- 課程時間
- 課程簡介
- 課程特點
- 認證要求
- 考試須知
- 課程內容
課程優惠!現凡同時報讀以下四個課程:
即減 $1,400!報讀其中三個即減 $960!報讀其中兩個即減 $600!
|
推介服務:課堂錄影隨時睇 (在家觀看 = 0%,在校觀看 = 100%) 學員使用電話或本網頁報名,待本中心確認已為學員留位後,即可使用 繳付學費,過程簡便!
* 各政府部門可使用 P Card 付款
如使用 P Card 繳付考試費,考試費需另加 1.3% 附加費
推介服務:課堂錄影隨時睇 (在家觀看 = 50%,在校觀看 = 50%) 學員使用電話或本網頁報名,待本中心確認已為學員留位後,即可使用 繳付學費,過程簡便!
* 各政府部門可使用 P Card 付款
如使用 P Card 繳付考試費,考試費需另加 1.3% 附加費
注意! 客戶必須查問報讀學校的教育局註冊編號,以確認該校為註冊學校,以免蒙受不必要的損失!
CompTIA (The Computing Technology Industry Association) 於 1982 年成立,擁有超過 2,000 個國際級機構成員,3,000 個學術和合作夥伴,覆蓋了整個信息通信技術 (ICT) 行業,故 CompTIA 已經成為技術生態系統的主要領導者之一。
CompTIA Security+ 認證是一套中立的 (Vendor Neutral) 國際認證系統,它能確認您於 I.T. Security 的認識與各項資訊科技安全的技能,包括:
- 各種網絡 (Network) 及終端機 (Endpoint) 安全系統
- 各種密碼演算法 (Cryptography) 的應用
- 身份 (Identification) 及生物 (Biometrics) 驗證系統
- 安全危機的辨識 (Security Risk Identification) 與化解 (Mitigation) 方法
- 網絡存取控制系統 (Network Access Control System) 的應用
- 安全結構設備 (Security Infrastructure Devices)
- 虛擬化平台安全技術 (Virtualization Platform Security Technologies)
- 雲端安全技術 (Cloud Security Technologies)

CompTIA
為何考取 CompTIA Security+ 認證?
- 因其中立的特性,通常成為資訊科技安全領域人士首先考取的認證。
- 全球 25 萬人持有。
- 根據美國勞工統計局 (Bureau of Labor Statistics) 及知名人力資源網站 Payscale.com 的統計資料顯示,擁有 CompTIA Security+ 認證的資訊安全分析專家 (Information Security Analyst) 的年薪介乎於 US$49,000 與 US$97,000 之間。另外,具備資訊科技安全技能的 Network / System Administrator 的年薪介乎於 US$39,000 與 US$83,000 之間。
- 領先而中立的認證,會經常被全球各地的國際級機構認可並被設定為必要的入職條件。例如 Apple, Dell, HP, IBM, Intel 等機構的資訊安全相關職位 (例如 Information Security Officer) 均要求入職者持有 CompTIA Security+ 認證。
- 為進修 Cisco CCNP Security, Juniper JNCIS-SEC, Check Point CCSE, CISA, CISSP 等等更高級的專業認證作基礎而必要的準備。
|
課程名稱: |
CompTIA Security+ (SY0-601) 國際認可證書課程 - 簡稱:CompTIA Security+ SY0-601 Training Course |
課程時數: |
合共 30 小時 (共 10 堂),共 1 科 |
適合人士: |
對電腦網絡 (TCP/IP) 有基礎認識的任何人士。 |
授課語言: |
以廣東話為主,輔以英語 |
課程筆記: |
本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
上課模式: |
本課程以一人一機模式上課 |
免費重讀: |
傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
1. 模擬考試題目: |
本中心為學員提供模擬考試題目,每條考試題目均附有標準答案。 |
2. 時數適中: |
本中心的 CompTIA Security+ (新制SY0-601) 國際認可證書課程時數適中,有 30 小時。令學員能真正了解及掌握課程內容而考獲 CompTIA Security+ 國際認可證書。 |
3. Larry Chan 親自教授: |
由本中心已擁有
23 年教授 CompTIA / Microsoft / Cisco / Oracle / IBM / Citrix / Linux / Unix / Google / VMware / Juniper Networks 等相關課程的資深導師 Larry Chan 親自編寫筆記,絕對適合實際管理之用,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
4. Larry Chan 親身編寫筆記: |
Larry 親自編寫筆記,絕對適合考試及實際管理網路之用,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
5. 免費重讀: |
傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
CompTIA 已公佈考生必須通過以下 1 個 CompTIA Security+ 相關科目的考試,便可獲發 CompTIA Security+ 國際認可證書:
本中心為 CompTIA 指定的考試試場。報考時請致電本中心,登記欲報考之科目、考試日期及時間 (最快可即日報考)。臨考試前考生須出示身份證及繳付考試費。
考試編號 SY0-601 考試費為
HK$3,215。
考試題目由澳洲考試中心傳送到你要應考的電腦,考試時以電腦作答。所有考試題目均為英文,而大多數的考試題目為選擇題。作答完成後會立即出現你的分數,結果即考即知!考試不合格便可重新報考,不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料,可瀏覽本中心網頁 "各科考試分數資料"。 |
課程名稱:CompTIA Security+ (SY0-601) 國際認可證書課程 - 簡稱:CompTIA Security+ SY0-601 Training Course |
SY0-601 CompTIA Security+ (30 Hours)
1. Risk Measurement and Weighing
1.1 Risk Assessment
1.2 Computing Risk Assessment and Risk Calculations
