IT Security/Collection

IT Security[edit | edit source]

Learning Guide[edit | edit source]

This learning guide supports the Wikiversity course IT Security, available at http://en.wikiversity.org/wiki/IT_Security.

Overview[edit | edit source]

IT Security/Collection/Sidebar IT Security is an information technology topic that includes network security, operational security, threats and vulnerabilities, host security, access control, and cryptography.

This course comprises 6 sections and 33 lessons covering IT security. Each lesson includes a combination of Wikipedia readings, YouTube videos, and hands-on learning activities. The course also assists learners in preparing for CompTIA Security+ Certification.

Preparation[edit | edit source]

This is a fourth-semester, college-level course. Learners should already be familiar with introductory computer concepts, computer support concepts, and computer networking concepts.

Lessons[edit | edit source]

• Network Security
  • Devices
  • Administration
  • Design
  • Protocols
  • Wireless
• Operational Security
  • Risk
  • Systems Integration
  • Risk Mitigation
  • Forensics
  • Incident Response
  • Training
  • Physical Security
  • Best Practices
  • Controls
• Threats
  • Malware
  • Attacks
  • Social Engineering
  • Wireless Attacks
  • Application Attacks
  • Threat Mitigation
  • Tools
  • Testing
• Host Security
  • Application
  • Mobile
  • Host
  • Data
  • Environmental Mitigation
• Access Control
  • Authentication Services
  • Authentication and Authorization
  • Account Management
• Cryptography
  • Concepts
  • Methods
  • PKI

See Also[edit | edit source]

• Computer Skills
• Internet and Computing Core Certification (IC³)
• IT Fundamentals
• Computer Support
• Computer Networks
• Exam 98-367: Security Fundamentals
• Computer Security
• Wikibooks: Security+ Certification

External Links[edit | edit source]

• Cybrary: Free CompTIA Security+ Course

References[edit | edit source]

• CompTIA: Security+ Certification Exam Objectives - Exam SY0-401
• CompTIA: Security+ Certification Exam Objectives - Exam SY0-501
• Ciampa, Mark (2015). CompTIA Security+ Guide to Network Security Fundamentals, 5th Edition. Cengage. ISBN 9781305093911

Network Security[edit | edit source]

This lesson covers network device security.

Objectives and Skills[edit | edit source]

Objectives and skills for the network devices portion of Security+ certification include:^[1]

Implement security configuration parameters on network devices and other technologies.

• Firewalls
• Routers
• Switches
• Load Balancers
• Proxies
• Web security gateways
• VPN concentrators
• NIDS and NIPS
  • Behavior based
  • Signature based
  • Anomaly based
  • Heuristic
• Protocol analyzers
• Spam filter
• UTM security appliances
  • URL filter
  • Content inspection
  • Malware inspection
• Web application firewall vs. network firewall
• Application aware devices
  • Firewalls
  • IPS
  • IDS
  • Proxies

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Routers, Firewalls, and Switches - CompTIA Security+ SY0-401: 1.1
2. YouTube: Load Balancers and Proxies - CompTIA Security+ SY0-401: 1.1
3. YouTube: Web Security Gateways and UTMs - CompTIA Security+ SY0-401: 1.1
4. YouTube: VPN Concentrators - CompTIA Security+ SY0-401: 1.1
5. YouTube: Application-Aware Security Devices - CompTIA Security+ SY0-401: 1.1

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers network administration security.

Objectives and Skills[edit | edit source]

Objectives and skills for the network administration portion of Security+ certification include:^[1]

Given a scenario, use secure network administration principles.

• Rule-based management
• Firewall rules
• VLAN management
• Secure router configuration
• Access control lists
• Port Security
• 802.1x
• Flood guards
• Loop protection
• Implicit deny
• Network separation
• Log analysis
• Unified Threat Management

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Firewall Rules - CompTIA Security+ SY0-401: 1.2
2. YouTube: VLAN Management - CompTIA Security+ SY0-401: 1.2
3. YouTube: Spanning Tree Protocol and Loop Protection - CompTIA Security+ SY0-401: 1.2
4. YouTube: Secure Router Configuration - CompTIA Security+ SY0-401: 1.2
5. YouTube: Access Control Lists - CompTIA Security+ SY0-401: 1.2
6. YouTube: Port Security and 802.1X - CompTIA Security+ SY0-401: 1.2
7. YouTube: Flood Guards - CompTIA Security+ SY0-401: 1.2
8. YouTube: Network Separation - CompTIA Security+ SY0-401: 1.2
9. YouTube: Log Analysis - CompTIA Security+ SY0-401: 1.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers network design security.

Objectives and Skills[edit | edit source]

Objectives and skills for the network design portion of Security+ certification include:^[1]

Explain network design elements and components.

• DMZ
• Subnetting
• VLAN
• NAT
• Remote Access
• Telephony
• NAC
• Virtualization
• Cloud Computing
  • Platform as a Service
  • Software as a Service
  • Infrastructure as a Service
  • Private
  • Public
  • Hybrid
  • Community
• Layered security / Defense in depth

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: DMZ - CompTIA Security+ SY0-401: 1.3
2. YouTube: Subnetting the Network - CompTIA Security+ SY0-401: 1.3
3. YouTube: VLANs - CompTIA Security+ SY0-401: 1.3
4. YouTube: Network Address Translation - CompTIA Security+ SY0-401: 1.3
5. YouTube: Remote Access - CompTIA Security+ SY0-401: 1.3
6. YouTube: Telephony - CompTIA Security+ SY0-401: 1.3
7. YouTube: Network Access Control - CompTIA Security+ SY0-401: 1.3
8. YouTube: Virtualization - CompTIA Security+ SY0-401: 1.3
9. YouTube: Cloud Computing - CompTIA Security+ SY0-401: 1.3
10. YouTube: Defense in Depth - CompTIA Security+ SY0-401: 1.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers network protocols security.

