Define Vulnerability

By Steve Fullmer and Mike Danseglio

BUY NOW $495

Buy for Teams

Video Courses > CompTIA Security+ Certification Video Course

Module 1: CompTIA Security + Certification Requirements

–

Introduction to the Course, Quizzes and Labs
1:25

Navigating the Lab Environment
5:14

Security + Exam Objectives
3:41

Security + Exam Environment
3:41

Security + Exam Preparation
5:39

Security+ Exam Study Tips
4:15

CompTIA Continuing Education Program (Why to Register)
2:29

Department of Defense DoD 8570 Directive - Technical and Managerial Tracks
3:12

Module 2: Risk components and Terms

–

Understand Risk Components and Terms
6:38

Recognize Risk Response Categories
5:10

Determine Response Types
7:01

Understand the Risk Timeline
5:02

Recognize Alternate Terminology
5:50

Compare Risk Values
7:11

Solve ALE
5:37

Module 2: Launch Quiz

Question 2: Which description best identifies security controls?
3:11

Question 4: Your company is located in a new industrial zoned area of the city...
3:38

Question 5: As a brand new security officer, you are asked to justify funding...
3:14

Question 16: Identify each of the following attacks for their characteristics:
4:50

Module 3: Maximum Tolerable Downtime (MTD) Model

–

Maximum Tolerable Downtime (MTD) Terms
4:24

MTD Timeline
3:18

MTD Examples
3:51

Module 3: Launch Quiz

Question 6: Select all the terms associated with the model for planning responses to security events:
2:38

Question 7: Match Each of the Following Terms with their definitions:
5:06

Question 8: You work as a security officer for a call center. You need to make certain that...
3:27

Module 4: Basic Security Terms and Categories

–

Identify and Differentiate Security Concepts
6:12

Join the CIA
5:43

Can you say AAA?
4:42

Categorizing the Five Authentication Factors
6:37

Multifactoring Authentication
3:11

Least Privilege Concept
5:12

Logging, Accounting and Auditing
5:55

Attacks
8:51

Attacks vs Incidents
5:23

Business Impact Analysis
6:27

Impact Targets
7:14

Assessing Privacy
4:46

Wearing the Hats
6:54

Reconnaissance Sequence
8:53

Penetration Testing
7:53

Identify Attackers Part 1
9:37

Identify Attackers Part 2
8:08

Recognize Hacktivists
4:32

Classify Attacker Attributes
5:43

Simplify Basic Systems Attacks
7:25

Define Vulnerability
3:15

Define Social Engineering
8:27

Compare Natural vs Man Made
5:43

Define Open Source Intelligence
6:26

Define Falsehoods
5:22

Distinguish DLP
5:29

Recognize Intrusions
4:02

Compare Real to False
5:21

Manage Security
3:12

Conduct Reviews
5:12

Select Assessments
4:24

Identify Controls
5:44

Categorize Controls Part 1
6:01

Categorize Controls Part 2
4:10

Expand Control Acronyms
4:25

Monitor and Review
7:51

Module 4: Launch Quiz

Question 13: An attacker gains some knowledge of your infrastructure and some perimeter defenses while...
3:54

Question 14: Reconnaissance, sometimes called ‘attacking the castle’, follows a specific sequence. Place the steps on the left into the correct order on the right:
5:06

Question 15: Match the following attacker types with their characteristics:
5:03

Question 17: What is a common term related to information exfiltration?
1:55

Question 18: What is the difference between security assessment and vulnerability assessment?
3:25

Question 19: You choose to implement logging in your WAP. What kind of solution have you implemented?
1:57

