| Topic |
Details |
Security Architecture 29%
|
| Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network. |
– Services
- Load balancer
- Intrusion detection system (IDS)/network intrusion detection system (NIDS)/wireless intrusion detection system (WIDS)
- Intrusion prevention system (IPS)/network intrusion prevention system (NIPS)/wireless intrusion prevention system (WIPS)
- Web application firewall (WAF)
- Network access control (NAC)
- Virtual private network (VPN)
- Domain Name System Security Extensions (DNSSEC)
- Firewall/unified threat management (UTM)/next-generation firewall (NGFW)
- Network address translation (NAT) gateway
- Internet gateway
- Forward/transparent proxy
- Reverse proxy
- Distributed denial-of-service (DDoS) protection
- Routers
- Mail security
- Application programming interface (API) gateway/Extensible Markup Language (XML) gateway
- Traffic mirroring
-Switched port analyzer (SPAN) ports
-Port mirroring
– Virtual private cloud (VPC)
-Network tap
- Sensors
-Security information and event management (SIEM)
-File integrity monitoring (FIM)
-Simple Network Management Protocol (SNMP) traps
-NetFlow
-Data loss prevention (DLP)
-Antivirus
– Segmentation
- Microsegmentation
- Local area network (LAN)/virtual local area network (VLAN)
- Jump box
- Screened subnet
- Data zones
- Staging environments
- Guest environments
- VPC/virtual network (VNET)
- Availability zone
- NAC lists
- Policies/security groups
- Regions
- Access control lists (ACLs)
- Peer-to-peer
- Air gap
– Deperimeterization/zero trust
- Cloud
- Remote work
- Mobile
- Outsourcing and contracting
- Wireless/radio frequency (RF) networks
– Merging of networks from various organizations
- Peering
- Cloud to on premises
- Data sensitivity levels
- Mergers and acquisitions
- Cross-domain
- Federation
- Directory services
– Software-defined networking (SDN)
- Open SDN
- Hybrid SDN
- SDN overlay
|
| Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design. |
– Scalability
– Resiliency
- High availability
- Diversity/heterogeneity
- Course of action orchestration
- Distributed allocation
- Redundancy
- Replication
- Clustering
– Automation
- Autoscaling
- Security Orchestration, Automation, and Response (SOAR)
- Bootstrapping
– Performance
– Containerization
– Virtualization
– Content delivery network
– Caching |
| Given a scenario, integrate software applications securely into an enterprise architecture. |
– Baseline and templates
- Secure design patterns/ types of web technologies
-Storage design patterns
- Container APIs
- Secure coding standards
- Application vetting processes
- API management
- Middleware
– Software assurance
- Sandboxing/development environment
- Validating third-party libraries
- Defined DevOps pipeline
- Code signing
- Interactive application security testing (IAST) vs. dynamic application security testing (DAST) vs. static application security testing (SAST)
– Considerations of integrating enterprise applications
- Customer relationship management (CRM)
- Enterprise resource planning (ERP)
- Configuration management database (CMDB)
- Content management system (CMS)
- Integration enablers
-Directory services
-Domain name system (DNS)
-Service-oriented architecture (SOA)
-Enterprise service bus (ESB)
– Integrating security into development life cycle
- Formal methods
- Requirements
- Fielding
- Insertions and upgrades
- Disposal and reuse
- Testing
-Regression
-Unit testing
-Integration testing
- Development approaches
-SecDevOps
-Agile
-Waterfall
-Spiral
-Versioning
-Continuous integration/continuous delivery (CI/CD) pipelines
- Best practices
-Open Web Application Security Project (OWASP)
-Proper Hypertext Transfer Protocol (HTTP) headers
|
| Given a scenario, implement data security techniques for securing enterprise architecture. |
– Data loss prevention
- Blocking use of external media
- Print blocking
- Remote Desktop Protocol (RDP) blocking
- Clipboard privacy controls
