Level

Architecture and Design for CompTIA Security+

By Christopher Rees

This course will teach you the fundamentals and key concepts around the security architecture and design, and how your organization implements and utilizes various tools and technologies to secure your environments.

See Pricing

5.7 hours

200 Lessons

About the course

In this course, you’ll learn about the tools and technologies used to secure your environments. First you’ll learn various methods to ensure data is secure, changes are tracked, and disruptions are minimized. Next, you’ll learn how virtualization and cloud computing can be leverage securely to enhance both productivity and security. Then, you’ll learn about automation, resiliency, and failover to strengthen your company’s security posture. Lastly, you’ll dive into the basics of cryptographic concepts to ensure data is secure at-rest, in-transit and in-use. When you’ve finished this courses, you’ll have the knowledge required to pass the architecture and design section of Security+, along with the skills needed to help ensure your companies critical data and assets are secure from attacks both internal and external.

Recommended order of completion:

Attacks, Threats, and Vulnerabilities for CompTIA Security+
Architecture and Design for CompTIA Security+
Implementation of Secure Solutions for CompTIA Security+
Operations and Incident Response for CompTIA Security+
Governance, Risk, and Compliance for CompTIA Security+
CompTIA Security+: Exam Briefing

Contact Sales See Pricing

Chapter 1 1 Lesson Course Overview 1:51

Course Overview
1:51
Chapter 2 26 Lessons Understanding Security Concepts in an Enterprise Environment 47:05

Module Intro
1:32

Configuration Management
3:44

Diagrams
1:10

Baseline Configuration
2:00

IP Address Schema
2:17

Data Sovereignty
1:29

Data Loss Prevention (DLP)
2:27

Types of Data to Secure
1:22

Data Masking
4:20

Tokenization
2:18

Digital Rights Management (DRM)
1:02

Hardware Based Encryption (TPM and HSM)
1:28

Geographical Considerations
1:31

Cloud Access Security Broker (CASB)
1:07

Security-as-a-Service (SECaaS)
1:06

Differences between CASB and SECaaS
1:07

Recovery
1:34

Secure Protocols and SSL/TLS Inspection
1:40

Hashing
1:45

API Considerations and API Gateways
2:11

Recovery Site Options (Cold, Warm, Hot, and Cloud-based Sites)
3:00

Disaster Area Example
1:41

Honeypots and Honeyfiles
1:00

Honeynets
1:00

Fake Telemetry
1:16

DNS Sinkhole
1:58
Chapter 3 27 Lessons Understanding Virtualization and Cloud Computing 50:37

Module Intro
0:47

Cloud Storage
2:23

Cloud Computing
1:40

"X" as a Service
0:38

Infrastructure as a Service (IaaS)
1:42

IaaS and Automation
1:31

Platform as a Service (PaaS)
1:51

Software as a Service (SaaS)
1:12

IaaS, PaaS, and SaaS Differentiators
0:58

Types of Clouds
0:58

Managed Service Providers (MSP)
4:21

Fog Computing
2:42

Edge Computing
0:32

VDI
4:10

Virtualization
4:10

Containers
5:54

Microservices and APIs
3:47

Infrastructure as Code (IAC)
0:48

Software Defined Networking (SDN)
1:00

Software Defined Visibility (SDV)
0:43

Serverless Architecture
1:48

IaaS, PaaS, FaaS, and SaaS Differentiators
0:59

Service Integrations and Resource Policies
1:31

Transit Gateway
0:44

VM Sprawl Avoidance
1:42

VM Escape
1:29

Module Review
0:37
Chapter 4 15 Lessons Implementing Secure Application Development, Deployment, and Automation 32:53

Module Intro
0:56

Environments (Dev, Test, Staging, and Production)
3:31

Environment Example
2:13

Provisioning and Deprovisioning
2:21

Integrity Measurement
1:52

Static Code Analysis
2:09

Secure Coding Techniques
6:28

Security Automation
2:26

Continuous Monitoring and Validation
1:23

Continuous Integration
1:41

Continuous Delivery and Continuous Development
2:06

OWASP
0:35

Software Diversity, Compiler, and Binary
1:33

Elasticity and Scalability
1:08

Version Control
2:31
Chapter 5 28 Lessons Understanding Authentication and Authorizations Methods 31:35

Module Intro
0:47

Directory Services
1:46

Usernames
0:55

Federation
0:59

Transitive Trust / Authentication
1:12

Attestation
0:41

Time-Based One-Time Password (TOTP)
1:32

HMAC-Based One-Time Password (HOTP)
0:48

SMS Authentication
0:57

Tokens
1:09

Static Codes
0:45

Authentication Applications
1:01

Push Notifications
0:57

Smart Cards
0:59

Proximity Cards
1:20

Personal Identification Verification Card (PIV)
0:46

Common Access Card
0:45

Biometric Factors
1:04

Facial Recognition
1:32

Vein and Gait Analysis
1:39

Efficacy Rates
1:09

Identification vs. Authentication vs. Authorization
1:13

Multifactor Authentication
1:05

Authentication Factors
1:07

Authorization
0:59

Authentication Factors
1:07

Authentication, Authorization, and Accounting (AAA)
0:45

On-prem vs. Cloud Requirements
2:36
Chapter 6 21 Lessons Implementing Cybersecurity Resilience 36:50

Module Intro
2:14

Geographically Disperse
0:47

Geographical Dispersal of Assets
1:14

RAID
2:49

Multipath
2:07

Load Balancer
1:08

Power Resiliency
1:58

Replication
1:53

On-prem vs. Cloud
1:35

Backup Plans / Policies
1:05

Backup Execution / Frequency
1:11

Backup Types
3:15

Backup Environments
1:18

Online vs. Offline Backups
1:28

Backups - Distance Considerations
2:02

Non-persistence, Snapshots, and Live Boot Media
2:03

High Availability
2:15

Redundancy
1:35

Fault Tolerant Hardware
0:46

Technology and Vendor Diversity
1:35

Crypto and Control Diversity
2:32
Chapter 7 21 Lessons Recognizing Security Implications of Embedded and Specialized Systems 36:55

