想报名参加Security+spss认证考试报名,有好的培训地方推荐吗?
点击联系发帖人
时间:2017-10-18 04:29
行业解决方案
通用解决方案
安全解决方案
大数据解决方案
DevOps解决方案
数加 · 人工智能
数加 · 大数据应用
数加 · 大数据分析及展现
数加 · 大数据基础服务
安全解决方案
安全服务 · 先知
建议与反馈
售前咨询 95187转1
[{"name":"noesc"},{"name":"haveecs"},{"name":"haverds"},{"name":"moren"}]
[{"result":"newproducttest","association":"not_effective","is_ecs_retain":"0","longTailUser":"false"},{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"noesc","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"},{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"}],"user_cat_level1":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"is_ecs_retain":"0","user_cat_name_level1":[{"网站":"false","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"false","能源/交通运输/生产制造":"false","移动APP":"false","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"is_rds_retain":"1","lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"haverds","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"}],"user_cat_level1":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_cat_name_level1":[{"网站":"false","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"false","能源/交通运输/生产制造":"false","移动APP":"false","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"result":"haveecs","association":"not_effective","is_ecs_retain":"1","longTailUser":"false"},{"result":"moren","association":"not_effective","reg_days":"999999","longTailUser":"false"}]
[{"name":"haveecs"},{"name":"haverds"},{"name":"websiteit"},{"name":"personal"}]
[{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"websiteit","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"},{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[],"user_cat_level1":[{"0":"true","1":"false","2":"false","tce_rule_count":"1"}],"user_cat_name_level1":[{"网站":"true","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"true","能源/交通运输/生产制造":"false","移动APP":"true","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"result":"haveecs","customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"association":"not_effective","is_ecs_retain":"1","longTailUser":"false"},{"result":"haverds","is_rds_retain":"1","association":"not_effective","longTailUser":"false"},{"result":"personal","customer_type":[{"0":"true","1":"false","tce_rule_count":"1"}],"association":"not_effective","longTailUser":"false"}]
认证的价值
拥有具备阿里云技术认证的技术人员,提升在阿里云上的技术服务能力
获得阿里云技术认证的员工,可以优化架构在阿里云之上的 应用,节省成本、高效运维
公司整体技术能力水平的体现
参加培训和获得认证的过程可提升您的技术能力
获得阿里云技术认证可以证明您在云计算领域的专业能力
可获得更多的就业机会
根据角色、技术掌握难度进行认证选择
考试通过获得认证
完成申请认证考试,考试成绩达到认证考试分数后进行相应认证证书的核发
认证有效期
获得认证2年内为有效期(电子证书)
阿里云已有认证
证书:阿里云云计算专业认证(ACP)
建议学习的课程
证书:阿里云大数据专业认证(ACP)
建议学习的课程我们的服务
您还没有搜索过这里
厚学股票代码:836425
咨询服务电话:
当前行业学校火热入驻中,如果您有开设相关课程,&
Security+认证
课程人气:32
移动客户端下载:
咨询电话:
参考价格:&电话咨询
想学什么:
中关村南大街2号数码大厦A2906
【课程简介】
Security+ 认证简介Security+ 认证是一种中立第三方认证,其发证机构为美国计算机行业协会&CompTIA ;是和CISSP、ITIL等共同包含在内的国际IT业10大热门认证之一,和CISSP偏重信息安全管理相比,Security+认证更偏重信息安全技术和操作,Security+认证考试包括选择题和实践题(要求您在模拟环境下进行实践)。通过该认证证明了您具备网络安全,合规性和操作安全,威胁和漏洞,应用程序、数据和主机安全,访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易,含金量较高,目前已被全球企业和安全专业人士所普遍采纳。获得&COMPTIA SECURITY+&认证的专业人员胜任如下职业:o 安全架构师o 安全工程师o 安全顾问o 安全或系统管理员o 信息技术员Security+ 认证报考条件CompTIA Security+ 认证适用于符合以下条件的&IT&安全专业人士:o 信息安全、计算机等相关专业在读本科及往届毕业生;o&企业&信息安全技术、IT运维等从业人员;o&高校老师等从事IT相关工作人员。&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Security+ 培训方案为了全面提升教学质量,突出实践能力的培养,本次培训将采用先进的O2O(线上线下相结合)教学方式:先通过线上学习达到预习目的,掌握基础知识;再通过线下课程现场培训,让老师以理论为辅,实践为主的教学理念教学,用实际操作让理论知识落地;通过网络直播形式对学员答疑解惑,让学习时间更灵活,学习内容更充分,降低学员的学习成本,使学员快速掌握知识技能,实现高标准的教学体系。&&&&&&&&&&&&&&&&&&&&&&培训方式分三个步骤Security+ 培训报名须知培训日期:请与谷安天下培训顾问确认培训地点:北京、上海、深圳、广州等地费用总计:&5500&元&+1500&元&=7000&元&/&人培训费用:5500&元&/&人考试费用:1500&元&/&人结业证书:经谷安考核合格者将获得《Security+&培训结业书》 &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&谷安天下账户信息:&&&&&&&&帐户名称:北京谷安天下科技有限公司&&&&&&&&开户银行:北京银行航天支行&&&&&&&&帐&号: &&&Security+ 认证考试解读CompTIA Security+ 已获得&ISO 17024 国际标准认证(人员认证认可),并因此相应地定期审查和更新考试大纲。下表所列的是本版考试的范围,这是根据专家主题研讨的结论以及对拥有两年工作经验的具备相关信息安全专业知识和技能的企业人员的调查而修订的。本考试大纲包含各领域所占的百分比、测试目标和示例内容。这里给出了主题和概念作为示例用以明确考试目标,但其不应该被误读为是考试全部内容的完整列表。考试注意事项:考试形式:Pearson VUE&考试中心机考,中/英文(中文考试于号开始执行),考试需要提前一周预约,预约时间为工作日即可。考试题型:考试时间90分钟,总分900分(750分通过),90道题目,题型有单选、多选以及模拟实验环境操作。考试地点:保定、北京、长春、长沙、成都、重庆、大连、东莞、都匀、福州、广州、桂林、贵阳、海口、杭州、哈尔滨、合肥、淮安、济南、昆明、昆山、廊坊、兰州、柳州、南昌、南京、南宁、青岛、泉州、上海、韶关、绍兴、沈阳、深圳、石家庄、苏州、太原、唐山、天津、乌鲁木齐、威海、温州、武汉、无锡、厦门、西安、徐州、扬州、烟台、银川、郑州、珠海、淄博 安全领域考试占百分比1.0Network Security 网络安全21%2.0Compliance and Operational Security 合规与运维安全18%3.0Threats and Vulnerabilities 威胁与漏洞21%4.0Application, Data and Host Security 应用、数据和主机安全16%5.0Access Control and Identity Management 访问控制与身份管理13%6.0 Cryptography 密码学11%合计 Security+认证维持办法&以下三种方法可以实现证书更新,维持您的Security+证书。1、获得更高一级CompTIA认证证书,原有证书自动更新。&&例如:获得CompTIA CSA+认证证书,&&&&&&CompTIA Security+认证证书自动更新。2、在CompTIA证书三年有效期内,三年共提交50个CE学分和150美金证书维持费用后,证书将自动更新。