CompTIA Security+ (SY0-401)

Author: Christopher Rees

This path is set to retire on July 31, 2018. Please visit our latest Security+ content


In order to help you prepare for the CompTIA Security+ exam, these courses align with objectives that are specific to the certification, which covers the best ways to apply security tools and identify threats.


CompTIA Security+ (SY0-401) Network Security

by Christopher Rees

Oct 17, 2014 / 3h 48m

Beginner • 3h 48m

Start Course

CompTIA Security+ (2014 Objectives) prepares networking and IT professionals with the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security. In addition, the successful candidate will be given the skills to be able to accurately apply security controls to maintain confidentiality, integrity, and availability, identify appropriate technologies and products, and troubleshoot security events and incidents.

Table of contents
  1. Getting Started
    20m 59s
  2. Security Configuration Parameters
    52m 32s
  3. Secure Network Administration Principles
    29m 49s
  4. Network Design Elements
    46m 43s
  5. Common Protocols and Services
    43m 10s
  6. Wireless Security
    35m 26s

CompTIA Security+ (SY0-401) Compliance and Operational Security

by Christopher Rees

Jan 22, 2015 / 5h 48m

Beginner • 5h 48m

Start Course

This course prepares students for the compliance and operational security section of the CompTIA Security+ (SY0-401) exam. This course deals with security issues such as compliance, risk mitigation, basic forensic procedures and environmental controls used to increase reliability, resiliency, and maintain business continuity. The importance of mitigating risk and calculating the likelihood and expected losses of various risks is covered, along with dealing with 3rd party integration, SLAs, and maintaining operations through business continuity best practices. Environmental controls including HVAC, hot and cold aisles, high availability, and fault tolerant best practices are also discussed. Confidentiality, Integrity and Availability (CIA) best practices are also covered to ensure data is secure, verified, and accessible.

Table of contents
  1. Risk and Related Concepts
    1h 47s
  2. Risks Associated With 3rd Party Integration
    21m 37s
  3. Risk Mitigation Strategies
    23m 50s
  4. Implementing Basic Forensic Procedures
    46m 18s
  5. Incident Response Concepts
    41m 49s
  6. Security Related Awareness and Training
    30m 19s
  7. Physical and Environmental Controls
    41m 44s
  8. Risk Management Best Practices
    52m 32s
  9. Appropriate Controls to Meet Security Goals
    29m 40s

CompTIA Security+ (SY0-401) Threats and Vulnerabilities

by Christopher Rees

Jun 17, 2015 / 3h 44m

Beginner • 3h 44m

Start Course

This course covers the material that comprises Domain 3.0 of the CompTIA Security+ SY0-401 certification exam. Topics include types of malware, adware, viruses, spyware and backdoors, along with various types of attacks, including man-in-the-middle attacks, DDoS, Smurf attacks, phishing, xmas attacks, bluesnarfing, bluejacking, dumpster diving, etc. Also covered are various types of application attacks including XSS, XSRF, LDAP injection, SQL injection attacks and the privacy concerns created by cookies, evercookies, LSO, and Flash cookies. Penetration testing and vulnerability scanning is also covered, along with ways to calculate risk when doing security assessments, code, design, and architecture reviews.

Table of contents
  1. Types of Malware
    26m 45s
  2. Types of Attacks
    41m 17s
  3. Effectiveness of Social Engineering Attacks
    24m 45s
  4. Wireless Attacks
    23m 3s
  5. Application Attacks
    31m 10s
  6. Mitigation and Deterrent Techniques
    29m 14s
  7. Discovering Security Threats and Vulnerabilities
    26m 50s
  8. Penetration Testing vs. Vulnerability Scanning
    21m 5s

CompTIA Security+ (SY0-401) Application, Data, and Host Security

by Christopher Rees

Apr 4, 2015 / 2h 16m

Beginner • 2h 16m

Start Course

This course covers the material that comprises Domain 4.0 of the CompTIA Security+ SY0-401 certification exam. Topics include application security concepts such as fuzzing, cross-site scripting, cross-site request forgery, application and database hardening, device security, encryption, data-wiping, SCADA and embedded systems security, virtualization and cloud security concepts, mobile device security, and the various methods used to implement security best practices.

Table of contents
  1. Application Security Controls and Techniques
    31m 26s
  2. Mobile Security Concepts and Technologies
    25m 10s
  3. Establishing Host Security
    28m 6s
  4. Appropriate Controls to Ensure Data Security
    22m 38s
  5. Mitigate Security Risks in Static Environments
    29m 33s

CompTIA Security+ (SY0-401) Access Control and Identity Management

by Christopher Rees

Jul 11, 2015 / 1h 21m

Beginner • 1h 21m

Start Course

Access control and identity management is crucial to maintaining and secure environment. Various hardware controls like RADIUS, TACACS+ and XTACACS are covered, along with directory services and authentication services like Kerberos, LDAP, SAML, and Secure LDAP. The differences between identification, authentication, and authorization are covered, along with the various tools used to ensure users are connected securely with access to resources they need. Technologies and concepts including tokens, multi-authentication, TOTP, HOTP, CHAP, and PAP are covered, along with authentication factors.

Table of contents
  1. Authentication Services
    18m 41s
  2. Authentication, Authorization, and Access Control
    33m 34s
  3. Account Management Security Controls
    29m 12s

CompTIA Security+ (SY0-401) Cryptography

by Christopher Rees

Jul 20, 2015 / 1h 32m

Beginner • 1h 32m

Start Course

CompTIA Security+ (2014 Objectives) prepares networking and IT professionals with the required knowledge and skills to understand the concepts and technologies involved with encryption, cryptography, PKI, and the associated benefits and risks.

Table of contents
  1. General Cryptography Concepts
    35m 18s
  2. Using Appropriate Cryptographic Methods
    35m 16s
  3. PKI and Certificate Management
    21m 50s

What you will learn

  • Cryptography
  • Identity Management
  • Security Systems
  • Organizational Systems
  • Security Risk Identification and Mitigation
  • Network Access Control
  • Security Infrastructure


No prerequisites are necessary, but it is recommended that you have two or more years of experience in IT administration in addition to the Network+ certification.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Transcender®* practice exams. Sign in below or sign up for a free team trial.