Corso certificazione CompTIA Server+
-
Le lezioni sono chiare ed esaustive, il materiale didattico integrativo è molto utile, i docenti spiegano in modo chiaro e sono molto disponibili.
Feedback sicuramente positivo.
← | →
Corso
Online
Hai bisogno di un coach per la formazione?
Ti aiuterà a confrontare vari corsi e trovare l'offerta formativa più conveniente.
Descrizione
-
Tipologia
Corso
-
Metodologia
Online
-
Ore di lezione
40h
-
Durata
Flessible
-
Inizio
Scegli data
Il corso certificato CompTIA Server+ ti farà scoprire le tecnologie hardware e software essenziali degli ambienti server on-premise e ibridi, compresa l’alta disponibilità delle risorse, il cloud computing e lo scripting.
Il corso CompTIA Server+ ti fornirà una solida base di conoscenze tecniche, comprese quelle necessarie per installare, configurare, gestire e mantenere server fisici e virtuali. Imparerai a gestire il sistema operativo del server, la sicurezza, la virtualizzazione, lo storage, le reti, la risoluzione dei problemi e molto altro.
All’interno del percorso formativo CompTIA Server+, sono incluse domande basate sulle prestazioni che richiedono al candidato di dimostrare una conoscenza a più livelli per implementare, amministrare e risolvere i problemi dei server in modo sicuro.
Il corso si compone di Lezioni che puoi vedere a tuo ritmo, quando e dove vuoi in modalità ondemand. Avrai a tua disposizione incontri tecnici one-to-one con cui personalizzare la tua formazione.
Sedi e date
Luogo
Inizio del corso
Inizio del corso
Profilo del corso
Seguendo il corso CompTIA Server + acquisirai le competenze tecnico pratiche per poter operare un esperto di server e gestione delle infrastrutture.
Il corso si pone l’obiettivo di fornire le competenze pratiche dei professionisti IT che installano, gestiscono e risolvono i problemi dei server nei data center, compresi gli ambienti on-premise e ibridi. Alla fine del corso gli studenti saranno in grado di svolgere un lavoro in qualsiasi ambiente, in quanto il corso non è limitato a una singola piattaforma. I senior trainer esperti ti guideranno attraverso i concetti chiave e ti forniranno le competenze necessarie per superare l'esame di certificazione SK0-005 - CompTIA Server+.
CompTIA Server+ è una certificazione riconosciuta a livello internazionale che attesta le competenze e le conoscenze necessarie per lavorare come amministratore di server.
All’interno della piattaforma, oltre alle video lezioni ed alle esercitazioni, troverai una community attiva composta da docenti esperti e colleghi corsisti pronti a confrontarsi sempre, anche dopo il corso. Un ambiente stimolante per la tua crescita e formazione continua.
Le competenze e le conoscenze acquisite durante il corso ti permetteranno di occuparti di Cybersecurity in qualsiasi azienda, pubblica o privata, operante in qualsiasi settore. In particolare, le attuali richieste da parte di aziende e del mercato del lavoro per figure in possesso delle skill acquisite in questo corso, in linea con gli standard CompTia, riguardano i seguenti ruoli:
Amministratore di sistemi
Amministratore del server
Tecnico o ingegnere dell'assistenza sul campo
Ingegnere di data center
Tecnico di data center
Amministratore di rete
Tecnico informatico
Riceviamo numerose richieste da parte di aziende interessate a dare una chance di lavoro ai nostri corsisti. Questo perché trovano più semplice entrare in contatto con figure competenti, qualificate e referenziate attraverso i nostri canali, piuttosto che doverle cercare là fuori con i metodi tradizionali.
Dopo la richiesta di informazioni sarai contattato/a dal nostro ufficio commerciale che ti illustrerà al meglio la proposta formativa del corso e, in caso di tuo interesse, ti indicherà la procedura di acquisto.
