What is CompTIA Security+ Exam?

The CompTIA Security+ exam is broadly recognized certification test for basic level security skills that will be used by organizations and security professionals around the world. The certification training will enable the candidates to gain the knowledge and skills required to install and configure systems to secure applications, networks, and devices.

What are the objectives of CompTIA Security+?

CompTIA Security+ objectives are as follows:

  • Comprehend risk identification and mitigation.
  • Provide operational, information, application and infrastructure security.
  • To secure the network for maintaining availability, integrity, and confidentiality of critical information.
  • Operate within a set of rules and regulations wherever applicable.

CompTIA Security+ Examination Details

 The course is ideal for 

  • System administrator
  • Network Administrator
  • Security Administrator
  • Junior IT Auditor/ Penetration Tester

 

What are CompTIA Security+ exam eligibility requirements?

  • Candidate with a minimum of 2 years’ experience in IT Administration with a focus on security.
  • Day to day technical information security experience.
  • Broad knowledge of security concerns and implementation, including topics in the domain list below:

 

                        DOMAIN              % OF EXAMINATION
1.0 Network Security20%
2.0 Compliance and Operational Security18%
3.0 Threats and Vulnerabilities20%
4.0 Application, Data, and Host Security15%
5.0 Access Control and Identity Management15%
6.0 Cryptography12%
TOTAL100%

 

  1.  Network Security

Implements security configuration parameters on network devices and other technologies.

  • Firewalls
  • Routers
  • Switches
  • Load Balancers
  • Proxies
  • Web Security Gateways
  • VPN concentrators
  • NIDS and NIPS
  • Behavior-based
  • Signature-based
  • Anomaly-based
  • Heuristic
  • Protocol analyzers
  • Spam Filter
  • UTM security appliances
  • URL filter
  • Content Inspection
  • Malware Inspection
  • Web application firewall vs. network firewall
  • Application-aware devices
  • Firewalls
  • IPS
  • IDS
  • Proxies

 

  1.  Compliance and Operational Security

It explains the importance of risk related concepts.

 

  • Control types
  • Technical
  • Mechanical
  • Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk
  • Privacy policy
  • Acceptable use
  • Security policy
  • Mandatory vacations
  • Job rotation
  • Separation of duties
  • Least privilege
  • Risk calculation
  • Likelihood
  • ALE
  • Impact
  • SLE
  • ARO
  • MTTR
  • MTTF
  • MTBF
  • Quantitative vs. Qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability/ threat likelihood
  • Risk-avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated with cloud computing and virtualization
  • Recovery time objective and recovery point objective 

 

  1.  Threats and Vulnerabilities

It explains the types of Malware

 

  • Adware
  • Virus
  • Spyware
  • Trojan
  • Rootkits
  • Backdoors
  • Logic bomb
  • Botnets
  • Ransomware
  • Polymorphic malware
  • Armored virus

 

  1.  Application, Data, and Host Security

It explains the importance of application security controls and techniques.

 

  • Fuzzing
  • Secure coding concepts
  • Error exception handling
  • Input validation
  • Cross-site scripting prevention
  • Cross-site Request Forgery Prevention
  • Application configuration baseline(proper settings)
  • Application hardening
  • Application patch management
  • No SQL databases vs. SQL databases
  • Server-side vs. Client-side validation

 

  1.  Access control and Identity management

It compares and contrasts the function and need for authentication services.

  • RADIUS
  • TACACS+
  • Kerberos
  • LDAP
  • XTACACS
  • SAML
  • Secure LDAP

 

  1.  Cryptography

It utilizes the general cryptography concepts in a given scenario

 

  • Symmetric vs. Asymmetric
  • Session keys
  • In-band vs. out of band key exchange
  • Functional differences and encryption methods
  • Transport encryption
  • Non-repudiation
  • Hashing
  • Key escrow
  • Steganography
  • Digital signatures
  • Use of proven technologies
  • Elliptic curve and quantum cryptography
  • Ephemeral key
  • Perfect forward secrecy

How much does the CompTIA Security+ exam cost?

The exam costs are as follows:

  • North America – USD 339
  • Emerging Market – USD 190
  • Great Britain – GBP 201
  • Europe – EURO 305
  • Japan – JPY 39,756
  • Australia – AUD 458
  • South Africa – ZAR 2,609

What is the qualifying score for CompTIA Security+ Exam?

To qualify for the exam, you will have to achieve a minimum score of 750 out of 900. This duration of this exam is 90 minutes, and it’s an MCQ based questionnaire.

How many attempts can be made to clear the CompTIA Security+ exam?

There is no attempt limitation to take CompTIA Security+ practice test. However, for the first two attempts, there is no waiting period to take the test for another time.

If the candidate fails even for the second time, he/she has to wait for the next fourteen days from the last exam to retake the test

What is the validity of CompTIA Security + Certification?

The CompTIA Certification is valid for three years from the date you pass your exam.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here