(ISC)²

CMGT-431v8: Information Systems Security

(UOP-CMGT431v8.AE1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Security

  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Evaluate and Apply Security Governance Principles
  • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling Concepts and Methodologies
  • Apply Risk-Based Management Concepts to the Supply Chain
  • Written Lab
  • Personnel Security Policies and Procedures
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Manage the Security Function
  • Written Lab
  • Assess and Mitigate Security Vulnerabilities
  • Client-Based Systems
  • Server-Based Systems
  • Database Systems Security
  • Distributed Systems and Endpoint Security
  • Internet of Things
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Written Lab
2

Secure Networks and Communications

  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • Secure Network Components
  • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
  • Written Lab
  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Written Lab
3

Identity and Access Management (IAM)

  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Written Lab
  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Written Lab
4

Security Assessment and Operations

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Written Lab
  • Applying Security Operations Concepts
  • Securely Provisioning Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Written Lab
  • Managing Incident Response
  • Implementing Detective and Preventive Measures
  • Logging, Monitoring, and Auditing
  • Written Lab
5

Security Operations

  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Written Lab
  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Written Lab

1

Security

  • Encrypting the Disk
  • Encrypting a File or Folder
  • Configuring Audit Group Policy
  • Completing the Chain of Custody
  • Assigning Permissions to Folders
  • Identifying risk actions
  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Configuring Standard Access Control List
  • Configuring Extended Access Control List
  • Identifying protection mechanisms
2

Secure Networks and Communications

  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Using Windows Firewall
  • Configuring Linux Firewall Using Iptable
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting systems to the Internet through a router
  • Identifying firewall techniques
  • Identifying types of cable
  • Identifying components of a coaxial cable
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Configuring IPSec
  • Configuring VLAN
  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Configuring a VPN
  • Identifying VPN protocols
  • Configuring Static NAT
  • Configuring Dynamic NAT
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries
  • Performing ARP Spoofing
  • Identifying types of Denial of Service attacks
3

Identity and Access Management (IAM)

  • Identifying access control types
  • Identifying authorization mechanisms
  • Restricting Local Accounts
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Identifying responsibilities
  • Reviewing an Authorization Letter for Penetration Testing
  • Identifying attacks
  • Identifying social engineering attacks
4

Security Assessment and Operations

  • Configuring User Access Control Setting
  • Scanning Ports Using Metasploit
  • Exploiting Windows 7 Using Metasploit
  • Enabling a Keylogger in a Target Machine
  • Conducting Vulnerability Scanning Using Nessus
  • Using nmap for Scanning
  • Identifying terms associated with data destruction
  • Identifying steps within an effective patch management program
  • Identifying steps in incident response management
  • Enabling Intrusion Prevention and Detection
  • Configuring Snort
  • Identifying malicious attacks
  • Working with a host-based IDS
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • Performing DoS Attack with SYN Flood
5

Security Operations

  • Identifying RAID level characteristics
  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests
  • Taking a Full Backup
  • Taking Incremental Backup
  • Configuring RAID 5
  • Identifying computer crime types