spaces

A+ Certification
Network+ certification
Security+ certification


A+ Certification

The CompTIA A+ certification is the starting point for a career in IT. The exam covers maintenance of PCs, mobile devices, laptops, operating systems and printers. In order to receive the CompTIA A+ certification, you must pass two exams:

CompTIA A+ 220-801 covers the fundamentals of computer technology, installation and configuration of PCs, laptops and related hardware, and basic networking.

CompTIA A+ 220-802 covers the skills required to install and configure PC operating systems, as well as configuring common features (e.g. network connectivity and email) for mobile operating systems Android and Apple iOS.

  1. • CompTIA A+ 220-801
  2. • CompTIA A+ 220-802

Jobs that use CompTIA A+:

  1. • Technical support specialist
  2. • Field service technician
  3. • IT support technician
  4. • IT support administrator
  5. • IT support specialist

Individuals in some non-technical roles such as student, sales personnel or small business office managers may also find the validation of skills associated with the CompTIA A+ credential to be valuable.

CompTIA A+ 220-801 The CompTIA A+ 220-801 examination measures necessary competencies for an entry-level IT professional with the equivalent knowledge of at least 12 months of hands-on experience in the lab or field. Successful candidates will have the knowledge required to assemble components based on customer requirements, install, configure and maintain devices, PCs and software for end users, understand the basics of networking and security/forensics, properly and safely diagnose, resolve and document common hardware and software issues while applying troubleshooting skills. Successful candidates will also provide appropriate customer support; understand the basics of virtualization, desktop imaging, and deployment.

