CompTIA Security+ Certification Exam Objectives

1 CompTIA Security+. Certification Exam Objectives EXAM NUMBER: SY0-501. About the Exam The CompTIA Security+ Certification is a vendor-neutral credential. The CompTIA Security+. exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations. The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability. The CompTIA Security+ Certification is aimed at an IT security professional who has: A minimum of two years' experience in IT administration with a focus on security Day-to-day technical information security experience Broad knowledge of security concerns and implementation, including the topics in the domain list These content examples are meant to clarify the test Objectives and should not be construed as a comprehensive listing of all content in this examination.

2 EXAM ACCREDITATION. CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, the exam Objectives undergo regular reviews and updates. EXAM DEVELOPMENT. CompTIA exams result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an IT professional. CompTIA AUTHORIZED MATERIALS USE POLICY. CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any content provided by unauthorized third-party training sites (aka brain dumps ). Individuals who utilize such materials in preparation for any CompTIA examination will have their certifications revoked and be suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more clearly communicate CompTIA 's exam policies on use of unauthorized study materials, CompTIA directs all Certification candidates to the CompTIA Certification Exam Policies.

3 Please review all CompTIA policies before beginning the study process for any CompTIA exam. Candidates will be required to abide by the CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered unauthorized (aka brain dumps ), he/she should contact CompTIA at to confirm. PLEASE NOTE. The lists of examples provided in bulleted format are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this Objectives document. CompTIA is constantly reviewing the content of our exams and updating test questions to be sure our exams are current and the security of the questions is protected. When necessary, we will publish updated exams based on existing exam Objectives . Please know that all related exam preparation materials will still be valid.

4 CompTIA Security+ Certification Exam Objectives Version (Exam Number: SY0-501). TEST DETAILS. Required exam CompTIA Security+ SY0-501. Number of questions Maximum of 90. Types of questions Multiple choice and performance-based Length of test 90 minutes Recommended experience At least two years of experience in IT administration with a focus on security Passing score 750 (on a scale of 100 900). EXAM Objectives (DOMAINS). The table below lists the domains measured by this examination and the extent to which they are represented: DOMAIN PERCENTAGE OF EXAMINATION. Threats, Attacks and Vulnerabilities 21%. Technologies and Tools 22%. Architecture and Design 15%. Identity and Access Management 16%. Risk Management 14%. Cryptography and PKI 12%. Total 100%. CompTIA Security+ Certification Exam Objectives Version (Exam Number: SY0-501). Threats, Attacks and Vulnerabilities Given a scenario, analyze indicators of compromise and determine the type of malware.

5 Viruses Bots Crypto-malware RAT. Ransomware Logic bomb Worm Backdoor Trojan Rootkit Keylogger Adware Spyware Compare and contrast types of attacks. Social engineering - Injection - IV. - Phishing - Cross-site scripting - Evil twin - Spear phishing - Cross-site request forgery - Rogue AP. - Whaling - Privilege escalation - Jamming - Vishing - ARP poisoning - WPS. - Tailgating - Amplification - Bluejacking - Impersonation - DNS poisoning - Bluesnarfing - Dumpster diving - Domain hijacking - RFID. - Shoulder surfing - Man-in-the-browser - NFC. - Hoax - Zero day - Disassociation - Watering hole attack - Replay Cryptographic attacks - Principles (reasons for effectiveness) - Pass the hash - Birthday - Authority - Hijacking and related attacks - Known plain text/cipher text - Intimidation - Clickjacking - Rainbow tables - Consensus - Session hijacking - Dictionary - Scarcity - URL hijacking - Brute force - Familiarity - Typo squatting - Online vs.