Opinioni
-
Le lezioni sono chiare ed esaustive, il materiale didattico integrativo è molto utile, i docenti spiegano in modo chiaro e sono molto disponibili.
Feedback sicuramente positivo.
← | →
Valutazione del corso
Lo consiglia
Valutazione del Centro
katia kelly
Successi del Centro
Tutti i corsi devono essere aggiornati
La media delle valutazioni dev'essere superiore a 3,7
Più di 50 opinioni degli ultimi 12 mesi
7 anni del centro in Emagister.
Materie
- SQL1
1 alunni hanno indicato di aver acquisito questa competenza
- Windows
11 alunni hanno indicato di aver acquisito questa competenza
- Management
11 alunni hanno indicato di aver acquisito questa competenza
- Security
11 alunni hanno indicato di aver acquisito questa competenza
- Server
11 alunni hanno indicato di aver acquisito questa competenza
- CompTIA
11 alunni hanno indicato di aver acquisito questa competenza
- Server+
11 alunni hanno indicato di aver acquisito questa competenza
Professori
Matteo Greatti
Senior Trainer corso CompTIA Server+
Programma
UNIT 1 – PLANNING AND SCOPING
MODULE 1 – COMPARE AND CONTRAST GOVERNANCE, RISK, AND COMPLIANCE CONCEPTS.
• Regulatory compliance considerations
• Payment Card Industry Data Security Standard (PCI DSS)
• General Data Protection Regulation (GDPR)
• Location restrictions
• Country limitations
• Tool restrictions
• Local laws
• Local government requirements
• Privacy requirements
• Legal concepts
• Service-level agreement (SLA)
• Confidentiality
• Statement of work
• Non-disclosure agreement (NDA)
• Master service agreement
• Permission to attack
MODULE 2 – EXPLAIN THE IMPORTANCE OF SCOPING AND ORGANIZATIONAL/CUSTOMER
REQUIREMENTS.
• Standards and methodologies
• MITRE ATT&CK
• Open Web Application Security Project (OWASP)
• National Institute of Standards and Technology (NIST)
• Open-source Security Testing Methodology Manual (OSSTMM)
• Penetration Testing Execution Standard (PTES)
• Information Systems Security Assessment Framework (ISSAF)
• Rules of engagement
• Time of day
• Types of allowed/disallowed tests
• Other restrictions
• Environmental considerations
• Network
• Application
• Cloud
• Target list/in-scope assets
• Wireless networks
• Internet Protocol (IP) ranges
• Domains
• Application programming interfaces (APIs)
• Physical locations
• Domain name system (DNS)
• External vs. internal targets
• First-party vs. third-party hosted
• Validate scope of engagement
• Question the client/review contracts
• Time management
• Strategy
• Unknown-environment vs. known-environment testing
MODULE 3 – GIVEN A SCENARIO, DEMONSTRATE AN ETHICAL HACKING MINDSET BY
MAINTAINING PROFESSIONALISM AND INTEGRITY.
• Background checks of penetration testing team
• Adhere to specific scope of engagement
• Identify criminal activity
• Immediately report breaches/ criminal activity
• Limit the use of tools to a particular engagement
• Limit invasiveness based on scope
• Maintain confidentiality of data/information
• Risks to the professional
• Fees/fines
• Criminal charges
UNIT 2 – INFORMATION GATHERING AND VULNERABILITY SCANNING
MODULE 1 – GIVEN A SCENARIO, PERFORM PASSIVE RECONNAISSANCE.
• DNS lookups
• Identify technical contacts
• Administrator contacts
• Cloud vs. self-hosted
• Social media scraping
• Key contacts/job responsibilities
• Job listing/technology stack
• Cryptographic flaws
• Secure Sockets Layer (SSL) certificates
• Revocation
• Company reputation/security posture
• Data
• Password dumps
• File metadata
• Strategic search engine analysis/enumeration
• Website archive/caching
• Public source-code repositories
• Open-source intelligence (OSINT)
• Tools
• Shodan
• Recon-ng
• Sources
• Common weakness enumeration (CWE)
• Common vulnerabilities and exposures (CVE)
MODULE 2 – GIVEN A SCENARIO, PERFORM ACTIVE RECONNAISSANCE.
