Main Menu

Credit Cards

Our Partners

Authorized Pearson Vue Test Center





COMPTIA Security+


Course Duration:  40hrs

Exam Code:  COMPTIA Security+ SY0-401

Why get this Course?
This course will help participants to gain knowledge and skills in identifying
risk, mitigation activity, maintain confidentiality, intergrity, availability,
of network infrastucture. Troubleshoot security events as well as becoming aware
of policies, laws and regulation.

Course Delivery:
Instructor-led, classroom/laboratory-delivery learning model with structured hands-on and minds-on activities and laboratory activities.

Course Prerequisite:
Comptia Network+ training and/or certification

Course Outlines:

1.0 Network Security
1.1 Explain the security function and purpose of network devices and technologies
  • Firewalls
  • Routers
  • Switches
  • Load Balancers
  • Proxies
  • Web security gateways
  • VPN concentrators
  • NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic)
  • Protocol analyzers
  • Sniffers
  • Spam filter, all-in-one security appliances
  • Web application firewall vs. network firewall
  • URL filtering, content inspection, malware inspection
1.2 Apply and implement secure network administration principles
  • Rule-based management
  • Firewall rules
  • VLAN management
  • Secure router configuration
  • Access control lists
  • Port Security
  • 802.1x
  • Flood guards
  • Loop protection
  • Implicit deny
  • Prevent network bridging by network separation
  • Log analysis
1.3 Distinguish and differentiate network design elements and compounds
  • DMZ
  • Subnetting
  • VLAN
  • NAT
  • Remote Access
  • Telephony
  • NAC
  • Virtualization
  • Cloud Computing
1.4 Implement and use common protocols
  • IPSec
  • SNMP
  • SSH
  • DNS
  • TLS
  • SSL
  • TCP/IP
  • FTPS
  • SFTP
  • SCP
  • ICMP
  • IPv4 vs. IPv6
1.5 Identify commonly used default network ports
  • FTP
  • SFTP
  • FTPS
  • TFTP
  • HTTP
  • SCP
  • SSH
  • NetBIOS
1.6 Implement wireless network in a secure manner
  • WPA
  • WPA2
  • WEP
  • EAP
  • PEAP
  • LEAP
  • MAC filter
  • SSID broadcast
  • TKIP
  • CCMP
  • Antenna Placement
  • Power level controls
2.0 Compliance and Operational Security
2.1 Explain risk related concepts
  • Control types
  • False positives
  • Importance of policies in reducing risk
  • Quantitative vs. qualitative
  • Risk-avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated to Cloud Computing and Virtualization
2.2 Carry out appropriate risk mitigation strategies
  • Implement
    security controls based on risk
  • Change management
  • Incident management
  • User rights and permissions reviews
  • Perform routine audits
  • Implement policies and procedures to prevent data loss or theft
2.3 Execute appropriate incident response procedures
  • Basic forensic procedures
  • Damage and loss control
  • Chain of custody
  • Incident response: first responder
2.4 Explain the importance of security related awareness and training
  • Security policy training and procedures
  • Personally identifiable information
  • Information classification: Sensitivity of data (hard or soft)
  • Data labeling, handling and disposal
  • Compliance with laws, best practices and standards
  • User habits
  • Threat awareness
  • Use of social networking and P2P
2.5 Compare and contrast aspects of business continuity
  • Business impact analysis
  • Removing single points of failure
  • Business continuity planning and testing
  • Continuity of operations
  • Disaster recovery
  • IT contingency planning
  • Succession planning
2.6 Explain the impact and proper use of environmental controls
  • HVAC
  • Fire suppression
  • EMI shielding
  • Hot and cold aisles
  • Environmental monitoring
  • Temperature and humidity controls
  • Video monitoring
2.7 Execute disaster recovery plans and procedures
  • Backup / backout contingency plans or policies
  • Backups, execution and frequency
  • Redundancy and fault tolerance
  • High availability
  • Cold site, hot site, warm site
  • Mean time to restore, mean time between failures, recovery time objectives and recovery point objectives
2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA)
3.0 Threats and Vulnerabilities
3.1 Analyze and differentiate among types of malware
  • Adware
  • Virus
  • Worms
  • Spyware
  • Trojan
  • Rootkits
  • Backdoors
  • Logic bomb
  • Botnets
3.2 Analyze and differentiate among types of attacks
  • Man-in-the-middle
  • DDoS
  • DoS
  • Replay
  • Smurf attack
  • Spoofing
  • Spam
  • Phishing
  • Spim
  • Vishing
  • Spear phishing
  • Xmas attack
  • Pharming
  • Privilege escalation
  • Malicious insider threat
  • DNS poisoning and ARP poisoning
  • Transitive access
  • Client-side attacks
3.3 Analyze and differentiate among types of social engineering attacks
  • Shoulder surfing
  • Dumpster diving
  • Tailgating
  • Impersonation
  • Hoaxes
  • Whaling
  • Vishing
3.4 Analyze and differentiate among types of wireless attacks
  • Rogue access points
  • Interference
  • Evil twin
  • War driving
  • Bluejacking
  • Bluesnarfing
  • War chalking
  • IV attack
  • Packet sniffing
3.5 Analyze and differentiate among types of application attacks
  • Cross-site scripting
  • SQL injection
  • LDAP injection
  • XML injection
  • Directory traversal/command injection
  • Buffer overflow
  • Zero day
  • Cookies and attachments
  • Malicious add-ons
  • Session hijacking
  • Header manipulation
3.6 Analyze and differentiate among types of mitigation and deterrent techniques
  • Manual bypassing of electronic controls
  • Monitoring system logs
  • Physical security
  • Hardening
  • Port security
  • Security posture
  • Reporting
  • Detection controls vs. prevention controls
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
  • Vulnerability scanning and interpret results
  • Tools
  • Risk calculations
  • Assessment types
  • Assessment technique
3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning
  • Penetration testing
  • Vulnerability scanning
  • Black box
  • White box
  • Gray box
4.0 Application, Data and Host Security
4.1 Explain the importance of application security
  • Fuzzing
  • Secure coding concepts
  • Cross-site scripting prevention
  • Cross-site Request Forgery (XSRF) prevention
  • Application configuration baseline (proper settings)
  • Application hardening
  • Application patch management
4.2 Carry out appropriate procedures to establish host security
  • Operating system security and settings
  • Anti-malware
  • Patch management
  • Hardware security
  • Host software baselining
  • Mobile devices
  • Virtualization
4.3 Explain the importance of data security
  • Data Loss Prevention (DLP)
  • Data encryption
  • Hardware based encryption devices
  • Cloud computing
5.0 Access Control and Identity Management
5.1 Explain the function and purpose of authentication services
  • Kerberos
  • LDAP
5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control
  • Identification vs. authentication
  • Authentication (single factor) and authorization
  • Multifactor authentication
  • Biometrics
  • Tokens
  • Common access card
  • Personal identification verification card
  • Smart card
  • Least privilege
  • Separation of duties
  • Single sign on
  • ACLs
  • Access control
  • Mandatory access control
  • Discretionary access control
  • Role/rule-based access control
  • Implicit deny
  • Time of day restrictions
  • Trusted OS
  • Mandatory vacations
  • Job rotation
5.3 Implement appropriate security controls when performing account management
  • Mitigates issues associated with users with multiple account/roles
  • Account policy enforcement
  • Group based privileges
  • User assigned privileges
6.0 Cryptography
6.1 Summarize general cryptography concepts
  • Symmetric vs. asymmetric
  • Fundamental differences and encryption methods
  • Transport encryption
  • Non-repudiation
  • Hashing
  • Key escrow
  • Steganography
  • Digital signatures
  • Use of proven technologies
  • Elliptic curve and quantum cryptography
6.2 Use and apply appropriate cryptographic tools and products
  • WEP vs. WPA/WPA2 and preshared key
  • MD5
  • SHA
  • AES
  • DES
  • 3DES
  • HMAC
  • RSA
  • RC4
  • One-time-pads
  • CHAP
  • PAP
  • NTLM
  • NTLMv2
  • Blowfish
  • Whole disk encryption
  • TwoFish
  • Comparative strengths of algorithms
  • Use of algorithms with transport encryption
6.3 Explain the core concepts of public key infrastructure
  • Certificate authorities and digital certificates
  • PKI
  • Recovery agent
  • Public key
  • Private key
  • Registration
  • Key escrow
  • Trust models
6.4 Implement PKI, certificate management and associated components
  • Certificate authorities and digital certificates
  • PKI
  • Recovery agent
  • Public key
  • Private keys
  • Registration
  • Key escrow
  • Trust models

