Secure Infrastructure Specialist/Objectives

Core 1

edit

1.0 Mobile Devices

edit

1.1 Given a scenario, install and configure laptop hardware and components.

edit
  • Hardware/device replacement
    • Battery
    • Keyboard/keys
    • Random-access memory (RAM)
    • Hard disk drive (HDD)/solid state drive (SSD) migration
    • HDD/SSD replacement
    • Wireless cards

  • Physical privacy and security components
    • Biometrics
    • Near-field scanner features

1.2 Compare and contrast the display components of mobile devices.

edit
  • Types
    • Liquid crystal display (LCD)
      • In-plane switching (IPS)
      • Twisted nematic (TN)
      • Vertical alignment (VA)
    • Organic light-emitting diode (OLED)

  • Mobile display components
  • WiFi antenna connector/placement
  • Camera/webcam
  • Microphone
  • Touch screen/digitizer
  • Inverter

1.3 Given a scenario, set up and configure accessories and ports of mobile devices.

edit
  • Connection methods
    • Universal Serial Bus (USB)/USB-C/microUSB/miniUSB
    • Lightning
    • Serial interfaces
    • Near-field communication (NFC)
    • Bluetooth
    • Hotspot

  • Accessories
    • Touch pens
    • Headsets
    • Speakers
    • Webcam
  • Docking station
  • Port replicator
  • Trackpad/drawing pad

1.4 Given a scenario, configure basic mobile-device network connectivity and application support.

edit
  • Wireless/cellular data network (enable/disable)
    • 2G/3G/4G/5G
    • Hotspot
    • Global System for Mobile Communications (GSM) vs. code-division multiple access (CDMA)
    • Preferred Roaming List (PRL) updates
  • Bluetooth
    • Enable Bluetooth
    • Enable pairing
    • Find a device for pairing
    • Enter the appropriate PIN code
    • Test connectivity
  • Location services
    • Global Positioning System (GPS) services
    • Cellular location services

  • Mobile device management (MDM)/mobile application management (MAM)
    • Corporate email configuration
    • Two-factor authentication
    • Corporate applications
  • Mobile device synchronization
    • Account setup
      • Microsoft 365
      • Google Workspace
      • iCloud
    • Data to synchronize
      • Mail
      • Photos
      • Calendar
      • Contacts
      • Recognizing data caps


2.0 Networking

edit

2.1 Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.

edit
  • Ports and protocols
    • 20/21 - File Transfer Protocol (FTP)
    • 22 - Secure Shell (SSH)
    • 23 - Telnet
    • 25 - Simple Mail Transfer Protocol (SMTP)
    • 53 - Domain Name System (DNS)
    • 67/68 - Dynamic Host Configuration Protocol (DHCP)
    • 80 - Hypertext Transfer Protocol (HTTP)
    • 110 - Post Office Protocol 3 (POP3)
    • 137/139 - Network Basic Input/Output System (NetBIOS)/NetBIOS over TCP/IP (NetBT)
    • 143 - Internet Mail Access Protocol (IMAP)
    • 161/162 - Simple Network Management Protocol (SNMP)
    • 389 - Lightweight Directory Access Protocol (LDAP)
    • 443 - Hypertext Transfer Protocol Secure (HTTPS)
    • 445 - Server Message Block (SMB)/Common Internet File System (CIFS)
    • 3389 - Remote Desktop Protocol (RDP)

  • TCP vs. UDP
    • Connectionless
      • DHCP
      • Trivial File Transfer Protocol (TFTP)
    • Connection-oriented
      • HTTPS
      • SSH

2.2 Compare and contrast common networking hardware.

edit
  • Routers
  • Switches
    • Managed
    • Unmanaged
  • Access points
  • Patch panel
  • Firewall

  • Power over Ethernet (PoE)
    • Injectors
    • Switch
    • PoE standards
  • Hub
  • Cable modem
  • Digital subscriber line (DSL)
  • Optical network terminal (ONT)
  • Network interface card (NIC)
  • Software-defined networking (SDN)

2.3 Compare and contrast protocols for wireless networking.

edit
  • Frequencies
    • 2.4GHz
    • 5GHz
  • Channels
    • Regulations
    • 2.4GHz vs. 5GHz
  • Bluetooth

  • 802.11
    • a
    • b
    • g
    • n
    • ac (WiFi 5)
    • ax (WiFi 6)

  • Long-range fixed wireless
    • Licensed
    • Unlicensed
    • Power
    • Regulatory requirements for wireless power
  • NFC
  • Radio-frequency identification (RFID)

2.4 Summarize services provided by networked hosts.

edit
  • Server roles
    • DNS
    • DHCP
    • Fileshare
    • Print servers
    • Mail servers
    • Syslog
    • Web servers
    • Authentication, authorization, and accounting (AAA)

  • Internet applicances
    • Spam gateways
    • Unified threat management (UTM)
    • Load balancers
    • Proxy servers
  • Legacy/embedded systems
    • Supervisory control and data acquisition (SCADA)
  • Internet of Things (IoT) devices

2.5 Given a scenario, install and configure basic wired/wireless small office/home office (SOHO) networks.

edit
  • Internet Protocol (IP) addressing
    • IPv4
      • Private addresses
      • Public addresses
    • IPv6
    • Automatic Private IP Addressing (APIPA)
    • Static
    • Dynamic
    • Gateway

2.6 Compare and contrast common network configuration concepts.

edit

  • DHCP
    • Leases
    • Reservations
    • Scope
  • Virtual LAN (VLAN)
  • Virtual private network (VPN)

2.7 Compare and contrast Internet connection types, network types, and their features.

edit
  • Internet connection types
    • Satellite
    • Fiber
    • Cable
    • DSL
    • Cellular
    • Wireless Internet service provider (WISP)

  • Network types
    • Local area network (LAN)
    • Wide area network (WAN)
    • Personal area network (PAN)
    • Metropolitan area network (MAN)
    • Storage area network (SAN)
    • Wireless local area network (WLAN)

2.8 Given a scenario, use networking tools.

edit
  • Crimper
  • Cable stripper
  • WiFi analyzer
  • Toner probe

  • Punchdown tool
  • Cable tester
  • Loopback plug
  • Network tap


3.0 Hardware

edit

3.1 Explain basic cable types and their connectors, features, and purposes.

edit
  • Network cables
    • Copper
      • Cat 5
      • Cat 5e
      • Cat 6
      • Cat 6a
      • Coaxial
      • Shielded twisted pair
        • Direct burial
      • Unshielded twisted pair
    • Plenum
    • Optical
      • Fiber
    • T568A/T568B

  • Peripheral cables
    • USB 2.0
    • USB 3.0
    • Serial
    • Thunderbolt
  • Video cables
    • High-Definition Multimedia Interface (HDMI)
    • DisplayPort
    • Digital Visual Interface (DVI)
    • Video Graphics Array (VGA)
  • Hard drive cables
    • Serial Advanced Technology Attachment (SATA)
    • Small Computer System Interface (SCSI)
    • External SATA (eSATA)
    • Integrated Drive Electronics (IDE)

3.2 Given a scenario, install the appropriate RAM.

edit
  • RAM types
    • Virtual RAM
    • Small outline dual inline memory module (SODIMM)
    • Double Data Rate 3 (DDR3)
    • Double Data Rate 4 (DDR4)
    • Double Data Rate 5 (DDR5)
    • Error correction code (ECC) RAM

