Comptia Security+ (Sy0-601) Course With Practice Exam

Full Practice Exam | Simulated PBQs | Video Lessons | Everything you need to pass the CompTIA Security+ SY0-601 exam

What you'll learn

Get access to this complete and high-quality course for the CompTIA Security+ SY0-601 certification exam

Pass the CompTIA Security+ with confidence and learn practical skills you can directly apply on-the-job

Common threats, attacks, and vulnerabilities (social engineering, malware, network-based, cloud-based, supply-chain, etc…) and how to defend against them

Proper security architecture and design for: enterprise environments, cloud computing, app development, authentication & authorization, and more

How to properly implement secure protocols, host & app security solutions, secure network designs, mobile solutions, cloud solutions, PKI, and more

Incident response approaches: selecting the right tools, policies, processes, and procedures, key aspects of digital forensics, and mitigation techniques

Governance, Risk, and Compliance concepts: controls, frameworks, regulations & standards, policies, risk management, and privacy for the enterprise

Full practice exam (multiple choice Q&A) and Performance-Based Questions (PBQs) with explanations included!

Requirements

Basic familiarity with computers

The course covers all topics in detail, but a general understanding of networking is helpful

No prior certifications required

Windows / Mac OS / Linux machine with internet access

Description

Welcome! I'm here to help you prepare for and PASS the CompTIA Security+ SY0-601 exam!Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need.–––––––––––-Are you trying to get started in cybersecurity? Or are you looking to get a higher-paying job?The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications.By the way, my name is Christophe Limpalair and I’m the founder of Cybr, a cybersecurity training platform, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified.I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn.This exam has 5 different domains:Domain 1 is about Attacks, Threats, and Vulnerabilities – which is 24% of the examDomain 2 is about Architecture and Design – which is 21% of the examDomain 3 is about Implementation – which is 25% of the examDomain 4 is about Operations and Incident Response – which is 16% of the examDomain 5 is about Governance, Risk, and Compliance – which is 14% of the examWithin these domains, you will learn about malware, web/cloud/network attacks, cryptography, network configurations, authentication, and much, much more.If any of those topics sound overwhelming to you — don’t worry! I walk you through it all lesson by lesson.In fact, this course has over 300 video lessons which is over 23 hours of high-quality video content as well as additional learning materials including a study template you can customize, a full list of Security+ acronyms and their definitions, and knowledge check quizzes.I’ve even included a multiple-choice practice exam at the end of the course to validate your knowledge and understanding, and I provide free access to multiple Performance-Based Questions (PBQs) that you can take and that mimic PBQs you can expect to see on the exam.On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks.If you still have doubts, by the way, I provide a 30-day money-back policy pursuant to Udemy's refund policies.With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level!I’ll see you in the course!–––––––––––-About the InstructorHi, my name is Christophe Limpalair, and I will be your instructor for this course. I got my start in IT at the age of 11 building websites for organizations. This is where I first learned the importance of writing secure code because some of my websites got hacked and I had to figure out how. Back then, there weren't very many affordable learning resources for this topic, so figuring this out was very painful at times. That's when I first started to realize that more training was needed in IT. Fast-forward a few years, and this thing called "AWS" was becoming more and more popular. I started learning how it worked by migrating a few of my projects to it, and I fell in love. Cloud computing was the real deal and I knew it was going to become more and more important over time, so I learned as much of it as I could. Around the same time, I founded a training platform for developers which got acquired by Linux Academy in 2016. There, I authored multiple AWS courses including: AWS Lambda Deep Dive, AWS Certified Developer Associate (certification course), AWS Certified DevOps Engineer Professional (certification course), AWS Backup Strategies, and more. I also helped build and secure our Hands-On Labs platform which was constantly under attack because malicious actors wanted to abuse our lab platform to mine cryptocurrency or to launch external attacks from our infrastructure. At the same time, many of our business customers were also sharing that they had issues and concerns with making sure their cloud environments and resources were secure, especially as they were migrating from on-prem.Once Linux Academy was acquired and merged with ACloudGuru in 2019, I decided to launch my own training platform called Cybr to provide affordable cybersecurity training, including this course and AWS cloud security courses, as well as ethical hacking courses.Long story short, I've been in IT for about 20 years and I've gotten exposure to web development, cloud computing, and cybersecurity. These are all topics I'm passionate about and that are needed to understand for the Security+ exam, and I love giving back because so many people have helped me along my journey. That's why I've been creating both free and affordable training material for over 7 years, and that's why I created a free community that all are welcome to join. I hope to see you in my community and in my course!–––––––––––-This course also comes with:Lifetime access to the contentUdemy Certificate of CompletionFree access to a cybersecurity communityNotion study template you can fully customizeFull list of Security+ acronyms and their definitionsFull practice exam (multiple choice Q&A) with explanationsPerformance-Based Questions (PBQs) with explanationsLet's get you CompTIA Security+ certified!