6 Offline - Trust - Driver manipulation - Collision - Urgency - Shimming - Downgrade Application/service attacks - Refactoring - Replay - DoS - MAC spoofing - Weak implementations - DDoS - IP spoofing - Man-in-the-middle Wireless attacks - Buffer overflow - Replay CompTIA Security+ Certification Exam Objectives Version (Exam Number: SY0-501). Threats, Attacks and Vulnerabilities Explain threat actor types and attributes. Types of actors Attributes of actors - Script kiddies - Internal/external - Hacktivist - Level of sophistication - Organized crime - Resources/funding - Nation states/APT - Intent/motivation - Insiders Use of open-source intelligence - Competitors Explain penetration testing concepts. Active reconnaissance Black box Passive reconnaissance White box Pivot Gray box Initial exploitation Penetration testing vs. Persistence vulnerability scanning Escalation of privilege Explain vulnerability scanning concepts.

7 Passively test security controls Intrusive vs. non-intrusive Identify vulnerability Credentialed vs. non-credentialed Identify lack of security controls False positive Identify common misconfigurations Explain the impact associated with types of vulnerabilities. Race conditions Memory/buffer vulnerability Vulnerabilities due to: - Memory leak - End-of-life systems - Integer overflow - Embedded systems - Buffer overflow - Lack of vendor support - Pointer dereference Improper input handling - DLL injection Improper error handling System sprawl/undocumented assets Misconfiguration/weak configuration Architecture/design weaknesses Default configuration New threats/zero day Resource exhaustion Improper certificate and Untrained users key management Improperly configured accounts Vulnerable business processes Weak cipher suites and implementations CompTIA Security+ Certification Exam Objectives Version (Exam Number: SY0-501).

8 Technologies and Tools Install and configure network components, both hardware- and software-based, to support organizational security. Firewall Router SIEM. - ACL - ACLs - Aggregation - Application-based vs. network-based - Antispoofing - Correlation - Stateful vs. stateless Switch - Automated alerting and triggers - Implicit deny - Port security - Time synchronization VPN concentrator - Layer 2 vs. Layer 3 - Event deduplication - Remote access vs. site-to-site - Loop prevention - Logs/WORM. - IPSec - Flood guard DLP. - Tunnel mode Proxy - USB blocking - Transport mode - Forward and reverse proxy - Cloud-based - AH - Transparent - Email - ESP - Application/multipurpose NAC. - Split tunnel vs. full tunnel Load balancer - Dissolvable vs. permanent - TLS - Scheduling - Host health checks - Always-on VPN - Affinity - Agent vs. agentless NIPS/NIDS - Round-robin Mail gateway - Signature-based - Active-passive - Spam filter - Heuristic/behavioral - Active-active - DLP.

9 - Anomaly - Virtual IPs - Encryption - Inline vs. passive Access point Bridge - In-band vs. out-of-band - SSID SSL/TLS accelerators - Rules - MAC filtering SSL decryptors - Analytics - Signal strength Media gateway - False positive - Band selection/width Hardware security module - False negative - Antenna types and placement - Fat vs. thin - Controller-based vs. standalone Given a scenario, use appropriate software tools to assess the security posture of an organization. Protocol analyzer Data sanitization tools - tracert Network scanners Steganography tools - nslookup/dig - Rogue system detection Honeypot - arp - Network mapping Backup utilities - ipconfig/ip/ifconfig Wireless scanners/cracker Banner grabbing - tcpdump Password cracker Passive vs. active - nmap Vulnerability scanner Command line tools - netcat Configuration compliance scanner - ping Exploitation frameworks - netstat CompTIA Security+ Certification Exam Objectives Version (Exam Number: SY0-501).

10 Technologies and Tools Given a scenario, troubleshoot common security issues. Unencrypted credentials/clear text - Content filter - Personal email Logs and events anomalies - Access points Unauthorized software Permission issues Weak security configurations Baseline deviation Access violations Personnel issues License compliance violation Certificate issues - Policy violation (availability/integrity). Data exfiltration - Insider threat Asset management Misconfigured devices - Social engineering Authentication issues - Firewall - Social media Given a scenario, analyze and interpret output from security technologies. HIDS/HIPS Application whitelisting UTM. Antivirus Removable media control DLP. File integrity check Advanced malware tools Data execution prevention Host-based firewall Patch management tools Web application firewall Given a scenario, deploy mobile devices securely.