Professor Messer’s CompTIA SY0-701 Security+ Training Course
This is the index to my free CompTIA SY0-701 Security+ training course videos.
All of my training videos are completely free; watch them online right now!
121 Videos – Total Run Time: 15 hours, 11 minutes
Have you downloaded the exam objectives yet?
Click here to get them now.
0.1 – Introduction
CompTIA’s Security+ certification is one of the most popular entry-level certifications for Information Technology professionals. In this video, you’ll learn about the certification requirements and the best methods for studying for the Security+ exam.
Section 1: General Security Concepts
1.1 – Security Controls
We rely on security controls to monitor, alert, and recover from attacks. In this video, you’ll learn about the categories of common security controls.
1.2 – Security Concepts
The CIA triad describes the foundational goals of IT security. In this video, you’ll learn more about confidentiality, integrity, and availability.
Non-repudiation is an important function of cryptography. In this video, you’ll learn about hashing, digital signatures, and non-repudiation.
The AAA process is an important part of network security. In this video, you’ll learn more about authentication, authorization, and accounting.
There’s always room to improve your security posture. In this video, you’ll learn how a security gap analysis can be used to make your network even more secure.
The strategy of zero-trust can be a effective way to increase the security of an organization’s data. In this video, you’ll learn more about best practices regarding zero-trust.
Security tools in the physical world can be effectively used to protect our computing systems. In this video, you’ll learn about physical security devices and techniques.
There are many ways to fool an attacker into disclosing important information about their methods and techniques. In this video, you’ll learn how to use deception and disruption to protect your network.
1.3 – Change Management
As IT professionals, we are constantly updating, modifying, and changing the devices we manage. In this video, you’ll learn how we manage this process with change management.
As IT professionals, we are constantly updating, modifying, and changing the devices we manage. In this video, you’ll learn how we manage this process with change management.
1.4 – Cryptographic Solutions
Public key infrastructure technologies are the foundation of our modern encryption. In this video, you’ll learn about symmetric encryption, asymmetric encryption, key pair generation, and more.
We use many different encryption techniques to keep our data secure. In this video, you’ll learn about database encryption, transport encryption, cryptographic keys, and more.
A secure key exchange method is critical for real-time encryption. In this video, you’ll learn how a symmetric key can be derived from a public and private key pair.
Encyrption technologies provide secure key storage, cryptographic functions, and data privacy. In this video, you’ll learn about HSMs, TPMs, secure enclave, and more.
Obfuscation can be used in IT security to hide information in unique ways. In this video, you’ll learn about steganography, tokenization, and data masking.
The hashing process can provide integrity, authentication, and non-repudiation. In this video, you’ll learn how hashes are created and how to use digital signatures.
Blockchain technology is the foundation of cryptocurrency, but it can also be used for many other purposes. In this video, you’ll learn how blockchain technology works behind the scenes.
We use certificates to provide trust when accessing other devices or services. In this video, you’ll learn about digital certificates, certificate signing requests, key revocation, OCSP stapling, and more.
Section 2: Threats, Vulnerabilities, and Mitigations
2.1 – Threat Actors
There are many different types of attackers. In this video, you’ll learn about threat actors from nation states, organized crime, shadow IT, and others.
2.2 – Threat Vectors and Attack Surfaces
Attackers can use many different methods to gain access to a system. In this video, you’ll learn how messages, images, files, default credentials, and more can be used as threat vectors.
Phishing continues to be a popular method of network infiltration. In this video, you’ll learn about different phishing techniques, and I’ll demonstrate a real-world example from my email inbox.
Attackers use impersonation to make themselves appear to be someone different. In this video, you’ll learn about some of the most popular impersonation and fraud-based attacks.
If can attacker can’t get into your network, then they’ll wait for you to come out. In this video, you’ll learn how watering hole attacks can be used to attack a company outside of their own network.
Attackers use many techniques to gain access to our systems. In this video, you’ll learn about misinformation campaigns and brand impersonation.
2.3 – Types of Vulnerabilities
Attackers can manipulate information in RAM to gain elevated access. In this video, you’ll learn how memory and DLL injections are used in an attack.
A poorly written application can be a useful vector for an attacker. In this video, you’ll learn how buffer overflows can be used to gain access to a remote system.
Most applications perform multiple transactions and processes at the same time. In this video, you’ll learn how attackers can take advantage of this characteristic with a race condition.