Overview

Section 1: About the course and exam

Lecture 1 About the course and certification

Lecture 2 About the course author

Lecture 3 Pre-requisites

Lecture 4 Tools and tips to help you study more efficiently

Lecture 5 Study techniques that will help you pass

Lecture 6 What surprised me the most about the exam

Lecture 7 Join our Discord community for support and interaction

Lecture 8 Acronym definitions and study template

Section 2: Domain 1: Threats, Attacks, and Vulnerabilities

Lecture 9 About threats, attacks, and vulnerabilities

Section 3: 1.1: Compare and contrast social engineering techniques

Lecture 10 What is social engineering?

Lecture 11 Principles

Lecture 12 Spam

Lecture 13 Blocking and Managing Spam

Lecture 14 Phishing

Lecture 15 Smishing

Lecture 16 Vishing

Lecture 17 Spear phishing

Lecture 18 Whaling

Lecture 19 Impersonation

Lecture 20 Dumpster diving

Lecture 21 Shoulder surfing

Lecture 22 Pharming

Lecture 23 Tailgating

Lecture 24 Eliciting information

Lecture 25 Prepending

Lecture 26 Identity fraud

Lecture 27 Invoice scams

Lecture 28 Credentials harvesting

Lecture 29 Reconnaissance

Lecture 30 Hoax

Lecture 31 Watering hole attack

Lecture 32 Typo squatting and URL Hijacking

Lecture 33 Influence campaigns

Lecture 34 Hybrid warfare

Section 4: 1.2: Analyze potential indicators to determine the type of attack

Lecture 35 What is malware?

Lecture 36 Malware classification

Lecture 37 Virus

Lecture 38 Worms

Lecture 39 Backdoor

Lecture 40 Trojans

Lecture 41 Remote access Trojan (RAT)

Lecture 42 Ransomware and Crypto Malware

Lecture 43 How does ransomware work?

Lecture 44 Potentially unwanted programs (PUPs)

Lecture 45 Spyware

Lecture 46 Adware & Malvertising

Lecture 47 Keyloggers

Lecture 48 Fileless malware

Lecture 49 Logic bombs

Lecture 50 Rootkit

Lecture 51 Bots and Botnets

Lecture 52 Command and control

Lecture 53 What are password attacks?

Lecture 54 Plaintext, encrypted, and hashed passwords

Lecture 55 Brute force

Lecture 56 Dictionary attacks

Lecture 57 Spraying attacks

Lecture 58 Rainbow and hash tables

Lecture 59 Credential stuffing

Lecture 60 What are physical attacks?

Lecture 61 Malicious universal serial bus (USB) cable

Lecture 62 Malicious flash drive

Lecture 63 Card cloning

Lecture 64 Skimming

Lecture 65 What is adversarial AI and tainted training for ML?

Lecture 66 Supply-chain attacks

Lecture 67 Cloud-based vs. on-premises attacks

Lecture 68 Cryptography concepts

Lecture 69 Cryptographic attacks

Section 5: 1.3: Analyze potential indicators associated with application attacks

Lecture 70 Privilege escalation

Lecture 71 Improper input handling

Lecture 72 Improper error handling

Lecture 73 Cross-Site Scripting (XSS)

Lecture 74 Structured query language (SQL Injections)

Lecture 75 Dynamic Link Library (DLL Injections)

Lecture 76 Lightweight directory access protocol (LDAP Injections)

Lecture 77 Extensible Markup Language (XML) and XPATH Injections

Lecture 78 XXE Injections

Lecture 79 Directory traversal

Lecture 80 Request forgeries

Lecture 81 Application Programming Interface (API) attacks

Lecture 82 Secure Sockets Layer (SSL) stripping

Lecture 83 Replay attack (session replays)

Lecture 84 Pass the hash

Lecture 85 Race conditions (time of check and time of use)

Lecture 86 Resource exhaustion

Lecture 87 Memory leak

Lecture 88 Pointer/object dereference

Lecture 89 Integer overflow

Lecture 90 Buffer overflows

Lecture 91 Driver manipulation (shimming and refactoring)

Section 6: 1.4: Analyze potential indicators of network attacks

Lecture 92 What are wireless attacks?