Course Outline

  1. 1.0 PC Hardware
  2. 1.1 Configure and apply BIOS settings.
    1. • Install firmware upgrades - flash BIOS
    2. • BIOS component information
    3. • BIOS configurations
    4. • BIOS security (passwords, drive encryption: TPM, lo-jack)
    5. • Use built-in diagnostics
    6. • Monitoring
  3. 1.2 Differentiate between motherboard components, their purposes, and properties.
    1. • Sizes
    2. • Expansion slots
    3. • RAM slots
    4. • CPU sockets
    5. • Chipsets
    6. • Jumpers
    7. • Power connections and types
    8. • Fan connectors
    9. • Front panel connectors
    10. • Bus speeds
  4. 1.3 Compare and contrast RAM types and features.
    1. • Types
    2. • Single channel vs. dual channel vs. triple channel
    3. • RAM compatibility and speed
  5. 1.4 Install and configure expansion cards.
    1. • Sound cards
    2. • Video cards
    3. • Network cards
    4. • Serial and parallel cards
    5. • USB cards
    6. • Firewire cards
    7. • Storage cards
    8. • Modem cards
    9. • Wireless/cellular cards
    10. • TV tuner cards
    11. • Video capture cards
    12. • Riser cards
  6. 1.5 Install and configure storage devices and use appropriate media.
    1. • Optical drives
    2. • Combo drives and burners
    3. • Connection types
    4. • USB
    5. • Firewire
    6. • eSATA
    7. • Ethernet
    8. • IDE configuration and setup (Master, Slave, Cable Select)
    9. • SCSI IDs (0 - 15)
    10. • Hard drives
    11. • Solid state/flash drives
    12. • RAID types
    13. • Floppy drive
    14. • Tape drive
    15. • Media capacity
  7. 1.6 Differentiate among various CPU types and features and select the appropriate cooling method.
    1. • Socket types
    2. • Characteristics
    3. • Cooling
  8. 1.7 Compare and contrast various connection interfaces and explain their purpose.
    1. • Physical connections
    2. • Connector types: A, B, mini, micro
    3. • Serial
    4. • Parallel
    5. • VGA
    6. • HDMI
    7. • DVI
    8. • Audio
    9. • RJ-45
    10. • RJ-11
    11. • VGA vs. HDMI
    12. • Speeds, distances and frequencies of wireless device connections
  9. 1.8 Install an appropriate power supply based on a given scenario.
    1. • Connector types and their voltages
    2. • Specifications
    3. • Dual voltage options
  10. 1.9 Evaluate and select appropriate components for a custom configuration, to meet customer specifications or needs.
    1. • Graphic / CAD / CAM design workstation
    2. • Audio/Video editing workstation
    3. • Virtualization workstation
    4. • Gaming PC
    5. • Home Theater PC
    6. • Standard thick client
    7. • Thin client
    8. • Home Server PC
  11. 1.10 Given a scenario, evaluate types and features of display devices.
    1. • Types
    2. • Refresh rates
    3. • Resolution
    4. • Native resolution
    5. • Brightness/lumens
    6. • Analog vs. digital
    7. • Privacy/antiglare filters
    8. • Multiple displays
  12. 1.11 Identify connector types and associated cables.
    1. • Display connector types
    2. • Display cable types
    3. • Device connectors and pin arrangements
    4. • IDE
    5. • EIDE
    6. • Device cable types
    7. • 68pin vs. 50pin vs. 25pin
  13. 1.12 Install and configure various peripheral devices.
    1. • Input devices
    2. • Multimedia devices
    3. • Output devices
  14. 2.0 Networking
  15. 2.1 Identify types of network cables and connectors.
    1. • Fiber
    2. • Twisted Pair
    3. • Coaxial
  16. 2.2 Categorize characteristics of connectors and cabling.
    1. • Fiber
    2. • Twisted pair
    3. • Coaxial
  17. 2.3 Explain properties and characteristics of TCP/IP.
    1. • IP class
    2. • IPv4 vs. IPv6
    3. • Public vs. private vs. APIPA
    4. • Static vs. dynamic
    5. • Client-side DNS
    6. • DHCP
    7. • Subnet mask
    8. • Gateway
  18. 2.4 Explain common TCP and UDP ports, protocols, and their purpose.