&&&&&可以形成CE学分的活动可分为两大类:(1)培训和教育:参加培训课程、参加IT技术Webinar、 参加IT行业大会(2)工作经验:专业IT技术工作经验。&&&&所有CE学分须登陆CompTIA自助系统提交。3、通过该认证的新版认证考试或者通过该认证更新部分的考试。例如:通过CompTIASecurity+(SY0-&&402)认证考试或CompTIA Security+(SY0-402)认证更新考试,您的CompTIA Security+(SY0-&401)认证证书将获得更新。&&获得&Security+&认证证书的好处好处&1:在增长最快的一个&IT&领域发展您的技能并成为您的雇主的宝贵人才,晋升机会大。好处&2:由于安全威胁越来越大,您进入的领域,是一个任何&IT&行业内安全专业人员和合格&IT&人员需求量的领域,行业前景好。好处&3:凭借经过&Security+&认证的知识和技能享受丰厚回报。一些安全专业人员、架构师和工程师的年薪超过&86,000&美元,薪资水平高。好处&4:美国国防部高度重视&Security +&认证,因此将其纳&8570.01-M&指令。中国各大企业也逐渐开始高度重视&Security +&认证,并逐渐开始培养&Security +&人才,持有&Security +&证书人才的职业发展前景无限好。好处&5:Security+&是全球认可的认证证书,获得&Security+认证的专业人员遍布全球&147 个国家&/ 地区。助&&&&&&&&&&&&&&&&&&&&&&&您成为国际信息安全专业人才。&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&Security+教材、讲义以及习题&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&Security+认证证书样本&Security+认证考纲SY0-401及培训内容&&详细内容见附件&1
&附件&1Security+ 认证考纲&SY0-401 及培训内容1.0&NETWORK SECURITY 网络安全&1.1&Implement security configuration parameters on network devicesand other technologies. 在网络设备和其他设备上实施安全配置参数 &&&&&&Firewalls&&&防火墙&Routers&&&路由器Switches&&&交换机&Load Balancers&&&负载均衡Proxies&&&代理Web security gateways Web &&&&&&&&&安全网关VPN concentrators VPN&&&网关NIDS and NIPS网络入侵检测与网络入侵防范Protocol analyzers协议分析仪Spam filter垃圾邮件过滤UTM security appliances统一威胁管理&&&&&&&Web application firewall vs. network firewallWeb&应用防火墙与网络防火墙Application aware devices&应用端设备 1.2&Given a scenario, use secure network administration principles.&给定一个场景,应用安全网络管理原则 Rule-based management 基于规则的管理Firewall rules 防火墙规则VLAN management VLAN 管理Secure router configuration &&&&&&&&&&&&&&安全路由配置Access control lists 访问控制列表Port Security 端口安全802.1x 802.1xFlood guards流量攻击防护Loop protection环路保护Implicit deny默认拒绝Network separation网络隔离Log analysis日志分析Unified Threat Management统一威胁管理 &1.3&Explain network design elements and components.&解释网络设计的元素和组件 DMZ非军事化区&DMZSubnetting子网VLAN虚拟局域网NAT网络地址翻译Remote Access远程接入Telephony电话NAC网络接入控制&NACVirtualization&&&虚拟化Cloud Computing&&&云计算&&&&&&&&&Layered security / Defense in depth&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&分层安全&/&深度防御 1.4&Given a scenario, implement common protocols and services.&给定一个场景,实施通用的协议和服务Protocols协议Ports&&&&&&端口OSI relevanceOSI 相关1.5&Given a scenario, troubleshoot security issues related to wireless networking.&给定一个场景,对无线组网中的安全问题进行故障排查 WPAWPA2WEP EAP PEAP&LEAPMAC filter MAC 过滤Disable SSID broadcast 禁用&SSID&广播TKIP CCMPAntenna Placement Power level controls Captive portalsAntenna types Site surveys&&&&&&&&&VPN (over open wireless) 2.0 COMPLIANCE AND OPERATIONAL SECURITY合规与运维安全2.1 Explain the importance of risk related concepts. 解释风险相关概念的重要性 Control types&控制类型Probability / threat likelihoodFalse positives&误报可能性&/&威胁可能性False negatives&漏报Risk-avoidance, transference, acceptance,&&&&&&Importance of policies in reducing risk&&&&&&&&&&mitigation, deterrence&风险降低策略的重要性风险规避,转移,接受,降低,威慑Risk calculation&风险计算Risks associated with Cloud Computing andQuantitative vs. qualitative&&&&&&&&&Virtualization云计算与虚拟化相关的风险&定量&vs.&定性Recovery time objective and recovery point&Vulnerabilities&漏洞&&&&&&&&&&objective恢复时间目标与恢复点目标Threat vectors&威胁 &2.2&Summarize the security implications of integrating systems and data with third parties. 总结与第三方集成系统与数据的安全含义 &&&&&&&On-boarding/off-boarding business partners&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&驻场&/&场外的业务合作伙伴&&&&&&&Social media networks and/or applications&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&社交媒体网络与应用Interoperability agreements&&&&&&&互操作协议Privacy considerations&&&&&&&&&&隐私考虑Risk awareness&&&&&&&&&&风险意识Unauthorized data sharing&非数据共享Data ownership 数据所有权Data backups 数据备份Follow security policy and procedures遵从安全策略与程序Review agreement requirements to verify compliance and performance审核协议需求来确认合规性与性能standards 标准
2.3&Given a scenario, implement appropriate risk mitigation strategies.&给定一个场景,实施正确的风险降低策略Change management&&&&&&&&&&&&变更管理Enforce policies and procedures to preventIncident management&&&&&&&&&&&&事件管理data loss or theft&&&&&User rights and permissions reviews &&&&&&&用户权限审核&&&&&&加强策略和程序来阻止数据的损失或失窃Perform routine audits&&&&&&执行日常审计Enforce technology controls &&&&&&&&&&加强技术控制2.4&Given a scenario, implement basic forensic procedures.&给定一个场景,实施基本的程序 Order of volatility&&&&&&波动的顺序Capture system image&&&获取系统镜像&&&&&Network traffic and logs网络流量与日志Capture video&&&获取视频录像Record time offset&&&记录时间偏离Take hashes&&&进行哈希校验Screenshots 截屏Witnesses 目击者Track man hours and expense跟踪记录人员时间和花费Chain of custody &证据链Big Data analysis &大数据分析 2.5&Summarize common incident response procedures.&总结通用的事件响应程序 &&&&&Preparation 准备&&&&&Incident identification 事件识别&&&&&Escalation and notification &&&&&&&&&&升级与通知Mitigation steps&&&&&&&&&缓解步骤Lessons learned&&&&&&&&&&经验学习Reporting&&&&&&&&&&&&&&&&汇报&&&&&Recovery/reconstitution procedures &&&&&&&&&&&&&&&&&恢复&/ 重建程序First responder&&&&&&&&&&&&&&&&&响应人Incident isolation&&&&&&&&&&&&&&&&&&&&事件隔离Data breach&&&&&&&&&&&&&&&&&&&&数据泄露&&&&&&Damage and loss control&&&&&&&&&&灾害与损失控制 2.6&Explain the importance of security related awareness and training.