CompTIA Security+ 601

Module 1: General Security Concepts

• Introduction
• Fundamental security concepts
• Categories and types of security control
• Physical security
• Change management

Exam objectives covered in this chapter:

• Compare and contrast various types of security controls.
• Summarize the fundamental security concepts.
• Explain the importance of change management processes and their impact on security.

Module 2: Cryptographic Solutions and Threats

• Cryptography concepts
• Cryptography implementations
• Cryptographic tools
• Public Key Infrastructure (PKI)
• Threats
• Social engineering

Exam objectives covered in this chapter:

• Explain the importance of using appropriate cryptographic solutions.
• Compare and contrast common threat actors and motivations.
• Explain common threat vectors and attack surfaces

Module 3: Vulnerabilities, indicators of malicious activity and mitigation

• Types of vulnerabilities
• Indicators of malicious activity
• Mitigation techniques to protect the company

Exam objectives covered in this chapter:

• Explain the different types of vulnerabilities.
• Given a scenario, analyze the indicators of malicious activity.
• Explain the purpose of the mitigation techniques used to protect the company.

Module 4: Secure network and cloud architectures and data protection

• Security implications of different architectural models
• Secure business infrastructure
• Concepts and strategies for data protection

Exam objectives covered in this chapter:

• Compare and contrast the security implications of different architectural models.
• Given a scenario, apply security principles to protect the business infrastructure.
• Compare and contrast concepts and strategies for protecting data.

Module 5: Resilience and recovery, secure computing resources and asset management

• Importance of resilience and recovery in security architecture
• Common security techniques for computer resources
• Secure asset management

Exam objectives covered in this chapter:

• Explain the importance of resilience and recovery in security architecture.
• Given a scenario, apply common security techniques to computer resources.
• Explain the security implications of proper management of hardware, software, and data assets.

Module 6: Vulnerability management, alerts and monitoring, and improving enterprise security

• Activities associated with vulnerability management
• Security alerts and monitoring
• Modify business capabilities to improve security

Exam objectives covered in this chapter:

• Explain various activities associated with vulnerability management.
• Explain the concepts and tools for security alerting and monitoring.
• Given a scenario, modify the company's capabilities to improve security.

Module 7: Identity and access management, automation and orchestration, incident response, and log data

• Implement and maintain identity and access management (IAM)
• Automation and orchestration for secure operations
• Incident response
• Registration data

Exam objectives covered in this chapter:

• Given a scenario, implement and maintain identity and access management.
• Explain the importance of automation and orchestration related to safe operations.
• Explain the appropriate incident response activities.
• Given a scenario, use data sources to support an investigation.

Module 8: Governance and Risk Management

• Security governance
• Risk management process
• Third-party risk assessment and management

Exam objectives covered in this chapter:

• Summarize the elements of effective security governance.
• Explain the elements of the risk management process.
• Explain the processes associated with third-party risk assessment and management.

Module 9: Compliance, audits and assessments, and security awareness

• Security compliance
• Audits and assessments
• Safety awareness

Exam objectives covered in this chapter:

• Summarize the elements of effective security compliance.
• Explain the types and purposes of audits and evaluations.
• Given a scenario, implement safety awareness practices.