CompTIA Security+ Exam Prep

.LU1 Key Security Risks and Problems

Topic 1: Comparing Security Roles and Security Controls 

• • Compare and contrast information security roles
• • Compare and contrast security control and framework types

Topic 2: Explaining Threat Actors and Threat Intelligence 

• • Explain threat actor types and attack vectors
• • Explain threat intelligence sources

Topic 3: Performing Security Assessments 

• • Assess organizational security with network reconnaissance tools
• • Explain security concerns with general vulnerability types
• • Summarize vulnerability scanning techniques
• • Explain penetration testing concepts

Topic 4: Identifying Social Engineering and Malware 

• • Compare and contrast social engineering techniques
• • Analyze indicators of malware-based attacks

Topic 5: Summarizing Basic Cryptographic Concepts 

• • Compare and contrast cryptographic ciphers
• • Summarize cryptographic modes of operation
• • Summarize cryptographic use cases and weaknesses
• • Summarize other cryptographic technologies

LU2 Design Security System

Topic 6: Implementing Public Key Infrastructure 

• • Implement certificates and certificate authorities
• • Implement PKI management

Topic 7: Implementing Authentication Controls 

• • Summarize authentication design concepts
• • Implement knowledge-based authentication
• • Implement authentication technologies
• • Summarize biometrics authentication concepts

Topic 8: Implementing Identity and Account Management Controls 

• • Implement identity and account types
• • Implement account policies
• • Implement authorization solutions
• • Explain the importance of personnel policies

Topic 9: Implementing Secure Network Designs 

• • Implement secure network designs
• • Implement secure routing and switching
• • Implement secure wireless infrastructure
• • Implement load balancers

LU3 Define Security Specifications

Topic 10: Implementing Network Security Appliances 

• • Implement firewalls and proxy servers
• • Implement network security monitoring
• • Summarize the use of SIEM

Topic 11: Implementing Secure Network Protocols 

• • Implement secure network operations protocols
• • Implement secure application protocols
• • Implement secure remote access protocols

Topic 12: Implementing Host Security Solutions 

• • Implement secure firmware
• • Implement endpoint security
• • Explain embedded system security implications

Topic 13: Implementing Secure Mobile Solutions 

• • Implement mobile device management
• • Implement secure mobile device connections

LU4 Security System Components

Topic 14: Summarizing Secure Application Concepts 

• • Analyze indicators of application attacks
• • Analyze indicators of web application attacks
• • Summarize secure coding practices
• • Implement secure script environments
• • Summarize deployment and automation concepts

Topic 15: Implementing Secure Cloud Solutions 

• • Summarize secure cloud and virtualization services
• • Apply cloud security solutions
• • Summarize infrastructure as code concepts

Topic 16: Explaining Data Privacy and Protection Concepts 

• • Explain privacy and data sensitivity concepts
• • Explain privacy and data protection controls

LU5 Security Assurance

Topic 17: Performing Incident Response 

• • Summarize incident response procedures
• • Utilize appropriate data sources for incident response
• • Apply mitigation controls

Topic 18: Explaining Digital Forensics 

• • Explain key aspects of digital forensics documentation
• • Explain key aspects of digital forensics evidence acquisition

Topic 19: Summarizing Risk Management Concepts 

• • Explain risk management processes and concepts
• • Explain business impact analysis concepts

Topic 20: Implementing Cybersecurity Resilience 

• • Implement redundancy strategies
• • Implement backup strategies
• • Implement cybersecurity resiliency strategies

Topic 21: Explaining Physical Security 

• • Explain the importance of physical site security controls
• • Explain the importance of physical host security controls

Prerequisite:

HRDF Funding

Please refer to this video https://youtu.be/Kzpd-V1F9Xs

1-     HRD Corp Grant Helper

How to submit grant applications for HRD Corp Claimable Courses

2-     Employers are required to apply for the grant at least one week before training commences.

Employers must submit their applications with supporting documents, including invoices/quotations, trainer profiles, training schedule and course content.

3-     First, Login to Employer’s e-TRIS account -https://etris.hrdcorp.gov.my

Second, Click Application

4-     Click Grant on the left side under Applications

5-     Click Apply Grant on the left side under Applications

6-     Click Apply

7-     Choose a Scheme Code and select HRD Corp Claimable Courses: Skim Bantuan Latihan Khas. Then, click Apply

8-     Scheme Code represents all types of training that suit the requirements provided by HRD Corp. Below are the list of schemes offered by HRD Corp:

9-     Select your Immediate Officer and click Next

10-  Select a Training Provider, then click Next

11-  Please select a training programme from the list, then key in all the required details and click Next

Select your desired training programme.

Give an explanation on why the participant is required to attend the training. E.g., related to their tasks/ career development, etc.

Explain the background and objective of this training.

Select a relevant focus area. For Employer-Specific Courses, select ‘Not Applicable’.

12-  If the training programme is a micro-credential programme, you are required to complete these 3 fields. Save and click Next

Insert MiCAS Application number

13-  Based on the nine (9) pillars listed below, HRD Corp Focus Area Courses are closely tied to support government initiatives towards nation building. As such, courses offered through the HRD Corp Focus Areas are designed to provide the workforce with skills required for current and future demands. Details of the focus areas are as follows:

14-  Please select a Course Title and Type of Training

15-  Select the correct type of training according to the actual type of training, or as mentioned in the training brochure:

16-  Please key in the Training Location and click Next

17-  Please select the Level of Certification and click Next

18-  Please follow the instructions and key in trainee details

19-  Click Add Batch, then click Save

20-  Click Add Trainee Details

21-  Please key in all the required details, then click Add

22-  Click Add if there are more participants. Once done, click Save

23-  Click Next

24-  Please key in the course fees and allowance details, then click Save

25-  Estimated cost includes the course fees/external trainer fees, allowances, and consumable training materials. Please comply with the HRD Corp Allowable Cost Matrix.

26-  Select Upfront Payment to Training Provider and key in the percentage from 0% to 30%. Then, click Save and Next

27-  Complete the declaration form and select a desired officer

28-  Add all the required documents, then click Add Attachment. Then, click Save and Submit Application

29-  Once the New Grant Application is successfully submitted, the Grant Officer will evaluate the application accordingly. The application may be queried if additional information is required.

The application status will be updated via the employer’s dashboard, email, and the e-TRiS inbox.

• Information Security Analyst
• Network Administrator
• Systems Administrator
• IT Manager
• Security Consultant
• Cybersecurity Analyst
• IT Auditor
• Security Engineer
• Network Engineer
• Help Desk Technician
• Security Specialist
• IT Project Manager
• Security Administrator
• Risk Analyst
• Compliance Analyst

Peter Cheong :  I am a ACLP certied trainer. Specialise In IT related knowlege and conduct IT Training which Include Microsoft Window Server Technology (Wintel) and Linux - Centos/Red Hat. Comptia ,ITIL , Motorola Solution Trunking System and Cisco Networking. I was worked in Motorola Solutions Conduct Motorola Astro 25 Trunking System For Police Force Malaysia (RMPnet),Taiwan Navy, Indonesia METRO POLDA (Police Force). After that I Join As IT Group Manager For W-Group which include 17 subsidiaries Companies in Real Estate Developer,Plantation, Building Management Services ,Contruction and also Fiber Opti Service Provider in Sabah,Malaysia.

Truman Ng: I am a ACLP certified trainer. With In-depth and diversified experiences from Project Management DevOps, Blockchain, Project Management, Education, IT and even Numerology, I am passionate to meet good people and generate new ideas, in pursuit of realization of better world!