Objectives and Skills[edit | edit source]

Objectives and skills for the network protocols portion of Security+ certification include:^[1]

Given a scenario, implement common protocols and services.

• Protocols
  • IPSec
  • SNMP
  • SSH
  • DNS
  • TLS
  • SSL
  • TCP/IP
  • FTPS
  • HTTPS
  • SCP
  • ICMP
  • IPv4
  • IPv6
  • iSCSI
  • Fibre Channel
  • FCoE
  • FTP
  • SFTP
  • TFTP
  • TELNET
  • HTTP
  • NetBIOS
  • NTP
• Ports
  • 21
  • 22
  • 25
  • 53
  • 80
  • 110
  • 123
  • 139
  • 143
  • 443
  • 3389
• OSI relevance

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: IPv4 and IPv6 - CompTIA Security+ SY0-401: 1.4
2. YouTube: IPsec - CompTIA Security+ SY0-401: 1.4
3. YouTube: ICMP and SNMP - CompTIA Security+ SY0-401: 1.4
4. YouTube: Telnet and SSH - CompTIA Security+ SY0-401: 1.4
5. YouTube: Transferring Files - CompTIA Security+ SY0-401: 1.4
6. YouTube: DNS - CompTIA Security+ SY0-401: 1.4
7. YouTube: HTTPS and TLS/SSL - CompTIA Security+ SY0-401: 1.4
8. YouTube: Storage Area Networking - CompTIA Security+ SY0-401: 1.4
9. YouTube: NetBIOS - CompTIA Security+ SY0-401: 1.4
10. YouTube: Common Network Ports - CompTIA Security+ SY0-401: 1.4
11. YouTube: Protocols and the OSI Model - CompTIA Security+ SY0-401: 1.4

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers wireless network security.

Objectives and Skills[edit | edit source]

Objectives and skills for the wireless network portion of Security+ certification include:^[1]

Given a scenario, troubleshoot security issues related to wireless networking.

• WPA
• WPA2
• WEP
• EAP
• PEAP
• LEAP
• MAC filter
• Disable SSID broadcast
• TKIP
• CCMP
• Antenna Placement
• Power level controls
• Captive portals
• Antenna types
• Site surveys
• VPN (over open wireless)

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Wireless Encryption - CompTIA Security+ SY0-401: 1.5
2. YouTube: EAP, LEAP, and PEAP - CompTIA Security+ SY0-401: 1.5
3. YouTube: MAC Address Filtering - CompTIA Security+ SY0-401: 1.5
4. YouTube: SSID Management - CompTIA Security+ SY0-401: 1.5
5. YouTube: TKIP and CCMP - CompTIA Security+ SY0-401: 1.5
6. YouTube: Wireless Power and Antenna Placement - CompTIA Security+ SY0-401: 1.5
7. YouTube: Captive Portals - CompTIA Security+ SY0-401: 1.5
8. YouTube: Antenna Types - CompTIA Security+ SY0-401: 1.5
9. YouTube: Site Surveys - CompTIA Security+ SY0-401: 1.5
10. YouTube: VPN Over Open Wireless Networks - CompTIA Security+ SY0-401: 1.5

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Operational Security[edit | edit source]

This lesson covers risk concepts.

Objectives and Skills[edit | edit source]

Objectives and skills for the risk concepts portion of Security+ certification include:^[1]

Explain the importance of risk related concepts.

• Control types
  • Technical
  • Management
  • Operational
• False positives
• False negatives
• Importance of policies in reducing risk
  • Privacy policy
  • Acceptable use
  • Security policy
  • Mandatory vacations
  • Job rotation
  • Separation of duties
  • Least privilege
• Risk calculation
  • Likelihood
  • ALE
  • Impact
  • SLE
  • ARO
  • MTTR
  • MTTF
  • MTBF
• Quantitative vs. qualitative
• Vulnerabilities
• Threat vectors
• Probability / threat likelihood
• Risk-avoidance, transference, acceptance, mitigation, deterrence
• Risks associated with Cloud Computing and Virtualization
• Recovery time objective and recovery point objective

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
2. YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
3. YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
4. YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
5. YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
6. YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
7. YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
8. YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
9. YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers systems integration security.

Objectives and Skills[edit | edit source]

Objectives and skills for the systems integration portion of Security+ certification include:^[1]

Summarize the security implications of integrating systems and data with third parties.

• On-boarding/off-boarding business partners
• Social media networks and/or applications
• Interoperability agreements
  • SLA
  • BPA
  • MOU
  • ISA
• Privacy considerations
• Risk awareness
• Unauthorized data sharing
• Data ownership
• Data backups
• Follow security policy and procedures
• Review agreement requirements to verify compliance and performance standards

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: On-boarding and Off-boarding Business Partners - CompTIA Security+ SY0-401: 2.2
2. YouTube: Security Implications of Social Media - CompTIA Security+ SY0-401: 2.2
3. YouTube: Interoperability Agreements - CompTIA Security+ SY0-401: 2.2
4. YouTube: Privacy Considerations and Data Ownership with Third Parties - CompTIA Security+ SY0-401: 2.2
5. YouTube: Risk Awareness with Third Parties - CompTIA Security+ SY0-401: 2.2
6. YouTube: Data Ownership and Unauthorized Data Sharing - CompTIA Security+ SY0-401: 2.2
7. YouTube: Data Backups with Third Parties - CompTIA Security+ SY0-401: 2.2
8. YouTube: Security Policy Considerations with Third Parties - CompTIA Security+ SY0-401: 2.2
9. YouTube: Third-Party Security Compliance - CompTIA Security+ SY0-401: 2.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers risk mitigation.

