CompTIA A+ 220-1101 (Core 1) – Hardware, Networking & Mobile Devices

1. Mobile Devices p hardware and features

• Mobile device types (smartphones, tablets)

• Mobile device accessories

• Mobile OS and application synchronization

2. Networking

• TCP/IP, DNS, DHCP, IP addressing

• Routers, switches, access points, and ports

• Wireless standards (Wi-Fi, Bluetooth)

• Cable types and connectors (Ethernet, coax, fiber)

• SOHO network setup

• Common network services and configuration

3. Hardware

• PC components (motherboards, CPUs, RAM, storage)

• Peripherals and connectors (USB, HDMI, printers)

• Installing and configuring power supplies and cooling

• Custom PCs (e.g., gaming, CAD workstations)

• Hardware troubleshooting

4. Virtualization and Cloud Computing

• Cloud models (IaaS, SaaS, PaaS)

• Cloud storage and applications

• Client-side virtualization

5. Hardware and Network Troubleshooting

• Troubleshooting methods and tools

• Resolving hardware and network connectivity issues

• Diagnosing printers and peripheral failures

CompTIA A+ 220-1102 (Core 2) – Operating Systems, Security & Software

1. Operating Systems

• Windows OS (installation, configuration, and tools)

• macOS, Linux, Chrome OS basics

• Command-line tools (e.g., ipconfig, ping, chkdsk)

• System utilities and control panel tools

• OS file systems and disk management

2. Security

• Threats and vulnerabilities (malware, phishing, social engineering)

• Securing devices and data

• Authentication methods (MFA, biometrics)

• Windows security settings (firewall, user permissions)

• Security best practices and physical security

3. Software Troubleshooting

• Common OS and application errors

• Mobile OS troubleshooting

• Malware removal and recovery steps

4. Operational Procedures

• Best practices in documentation and change management

• Incident response and disaster recovery

• Safety and environmental procedures (e.g., ESD, disposal)

• Professional communication and customer service

CompTIA Security+

1. General Security Concepts

• Confidentiality, Integrity, Availability (CIA Triad)

• Security Controls

o Administrative, technical, and physical controls

• Security Posture

o Risk management, asset management, threat intelligence

• Security Roles

o Security analyst, SOC analyst, penetration tester, etc.

 • Frameworks and Compliance

o NIST, ISO, GDPR, HIPAA, etc.

2. Threats, Vulnerabilities, and Mitigations

• Types of Threat Actors

o Script kiddies, hacktivists, nation-states, insiders

• Threat Vectors

o Email, social engineering, physical access, etc.

• Common Attacks

o Phishing, ransomware, DDoS, password attacks, injection attacks

• Vulnerabilities

o Misconfigurations, unpatched systems, weak encryption

• Mitigation Techniques

o Patching, hardening, security tools, backups

3. Security Architecture

• Network Architecture Concepts

o DMZ, VLANs, VPNs, segmentation

• Secure Protocols

o HTTPS, SSH, SFTP, IPsec, etc.

• Cloud and Virtualization Security

o SaaS, PaaS, IaaS security best practices

• Zero Trust Architecture

o Principles and implementation

• Endpoint and Application Security

o EDR, application hardening, secure coding practices

4. Security Operations

• Security Monitoring

o SIEM, log analysis, behavioral analytics

• Incident Response
 o Preparation, detection, analysis, containment, eradication, recovery, post-incident

• Digital Forensics

o Chain of custody, imaging, analysis techniques

• Business Continuity and Disaster Recovery

o Backups, DR sites, BCP/DRP planning

• Security Tools

o Firewalls, IDS/IPS, antivirus, scanners

5. Security Program Management and Oversight

• Security Policies and Procedures

• Risk Management

o Risk assessments, risk response strategies

• Governance and Compliance

o Legal and regulatory requirements

• Security Training and Awareness

• Third-Party Risk Management

o Vendor assessments, SLAs

• Ethical Hacking & Penetration Testing

● Ethical Hacking Methodology (Reconnaissance to Reporting)

● Footprinting and Reconnaissance Techniques

● Scanning and Enumeration (Nmap, Netcat, hping)

● Vulnerability Assessment Tools & Techniques

● Wireless Network Attacks (WEP/WPA Cracking)

● Social Engineering Attacks and Prevention

● Introduction to Cloud & IoT Security Risks

● Hands-on Labs: Using Metasploit, OpenVAS, Wireshark

• Web Application Security & OWASP Top 10

● Web Application Basics & Security Concepts

● OWASP Top 10 Vulnerabilities Overview:

○ SQL Injection, XSS, CSRF, IDOR, SSRF, RCE

● Tools: Burp Suite, OWASP ZAP, Nikto, SQLmap

 ● Lab Targets: DVWA

● Practical Exploit Techniques for SQLi, XSS, etc.

● Secure Coding Best Practices Introduction

● Hands-on: Web App Vulnerability Assessment & Exploitation

CCSP Domains and Course Content (Based on CBK - Common Body of Knowledge)

1. Cloud Concepts, Architecture and Design

• Cloud computing definitions and principles

• Cloud service models (IaaS, PaaS, SaaS)

• Cloud deployment models (public, private, hybrid, community)

• Cloud reference architectures (e.g., NIST, ISO)

• Key cloud computing characteristics

• Cloud security considerations

• Impact of cloud on enterprise architecture

2. Cloud Data Security

• Data classification and lifecycle in the cloud

• Cloud data storage architectures

• Design and implement data security strategies (e.g., encryption, tokenization, masking)

• Data rights management

• Privacy issues related to cloud data

• Data retention, deletion, and archiving

3. Cloud Platform and Infrastructure Security

• Cloud infrastructure components (network, compute, storage)

• Risk management within cloud infrastructure

• Security controls for cloud infrastructure (virtualization, containers, serverless)

• Secure virtual and physical infrastructure

• Business continuity and disaster recovery in the cloud

4. Cloud Application Security

 • Secure software development lifecycle (SDLC)

• Application architecture for cloud

• Secure design and deployment in cloud environments

• APIs and web services security

• CI/CD pipeline security

• DevSecOps integration

5. Cloud Security Operations

• Cloud security operations processes

• Configuration management and automation

• Patching and vulnerability management

• Security information and event management (SIEM)

• Identity and access management (IAM)

• Logging and monitoring in the cloud

6. Legal, Risk, and Compliance

• Legal requirements and unique risks in cloud environments

• International regulations (e.g., GDPR, HIPAA)

• eDiscovery and digital forensics in cloud

• Risk management frameworks (e.g., ISO 31000, NIST RMF)

• Vendor management and third-party risk

Capstone Project and Certifications Preparation

Objective: Consolidate learning through real-world projects and prepare for entry-level certifications.

➢ Prepare Vulnerability Assessment and Penetration Testing Reports

➢ Simulated Bug Bounty Program Participation
➢ Guidance on Certifications like CompTIA A+ CompTIA Security+, CEH (Basic), Cisco
CyberOps, CCSP, Cloud Security.
➢ Career Guidance and Resume Preparation

Tools & Platforms Covered

➢ Operating Systems: Kali Linux, Ubuntu, Windows (in VM)

➢ Networking: Cisco Packet Tracer, Wireshark, Netcat, Nmap
➢ Ethical Hacking: Metasploit, Wireshark
➢ Web Security: Burp Suite, OWASP ZAP etc.
➢ Learning Platforms: DVWA, BWAPP