1.3 Quantitative vs. Qualitative Risk Assessment
1.4 Risk – related Terminology
1.5 Acting on Your Risk Assessment
1.6 A Case Study of Acting and Reacting to Risks
1.7 Cloud Computing Risks
1.8 Virtualization Risks
1.9 Developing Policies, Standards, and Guidelines
1.10 Implementing Policies
1.11 Incorporating Standards
1.12 Following Guidelines
1.13 Business Policies to Implement
1.14 Separation of Duties Policies
1.15 Privacy Policies
1.16 Acceptable Use Policies
1.17 Job Rotation
1.18 Least Privilege
1.19 Succession Planning
1.20 Control Types and False Positives/Negatives
1.21 Business Impact Analysis (BIA)
1.22 Identifying Critical Systems and Components
1.23 Formulating Business Continuity Plans
1.24 High Availability (HA)
1.25 Redundancy
1.26 Fault Tolerance (FT)
1.27 Redundant Array of Independent Disks
1.28 Disaster Recovery
1.29 Disaster Recovery Planning
1.30 Cloud Security Risk Assessment
1.31 Cloud Security Posture Assessment
1.32 Cloud Data Security Life Cycle
1.33 Cloud Data Sensitivity and Classification
2. Monitoring and Diagnosing Networks
2.1 Network Monitors
2.2 Monitoring System Log files
2.3 Understanding Hardening
2.4 Working with Services
2.5 Protecting Management Interfaces and Applications
2.6 Software
2.7 Patches
2.8 Account Control
2.9 File System choices
2.10 Securing the Network
2.11 General Concepts of Security Posture
2.12 Continuous Security Monitoring
2.13 Security Audits
2.14 Setting a Remediation Policy
2.15 Reporting Security Issues
2.16 Differentiating between Detection Controls and Prevention Controls
2.17 Cloud Security Posture Management (CSPM) for IaaS Virtual Networks
2.18 Cloud Network Security and Visibility options
3. Security Devices and Infrastructure
3.1 TCP/IP Protocol Suite
3.2 OSI Relevance
3.3 Working with the TCP/IP Suite
3.4 The Application Layer
3.5 The Host-to-Host or Transport Layer
3.6 The Internet Layer
3.7 The Network Access Layer
3.8 IPv4 and IPv6
3.9 Concept of Encapsulation
3.10 Working with Protocols and Services
3.11 Well Known TCP and UDP Ports
3.12 TCP Three-Way Handshake
3.13 Application Programming Interface
3.14 Other Protocols to Know
3.15 Designing a Secure Network
3.16 Understanding the Various Network Infrastructure Devices
3.17 Firewalls
3.18 Concepts of Intrusion Detection Systems
3.19 IDS vs. IPS
3.20 Working with a Network-Based IDS
3.21 Implementing a Passive Response
3.22 Implementing an Active Response
3.23 Working with a Host-Based IDS
3.24 Working with NIPSs
3.25 Protocol Analyzers
3.26 Spam Filters
3.27 UTM Security Appliances
3.28 URL Filters
3.29 Content Inspection
3.30 Malware Inspection
3.31 Web Application Firewall vs. Network Firewall
3.32 Application-Aware Devices
3.33 Distributed Virtual Network Firewall v.s. Virtual Security Appliances
3.34 Cloud Network Security defenses and costs
4. Access Control, Authentication, and Authorization
4.1 Understanding Access Control Basics
4.2 Single Factor Authentication and Authorization
4.3 Multifactor Authentication
4.4 Layered Security and Defense in Depth
4.5 Network Access Control (Network Admission Control)