&解释安全相关意识和培训的重要性&&&&&&Security policy training and procedures&&&&&安全策略培训与程序Role-based training&&&&&基于角色的培训ersonally identifiable information&&&&&个人可识别信息Information classification&&&&&信息分级&&&&&Data labeling, handling and disposal&&&&&数据标签、处理与废弃&&&&&Compliance with laws, best practices and standards&&法律、实践与标准的合规User habits&&用户习惯&&&&&&New threats and new security trends/alerts&&新威胁与新安全趋势&/&警告Use of social networking and P2P&&社会工程和&P2P&的使用Follow up and gather training metrics to validate compliance and securityposture&遵从并收集培训度量来验证合&&&&规与安全&&&&态度2.7 Compare and contrast physical security and environmental controls.比较和对比物理安全环境控制Environmental controls环境控制Physical security物理安全Control types控制类型2.8 Summarize risk management best practices. 总结风险管理的实践Business continuity concepts业务连续性概念Fault tolerance容错Disaster recovery concepts灾难恢复概念2.9&Given a scenario, select the appropriate control to meet the goals of security.&给定一个场景,选择合适的控制来满足安全目标Confidentiality机密性&&&Integrity完整性&&&Availability可用性&&&Safety场所安全 3.0 &THREATS AND VULNERABILITIES &&威胁与漏洞3.0 THREATS AND VULNERABILITIES 威胁与漏洞3.1 Explain types of malware. 解释各种恶意软件Adware恶意广告软件Logic bomb逻辑炸弹Virus病毒Botnets僵尸网络Spyware间谍软件Ransomware勒索Trojan木马Polymorphic malware多态恶意软件Rootkits黑客&root&工具Armored virus武装病毒Backdoors后门3.2 Summarize various types of attacks. 总结不同类型的攻击 Man-in-the-middle中间人攻击DDoS分布式拒绝服务DoS拒绝服务Replay重放Smurf attackSmurf 攻击Spoofing欺骗Spam垃圾邮件Phishing钓鱼Vishing电话欺骗Spear phishing鱼叉式钓鱼Xmas attack圣诞攻击Pharming网址嫁接Privilege escalation提权Malicious insider threat恶意内部威胁&&&&&&&&&&DNS poisoning and ARP poisoning&&&&&&&&&&&&&&DNS 投毒与&ARP 投毒ransitive access&&&&&&&&&&&传递访问Client-side attacks&&&&&&&&&&&客户端攻击Password attacks&&&&&&&&&&&密码攻击Typo squatting/URL hijacking&&&&&&&&&&蓄意错误&/URL 劫持Watering hole attack&&&&&&&&&&&水坑攻击& 3.3&ummarize social engineering attacks and the associated effectiveness with each attack. 总结社会工程攻击和相关每个攻击的有效性Shoulder surfing肩窥Hoaxes恶作剧Dumpster diving垃圾搜寻Whaling捕鲸式Tailgating尾随Vishing电话欺骗Impersonation扮演Principles (reasons for effectiveness)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&原则(有效性的原因)
3.4 Explain types of wireless attacks. 解释无线攻击的类型Rogue access points虚假接入点IV attackIV 攻击amming/Interference干扰Packet sniffing包窃听Evil twinNear field communication近场通信War drivingReplay attacks重放攻击Bluejacking蓝劫WEP/WPA attacksWEP/WPA 攻击BluesnarfingWPS attacksWPS 攻击&&&&&&&&War chalking3.5 Explain types of application attacks. 解释应用攻击的类型Cross-site scripting&&&&&&&&&&&&&&&&&跨站脚本Zero-day&&&&&&零日攻击SQL injection&&&&&&&&&&&&&&&&&&&&&&&SQL 注入Cookies and attachmentsCookie 和附件LDAP injection&&&&&&&&&&&LDAP 注入LSO (Locally Shared Objects)本地共享目标XML injection&&&&&&&&&&&&&&&&&&&&&&XML 注入Flash Cookies&&&Flash CookiesDirectory traversal/command injectionMalicious add-ons&&&&&&&恶意附加目录遍历&/&命令注入Session hijacking&&&&&&&会话劫持Buffer overflow&&&&&&&&缓冲区溢出Header manipulation&&&&协议头注射&&Integer overflow整数溢出Arbitrary code execution / remote code execution&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&任意代码执行&/&远程代码执行3.6&Analyze a scenario and select the appropriate type of mitigation and deterrent techniques. 分析一个场景,并选择合适的风险降低和威慑技术 Monitoring system logs监控系统日志Reporting报告Hardening加固Detection controls vs. prevention controlsNetwork security网络安全检测性控制与预防性控制Security posture安全态度3.7&Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities. 给定一个场景,使用合适的工具和技术来发现安全威胁和漏洞Interpret results of security assessment toolsRisk calculations风险计算解释安全评估工具的结果Assessment types评估类型Tools工具Assessment technique评估技术 3.8&Explain the proper use of penetration testing versus vulnerability scanning.&解释如何正确使用渗透测试与漏洞扫描Penetration testing渗透测试White box白盒Vulnerability scanning漏洞扫描Gray box灰盒Black box黑盒4.0&APPLICATION, DATA AND HOST SECURITY&应用、数据和主机安全&&&4.0&Explain the importance of application security controls and techniques.&解释应用安全控制盒技术的重要性Fuzzing模糊测试Secure coding concepts安全编码的概念Cross-site scripting prevention跨站脚本防范&&&&&&Cross-site Request Forgery (XSRF) prevention跨站请求伪造防范&&&&&&Application configuration baseline (proper settings) &&&&&&&&&&&&&&&&&&&&&&应用配置基线(正确的设置)Application hardening应用加固Application patch management应用补丁管理&&&&&&NoSQL databases vs. SQL databasesNoSQL 数据库&vs. SQL 数据库&&&&&&Server-side vs. Client-side validation服务器端&vs.&客户端验证 4.2 Summarize mobile security concepts and technologies. 总结移动安全的概念与技术Device security设备安全Application security应用安全BYOD concernsBYOD 的考虑4.3&Given a scenario, select the appropriate solution to establish host security.