  • Single-channel
  • Dual-channel
  • Triple-channel
  • Quad-channel

3.3 Given a scenario, select and install storage devices.

edit
  • Hard drives
    • Speeds
      • 5,400rpm
      • 7,200rpm
      • 10,000rpm
      • 15,000rpm
    • Form factor
      • 2.5
      • 3.5

  • SSDs
    • Communications interfaces
      • Non-volatile Memory Express (NVMe)
      • SATA
      • Peripheral Component Interconnect Express (PCIe)
    • Form factors
      • M.2
      • mSATA

  • Drive configurations
    • Redundant Array of Independent (or Inexpensive) Disks (RAID) 0, 1, 5, 10
  • Removable storage
    • Flash drives
    • Memory cards
    • Optical drives

3.4 Given a scenario, install and configure motherboards, central processing units (CPUs), and add-on cards.

edit
  • Motherboard form factor
    • Advanced Technology eXtended (ATX)
    • Information Technology eXtended (ITX)
  • Motherboard connector types
    • Peripheral Component Interconnect (PCI)
    • PCI Express (PCIe)
    • Power connectors
    • SATA
    • eSATA
    • Headers
    • M.2
  • Motherboard compatibility
    • CPU sockets
      • Advanced Micro Devices, Inc. (AMD)
      • Intel
    • Server
    • Multisocket
    • Desktop
    • Mobile
  • Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) settings
    • Boot options
    • USB permissions
    • Trusted Platform Module (TPM) security features
    • Fan considerations
    • Secure Boot
    • Boot password

  • Encryption
  • CPU architecture
    • x64/x86
    • Advanced RISC Machine (ARM)
    • Single-core
    • Multicore
    • Multithreading
    • Virtualization support
  • Expansion cards
    • Sound card
    • Video card
    • Capture card
    • NIC
  • Cooling
    • Fans
    • Heat sink
    • Thermal paste/pads
    • Liquid

3.5 Given a scenario, install or replace the appropriate power supply.

edit
  • Input 110-120 VAC vs. 220-240 VAC
  • Output 3.3V vs. 5V vs. 12V
  • 20-pin to 24-pin motherboard adapter

  • Redundant power supply
  • Modular power supply
  • Wattage rating

3.6 Given a scenario, deploy and configure multifunction devices/printers and settings.

edit
  • Properly unboxing a device – setup location considerations
  • Use appropriate drivers for a given OS
    • Printer Control Language (PCL) vs. PostScript
  • Device connectivity
    • USB
    • Ethernet
    • Wireless
  • Public/shared devices
    • Printer share
    • Print server

  • Configuration settings
    • Duplex
    • Orientation
    • Tray settings
    • Quality
  • Security
    • User authentication
    • Badging
    • Audit logs
    • Secured prints
  • Network scan services
    • Email
    • SMB
    • Cloud services
  • Automatic document feeder (ADF)/flatbed scanner

3.7 Given a scenario, install and replace printer consumables.

edit
  • Laser
    • Imaging drum, fuser assembly, transfer belt, transfer roller, pickup rollers, separation pads, duplexing assembly
    • Imaging process: processing, charging, exposing, developing, transferring, fusing, and cleaning
    • Maintenance: Replace toner, apply maintenance kit, calibrate, clean
  • Inkjet
    • Ink cartridge, print head, roller, feeder, duplexing assembly, carriage belt
    • Calibration
    • Maintenance: Clean heads, replace cartridges, calibrate, clear jams

  • Thermal
    • Feed assembly, heating element
    • Special thermal paper
    • Maintenance: Replace paper, clean heating element, remove debris
    • Heat sensitivity of paper
  • Impact
    • Print head, ribbon, tractor feed
    • Impact paper
    • Maintenance: Replace ribbon, replace print head, replace paper
  • 3-D printer
    • Filament
    • Resin
    • Print bed


4.0 Virtualization and Cloud Computing

edit

4.1 Summarize cloud-computing concepts.

edit
  • Common cloud models
    • Private cloud
    • Public cloud
    • Hybrid cloud
    • Community cloud
    • Infrastructure as a service (IaaS)
    • Software as a service (SaaS)
    • Platform as a service (PaaS)

  • Cloud characteristics
    • Shared resources
    • Metered utilization
    • Rapid elasticity
    • High availability
    • File synchronization
  • Desktop virtualization
    • Virtual desktop infrastructure (VDI) on premises
    • VDI in the cloud

4.2 Summarize aspects of client-side virtualization.

edit
  • Purpose of virtual machines
    • Sandbox
    • Test development
    • Application virtualization
      • Legacy software/OS
      • Cross-platform virtualization
  • Resource requirements
  • Security requirements


5.0 Hardware and Network Troubleshooting

edit

5.1 Given a scenario, apply the best practice methodology to resolve problems.

edit

Always consider corporate policies, procedures, and impacts before implementing changes:

1. Identify the problem

  • Gather information from the user, identify user changes, and, if applicable, perform backups before making changes
  • Inquire regarding environmental or infrastructure changes

2. Establish a theory of probable cause (question the obvious)

  • If necessary, conduct external or internal research based on symptoms

3. Test the theory to determine the cause

  • Once the theory is confirmed, determine the next steps to resolve the problem
  • If the theory is not confirmed, re-establish a new theory or escalate

4.Establish a plan of action to resolve the problem and implement the solution

  • Refer to the vendor’s instructions for guidance

5.Verify full system functionality and, if applicable, implement preventive measures
6.Document the findings, actions, and outcomes

edit
  • Common symptoms
    • Power-on self-test (POST) beeps
    • Proprietary crash screens (blue screen of death [BSOD]/pinwheel)
    • Black screen
    • No power
    • Sluggish performance
    • Overheating
    • Burning smell
    • Intermittent shutdown
    • Application crashes
    • Grinding noise
    • Capacitor swelling
    • Inaccurate system date/time

5.3 Given a scenario, troubleshoot and diagnose problems with storage drives and RAID arrays.

edit
  • Common symptoms
    • Light-emitting diode (LED) status indicators
    • Grinding noises
    • Clicking sounds
    • Bootable device not found
    • Data loss/corruption
    • RAID failure
    • Self-monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) failure
    • Extended read/write times
    • Input/output operations per second (IOPS)
    • Missing drives in OS

5.4 Given a scenario, troubleshoot video, projector, and display issues.

edit
  • Common symptoms
    • Incorrect data source
    • Physical cabling issues
    • Burned-out bulb
    • Fuzzy image
    • Display burn-in
    • Dead pixels
    • Flashing screen
    • Incorrect color display
    • Audio issues
    • Dim image
    • Intermittent projector shutdown

5.5 Given a scenario, troubleshoot common issues with mobile devices.

edit
  • Common symptoms
    • Poor battery health
    • Swollen battery
    • Broken screen
    • Improper charging
    • Poor/no connectivity
    • Liquid damage
    • Overheating
    • Digitizer issues
    • Physically damaged ports
    • Malware
    • Cursor drift/touch calibration

5.6 Given a scenario, troubleshoot and resolve printer issues.

edit
  • Common symptoms
    • Lines down the printed pages
    • Garbled print
    • Toner not fusing to paper
    • Paper jams
    • Faded print
    • Incorrect paper size
    • Paper not feeding
    • Multipage misfeed
    • Multiple prints pending in queue
    • Speckling on printed pages
    • Double/echo images on the print
    • Incorrect color settings
    • Grinding noise
    • Finishing issues
      • Staple jams
      • Hole punch
    • Incorrect page orientation