Many operating systems and applications perform automated updates. In this video, you’ll learn how attackers can use this feature to gain access to our systems.
Our operating systems can contain numerous vulnerabilities. In this video, you’ll learn how attackers use these vulnerabilities and how to protect your systems from unwanted intrusion.
Code injection is a relatively easy attack vector to exploit. In this video, you’ll learn about SQL injections and how they are used by attackers to gain access to our data.
Attackers can often use our browsers against us. In this video, you’ll learn how a browser vulnerability can provide an attacker with access to a third-party website.
Our hardware can also be a useful attack vector for an attacker. In this video, you’ll learn how firmware, end-of-life announcements, and legacy platforms can potentially put our data at risk.
A virtual machine manager can be a useful starting point for an attacker. In this video, you’ll learn how VM escapes and resource reuse can be maliciously used by an attacker.
An application in the cloud is susceptible to many different attack types. In this video, you’ll learn how denial of service, authentication bypass, directory traversal, and other attacks can be used against our cloud-based applications.
Some attacks come in through the front door. In this video, you’ll learn how the supply chain can be used as an attack vector against our organizations.
Some of the most common vulnerabilities are those we create ourselves. In this video, you’ll learn many different ways that misconfigurations can weaken the security of our networks.
Our mobile devices can be used by attackers to gain access to our networks and data. In this video, you’ll learn about jailbreaking, rooting, and sideloading.
An attack can sometimes take us by surprise. In this video, you’ll learn about zero-day attacks and how to prepare and respond to these attacks.
2.4 – Indicators of Malicious Activity
Malware is a significant security concern on our modern networks. In this video, you’ll learn how malware and ransomware is used in cybersecurity attacks.
Viruses and worms can be used to gain access to our systems. In this video, you’ll learn about the differences between viruses and worms, and how fileless viruses can attack from a system’s RAM.
Some malware is designed to track monitor, or overwhelm your system. In this video, you’ll learn about the operation of common spyware and bloatware.
There are many other malware types than viruses or worms. In this video, you’ll learn about keyloggers, logic bombs, and rootkits.
Some attacks take advantage of vulnerabilities in our physical world. In this video, you’ll learn about brute force attacks, RFID cloning, and environmental attacks.
An attacker may only be interested in disabling services on your network. In this video, you’ll learn about many different forms of denial of service attacks.
Our DNS services are critical components on our networks, and attackers can use these services as attack vectors. In this video, you’ll learn about DNS spoofing, domain hijacking, and URL hijacking.
Wireless networks are susceptible to many different types of attacks. In this video, you’ll learn about deauthentication attacks, RF jamming, and more.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
An attacker often writes their own software to exploit a vulnerability. In this video, you’ll learn about malicious code and how it has been used to gain access to some of the largest networks in the world.
Our applications can be the weakest links in our security armor. In this video, you’ll learn about privilege escalation, directory traversal, and more.
Poorly implemented cryptography can often be the source of an attack. In this video, you’ll learn about downgrade attacks, SSL stripping, and hash collisions.
Our passwords are often the first and last security measure we use. In this video, you’ll learn how attackers obtain our credentials using password spraying and brute force.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
2.5 – Mitigation Techniques
Segmenting the network can provide significant security advantages. In this video, you’ll learn about access control lists, application allow lists, and more.
There are many ways to prevent or reduce the impact of a cybersecurity attack. In this video, you’ll learn about patching, encryption, monitoring, least privilege, and more.
There are many different techniques for making a system more difficult to exploit. In this video, you’ll learn about encryption, open ports, default passwords, and more.
Section 3: Security Architecture
3.1 – Architecture Models
Security in the cloud is a constant challenge. In this video, you’ll learn about infrastructure as code, serverless architectures, APIs, and more.
Cloud-based network infrastructures can provide significant security features. In this video, you’ll learn about logical segmentation and how software defined networking can be securely deployed.
New network services can introduce additional security concerns. In this video, you’ll learn about virtualization, containerization, Internet of things, embedded systems, and more.
When designing a network, there are many different considerations. In this video, you’ll learn about resilience, cost, responsiveness, scalability, and more.
3.2 – Applying Security Principles
It’s important to place services where they can be easily secured. In this video, you’ll learn about security zones, attack surfaces, and connectivity.