&给定一个场景,选择合适的方案来建立主机安全&&&&&&&&&&Operating system security and settings操作系统安全和设置OS hardening操作系统加固Anti-malware防恶意软件Patch management补丁管理&&&&&&&&&&White listing vs. black listing applications白名单与黑名单应用Trusted OS可信操作系统Host-based firewalls基于主机的防火墙Host-based intrusion detection基于主机的入侵检测Hardware security硬件安全Host software baselining主机软件基线Virtualization虚拟化4.4&Implement the appropriate controls to ensure data security.&实施合适的控制来数据安全Cloud storage&&&云存储SAN&&存储网络Handling Big Data&&处理大数据Data encryption&&数据加密&&&&&&&&&&Hardware based encryption devices&&基于硬件的加密设备&&&&&&&&&&Data in-transit, Data at-rest, Data in-use传输、存储、使用中的数据Permissions/ACL权限&/&访问控制列表Data policies数据策略4.5&Compare and contrast alternative methods to mitigate security risks in static environments. 对比比较不同的在静态环境中降低风险的方法Environments 环境Methods 方法 5.0&ACCESS CONTROL AND IDENTITY MANAGEMENT&访问控制与身份管理5.1&Compare and contrast the function and purpose of authentication services.&比较和对比认证服务的功能和目标RADIUSLDAPACACS+XTACACSKerberosSAMLSecure LDAP5.2&Given a scenario, select the appropriate authentication, authorization or access control. 给定一个场景,选择合适的认证、或访问控制&&&&&&&&Identification vs. authentication vs. authorization识别、认证、AuthorizationAuthentication认证Authentication factors认证因素Identification识别Federation联盟Transitive trust/authentication信任传递&/&认证5.3&Install and configure security controls when performing account management, based on best practices. 在实行账号管理时,基于实践,安装和配置安全控制&&&&&&&&&Mitigate issues associated with users with multiple account/roles and/or shared accounts减少与多账号&/&多角色&/&共享账号相关的用户的问题Account policy enforcement账号策略实现Group based privileges基于组的权限User assigned privileges用户分配权限User access reviews用户访问审核Continuous monitoring持续监控 6.0 &CRYPTOGRAPHY 密码学&6.1 &&&&Given a scenario, utilize general cryptography concepts.&&&&&&&&&&&&&给定一个场景,使用通用密码学概念Symmetric vs. asymmetric对称与非对称Session keys会话密钥&&&&&&&&&In-band vs. out-of-band key exchange带内与带外密钥交换&&&&&&&&&Fundamental differences and encryption methods基本差异与加密方法Transport encryption传输加密Non-repudiation抗抵赖Hashing哈希Key escrow密钥托管Steganography隐写术Digital signatures数字签名&&&&&&&&Use of proven technologies证明技术的使用&&&&&&&&&Elliptic curve and quantum cryptography&&&椭圆曲线与量子密码学Ephemeral key一次性密钥Perfect forward secrecy完美向前保密 6.2&Given a scenario, use appropriate cryptographic methods.&给定一个场景,使用合适的密码学方法 MD53DESSHAHMACRIPEMDRSAAESDiffie-HellmanDESRC4&&&&&&&&WEP vs. WPA/WPA2 and preshared key&&&&&&&&Comparative strengths and performance of&&&&&&&&Algorithm&&&&&&&&&&&&&&&&&&&&&&&对比算法的长度和性能One-time padsTwoFishNTLMDHENTLMv2ECDHEBlowfishCHAPPGP/GPGPAP&&&&&&&&&&Use of algorithms/protocols with transport&&&&encryption传输加密使用的算法和协议Cipher suites&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&算法簇Key stretching&&&&&&&&&&&&&&&&&&&&&&&&&&&&密钥弹性 6.3&Given a scenario, use appropriate PKI, certificate management and associated components. 给定一个场景,使用合适的&PKI,证书管理和相关组件&&&&&&&&Certificate authorities and digital certificatesPublic key公钥&&&CA 和数字证书Private key私钥PKI&&&公钥基础设施Registration注册Recovery agent&&&&&&&&&&恢复代理Key escrow密钥托管Trust models信任模型
谷安培训事业部以满足客户实际培训需求为目标,以提供优质培训服务为宗旨,以定位高端、与时俱进以及案例教学为特色,主要服务于政府、金融、电信、移动等重要行业。谷安拥有一套完善成熟的信息安全培训体系和授课质量服务体系,培训内容涵盖信息安全意识、信息安全技术、信息安全理论、以及CISA、CISSP、CISP、ISO27001LA等国际、国内认证。 谷安培训事业部在信息安全与IT审计培训方面名师云集,他们不但授课经验丰富、而且具有长期的实际工作经验以及拥有CISSP、CISA、BS7799LA、CISP等信息安全相关国际和国内认证认可的资质,能把理论和实践完美结合后传授给学员,既有利于学员顺利通过考试又有利于其工作。谷安培训事业部成立时间虽然短暂,但是培训过的学员已经遍及整个中国和跨越了不同行业,在短短的不到一年时间里,谷安的CISSP、CISA公开课培训以其灵活方便的开课时间、雄厚者的师资力量、优质的教学和服务深得客户欢迎,发展势头迅猛,已经成为业内的培训领头羊。而谷安CISA、CISSP等培训以其以及优质的售后服务深得客户称赞,在业内享有盛誉!
中关村南大街2号数码大厦A2906
查询学校路线
选择出行方式:
出发地点:
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:14
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:11
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:9
个性定制课程
周一至周日
08:00-21:30}
通用解决方案
安全解决方案
大数据解决方案
DevOps解决方案
数加 · 人工智能
数加 · 大数据应用
数加 · 大数据分析及展现
数加 · 大数据基础服务
安全解决方案
安全服务 · 先知
建议与反馈
售前咨询 95187转1
[{"name":"noesc"},{"name":"haveecs"},{"name":"haverds"},{"name":"moren"}]
[{"result":"newproducttest","association":"not_effective","is_ecs_retain":"0","longTailUser":"false"},{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"noesc","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"},{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"}],"user_cat_level1":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"is_ecs_retain":"0","user_cat_name_level1":[{"网站":"false","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"false","能源/交通运输/生产制造":"false","移动APP":"false","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"is_rds_retain":"1","lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"haverds","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"},{"L0":"false","L1":"false","L2":"false","L3":"false","tce_rule_count":"1","L4":"false"}],"user_cat_level1":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_cat_name_level1":[{"网站":"false","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"false","能源/交通运输/生产制造":"false","移动APP":"false","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"result":"haveecs","association":"not_effective","is_ecs_retain":"1","longTailUser":"false"},{"result":"moren","association":"not_effective","reg_days":"999999","longTailUser":"false"}]