5.7 Given a scenario, troubleshoot problems with wired and wireless networks.

edit
  • Common symptoms
    • Intermittent wireless connectivity
    • Slow network speeds
    • Limited connectivity
    • Jitter
    • Poor Voice over Internet Protocol (VoIP) quality
    • Port flapping
    • High latency
    • External interference


Core 2

edit

1.0 Operating Systems

edit

1.1 Identify basic features of Microsoft Windows editions.

edit
  • Windows 10 editions
    • Home
    • Pro
    • Pro for Workstations
    • Enterprise
  • Upgrade paths
    • In-place upgrade

  • Feature differences
    • Domain access vs. workgroup
    • Desktop styles/user interface
    • Availability of Remote Desktop Protocol (RDP)
    • Random-access memory (RAM) support limitations
    • BitLocker
    • gpedit.msc

1.2 Given a scenario, use the appropriate Microsoft command-line tool.

edit
  • Navigation
    • cd
    • dir
    • md
    • rmdir
    • Drive navigation inputs:
      • C: or D: or x:

  • Command-line tools
    • ipconfig
    • ping
    • hostname
    • netstat
    • nslookup
    • chkdsk
    • net user
    • net use
    • tracert
    • format
    • xcopy
    • copy
    • robocopy
    • gpupdate
    • gpresult
    • shutdown
    • sfc
    • [command name] /?
    • diskpart
    • pathping
    • winver

1.3 Given a scenario, use features and tools of the Microsoft Windows 10 operating system (OS).

edit
  • Task Manager
    • Services
    • Startup
    • Performance
    • Processes
    • Users

  • Microsoft Management Console (MMC) snap-in
    • Event Viewer (eventvwr.msc)
    • Disk Management (diskmgmt.msc)
    • Task Scheduler (taskschd.msc)
    • Device Manager (devmgmt.msc)
    • Certificate Manager (certmgr.msc)
    • Local Users and Groups (lusrmgr.msc)
    • Performance Monitor (perfmon.msc)
    • Group Policy Editor (gpedit.msc)

  • Additional tools
    • System Information (msinfo32.exe)
    • Resource Monitor (resmon.exe)
    • System Configuration (msconfig.exe)
    • Disk Cleanup (cleanmgr.exe)
    • Disk Defragment (dfrgui.exe)
    • Registry Editor (regedit.exe)

1.4 Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility.

edit
  • Internet Options
  • Devices and Printers
  • Programs and Features
  • Network and Sharing Center
  • System
  • Windows Defender Firewall
  • Mail
  • Sound
  • User Accounts
  • Device Manager
  • Indexing Options
  • Administrative Tools
  • Ease of Access

  • File Explorer Options
    • Show hidden files
    • Hide extensions
    • General options
    • View options
  • Power Options
    • Hibernate
    • Power plans
    • Sleep/suspend
    • Standby
    • Choose what closing the lid does
    • Turn on fast startup
    • Universal Serial Bus (USB) selective suspend

1.5 Given a scenario, use the appropriate Windows settings.

edit
  • Time and Language
  • Update and Security
  • Personalization
  • Apps
  • Privacy

  • System
  • Devices
  • Network and Internet
  • Gaming
  • Accounts

1.6 Given a scenario, configure Microsoft Windows networking features on a client/desktop.

edit
  • Workgroup vs. domain setup
    • Shared resources
    • Printers
    • File servers
    • Mapped drives
  • Client network configuration
    • Internet Protocol (IP) addressing scheme
    • Domain Name System (DNS) settings
    • Subnet mask
    • Gateway
    • Static vs. dynamic

  • Establish network connections
    • Virtual private network (VPN)
    • Wireless
    • Wired
    • Wireless wide area network (WWAN)
  • Proxy settings
  • Public network vs. private network
  • File Explorer navigation – network paths
  • Metered connections and limitations
  • Local OS firewall settings
    • Application restrictions and exceptions
    • Configuration

1.7 Given a scenario, apply application installation and configuration concepts.

edit
  • System requirements for applications
    • 32-bit vs. 64-bit dependent application requirements
    • Dedicated graphics card vs. integrated
    • Video random-access memory (VRAM) requirements
    • RAM requirements
    • Central processing unit (CPU) requirements
    • External hardware tokens
    • Storage requirements

  • OS requirements for applications
    • Application to OS compatibility
    • 32-bit vs. 64-bit OS
  • Distribution methods
    • Physical media vs. downloadable
    • ISO mountable
  • Other considerations for new applications
    • Impact to device
    • Impact to network
    • Impact to operation
    • Impact to business

1.8 Explain common OS types and their purposes.

edit
  • Workstation OSs
    • Windows
    • Linux
    • macOS
    • Chrome OS
  • Cell phone/tablet OSs
    • iPadOS
    • iOS
    • Android

  • Various filesystem types
    • New Technology File System (NTFS)
    • File Allocation Table 32 (FAT32)
    • Third extended filesystem (ext3)
    • Fourth extended filesystem (ext4)
    • Apple File System (APFS)
    • Extensible File Allocation Table (exFAT)
  • Vendor life-cycle limitations
    • End-of-life (EOL)
    • Update limitations
  • Compatibility concerns between OSs

1.9 Given a scenario, perform OS installations and upgrades in a diverse OS environment.

edit
  • Boot methods
    • USB
    • Optical media
    • Network
    • Solid-state/flash drives
    • Internet-based
    • External/hot-swappable drive
    • Internal hard drive (partition)
  • Types of installations
    • Upgrade
    • Recovery partition
    • Clean install
    • Image deployment
    • Repair installation
    • Remote network installation
    • Other considerations
      • Third-party drivers

  • Partitioning
    • GUID [globally unique identifier] Partition Table (GPT)
    • Master boot record (MBR)
  • Drive format
  • Upgrade considerations
    • Backup files and user preferences
    • Application and driver support/ backward compatibility
    • Hardware compatibility
  • Feature updates
    • Product life cycle

1.10 Identify common features and tools of the macOS/desktop OS.

edit
  • Installation and uninstallation of applications
    • File types
      • .dmg
      • .pkg
      • .app
    • App Store
    • Uninstallation process
  • Apple ID and corporate restrictions
  • Best practices
    • Backups
    • Antivirus
    • Updates/patches
  • System Preferences
    • Displays
    • Networks
    • Printers
    • Scanners
    • Privacy
    • Accessibility
    • Time Machine

  • Features
    • Multiple desktops
    • Mission Control
    • Keychain
    • Spotlight
    • iCloud
    • Gestures
    • Finder
    • Remote Disc
    • Dock
  • Disk Utility
  • FileVault
  • Terminal
  • Force Quit

1.11 Identify common features and tools of the Linux client/desktop OS.

edit
  • Common commands
    • ls
    • pwd
    • mv
    • cp
    • rm
    • chmod
    • chown
    • su/sudo
    • apt-get
    • yum
    • ip
    • df
    • grep
    • ps
    • man
    • top
    • find
    • dig
    • cat
    • nano

  • Best practices
    • Backups
    • Antivirus
    • Updates/patches
  • Tools
    • Shell/terminal
    • Samba