    1. • Ports
    2. • Protocols
    3. • TCP vs. UDP
  19. 2.5 Compare and contrast wireless networking standards and encryption types.
    1. • Standards
    2. • Encryption types
  20. 2.6 Install, configure, and deploy a SOHO wireless/wired router using appropriate settings.
    1. • MAC filtering
    2. • Channels (1 - 11)
    3. • Port forwarding, port triggering
    4. • SSID broadcast (on/off)
    5. • Wireless encryption
    6. • Firewall
    7. • DHCP (on/off)
    8. • DMZ
    9. • NAT
    10. • WPS
    11. • Basic QoS
  21. 2.7 Compare and contrast Internet connection types and features.
    1. • Cable
    2. • DSL
    3. • Dial-up
    4. • Fiber
    5. • Satellite
    6. • ISDN
    7. • Cellular (mobile hotspot)
    8. • Line of sight wireless internet service
    9. • WiMAX
  22. 2.8 Identify various types of networks.
    1. • LAN
    2. • WAN
    3. • PAN
    4. • MAN
    5. • Topologies
  23. 2.9 Compare and contrast network devices, their functions, and features.
    1. • Hub
    2. • Switch
    3. • Router
    4. • Access point
    5. • Bridge
    6. • Modem
    7. • NAS
    8. • Firewall
    9. • VoIP phones
    10. • Internet appliance
  24. 2.10 Given a scenario, use appropriate networking tools.
    1. • Crimper
    2. • Multimeter
    3. • Toner probe
    4. • Cable tester
    5. • Loopback plug
    6. • Punchdown tool
  25. Laptops
  26. 3.1 Install and configure laptop hardware and components.
    1. • Expansion options
    2. • Hardware/device replacement
  27. 3.2 Compare and contrast the components within the display of a laptop.
    1. • Types
    2. • Wi-Fi antenna connector/placement
    3. • Inverter and its function
    4. • Backlight
  28. 3.3 Compare and contrast laptop features.
    1. • Special function keys
    2. • Docking station vs. port replicator
    3. • Physical laptop lock and cable lock
  29. 4.0 Printers
  30. 4.1 Explain the differences between the various printer types and summarize the associated imaging process.
    1. • Laser
    2. • Inkjet
    3. • Thermal
    4. • Impact
  31. 4.2 Given a scenario, install, and configure printers.
    1. • Use appropriate printer drivers for a given operating system
    2. • Print device sharing
    3. • USB
    4. • Parallel
    5. • Serial
    6. • Ethernet
    7. • Bluetooth
    8. • 802.11x
    9. • Infrared (IR)
    10. • Printer sharing
  32. 4.3 Given a scenario, perform printer maintenance.
    1. • Laser
    2. • Thermal
    3. • Impact
  33. 5.0 Operational Procedures
  34. 5.1 Given a scenario, use appropriate safety procedures.
    1. • ESD straps
    2. • ESD mats
    3. • Self-grounding
    4. • Equipment grounding
    5. • Personal safety
    6. • Compliance with local government regulations
  35. 5.2 Explain environmental impacts and the purpose of environmental controls.
    1. • MSDS documentation for handling and disposal
    2. • Temperature, humidity level awareness and proper ventilation
    3. • Power surges, brownouts, blackouts
    4. • Protection from airborne particles
    5. • Dust and debris
    6. • Component handling and protection
    7. • Compliance to local government regulations
  36. 5.3 Given a scenario, demonstrate proper communication and professionalism.
    1. • Use proper language - avoid jargon, acronyms, slang when applicable
    2. • Maintain a positive attitude
    3. • Listen and do not interrupt the customer
    4. • Be culturally sensitive
    5. • Be on time (if late contact the customer)
    6. • Avoid distractions
    7. • Dealing with difficult customer or situation
    8. • Set and meet expectations/timeline and communicate status with the customer
    9. • Deal appropriately with customers confidential materials
  37. 5.4 Explain the fundamentals of dealing with prohibited content/activity.
    1. • First response
    2. • Use of documentation/documentation changes
    3. • Chain of custody

