Scribd Logo
Upload

Welcome to Scribd!

  • 86 views

    Security Plus 601 ObjectivesMap

    Uploaded by

    st
    This document outlines various cybersecurity objectives and their associated descriptions and locations. It covers topics such as social engineering techniques, malware, password attacks, physical attacks, application attacks, and more. For each objective, specific related terms are defined such as phishing, ransomware, dictionary attacks, and privilege escalation. Associated chapter and module references are provided for further information on each term.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Security Plus 601 ObjectivesMap

    Uploaded by

    st
    86 views20 pages
    This document outlines various cybersecurity objectives and their associated descriptions and locations. It covers topics such as social engineering techniques, malware, password attacks, physical attacks, application attacks, and more. For each objective, specific related terms are defined such as phishing, ransomware, dictionary attacks, and privilege escalation. Associated chapter and module references are provided for further information on each term.

    Original Description:

    Security plus

    Original Title

    Security_Plus_601_ObjectivesMap

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document outlines various cybersecurity objectives and their associated descriptions and locations. It covers topics such as social engineering techniques, malware, password attacks, physical attacks, application attacks, and more. For each objective, specific related terms are defined such as phishing, ransomware, dictionary attacks, and privilege escalation. Associated chapter and module references are provided for further information on each term.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    86 views20 pages

    Security Plus 601 ObjectivesMap

    Uploaded by

    st
    This document outlines various cybersecurity objectives and their associated descriptions and locations. It covers topics such as social engineering techniques, malware, password attacks, physical attacks, application attacks, and more. For each objective, specific related terms are defined such as phishing, ransomware, dictionary attacks, and privilege escalation. Associated chapter and module references are provided for further information on each term.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    You are on page 1of 20
    At a glance
    Powered by AI
    The document discusses various cybersecurity threats, attacks, vulnerabilities and countermeasures across multiple pages.

    Some social engineering techniques discussed include phishing, smishing, vishing, spam, spear phishing and others.

    Malware attacks described include ransomware, trojans, worms, potentially unwanted programs, fileless viruses and others.

    Obj Num Obective Description Location

    1.0 Threats, Attacks, and Vulnerabilities


    1.1 Compare and contrast different types of social engineering techniques
    1.1.1 • Phishing Chapter 13, Module A
    1.1.2 • Smishing Chapter 13, Module A
    1.1.3 • Vishing Chapter 13, Module A
    1.1.4 • Spam Chapter 13, Module A
    1.1.5 • Spam over Internet messaging (SPIM) Chapter 13, Module A
    1.1.6 • Spear phishing Chapter 13, Module A
    1.1.7 • Dumpster diving Chapter 13, Module A
    1.1.8 • Shoulder surfing Chapter 13, Module A
    1.1.9 • Pharming Chapter 4, Module A
    1.1.10 • Tailgating Chapter 13, Module A
    1.1.11 • Eliciting information Chapter 13, Module A
    1.1.12 • Whaling Chapter 13, Module A
    1.1.13 • Prepending Chapter 13, Module A
    1.1.14 • Identity fraud Chapter 13, Module A
    1.1.15 • Invoice scams Chapter 13, Module A
    1.1.16 • Credential harvesting Chapter 13, Module A
    1.1.17 • Reconnaissance Chapter 13, Module A
    1.1.18 • Hoax Chapter 13, Module A
    1.1.19 • Impersonation Chapter 13, Module A
    1.1.20 • Watering hole attack Chapter 9, Module A
    1.1.21 • Typo squatting Chapter 13, Module A
    1.1.22 • Pretexting Chapter 13, Module A
    1.1.23 • Influence campaigns Chapter 13, Module A
    1.1.23.1 -Hybrid warfare Chapter 13, Module A
    1.1.23.2 -Social media Chapter 13, Module A
    1.1.24 • Principles (reasons for effectiveness) Chapter 13, Module A
    1.1.24.1 -Authority Chapter 13, Module A
    1.1.24.2 -Intimidation Chapter 13, Module A
    1.1.24.3 -Consensus Chapter 13, Module A
    1.1.24.4 -Scarcity Chapter 13, Module A
    1.1.24.5 -Familiarity Chapter 13, Module A
    1.1.24.6 -Trust Chapter 13, Module A
    1.1.24.7 -Urgency Chapter 13, Module A