Module 5: Defense in Depth Model

–

BitLocker System Integrity Verification
3:02

Explain the Defense in Depth Model
0:23

Layered Security Controls
2:50

Defining the Defense in Depth Model
3:17

Using the Defense in Depth Model
3:29

Module 6: Basic Data States

–

Distinguish Between Basic Data Status
0:38

Data at Rest
0:54

Data at Transit
0:58

Data in Use
1:06

Module 7: Authentication Models

–

Identify Basic Authorization Models
1:35

What is Authorization
1:24

Discretionary Access Control
5:26

Mandatory Access Control
3:32

Role-Based Access Control
5:44

Rule-Based Access Control
3:59

Understand Data Security Concepts
1:04

What is Data Security
3:39

The Process of Securing Data
2:47

Defining Data Classifications
9:16

Identifying Data Assets
5:20

Classifying Each Assets
3:29

Applying Controls to Each Asset
3:18

Destroying a Classified Assets
8:06

Module 8: Security Authorization Techniques

–

Authorizing Tokens
3:15

Modernizing Authentication
5:21

Strengthening Passwords
4:34

Lengthening Passwords
3:13

Module 8: Launch Quiz

Question 20: Which of the following is the strongest password?
2:25

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 8 - Identify and Configure Account Security Settings
6:03

DOWNLOAD LAB SCENARIO

Module 9: Common Account Management Controls

–

Permission vs Privilege
6:42

Concept of Least Privilege
4:11

Account Types
5:22

Policies: Account Policy and Password Policy
5:20

Multiple vs Shared Accounts
7:14

Managing Account Controls 1
9:16

Managing Account Controls 2
4:13

Location Based Services
5:07

Restricting Time of Day
2:56

Mandatory Vacation
5:06

Module 9: Launch Quiz

Question 21: What authentication methodology restricts access only to essential functions?
1:46

Question 23: What does the concept of mandatory vacation suggest?
2:09

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 9.1 - Restrict Employee Logon Hours
4:22

DOWNLOAD LAB SCENARIO

Video Lab Answer Key: Lab 9.2 - Verify and Manage Security Group Membership
3:14

DOWNLOAD LAB SCENARIO

Module 10: Federation Examples

–

Identifying Federation
4:21

Module 10: Launch Quiz

Question 24: Which of the following are synonyms or forms of SSO?
2:04

Module 11: Cryptographic Standards

–

Apply Cryptographic Standards
14:21

Explain Steganography
3:18

Recognize Basic Cryptographic Terms
6:18

Identify Cryptographic Design Concepts
14:06

Explain Symmetric Cryptography
5:57

Recognize Symmetric Terminology
8:28

Calculate XOR
5:51

Associate Security Goals
6:46

Relate the History of Asymmetry
8:21

Define Asymmetric Cryptography Elements
9:00

Explain Trust and Key Exchange
9:28

Introduce PKI
8:27

Recognize Session Keys and HTTPS
5:53

Describe Hashing
5:50

Salt your Hash
4:36

Stretch the Key
2:52

Identify Hash Functions
6:04

Identify Symmetric Algorithms
7:01

Identify Asymmetric Algorithm Components
9:52

Describe Certificate Based Key Exchange
6:01

List Cipher Suite Elements
5:33

Recognize Asymmetry Terms
5:10

Select Symmetric Solutions
6:17

Module 11: Launch Quiz

Question 26: Match each of the following cryptographic terms with their general meanings:
3:26

Question 28: Which of the following cryptographic approaches cannot be reversed?
1:47

Question 31: Which symmetric algorithm does not support 192 bit key size block encryption?
1:44

Question 34: Asymmetric signing, also called a digital signature, encrypts the signature message with:
2:00

Question 36: Which of the following best describes SSL/TLS?
2:47

Question 38: What is the XOR result for the following numbers: 10111001 XOR 10010111
3:05

Question 39: Select the security goals that can be met by encryption:
3:15

Question 40: Which element of security do digital certificates enhance?
2:28

Module 12: Cryptographic Attacks

–

Recognize Cryptographic Attacks
4:34

Differentiate Password Attacks
6:55

Downgrade Cryptography
5:24

Define Replay Attacks
4:56

Recognize Implementation Weakness
5:35

Module 12: Launch Quiz

Question 42: A hacker attempted to determine your password algorithm by capturing the text and hash to determine the key. What type of attack has been executed?
2:30

Question 43: A hacker targets a web server attempting to exploit a cryptographic weakness associated with the broad support for both SSL and TLS symmetric keys. What type of attack is being attempted?
3:07