Objectives and Skills[edit | edit source]

Objectives and skills for the risk mitigation portion of Security+ certification include:^[1]

Given a scenario, implement appropriate risk mitigation strategies.

• Change management
• Incident management
• User rights and permissions reviews
• Perform routine audits
• Enforce policies and procedures to prevent data loss or theft
• Enforce technology controls
  • Data Loss Prevention (DLP)

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Change Management - CompTIA Security+ SY0-401: 2.3
2. YouTube: Incident Management - CompTIA Security+ SY0-401: 2.3
3. YouTube: User Rights and Permissions - CompTIA Security+ SY0-401: 2.3
4. YouTube: Security Audits - CompTIA Security+ SY0-401: 2.3
5. YouTube: Data Loss and Theft Policies - CompTIA Security+ SY0-401: 2.3
6. YouTube: Data Loss Prevention - CompTIA Security+ SY0-401: 2.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers forensics procedures.

Objectives and Skills[edit | edit source]

Objectives and skills for the forensics procedures portion of Security+ certification include:^[1]

Given a scenario, implement basic forensic procedures.

• Order of volatility
• Capture system image
• Network traffic and logs
• Capture video
• Record time offset
• Take hashes
• Screenshots
• Witnesses
• Track man hours and expense
• Chain of custody
• Big Data analysis

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Order of Volatility - CompTIA Security+ SY0-401: 2.4
2. YouTube: Capturing System Images - CompTIA Security+ SY0-401: 2.4
3. YouTube: Capturing Network Traffic and Logs - CompTIA Security+ SY0-401: 2.4
4. YouTube: Capturing Video - CompTIA Security+ SY0-401: 2.4
5. YouTube: Recording Time Offsets - CompTIA Security+ SY0-401: 2.4
6. YouTube: Taking Hashes - CompTIA Security+ SY0-401: 2.4
7. YouTube: Taking Screenshots - CompTIA Security+ SY0-401: 2.4
8. YouTube: Interviewing Witnesses - CompTIA Security+ SY0-401: 2.4
9. YouTube: Tracking Man-Hours and Expenses - CompTIA Security+ SY0-401: 2.4
10. YouTube: Chain of Custody - CompTIA Security+ SY0-401: 2.4
11. YouTube: Big Data Analysis - CompTIA Security+ SY0-401: 2.4

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers incident response.

Objectives and Skills[edit | edit source]

Objectives and skills for the incident response portion of Security+ certification include:^[1]

Summarize common incident response procedures.

• Preparation
• Incident identification
• Escalation and notification
• Mitigation steps
• Lessons learned
• Reporting
• Recovery/reconstitution procedures
• First responder
• Incident isolation
  • Quarantine
  • Device removal
• Data breach
• Damage and loss control

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Preparing for an Incident - CompTIA Security+ SY0-401: 2.5
2. YouTube: Incident Identification - CompTIA Security+ SY0-401: 2.5
3. YouTube: Incident Escalation and Notification - CompTIA Security+ SY0-401: 2.5
4. YouTube: Incident Mitigation and Isolation - CompTIA Security+ SY0-401: 2.5
5. YouTube: Lessons Learned from Incidents - CompTIA Security+ SY0-401: 2.5
6. YouTube: Incident Reporting - CompTIA Security+ SY0-401: 2.5
7. YouTube: Incident Recovery and Reconstitution - CompTIA Security+ SY0-401: 2.5
8. YouTube: First Responder - CompTIA Security+ SY0-401: 2.5
9. YouTube: Data Breaches - CompTIA Security+ SY0-401: 2.5
10. YouTube: Incident Damage and Loss Control - CompTIA Security+ SY0-401: 2.5

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers security training.

Objectives and Skills[edit | edit source]

Objectives and skills for the security training portion of Security+ certification include:^[1]

Explain the importance of security related awareness and training.

• Security policy training and procedures
• Role-based training
• Personally identifiable information
• Information classification
  • High
  • Medium
  • Low
  • Confidential
  • Private
  • Public
• Data labeling, handling and disposal
• Compliance with laws, best practices and standards
• User habits
  • Password behaviors
  • Data handling
  • Clean desk policies
  • Prevent tailgating
  • Personally owned devices
• New threats and new security trends/alerts
  • New viruses
  • Phishing attacks
  • Zero-day exploits
• Use of social networking and P2P
• Follow up and gather training metrics to validate compliance and security posture

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Security Policy Training and Procedures - CompTIA Security+ SY0-401: 2.6
2. YouTube: Personally Identifiable Information - CompTIA Security+ SY0-401: 2.6
3. YouTube: Information Classification - CompTIA Security+ SY0-401: 2.6
4. YouTube: Data Labeling, Handling, and Disposal - CompTIA Security+ SY0-401: 2.6
5. YouTube: Compliance Best-Practices and Standards - CompTIA Security+ SY0-401: 2.6
6. YouTube: User Habits - CompTIA Security+ SY0-401: 2.6
7. YouTube: New Threats and Security Trends - CompTIA Security+ SY0-401: 2.6
8. YouTube: Social Networking and Peer-to-Peer Security - CompTIA Security+ SY0-401: 2.6
9. YouTube: Gathering Training Metrics - CompTIA Security+ SY0-401: 2.6

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers physical security.