2.0 Security

edit

2.1 Summarize various security measures and their purposes.

edit
  • Physical security
    • Access control vestibule
    • Badge reader
    • Video surveillance
    • Alarm systems
    • Motion sensors
    • Door locks
    • Equipment locks
    • Guards
    • Bollards
    • Fences
  • Physical security for staff
    • Key fobs
    • Smart cards
    • Keys
    • Biometrics
      • Retina scanner
      • Fingerprint scanner
      • Palmprint scanner
    • Lighting
    • Magnetometers

  • Logical security
    • Principle of least privilege
    • Access control lists (ACLs)
    • Multifactor authentication (MFA)
    • Email
    • Hard token
    • Soft token
    • Short message service (SMS)
    • Voice call
    • Authenticator application
  • Mobile device management (MDM)
  • Active Directory
    • Login script
    • Domain
    • Group Policy/updates
    • Organizational units
    • Home folder
    • Folder redirection
    • Security groups

2.2 Compare and contrast wireless security protocols and authentication methods.

edit
  • Protocols and encryption
    • WiFi Protected Access 2 (WPA2)
    • WPA3
    • Temporal Key Integrity Protocol (TKIP)
    • Advanced Encryption Standard (AES)

  • Authentication
    • Remote Authentication Dial-In User Service (RADIUS)
    • Terminal Access Controller Access-Control System (TACACS+)
    • Kerberos
    • Multifactor

2.3 Given a scenario, detect, remove, and prevent malware using the appropriate tools and methods.

edit
  • Malware
    • Trojan
    • Rootkit
    • Virus
    • Spyware
    • Ransomware
    • Keylogger
    • Boot sector virus
    • Cryptominers

  • Tools and methods
    • Recovery mode
    • Antivirus
    • Anti-malware
    • Software firewalls
    • Anti-phishing training
    • User education regarding common threats
    • OS reinstallation

2.4 Explain common social-engineering attacks, threats, and vulnerabilities.

edit
  • Social engineering
    • Phishing
    • Vishing
    • Shoulder surfing
    • Whaling
    • Tailgating
    • Impersonation
    • Dumpster diving
    • Evil twin

  • Threats
    • Distributed denial of service (DDoS)
    • Denial of service (DoS)
    • Zero-day attack
    • Spoofing
    • On-path attack
    • Brute-force attack
    • Dictionary attack
    • Insider threat
    • Structured Query Language (SQL) injection
    • Cross-site scripting (XSS)
  • Vulnerabilities
    • Non-compliant systems
    • Unpatched systems
    • Unprotected systems (missing antivirus/missing firewall)
    • EOL OSs
    • Bring your own device (BYOD)

2.5 Given a scenario, manage and configure basic security settings in the Microsoft Windows OS.

edit
  • Defender Antivirus
    • Activate/deactivate
    • Updated definitions
  • Firewall
    • Activate/deactivate
    • Port security
    • Application security
  • Users and groups
    • Local vs. Microsoft account
    • Standard account
    • Administrator
    • Guest user
    • Power user

  • Login OS options
    • Username and password
    • Personal identification number (PIN)
    • Fingerprint
    • Facial recognition
    • Single sign-on (SSO)
  • NTFS vs. share permissions
    • File and folder attributes
    • Inheritance
  • Run as administrator vs. standard user
    • User Account Control (UAC)
  • BitLocker
  • BitLocker To Go
  • Encrypting File System (EFS)

2.6 Given a scenario, configure a workstation to meet best practices for security.

edit
  • Data-at-rest encryption
  • Password best practices
    • Complexity requirements
      • Length
      • Character types
    • Expiration requirements
    • Basic input/output system (BIOS)/Unified Extensible Firmware Interface (UEFI) passwords
  • End-user best practices
    • Use screensaver locks
    • Log off when not in use
    • Secure/protect critical hardware (e.g., laptops)
    • Secure personally identifiable information (PII) and passwords

  • Account management
    • Restrict user permissions
    • Restrict login times
    • Disable guest account
    • Use failed attempts lockout
    • Use timeout/screen lock
  • Change default administrator’s user account/password
  • Disable AutoRun
  • Disable AutoPlay

2.7 Explain common methods for securing mobile and embedded devices.

edit
  • Screen locks
    • Facial recognition
    • PIN codes
    • Fingerprint
    • Pattern
    • Swipe
  • Remote wipes
  • Locator applications
  • OS updates

  • Device encryption
  • Remote backup applications
  • Failed login attempts restrictions
  • Antivirus/anti-malware
  • Firewalls
  • Policies and procedures
    • BYOD vs. corporate owned
    • Profile security requirements
  • Internet of Things (IoT)

2.8 Given a scenario, use common data destruction and disposal methods

edit
  • Physical destruction
    • Drilling
    • Shredding
    • Degaussing
    • Incinerating

  • Recycling or repurposing best practices
    • Erasing/wiping
    • Low-level formatting
    • Standard formatting
  • Outsourcing concepts
    • Third-party vendor
    • Certification of destruction/ recycling

2.9 Given a scenario, configure appropriate security settings on small office/home office (SOHO) wireless and wired networks.

edit
  • Home router settings
    • Change default passwords
    • IP filtering
    • Firmware updates
    • Content filtering
    • Physical placement/secure locations
    • Dynamic Host Configuration Protocol (DHCP) reservations
    • Static wide-area network (WAN) IP
    • Universal Plug and Play (UPnP)
    • Screened subnet

  • Wireless specific
    • Changing the service set identifier (SSID)
    • Disabling SSID broadcast
    • Encryption settings
    • Disabling guest access
    • Changing channels
  • Firewall settings
    • Disabling unused ports
    • Port forwarding/mapping

2.10 Given a scenario, install and configure browsers and relevant security settings.

edit
  • Browser download/installation
    • Trusted sources
      • Hashing
    • Untrusted sources
  • Extensions and plug-ins
    • Trusted sources
    • Untrusted sources
  • Password managers

  • Secure connections/sites – valid certificates
  • Settings
    • Pop-up blocker
    • Clearing browsing data
    • Clearing cache
    • Private-browsing mode
    • Sign-in/browser data synchronization
    • Ad blockers


3.0 Software Troubleshooting

edit

3.1 Given a scenario, troubleshoot common Windows OS problems.

edit
  • Common symptoms
    • Blue screen of death (BSOD)
    • Sluggish performance
    • Boot problems
    • Frequent shutdowns
    • Services not starting
    • Applications crashing
    • Low memory warnings
    • USB controller resource warnings
    • System instability
    • No OS found
    • Slow profile load
    • Time drift

  • Common troubleshooting steps
    • Reboot
    • Restart services
    • Uninstall/reinstall/update applications
    • Add resources
    • Verify requirements
    • System file check
    • Repair Windows
    • Restore
    • Reimage
    • Roll back updates
    • Rebuild Windows profiles

3.2 Given a scenario, troubleshoot common personal computer (PC) security issues.

edit
  • Common symptoms
    • Unable to access the network
    • Desktop alerts
    • False alerts regarding antivirus protection
    • Altered system or personal files
      • Missing/renamed files
    • Unwanted notifications within the OS
    • OS update failures
  • Browser-related symptoms
    • Random/frequent pop-ups
    • Certificate warnings
    • Redirection

3.3 Given a scenario, use best practice procedures for malware removal.

edit
  1. Investigate and verify malware symptoms
  2. Quarantine infected systems
  3. Disable System Restore in Windows
  4. Remediate infected systems
    1. Update anti-malware software
    2. Scanning and removal techniques (e.g., safe mode, preinstallation environment)
  5. Schedule scans and run updates
  6. Enable System Restore and create a restore point in Windows
  7. Educate the end user