[{"name":"haveecs"},{"name":"haverds"},{"name":"websiteit"},{"name":"personal"}]
[{"customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"go_to_aboad_demand_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"lost_risk_score":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_tech_strength":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"association":"not_effective","aliyun_site_activity_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"main_browse_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"longTailUser":"false","result":"websiteit","user_dentity_des":[{"技术/运维":"false","技术部副负责人":"false","其它":"false","高级架构师":"false","tce_rule_count":"1","平台工程师":"false","站长":"false","CEO":"false","CEO (法人)":"false","项目负责人":"false","技术负责人":"false","财务负责人":"false","股东":"false","技术运维负责人":"false","运维负责人":"false","技术人员":"false"}],"new_user_ecs_buy_level":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"aliyun_prd_retain":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"prob_cal_level_churn":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}],"user_level_yun":[{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"},{"tce_rule_count":"1","V0":"false","V1":"false","V2":"false","V3":"false","V4":"false"}],"user_level":[],"user_cat_level1":[{"0":"true","1":"false","2":"false","tce_rule_count":"1"}],"user_cat_name_level1":[{"网站":"true","其它":"false","通讯社交":"false","tce_rule_count":"1","o2o":"false","金融":"false","IT与软件开发":"true","能源/交通运输/生产制造":"false","移动APP":"true","教育":"false","音视频":"false","医疗健康":"false","政府/事业单位":"false","游戏":"false","物联网":"false","电子商务":"false","旅游":"false"}],"interested_prd":[{"rds":"false","ecs":"false","mail":"false","vm":"false","domain":"false","tce_rule_count":"1","slb":"false","cdn":"false","oss":"false"}],"ecs_res_use_stage":[{"0":"false","1":"false","2":"false","tce_rule_count":"1"}]},{"result":"haveecs","customer_type":[{"0":"false","1":"false","tce_rule_count":"1"}],"association":"not_effective","is_ecs_retain":"1","longTailUser":"false"},{"result":"haverds","is_rds_retain":"1","association":"not_effective","longTailUser":"false"},{"result":"personal","customer_type":[{"0":"true","1":"false","tce_rule_count":"1"}],"association":"not_effective","longTailUser":"false"}]
认证的价值
拥有具备阿里云技术认证的技术人员,提升在阿里云上的技术服务能力
获得阿里云技术认证的员工,可以优化架构在阿里云之上的 应用,节省成本、高效运维
公司整体技术能力水平的体现
参加培训和获得认证的过程可提升您的技术能力
获得阿里云技术认证可以证明您在云计算领域的专业能力
可获得更多的就业机会
根据角色、技术掌握难度进行认证选择
考试通过获得认证
完成申请认证考试,考试成绩达到认证考试分数后进行相应认证证书的核发
认证有效期
获得认证2年内为有效期(电子证书)
阿里云已有认证
证书:阿里云云计算专业认证(ACP)
建议学习的课程
证书:阿里云大数据专业认证(ACP)
建议学习的课程我们的服务
您还没有搜索过这里
厚学股票代码:836425
咨询服务电话:
当前行业学校火热入驻中,如果您有开设相关课程,&
Security+认证
课程人气:32
移动客户端下载:
咨询电话:
参考价格:&电话咨询
想学什么:
中关村南大街2号数码大厦A2906
【课程简介】
Security+ 认证简介Security+ 认证是一种中立第三方认证,其发证机构为美国计算机行业协会&CompTIA ;是和CISSP、ITIL等共同包含在内的国际IT业10大热门认证之一,和CISSP偏重信息安全管理相比,Security+认证更偏重信息安全技术和操作,Security+认证考试包括选择题和实践题(要求您在模拟环境下进行实践)。通过该认证证明了您具备网络安全,合规性和操作安全,威胁和漏洞,应用程序、数据和主机安全,访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易,含金量较高,目前已被全球企业和安全专业人士所普遍采纳。获得&COMPTIA SECURITY+&认证的专业人员胜任如下职业:o 安全架构师o 安全工程师o 安全顾问o 安全或系统管理员o 信息技术员Security+ 认证报考条件CompTIA Security+ 认证适用于符合以下条件的&IT&安全专业人士:o 信息安全、计算机等相关专业在读本科及往届毕业生;o&企业&信息安全技术、IT运维等从业人员;o&高校老师等从事IT相关工作人员。&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Security+ 培训方案为了全面提升教学质量,突出实践能力的培养,本次培训将采用先进的O2O(线上线下相结合)教学方式:先通过线上学习达到预习目的,掌握基础知识;再通过线下课程现场培训,让老师以理论为辅,实践为主的教学理念教学,用实际操作让理论知识落地;通过网络直播形式对学员答疑解惑,让学习时间更灵活,学习内容更充分,降低学员的学习成本,使学员快速掌握知识技能,实现高标准的教学体系。&&&&&&&&&&&&&&&&&&&&&&培训方式分三个步骤Security+ 培训报名须知培训日期:请与谷安天下培训顾问确认培训地点:北京、上海、深圳、广州等地费用总计:&5500&元&+1500&元&=7000&元&/&人培训费用:5500&元&/&人考试费用:1500&元&/&人结业证书:经谷安考核合格者将获得《Security+&培训结业书》 &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&谷安天下账户信息:&&&&&&&&帐户名称:北京谷安天下科技有限公司&&&&&&&&开户银行:北京银行航天支行&&&&&&&&帐&号: &&&Security+ 认证考试解读CompTIA Security+ 已获得&ISO 17024 国际标准认证(人员认证认可),并因此相应地定期审查和更新考试大纲。下表所列的是本版考试的范围,这是根据专家主题研讨的结论以及对拥有两年工作经验的具备相关信息安全专业知识和技能的企业人员的调查而修订的。本考试大纲包含各领域所占的百分比、测试目标和示例内容。这里给出了主题和概念作为示例用以明确考试目标,但其不应该被误读为是考试全部内容的完整列表。考试注意事项:考试形式:Pearson VUE&考试中心机考,中/英文(中文考试于号开始执行),考试需要提前一周预约,预约时间为工作日即可。考试题型:考试时间90分钟,总分900分(750分通过),90道题目,题型有单选、多选以及模拟实验环境操作。考试地点:保定、北京、长春、长沙、成都、重庆、大连、东莞、都匀、福州、广州、桂林、贵阳、海口、杭州、哈尔滨、合肥、淮安、济南、昆明、昆山、廊坊、兰州、柳州、南昌、南京、南宁、青岛、泉州、上海、韶关、绍兴、沈阳、深圳、石家庄、苏州、太原、唐山、天津、乌鲁木齐、威海、温州、武汉、无锡、厦门、西安、徐州、扬州、烟台、银川、郑州、珠海、淄博 安全领域考试占百分比1.0Network Security 网络安全21%2.0Compliance and Operational Security 合规与运维安全18%3.0Threats and Vulnerabilities 威胁与漏洞21%4.0Application, Data and Host Security 应用、数据和主机安全16%5.0Access Control and Identity Management 访问控制与身份管理13%6.0 Cryptography 密码学11%合计 Security+认证维持办法&以下三种方法可以实现证书更新,维持您的Security+证书。