• Enumeration
• Hosts
• Services
• Domains
• Users
• Uniform resource locators (URLs)
• Website reconnaissance
• Crawling websites
• Scraping websites
• Manual inspection of web links
• robots.txt
• Packet crafting
• Scapy
• Defense detection
• Load balancer detection
• Web application firewall (WAF) detection
• Antivirus
• Firewall
• Tokens
• Scoping
• Issuing
• Revocation
• Wardriving
• Network traffic
• Capture API requests and responses
• Sniffing
• Cloud asset discovery
• Third-party hosted services
• Detection avoidance
MODULE 3 – GIVEN A SCENARIO, ANALYZE THE RESULTS OF A RECONNAISSANCE EXERCISE.
• Fingerprinting
• Operating systems (OSs)
• Networks
• Network devices
• Software
• Analyze output from:
• DNS lookups
• Crawling websites
• Network traffic
• Address Resolution Protocol (ARP) traffic
• Nmap scans
• Web logs
MODULE 4 – GIVEN A SCENARIO, PERFORM VULNERABILITY SCANNING.
• Considerations of vulnerability scanning
• Time to run scans
• Protocols
• Network topology
• Bandwidth limitations
• Query throttling
• Fragile systems
• Non-traditional assets
• Scan identified targets for vulnerabilities
• Set scan settings to avoid detection
• Scanning methods
• Stealth scan
• Transmission Control Protocol (TCP) connect scan
• Credentialed vs. non-credentialed
• Nmap
• Nmap Scripting Engine (NSE) scripts
• Common options
• A
• sV
• sT
• Pn
• O
• sU
• sS
• T 1-5
• script=vuln
• p
• Vulnerability testing tools that facilitate automation
UNIT 3 – ATTACKS AND EXPLOITS
MODULE 1 – GIVEN A SCENARIO, RESEARCH ATTACK VECTORS AND PERFORM NETWORK
ATTACKS.
• Stress testing for availability
• Exploit resources
• Exploit database (DB)
• Packet storm
• Attacks
• ARP poisoning
• Exploit chaining
• Password attacks
• Password spraying
• Hash cracking
• Brute force
• Dictionary
• On-path (previously known as man-in-the-middle)
• Kerberoasting
• DNS cache poisoning
• Virtual local area network (VLAN) hopping
• Network access control (NAC) bypass
• Media access control (MAC) spoofing
• Link-Local Multicast Name Resolution (LLMNR)/NetBIOS- Name Service (NBT-NS) poisoning
• New Technology LAN Manager (NTLM) relay attacks
• Tools
• Metasploit
• Netcat
• Nmap
MODULE 2 – GIVEN A SCENARIO, RESEARCH ATTACK VECTORS AND PERFORM WIRELESS
ATTACKS.
• Attack methods
• Eavesdropping
• Data modification
• Data corruption
• Relay attacks
• Spoofing
• Deauthentication
• Jamming
• Capture handshakes
• On-path
• Attacks
• Evil twin
• Captive portal
• Bluejacking
• Bluesnarfing
• Radio-frequency identification (RFID) cloning
• Bluetooth Low Energy (BLE) attack
• Amplification attacks [Near-field communication (NFC)]
• WiFi protected setup (WPS) PIN attack
• Tools
• Aircrack-ng suite
• Amplified antenna
MODULE 3 – GIVEN A SCENARIO, RESEARCH ATTACK VECTORS AND PERFORM APPLICATIONBASED ATTACKS.