Module 13: Certification Hierarchy Elements and Interactions

–

Understanding Public Key Infrastructure
4:48

Defining a Certificate
8:52

Defining a Certification Authority
5:27

Types of CA Hierarchy
3:37

Understanding the Certificate Issuance Process
4:18

Understanding Self-Signed Certificates
2:32

Identifying the Elements of a Certificate
6:45

Understanding Certificate Security Concepts
2:06

Protecting the Private Key
4:09

Identifying Common Uses for Certificates
3:25

Understanding FQDN and Wildcard Certificate Subjects
2:59

Determining Certificate Validity
12:30

Understanding Public Key Cryptographic Standards
6:23

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 13.1 - Verify Certificate Validity
3:28

DOWNLOAD LAB SCENARIO

Video Lab Answer Key: Lab 13.2 - Backup a Certificate and Private Key
4:11

DOWNLOAD LAB SCENARIO

Module 14: Kerberos Authentication Process

–

Describe Kerberos Authentication
11:11

Module 14: Launch Quiz

Question 45: Sequence the Kerberos Authentication Process in the correct order:
3:47

Module 15: Windows OS Components and Processes

–

Legacy Boot Process
4:12

Current Boot Process
5:03

Recognizing Boot Files
4:39

Windows Image File
6:02

Sideloading
5:20

Windows Navigation
5:47

Programs and Features (Control Panel)
4:19

UAC vs Administrative Rights
3:43

Administrative (Security Related) Tools
3:30

Event Viewer and Filters (Overview)
3:38

Remote Desktop and Remote Assistance
7:18

PowerShell Overview
4:07

Windows Troubleshooters
2:52

Service Manager Settings
2:24

Module 15: Launch Quiz

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 15.1 - Investigate a Possible Rootkit Infection
2:33

DOWNLOAD LAB SCENARIO

Video Lab Answer Key: Lab 15.2 - Configure Remote Desktop Security
3:06

DOWNLOAD LAB SCENARIO

Module 16: System and Software Attacks

–

Finding Attack Surface
4:07

Creating Deception - Part 1
6:27

Creating Deception - Part 2
3:22

Being Malicious
7:42

Malware Part 1
8:03

Malware Part 2
5:03

Gaining Remote Access
4:18

Blocking Access
4:28

Attacking Software
3:47

Attacking Passwords
7:53

Attacking Cryptography
8:59

Finding Doors
4:09

Attacking Applications Part 1
4:51

Attacking Applications Part 2
7:40

Module 16: Launch Quiz

Question 53: Which of the following mechanisms do not specifically block system access?
2:05

Module 17: System Controls

–

Securing Systems
5:05

TCB
2:35

Securing Hardware and Firmware Part 1
6:09

Securing Hardware and Firmware Part 2
6:40

Power-On Accounting
2:53

Additional Hardware Controls
5:58

Baselining
5:26

Hardening
7:44

Patching and Updating
6:55

Blacklisting and Whitelisting
3:58

Centralizing Security
6:29

LDAP Variants
5:40

Group Policy
7:07

Security Policy
2:20

Logging
3:03

Preventing DLP
5:27

Securing Peripherals
6:41

Module 17: Launch Quiz

Question 56: Which are the elements of TCB?
2:37

Question 58: Which of the following are considered hardware controls?
3:00

Question 59: What might you use to baseline Ubuntu?
3:07

Question 61: Match the following corrections to their definitions:
3:59

Question 63: Which of following represents the top-down hierarchy of directory services?
2:43

Question 64: What ports need to logged for the purpose of auditing LDAP?
1:57

Question 66: Which solution is the weakest form of preparation for full system recovery?
2:53

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 17.1 - Compare a Security Baseline Against an Existing Computer
5:32

DOWNLOAD LAB SCENARIO

Video Lab Answer Key: Lab 17.2 - Restrict Applications to Specific User Groups
8:05