Objectives and Skills[edit | edit source]

Objectives and skills for the physical security portion of Security+ certification include:^[1]

Compare and contrast physical security and environmental controls.

• Environmental controls
  • HVAC
  • Fire suppression
  • EMI shielding
  • Hot and cold aisles
  • Environmental monitoring
  • Temperature and humidity controls
• Physical security
  • Hardware locks
  • Mantraps
  • Video Surveillance
  • Fencing
  • Proximity readers
  • Access list
  • Proper lighting
  • Signs
  • Guards
  • Barricades
  • Biometrics
  • Protected distribution (cabling)
  • Alarms
  • Motion detection
• Control types
  • Deterrent
  • Preventive
  • Detective
  • Compensating
  • Technical
  • Administrative

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: HVAC, Temperature, and Humidity Controls - CompTIA Security+ SY0-401: 2.7
2. YouTube: Fire Suppression - CompTIA Security+ SY0-401: 2.7
3. YouTube: EMI Shielding - CompTIA Security+ SY0-401: 2.7
4. YouTube: Hot and Cold Aisles - CompTIA Security+ SY0-401: 2.7
5. YouTube: Environmental Monitoring - CompTIA Security+ SY0-401: 2.7
6. YouTube: Physical Security - CompTIA Security+ SY0-401: 2.7
7. YouTube: Physical Security Control Types - CompTIA Security+ SY0-401: 2.7

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers risk management best practices.

Objectives and Skills[edit | edit source]

Objectives and skills for the risk management best practies portion of Security+ certification include:^[1]

Summarize risk management best practices.

• Business continuity concepts
  • Business impact analysis
  • Identification of critical systems and components
  • Removing single points of failure
  • Business continuity planning and testing
  • Risk assessment
  • Continuity of operations
  • Disaster recovery
  • IT contingency planning
  • Succession planning
  • High availability
  • Redundancy
  • Tabletop exercises
• Fault tolerance
  • Hardware
  • RAID: software (mdadm) or hardware
  • Clustering
  • Load balancing
  • Servers
• Disaster recovery concepts
  • Backup plans/policies
  • Backup execution/frequency
  • Cold site
  • Hot site
  • Warm site

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Business Impact Analysis - CompTIA Security+ SY0-401: 2.8
2. YouTube: Critical Systems and Components - CompTIA Security+ SY0-401: 2.8
3. YouTube: Redundancy and Single Points of Failure - CompTIA Security+ SY0-401: 2.8
4. YouTube: Continuity of Operations - CompTIA Security+ SY0-401: 2.8
5. YouTube: Disaster Recovery Planning and Testing - CompTIA Security+ SY0-401: 2.8
6. YouTube: IT Contingency Planning - CompTIA Security+ SY0-401: 2.8
7. YouTube: Succession Planning - CompTIA Security+ SY0-401: 2.8
8. YouTube: Tabletop Exercises - CompTIA Security+ SY0-401: 2.8
9. YouTube: Redundancy, Fault Tolerance, and High Availability - CompTIA Security+ SY0-401: 2.8
10. YouTube: Cold Site, Hot Site, and Warm Site - CompTIA Security+ SY0-401: 2.8

Activities[edit | edit source]

See Also[edit | edit source]

• Gov.au: Essential Eight Maturity Model

References[edit | edit source]

This lesson covers security controls.

Objectives and Skills[edit | edit source]

Objectives and skills for the security controls portion of Security+ certification include:^[1]

Given a scenario, select the appropriate control to meet the goals of security.

• Confidentiality
  • Encryption
  • Access controls
  • Steganography
• Integrity
  • Hashing
  • Digital signatures
  • Certificates
  • Non-repudiation
• Availability
  • Redundancy
  • Fault tolerance
  • Patching
• Safety
  • Fencing
  • Lighting
  • Locks
  • CCTV
  • Escape plans
  • Drills
  • Escape routes
  • Testing controls

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Confidentiality, Integrity, Availability, and Safety - CompTIA Security+ SY0-401: 2.9

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Threats[edit | edit source]

This lesson covers malware.

Objectives and Skills[edit | edit source]

Objectives and skills for the malware portion of Security+ certification include:^[1]

Explain types of malware.

• Adware
• Virus
• Spyware
• Trojan
• Rootkits
• Backdoors
• Logic bomb
• Botnets
• Ransomware
• Polymorphic malware
• Armored virus

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Malware Overview - CompTIA Security+ SY0-401: 3.1
2. YouTube: Viruses and Worms - CompTIA Security+ SY0-401: 3.1
3. YouTube: Adware and Spyware - CompTIA Security+ SY0-401: 3.1
4. YouTube: Trojans and Backdoors - CompTIA Security+ SY0-401: 3.1
5. YouTube: Rootkits - CompTIA Security+ SY0-401: 3.1
6. YouTube: Logic Bombs - CompTIA Security+ SY0-401: 3.1
7. YouTube: Botnets - CompTIA Security+ SY0-401: 3.1
8. YouTube: Ransomware - CompTIA Security+ SY0-401: 3.1
9. YouTube: Polymorphic Malware - CompTIA Security+ SY0-401: 3.1
10. YouTube: Armored Virus - CompTIA Security+ SY0-401: 3.1

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers attacks.

Objectives and Skills[edit | edit source]

Objectives and skills for the attacks portion of Security+ certification include:^[1]

Summarize various types of attacks.

