Administrative Items

• Time: Thursday’s from 5:00pm-6:00pm
• Location: Shelby 2117
• Test Dates: Qualification Exam, 4/10/2020 | Exam Date, 4/17/2020

Additional Resources

• Official Website
• Official Exam Objectives
• Book
• Extra Test Questions from Book
• Additional Book Resources
• Free Videos and Practice Tests
• Exam definitions
• Encryption Cheat Sheet
• Terminology
• Acronyms

Exam Details

Course Outline

There are six domains each with their on subdomains on which will be tested on the during exam, these include:

1. Review
2. Threats, Attacks, and Vulnerabilities
3. Technologies and Tools
4. Architecture and Design
5. Identity and Access Management
6. Risk Management
7. Cryptography and PKI

Review

• Security Basics
• Core Security Goals
• Basic Risk concepts
• Command Line Tools

Threats, Attacks, and Vulnerabilities

• 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
• 1.2 Compare and contrast types of attacks.
• 1.3 Explain threat actor types and attributes
• 1.4 Explain penetration testing concepts.
• 1.5 Explain vulnerability scanning concepts.
• 1.6 Explain the impact associated with types of vulnerabilities.

Technologies and Tools

• 2.1 Install and configure network components, both hardware and software-based, to support organizational security.
• 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
• 2.3 Given a scenario, troubleshoot common security issues.
• 2.4 Given a scenario, analyze and interpret output from security technologies.
• 2.5 Given a scenario, deploy mobile devices securely.
• 2.6 Given a scenario, implement secure protocols.

Architecture and Design

• 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
• 3.2 Given a scenario, implement secure network architecture concepts.
• 3.3 Given a scenario, implement secure systems design.
• 3.4 Explain the importance of secure staging deployment concepts.
• 3.5 Explain the security implications of embedded systems.
• 3.6 Summarize secure application development and deployment concepts.
• 3.7 Summarize cloud and virtualization concepts.
• 3.8 Explain how resiliency and automation strategies reduce risk.
• 3.9 Explain the importance of physical security controls.

Identity and Access Management

• 4.1 Compare and contrast identity and access management concepts
• 4.2 Given a scenario, install and configure identity and access services.
• 4.3 Given a scenario, implement identity and access management controls.
• 4.4 Given a scenario, differentiate common account management practices.

Risk Management

• 5.1 Explain the importance of policies, plans and procedures related to organizational security
• 5.2 Summarize business impact analysis concepts.
• 5.3 Explain risk management processes and concepts.
• 5.4 Given a scenario, follow incident response procedures.
• 5.5 Summarize basic concepts of forensics
• 5.6 Explain disaster recovery and continuity of operations concepts.
• 5.7 Compare and contrast various types of controls.
• 5.8 Given a scenario, carry out data security and privacy practices.

Cryptography and PKI

• 6.1 Compare and contrast basic concepts of cryptography
• 6.2 Explain cryptography algorithms and their basic characteristics.
• 6.3 Given a scenario, install and configure wireless security settings.
• 6.4 Given a scenario, implement public key infrastructure.

Course Structure