DOWNLOAD LAB SCENARIO

Module 18: New Software Development Models

–

Predictive (Waterfall/Cascade) vs Adaptive (Agile)
6:07

Development Life Cycle
3:20

DevOps – Infrastructure as Code (ITIL)
3:19

Versioning and Configuration Management
4:43

Module 18: Launch Quiz

Question 68: Which acronym matches DevOps?
2:03

Module 19: Secure Coding Techniques

–

Secure Code Input
4:59

Concealing Code
4:34

Securing Code
3:40

Selecting Languages
4:18

Testing Code
6:17

Module 19: Launch Quiz

Module 20: Embedded Systems and Special Considerations

–

SCADA
2:15

Recognizing Microcontrollers
2:42

Real-Time OS
1:45

Smart Devices
1:55

IOT
1:52

Camera Systems (PoE)
1:34

Module 20: Launch Quiz

Question 71: Which is not a concern associated with microcontrollers?
2:50

Question 72: What is the primary security concern of smart devices?
3:26

Module 21: Virtualization

–

Hypervisors
4:28

Securing Virtualization
4:14

Virtual Local Area Networks (VLAN)
2:34

Module 21: Launch Quiz

Question 75: Which of the following are common security concerns with virtualization?
4:43

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 21 - Restrict Network Access of Virtual Machines
7:03

DOWNLOAD LAB SCENARIO

Module 22: Basic Network Terminology

–

Internet History
2:50

The OSI Model
2:12

Layering the Network (Layers 1-3)
3:11

Layer 4
4:14

OSI Layer 5
2:09

OSI Layers 6 and 7
3:06

Understanding Layer 3 and IPv4
5:28

Converting Binary to Dot Decimal
5:32

Recognizing IPv4 Classes
7:30

Customizing Subnets CIDR
3:50

Distinguishing Private and Public Subnets
4:54

Remembering APIPA
4:48

Recognizing IPv6
5:10

Subnetting IPv6
5:26

Shorthanding IPv6
5:48

Generating a Packet
3:49

Converting Host Names to IP Addresses
5:37

Module 22: Launch Quiz

Question 77: List the layers of the OSI model in transmit order:
1:59

Question 79: You are asked to look at the design and configuration of your switched and routed networks. In the process you discover...
3:15

Question 80: Which of the following is an invalid IP address?
3:10

Question 82: What does an IP address of f00d:abcd:1000:0::abcd:20026 suggest?
5:04

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 22 - Document TCP/IP Configuration
2:19

DOWNLOAD LAB SCENARIO

Module 23: Network Attack Surfaces

–

Identify Network Attack Surfaces
4:33

MAC Spoofing
5:55

ARP Poisoning
4:07

DNS Poisoning
4:00

Telephony Weakness
6:52

Time Synchronization
4:01

Rich Site Summary
3:59

Module 23: Launch Quiz

Module 24: Ports Most Susceptible to Attack

–

Well Known Ports
5:03

Exam Ports
3:36

DNS Ports
2:50

DHCP
2:26

HTTP/HTTPS
3:38

SSH
5:44

SNMP
3:09

RTP/RTPS
3:54

File Transfer Protocols (FTP)
5:23

Email Protocols SMTP, POP, IMAP, MIME and SMIME
7:20

IPSEC Ports
5:03

Module 24: Launch Quiz

Question 84: IP Spoofing is a form of redirection attack. How would you classify MAC spoofing?
1:42

Question 87: SSH secures a well-known, unsecured protocol. What port does this unsecured protocol use?
1:54

Module 25: VPN and Remote Access Methods

–

VPN
4:16

Split Tunnel VPN
3:22

VPN Concentrator
4:42

Microsoft Direct Access Server DAS/DAC
5:44

Remote Desktop
5:08

IPSEC
4:19

Tunneling: PPP, PPTP, L2TP, SSTP Differentiation
6:16

Module 25: Launch Quiz

Question 89: What is the value of selecting a VPN concentrator versus a VPN server?
2:52

Module 26: Common Password Elements

–

One-Time Passwords
4:38

NTLM
3:26

PAP/CHAP
5:32

AAA Servers
6:58

Module 26: Launch Quiz

Question 90: Which of the following is considered the strongest password mechanism?
1:58