• Man-in-the-middle
• DDoS
• DoS
• Replay
• Smurf attack
• Spoofing
• Spam
• Phishing
• Spim
• Vishing
• Spear phishing
• Xmas attack
• Pharming
• Privilege escalation
• Malicious insider threat
• DNS poisoning and ARP poisoning
• Transitive access
• Client-side attacks
• Password attacks
  • Brute force
  • Dictionary attacks
  • Hybrid
  • Birthday attacks
  • Rainbow tables
• Typo squatting/URL hijacking
• Watering hole attack

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Man-in-the-Middle Attacks - CompTIA Security+ SY0-401: 3.2
2. YouTube: Denial of Service - CompTIA Security+ SY0-401: 3.2
3. YouTube: Replay Attacks - CompTIA Security+ SY0-401: 3.2
4. YouTube: Spoofing - CompTIA Security+ SY0-401: 3.2
5. YouTube: Spam - CompTIA Security+ SY0-401: 3.2
6. YouTube: Phishing - CompTIA Security+ SY0-401: 3.2
7. YouTube: Vishing - CompTIA Security+ SY0-401: 3.2
8. YouTube: Christmas Tree Attack - CompTIA Security+ SY0-401: 3.2
9. YouTube: Privilege Escalation - CompTIA Security+ SY0-401: 3.2
10. YouTube: Insider Threats - CompTIA Security+ SY0-401: 3.2
11. YouTube: Transitive and Client-side Attacks - CompTIA Security+ SY0-401: 3.2
12. YouTube: Password Attacks - CompTIA Security+ SY0-401: 3.2
13. YouTube: URL Hijacking - CompTIA Security+ SY0-401: 3.2
14. YouTube: Watering Hole Attack - CompTIA Security+ SY0-401: 3.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers social engineering.

Objectives and Skills[edit | edit source]

Objectives and skills for the social engineering portion of Security+ certification include:^[1]

Summarize social engineering attacks and the associated effectiveness with each attack.

• Shoulder surfing
• Dumpster diving
• Tailgating
• Impersonation
• Hoaxes
• Whaling
• Vishing
• Principles (reasons for effectiveness)
  • Authority
  • Intimidation
  • Consensus/Social proof
  • Scarcity
  • Urgency
  • Familiarity/liking
  • Trust

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Shoulder Surfing - CompTIA Security+ SY0-401: 3.3
2. YouTube: Dumpster Diving - CompTIA Security+ SY0-401: 3.3
3. YouTube: Tailgating - CompTIA Security+ SY0-401: 3.3
4. YouTube: Impersonation - CompTIA Security+ SY0-401: 3.3
5. YouTube: Hoaxes - CompTIA Security+ SY0-401: 3.3
6. YouTube: Whaling - CompTIA Security+ SY0-401: 3.3
7. YouTube: The Effectiveness of Social Engineering - CompTIA Security+ SY0-401: 3.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers wireless attacks.

Objectives and Skills[edit | edit source]

Objectives and skills for the wireless attacks portion of Security+ certification include:^[1]

Explain types of wireless attacks.

• Rogue access points
• Jamming/Interference
• Evil twin
• War driving
• Bluejacking
• Bluesnarfing
• War chalking
• IV attack
• Packet sniffing
• Near field communication
• Replay attacks
• WEP/WPA attacks
• WPS attacks

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Rogue Access Points and Evil Twins - CompTIA Security+ SY0-401: 3.4
2. YouTube: Wireless Interference - CompTIA Security+ SY0-401: 3.4
3. YouTube: Wardriving and Warchalking - CompTIA Security+ SY0-401: 3.4
4. YouTube: Bluejacking and Bluesnarfing - CompTIA Security+ SY0-401: 3.4
5. YouTube: Wireless IV Attacks - CompTIA Security+ SY0-401: 3.4
6. YouTube: Wireless Packet Analysis - CompTIA Security+ SY0-401: 3.4
7. YouTube: Near Field Communication - CompTIA Security+ SY0-401: 3.4
8. YouTube: Wireless Replay and WEP Attacks - CompTIA Security+ SY0-401: 3.4
9. YouTube: WPA Attacks - CompTIA Security+ SY0-401: 3.4
10. YouTube: WPS Attacks - CompTIA Security+ SY0-401: 3.4

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers application attacks.

Objectives and Skills[edit | edit source]

Objectives and skills for the application attacks portion of Security+ certification include:^[1]

Explain types of application attacks.

• Cross-site scripting
• SQL injection
• LDAP injection
• XML injection
• Directory traversal/command injection
• Buffer overflow
• Integer overflow
• Zero-day
• Cookies and attachments
• LSO (Locally Shared Objects)
• Flash Cookies
• Malicious add-ons
• Session hijacking
• Header manipulation
• Arbitrary code execution / remote code execution

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Cross-Site Scripting - CompTIA Security+ SY0-401: 3.5
2. YouTube: SQL Injection, XML Injection, and LDAP Injection - CompTIA Security+ SY0-401: 3.5
3. YouTube: Directory Traversal and Command Injection - CompTIA Security+ SY0-401: 3.5
4. YouTube: Buffer Overflows and Integer Overflows - CompTIA Security+ SY0-401: 3.5
5. YouTube: Zero-Day Attacks - CompTIA Security+ SY0-401: 3.5
6. YouTube: Cookies, Header Manipulation, and Session Hijacking - CompTIA Security+ SY0-401: 3.5
7. YouTube: Locally Shared Objects and Flash Cookies - CompTIA Security+ SY0-401: 3.5
8. YouTube: Malicious Add-ons and Attachments - CompTIA Security+ SY0-401: 3.5
9. YouTube: Arbitrary and Remote Code Execution - CompTIA Security+ SY0-401: 3.5

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers threat mitigation.