Intrusion prevention can be a useful method of blocking attacks against known vulnerabilities. In this video, you’ll learn about IPS failure modes, device connections, and differences between active and passive monitoring.
It can require many different network appliances to properly secure a network. In this video, you’ll learn about jump servers, application proxies, load balancing, sensors, collectors, and more.
Securing network interfaces is another important security best practice. In this video, you’ll learn about EAP, IEEE 802.1X, and more.
There are many different ways to secure network flows in real-time. In this video, you’ll learn about UTMs, NGFWs, and WAFs.
Security also includes the packets flowing across the network. In this video, you’ll learn about different VPN technologies, features of SD-WANs, and SASE solutions.
3.3 – Protecting Data
There are many types of data that need to be secured. In this video, you’ll learn about different data types, data classifications, and classifying sensitive data.
The state of data is an important security consideration. In this video, you’ll learn about data at rest, data in transit, data in use, and more.
Protecting data can take many different forms. In this video, you’ll learn about geographic restrictions, encryption, hashing, obfuscation, tokenization, and more.
3.4 – Resiliency and Recovery
It can be challenging to maintain uptime and availability of our modern networks. In this video, you’ll learn about server clustering, load balancing, site resiliency, multi-cloud systems, and more.
It’s important to match the supply of network resources to the demand. In this video, you’ll learn how people, technology, and infrastructure should be evaluated to provide the proper capacity.
A disaster recovery plan isn’t very useful if it doesn’t work. In this video, you’ll learn how organizations test their recovery plans before an actual disaster occurs.
Backups can be one of the best recovery methods when things go wrong. In this video, you’ll learn about backup frequency, encryption, snapshots, replication, and more.
Our computing systems rely on a stable power source. In this video, you’ll learn how UPS technologies and generators can be used to maintain power.
Section 4: Security Operations
4.1 – Security Techniques
The security of an application
environment should be well defined. In this video, you’ll learn about establishing, deploying, and maintaining security baselines.
No system is secure with the default configurations. In this video, you’ll learn about hardening mobile devices, servers, embedded systems, IoT devices, and more.
Many different strategies work together to provide security for wireless and mobile systems. In this video, you’ll learn about site surveys, mobile device management, BYOD, COPE, and more.
Wireless network security requires the configuration of many different options. In this video, you’ll learn about wireless encryption protocols, the AAA framework, and authentication options such as RADIUS, 802.1X, and EAP.
Application developers will follow best practices for security in their code. In this video, you’ll learn about input validation, secure cookies, code signing, sandboxing, and more.
4.2 – Asset Management
An important part of IT security is the management of hardware and software. In this video, you’ll learn best practices for the procurement process, asset tracking, media sanitization, physical destruction, and more.
4.3 – Vulnerability Management
Security researchers may use many techniques to identify vulnerabilities on a system or in software. In this video, you’ll learn about vulnerability scans, static code analyzers, and fuzzing.
To identify threats, we first must know the threats exist. In this video, you’ll learn about threat intelligence gathering techniques such as OSINT, third-parties, information sharing, the dark web, and more.
Penetration tests can simulate an attack to exploit vulnerabilities. In this video, you’ll learn about rules of engagement, the exploitation process, responsible disclosure programs, and more.
Identifying and analyzing vulnerabilities can be a relatively complex process. In this video, you’ll learn about vulnerability databases, classification, exposure factor, risk tolerance, and more.
Once a vulnerability is identified, a security professional is required to mitigate the issue. In this video, you’ll learn about patching, insurance, segmentation, compensating controls, and more.
4.4 – Security Monitoring
There are many methods for monitoring and reacting to security events. In this video, you’ll learn about log aggregation, scanning, reporting, alerting, and more.
Security administrators have many tools to help protect network resources. In this video, you’ll learn about Security Content Automation Protocol (SCAP), secure baselines, SIEMs, and more.
4.5 – Enterprise Security
Firewalls are an important part of any security protection strategy. In this video, you’ll learn about next-generation firewalls, firewall rules, screen subnets, and more.
Many filtering methods are available to protect against attacks. In this video, you’ll learn about content filtering, URL scanning, proxies, DNS filtering, and more.
Operating systems are important resources to secure. In this video, you’ll learn about Active Directory, Group Policy, and Security-Enhanced Linux (SELinux).