Lecture 93 Distributed Denial of Service (DDoS)

Lecture 94 Rogue access point and Evil Twin

Lecture 95 Bluesnarfing and Bluejacking

Lecture 96 Disassociation and Jamming

Lecture 97 Radio Frequency Identifier (RFID) attacks

Lecture 98 Near Field Communication (NFC) attacks

Lecture 99 Initialization Vector (IV)

Lecture 100 Man in the middle

Lecture 101 Man in the browser

Lecture 102 What are layer 2 attacks?

Lecture 103 Address resolution protocol (ARP) poisoning

Lecture 104 Media access control (MAC) flooding

Lecture 105 MAC cloning & spoofing

Lecture 106 What are Domain Name System (DNS) attacks and defenses?

Lecture 107 Domain hijacking

Lecture 108 DNS poisoning

Lecture 109 Universal resource locator (URL) redirection

Lecture 110 Domain reputation

Section 7: 1.5: Explain threat actors, vectors, and intelligence sources

Lecture 111 What are actors and threats?

Lecture 112 Attributes of actors

Lecture 113 Vectors

Lecture 114 Insider threats

Lecture 115 State actors

Lecture 116 Hacktivists

Lecture 117 Script kiddies

Lecture 118 Hackers (white hat, black hat, gray hat)

Lecture 119 Criminal syndicates

Lecture 120 Advanced persistent threat (APT)

Lecture 121 Shadow IT

Lecture 122 Competitors

Lecture 123 Threat intelligence sources (OSINT and others)

Lecture 124 Using threat intelligence

Lecture 125 Research sources

Section 8: 1.6: Security concerns associated with various vulnerabilities

Lecture 126 Cloud-based vs. on-premises vulnerabilities

Lecture 127 Zero-day vulnerabilities

Lecture 128 Weak configurations

Lecture 129 Weak encryption, hashing, and digital signatures

Lecture 130 Third-party risks

Lecture 131 Improper or weak patch management

Lecture 132 Legacy platforms

Lecture 133 Impacts

Section 9: 1.7 Summarizing techniques used in security assessments

Lecture 134 Threat hunting

Lecture 135 Vulnerability scans

Lecture 136 Syslog/Security information and event management (SIEM)

Lecture 137 Security orchestration, automation, response (SOAR)

Section 10: 1.8 Explaining techniques used in penetration testing

Lecture 138 Important pentesting concepts

Lecture 139 Bug bounties

Lecture 140 Exercise types (red, blue, white, and purple teams)

Lecture 141 Passive and active reconnaissance

Section 11: Domain 2: Architecture and Design

Lecture 142 About architecture and design

Section 12: 2.1: Explaining the importance of security concepts in an enterprise environment

Lecture 143 Configuration management

Lecture 144 Data sovereignty

Lecture 145 Data protection

Lecture 146 Hardware security module (HSM) and Trusted Platform Module (TPM)

Lecture 147 Geographical considerations

Lecture 148 Cloud access security broker (CASB)

Lecture 149 Response and recovery controls

Lecture 150 Secure Sockets Layer (SSL) and Transport Layer Security (TLS) inspection

Lecture 151 Hashing

Lecture 152 API considerations

Lecture 153 Site resiliency

Lecture 154 Deception and disruption

Section 13: 2.2: Virtualization and cloud computing concepts

Lecture 155 Comparing cloud models

Lecture 156 Cloud service providers

Lecture 157 Virtualization

Lecture 158 Containers

Lecture 159 Microservices and APIs

Lecture 160 Serverless architecture

Lecture 161 MSPs and MSSPs

Lecture 162 On-premises vs. off-premises

Lecture 163 Edge computing

Lecture 164 Fog computing

Lecture 165 Thin client

Lecture 166 Infrastructure as Code (IaC)

Lecture 167 Services integration

Lecture 168 Resource policies

Lecture 169 Transit gateway

Section 14: 2.3: Secure application development, deployment, and automation concepts

Lecture 170 Understanding development environments

Lecture 171 Automation and scripting

Lecture 172 Version control

Lecture 173 Secure coding techniques

Lecture 174 Open Web Application Security Project (OWASP)

Lecture 175 Integrity measurement

Lecture 176 Software diversity

Lecture 177 Provisioning and deprovisioning

Lecture 178 Elasticity

Lecture 179 Scalability

Section 15: 2.4: Authentication and authorization design concepts

Lecture 180 Important authentication and authorization concepts

Lecture 181 Multifactor authentication (MFA) factors and attributes

Lecture 182 Authentication technologies

Lecture 183 Biometrics techniques and concepts

Lecture 184 Authentication, authorization, and accounting (AAA)

Lecture 185 Cloud vs. on-premises requirements

Section 16: 2.5: Implementing cybersecurity resilience

Lecture 186 What is redundancy

Lecture 187 Disk redundancy (RAID levels)

Lecture 188 Network redundancy

Lecture 189 Power redundancy

Lecture 190 Replication

Lecture 191 Backup types (full, incremental, differential, and snapshot)

Lecture 192 Backup types practice scenarios

Lecture 193 Backup devices and strategies

Lecture 194 Non-persistence

Lecture 195 Restoration order

Lecture 196 Diversity

Section 17: 2.6: Security implications of embedded and specialized systems

Lecture 197 What are embedded systems?

