

Defense in Depth

  1. Embedded and Specialized Systems

Embedded Systems

SCADA and ICS

Smart Devices and IoT

  1. Physical Security Controls

Perimeter Security

Internal Security

Equipment Security

Environmental Controls

Secure Data Destruction

  1. Cryptographic Concepts

Cryptosystems

Use of Proven Technologies and Implementation

Steganography

Cryptography Use Cases

Cryptography Constraints

Part III: Implementation

  1. Secure Protocols

Secure Web Protocols

Secure File Transfer Protocols

Secure Email Protocols

Secure Internet Protocols

Secure Protocol Use Cases

  1. Host and Application Security Solutions

Endpoint Protection

Application Security

Hardware and Firmware Security

Operating System Security

  1. Secure Network Design

Network Devices and Segmentation

Security Devices and Boundaries

  1. Wireless Security Settings

Access Methods

Wireless Cryptographic Protocols

Authentication Protocols

Wireless Access Installations

  1. Secure Mobile Solutions

Communication Methods

Mobile Device Management Concepts

Enforcement and Monitoring

Deployment Models

  1. Cloud Cybersecurity Solutions

Cloud Workloads

Third-Party Cloud Security Solutions

  1. Identity and Account Management Controls

Account Types

Account Management

Account Policy Enforcement

  1. Authentication and Authorization Solutions

Authentication

Access Control

  1. Public Key Infrastructure

PKI Components

Part IV: Operations and Incident Response

  1. Organizational Security

Shell and Script Environments

Network Reconnaissance and Discovery

Packet Capture and Replay

Password Crackers

Forensics and Data Sanitization

  1. Incident Response

Attack Frameworks

Incident Response Plan

Incident Response Process

Continuity and Recovery Plans

  1. Incident Investigation

SIEM Dashboards

Logging

Network Activity

  1. Incident Mitigation

Containment and Eradication

  1. Digital Forensics

Data Breach Notifications

Strategic Intelligence/Counterintelligence Gathering

Track Person-hours

Order of Volatility

Chain of Custody

Data Acquisition

Part V: Governance, Risk, and Compliance

  1. Control Types

 

Nature of Controls

Functional Use of Controls

Compensating Controls

  1. Regulations, Standards, and Frameworks

Industry-Standard Frameworks and Reference Architectures

Benchmarks and Secure Configuration Guides

  1. Organizational Security Policies

Policy Framework

Human Resource Management Policies

Third-Party Risk Management

  1. Risk Management

Risk Analysis

Risk Assessment

Business Impact Analysis

  1. Sensitive Data and Privacy

Sensitive Data Protection

Privacy Impact Assessment

EDU.Labs by Computer Gross
Via del Pino 1 - 50053 Empoli (FI) - Italia - P. I. 04801490485 - C.F. 02500250168
info@edulabs.it | 0571 9977