CompTIA A+ 220-802 The CompTIA A+ 220-802 examination measures necessary competencies for an entry-level IT professional with the equivalent knowledge of at least 12 months of hands-on experience in the lab or field. Successful candidates will have the knowledge required to assemble components based on customer requirements, install, configure and maintain devices, PCs and software for end users, understand the basics of networking and security/forensics, properly and safely diagnose, resolve and document common hardware and software issues while applying troubleshooting skills. Successful candidates will also provide appropriate customer support; understand the basics of virtualization, desktop imaging, and deployment. Course Outline

  1. 1.0 Operating Systems
  2. 1.1 Compare and contrast the features and requirements of various Microsoft Operating Systems.
    1. • Windows XP Home, Windows XP Professional, Windows XP Media Center, Windows XP 64-bit Professional
    2. • Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise
    3. • Windows 7 Starter, Windows 7 Home Premium, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Enterprise
    4. • Features
    5. • Upgrade paths - differences between in place upgrades, compatibility tools, Windows upgrade OS advisor
  3. 1.2 Given a scenario, install, and configure the operating system using the most appropriate method.
    1. • Boot methods
    2. • Type of installations
    3. • Partitioning
    4. • File system types/formatting
    5. • Load alternate third party drivers when necessary
    6. • Workgroup vs. Domain setup
    7. • Time/date/region/language settings
    8. • Driver installation, software and windows updates
    9. • Factory recovery partition
  4. 1.3 Given a scenario, use appropriate command line tools.
    1. • Networking
    2. • OS
    3. • Recovery console
  5. 1.4 Given a scenario, use appropriate operating system features and tools.
    1. • Administrative
    2. • MSCONFIG
    3. • Task Manager
    4. • Disk management
    5. • Other
    6. • Run line utilities
  6. 1.5 Given a scenario, use Control Panel utilities (the items are organized by "classic view/large icons" in Windows).
    1. • Common to all Microsoft Operating Systems
    2. • Unique to Windows XP
    3. • Unique to Vista
    4. • Unique to Windows 7
  7. 1.6 Setup and configure Windows networking on a client/desktop.
    1. • HomeGroup, file/print sharing
    2. • WorkGroup vs. domain setup
    3. • Network shares/mapping drives
    4. • Establish networking connections
    5. • Proxy settings
    6. • Remote desktop
    7. • Home vs. Work vs. Public network settings
    8. • Firewall settings
    9. • Configuring an alternative IP address in Windows
    10. • Network card properties
  8. 1.7 Perform preventive maintenance procedures using appropriate tools.
    1. • Best practices
    2. • Tools
  9. 1.8 Explain the differences among basic OS security settings.
    1. • User and groups
    2. • NTFS vs. Share permissions
    3. • Shared files and folders
    4. • System files and folders
    5. • User authentication
  10. 1.9 Explain the basics of client-side virtualization.
    1. • Purpose of virtual machines
    2. • Resource requirements
    3. • Emulator requirements
    4. • Security requirements
    5. • Network requirements
    6. • Hypervisor
  11. Security
  12. 2.1 Apply and use common prevention methods.
    1. • Physical security
    2. • Digital security
    3. • User education
    4. • Principle of least privilege
  13. 2.2 Compare and contrast common security threats.
    1. • Social engineering
    2. • Malware
    3. • Rootkits
    4. • Phishing
    5. • Shoulder surfing
    6. • Spyware
    7. • Viruses
  14. 2.3 Implement security best practices to secure a workstation.
    1. • Setting strong passwords
    2. • Requiring passwords
    3. • Restricting user permissions
    4. • Changing default user names
    5. • Disabling guest account
    6. • Screensaver required password
    7. • Disable autorun
  15. 2.4 Given a scenario, use the appropriate data destruction/disposal method.
    1. • Low level format vs. standard format
    2. • Hard drive sanitation and sanitation methods
    3. • Physical destruction
  16. 2.5 Given a scenario, secure a SOHO wireless network.
    1. • Change default user-names and passwords
    2. • Changing SSID
    3. • Setting encryption
    4. • Disabling SSID broadcast
    5. • Enable MAC filtering
    6. • Antenna and access point placement
    7. • Radio power levels
    8. • Assign static IP addresses
  17. 2.6 Given a scenario, secure a SOHO wired network.
    1. • Change default usernames and passwords
    2. • Enable MAC filtering
    3. • Assign static IP addresses
    4. • Disabling ports
    5. • Physical security
  18. 3.0 Mobile Devices
  19. 3.1 Explain the basic features of mobile operating systems.
    1. • Android 4.0.x vs. iOS 5.x
  20. 3.2 Establish basic network connectivity and configure email.
    1. • Wireless / cellular data network (enable/disable)
    2. • Bluetooth
    3. • Email configuration
    4. • POP3
    5. • IMAP
    6. • Port and SSL settings
  21. 3.3 Compare and contrast methods for securing mobile devices.
    1. • Passcode locks
    2. • Remote wipes
    3. • Locator applications
    4. • Remote backup applications
    5. • Failed login attempts restrictions
    6. • Antivirus
    7. • Patching/OS updates
  22. 3.4 Compare and contrast hardware differences in regards to tablets and laptops.
    1. • No field serviceable parts
    2. • Typically not upgradeable
    3. • Touch interface
    4. • Solid state drives
  23. 3.5 Execute and configure mobile device synchronization.
    1. • Types of data to synchronize
    2. • Software requirements to install the application on the PC
    3. • Connection types to enable synchronization
  24. 4.0 Troubleshooting
  25. 4.1 Given a scenario, explain the troubleshooting theory.
    1. • Identify the problem
    2. • Establish a theory of probable cause (question the obvious)
    3. • Test the theory to determine cause
    4. • Establish a plan of action to resolve the problem and implement the solution
    5. • Verify full system functionality and if applicable implement preventive measures
    6. • Document findings, actions and outcomes
  26. 4.2 Given a scenario, troubleshoot common problems related to motherboards, RAM, CPU and power with appropriate tools.
    1. • Common symptoms
    2. • Tools
  27. 4.3 Given a scenario, troubleshoot hard drives and RAID arrays with appropriate tools.
    1. • Common symptoms
    2. • Tools
  28. 4.4 Given a scenario, troubleshoot common video and display issues.
    1. • Common symptoms
  29. 4.5 Given a scenario, troubleshoot wired and wireless networks with appropriate tools.
    1. • Common symptoms
    2. • Tools
  30. 4.6 Given a scenario, troubleshoot operating system problems with appropriate tools.
    1. • Common symptoms
    2. • Tools
  31. 4.7 Given a scenario, troubleshoot common security issues with appropriate tools and best practices.
    1. • Common symptoms
    2. • Tools
    3. • Best practices for malware removal
  32. 4.8 Given a scenario, troubleshoot, and repair common laptop issues while adhering to the appropriate procedures.
    1. • Common symptoms
    2. • Disassembling processes for proper re-assembly
  33. 4.9 Given a scenario, troubleshoot printers with appropriate tools
    1. • Common symptoms
    2. • Tools