- Restricted virtual desktop infrastructure (VDI) implementation
- Data classification blocking
– Data loss detection
- Watermarking
- Digital rights management (DRM)
- Network traffic decryption/deep packet inspection
- Network traffic analysis
– Data classification, labeling, and tagging
– Obfuscation
- Tokenization
- Scrubbing
- Masking
– Anonymization
– Encrypted vs. unencrypted
– Data life cycle
- Create
- Use
- Share
- Store
- Archive
- Destroy
– Data inventory and mapping
– Data integrity management
– Data storage, backup, and recovery
- Redundant array of inexpensive disks (RAID)
|
| Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls. |
– Credential management
- Password repository application
-End-user password storage
-On premises vs. cloud repository
- Hardware key manager
- Privileged access management
– Password policies
- Complexity
- Length
- Character classes
- History
- Maximum/minimum age
- Auditing
- Reversable encryption
– Federation
- Transitive trust
- OpenID
- Security Assertion Markup Language (SAML)
- Shibboleth
– Access control
- Mandatory access control (MAC)
- Discretionary access control (DAC)
- Role-based access control
- Rule-based access control
- Attribute-based access control
– Protocols
- Remote Authentication Dial-in User Server (RADIUS)
- Terminal Access Controller Access Control System (TACACS)
- Diameter
- Lightweight Directory Access Protocol (LDAP)
- Kerberos
- OAuth
- 802.1X
- Extensible Authentication Protocol (EAP)
– Multifactor authentication (MFA)
- Two-factor authentication (2FA)
- 2-Step Verification
- In-band
- Out-of-band
– One-time password (OTP)
- HMAC-based one-time password (HOTP)
- Time-based one-time password (TOTP)
– Hardware root of trust- Single sign-on (SSO)- JavaScript Object Notation (JSON) web token (JWT)- Attestation and identity proofing
|
| Given a set of requirements, implement secure cloud and virtualization solutions. |
– Virtualization strategies
- Type 1 vs. Type 2 hypervisors
- Containers
- Emulation
- Application virtualization
- VDI
– Provisioning and deprovisioning
– Middleware
– Metadata and tags
– Deployment models and considerations
- Business directives
-Cost
-Scalability
-Resources
-Location
-Data protection
- Cloud deployment models
-Private
-Public
-Hybrid
-Community
– Hosting models
- Multitenant
- Single-tenant
– Service models
- Software as a service (SaaS)
- Platform as a service (PaaS)
- Infrastructure as a service (IaaS)
– Cloud provider limitations
- Internet Protocol (IP) address scheme
- VPC peering
– Extending appropriate on-premises controls
– Storage models
- Object storage/file-based storage
- Database storage
- Block storage
- Blob storage
- Key-value pairs
|
| Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements. |
– Privacy and confidentiality requirements
– Integrity requirements
– Non-repudiation
– Compliance and policy requirements
– Common cryptography use cases
- Data at rest
- Data in transit
- Data in process/data in use
- Protection of web services
- Embedded systems
- Key escrow/management
- Mobile security
- Secure authentication
- Smart card
– Common PKI use cases
- Web services
- Email
- Code signing
- Federation
- Trust models
- VPN
- Enterprise and security automation/orchestration
|
| Explain the impact of emerging technologies on enterprise security and privacy. |
– Artificial intelligence
– Machine learning
– Quantum computing
– Blockchain
– Homomorphic encryption
- Private information retrieval
- Secure function evaluation
- Private function evaluation
– Secure multiparty computation
– Distributed consensus
– Big Data
– Virtual/augmented reality
– 3-D printing
– Passwordless authentication
– Nano technology
– Deep learning
- Natural language processing
- Deep fakes
-Biometric impersonation
|
Security Operations 30%
|
| Given a scenario, perform threat management activities. |
– Intelligence types
- Tactical
-Commodity malware
- Strategic
-Targeted attacks
- Operational
-Threat hunting
-Threat emulation