1、获得更高一级CompTIA认证证书,原有证书自动更新。&&例如:获得CompTIA CSA+认证证书,&&&&&&CompTIA Security+认证证书自动更新。2、在CompTIA证书三年有效期内,三年共提交50个CE学分和150美金证书维持费用后,证书将自动更新。&&&&&可以形成CE学分的活动可分为两大类:(1)培训和教育:参加培训课程、参加IT技术Webinar、 参加IT行业大会(2)工作经验:专业IT技术工作经验。&&&&所有CE学分须登陆CompTIA自助系统提交。3、通过该认证的新版认证考试或者通过该认证更新部分的考试。例如:通过CompTIASecurity+(SY0-&&402)认证考试或CompTIA Security+(SY0-402)认证更新考试,您的CompTIA Security+(SY0-&401)认证证书将获得更新。&&获得&Security+&认证证书的好处好处&1:在增长最快的一个&IT&领域发展您的技能并成为您的雇主的宝贵人才,晋升机会大。好处&2:由于安全威胁越来越大,您进入的领域,是一个任何&IT&行业内安全专业人员和合格&IT&人员需求量的领域,行业前景好。好处&3:凭借经过&Security+&认证的知识和技能享受丰厚回报。一些安全专业人员、架构师和工程师的年薪超过&86,000&美元,薪资水平高。好处&4:美国国防部高度重视&Security +&认证,因此将其纳&8570.01-M&指令。中国各大企业也逐渐开始高度重视&Security +&认证,并逐渐开始培养&Security +&人才,持有&Security +&证书人才的职业发展前景无限好。好处&5:Security+&是全球认可的认证证书,获得&Security+认证的专业人员遍布全球&147 个国家&/ 地区。助&&&&&&&&&&&&&&&&&&&&&&&您成为国际信息安全专业人才。&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&Security+教材、讲义以及习题&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&Security+认证证书样本&Security+认证考纲SY0-401及培训内容&&详细内容见附件&1
&附件&1Security+ 认证考纲&SY0-401 及培训内容1.0&NETWORK SECURITY 网络安全&1.1&Implement security configuration parameters on network devicesand other technologies. 在网络设备和其他设备上实施安全配置参数 &&&&&&Firewalls&&&防火墙&Routers&&&路由器Switches&&&交换机&Load Balancers&&&负载均衡Proxies&&&代理Web security gateways Web &&&&&&&&&安全网关VPN concentrators VPN&&&网关NIDS and NIPS网络入侵检测与网络入侵防范Protocol analyzers协议分析仪Spam filter垃圾邮件过滤UTM security appliances统一威胁管理&&&&&&&Web application firewall vs. network firewallWeb&应用防火墙与网络防火墙Application aware devices&应用端设备 1.2&Given a scenario, use secure network administration principles.&给定一个场景,应用安全网络管理原则 Rule-based management 基于规则的管理Firewall rules 防火墙规则VLAN management VLAN 管理Secure router configuration &&&&&&&&&&&&&&安全路由配置Access control lists 访问控制列表Port Security 端口安全802.1x 802.1xFlood guards流量攻击防护Loop protection环路保护Implicit deny默认拒绝Network separation网络隔离Log analysis日志分析Unified Threat Management统一威胁管理 &1.3&Explain network design elements and components.&解释网络设计的元素和组件 DMZ非军事化区&DMZSubnetting子网VLAN虚拟局域网NAT网络地址翻译Remote Access远程接入Telephony电话NAC网络接入控制&NACVirtualization&&&虚拟化Cloud Computing&&&云计算&&&&&&&&&Layered security / Defense in depth&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&分层安全&/&深度防御 1.4&Given a scenario, implement common protocols and services.&给定一个场景,实施通用的协议和服务Protocols协议Ports&&&&&&端口OSI relevanceOSI 相关1.5&Given a scenario, troubleshoot security issues related to wireless networking.&给定一个场景,对无线组网中的安全问题进行故障排查 WPAWPA2WEP EAP PEAP&LEAPMAC filter MAC 过滤Disable SSID broadcast 禁用&SSID&广播TKIP CCMPAntenna Placement Power level controls Captive portalsAntenna types Site surveys&&&&&&&&&VPN (over open wireless) 2.0 COMPLIANCE AND OPERATIONAL SECURITY合规与运维安全2.1 Explain the importance of risk related concepts. 解释风险相关概念的重要性 Control types&控制类型Probability / threat likelihoodFalse positives&误报可能性&/&威胁可能性False negatives&漏报Risk-avoidance, transference, acceptance,&&&&&&Importance of policies in reducing risk&&&&&&&&&&mitigation, deterrence&风险降低策略的重要性风险规避,转移,接受,降低,威慑Risk calculation&风险计算Risks associated with Cloud Computing andQuantitative vs. qualitative&&&&&&&&&Virtualization云计算与虚拟化相关的风险&定量&vs.&定性Recovery time objective and recovery point&Vulnerabilities&漏洞&&&&&&&&&&objective恢复时间目标与恢复点目标Threat vectors&威胁 &2.2&Summarize the security implications of integrating systems and data with third parties. 总结与第三方集成系统与数据的安全含义 &&&&&&&On-boarding/off-boarding business partners&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&驻场&/&场外的业务合作伙伴&&&&&&&Social media networks and/or applications&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&社交媒体网络与应用Interoperability agreements&&&&&&&互操作协议Privacy considerations&&&&&&&&&&隐私考虑Risk awareness&&&&&&&&&&风险意识Unauthorized data sharing&非数据共享Data ownership 数据所有权Data backups 数据备份Follow security policy and procedures遵从安全策略与程序Review agreement requirements to verify compliance and performance审核协议需求来确认合规性与性能standards 标准
2.3&Given a scenario, implement appropriate risk mitigation strategies.&给定一个场景,实施正确的风险降低策略Change management&&&&&&&&&&&&变更管理Enforce policies and procedures to preventIncident management&&&&&&&&&&&&事件管理data loss or theft&&&&&User rights and permissions reviews &&&&&&&用户权限审核&&&&&&加强策略和程序来阻止数据的损失或失窃Perform routine audits&&&&&&执行日常审计Enforce technology controls &&&&&&&&&&加强技术控制2.4&Given a scenario, implement basic forensic procedures.&给定一个场景,实施基本的程序 Order of volatility&&&&&&波动的顺序Capture system image&&&获取系统镜像&&&&&Network traffic and logs网络流量与日志Capture video&&&获取视频录像Record time offset&&&记录时间偏离Take hashes&&&进行哈希校验Screenshots 截屏Witnesses 目击者Track man hours and expense跟踪记录人员时间和花费Chain of custody &证据链Big Data analysis &大数据分析 2.5&Summarize common incident response procedures.