3.4 Given a scenario, troubleshoot common mobile OS and application issues.

edit
  • Common symptoms
    • Application fails to launch
    • Application fails to close/crashes
    • Application fails to update
    • Slow to respond
    • OS fails to update
    • Battery life issues
    • Randomly reboots
    • Connectivity issues
      • Bluetooth
      • WiFi
      • Near-field communication (NFC)
      • AirDrop
    • Screen does not autorotate

3.5 Given a scenario, troubleshoot common mobile OS and application security issues.

edit
  • Security concerns
    • Android package (APK) source
    • Developer mode
    • Root access/jailbreak
    • Bootleg/malicious application
      • Application spoofing

  • Common symptoms
    • High network traffic
    • Sluggish response time
    • Data-usage limit notification
    • Limited Internet connectivity
    • No Internet connectivity
    • High number of ads
    • Fake security warnings
    • Unexpected application behavior
    • Leaked personal files/data


4.0 Operational Procedures

edit

4.1 Given a scenario, implement best practices associated with documentation and support systems information management.

edit
  • Ticketing systems
    • User information
    • Device information
    • Description of problems
    • Categories
    • Severity
    • Escalation levels
    • Clear, concise written communication
      • Problem description
      • Progress notes
      • Problem resolution
  • Asset management
    • Inventory lists
    • Database system
    • Asset tags and IDs
    • Procurement life cycle
    • Warranty and licensing
    • Assigned users

  • Types of documents
    • Acceptable use policy (AUP)
    • Network topology diagram
    • Regulatory compliance requirements
      • Splash screens
    • Incident reports
    • Standard operating procedures
      • Procedures for custom installation of software package
    • New-user setup checklist
    • End-user termination checklist
  • Knowledge base/articles

4.2 Explain basic change-management best practices.

edit
  • Documented business processes
    • Rollback plan
    • Sandbox testing
    • Responsible staff member

  • Change management
    • Request forms
    • Purpose of the change
    • Scope of the change
    • Date and time of the change
    • Affected systems/impact
    • Risk analysis
      • Risk level
    • Change board approvals
    • End-user acceptance

4.3 Given a scenario, implement workstation backup and recovery methods.

edit
  • Backup and recovery
    • Full
    • Incremental
    • Differential
    • Synthetic

  • Backup testing
    • Frequency
  • Backup rotation schemes
    • On site vs. off site
    • Grandfather-father-son (GFS)
    • 3-2-1 backup rule

4.4 Given a scenario, use common safety procedures.

edit
  • Electrostatic discharge (ESD) straps
  • ESD mats
  • Equipment grounding
  • Proper power handling
  • Proper component handling and storage
  • Antistatic bags
  • Compliance with government regulations

  • Personal safety
    • Disconnect power before repairing PC
    • Lifting techniques
    • Electrical fire safety
    • Safety goggles
    • Air filtration mask

4.5 Summarize environmental impacts and local environmental controls.

edit
  • Material safety data sheet (MSDS)/documentation for handling and disposal
    • Proper battery disposal
    • Proper toner disposal
    • Proper disposal of other devices and assets
  • Temperature, humidity-level awareness, and proper ventilation
    • Location/equipment placement
    • Dust cleanup
    • Compressed air/vacuums
  • Power surges, under-voltage events, and power failures
    • Battery backup
    • Surge suppressor

4.6 Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts.

edit
  • Incident response
    • Chain of custody
    • Inform management/law enforcement as necessary
    • Copy of drive (data integrity and preservation)
    • Documentation of incident

  • Licensing/digital rights management (DRM)/end-user license agreement (EULA)
    • Valid licenses
    • Non-expired licenses
    • Personal use license vs. corporate use license
    • Open-source license
  • Regulated data
    • Credit card transactions
    • Personal government-issued information
    • PII
    • Healthcare data
    • Data retention requirements

4.7 Given a scenario, use proper communication techniques and professionalism.

edit
  • Professional appearance and attire
    • Match the required attire of the given environment
      • Formal
      • Business casual
  • Use proper language and avoid jargon, acronyms, and slang, when applicable
  • Maintain a positive attitude/ project confidence
  • Actively listen, take notes, and avoid interrupting the customer
  • Be culturally sensitive
    • Use appropriate professional titles, when applicable
  • Be on time (if late, contact the customer)
  • Avoid distractions
    • Personal calls
    • Texting/social media sites
    • Personal interruptions

  • Dealing with difficult customers or situations
    • Do not argue with customers or be defensive
    • Avoid dismissing customer problems
    • Avoid being judgmental
    • Clarify customer statements (ask open-ended questions to narrow the scope of the problem, restate the issue, or question to verify understanding)
    • Do not disclose experience via social media outlets
  • Set and meet expectations/time line and communicate status with the customer
    • Offer repair/replacement options, as needed
    • Provide proper documentation on the services provided
    • Follow up with customer/user at a later date to verify satisfaction
  • Deal appropriately with customers’ confidential and private materials
    • Located on a computer, desktop, printer, etc.

4.8 Identify the basics of scripting.

edit
  • Script file types
    • .bat
    • .ps1
    • .vbs
    • .sh
    • .js
    • .py
  • Use cases for scripting
    • Basic automation
    • Restarting machines
    • Remapping network drives
    • Installation of applications
    • Automated backups
    • Gathering of information/data
    • Initiating updates
  • Other considerations when using scripts
    • Unintentionally introducing malware
    • Inadvertently changing system settings
    • Browser or system crashes due to mishandling of resources

4.9 Given a scenario, use remote access technologies.

edit
  • Methods/tools
    • RDP
    • VPN
    • Virtual network computer (VNC)
    • Secure Shell (SSH)
    • Remote monitoring and management (RMM)
    • Microsoft Remote Assistance (MSRA)
    • Third-party tools
      • Screen-sharing software
      • Video-conferencing software
      • File transfer software
      • Desktop management software
  • Security considerations of each access method

Network+

edit

1.0 Networking Concepts

edit
edit

1.2 Compare and contrast networking appliances, applications, and functions.

edit

1.3 Summarize cloud concepts and connectivity options.

edit
  • Network functions virtualization (NFV)
  • Virtual private cloud (VPC)
  • Network security groups
  • Network security lists
  • Cloud gateways
    • Internet gateway
    • Network address translation (NAT) gateway
  • Cloud connectivity options
    • VPN
    • Direct Connect

1.4 Explain common networking ports, protocols, services, and traffic types.

edit
See Quizlet.
Protocols Ports
File Transfer Protocol (FTP) 20/21
Secure File Transfer Protocol (SFTP) 22
Secure Shell (SSH) 22
Telnet 23
Simple Mail Transfer Protocol (SMTP) 25
Domain Name System (DNS) 53
Dynamic Host Configuration Protocol (DHCP) 67/68
Trivial File Transfer Protocol (TFTP) 69
Hypertext Transfer Protocol (HTTP) 80
Network Time Protocol (NTP) 123
Simple Network Management Protocol (SNMP) 161/162
Lightweight Directory Access Protocol (LDAP) 389
Hypertext Transfer Protocol Secure (HTTPS) 443
Server Message Block (SMB) 445
Syslog 514
Simple Mail Transfer Protocol Secure (SMTPS) 587
Lightweight Directory Access Protocol over SSL (LDAPS) 636
Structured Query Language (SQL) Server 1433
Remote Desktop Protocol (RDP) 3389
Session Initiation Protocol (SIP) 5060/5061