Objectives and Skills[edit | edit source]

Objectives and skills for the threat mitigation portion of Security+ certification include:^[1]

Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

• Monitoring system logs
  • Event logs
  • Audit logs
  • Security logs
  • Access logs
• Hardening
  • Disabling unnecessary services
  • Protecting management interfaces and applications
  • Password protection
  • Disabling unnecessary accounts
• Network security
  • MAC limiting and filtering
  • 802.1x
  • Disabling unused interfaces and unused application service ports
  • Rogue machine detection
• Security posture
  • Initial baseline configuration
  • Continuous security monitoring
  • Remediation
• Reporting
  • Alarms
  • Alerts
  • Trends
• Detection controls vs. prevention controls
  • Intrusion Detection Systems (IDS) vs. Intrusion Prevention Systems (IPS)
  • Camera vs. guard

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Monitoring System Logs - CompTIA Security+ SY0-401: 3.6
2. YouTube: Operating System Hardening - CompTIA Security+ SY0-401: 3.6
3. YouTube: Physical Port Security - CompTIA Security+ SY0-401: 3.6
4. YouTube: Security Posture - CompTIA Security+ SY0-401: 3.6
5. YouTube: Reporting - CompTIA Security+ SY0-401: 3.6
6. YouTube: Detection vs. Prevention - CompTIA Security+ SY0-401: 3.6

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers security tools.

Objectives and Skills[edit | edit source]

Objectives and skills for the security tools portion of Security+ certification include:^[1]

Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

• Interpret results of security assessment tools
• Tools
  • Protocol analyzer
  • Vulnerability scanner
  • Honeypots
  • Honeynets
  • Port scanner
  • Passive vs. active tools
  • Banner grabbing
• Risk calculations
  • Threat vs. likelihood
• Assessment types
  • Risk
  • Threat
  • Vulnerability
• Assessment technique
  • Baseline reporting
  • Code review
  • Determine attack surface
  • Review architecture
  • Review designs

Readings[edit | edit source]

1. Wikipedia: Vulnerability Scanner and related articles.

Multimedia[edit | edit source]

1. YouTube: Vulnerability Scanning Overview - CompTIA Security+ SY0-401: 3.7
2. YouTube: Assessment Tools - CompTIA Security+ SY0-401: 3.7
3. YouTube: Assessment Types - CompTIA Security+ SY0-401: 3.7
4. YouTube: Assessment Techniques - CompTIA Security+ SY0-401: 3.7

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers security testing.

Objectives and Skills[edit | edit source]

Objectives and skills for the security testing portion of Security+ certification include:^[1]

Explain the proper use of penetration testing versus vulnerability scanning.

• Penetration testing<ref>
  • Verify a threat exists
  • Bypass security controls
  • Actively test security controls
  • Exploiting vulnerabilities
• Vulnerability scanning
  • Passively testing security controls
  • Identify vulnerability
  • Identify lack of security controls
  • Identify common misconfigurations
  • Intrusive vs. non-intrusive
  • Credentialed vs. non-credentialed
  • False positive
• Black box
• White box
• Gray box

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Penetration Testing - CompTIA Security+ SY0-401: 3.8
2. YouTube: Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Host Security[edit | edit source]

This lesson covers application security.

Objectives and Skills[edit | edit source]

Objectives and skills for the application security portion of Security+ certification include:^[1]

Explain the importance of application security controls and techniques.

• Fuzzing
• Secure coding concepts
  • Error and exception handling
  • Input validation
• Cross-site scripting prevention
• Cross-site Request Forgery (XSRF) prevention
• Application configuration baseline (proper settings)
• Application hardening
• Application patch management
• NoSQL databases vs. SQL databases
• Server-side vs. Client-side validation

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Fuzzing - CompTIA Security+ SY0-401: 4.1
2. YouTube: Secure Coding Concepts - CompTIA Security+ SY0-401: 4.1
3. YouTube: Application Configuration Baselining and Hardening - CompTIA Security+ SY0-401: 4.1
4. YouTube: Application Patch Management - CompTIA Security+ SY0-401: 4.1
5. YouTube: SQL and NoSQL Databases - CompTIA Security+ SY0-401: 4.1
6. YouTube: Server-side vs. Client-side Validation - CompTIA Security+ SY0-401: 4.1

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers mobile security.

Objectives and Skills[edit | edit source]

Objectives and skills for the mobile security portion of Security+ certification include:^[1]

Summarize mobile security concepts and technologies.

• Device security
  • Full device encryption
  • Remote wiping
  • Lockout
  • Screen-locks
  • GPS
  • Application control
  • Storage segmentation
  • Asset tracking
  • Inventory control
  • Mobile device management
  • Device access control
  • Removable storage
  • Disabling unused features
• Application security
  • Key management
  • Credential management
  • Authentication
  • Geo-tagging
  • Encryption
  • Application whitelisting
  • Transitive trust/authentication
• BYOD concerns
  • Data ownership
  • Support ownership
  • Patch management
  • Antivirus management
  • Forensics
  • Privacy
  • On-boarding/off-boarding
  • Adherence to corporate policies
  • User acceptance
  • Architecture/infrastructure considerations
  • Legal concerns
  • Acceptable use policy
  • On-board camera/video

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Mobile Device Security - CompTIA Security+ SY0-401: 4.2
2. YouTube: Mobile Application Security - CompTIA Security+ SY0-401: 4.2
3. YouTube: Mobile BYOD Concerns - CompTIA Security+ SY0-401: 4.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers host security.