Exam Fee Installment  Down
Due Date  Manual 
 Php 16,500 USD179  Php 17,000  Php 8,500  Midway  Free

COURSE FEE with Exam:
Cash Installment  Down
Due Date  Manual 
Php 26,500  Php 27,000  Php 13,500  Midway  Free


Other Short Courses..

What do you think?

Leave a Question



@ Nino Pilueta

Good day, you must have Comptia Network+ training and/or certification before taking Comptia Security +. Thank you.
Good Day!!! may prerequisite po bang kailangan.. I mean ano po ung requirements na knowledge before po magtake ng training. Thanx po
Do you work with US Veterans Affairs for payment?
@ Yannick

Yes the training is available in Buendia, Makati branch. Here is the complete address Rm 208 UPY Bldg., Gil Puyat Ave. (formerly Buendia Ave) corner Marconi St. Palanan Makati City
Training Loc.


Is Sec + offered as well in Makati Site?
@ Claudine Lusica

Please make a reservation online through this link . Minimum of 3 participants for the class to push through.
Hi, Good day. I am interested in CompTIA Security +, Please advise how to proceed with the enrollment?
I am currently working as IT Consultant and will be paying with my personal expenses.

Looking forward to hear from you.
good day!, may sched na ba for COMPTIA Sec+
@ Rei,

It is recommended to take the pre-requisite before taking Comptia Security +. It would not be easy to take this course directly.
Good PM, hindi pa po ako nag ttrain or nagaaral ng kahit anong COMPTIA courses but I would to enroll in this particualr course Security+, pwede po ba yon? or dapat tlaga taken na po ang pre requisite?

Unfortunately, We do not have weekdays schedule for this training. Our open schedule is January 3 to January 31,2015, every Saturday 9am to 3pm. Thank you!
hi. im interested to take the CompTIA+Network do u have schedule from jan.3- jan.8 2015, coz im from oversea will have a vacation for 12days.
@ Lerry, Alex and Jess

Unfortunately wala pa po tayong schedule na available for Comptia Security+. We will post soon. Just keep posted. Thank you!

Can i have please the schedule of your Comptia Security + Training? Please email me @ . Thanks.
Do you have any schedule in this training
meron n po bang available schedule for security+ training?
CNCTC Live Chat Inquiry

Job Openings


Stay Informed Subscribe

Name *

Email *