Module 27: Network Attacks

–

Identify Network Attacks
2:43

Connecting Fully
3:41

Eavesdropping and Sniffing
5:12

Man in the Middle
4:56

Replay Attacks
2:21

Denial of Service
5:40

Amplification Attack
2:34

Hijacking
6:13

Pass the Hash
3:37

Identify Network Attacks
3:12

How a DoS Attack Works
10:30

Identifying a Stealth Scan
5:02

Identifying a Port Scan
4:04

Identifying a Full Connect Scan and Banner Grabbing
6:31

Identifying a Network Eavesdropping Attack
5:06

Identifying a Man-in-the-Middle Attack
7:02

Identifying a Network Replay Attack
4:07

Identifying an Amplification Attack
4:43

Identifying a Hijacking Attack
2:02

Identifying a Pass the Hash Attack
4:40

Module 27: Launch Quiz

Question 51: Which of the following are DOS attacks?
3:01

Question 91: Banner Grabbing is a component of?
2:31

Question 93: Match the following hijacking variants with their symptoms or approach:
2:45

Question 94: Pass-the-Hash is an extremely powerful attack method since no cracking or hacking experience is needed...
3:14

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 27 - Verify DNS Resolution Accuracy
1:47

DOWNLOAD LAB SCENARIO

Module 28: Wireless Attack Surfaces

–

Identify Wireless Attack Surfaces
10:02

Wireless Access Point as SSID
4:19

SSID Attack Surface
5:13

MAC Addresses as Attack Surface
5:46

Security using WEP, WPA, WPA2
4:15

WPS Vulnerability
3:40

Targeting Bluetooth
5:14

Attacking Cellular, Microwave, and Satellite
8:06

NFC and RFID Weakness
4:58

Squishing the ANT
4:32

Triangulating
9:55

Mobile Connectivity Issues
2:40

Module 28: Launch Quiz

Question 95: Which of the following are common Wireless attack surfaces?
3:51

Module 29: Wireless Attacks

–

Identify Wireless Attacks
4:38

Identify Wi-Fi Evil Twins
2:33

Anticipate Jamming
3:54

Blocking WPS
8:33

Compare Blue Jacking and Blue Snarfing
4:44

Participating in War Driving, Walking and Chalking
7:31

Comparing Antennae
9:06

Attacking WEP and WPA
4:47

Replaying Wireless Sessions
3:40

Disassociating a Wireless Session
3:46

Module 29: Launch Quiz

Question 98: As you perform a security survey for WAP placement at your facility, you discover an SSID of NCC-1701, although all of your SSIDs should be NCC1701. What has happened?
2:13

Module 30: Basic Network Controls

–

Securing Switches and Routers with SSH
6:34

DMZ
3:42

Isolating Networks
5:50

Firewalls (Implicit Deny)
3:47

Windows Firewall
4:05

Windows Firewall with Advanced Security Part 1
3:55

Windows Firewall with Advanced Security Part 2
4:02

Windows Firewall with Advanced Security Part 3
3:45

Proxy Server
3:17

Load Balancing
3:21

Load Balancing Part 2
3:51

Honeypots
2:51

Unified Threat Management
2:36

Port Forwarding, Triggering and Redirection
3:49

MAC Filtering
2:17

Concealing the SSID
1:26

Captive Portals
1:11

Router ACLs Example
5:27

Understanding Network Access Control
7:03

Understanding Network Authentication Concepts
6:59

Module 30: Launch Quiz

Question 99: Management requests that you implement a simple network intrusion detection device and have it operational by the coming weekend.
2:57

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 30 - Enable ICMP Responses on All Computers
5:56