4.6 Tokens
4.7 Federations
4.8 Transitive Access Problem
4.9 Authentication Issues to Consider
4.10 Multifactor Authentication and Real World Security scenario
4.11 Authentication Protocols
4.12 Account and Password Policies in an Enterprise
4.13 Remote Authentication Dial-In User Service (RADIUS) Protocol
4.14 TACACS/TACACS+/XTACACS
4.15 VLAN Management
4.16 Understanding Authentication Services
4.17 Understanding Access Control
4.18 Mandatory Access Control
4.19 Discretionary Access Control
4.20 Role-Based Access Control
4.21 Rule-Based Access Control
4.22 Access Control Best Practice
4.23 Separation of Duties
4.24 Time of Day Access Control
4.25 User Access Review
4.26 Access Control by using Smartcards
4.27 Access Control Lists
4.28 Switch Port Security
4.29 Working with 802.1X
4.30 Flood Guards and Loop Protection
4.31 Preventing Network Bridging
4.32 Log Analysis
4.33 Trusted Operating System
4.34 Secure Router Configuration
4.35 Cloud Identity Management Systems
4.36 Cloud Authorization Systems and RBAC
4.37 Single Sign-On and Hybrid Identities
4.38 Tenant Managed Identities and JSON Web Token Authentication
5. Wireless Network Security
5.1 Working with Wireless Systems
5.2 IEEE 802.11- Wireless Protocols
5.3 WEP/WAP/WPA/WPA2
5.4 Concepts of Wireless Devices
5.5 Wireless Access Points
5.6 MAC Filtering on Wireless Networks
5.7 Captive Portals
5.8 Extensible Authentication Protocol
5.9 Wireless Network Vulnerabilities
5.10 Wireless Site Survey and War Driving
5.11 Wireless Attack Analogy
5.12 WPA3 and Wi-Fi 6 for Enterprises
5.13 Cloud Controlled Wireless Networks
6. Secure Cloud Computing
6.1 Working with Cloud Computing
6.2 Introduction to Software-as-a-Service (SaaS)
6.3 Introduction to Platform-as-a-Service (PaaS)
6.4 Introduction to Infrastructure-as-a-Service (IaaS)
6.5 Distinction between Public Cloud and Private Cloud
6.6 More about Community Cloud and Hybrid Cloud
6.7 A Brief look on Virtualization
6.8 Snapshots
6.9 Patch Compatibility
6.10 Host Availability/Elasticity
6.11 Security Control Testing
6.12 Sandboxing
6.13 Security and Cloud Computing
6.14 Cloud Storage
6.15 Cross-Origin Resource Sharing (CORS) security risks
6.16 3 ways to exploit Misconfigured CORS
6.17 Preventing CORS attacks in Content Delivery Networks (CDN)
6.18 Improving Enterprise Application Security and Isolation by Virtualization
6.19 Improving Cloud-Apps Security by Containerization
7. Host, Data, and Application Security
7.1 Introduction to Application Hardening
7.2 Database the relevant technologies
7.3 Not only SQL (NoSQL)
7.4 Big Data
7.5 Storage Area Network (SAN)
7.6 Application Fuzzing
7.7 Secure Coding
7.8 Open Web Application Security Project (OWASP)
7.9 CERT Secure Coding Standards
7.10 Application Configuration Baselining
7.11 Operating System Patch Management
7.12 Application Patch Management
7.13 Host Security
7.14 Host Software Baselining
7.15 Hardening Web Servers
7.16 Hardening Email Servers
7.17 Hardening FTP Servers
7.18 Hardening DNS Servers
7.19 Hardening DHCP Services
7.20 Protecting Data Through Fault Tolerance
7.21 RAID