1.5 Compare and contrast transmission media and transceivers.

edit

1.6 Compare and contrast network topologies, architectures, and types.

edit

1.7 Given a scenario, use appropriate IPv4 network addressing.

edit

1.8 Summarize evolving use cases for modern network environments

edit


2.0 Network Implementation

edit

2.1 Explain characteristics of routing technologies.

edit

2.2 Given a scenario, configure switching technologies and features.

edit

2.3 Given a scenario, select and configure wireless devices and technologies.

edit
  • Channels
    • Channel width
    • Non-overlapping channels
    • Regulatory impacts
  • Frequency options

2.4 Explain important factors of physical installations.

edit


3.0 Network Operations

edit

3.1 Explain the purpose of organizational processes and procedures.

edit
  • Documentation
    • Physical vs. logical diagrams
    • Rack diagrams
    • Cable maps and diagrams
    • Network diagrams
      • Layer 1
      • Layer 2
      • Layer 3
    • Asset inventory
      • Hardware
      • Software
      • Licensing
      • Warranty support
    • IP address management (IPAM)
    • Service-level agreement (SLA)
    • Wireless survey/heat map

  • Life-cycle management
    • End-of-life (EOL)
    • End-of-support (EOS)
    • Software management
      • Patches and bug fixes
      • Operating system (OS)
      • Firmware
    • Decommissioning
  • Change management
    • Request process tracking/service request
  • Configuration management
    • Production configuration
    • Backup configuration
    • Baseline/golden configuration

3.2 Given a scenario, use network monitoring technologies.

edit

  • Solutions
    • Network discovery
      • Ad hoc
      • Scheduled
    • Traffic analysis
    • Performance monitoring
    • Availability monitoring
    • Configuration monitoring

3.3 Explain disaster recovery (DR) concepts.

edit

  • High-availability approaches
    • Active-active
    • Active-passive
  • Testing
    • Tabletop exercises
    • Validation tests

3.4 Given a scenario, implement IPv4 and IPv6 network services.

edit

3.5 Compare and contrast network access and management methods.

edit
  • Site-to-site VPN
  • Client-to-site VPN
    • Clientless
    • Split tunnel vs. full tunnel
  • Connection methods
    • SSH
    • Graphical user interface (GUI)
    • API
    • Console
  • Jump box/host
  • In-band vs. out-of-band management


4.0 Network Security

edit

4.1 Explain the importance of basic network security concepts.

edit

4.2 Summarize various types of attacks and their impact to the network.

edit

4.3 Given a scenario, apply network security features, defense techniques, and solutions.

edit

5.0 Network Troubleshooting

edit

5.1 Explain the troubleshooting methodology.

edit

1. Identify the problem

  • Gather information
  • Question users
  • Identify symptoms
  • Determine if anything has changed
  • Duplicate the problem, if possible
  • Approach multiple problems individually

2. Establish a theory of probable cause

  • Question the obvious
  • Consider multiple approaches
    • Top-to-bottom/bottom-to-top OSI model
    • Divide and conquer

3. Test the theory to determine the cause

  • If theory is confirmed, determine next steps to resolve problem
  • If theory is not confirmed, establish a new theory or escalate

4. Establish a plan of action to resolve the problem and identify potential effects

5. Implement the solution or escalate as necessary

6. Verify full system functionality and implement preventive measures if applicable

7. Document findings, actions, outcomes, and lessons learned throughout the process

5.2 Given a scenario, troubleshoot common cabling and physical interface issues.

edit

  • Interface issues
    • Increasing interface counters
    • Port status
      • Error disabled
      • Administratively down
      • Suspended
  • Hardware issues
    • Power over Ethernet (PoE)
      • Power budget exceeded
      • Incorrect standard
    • Transceivers
      • Mismatch
      • Signal strength

5.3 Given a scenario, troubleshoot common issues with network services.

edit

  • Route selection
  • Address pool exhaustion
  • Incorrect default gateway
  • Incorrect IP address
    • Duplicate IP address
  • Incorrect subnet mask

5.4 Given a scenario, troubleshoot common performance issues.

edit

  • Wireless
    • Interference
      • Channel overlap
    • Signal degradation or loss
    • Insufficient wireless coverage
    • Client disassociation issues
    • Roaming misconfiguration

5.5 Given a scenario, use the appropriate tool or protocol to solve networking issues.

edit

  • Hardware tools
  • Basic networking device commands
    • show mac-address-table
    • show route
    • show interface
    • show config
    • show arp
    • show vlan
    • show power

Security+

edit

1.0 General Security Concepts

edit

1.1 Compare and contrast various types of security controls

edit

  • Control types
    • Preventive
    • Deterrent
    • Detective
    • Corrective
    • Compensating
    • Directive

1.2 Summarize fundamental security concepts

edit

1.3 Explain the importance of change management processes and the impact to security.

edit
  • Business processes impacting security operation
    • Approval process
    • Ownership
    • Stakeholders
    • Impact analysis
    • Test results
    • Backout plan
    • Maintenance window
    • Standard operating procedure

  • Technical implications
    • Allow lists/deny lists
    • Restricted activities
    • Downtime
    • Service restart
    • Application restart
    • Legacy applications
    • Dependencies
  • Documentation
    • Updating diagrams
    • Updating policies/procedures
  • Version control

1.4 Explain the importance of using appropriate cryptographic solutions.

edit
  • Public key infrastructure (PKI)
  • Encryption
    • Level
      • Full-disk
      • Partition
      • File
      • Volume
      • Database
      • Record
    • Transport/communication
    • Asymmetric
    • Symmetric
    • Key exchange
    • Algorithms
    • Key length


2.0 Threats, Vulnerabilities, and Mitigations

edit

2.1 Compare and contrast common threat actors and motivations.

edit
  • Threat actors
    • Nation-state
    • Unskilled attacker
    • Hacktivist
    • Insider threat
    • Organized crime
    • Shadow IT
  • Attributes of actors
    • Internal/external
    • Resources/funding
    • Level of sophistication/capability

  • Motivations
    • Data exfiltration
    • Espionage
    • Service disruption
    • Blackmail
    • Financial gain
    • Philosophical/political beliefs
    • Ethical
    • Revenge
    • Disruption/chaos
    • War

2.2 Explain common threat vectors and attack surfaces.

edit
  • Message-based
    • Email
    • Short Message Service (SMS)
    • Instant messaging (IM)
  • Image-based
  • File-based
  • Voice call
  • Removable device
  • Vulnerable software
    • Client-based vs. agentless
  • Unsupported systems and applications
  • Unsecure networks
    • Wireless
    • Wired
    • Bluetooth
  • Open service ports

  • Default credentials
  • Supply chain
    • Managed service providers (MSPs)
    • Vendors
    • Suppliers
  • Human vectors/social engineering
    • Phishing
    • Vishing
    • Smishing
    • Misinformation/disinformation
    • Impersonation
    • Business email compromise
    • Pretexting
    • Watering hole
    • Brand impersonation
    • Typosquatting