• OWASP Top 10
• Server-side request forgery
• Business logic flaws
• Injection attacks
• Structured Query Language (SQL) injection
• Blind SQL
• Boolean SQL
• Stacked queries
• Command injection
• Cross-site scripting
• Persistent
• Reflected
• Lightweight Directory Access Protocol (LDAP) injection
• Application vulnerabilities
• Race conditions
• Lack of error handling
• Lack of code signing
• Insecure data transmission
• Session attacks
• Session hijacking
• Cross-site request forgery (CSRF)
• Privilege escalation
• Session replay
• Session fixation
• API attacks
• Restful
• Extensible Markup Language- Remote Procedure Call (XML-RPC)
• Soap
• Directory traversal
• Tools
• Web proxies
• OWASP Zed Attack Proxy (ZAP)
• Burp Suite community edition
• SQLmap
• DirBuster
• Resources
• Word lists
MODULE 4 – GIVEN A SCENARIO, RESEARCH ATTACK VECTORS AND PERFORM ATTACKS ON
CLOUD TECHNOLOGIES.
• Attacks
• Credential harvesting
• Privilege escalation
• Account takeover
• Metadata service attack
• Misconfigured cloud assets
• Identity and access management (IAM)
• Federation misconfigurations
• Object storage
• Containerization technologies
• Resource exhaustion
• Cloud malware injection attacks
• Denial-of-service attacks
• Side-channel attacks
• Direct-to-origin attacks
• Tools
• Software development kit (SDK)
MODULE 5 – EXPLAIN COMMON ATTACKS AND VULNERABILITIES AGAINST SPECIALIZED
SYSTEMS.
• Mobile
• Attacks
• Reverse engineering
• Sandbox analysis
• Spamming
• Vulnerabilities
• Insecure storage
• Passcode vulnerabilities
• Certificate pinning
• Using known vulnerable components (i) Dependency vulnerabilities (ii) Patching
fragmentation
• Execution of activities using root
• Over-reach of permissions
• Biometrics integrations
• Business logic vulnerabilities
• Tools
• Burp Suite
• Drozer
• Mobile Security Framework (MobSF)
• Postman
• Ettercap
• Frida
• Objection
• Android SDK tools
• ApkX
• APK Studio
• Internet of Things (IoT) devices
• BLE attacks
• Special considerations
• Fragile environment
• Availability concerns
• Data corruption
• Data exfiltration
• Vulnerabilities
• Insecure defaults
• Cleartext communication
• Hard-coded configurations
• Outdated firmware/hardware
• Data leakage
• Use of insecure or outdated components
• Data storage system vulnerabilities
• Misconfigurations—on-premises and cloud-based
• Default/blank username/password
• Network exposure
• Lack of user input sanitization
• Underlying software vulnerabilities
• Error messages and debug handling
• Injection vulnerabilities
• Single quote method
• Management interface vulnerabilities
• Intelligent platform management interface (IPMI)
• Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of
Things (IIoT)/ industrial control system (ICS)
• Vulnerabilities related to virtual environments
• Virtual machine (VM) escape
• Hypervisor vulnerabilities
• VM repository vulnerabilities
• Vulnerabilities related to containerized workloads
MODULE 6 – GIVEN A SCENARIO, PERFORM A SOCIAL ENGINEERING OR PHYSICAL ATTACK.
• Pretext for an approach
• Social engineering attacks
• Email phishing
• Whaling
• Spear phishing
• Vishing
• Short message service (SMS) phishing
• Universal Serial Bus (USB) drop key
• Watering hole attack
• Physical attacks
• Tailgating
• Dumpster diving
• Shoulder surfing
• Badge cloning
• Impersonation
• Tools
• Browser exploitation framework (BeEF)
• Social engineering toolkit
• Call spoofing tools
• Methods of influence
• Authority
• Scarcity
• Social proof
• Urgency
• Likeness
• Fear
MODULE 7 – GIVEN A SCENARIO, PERFORM POST-EXPLOITATION TECHNIQUES.