– Actor types
- Advanced persistent threat (APT)/nation-state
- Insider threat
- Competitor
- Hacktivist
- Script kiddie
- Organized crime
– Threat actor properties
- Resource
-Time
-Money
- Supply chain access
- Create vulnerabilities
- Capabilities/sophistication
- Identifying techniques
– Intelligence collection methods
- Intelligence feeds
- Deep web
- Proprietary
- Open-source intelligence (OSINT)
- Human intelligence (HUMINT)
– Frameworks
- MITRE Adversarial Tactics, Techniques, & Common knowledge (ATT&CK)
-ATT&CK for industrial control system (ICS)
- Diamond Model of Intrusion Analysis
- Cyber Kill Chain
|
| Given a scenario, analyze indicators of compromise and formulate an appropriate response. |
– Indicators of compromise
- Packet capture (PCAP)
- Logs
-Network logs
-Vulnerability logs
-Operating system logs
-Access logs
-NetFlow logs
- Notifications
-FIM alerts
-SIEM alerts
-DLP alerts
-IDS/IPS alerts
-Antivirus alerts
- Notification severity/priorities
- Unusual process activity
– Response
- Firewall rules
- IPS/IDS rules
- ACL rules
- Signature rules
- Behavior rules
- DLP rules
- Scripts/regular expressions
|
| Given a scenario, perform vulnerability management activities. |
– Vulnerability scans
- Credentialed vs. non-credentialed
- Agent-based/server-based
- Criticality ranking
- Active vs. passive
– Security Content Automation Protocol (SCAP)
- Extensible Configuration Checklist Description Format (XCCDF)
- Open Vulnerability and Assessment Language (OVAL)
- Common Platform Enumeration (CPE)
- Common Vulnerabilities and Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Common Configuration Enumeration (CCE)
- Asset Reporting Format (ARF)
– Self-assessment vs. third-party vendor assessment
– Patch management
– Information sources
- Advisories
- Bulletins
- Vendor websites
- Information Sharing and Analysis Centers (ISACs)
- News reports
|
| Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools. |
– Methods
- Static analysis
- Dynamic analysis
- Side-channel analysis
- Reverse engineering
-Software
-Hardware
- Wireless vulnerability scan
- Software composition analysis
- Fuzz testing
- ivoting
- Post-exploitation
- Persistence
– Tools
- SCAP scanner
- Network traffic analyzer
- Vulnerability scanner
- Protocol analyzer
- Port scanner
- HTTP interceptor
- Exploit framework
- Password cracker
– Dependency management
– Requirements
- Scope of work
- Rules of engagement
- Invasive vs. non-invasive
- Asset inventory
- Permissions and access
- Corporate policy considerations
- Facility considerations
- Physical security considerations
- Rescan for corrections/changes
|
| Given a scenario, analyze vulnerabilities and recommend risk mitigations. |
– Vulnerabilities
- Race conditions
- Overflows
-Buffer
-Integer
- Broken authentication
- Unsecure references
- Poor exception handling
- Security misconfiguration
- Improper headers
- Information disclosure
- Certificate errors
- Weak cryptography implementations
- Weak ciphers
- Weak cipher suite implementations
- Software composition analysis
- Use of vulnerable frameworks and software modules
- Use of unsafe functions
- Third-party libraries
-Dependencies
-Code injections/malicious changes
-End of support/end of life
-Regression issues
– Inherently vulnerable system/application
- Client-side processing vs. server-side processing
- JSON/representational state transfer (REST)
- Browser extensions
-Flash
-ActiveX
- Hypertext Markup Language 5 (HTML5)
- Asynchronous JavaScript and XML (AJAX)
- Simple Object Access Protocol (SOAP)
- Machine code vs. bytecode or interpreted vs. emulated
– Attacks
- Directory traversal
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Injection
-XML
-LDAP
-Structured Query Language (SQL)
-Command
-Process
- Sandbox escape
- Virtual machine (VM) hopping
- VM escape
- Border Gateway Protocol (BGP)/route hijacking
- Interception attacks
- Denial-of-service (DoS)/DDoS
- Authentication bypass
- Social engineering
- VLAN hopping
|