2.3 Explain various types of vulnerabilities.

edit
  • Application
    • Memory injection
    • Buffer overflow
    • Race conditions
      • Time-of-check (TOC)
      • Time-of-use (TOU)
    • Malicious update
  • Operating system (OS)-based
  • Web-based
    • Structured Query Language injection (SQLi)
    • Cross-site scripting (XSS)
  • Hardware
    • Firmware
    • End-of-life
    • Legacy

  • Virtualization
    • Virtual machine (VM) escape
    • Resource reuse
  • Cloud-specific
  • Supply chain
    • Service provider
    • Hardware provider
    • Software provider
  • Cryptographic
  • Misconfiguration
  • Mobile device
    • Side loading
    • Jailbreaking
  • Zero-day

2.4 Given a scenario, analyze indicators of malicious activity.

edit
  • Malware attacks
    • Ransomware
    • Trojan
    • Worm
    • Spyware
    • Bloatware
    • Virus
    • Keylogger
    • Logic bomb
    • Rootkit
  • Physical attacks
    • Brute force
    • Radio frequency identification (RFID) cloning
    • Environmental
  • Network attacks
    • Distributed denial-of-service (DDoS)
      • Amplified
      • Reflected
    • Domain Name System (DNS) attacks
    • Wireless
    • On-path
    • Credential replay
    • Malicious code

  • Application attacks
    • Injection
    • Buffer overflow
    • Replay
    • Privilege escalation
    • Forgery
    • Directory traversal
  • Cryptographic attacks
    • Downgrade
    • Collision
    • Birthday
  • Password attacks
    • Spraying
    • Brute force
  • Indicators
    • Account lockout
    • Concurrent session usage
    • Blocked content
    • Impossible travel
    • Resource consumption
    • Resource inaccessibility
    • Out-of-cycle logging
    • Published/documented
    • Missing logs

2.5 Explain the purpose of mitigation techniques used to secure the enterprise.

edit
  • Segmentation
  • Access control
    • Access control list (ACL)
    • Permissions
  • Application allow list
  • Isolation
  • Patching
  • Encryption
  • Monitoring
  • Least privilege

  • Configuration enforcement
  • Decommissioning
  • Hardening techniques
    • Encryption
    • Installation of endpoint protection
    • Host-based firewall
    • Host-based intrusion prevention system (HIPS)
    • Disabling ports/protocols
    • Default password changes
    • Removal of unnecessary software


3.0 Security Architecture

edit

3.1 Compare and contrast security implications of different architecture models.

edit
  • Architecture and infrastructure concepts
    • Cloud
      • Responsibility matrix
      • Hybrid considerations
      • Third-party vendors
    • Infrastructure as code (IaC)
    • Serverless
    • Microservices
    • Network infrastructure
      • Physical isolation
        • Air-gapped
      • Logical segmentation
      • Software-defined networking (SDN)
    • On-premises
    • Centralized vs. decentralized
    • Containerization
    • Virtualization
    • IoT
    • Industrial control systems (ICS)/ supervisory control and data acquisition (SCADA)
    • Real-time operating system (RTOS)
    • Embedded systems
    • High availability

  • Considerations
    • Availability
    • Resilience
    • Cost
    • Responsiveness
    • Scalability
    • Ease of deployment
    • Risk transference
    • Ease of recovery
    • Patch availability
    • Inability to patch
    • Power
    • Compute

3.2 Given a scenario, apply security principles to secure enterprise infrastructure.

edit
  • Infrastructure considerations
    • Device placement
    • Security zones
    • Attack surface
    • Connectivity
    • Failure modes
      • Fail-open
      • Fail-closed
    • Device attribute
      • Active vs. passive
      • Inline vs. tap/monitor
    • Network appliances
      • Jump server
      • Proxy server
      • Intrusion prevention system (IPS)/intrusion detection system (IDS)
      • Load balancer
      • Sensors
    • Port security
      • 802.1X
      • Extensible Authentication Protocol (EAP)
    • Firewall types
      • Web application firewall (WAF)
      • Unified threat management (UTM)
      • Next-generation firewall (NGFW)
      • Layer 4/Layer 7

  • Secure communication/access
    • Virtual private network (VPN)
    • Remote access
    • Tunneling
      • Transport Layer Security (TLS)
      • Internet protocol security (IPSec)
    • Software-defined wide area network (SD-WAN)
    • Secure access service edge (SASE)
  • Selection of effective controls

3.3 Compare and contrast concepts and strategies to protect data.

edit
  • Data types
    • Regulated
    • Trade secret
    • Intellectual property
    • Legal information
    • Financial information
    • Human- and non-human-readable
  • Data classifications
    • Sensitive
    • Confidential
    • Public
    • Restricted
    • Private
    • Critical

  • General data considerations
    • Data states
      • Data at rest
      • Data in transit
      • Data in use
    • Data sovereignty
    • Geolocation
  • Methods to secure data
    • Geographic restrictions
    • Encryption
    • Hashing
    • Masking
    • Tokenization
    • Obfuscation
    • Segmentation
    • Permission restrictions

3.4 Explain the importance of resilience and recovery in security architecture.

edit
  • High availability
    • Load balancing vs. clustering
  • Site considerations
    • Hot
    • Cold
    • Warm
    • Geographic dispersion
  • Platform diversity
  • Multi-cloud systems
  • Continuity of operations
  • Capacity planning
    • People
    • Technology
    • Infrastructure

  • Testing
    • Tabletop exercises
    • Fail over
    • Simulation
    • Parallel processing
  • Backups
    • Onsite/offsite
    • Frequency
    • Encryption
    • Snapshots
    • Recovery
    • Replication
    • Journaling
  • Power
    • Generators
    • Uninterruptible power supply (UPS)


4.0 Security Operations

edit

4.1 Given a scenario, apply common security techniques to computing resources.

edit
  • Secure baselines
    • Establish
    • Deploy
    • Maintain
  • Hardening targets
    • Mobile devices
    • Workstations
    • Switches
    • Routers
    • Cloud infrastructure
    • Servers
    • ICS/SCADA
    • Embedded systems
    • RTOS
    • IoT devices
  • Wireless devices
    • Installation considerations
      • Site surveys
      • Heat maps

  • Mobile solutions
    • Mobile device management (MDM)
    • Deployment models
      • Bring your own device (BYOD)
      • Corporate-owned, personally enabled (COPE)
      • Choose your own device (CYOD)
    • Connection methods
      • Cellular
      • Wi-Fi
      • Bluetooth
  • Wireless security settings
    • Wi-Fi Protected Access 3 (WPA3)
    • AAA/Remote Authentication Dial-In User Service (RADIUS)
    • Cryptographic protocols
    • Authentication protocols
  • Application security
    • Input validation
    • Secure cookies
    • Static code analysis
    • Code signing
  • Sandboxing
  • Monitoring

4.2 Explain the security implications of proper hardware, software, and data asset management.

edit
  • Acquisition/procurement process
  • Assignment/accounting
    • Ownership
    • Classification
  • Monitoring/asset tracking
    • Inventory
    • Enumeration

  • Disposal/decommissioning
    • Sanitization
    • Destruction
    • Certification
    • Data retention

4.3 Explain various activities associated with vulnerability management.

edit
  • Identification methods
    • Vulnerability scan
    • Application security
      • Static analysis
      • Dynamic analysis
      • Package monitoring
    • Threat feed
      • Open-source intelligence (OSINT)
      • Proprietary/third-party
      • Information-sharing organization
      • Dark web
    • Penetration testing
    • Responsible disclosure program
      • Bug bounty program
    • System/process audit