• Post-exploitation tools
• Empire
• Mimikatz
• BloodHound
• Lateral movement
• Pass the hash
• Network segmentation testing
• Privilege escalation
• Horizontal
• Vertical
• Upgrading a restrictive shell
• Creating a foothold/persistence
• Trojan
• Backdoor
• Bind shell
• Reverse shell
• Daemons
• Scheduled tasks
• Detection avoidance
• Living-off-the-land techniques/fileless malware
• PsExec
• Windows Management Instrumentation (WMI)
• PowerShell (PS) remoting/Windows Remote Management (WinRM)
• Data exfiltration
• Covering your tracks
• Steganography
• Establishing a covert channel
• Enumeration
• Users
• Groups
• Forests
• Sensitive data
• Unencrypted files
UNIT 4 – REPORTING AND COMMUNICATION
MODULE 1 – COMPARE AND CONTRAST IMPORTANT COMPONENTS OF WRITTEN REPORTS.
• Report audience
• C-suite
• Third-party stakeholders
• Technical staff
• Developers
• Report contents (** not in a particular order)
• Executive summary
• Scope details
• Methodology
• Attack narrative
• Findings
• Risk rating (reference framework)
• Risk prioritization
• Business impact analysis
• Metrics and measures
• Remediation
• Conclusion
• Appendix
• Storage time for report
• Secure distribution
• Note taking
• Ongoing documentation during test
• Screenshots
• Common themes/root causes
• Vulnerabilities
• Observations
• Lack of best practices
MODULE 2 – GIVEN A SCENARIO, ANALYZE THE FINDINGS AND RECOMMEND THE
APPROPRIATE REMEDIATION WITHIN A REPORT.
• Technical controls
• System hardening
• Sanitize user input/parameterize queries
• Implemented multifactor authentication
• Encrypt passwords
• Process-level remediation
• Patch management
• Key rotation
• Certificate management
• Secrets management solution
• Network segmentation
• Administrative controls
• Role-based access control
• Secure software development life cycle
• Minimum password requirements
• Policies and procedures
• Operational controls
• Job rotation
• Time-of-day restrictions
• Mandatory vacations
• User training
• Physical controls
• Access control vestibule
• Biometric controls
• Video surveillance
MODULE 3 – EXPLAIN THE IMPORTANCE OF COMMUNICATION DURING THE PENETRATION
TESTING PROCESS.
• Communication path
• Primary contact
• Technical contact
• Emergency contact
• Communication triggers
• Critical findings
• Status reports
• Indicators of prior compromise
• Reasons for communication
• Situational awareness
• De-escalation
• Deconfliction
• Identifying false positives
• Criminal activity
• Goal reprioritization
• Presentation of findings
MODULE 4 – EXPLAIN POST-REPORT DELIVERY ACTIVITIES.
• Post-engagement cleanup
• Removing shells
• Removing tester-created credentials
• Removing tools
• Client acceptance
• Lessons learned
• Follow-up actions/retest
• Attestation of findings Data destruction process
Hai bisogno di un coach per la formazione?
Ti aiuterà a confrontare vari corsi e trovare l'offerta formativa più conveniente.
Corso certificazione CompTIA Server+
Prezzo da consultareAggiungi corsi simili
e confrontali per aiutarti a scegliere.{title}{centerName}{price}{price} {priceBeforeDiscount} {taxCaption}Formazione per argomento
Corsi di Altre tematiche Corsi di Amministrazione aziendale Corsi di Creazione e design Corsi di Finanza Corsi di Informatica Corsi di Lingue Corsi di Logistica Corsi di Marketing e vendita Corsi di Qualità, produzione, ricerca e sviluppo Corsi di Scienze Corsi di Scienze umane Corsi di Settore industriale Corsi di Settore legale Corsi di Settore pubblico Corsi di Settore sanitario Corsi di Sicurezza Corsi di Sport e tempo libero Corsi di Turismo - Windows