BytesCertification Based

Cybersecurity

CompTIA Security+ (SY0-701) Exam Crash

Beginner

By: Raymond Lacoste

Overview

This microlearning course specifically targets high value targets for the preparation of the CompTIA Security+ 007 certification.

Use this to close any gaps in readiness for the exam. If you do not have significant experience with cybersecurity concepts already, we encourage you to take the larger full-scale class. That said, if you are ready and willing, dive and and get ready for this hard-hitting course that will prime you for success on the exam.

Modules

1. General Security Concepts

1.1 Detective Controls3 min

1.2 Preventive Controls2 min

1.3 Two-Person Integrity Security Controls2 min

1.4 Managerial Control2 min

1.5 Honeypot2 min

1.6 Zero Trust Control and Data Plane3 min

1.7 Non-Repudiation3 min

1.8 Controlling Access to a Secure Facility3 min

1.9 Zero Trust Architecture3 min

1.10 Application Allow List2 min

1.11 Change Management2 min

1.12 Backout Plans2 min

1.13 Legacy System Security Concerns2 min

1.14 Salting3 min

1.15 Full Disk Encryption2 min

1.16 Certificate Signing Requests3 min

1.17 Online Certificate Status Protocol3 min

1.18 Tuning Security Tools3 min

1.19 Protecting Mobile Devices with Full-Disk Encryption3 min

1.20 Tokenization3 min

2. Threats, Vulnerabilities, and Mitigations

2.1 Threat Actors2 min

2.2 Shadow IT3 min

2.3 Business Email Compromise2 min

2.4 Invoice Scams3 min

2.5 Smishing Using Impersonation2 min

2.6 SQL Injections3 min

2.7 Memory Injection3 min

2.8 Cross-Site Request Forgery3 min

2.9 Side Loading3 min

2.10 Protecting Legacy Systems and Legacy IoT Devices3 min

2.11 Hardware Vulnerabilities2 min

2.12 End-Of-Life and End-Of-Support3 min

2.13 Prevent XSS with Input Sanitization3 min

2.14 Jailbreaking2 min

2.15 Brute Force2 min

2.16 Password Spraying2 min

2.17 Data Exfiltration Symptoms - DNS Tunneling2 min

2.18 DDoS and Availability3 min

2.19 Reflected Denial of Service2 min

2.20 An Example of a Ransomware Attack3 min

2.21 Principle of Least Privilege2 min

2.22 Access-List Creation3 min

2.23 Job Rotation2 min

2.24 Mitigating XSS with HTTP Headers2 min

2.25 chmod3 min

2.26 Allowing and Denying DNS With ACLs3 min

2.27 Segmentation3 min

3. Security Architecture

3.1 Serverless Framework3 min

3.2 Data Classifications3 min

3.3 Air Gap2 min

3.4 Software as a Service (SaaS)2 min

3.5 Consideration of a High Availability Network2 min

3.6 Efficiencies of Containerization2 min

3.7 Scenario: Software as a Service (SaaS)2 min

3.8 On-Premises vs Cloud-Based vs Hybrid3 min

3.9 Jump Servers and Bastion Hosts3 min

3.10 Load Balancing3 min

3.11 Web Application Firewall1 min

3.12 Application Inspection With NGFW3 min

3.13 IPS Use Case3 min

3.14 Securing Remote Access with VPNs2 min

3.15 Port Security3 min

3.16 Behavioral Based Rules3 min

3.17 Preventing A MAC Address Flooding Attack with Port Security4 min

3.18 Secure Web Gateway3 min

3.19 Intellectual Property2 min

3.20 Sensitive Data3 min

3.21 Geolocation Policy2 min

3.22 File Hashes3 min

3.23 Obfuscation Toolkits2 min

3.24 Controlling Data with Virtual Desktop Infrastructure (VDI)3 min

3.25 Geographic Dispersion3 min

3.26 The Goal of Backup Solutions3 min

3.27 Types of Recovery Sites2 min