Lecture 198 System on a Chip (SoC)

Lecture 199 SCADA and ICS

Lecture 200 Internet of Things (IoT)

Lecture 201 Specialized systems

Lecture 202 VoIP, HVAC, Drones/AVs, MFP, RTOS, Surveillance systems

Lecture 203 Communication considerations

Lecture 204 Important constraints

Section 18: 2.7: Importance of physical security controls

Lecture 205 Bollards/barricades, Mantraps, Badges, Alarms, Signage

Lecture 206 Lighting and fencing

Lecture 207 Cameras and Closed-circuit television (CCTV)

Lecture 208 Industrial camouflage

Lecture 209 Personnel, robots, drones/UAVs

Lecture 210 Locks

Lecture 211 Different sensors

Lecture 212 Fire suppression

Lecture 213 Protected cable distribution (PCD)

Lecture 214 Secure areas (air gap, faraday cages, DMZ, etc…)

Lecture 215 Hot and cold aisles

Lecture 216 Secure data destruction

Lecture 217 USB data blocker

Section 19: 2.8: Basics of cryptography

Lecture 218 Common use cases

Lecture 219 Key length

Lecture 220 Key stretching

Lecture 221 Salting, hashing, digital signatures

Lecture 222 Perfect forward secrecy

Lecture 223 Elliptic curve cryptography

Lecture 224 Ephemeral

Lecture 225 Symmetric vs. asymmetric encryption

Lecture 226 Key exchange

Lecture 227 Cipher suites

Lecture 228 Modes of operation

Lecture 229 Lightweight cryptography and Homomorphic encryption

Lecture 230 Steganography

Lecture 231 Blockchain

Lecture 232 Quantum and post-quantum

Lecture 233 Limitations

Section 20: Domain 3: Implementation

Lecture 234 About implementation

Section 21: 3.1: Implement Secure Protocols

Lecture 235 Important protocols to know and use cases

Lecture 236 Important email secure protocols

Lecture 237 IPsec and VPN

Lecture 238 FTPS, SFTP, SCP

Lecture 239 DNSSEC

Lecture 240 SRTP and NTPsec

Lecture 241 DHCP

Lecture 242 SNMP and SNMPv3

Section 22: 3.2: Implement host or application security solutions

Lecture 243 Endpoint protection

Lecture 244 Self-encrypting drive (SED), full disk encryption (FDE), and file-level encrypti

Lecture 245 Boot integrity

Lecture 246 Database and data security

Lecture 247 Application security

Lecture 248 Hardening hosts

Lecture 249 Sandboxing

Section 23: 3.3: Implement secure network designs

Lecture 250 DNS

Lecture 251 Load balancing

Lecture 252 Network segmentation

Lecture 253 East-West and North-South

Lecture 254 Jump servers (bastion hosts)

Lecture 255 NAT Gateways

Lecture 256 Proxy servers

Lecture 257 Out-of-band management

Lecture 258 Virtual Private Networks (VPNs) and IPsec

Lecture 259 Network Access Control (NAC)

Lecture 260 Port security

Lecture 261 Network-based intrusion detection and prevention system (NIDS and NIPS)

Lecture 262 Firewalls

Lecture 263 Next-Generation Firewalls

Lecture 264 Access Control List (ACL) and Security Groups (SGs)

Lecture 265 Quality of Service (QoS)

Lecture 266 Implications of IPv6

Lecture 267 Port scanning and port mirroring

Lecture 268 File integrity monitors

Section 24: 3.4: Install and configure wireless security settings

Lecture 269 Cryptographic protocols

Lecture 270 Methods

Lecture 271 Authentication protocols

Lecture 272 Installation considerations

Section 25: 3.5: Implement secure mobile solutions

Lecture 273 Connection methods and receivers

Lecture 274 Mobile deployment models

Lecture 275 Mobile device management (MDM)