Objectives and Skills[edit | edit source]

Objectives and skills for the host security portion of Security+ certification include:^[1]

Given a scenario, select the appropriate solution to establish host security.

• Operating system security and settings
• OS hardening
• Anti-malware
  • Antivirus
  • Anti-spam
  • Anti-spyware
  • Pop-up blockers
• Patch management
• White listing vs. black listing applications
• Trusted OS
• Host-based firewalls
• Host-based intrusion detection
• Hardware security
  • Cable locks
  • Safe
  • Locking cabinets
• Host software baselining
• Virtualization
  • Snapshots
  • Patch compatibility
  • Host availability/elasticity
  • Security control testing
  • Sandboxing

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Operating System Security and Settings - CompTIA Security+ SY0-401: 4.3
2. YouTube: Anti-Malware - CompTIA Security+ SY0-401: 4.3
3. YouTube: Patch Management - CompTIA Security+ SY0-401: 4.3
4. YouTube: White Listing and Black Listing Applications - CompTIA Security+ SY0-401: 4.3
5. YouTube: Trusted Operating Systems - CompTIA Security+ SY0-401: 4.3
6. YouTube: Host-based Security - CompTIA Security+ SY0-401: 4.3
7. YouTube: Hardware Security - CompTIA Security+ SY0-401: 4.3
8. YouTube: Host Software Baselining - CompTIA Security+ SY0-401: 4.3
9. YouTube: Virtualization Security - CompTIA Security+ SY0-401: 4.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers data security.

Objectives and Skills[edit | edit source]

Objectives and skills for the data security portion of Security+ certification include:^[1]

Implement the appropriate controls to ensure data security.

• Cloud storage
• SAN
• Handling Big Data
• Data encryption
  • Full disk
  • Database
  • Individual files
  • Removable media
  • Mobile devices
• Hardware based encryption devices
  • TPM
  • HSM
  • USB encryption
  • Hard drive
• Data in-transit, Data at-rest, Data in-use
• Permissions/ACL
• Data policies
  • Wiping
  • Disposing
  • Retention
  • Storage

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Cloud and SAN Storage Data Security - CompTIA Security+ SY0-401: 4.4
2. YouTube: Data Encryption - CompTIA Security+ SY0-401: 4.4
3. YouTube: Hardware-based Encryption - CompTIA Security+ SY0-401: 4.4
4. YouTube: States of Data - CompTIA Security+ SY0-401: 4.4
5. YouTube: Permissions and ACLs - CompTIA Security+ SY0-401: 4.4
6. YouTube: Data Policies - CompTIA Security+ SY0-401: 4.4

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers environmental mitigation.

Objectives and Skills[edit | edit source]

Objectives and skills for the environmental mitigation portion of Security+ certification include:^[1]

Compare and contrast alternative methods to mitigate security risks in static environments.

• Environments
  • SCADA
  • Embedded (Printer, Smart TV, HVAC control)
  • Android
  • iOS
  • Mainframe
  • Game consoles
  • In-vehicle computing systems
• Methods
  • Network segmentation
  • Security layers
  • Application firewalls
  • Manual updates
  • Firmware version control
  • Wrappers
  • Control redundancy and diversity

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Embedded System Security - CompTIA Security+ SY0-401: 4.5
2. YouTube: Static OS Environments - CompTIA Security+ SY0-401: 4.5
3. YouTube: Mitigating Risk in Static Environments - CompTIA Security+ SY0-401: 4.5

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Access Control[edit | edit source]

This lesson covers authentication services from CompTIA Security + certification

Objectives and Skills[edit | edit source]

Objectives and skills for the authentication services portion of Security+ certification include:^[1]

Compare and contrast the function and purpose of authentication services.

• RADIUS
• TACACS+
• Kerberos
• LDAP
• XTACACS
• SAML
• Secure LDAP

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: RADIUS and TACACS - CompTIA Security+ SY0-401: 5.1
2. YouTube: Kerberos - CompTIA Security+ SY0-401: 5.1
3. YouTube: LDAP and Secure LDAP - CompTIA Security+ SY0-401: 5.1
4. YouTube: SAML - CompTIA Security+ SY0-401: 5.1

Activities[edit | edit source]

See Also[edit | edit source]

• Single Sign-on (SSO)
• Multi Factor Authentication (MFA)

References[edit | edit source]

This lesson covers authentication and authorization.

Objectives and Skills[edit | edit source]

Objectives and skills for the authentication and authorization of Security+ certification include:^[1]

Given a scenario, select the appropriate authentication, authorization or access control.

• Identification vs. authentication vs. authorization
• Authorization
  • Least privilege
  • Separation of duties
  • ACLs
  • Mandatory access
  • Discretionary access
  • Rule-based access control
  • Role-based access control
  • Time of day restrictions
• Authentication
  • Tokens
  • Common access card
  • Smart card
  • Multifactor authentication
  • TOTP
  • HOTP
  • CHAP
  • PAP
  • Single sign-on
  • Access control
  • Implicit deny
  • Trusted OS
• Authentication factors
  • Something you are
  • Something you have
  • Something you know
  • Somewhere you are
  • Something you do
• Identification
  • Biometrics
  • Personal identification verification card
  • Username
• Federation
• Transitive trust/authentication

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
2. YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
3. YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
4. YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
5. YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
6. YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
7. YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
8. YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers account management.