  • Analysis
    • Confirmation
      • False positive
      • False negative
    • Prioritize
    • Common Vulnerability Scoring System (CVSS)
    • Common Vulnerability Enumeration (CVE)
    • Vulnerability classification
    • Exposure factor
    • Environmental variables
    • Industry/organizational impact
    • Risk tolerance
  • Vulnerability response and remediation
    • Patching
    • Insurance
    • Segmentation
    • Compensating controls
    • Exceptions and exemptions
  • Validation of remediation
    • Rescanning
    • Audit
    • Verification
  • Reporting

4.4 Explain security alerting and monitoring concepts and tools.

edit
  • Monitoring computing resources
    • Systems
    • Applications
    • Infrastructure
  • Activities
    • Log aggregation
    • Alerting
    • Scanning
    • Reporting
    • Archiving
    • Alert response and remediation/validation
      • Quarantine
      • Alert tuning

  • Tools
    • Security Content Automation Protocol (SCAP)
    • Benchmarks
    • Agents/agentless
    • Security information and event management (SIEM)
    • Antivirus
    • Data loss prevention (DLP)
    • Simple Network Management Protocol (SNMP) traps
    • NetFlow
    • Vulnerability scanners

4.5 Given a scenario, modify enterprise capabilities to enhance security.

edit
  • Firewall
    • Rules
    • Access lists
    • Ports/protocols
    • Screened subnets
  • IDS/IPS
    • Trends
    • Signatures
  • Web filter
    • Agent-based
    • Centralized proxy
    • Universal Resource Locator (URL) scanning
    • Content categorization
    • Block rules
    • Reputation
  • Operating system security
    • Group Policy
    • SELinux

  • Implementation of secure protocols
    • Protocol selection
    • Port selection
    • Transport method
  • DNS filtering
  • Email security
    • Domain-based Message Authentication Reporting and Conformance (DMARC)
    • DomainKeys Identified Mail (DKIM)
    • Sender Policy Framework (SPF)
    • Gateway
  • File integrity monitoring
  • DLP
  • Network access control (NAC)
  • Endpoint detection and response (EDR)/extended detection and response (XDR)
  • User behavior analytics

4.6 Given a scenario, implement and maintain identity and access management.

edit
  • Provisioning/de-provisioning user accounts
  • Permission assignments and implications
  • Identity proofing
  • Federation
  • Single sign-on (SSO)
    • Lightweight Directory Access Protocol (LDAP)
    • Open authorization (OAuth)
    • Security Assertions Markup Language (SAML)
  • Interoperability
  • Attestation
  • Access controls
    • Mandatory
    • Discretionary
    • Role-based
    • Rule-based
    • Attribute-based
    • Time-of-day restrictions
    • Least privilege

  • Multifactor authentication
    • Implementations
      • Biometrics
      • Hard/soft authentication tokens
      • Security keys
    • Factors
      • Something you know
      • Something you have
      • Something you are
      • Somewhere you are
  • Password concepts
    • Password best practices
      • Length
      • Complexity
      • Reuse
      • Expiration
      • Age
    • Password managers
    • Passwordless
  • Privileged access management tools
    • Just-in-time permissions
    • Password vaulting
    • Ephemeral credentials

edit
  • Use cases of automation and scripting
    • User provisioning
    • Resource provisioning
    • Guard rails
    • Security groups
    • Ticket creation
    • Escalation
    • Enabling/disabling services and access
    • Continuous integration and testing
    • Integrations and Application programming interfaces (APIs)

  • Benefits
    • Efficiency/time saving
    • Enforcing baselines
    • Standard infrastructure configurations
    • Scaling in a secure manner
    • Employee retention
    • Reaction time
    • Workforce multiplier
  • Other considerations
    • Complexity
    • Cost
    • Single point of failure
    • Technical debt
    • Ongoing supportability

4.8 Explain appropriate incident response activities.

edit
  • Process
    • Preparation
    • Detection
    • Analysis
    • Containment
    • Eradication
    • Recovery
    • Lessons learned
  • Training
  • Testing
    • Tabletop exercise
    • Simulation

  • Root cause analysis
  • Threat hunting
  • Digital forensics
    • Legal hold
    • Chain of custody
    • Acquisition
    • Reporting
    • Preservation
    • E-discovery

4.9 Given a scenario, use data sources to support an investigation

edit
  • Log data
    • Firewall logs
    • Application logs
    • Endpoint logs
    • OS-specific security logs
    • IPS/IDS logs
    • Network logs
    • Metadata

  • Data sources
    • Vulnerability scans
    • Automated reports
    • Dashboards
    • Packet captures


5.0 Security Program Management and Oversight

edit

5.1 Summarize elements of effective security governance.

edit

  • External considerations
    • Regulatory
    • Legal
    • Industry
    • Local/regional
    • National
    • Global
  • Monitoring and revision
  • Types of governance structures
    • Boards
    • Committees
    • Government entities
    • Centralized/decentralized
  • Roles and responsibilities for systems and data
    • Owners
    • Controllers
    • Processors
    • Custodians/stewards

5.2 Explain elements of the risk management process

edit

5.3 Explain the processes associated with third-party risk assessment and management.

edit
  • Vendor assessment
    • Penetration testing
    • Right-to-audit clause
    • Evidence of internal audits
    • Independent assessments
    • Supply chain analysis
  • Vendor selection
    • Due diligence
    • Conflict of interest

  • Agreement types
    • Service-level agreement (SLA)
    • Memorandum of agreement (MOA)
    • Memorandum of understanding (MOU)
    • Master service agreement (MSA)
    • Work order (WO)/statement of work (SOW)
    • Non-disclosure agreement (NDA)
    • Business partners agreement (BPA)
  • Vendor monitoring
  • Questionnaires
  • Rules of engagement

5.4 Summarize elements of effective security compliance.

edit
  • Compliance reporting
    • Internal
    • External
  • Consequences of non-compliance
    • Fines
    • Sanctions
    • Reputational damage
    • Loss of license
    • Contractual impacts
  • Compliance monitoring
    • Due diligence/care
    • Attestation and acknowledgement
    • Internal and external
    • Automation

  • Privacy
    • Legal implications
      • Local/regional
      • National
      • Global
    • Data subject
    • Controller vs. processor
    • Ownership
    • Data inventory and retention
    • Right to be forgotten

5.5 Explain types and purposes of audits and assessments.

edit
  • Attestation
  • Internal
    • Compliance
    • Audit committee
    • Self-assessments
  • External
    • Regulatory
    • Examinations
    • Assessment
    • Independent third-party audit

  • Penetration testing
    • Physical
    • Offensive
    • Defensive
    • Integrated
    • Known environment
    • Partially known environment
    • Unknown environment
    • Reconnaissance
      • Passive
      • Active

5.6 Given a scenario, implement security awareness practices.

edit
  • Phishing
    • Campaigns
    • Recognizing a phishing attempt
    • Responding to reported suspicious messages
  • Anomalous behavior recognition
    • Risky
    • Unexpected
    • Unintentional

  • User guidance and training
    • Policy/handbooks
    • Situational awareness
    • Insider threat
    • Password management
    • Removable media and cables
    • Social engineering
    • Operational security
    • Hybrid/remote work environments
  • Reporting and monitoring
    • Initial
    • Recurring
  • Development
  • Execution