Module Intro
1:10

Module Goal
1:18

Embedded Systems
0:55

Embedded Systems Examples
1:42

SCADA / ICS
4:12

SCADA Security Concerns
2:54

Smart Devices / IoT
2:09

Smart Devices / IoT Weak Defaults
1:01

Special Purpose Devices
1:02

Vehicles
1:28

Voice over IP (VoIP)
2:10

HVAC
2:27

Aircraft/UAV
1:45

Printers/MFDs
2:03

Real Time Operating Systems (RTOS)
0:51

Surveillance Systems
1:33

System on a Chip (SoC)
1:10

5G Networks and Security Concerns
1:32

Narrow-band and Baseband Radio
0:43

Zigbee
2:25

Constraints
2:25
Chapter 8 32 Lessons Understanding the Importance of Physical Security Controls 47:27

Module Intro
0:47

Barricades
1:04

Mantraps
0:43

Badges
1:47

Alarms
1:31

Lighting and Signs
1:39

Cameras and Video Surveillance
1:33

Guards
0:41

Robot Sentries
1:20

Reception
0:45

Two Person Integrity (TPI) / Control
0:44

Hardware Locks
0:48

Biometrics
0:52

Cable Locks, Safes, and Locking Cabinets
1:20

USB Data Blocker
1:10

Fencing
1:27

Fire Suppression
2:52

Motion Detection / Infrared
0:48

Proximity Readers
1:08

Drones / UAV
0:55

Logs
0:47

Air Gaps
3:10

Demilitarized Zone (DMZ)
4:06

Protected Distribution System (PDS)
4:01

Hot and Cold Aisles
2:33

Non-Digital and Digital Data Destruction
1:28

Shredding
0:50

Pulping and Pulverizing
1:18

Deguassing
1:33

Purging
0:40

Wiping
2:31

Module Review
0:36
Chapter 9 29 Lessons Understanding the Basics of Cryptographic Concepts 56:59

Module Intro
0:41

Why You Should Care
0:48

Cryptographic Terminology and History
3:32

Vigenere Table
3:22

Digital Signatures
1:25

Key Stretching
3:24

Hashing
2:12

In-band vs. Out-of-band Key Exchange
1:28

Elliptic Curve Cryptography (ECC)
1:10

Perfect Forward Secrecy
1:09

Quantum Communications
3:15

Quantum Computing
1:17

Post Quantum
1:02

Ephemeral Key
0:42

Cipher Modes
0:38

XOR Function
1:06

Cryptographic Methods and Design
3:41

Blockchain
3:58

Fundamental Differences and Encryption Methods
2:24

Session Keys
0:54

Asymmetric Encryption
3:28

Lightweight Encryption
0:53

Steganography
2:14

Homomorphic Encryption
2:03

Common Use Cases
3:45

Cipher Suites
1:47

Limitations
2:25

Random and Pseudorandom Number Generators (PRNG)
1:10

Quantum Random Number Generators (QRNG)
1:06

Practice alongside courses in Cloud Playground

What is Cloud Playground? Cloud Playground lets you build skills in real-world AWS, Google Cloud, and Azure environments. Spin up risk-free Sandboxes, Servers and Terminals and follow along with courses, test a new idea or prepare for exams.

Architecture and Design for CompTIA Security+

About the course

Course Overview

Module Intro

Configuration Management

Diagrams

Baseline Configuration

IP Address Schema

Data Sovereignty

Data Loss Prevention (DLP)

Types of Data to Secure

Data Masking

Tokenization

Digital Rights Management (DRM)

Hardware Based Encryption (TPM and HSM)

Geographical Considerations

Cloud Access Security Broker (CASB)

Security-as-a-Service (SECaaS)

Differences between CASB and SECaaS

Recovery

Secure Protocols and SSL/TLS Inspection

Hashing

API Considerations and API Gateways

Recovery Site Options (Cold, Warm, Hot, and Cloud-based Sites)

Disaster Area Example

Honeypots and Honeyfiles

Honeynets

Fake Telemetry

DNS Sinkhole

Module Intro

Cloud Storage

Cloud Computing

"X" as a Service

Infrastructure as a Service (IaaS)

IaaS and Automation

Platform as a Service (PaaS)

Software as a Service (SaaS)

IaaS, PaaS, and SaaS Differentiators

Types of Clouds

Managed Service Providers (MSP)

Fog Computing

Edge Computing

VDI

Virtualization

Containers

Microservices and APIs

Infrastructure as Code (IAC)

Software Defined Networking (SDN)

Software Defined Visibility (SDV)

Serverless Architecture

IaaS, PaaS, FaaS, and SaaS Differentiators

Service Integrations and Resource Policies

Transit Gateway

VM Sprawl Avoidance

VM Escape

Module Review

Module Intro

Environments (Dev, Test, Staging, and Production)

Environment Example

Provisioning and Deprovisioning

Integrity Measurement

Static Code Analysis

Secure Coding Techniques

Security Automation

Continuous Monitoring and Validation

Continuous Integration

Continuous Delivery and Continuous Development

OWASP

Software Diversity, Compiler, and Binary

Elasticity and Scalability

Version Control

Module Intro

Directory Services

Usernames

Federation

Transitive Trust / Authentication

Attestation

Time-Based One-Time Password (TOTP)

HMAC-Based One-Time Password (HOTP)

SMS Authentication