Encrypting network traffic is an important security best practice. In this video, you’ll learn about protocol and port selection, transport methods, and VPN tunnels.
We rely on email as one of our most common methods of communication. In this video, you’ll learn about SPF (Secure Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance).
A good offense against an attacker is to have a good defense. In this video, you’ll learn about data loss prevention, file integrity monitoring, USB blocking, and more.
The endpoint is one of the best vectors for an attacker. In this video, you’ll learn about posture assessments, health checks, EDR (Endpoint Detection and Response), and more.
4.6 – Identity and Access Management
An important aspect of security is to match the right permissions to the right people at the right time. In this video, you’ll learn about IAM (Identity and Access Management), account provisioning, permission assignments, single sign-on, and more.
There are many different ways to provide authorization, rights, and permissions. In this video, you’ll learn about least privilege, access control types, time-of-day restrictions, and more.
A username and password can be enhanced through the use of multifactor authentication. In this video, you’ll learn about something you know, something you have, something you are, and somewhere you are.
There are many ways to increase the security of a password. In this video, you’ll learn about password complexity, password managers, passwordless authentication, and more.
4.7 – Automation and Orchestration
Scripting enables automation, speed, and a more streamlined security posture. In this video, you’ll learn about automation benefits, cases for automation, and scripting consideration.
4.8 – Incident Response
When a security incident occurs, it’s important to properly address the incident. In this video, you’ll learn about preparation, isolation, recovery, and more.
The incident response process can be refined through the use of event planning. In this video, you’ll learn about tabletop exercises, simulations, root cause analysis, and more.
The data collection process is an important part of digital forensics. In this video, you’ll learn about legal hold, chain of custody, event reporting, e-discovery, and more.
4.9 – Security Data Sources
Log files can provide a comprehensive record of data flows, firewall dispositions, and many other important data points. In this video, you’ll learn about logs from firewalls, applications, endpoints, operating systems, and more.
Section 5: Security Program Management and Oversight
5.1 – Security Governance
Policies are the foundation of our security processes and procedures. In this video, you’ll learn about information security policies, acceptable use policies, business continuity, and more.
Some security parameters are administratively managed. In this video, you’ll learn about standards for password policies, access control, physical security, and more.
IT security maintains a number of procedures to ensure control of data and services. In this video, you’ll learn about change management, onboarding, offboarding, playbooks, and more.
There are many requirements associated with IT security. In this video, you’ll learn about regulatory requirements, legal issues, industry standards, and more.
The management of data is the responsibility of many individuals. In this video, you’ll learn about data owners, data controllers, data processors, and more.
5.2 – Risk Management
Risk management helps to understand the potential risks to an organization. In this video, you’ll learn about risk assessments, ad hoc assessments, and recurring assessments.
To manage risk, we have to understand the risk we carry. In this video, you’ll learn about risk assessments, risk appetite, risk tolerance, and risk registers.
We have many options with managing risk. In this video, you’ll learn about transferring risk, accepting risk, avoiding risk, and more.
A security event can have a significant impact to the organization. In this video, you’ll learn how to determine a recovery time objective, recovery point objective, mean time to repair, and mean time between failures.
5.3 – Third-party Risk
It’s often necessary to work with third-parties to mitigate risk. In this video, you’ll learn about right-to-audit clauses, supply chain analysis, vendor monitoring, and more.
Contracts and agreements are an important part of risk management. In this video, you’ll learn about service level agreements, memorandums of understanding, non-disclosure agreements, and more.
5.4 – Security Compliance
Many organizations must meet a specific standard of laws, policies, and regulations. In this video, you’ll learn about regulatory compliance, reputational damage, compliance monitoring, and more.
There are many laws and guidelines associated with the data collected by an organization. In this video, you’ll learn about legal implications associated with privacy, data responsibilities, and data inventory and retention.
5.5 – Audits and Assessments
There are many good reasons to perform ongoing technology audits. In this video, you’ll learn about internal audits, external audits, and more.
Many audits use penetration tests to gather information about a company’s security posture. In this video, you’ll learn about pentesting perspectives, reconnaissance techniques, and more.
5.6 – Security Awareness
It’s important to involve everyone in the organization when discussing security awareness. In this video, you’ll learn about phishing campaigns, anomalous behavior recognition, reporting options, and more.
User training can involve employees, management, third-parties, and other business parties. In this video, you’ll learn about training methods, security education, and more.