    1.2 Given a scenario, analyze potential indicators to determine the type of attack
    1.2.1 • Malware Chapter 9, Module A
    1.2.1.1 -Ransomware Chapter 9, Module A
    1.2.1.2 -Trojans Chapter 9, Module A
    1.2.1.3 -Worms Chapter 9, Module A
    1.2.1.4 -Potentially unwanted programs (PUPs) Chapter 9, Module A
    1.2.1.5 -Fileless virus Chapter 9, Module A
    1.2.1.6 -Command and control Chapter 9, Module A
    1.2.1.7 -Bots Chapter 9, Module A
    1.2.1.8 -Cryptomalware Chapter 9, Module A
    1.2.1.9 -Logic bombs Chapter 9, Module A
    1.2.1.10 -Spyware Chapter 9, Module A
    1.2.1.11 -Keyloggers Chapter 9, Module A
    1.2.1.12 -Remote access Trojan (RAT) Chapter 9, Module A
    1.2.1.13 -Rootkit Chapter 9, Module A
    1.2.1.14 -Backdoor Chapter 9, Module A
    1.2.2 • Password attacks Chapter 4, Module A
    1.2.2.1 -Spraying Chapter 4, Module A
    1.2.2.2 -Dictionary Chapter 4, Module A
    1.2.2.3 -Brute force Chapter 4, Module A
    1.2.2.3.1 -Offline Chapter 4, Module A
    1.2.2.3.2 -Online Chapter 4, Module A
    1.2.2.4 -Rainbow tables Chapter 4, Module A
    1.2.2.5 -Plaintext/unencrypted Chapter 4, Module A
    1.2.3 • Physical attacks Various
    1.2.3.1 -Malicious universal serial bus (USB) cable Chapter 9, Module A
    1.2.3.2 -Malicious flash drive Chapter 9, Module A
    1.2.3.3 -Card cloning Chapter 4, Module A
    Obj Num Obective Description Location
    1.2.3.4 -Skimming Chapter 4, Module A
    1.2.4 • Adversarial artificial intelligence (AI) Chapter 2, Module A
    1.2.4.1 -Tainted training data for machine learning(ML) Chapter 2, Module A
    1.2.4.2 -Security of machine learning algorithms Chapter 2, Module A
    1.2.5 • Supply-chain attacks Chapter 2, Module B
    1.2.6 • Cloud-based vs. on-premises attacks Chapter 12, Module B
    1.2.7 • Cryptographic attacks Chapter 4, Module A
    1.2.7.1 -Birthday Chapter 4, Module A
    1.2.7.2 -Collision Chapter 4, Module A
    1.2.7.3 -Downgrade Chapter 4, Module A

    1.3 Given a scenario, analyze potential indicators associated with application attacks
    1.3.1 • Privilege escalation Chapter 11, Module A
    1.3.2 • Cross-site scripting Chapter 11, Module A
    1.3.3 • Injections Chapter 11, Module A
    1.3.3.1 -Structured query language(SQL) Chapter 11, Module A
    1.3.3.2 -Dynamic link library (DLL) Chapter 11, Module A
    1.3.3.3 -Lightweight directory access protocol (LDAP) Chapter 11, Module A
    1.3.3.4 -Extensible markup language (XML) Chapter 11, Module A
    1.3.4 • Pointer/object dereference Chapter 11, Module A
    1.3.5 • Directory traversal Chapter 11, Module A
    1.3.6 • Buffer overflows Chapter 11, Module A
    1.3.7 • Race conditions Chapter 11, Module A
    1.3.7.1 -Time of check/time of use Chapter 11, Module A
    1.3.8 • Error handling Chapter 11, Module B
    1.3.9 • Improper input handling Chapter 11, Module A
    1.3.10 • Replay attack Chapter 4, Module A
    1.3.10.1 -Session replays Chapter 4, Module A
    1.3.11 • Integer overflow Chapter 11, Module A
    1.3.12 • Request forgeries Chapter 11, Module A
    1.3.12.1 -Server-side Chapter 11, Module A
    1.3.12.2 -Cross-site Chapter 11, Module A
    1.3.13 • Application programming interface (API) attacks Chapter 11, Module A
    1.3.14 • Resource exhaustion Chapter 11, Module A
    1.3.15 • Memory leak Chapter 11, Module A
    1.3.16 • Secure sockets layer (SSL) stripping Chapter 4, Module A
    1.3.17 • Driver manipulation Chapter 9, Module A
    1.3.17.1 -Shimming Chapter 9, Module A
    1.3.17.2 -Refactoring Chapter 9, Module A
    1.3.18 • Pass the hash Chapter 4, Module A

