Curriculum
What You'll Learn
Security+™ is a vendor-neutral globally recognized validation that a candidate has mastered security job-task skills equivalent to a networking professional with two years of practical networking experience with emphasis on security. Domains included in the Security+™ exam are: General Security Concepts, Communications Security, Infrastructure Security, Basics of Cryptography and Operational/Organizational Security.
Domain 1.0 – General Security Concepts (30%)
1.1 Recognize and be able to differentiate and explain the following access control models
|
|
|
1.2 Recognize and be able to differentiate and explain the following methods of authentication
|
|
|
1.3 Identify non-essential services and protocols and know what actions to take to reduce the risks of those services and protocols
1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
|
|
|
|
1.5 Recognize the following types of malicious code and specify the appropriate actions to take to mitigate vulnerability and risk
|
|
|
|
1.6 Understand the concept of and know how to reduce the risks of social engineering
1.7 Understand the concept and significance of auditing, logging and system scanning
Domain 2.0 – Communication Security - 20%
2.1 Recognize and understand the administration of the following types of remote access technologies
|
|
|
|
2.2 Recognize and understand the administration of the following email security concepts
|
|
|
|
2.3 Recognize and understand the administration of the following Internet security concepts
|
|
|
|
2.4 Recognize and understand the administration of the following directory security concepts
|
|
2.5 Recognize and understand the administration of the following file transfer protocols and concepts
|
|
|
|
8.3 Naming Conventions
2.6 Recognize and understand the administration of the following wireless technologies and concepts
|
|
|
|
Domain 3.0 Infrastructure Security – 20%
3.1 Understand security concerns and concepts of the following types of devices
|
|
|
|
3.2 Understand the security concerns for the following types of media
|
|
|
|
3.3 Understand the concepts behind the following kinds of Security Topologies
|
|
|
|
3.4 Differentiate the following types of intrusion detection, be able to explain the concepts of each type, and understand the implementation and configuration of each kind of intrusion detection system.
|
|
|
3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of intrusion detection system
|
|
|
|
Domain 4.0 Basics of Cryptography – 15%
4.1 Be able to identify and explain each of the following different kinds of cryptographic algorithms
|
|
|
4.2 Understand how cryptography addresses the following security concepts
|
|
|
|
4.3 Understand and be able to explain the following concepts of PKI (Public Key Infrastructure)
|
|
|
|
4.4 Identify and be able to differentiate different cryptographic standards and protocols
4.5 Understand and be able to explain the following concepts of Key Management and Certificate Lifecycles
|
|
|
|
Domain 5.0 Operational / Organizational Security – 15%
5.1 Understand the application of the following concepts of physical security
|
|
|
|
5.2 Understand the security implications of the following topics of disaster recovery
|
|
|
|
5.3 Understand the security implications of the following topics of business continuity
|
|
|
5.4 Understand the concepts and uses of the following types of policies and procedures
|
|
|
|
5.5 Explain the following concepts of privilege management
|
|
|
|
5.6 Understand the concepts of the following topics of forensics
|
|
|
5.7 Understand and be able to explain the following concepts of risk identification
|
|
|
|
5.8 Understand the security relevance of the education and training of end users, executives and human resources
|
|
|
|
5.9 Understand and explain the following documentation concepts
|
|
|
|