Network+ certification

The CompTIA Network+ certification (Exam N10-005) is an internationally recognized validation of the technical knowledge required of foundation-level IT network practitioners. Test Purpose: This exam will certify that the successful candidate has the knowledge and skills required to implement a defined network architecture with basic network security. Furthermore, a successful candidate will be able to configure, maintain, and troubleshoot network devices using appropriate network tools and understand the features and purpose of network technologies. Candidates will be able to make basic solution recommendations, analyze network traffic, and be familiar with common protocols and media types. It is recommended for CompTIA Network+ candidates to have the following:

  1. • CompTIA A+ certification or equivalent knowledge, though CompTIA A+ certification is not required.
  2. • Have at least 9 to 12 months of work experience in IT networking.
  3. 1.0 Networking Concepts
    1. • 1.1 Compare the layers of the OSI and TCP/IP models.
    2. • 1.2 Classify how applications, devices, and protocols relate to the OSI model layers.
    3. • 1.3 Explain the purpose and properties of IP addressing.
    4. • 1.4 Explain the purpose and properties of routing and switching.
    5. • 1.5 Identify common TCP and UDP default ports.
    6. • 1.6 Explain the function of common networking protocols.
    7. • 1.7 Summarize DNS concepts and its components.
    8. • 1.8 Given a scenario, implement the following network troubleshooting methodology:
    9. • 1.9 Identify virtual network components.
  4. 2.0 Network Installation and Configuration
    1. • 2.1 Given a scenario, install and configure routers and switches.
    2. • 2.2 Given a scenario, install and configure a wireless network.
    3. • 2.3 Explain the purpose and properties of DHCP.
    4. • 2.4 Given a scenario, troubleshoot common wireless problems.
    5. • 2.5 Given a scenario, troubleshoot common router and switch problems.
    6. • 2.6 Given a set of requirements, plan and implement a basic SOHO network.
  5. 3.0 Network Media and Topologies
    1. • 3.1 Categorize standard media types and associated properties.
    2. • 3.2 Categorize standard connector types based on network media.
    3. • 3.3 Compare and contrast different wireless standards.
    4. • 3.4 Categorize WAN technology types and properties.
    5. • 3.5 Describe different network topologies.
    6. • 3.6 Given a scenario, troubleshoot common physical connectivity problems.
    7. • 3.7 Compare and contrast different LAN technologies.
    8. • 3.8 Identify components of wiring distribution.
  6. 4.0 Network Management
    1. • 4.1 Explain the purpose and features of various network appliances.
    2. • 4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues.
    3. • 4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity issues.
    4. • 4.4 Given a scenario, use the appropriate network monitoring resource to analyze traffic.
    5. • 4.5 Describe the purpose of configuration management documentation.
    6. • 4.6 Explain different methods and rationales for network performance optimization.
  7. 5.0 Network Security
    1. • 5.1 Given a scenario, implement appropriate wireless security measures.
    2. • 5.2 Explain the methods of network access security.
    3. • 5.3 Explain methods of user authentication.
    4. • 5.4 Explain common threats, vulnerabilities, and mitigation techniques.
    5. • 5.5 Given a scenario, install and configure a basic firewall.
    6. • 5.6 Categorize different types of network security appliances and methods.

