Welcome

Exam Information

Exam Tips

Resources

Domain Introduction

2.1a - Threat Actors

2.1b - Attributes of actors

2.1c - Motivations

2.2a - Message-based

2.2b - Image-based

2.2c - File-based

2.2d - Voice call

2.2e - Removable device

2.2f - Vulnerable software

2.2g - Unsupported systems and applications

2.2h - Unsecure networks

2.2i - Open service ports

2.2j - Default credentials

2.2k - Supply chain

2.2l - Human vectors/social engineering

2.3a - Application vulnerabilities

2.3b - Operating system (OS)-based vulnerabilities

2.3c - Web-based vulnerabilities

2.3d - Hardware vulnerabilities

2.3e - Virtualization vulnerabilities

2.3f - Cloud-specific vulnerabilities

2.3g - Supply chain vulnerabilities

2.3h - Cryptographic vulnerabilities

2.3i - Vulnerabilities caused by misconfiguration

2.3j - Mobile device vulnerabilities

2.3k - Zero-day vulnerabilities

2.4a - Malware attacks

2.4b - Physical attacks

2.4c - Network attacks

2.4d - Application attacks

2.4e - Cryptographic attacks

2.4f - Password attacks

2.4g - Indicators

2.5a - Segmentation

2.5b - Access control

2.5c - Application allow list

2.5d - Isolation

2.5e - Patching

2.5f - Encryption

2.5g - Monitoring

2.5h - Least privilege

2.5i - Configuration enforcement

2.5j - Decommissioning

2.5k - Hardening techniques

Domain 2 Assessment Quiz

Domain Introduction

3.1a - Architecture and infrastructure concepts

3.1b - Considerations

3.2a - Infrastructure considerations

3.2b - Secure communication/access

3.2c - Selection of effective controls

3.3a - Data types

3.3b - Data classifications

3.3c - General data considerations

3.3d - Methods to secure data

3.4a - High availability

3.4b - Site considerations

3.4c - Platform diversity

3.4d - Multi-cloud systems

3.4e - Continuity of operations

3.4f - Capacity planning

3.4g - Testing

3.4h - Backups

3.4i - Power

Domain 3 Assessment Quiz

Domain Introduction

4.1a - Secure baselines

4.1b - Hardening targets

4.1c - Wireless devices

4.1d - Mobile solutions

4.1e - Wireless security settings

4.1f - Application security

4.1g - Sandboxing

4.1h - Monitoring

4.2a - Acquisition/procurement process

4.2b - Assignment/accounting

4.2c - Monitoring/asset tracking

4.2d - Disposal/decommissioning

4.3a - Identification methods

4.3b - Analysis

4.3c - Vulnerability response and remediation

4.3d - Validation of remediation

4.3e - Reporting

4.4a - Monitoring computing resources

4.4b - Activities

4.4c - Tools

4.5a - Firewall

4.5b - IDS/IPS

4.5c - Web filter

4.5d - Operating system security

4.5e - Implementation of secure protocols

4.5f - DNS filtering

4.5g - Email security

4.5h - File integrity monitoring

4.5i - DLP

4.5j - Network access control (NAC)

4.5k - Endpoint detection and response (EDR)/extended detection and response (XDR)

4.5l - User behavior analytics

4.6a - Provisioning/de-provisioning user accounts

4.6b - Permission assignments and implications

4.6c - Identity proofing

4.6d - Federation

4.6e - Single sign-on (SSO)

4.6f - Interoperability

4.6g - Attestation

4.6h - Access controls

4.6i - Multifactor authentication

4.6j - Password concepts

4.6k - Privileged access management tools

4.7a - Use cases of automation and scripting

4.7b - Benefits

4.7c - Other considerations

4.8a - Process

4.8b - Training

4.8c - Testing

4.8d - Root cause analysis

4.8e - Threat hunting

4.8f - Digital forensics

4.9a - Log data

4.9b - Data sources

Domain 4 Assessment Quiz

Domain Introduction

5.1 a - Guidelines

5.1b - Policies

5.1c - Standards

5.1d - Procedures

5.1e - External considerations

5.1f - Monitoring and revision

5.1g - Types of governance structures

5.1h - Roles and responsibilities for systems and data

5.2a - Risk identification

5.2b - Risk assessment

5.2c - Risk analysis

5.2d - Risk register

5.2e - Risk tolerance

5.2f - Risk appetite

5.2g - Risk management strategies

5.2h - Risk reporting

5.2i - Business impact analysis

5.3a - Vendor assessment

5.3b - Vendor selection

5.3c - Agreement types

5.3d - Vendor monitoring

5.3e - Questionnaires

5.3f - Rules of engagement

5.4a - Compliance reporting

5.4b - Consequences of non-compliance

5.4c - Compliance monitoring

5.4d - Privacy

5.5a - Attestation

5.5b - Internal

5.5c - External

5.5d - Penetration testing

5.6a - Phishing

5.6b - Anomalous behavior recognition

5.6c - User guidance and training

5.6d - Reporting and monitoring

5.6e - Development

5.6f - Execution

Domain 5 Assessment Quiz

Conclusion

Mock Exam 1

Mock Exam 2

Mock Exam 3