    1.4 Given a scenario, analyze potential indicators associated with network attacks
    1.4.1 • Wireless Chapter 4, Module A
    1.4.1.1 -Evil twin Chapter 4, Module A
    1.4.1.2 -Rogue access point Chapter 4, Module A
    1.4.1.3 -Bluesnarfing Chapter 4, Module A
    1.4.1.4 -Bluejacking Chapter 4, Module A
    1.4.1.5 -Disassociation Chapter 4, Module A
    1.4.1.6 -Jamming Chapter 4, Module A
    1.4.1.7 -Radio frequency identifier (RFID) Chapter 4, Module A
    1.4.1.8 -Near-field communication (NFC) Chapter 4, Module A
    1.4.1.9 -Initialization vector(IV) Chapter 4, Module A
    1.4.2 • On-path attack Chapter 4, Module A
    1.4.3 • Layer 2 attacks Chapter 4, Module A
    1.4.3.1 -Address resolution protocol (ARP) poisoning Chapter 4, Module A
    1.4.3.2 -Media access control (MAC) flooding Chapter 4, Module A
    1.4.3.3 -MAC cloning Chapter 4, Module A
    1.4.4 • Domain name system (DNS) Various
    1.4.4.1 -Domain hijacking Chapter 4, Module A
    1.4.4.2 -DNS poisoning Chapter 4, Module A
    1.4.4.3 -Universal resource locator (URL) redirection Chapter 4, Module A
    1.4.4.4 -Domain reputation Chapter 13, Module A
    1.4.5 • Distributed denial-of-service (DDoS) Chapter 4, Module A
    1.4.5.1 -Network Chapter 4, Module A
    1.4.5.2 -Application Chapter 4, Module A
    Obj Num Obective Description Location
    1.4.5.3 -Operational technology (OT) Chapter 4, Module A
    1.4.6 • Malicious code or script execution Chapter 9, Module A
    1.4.6.1 -PowerShell Chapter 9, Module A
    1.4.6.2 -Python Chapter 9, Module A
    1.4.6.3 -Bash Chapter 9, Module A
    1.4.6.4 -Macros Chapter 9, Module A
    1.4.6.5 -Virtual Basic for Applications (VBA) Chapter 9, Module A

    1.5 Explain different threat actors, vectors, and intelligence sources.


    1.5.1 • Actors and threats Chapter 2, Module A
    1.5.1.1 -Advanced persistent threat (APT) Chapter 2, Module A
    1.5.1.2 -Insider threats Chapter 2, Module A
    1.5.1.3 -State actors Chapter 2, Module A
    1.5.1.4 -Hacktivists Chapter 2, Module A
    1.5.1.5 -Script kiddies Chapter 2, Module A
    1.5.1.6 -Criminal syndicates Chapter 2, Module A
    1.5.1.7 -Hackers Chapter 2, Module A
    1.5.1.7.1 -Authorized Chapter 2, Module A
    1.5.1.7.2 -Unauthorized Chapter 2, Module A
    1.5.1.7.3 -Semi-Authorized Chapter 2, Module A
    1.5.1.8 -Shadow IT Chapter 2, Module A
    1.5.1.9 -Competitors Chapter 2, Module A
    1.5.2 • Attributes of actors Chapter 2, Module A
    1.5.2.1 -Internal/external Chapter 2, Module A
    1.5.2.2 -Level of sophistication/capability Chapter 2, Module A
    1.5.2.3 -Resources/funding Chapter 2, Module A
    1.5.2.4 -Intent/motivation Chapter 2, Module A
    1.5.3 • Vectors Chapter 2, Module A
    1.5.3.1 -Direct access Chapter 2, Module A
    1.5.3.2 -Wireless Chapter 2, Module A
    1.5.3.3 -Email Chapter 2, Module A
    1.5.3.4 -Supply chain Chapter 2, Module A
    1.5.3.5 -Social media Chapter 2, Module A
    1.5.3.6 -Removable media Chapter 2, Module A
    1.5.3.7 -Cloud Chapter 2, Module A
    1.5.4 • Threat intelligence sources Chapter 2, Module A
    1.5.4.1 -Open source intelligence (OSINT) Chapter 2, Module A
    1.5.4.2 -Closed/proprietary Chapter 2, Module A
    1.5.4.3 -Vulnerability databases Chapter 2, Module A
    1.5.4.4 -Public/private information sharing centers Chapter 2, Module A
    1.5.4.5 -Dark web Chapter 2, Module A
    1.5.4.6 -Indicators of compromise Chapter 2, Module A
    1.5.4.7 -Automated indicator sharing (AIS) Chapter 2, Module A
    -Structured Threat Information eXpression (STIX)/
    1.5.4.7.1 Trusted Automated eXchange of Indicator Information(TAXII) Chapter 2, Module A
    1.5.4.8 -Predictive analysis Chapter 2, Module A
    1.5.4.9 -Threat maps Chapter 2, Module A
    1.5.4.10 -File/code repositories Chapter 2, Module A
    1.5.5 • Research sources Chapter 2, Module A
    1.5.5.1 -Vendor websites Chapter 2, Module A
    1.5.5.2 -Vulnerability feeds Chapter 2, Module A
    1.5.5.3 -Conferences Chapter 2, Module A
    1.5.5.4 -Academic journals Chapter 2, Module A
    1.5.5.5 -Request for comments (RFC) Chapter 2, Module A
    1.5.5.6 -Local industry groups Chapter 2, Module A
    1.5.5.7 -Social media Chapter 2, Module A
    1.5.5.8 -Threat feeds Chapter 2, Module A
    1.5.5.9 -Adversary tactics,techniques, and procedures (TTP) Chapter 2, Module A