DOWNLOAD LAB SCENARIO

Module 31: Site Survey and Recommend Facility Device Placement

–

Conducting Surveys
5:01

Wifi Site Survey 1
5:19

Wifi Site Survey 2
4:51

Conduct a Site Survey
9:50

Physical Site Survey 1
4:40

Physical Site Survey 1: Solution
5:32

Physical Site Survey 2
4:42

Physical Site Survey 2: Solution
4:17

Module 32: Mobile Device Security Controls

–

Managing Mobile Devices
5:08

Connecting with Mobility
4:13

Securing Access
5:10

Encrypting Drives
2:49

Geolocation and Geofencing
5:06

Sideloading
3:17

Push Notifications
3:10

Other Considerations
3:33

Module 33: Unique Mobile Device Issues

–

Wiping and Resetting Remotely
7:42

Sideloading Applications
5:22

Mobile Firmware
5:24

Carrier Unlocking
5:15

Rooting and Jailbreaking
4:00

Camera and Microphone Capture
5:11

Geotagging
2:09

Special Considerations
5:13

Module 33: Launch Quiz

Module 34: Cloud Environments and Controls

–

Identifying Cloud Categories
3:38

Characterizing Cloud Services - Private, Public, Community and Hybrid
3:51

Provisioning Storage - DAS, NAS, SAN and Cloud
4:40

Module 35: Identify and Use Basic Security Tools

–

Identify and Use Basic Security Tools
1:09

Kali Linux
4:44

Penetration Test Categories
5:23

Understanding Exploitation Frameworks
5:29

Use Network Scanners and Enumerators
10:03

Understanding and Using Port Scanners
9:31

Understanding and Using Packet Sniffers
5:20

Understanding and Using Protocol Analyzers
9:14

Understanding and Using Password Crackers
11:40

LAUNCH LAB ENVIRONMENT

Video Lab Answer Key: Lab 35.1 - Determine the Open Network Ports and Protocols In Use on a Computer
3:44

DOWNLOAD LAB SCENARIO

Video Lab Answer Key: Lab 35.2 - Verify DHCP Operations
8:51

DOWNLOAD LAB SCENARIO

Module 36: Operational Security Frameworks

–

Frameworks: NIST 800, COBIT 5, ITIL, ISO/IEC 27001
4:38

Configuration Guidelines
3:05

Compliance
3:34

Security Policies
6:53

Personnel Management
4:17

Training and Awareness Cycle
4:48

Business Agreements: SLA, BPA, MOU, ISA
4:18

High Availability
3:58

Module 36: Launch Quiz

Question 102: How many minutes per month can a system be offline for maintenance at 99.9% availability?
2:38

Module 37: Physical Security Elements

–

Categorizing Physical Areas
5:31

Categorizing Physical Controls
5:18

Managing Locks and Keys
5:53

Understanding Locks
5:59

Controlling Access and Videos
6:50

Deterrent Controls
5:35

Additional Physical Controls
6:25

Detection and Prevention
6:49

Environmental Exposure
3:05

Environmental Controls
4:52

Stakeholder Safety
4:28

Module 38: Specialized Physical Controls

–

Fire Extinguisher Classes
5:26

Fail Safe - Open and Closed
5:16

Man Traps
5:12

Power on Password/Accounts
3:02

RAID Part 1
6:53

RAID Part 2
5:16

Nested RAID
5:15

RAID Example Exercise
6:43

Module 39: Human Factor Issues

–

Humanity
5:17

Social Engineering
3:41

Social Engineering Vectors
7:48

Impersonating
7:06

Physical Exploits
6:41

Social Engineering Controls
5:38

Module 39: Launch Quiz

Question 49: Match the following deception attacks with their descriptions:
3:45

Module 40: Forensic Practices

–

Forensic Process
4:51

Forensic Checklists
2:53

Forensic Checklists Part 2
2:55

Forensic Checklists Part 3
3:09

Incident Response
4:21

Testing Responses
3:02

Reporting Incidents
1:57

Computer Forensics
4:53

Forensic Capture
7:52

Volatility
3:10

Chain of Custody
1:37

Module 41: Organizational Recovery Programs

–

Plan Business Continuity
5:23

Planning Contingency
3:48

Failing Over
3:29

Alternate Business Practice
2:35

Testing Exercises
3:50

Managing Disaster Recovery
2:30

Sequencing Disaster Recovery
4:12

Planning Disaster Recovery
3:17

Identifying the Recovery Team
4:21

Sequencing the Restoration
4:04

Designing Recovery Sites
3:58

Securing Recovery
4:38

Scheduling Backups
5:07

After-Action Reporting
2:56

Module 41: Launch Quiz

Question 104: Which of the following verification techniques involves simulating a component failure and disaster response?
2:37

View Entire Course