上海信息安全技術專家Security+認證培訓

考試相關

CompTIA Security+ 已獲得 ISO 17024 國際標準認證（人員認證認可），并因此相應地定期審查和更新考試大綱。下表所列的是本版考試的范圍，這是根據(jù)專家主題研討的結論以及對擁有兩年工作經(jīng)驗的具備相關信息安全專業(yè)知識和技能的企業(yè)人員的調查而修訂的。

本考試大綱包含各領域所占的百分比、測試目標和示例內容。這里給出了主題和概念作為示例用以明確考試目標，但其不應該被誤讀為是考試全部內容的完整列表。

注意事項

以下并未列出每個考綱的所有項目。雖然它們沒有包含在此文檔中，考試中也可能包含與每個目標相關的技術、過程或任務的其他示例

Security+考試語言

目前為英文 

考試形式

Pearson VUE 考試中心機考

課程大綱

內容

1.0 Network Security             網(wǎng)絡安全

Implement security configuration parameters on network devices and other technologies. 網(wǎng)絡設備和其他設備上實施安全配置參數(shù)

given a scenario,use secure network a dministration principles. 給定一個場景，應用安全網(wǎng)絡管理原則

Explaain network design elements and components.  解釋網(wǎng)絡設計的元素和組件。

Given a scenario, implement common protocols and services. 給定一個場景，實施通用的和服務

Given a scenario,troubleshoot security issues related to wireless networking.  給定一個場景，對無線組網(wǎng)中的安全問題進行故障排

2.0 Compliance and      Operational Security                       合規(guī)與運維安全

Explain the importance of risk related concepts.解釋風險相關概念的重要性

Summarize the security implications of integrating systems and data with third parties.總結與第三方集成系統(tǒng)與數(shù)據(jù)的安全含義

Given a scenario,implement appropriate risk mitigation strategies.     給定一個場景，實施正確的風險降低策略

Given a scenario,implement basic forensic procedures.給定一個場景，實施基本的取證程序

Summarize common incident response procedures. 總結通用的事件響應程序

Explain the importance of security related awareness and training.      解釋安全相關意識和培訓的重要性

Compare and contrast physical secuity and environmental controls.     比較和對比物理安全環(huán)境控制

Summarize risk management best practices.  總結風險管理的好實踐

Given a scenario,select the appropriate control to meet the goals of security.  給定一個場景，選擇合適的控制來滿足安全目標

3.0 Threats and          Vulnerabilities                 威脅與漏洞

Explain types of malware.解釋各種惡意軟件

Summarize various types of attacks.總結不同類型的攻擊

Summarize social engineering attacks and the associated effectiveness with each attack.   總結社會工程攻擊和相關每個攻擊的有效性

Explain types of wireless attacks. 解釋無線攻擊的類型

Explain types of application attacks.解釋應用攻擊的類型

Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

Given a scenario,use appropriate tools and techniques to discover security threats and vulnerabilities.

Explain the proper use of penetration testing versus vulnerability scanning.   解釋如何正確使用滲透測試與漏洞掃描

4.0 Application,Data and      Host Security                  應用、數(shù)據(jù)和主機安全

Explain the importance of application security controls and techniques.解釋應用安全控制盒技術的重要性

Summarize mobile security concepts and technologies.總結移動安全的概念與技術

Given a scenario,select the appropriate solution to establish host security.給定一個場景，選擇合適的方案來建立主機安全

Implement the appropriate controls to ensure data security.實施合適的控制來保障數(shù)據(jù)安全

Compare and contrast alternative methods to mitigate secuity risks in static environments.

5.0 Access Control and           Identity Management            訪問控制與身份管理

Compare and contrast the function and purpose of authentication services.比較和對比認證服務的功能和目標

Given a scenario,select the appropriate authentication,authorization or access control.

Install and configure security controls when pertorming account management,based on best practices.

6.0 Cryptgraphy                 密碼學

Given a scenario,utilize general cryptography concepts. 給定一個場景，使用通用密碼學概念

Given a scenario,use appropriate cryptographic methods.給定一個場景，使用合適的密碼學方法

Given a scenario,use appropriate PKI,certificate management and associated components.