Objectives and Skills[edit | edit source]

Objectives and skills for the account management portion of Security+ certification include:^[1]

Install and configure security controls when performing account management, based on best practices.

• Mitigate issues associated with users with multiple account/roles and/or shared accounts
• Account policy enforcement
  • Credential management
  • Group policy
  • Password complexity
  • Expiration
  • Recovery
  • Disablement
  • Lockout
  • Password history
  • Password reuse
  • Password length
  • Generic account prohibition
• Group based privileges
• User assigned privileges
• User access reviews
• Continuous monitoring

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Roles and Account Credentials - CompTIA Security+ SY0-401: 5.3
2. YouTube: Group Policy - CompTIA Security+ SY0-401: 5.3
3. YouTube: Managing Password Policies - CompTIA Security+ SY0-401: 5.3
4. YouTube: Privileges - CompTIA Security+ SY0-401: 5.3
5. YouTube: User Access Reviews and Monitoring - CompTIA Security+ SY0-401: 5.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Cryptography[edit | edit source]

This lesson covers cryptography concepts.

Objectives and Skills[edit | edit source]

Objectives and skills for the cryptography concepts portion of Security+ certification include:^[1]

Given a scenario, utilize general cryptography concepts.

• Symmetric vs. asymmetric
• Session keys
• In-band vs. out-of-band key exchange
• Fundamental differences and encryption methods
  • Block vs. stream
• Transport encryption
• Non-repudiation
• Hashing
• Key escrow
• Steganography
• Digital signatures
• Use of proven technologies
• Elliptic curve and quantum cryptography
• Ephemeral key
• Perfect forward secrecy

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Cryptography Overview - CompTIA Security+ SY0-401: 6.1
2. YouTube: Symmetric vs. Asymmetric Encryption - CompTIA Security+ SY0-401: 6.1
3. YouTube: Public Keys and Private Keys - CompTIA Security+ SY0-401: 6.1
4. YouTube: Session Keys - CompTIA Security+ SY0-401: 6.1
5. YouTube: Block vs. Stream Ciphers - CompTIA Security+ SY0-401: 6.1
6. YouTube: Transport Encryption - CompTIA Security+ SY0-401: 6.1
7. YouTube: Non-Repudiation - CompTIA Security+ SY0-401: 6.1
8. YouTube: Hashing - CompTIA Security+ SY0-401: 6.1
9. YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.1
10. YouTube: Steganography - CompTIA Security+ SY0-401: 6.1
11. YouTube: Elliptic Curve and Quantum Cryptography - CompTIA Security+ SY0-401: 6.1
12. YouTube: Perfect Forward Secrecy - CompTIA Security+ SY0-401: 6.1

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers cryptography methods.

Objectives and Skills[edit | edit source]

Objectives and skills for the cryptography methods portion of Security+ certification include:^[1]

Given a scenario, use appropriate cryptographic methods.

• WEP vs. WPA/WPA2 and preshared key
• MD5
• SHA
• RIPEMD
• AES
• DES
• 3DES
• HMAC
• RSA
• Diffie-Hellman
• RC4
• One-time pads
• NTLM
• NTLMv2
• Blowfish
• PGP/GPG
• TwoFish
• DHE
• ECDHE
• CHAP
• PAP
• Comparative strengths and performance of algorithms
• Use of algorithms/protocols with transport encryption
  • SSL
  • TLS
  • IPSec
  • SSH
  • HTTPS
• Cipher suites
  • Strong vs. weak ciphers
• Key stretching
  • PBKDF2
  • Bcrypt

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: WEP vs. WPA - CompTIA Security+ SY0-401: 6.2
2. YouTube: Cryptographic Hash Functions - CompTIA Security+ SY0-401: 6.2
3. YouTube: Symmetric Encryption Ciphers - CompTIA Security+ SY0-401: 6.2
4. YouTube: Asymmetric Cryptography Algorithms - CompTIA Security+ SY0-401: 6.2
5. YouTube: One-Time Pads - CompTIA Security+ SY0-401: 6.2
6. YouTube: NTLM - CompTIA Security+ SY0-401: 6.2
7. YouTube: Transport Encryption Algorithms - CompTIA Security+ SY0-401: 6.2
8. YouTube: Strong vs. Weak Encryption - CompTIA Security+ SY0-401: 6.2

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

This lesson covers public key infrastructure (PKI).

Objectives and Skills[edit | edit source]

Objectives and skills for the PKI portion of Security+ certification include:^[1]

Given a scenario, use appropriate PKI, certificate management and associated components.

• Certificate authorities and digital certificates
  • CA
  • CRLs
  • OCSP
  • CSR
• PKI
• Recovery agent
• Public key
• Private key
• Registration
• Key escrow
• Trust models

Readings[edit | edit source]

Multimedia[edit | edit source]

1. YouTube: Certificate Authorities - CompTIA Security+ SY0-401: 6.3
2. YouTube: Key Revocation - CompTIA Security+ SY0-401: 6.3
3. YouTube: Digital Certificates - CompTIA Security+ SY0-401: 6.3
4. YouTube: Public Key Infrastructure - CompTIA Security+ SY0-401: 6.3
5. YouTube: Key Recovery - CompTIA Security+ SY0-401: 6.3
6. YouTube: Public and Private Keys - CompTIA Security+ SY0-401: 6.3
7. YouTube: Key Registration - CompTIA Security+ SY0-401: 6.3
8. YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.3
9. YouTube: Trust Models - CompTIA Security+ SY0-401: 6.3

Activities[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]