&总结通用的事件响应程序 &&&&&Preparation 准备&&&&&Incident identification 事件识别&&&&&Escalation and notification &&&&&&&&&&升级与通知Mitigation steps&&&&&&&&&缓解步骤Lessons learned&&&&&&&&&&经验学习Reporting&&&&&&&&&&&&&&&&汇报&&&&&Recovery/reconstitution procedures &&&&&&&&&&&&&&&&&恢复&/ 重建程序First responder&&&&&&&&&&&&&&&&&响应人Incident isolation&&&&&&&&&&&&&&&&&&&&事件隔离Data breach&&&&&&&&&&&&&&&&&&&&数据泄露&&&&&&Damage and loss control&&&&&&&&&&灾害与损失控制 2.6&Explain the importance of security related awareness and training.&解释安全相关意识和培训的重要性&&&&&&Security policy training and procedures&&&&&安全策略培训与程序Role-based training&&&&&基于角色的培训ersonally identifiable information&&&&&个人可识别信息Information classification&&&&&信息分级&&&&&Data labeling, handling and disposal&&&&&数据标签、处理与废弃&&&&&Compliance with laws, best practices and standards&&法律、实践与标准的合规User habits&&用户习惯&&&&&&New threats and new security trends/alerts&&新威胁与新安全趋势&/&警告Use of social networking and P2P&&社会工程和&P2P&的使用Follow up and gather training metrics to validate compliance and securityposture&遵从并收集培训度量来验证合&&&&规与安全&&&&态度2.7 Compare and contrast physical security and environmental controls.比较和对比物理安全环境控制Environmental controls环境控制Physical security物理安全Control types控制类型2.8 Summarize risk management best practices. 总结风险管理的实践Business continuity concepts业务连续性概念Fault tolerance容错Disaster recovery concepts灾难恢复概念2.9&Given a scenario, select the appropriate control to meet the goals of security.&给定一个场景,选择合适的控制来满足安全目标Confidentiality机密性&&&Integrity完整性&&&Availability可用性&&&Safety场所安全 3.0 &THREATS AND VULNERABILITIES &&威胁与漏洞3.0 THREATS AND VULNERABILITIES 威胁与漏洞3.1 Explain types of malware. 解释各种恶意软件Adware恶意广告软件Logic bomb逻辑炸弹Virus病毒Botnets僵尸网络Spyware间谍软件Ransomware勒索Trojan木马Polymorphic malware多态恶意软件Rootkits黑客&root&工具Armored virus武装病毒Backdoors后门3.2 Summarize various types of attacks. 总结不同类型的攻击 Man-in-the-middle中间人攻击DDoS分布式拒绝服务DoS拒绝服务Replay重放Smurf attackSmurf 攻击Spoofing欺骗Spam垃圾邮件Phishing钓鱼Vishing电话欺骗Spear phishing鱼叉式钓鱼Xmas attack圣诞攻击Pharming网址嫁接Privilege escalation提权Malicious insider threat恶意内部威胁&&&&&&&&&&DNS poisoning and ARP poisoning&&&&&&&&&&&&&&DNS 投毒与&ARP 投毒ransitive access&&&&&&&&&&&传递访问Client-side attacks&&&&&&&&&&&客户端攻击Password attacks&&&&&&&&&&&密码攻击Typo squatting/URL hijacking&&&&&&&&&&蓄意错误&/URL 劫持Watering hole attack&&&&&&&&&&&水坑攻击& 3.3&ummarize social engineering attacks and the associated effectiveness with each attack. 总结社会工程攻击和相关每个攻击的有效性Shoulder surfing肩窥Hoaxes恶作剧Dumpster diving垃圾搜寻Whaling捕鲸式Tailgating尾随Vishing电话欺骗Impersonation扮演Principles (reasons for effectiveness)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&原则(有效性的原因)
3.4 Explain types of wireless attacks. 解释无线攻击的类型Rogue access points虚假接入点IV attackIV 攻击amming/Interference干扰Packet sniffing包窃听Evil twinNear field communication近场通信War drivingReplay attacks重放攻击Bluejacking蓝劫WEP/WPA attacksWEP/WPA 攻击BluesnarfingWPS attacksWPS 攻击&&&&&&&&War chalking3.5 Explain types of application attacks. 解释应用攻击的类型Cross-site scripting&&&&&&&&&&&&&&&&&跨站脚本Zero-day&&&&&&零日攻击SQL injection&&&&&&&&&&&&&&&&&&&&&&&SQL 注入Cookies and attachmentsCookie 和附件LDAP injection&&&&&&&&&&&LDAP 注入LSO (Locally Shared Objects)本地共享目标XML injection&&&&&&&&&&&&&&&&&&&&&&XML 注入Flash Cookies&&&Flash CookiesDirectory traversal/command injectionMalicious add-ons&&&&&&&恶意附加目录遍历&/&命令注入Session hijacking&&&&&&&会话劫持Buffer overflow&&&&&&&&缓冲区溢出Header manipulation&&&&协议头注射&&Integer overflow整数溢出Arbitrary code execution / remote code execution&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&任意代码执行&/&远程代码执行3.6&Analyze a scenario and select the appropriate type of mitigation and deterrent techniques. 分析一个场景,并选择合适的风险降低和威慑技术 Monitoring system logs监控系统日志Reporting报告Hardening加固Detection controls vs. prevention controlsNetwork security网络安全检测性控制与预防性控制Security posture安全态度3.7&Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities. 给定一个场景,使用合适的工具和技术来发现安全威胁和漏洞Interpret results of security assessment toolsRisk calculations风险计算解释安全评估工具的结果Assessment types评估类型Tools工具Assessment technique评估技术 3.8&Explain the proper use of penetration testing versus vulnerability scanning.&解释如何正确使用渗透测试与漏洞扫描Penetration testing渗透测试White box白盒Vulnerability scanning漏洞扫描Gray box灰盒Black box黑盒4.0&APPLICATION, DATA AND HOST SECURITY&应用、数据和主机安全&&&4.0&Explain the importance of application security controls and techniques.&解释应用安全控制盒技术的重要性Fuzzing模糊测试Secure coding concepts安全编码的概念Cross-site scripting prevention跨站脚本防范&&&&&&Cross-site Request Forgery (XSRF) prevention跨站请求伪造防范&&&&&&Application configuration baseline (proper settings) &&&&&&&&&&&&&&&&&&&&&&应用配置基线(正确的设置)Application hardening应用加固Application patch management应用补丁管理&&&&&&NoSQL databases vs. SQL databasesNoSQL 数据库&vs. SQL 数据库&&&&&&Server-side vs. Client-side validation服务器端&vs.&客户端验证 4.2 Summarize mobile security concepts and technologies. 总结移动安全的概念与技术Device security设备安全Application security应用安全BYOD concernsBYOD 的考虑4.3&Given a scenario, select the appropriate solution to establish host security.