上海甫崎信息安全技術(shù)專家Security+認證培訓(xùn)課程

考試相關(guān)

CompTIA Security+ 已獲得 ISO 17024 國際標(biāo)準認證（人員認證認可），并因此相應(yīng)地定期審查和更新考試大綱。下表所列的是本版考試的范圍，這是根據(jù)專家主題研討的結(jié)論以及對擁有兩年工作經(jīng)驗的具備相關(guān)信息安全專業(yè)知識和技能的企業(yè)人員的調(diào)查而修訂的。

本考試大綱包含各領(lǐng)域所占的百分比、測試目標(biāo)和示例內(nèi)容。這里給出了主題和概念作為示例用以明確考試目標(biāo)，但其不應(yīng)該被誤讀為是考試全部內(nèi)容的完整列表。

注意事項

以下并未列出每個考綱的所有項目。雖然它們沒有包含在此文檔中，考試中也可能包含與每個目標(biāo)相關(guān)的技術(shù)、過程或任務(wù)的其他示例

Security+考試語言

目前為英文 

考試形式

Pearson VUE 考試中心機考

課程大綱

內(nèi)容

1.0 Network Security             網(wǎng)絡(luò)安全

Implement security configuration parameters on network devices and other technologies. 網(wǎng)絡(luò)設(shè)備和其他設(shè)備上實施安全配置參數(shù)

given a scenario,use secure network a dministration principles. 給定一個場景，應(yīng)用安全網(wǎng)絡(luò)管理原則

Explaain network design elements and components.  解釋網(wǎng)絡(luò)設(shè)計的元素和組件。

Given a scenario, implement common protocols and services. 給定一個場景，實施通用的和服務(wù)

Given a scenario,troubleshoot security issues related to wireless networking.  給定一個場景，對無線組網(wǎng)中的安全問題進行故障排

2.0 Compliance and      Operational Security                       合規(guī)與運維安全

Explain the importance of risk related concepts.解釋風(fēng)險相關(guān)概念的重要性

Summarize the security implications of integrating systems and data with third parties.總結(jié)與第三方集成系統(tǒng)與數(shù)據(jù)的安全含義

Given a scenario,implement appropriate risk mitigation strategies.     給定一個場景，實施正確的風(fēng)險降低策略

Given a scenario,implement basic forensic procedures.給定一個場景，實施基本的取證程序

Summarize common incident response procedures. 總結(jié)通用的事件響應(yīng)程序

Explain the importance of security related awareness and training.      解釋安全相關(guān)意識和培訓(xùn)的重要性

Compare and contrast physical secuity and environmental controls.     比較和對比物理安全環(huán)境控制

Summarize risk management best practices.  總結(jié)風(fēng)險管理的實踐

Given a scenario,select the appropriate control to meet the goals of security.  給定一個場景，選擇合適的控制來滿足安全目標(biāo)

3.0 Threats and          Vulnerabilities                 威脅與漏洞

Explain types of malware.解釋各種惡意軟件

Summarize various types of attacks.總結(jié)不同類型的攻擊

Summarize social engineering attacks and the associated effectiveness with each attack.   總結(jié)社會工程攻擊和相關(guān)每個攻擊的有效性

Explain types of wireless attacks. 解釋無線攻擊的類型

Explain types of application attacks.解釋應(yīng)用攻擊的類型

Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

Given a scenario,use appropriate tools and techniques to discover security threats and vulnerabilities.

Explain the proper use of penetration testing versus vulnerability scanning.   解釋如何正確使用滲透測試與漏洞掃描

4.0 Application,Data and      Host Security                  應(yīng)用、數(shù)據(jù)和主機安全

Explain the importance of application security controls and techniques.解釋應(yīng)用安全控制盒技術(shù)的重要性

Summarize mobile security concepts and technologies.總結(jié)移動安全的概念與技術(shù)

Given a scenario,select the appropriate solution to establish host security.給定一個場景，選擇合適的方案來建立主機安全

Implement the appropriate controls to ensure data security.實施合適的控制來保障數(shù)據(jù)安全

Compare and contrast alternative methods to mitigate secuity risks in static environments.

5.0 Access Control and           Identity Management            訪問控制與身份管理

Compare and contrast the function and purpose of authentication services.比較和對比認證服務(wù)的功能和目標(biāo)

Given a scenario,select the appropriate authentication,authorization or access control.

Install and configure security controls when pertorming account management,based on best practices.

6.0 Cryptgraphy                 密碼學(xué)

Given a scenario,utilize general cryptography concepts. 給定一個場景，使用通用密碼學(xué)概念

Given a scenario,use appropriate cryptographic methods.給定一個場景，使用合適的密碼學(xué)方法

Given a scenario,use appropriate PKI,certificate management and associated components.