Security+ certification

The CompTIA Security+ Certification (Exam SY0-401) is a vendor neutral credential. The CompTIA Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, troubleshoot security events and incidents, and operate with an awareness of applicable policies, laws, and regulations. Target Student

The CompTIA Security+ Certification is aimed at an IT security professional who has:

  1. • A minimum of 2 years experience in IT administration with a focus on security
  2. • Day to day technical information security experience
  3. • Broad knowledge of security concerns and implementation
  4. Course Content
  5. 1.0 NETWORK SECURITY
  6. 1.1 Implement security configuration parameters on network devices and other technologies.
    1. • Firewalls
    2. • Routers
    3. • Switches
    4. • Load Balancers
    5. • Proxies
    6. • Web security gateways
    7. • VPN concentrators
    8. • NIDS and NIPS
    9. • Protocol analyzers
    10. • Spam filter
    11. • UTM security appliances
    12. • Web application firewall vs. network firewall
    13. • Application aware devices
  7. 1.2 Given a scenario, use secure network administration principles.
    1. • Rule-based management
    2. • Firewall rules
    3. • VLAN management
    4. • Secure router configuration
    5. • Access control lists
    6. • Port Security
    7. • 802.1x
    8. • Flood guards
    9. • Loop protection
    10. • Implicit deny
    11. • Network separation
    12. • Log analysis
    13. • Unified Threat Management
  8. 1.3 Explain network design elements and components.
    1. • DMZ
    2. • Subnetting
    3. • VLAN
    4. • NAT
    5. • Remote Access
    6. • Telephony
    7. • NAC
    8. • Virtualization
    9. • Cloud Computing
    10. • Layered security / Defense in depth
  9. 1.4 Given a scenario, implement common protocols and services.
    1. • Protocols
    2. • Ports
    3. • OSI relevance
  10. 1.5 Given a scenario, troubleshoot security issues related to wireless networking.
    1. • WPA
    2. • WPA2
    3. • WEP
    4. • EAP
    5. • PEAP
    6. • LEAP
    7. • MAC filter
    8. • Disable SSID broadcast
    9. • TKIP
    10. • CCMP
    11. • Antenna Placement
    12. • Power level controls
    13. • Captive portals
    14. • Antenna types
    15. • Site surveys
    16. • VPN (over open wireless)
  11. 2.0 COMPLIANCE AND OPERATIONAL SECURITY
  12. 2.1 Explain the importance of risk related concepts.
    1. • Control types
    2. • False positives
    3. • False negatives
    4. • Importance of policies in reducing risk
    5. • Risk calculation
    6. • Quantitative vs. qualitative
    7. • Vulnerabilities
    8. • Threat vectors
    9. • Probability / threat likelihood
    10. • Risk-avoidance, transference, acceptance, mitigation, deterrence
    11. • Risks associated with Cloud Computing and Virtualization
    12. • Recovery time objective and recovery point objective
  13. 2.2 Summarize the security implications of integrating systems and data with third parties.
    1. • On-boarding/off-boarding business partners
    2. • Social media networks and/or applications
    3. • Interoperability agreements
    4. • Privacy considerations
    5. • Risk awareness
    6. • Unauthorized data sharing
    7. • Data ownership
    8. • Data backups
    9. • Follow security policy and procedures
    10. • Review agreement requirements to verify compliance and performance standards
  14. 2.3 Given a scenario, implement appropriate risk mitigation strategies.
    1. • Change management
    2. • Incident management
    3. • User rights and permissions reviews
    4. • Perform routine audits
    5. • Enforce policies and procedures to prevent data loss or theft
    6. • Enforce technology controls
  15. 2.4 Given a scenario, implement basic forensic procedures.
    1. • Order of volatility
    2. • Capture system image
    3. • Network traffic and logs
    4. • Capture video
    5. • Record time offset
    6. • Take hashes
    7. • Screenshots
    8. • Witnesses
