CompTIA Security+ (SY0-401)

1.0 Networking Security

1.1 Explain the security function and purpose of network devices and technologies

1.2 Apply and implement secure network administration principles

1.3 Distinguish and differentiate network design elements and compounds

1.4 Implement and use common protocols

1.5 Identify commonly used default network ports

2.0 Compliance and Operational Security

2.1 Explain risk related concepts

2.2 Carry out appropriate risk mitigation strategies

2.3 Execute appropriate incident response procedures

2.4 Explain the importance of security related awareness and training

2.5 Compare and contrast aspects of business continuity

2.6 Explain the impact and proper use of environmental controls

2.7 Execute disaster recovery plans and procedures

2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA)

3.0 Threats and Vulnerabilities

3.1 Analyze and differentiate among types of malware

3.2 Analyze and differentiate among types of attacks

3.3 Analyze and differentiate among types of social engineering attacks

3.4 Analyze and differentiate among types of wireless attacks

3.5 Analyze and differentiate among types of application attacks

3.6 Analyze and differentiate among types of mitigation and deterrent techniques

3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities

3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.

4.0 Application, Data and Host Security

4.1 Explain the importance of application security

4.2 Carry out appropriate procedures to establish host security

4.3 Explain the importance of data security

5.0 Access Control and Identity Management

5.1 Explain the function and purpose of authentication services

5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control

5.3 Implement appropriate security controls when performing account management