7.22 Clustering and Load Balancing
7.23 Application Security
7.24 Best Practices for Security
7.25 Hardware-Based Encryption Devices
7.26 Encryption for Cloud Data-at-rest
7.28 Cloud Platform-Managed Encryption Keys
7.29 Customer-Managed Encryption Keys
7.30 Encryption Technologies for Transactional Databases
8. Cryptography
8.1 Introduction to Cryptography
8.2 Historical Cryptography
8.3 Modern Cryptography
8.4 Symmetric Algorithms
8.5 Asymmetric Algorithms
8.6 Hashing Algorithms
8.7 Rainbow Tables and Salt
8.8 Key Stretching
8.9 Cryptanalysis Methods
8.10 Wi-Fi Encryption
8.11 Utilizing Cryptographic Systems
8.12 Confidentiality and Encryption Strength
8.13 Integrity
8.14 Digital Signatures
8.15 Authentication
8.16 Nonrepudiation
8.17 Features of a Certification Authority
8.18 Concepts of Cryptography Standards and Protocols
8.19 Public-Key Infrastructure X.509/Public-Key Cryptography Standards
8.20 X.509
8.21 SSL and TLS
8.22 Certificate Management Protocols
8.23 Secure Multipurpose Internet Mail Extensions
8.24 Secure Electronic Transaction (SET)
8.25 Secure Shell
8.26 Pretty Good Privacy
8.27 HTTPS and SHTTP
8.28 Internet Protocol Security (IPsec)
8.29 Using Public Key Infrastructure
8.30 Using a Certification Authority
8.31 Registration Authority
8.32 Implementing Certificates
8.33 Certificate Policies
8.34 Certificate Practice Statements
8.35 Certificate Revocation Process
8.36 Concepts of Trust Models
9. Vulnerabilities and Threats
9.1 About Malware
9.2 Surviving Viruses
9.3 Symptoms of a Virus Infection
9.4 How Viruses Work
9.5 Virus Types
9.6 Managing Spam to Avoid Viruses
9.7 Antivirus Software
9.8 Attack Types
9.9 Identifying Denial-of-Service and Distributed Denial-of-Service Attacks
9.10 Attack Tools
9.11 Spoofing Attacks
9.12 Pharming Attacks
9.13 Phishing, Spear Phishing, and Vishing
9.14 Xmas Attack
9.15 Man-in-the-Middle Attacks
9.16 Replay Attacks
9.17 Smurf Attacks
9.18 Password Attacks
9.19 Privilege Escalation
9.20 Malicious Insider Threats
9.21 Transitive Access
9.22 Client-Side Attacks
9.23 Typo Squatting
9.24 Watering Hole Attack
9.25 Identifying Types of Application Attacks
9.26 Cross-Site Scripting and Forgery
9.27 SQL Injection
9.28 LDAP Injection
9.29 XML Injection
9.30 Directory Traversal and Command Injection
9.31 Buffer Overflow
9.32 Integer Overflow
9.33 Zero-Day Exploits
9.34 Cookies and Attachments
9.35 Locally Shared Objects and Flash Cookies
9.36 Tracking Cookie
9.37 Malicious Browser Add-Ons
9.38 Session Hijacking
9.39 Header Manipulation
9.40 Arbitrary Code and Remote Code Execution
9.41 Interpreting Assessment Results
9.42 Working with Vulnerability Scanners
9.43 Working with a Port Scanner
9.44 Banner Grabbing
10. Physical Security and Environmental Control
10.1 Introduction to Social Engineering
10.2 Types of Social Engineering Attacks
10.3 Concepts of Physical Security
10.4 Hardware Locks and Security
10.5 Mantraps
10.6 Video Surveillance
10.7 Understanding Environmental Controls
The course content above may change at any time without notice in order to better reflect the content of the SY0-601 examination.
|
|