3.28 Scenario: Using Snapshots2 min

3.29 Load Balancing for High Availability2 min

3.30 Capacity Planning2 min

3.31 Types of Backups2 min

3.32 Mitigating Extended Power Outages1 min

4. Security Operations

4.1 Code Signing3 min

4.2 Input Validation3 min

4.3 Peer Review Code2 min

4.4 Baseline Image Configuration3 min

4.5 Overview of MDM Policies for Lost Devices3 min

4.6 Hardening a Router3 min

4.7 Asset Inventory Stickers and Employee ID Association3 min

4.8 Dumpster Diving3 min

4.9 Attesting Data Destruction2 min

4.10 Importance of Asset Inventory3 min

4.11 Bug Bounty Programs1 min

4.12 Compensating Controls3 min

4.13 False Positives3 min

4.14 Daily Vulnerability Scans3 min

4.15 Scenario: Identifying Cloned Mac Addresses3 min

4.16 Red Team1 min

4.17 Using hping3 min

4.18 Partially Known Environment Penetration Test1 min

4.19 CVE and CVSS3 min

4.20 Identifying Legacy Systems1 min

4.21 Scenario: The Need for Patching2 min

4.22 Data Loss Prevention3 min

4.23 SIEM2 min

4.24 Identifying C&C Hosts with Logs3 min

4.25 Securing Communication Using SSH and SFTP3 min

4.26 HTTP vs HTTPs3 min

4.27 IDS vs IPS Placement3 min

4.28 Multifactor Authentication3 min

4.29 Hashing Passwords3 min

4.30 Default Passwords1 min

4.31 Understanding SMS OTP and TOTP Authentication Methods3 min

4.32 Time-of-Day Restrictions2 min

4.33 SSO and Federation3 min

4.34 Password Complexity3 min

4.35 Least Privilege2 min

4.36 Using Automation for Security3 min

4.37 User Provisioning Scripts2 min

4.38 Security Orchestration Automation and Response (SOAR)3 min

4.39 Threat Hunting3 min

4.40 The Purpose of Root Cause Analysis1 min

4.41 Tabletop Exercises2 min

4.42 Incident Response: Preparation1 min

4.43 Containment2 min

4.44 Incident Response: Lessons Learned2 min

4.45 Legal Hold2 min

4.46 Utilizing the Dashboard1 min

4.47 Full Packet Capture2 min

4.48 Understanding Log Sources3 min

4.49 Endpoint Logs2 min

5. Security Program Management and Oversight

5.1 Local Data Protection Regulation3 min

5.2 Disaster Recovery Plan2 min

5.3 Change Control Requests2 min

5.4 Disaster Recovery Plan Components3 min

5.5 Software Development Lifecycle3 min

5.6 Incident Response Playbook3 min

5.7 Aligning to a Cybersecurity Framework3 min

5.8 Global Incident Planning with Your Business Continuity Plan2 min

5.9 Code Repository Security Concerns3 min

5.10 Annualized Rate of Occurrence2 min

5.11 Risk Register2 min

5.12 Annualized Lost Expectancy3 min

5.13 Transfer Risk Strategy2 min

5.14 Risk Appetite2 min

5.15 Using Impact and Likelihood3 min

5.16 Supply Chain Analysis3 min

5.17 Statement Operations Work1 min

5.18 Service Level Agreement3 min

5.19 Rules of Engagement1 min

5.20 Non-Compliance2 min

5.21 Data Management Policies2 min

5.22 Active Reconnaissance2 min

5.23 Unknown Environment Pentesting2 min

5.24 Reasons For an Audit2 min

5.25 Security Awareness Programs3 min

5.26 Phishing2 min

5.27 Recurring Training3 min

5.28 Insider Threats3 min

5.29 Reporting Phishing and Unusual Behavior3 min

5.30 Unidentified Removable Devices3 min

5.31 Social Engineering Example3 min

5.32 Security Awareness Training3 min

Ready to Elevate Your Team's Learning?

Talk with our sales team to see how StormWind can transform the way your organization trains and grows.

CONTACT SALES