    9. • Track man hours and expense
    10. • Chain of custody
    11. • Big Data analysis
  16. 2.5 Summarize common incident response procedures.
    1. • Preparation
    2. • Incident identification
    3. • Escalation and notification
    4. • Mitigation steps
    5. • Lessons learned
    6. • Reporting
    7. • Recovery/reconstitution procedures
    8. • First responder
    9. • Incident isolation
    10. • Data breach
    11. • Damage and loss control
  17. 2.6 Explain the importance of security related awareness and training.
    1. • Security policy training and procedures
    2. • Role-based training
    3. • Personally identifiable information
    4. • Information classification
    5. • Data labeling, handling and disposal
    6. • Compliance with laws, best practices and standards
    7. • User habits
    8. • New threats and new security trends/alerts
    9. • Use of social networking and P2P
    10. • Follow up and gather training metrics to validate compliance and security posture
  18. 2.7 Compare and contrast physical security and environmental controls.
    1. • Environmental controls
    2. • Physical security
    3. • Control types
  19. 2.8 Summarize risk management best practices.
    1. • Business continuity concepts
    2. • Fault tolerance
    3. • Disaster recovery concepts
  20. 2.9 Given a scenario, select the appropriate control to meet the goals of security.
    1. • Confidentiality
    2. • Integrity
    3. • Availability
    4. • Safety
  21. 3.0 THREATS AND VULNERABILITIES
  22. 3.1 Explain types of malware.
    1. • Adware
    2. • Virus
    3. • Spyware
    4. • Trojan
    5. • Rootkits
    6. • Backdoors
    7. • Logic bomb
    8. • Botnets
    9. • Ransomware
    10. • Polymorphic malware
    11. • Armored virus
  23. 3.2 Summarize various types of attacks.
    1. • Man-in-the-middle
    2. • DDoS
    3. • DoS
    4. • Replay
    5. • Smurf attack
    6. • Spoofing
    7. • Spam
    8. • Phishing
    9. • Spim
    10. • Vishing
    11. • Spear phishing
    12. • Xmas attack
    13. • Pharming
    14. • Privilege escalation
    15. • Malicious insider threat
    16. • DNS poisoning and ARP poisoning
    17. • Transitive access
    18. • Client-side attacks
    19. • Password attacks
    20. • Typo squatting/URL hijacking
    21. • Watering hole attack
  24. 3.3 Summarize social engineering attacks and the associated effectiveness with each attack.
    1. • Shoulder surfing
    2. • Dumpster diving
    3. • Tailgating
    4. • Impersonation
    5. • Hoaxes
    6. • Whaling
    7. • Vishing
    8. • Principles (reasons for effectiveness)
  25. 3.4 Explain types of wireless attacks.
    1. • Rogue access points
    2. • Jamming/Interference
    3. • Evil twin
    4. • War driving
    5. • Bluejacking
    6. • Bluesnarfing
    7. • War chalking
    8. • IV attack
    9. • Packet sniffing
    10. • Near field communication
    11. • Replay attacks
    12. • WEP/WPA attacks
    13. • WPS attacks
  26. 3.5 Explain types of application attacks.
    1. • Cross-site scripting
    2. • SQL injection
    3. • LDAP injection
    4. • XML injection
    5. • Directory traversal/command injection
    6. • Buffer overflow
    7. • Integer overflow
    8. • Zero-day
    9. • Cookies and attachments
    10. • LSO (Locally Shared Objects)
    11. • Flash Cookies
    12. • Malicious add-ons
    13. • Session hijacking
    14. • Header manipulation
    15. • Arbitrary code execution / remote code execution
  27. 3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
    1. • Monitoring system logs
    2. • Hardening
    3. • Network security
    4. • Security posture
    5. • Reporting
    6. • Detection controls vs. prevention controls
  28. 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
    1. • Interpret results of security assessment tools
    2. • Tools
    3. • Risk calculations
    4. • Assessment types
    5. • Assessment technique
  29. 3.8 Explain the proper use of penetration testing versus vulnerability scanning.