&给定一个场景,选择合适的方案来建立主机安全&&&&&&&&&&Operating system security and settings操作系统安全和设置OS hardening操作系统加固Anti-malware防恶意软件Patch management补丁管理&&&&&&&&&&White listing vs. black listing applications白名单与黑名单应用Trusted OS可信操作系统Host-based firewalls基于主机的防火墙Host-based intrusion detection基于主机的入侵检测Hardware security硬件安全Host software baselining主机软件基线Virtualization虚拟化4.4&Implement the appropriate controls to ensure data security.&实施合适的控制来数据安全Cloud storage&&&云存储SAN&&存储网络Handling Big Data&&处理大数据Data encryption&&数据加密&&&&&&&&&&Hardware based encryption devices&&基于硬件的加密设备&&&&&&&&&&Data in-transit, Data at-rest, Data in-use传输、存储、使用中的数据Permissions/ACL权限&/&访问控制列表Data policies数据策略4.5&Compare and contrast alternative methods to mitigate security risks in static environments. 对比比较不同的在静态环境中降低风险的方法Environments 环境Methods 方法 5.0&ACCESS CONTROL AND IDENTITY MANAGEMENT&访问控制与身份管理5.1&Compare and contrast the function and purpose of authentication services.&比较和对比认证服务的功能和目标RADIUSLDAPACACS+XTACACSKerberosSAMLSecure LDAP5.2&Given a scenario, select the appropriate authentication, authorization or access control. 给定一个场景,选择合适的认证、或访问控制&&&&&&&&Identification vs. authentication vs. authorization识别、认证、AuthorizationAuthentication认证Authentication factors认证因素Identification识别Federation联盟Transitive trust/authentication信任传递&/&认证5.3&Install and configure security controls when performing account management, based on best practices. 在实行账号管理时,基于实践,安装和配置安全控制&&&&&&&&&Mitigate issues associated with users with multiple account/roles and/or shared accounts减少与多账号&/&多角色&/&共享账号相关的用户的问题Account policy enforcement账号策略实现Group based privileges基于组的权限User assigned privileges用户分配权限User access reviews用户访问审核Continuous monitoring持续监控 6.0 &CRYPTOGRAPHY 密码学&6.1 &&&&Given a scenario, utilize general cryptography concepts.&&&&&&&&&&&&&给定一个场景,使用通用密码学概念Symmetric vs. asymmetric对称与非对称Session keys会话密钥&&&&&&&&&In-band vs. out-of-band key exchange带内与带外密钥交换&&&&&&&&&Fundamental differences and encryption methods基本差异与加密方法Transport encryption传输加密Non-repudiation抗抵赖Hashing哈希Key escrow密钥托管Steganography隐写术Digital signatures数字签名&&&&&&&&Use of proven technologies证明技术的使用&&&&&&&&&Elliptic curve and quantum cryptography&&&椭圆曲线与量子密码学Ephemeral key一次性密钥Perfect forward secrecy完美向前保密 6.2&Given a scenario, use appropriate cryptographic methods.&给定一个场景,使用合适的密码学方法 MD53DESSHAHMACRIPEMDRSAAESDiffie-HellmanDESRC4&&&&&&&&WEP vs. WPA/WPA2 and preshared key&&&&&&&&Comparative strengths and performance of&&&&&&&&Algorithm&&&&&&&&&&&&&&&&&&&&&&&对比算法的长度和性能One-time padsTwoFishNTLMDHENTLMv2ECDHEBlowfishCHAPPGP/GPGPAP&&&&&&&&&&Use of algorithms/protocols with transport&&&&encryption传输加密使用的算法和协议Cipher suites&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&算法簇Key stretching&&&&&&&&&&&&&&&&&&&&&&&&&&&&密钥弹性 6.3&Given a scenario, use appropriate PKI, certificate management and associated components. 给定一个场景,使用合适的&PKI,证书管理和相关组件&&&&&&&&Certificate authorities and digital certificatesPublic key公钥&&&CA 和数字证书Private key私钥PKI&&&公钥基础设施Registration注册Recovery agent&&&&&&&&&&恢复代理Key escrow密钥托管Trust models信任模型
谷安培训事业部以满足客户实际培训需求为目标,以提供优质培训服务为宗旨,以定位高端、与时俱进以及案例教学为特色,主要服务于政府、金融、电信、移动等重要行业。谷安拥有一套完善成熟的信息安全培训体系和授课质量服务体系,培训内容涵盖信息安全意识、信息安全技术、信息安全理论、以及CISA、CISSP、CISP、ISO27001LA等国际、国内认证。 谷安培训事业部在信息安全与IT审计培训方面名师云集,他们不但授课经验丰富、而且具有长期的实际工作经验以及拥有CISSP、CISA、BS7799LA、CISP等信息安全相关国际和国内认证认可的资质,能把理论和实践完美结合后传授给学员,既有利于学员顺利通过考试又有利于其工作。谷安培训事业部成立时间虽然短暂,但是培训过的学员已经遍及整个中国和跨越了不同行业,在短短的不到一年时间里,谷安的CISSP、CISA公开课培训以其灵活方便的开课时间、雄厚者的师资力量、优质的教学和服务深得客户欢迎,发展势头迅猛,已经成为业内的培训领头羊。而谷安CISA、CISSP等培训以其以及优质的售后服务深得客户称赞,在业内享有盛誉!
中关村南大街2号数码大厦A2906
查询学校路线
选择出行方式:
出发地点:
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:14
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:11
价格:电话咨询
上课时间:全日制
授课老师:教务安排
课程人气:9
个性定制课程
周一至周日
08:00-21:30}
我要回帖
更多推荐
- ·请教大神如何用XLOOKUP在合并单元格中多sumif函数三个条件怎么填查找值??如下图 需要返回值85.95
- ·《蓝鸟与红鞋》画门红鞋子读后感100字?
- ·科学城个人如何做跨境电商商产业发展迅速,有哪些原因?
- ·新时代青年的使命与担当是什么人如何为构建人类命运共同体努力
- ·惠州市榕城惠州市商贸职业技术学校校的校园环境如何?有哪些特色?
- ·p2p投资理财有哪些p2p理财都是哪些人
- ·广百大通上虞大通商城购物中心心商铺直租优惠吗?
- ·什么叫企业管理网
- ·用 gini index 衡量当前我国财富分配不均不均的可能问题是什么
- ·spring securityy+认证考试费用高吗?
- ·已经知道地的阁楼面积如何计算是60平方,楼高3米,楼层2.5层,求房屋墙体总阁楼面积如何计算
- ·企业内部控制审计计与财务报表审计有哪些共同点
- ·17 jie1000 高危两周后检查还清 月收入2800
- ·私下交易比特币冷热钱包教学必须使用热钱包吗
- ·广百大通上虞大通商城购物中心心商铺租赁好不好?
- ·中国工商银行手机银行在哪
- ·公司专利管理制度有哪几种审批制度?中国采用哪一种
- ·求 股票通达信选股指标公式式 师傅把这个选股条件加上 连续出现这个买点大于3天 谢谢
- ·《金融时报 法国商学院》的商学院排名中为什么没有北大清华
- ·想报名参加Security+spss认证考试报名,有好的培训地方推荐吗?
- ·如何辨别小型混凝土搅拌站设备备的好坏
- ·这里的快递地址是什么址
- ·原材料价格下跌.人民币汇率变化趋势怎么变
- ·浦发银行美团点评卡viplus 美团点评25元权益怎么使用
- ·网贷银行存管删除了现在怎么办啊存款怎么存
- ·退小鸣单车押金逾期不退!退小鸣单车押金逾期不退!
- ·仙境传说永恒的爱apk守护永恒的爱平民玩家什么职业好
- ·天涯明月刀功力计算 全属性加35是多少功力
- ·神界原罪2队友怎么控制队友走路
- ·王者荣耀S9王者荣耀刘备出装顺序序 S9赛季刘备怎么出装介绍
- ·《僵丧尸围城游戏下载》
- ·王者荣耀皮肤特效排行周年限定皮肤技能特效什么花
- ·全民突击兵临城下电影国语高清技巧 地下有向前移动的指示怎样过去