Lecture 276 Mobile devices

Lecture 277 Enforcement and monitoring

Section 26: 3.6: Apply cybersecurity solutions to the cloud

Lecture 278 Cloud security controls

Lecture 279 Secure cloud storage

Lecture 280 Secure cloud networking

Lecture 281 Secure cloud compute resources

Lecture 282 Secure cloud solutions

Section 27: 3.7: Implement identity and account management controls

Lecture 283 Understanding identity

Lecture 284 Account types to consider

Lecture 285 Account policies to consider

Section 28: 3.8: Implement authentication and authorization solutions

Lecture 286 Authentication management

Lecture 287 Authentication protocols and considerations

Lecture 288 Extensible Authentication Protocol (EAP)

Lecture 289 RADIUS and TACACS+

Lecture 290 Kerberos, LDAP, and NTLM

Lecture 291 Federated Identities

Lecture 292 Access control schemes

Section 29: 3.9: Implement public key infrastructure

Lecture 293 What is public key infrastructure?

Lecture 294 Types of certificates

Lecture 295 Certificate formats

Lecture 296 Important concepts

Section 30: Domain 4: Operations and Incident Response

Lecture 297 About operations and incident response

Section 31: 4.1: Use the appropriate tools to assess organizational security

Lecture 298 Network reconnaissance and discovery part 1

Lecture 299 Network reconnaissance and discovery part 2

Lecture 300 File manipulation

Lecture 301 Shell and script environments

Lecture 302 Packet capture and replay

Lecture 303 Forensics tools

Lecture 304 Exploitation frameworks

Lecture 305 Password crackers

Lecture 306 Data sanitization

Section 32: 4.2: Policies, processes, and procedures for incident response

Lecture 307 Incident response plans

Lecture 308 Incident response process

Lecture 309 Important exercises

Lecture 310 Important attack frameworks

Lecture 311 BCP, COOP, and DRP

Lecture 312 Incident response team and stakeholder management

Lecture 313 Retention policies

Section 33: 4.3: Using appropriate data sources to support investigations after an incident

Lecture 314 Vulnerability scan outputs

Lecture 315 SIEM dashboards

Lecture 316 Log files

Lecture 317 Syslog, rsyslog, syslog-ng

Lecture 318 Journald and journalctl

Lecture 319 NXLog

Lecture 320 Bandwidth and network monitors

Lecture 321 Important and useful metadata

Section 34: 4.4: Applying mitigation techniques or controls to secure environments during an

Lecture 322 Reconfiguring endpoint security solutions

Lecture 323 Configuration changes

Lecture 324 Isolation, containment, and segmentation

Lecture 325 Secure Orchestration, Automation, and Response (SOAR)

Section 35: 4.5: Key aspects of digital forensics

Lecture 326 Documentation and evidence

Lecture 327 E-discovery, data recovery, and non-repudiation

Lecture 328 Integrity and preservation of information

Lecture 329 Acquisition

Lecture 330 On-premises vs. cloud

Lecture 331 Strategic intelligence and counterintelligence

Section 36: Domain 5: Governance, Risk, and Compliance

Lecture 332 About governance, risk and compliance

Section 37: 5.1: Compare and contrast various types of controls

Lecture 333 Categories

Lecture 334 Control types

Section 38: 5.2 Applicable regulations/standards/frameworks that impact security posture

Lecture 335 Regulations, standards, and legislation

Lecture 336 Key frameworks to know about

Lecture 337 Benchmarks and secure configuration guides

Section 39: 5.3: Importance of policies to organizational security

Lecture 338 Personnel

Lecture 339 User training

Lecture 340 Third-party risk management

Lecture 341 Data

Lecture 342 Credential policies

Lecture 343 Organizational policies

Section 40: 5.4: Risk management processes and concepts

Lecture 344 Types of risks

Lecture 345 Risk management strategies

Lecture 346 Risk analysis

Lecture 347 Disasters

Lecture 348 Business impact analysis

Section 41: 5.5: Privacy and sensitive data concepts in relation to security

Lecture 349 Organizational consequences of privacy breaches

Lecture 350 Notifications of breaches

Lecture 351 Data types

Lecture 352 Privacy enhancing technologies

Lecture 353 Roles and responsibilities

Section 42: Practice Exams and Next Steps

Lecture 354 What should you do next?

Lecture 355 Bonus: FREE Performance-Based Questions (PBQs)

Learners who want to pass the CompTIA Security+ certification,Learners who want to build a solid foundation for cybersecurity by learning best practices,Learners who are seeking a career in cybersecurity,Learners who wish to learn more about common threats facing IT systems, networks, applications, and the cloud