    1. • Penetration testing
    2. • Vulnerability scanning
    3. • Black box
    4. • White box
    5. • Gray box
  30. 4.0 APPLICATION, DATA AND HOST SECURITY
  31. 4.1 Explain the importance of application security controls and techniques.
    1. • Fuzzing
    2. • Secure coding concepts
    3. • Cross-site scripting prevention
    4. • Cross-site Request Forgery (XSRF) prevention
    5. • Application configuration baseline (proper settings)
    6. • Application hardening
    7. • Application patch management
    8. • NoSQL databases vs. SQL databases
    9. • Server-side vs. Client-side validation
  32. 4.2 Summarize mobile security concepts and technologies.
    1. • Device security
    2. • Application security
    3. • BYOD concerns
  33. 4.3 Given a scenario, select the appropriate solution to establish host security.
    1. • Operating system security and settings
    2. • OS hardening
    3. • Anti-malware
    4. • Patch management
    5. • White listing vs. black listing applications
    6. • Trusted OS
    7. • Host-based firewalls
    8. • Host-based intrusion detection
    9. • Hardware security
    10. • Host software baselining
    11. • Virtualization
  34. 4.4 Implement the appropriate controls to ensure data security.
    1. • Cloud storage
    2. • SAN
    3. • Handling Big Data
    4. • Data encryption
    5. • Hardware based encryption devices
    6. • Data in-transit, Data at-rest, Data in-use
    7. • Permissions/ACL
    8. • Data policies
  35. 4.5 Compare and contrast alternative methods to mitigate security risks in static environments.
    1. • Environments
    2. • Methods
  36. 5.0 ACCESS CONTROL AND IDENTITY MANAGEMENT
  37. 5.1 Compare and contrast the function and purpose of authentication services.
    1. • RADIUS
    2. • TACACS+
    3. • Kerberos
    4. • LDAP
    5. • XTACACS
    6. • SAML
    7. • Secure LDAP
  38. 5.2 Given a scenario, select the appropriate authentication, authorization or access control.
    1. • Identification vs. authentication vs. authorization
    2. • Authorization
    3. • Authentication
    4. • Authentication factors
    5. • Identification
    6. • Federation
    7. • Transitive trust/authentication
  39. 5.3 Install and configure security controls when performing account management, based on best practices.
    1. • Mitigate issues associated with users with multiple account/roles and/or shared accounts
    2. • Account policy enforcement
    3. • Group based privileges
    4. • User assigned privileges
    5. • User access reviews
    6. • Continuous monitoring
  40. 6.0 CRYPTOGRAPHY
  41. 6.1 Given a scenario, utilize general cryptography concepts.
    1. • Symmetric vs. asymmetric
    2. • Session keys
    3. • In-band vs. out-of-band key exchange
    4. • Fundamental differences and encryption methods
    5. • Transport encryption
    6. • Non-repudiation
    7. • Hashing
    8. • Key escrow
    9. • Steganography
    10. • Digital signatures
    11. • Use of proven technologies
    12. • Elliptic curve and quantum cryptography
    13. • Ephemeral key
    14. • Perfect forward secrecy
  42. 6.2 Given a scenario, use appropriate cryptographic methods.
    1. • WEP vs. WPA/WPA2 and preshared key
    2. • MD5
    3. • SHA
    4. • RIPEMD
    5. • AES
    6. • DES
    7. • 3DES
    8. • HMAC
    9. • RSA
    10. • Diffie-Hellman
    11. • RC4
    12. • One-time pads
    13. • NTLM
    14. • NTLMv2
    15. • Blowfish
    16. • PGP/GPG
    17. • TwoFish
    18. • DHE
    19. • ECDHE
    20. • CHAP
    21. • PAP
    22. • Comparative strengths and performance of algorithms
    23. • Use of algorithms/protocols with transport encryption
    24. • Cipher suites
    25. • Key stretching
  43. 6.3 Given a scenario, use appropriate PKI, certificate management and associated components.
    1. • Certificate authorities and digital certificates
    2. • PKI
    3. • Recovery agent
    4. • Public key
    5. • Private key
    6. • Registration
    7. • Key escrow
    8. • Trust models