CompTIA
The most widely adopted entry-level security certification, recognized by the US DoD and employers globally.
Avg Salary
$102k/yr
Difficulty
Beginner
Prep Time
~80h
Exam Cost
$392
Skills Covered
Questions
90
Duration
90 min
Pass Score
75%
Format
Multiple choice
General Security Concepts
4 objectives
Compare and contrast various types of security controls (preventive, detective, corrective, compensating).
Summarize fundamental security concepts (zero trust, defense-in-depth, threat intelligence, non-repudiation).
Explain the importance of change management processes and the impact on security.
Explain the importance of using appropriate cryptographic solutions (PKI, hashing, obfuscation, steganography).
Threats, Vulnerabilities, and Mitigations
5 objectives
Compare and contrast common threat actors and motivations (nation-state, insider threats, hacktivists).
Explain common vulnerability types (application vulnerabilities, zero-day, supply chain attacks).
Analyze indicators of malicious activity (malware types: ransomware, worms, trojans, spyware, rootkits).
Explain common social engineering techniques (phishing, vishing, smishing, pretexting, tailgating).
Mitigate threats, attacks, and vulnerabilities (patching, hardening, segmentation, access controls).
Security Architecture
4 objectives
Compare and contrast security implications of different architecture models (cloud, hybrid, edge, IoT).
Apply security principles to secure enterprise infrastructure (network segmentation, VLANs, DMZ).
Compare and contrast concepts and strategies for protecting data (encryption, DLP, masking, tokenization).
Explain the importance of resilience and recovery in security architecture (RAID, backups, replication).
Security Operations
7 objectives
Apply common security techniques to computing resources (hardening, patching, secure baseline).
Explain the security implications of proper hardware, software, and data asset management.
Explain various activities associated with vulnerability management (scanning, prioritization, CVSS).
Explain security alerting and monitoring concepts and tools (SIEM, SOAR, log management).
Modify enterprise capabilities to enhance security (firewall rules, IPS signatures, DLP policies).
Implement and maintain identity and access management solutions (LDAP, SSO, PAM, MFA, RADIUS).
Explain the importance of automation and orchestration related to secure operations (SOAR, playbooks).
Security Program Management and Oversight
5 objectives
Summarize elements of effective security governance (policies, standards, procedures, regulations, frameworks).
Explain elements of the risk management process (risk identification, assessment, treatment, monitoring).
Explain the processes associated with third-party risk assessment and management (vendor assessment, SLAs).
Summarize elements of effective compliance (privacy regulations: GDPR, HIPAA, PCI-DSS; audit processes).
Explain types and purposes of audits and assessments (security assessments, penetration testing).
Course Coming Soon
This certification prep course is being generated. Admins can create it now using the Course Factory.