    1.6 Explain the security concerns associated with various types of vulnerabilities
    1.6.1 • Cloud-based vs. on-premises vulnerabilities Chapter 12, Module B
    1.6.2 • Zero-day Chapter 2, ModuleA
    1.6.3 • Weak configurations Chapter 2, ModuleC
    1.6.3.1 -Open permissions Chapter 2, ModuleC
    1.6.3.2 -Unsecure root accounts Chapter 2, ModuleC
    1.6.3.3 -Errors Chapter 2, ModuleC
    Obj Num Obective Description Location
    1.6.3.4 -Weak encryption Chapter 2, ModuleC
    1.6.3.5 -Unsecure protocols Chapter 2, ModuleC
    1.6.3.6 -Default settings Chapter 2, ModuleC
    1.6.3.7 -Open ports and services Chapter 2, ModuleC
    1.6.4 • Third-party risks Chapter 2, ModuleA
    1.6.4.1 -Vendor management Chapter 2, ModuleA
    1.6.4.1.1 -System integration Chapter 2, ModuleA
    1.6.4.1.2 -Lack of vendor support Chapter 2, ModuleA
    1.6.4.2 -Supply chain Chapter 2, ModuleA
    1.6.4.3 -Outsourced code development Chapter 2, ModuleA
    1.6.4.4 -Data storage Chapter 2, ModuleA
    1.6.5 • Improper or weak patch management Chapter 2, ModuleC
    1.6.5.1 -Firmware Chapter 2, ModuleC
    1.6.5.2 -Operating system (OS) Chapter 2, ModuleC
    1.6.5.3 -Applications Chapter 2, ModuleC
    1.6.6 • Legacy platforms Chapter 2, ModuleC
    1.6.7 • Impacts Chapter 2, ModuleA
    1.6.7.1 -Data loss Chapter 2, ModuleA
    1.6.7.2 -Data breaches Chapter 2, ModuleA
    1.6.7.3 -Data exfiltration Chapter 2, ModuleA
    1.6.7.4 -Identity theft Chapter 2, ModuleA
    1.6.7.5 -Financial Chapter 2, ModuleA
    1.6.7.6 -Reputation Chapter 2, ModuleA
    1.6.7.7 -Availability loss Chapter 2, ModuleA

    1.7 Summarize the techniques used in security assessments.


    1.7.1 • Threat hunting Chapter 2, Module C
    1.7.1.1 -Intelligence fusion Chapter 2, Module C
    1.7.1.2 -Threat feeds Chapter 2, Module C
    1.7.1.3 -Advisories and bulletins Chapter 2, Module C
    1.7.1.4 -Maneuver Chapter 2, Module C
    1.7.2 • Vulnerability scans Chapter 2, Module C
    1.7.2.1 -False positives Chapter 2, Module C
    1.7.2.2 -False negatives Chapter 2, Module C
    1.7.2.3 -Log reviews Chapter 2, Module C
    1.7.2.4 -Credentialed vs. non-credentialed Chapter 2, Module C
    1.7.2.5 -Intrusive vs. non-intrusive Chapter 2, Module C
    1.7.2.6 -Application Chapter 2, Module C
    1.7.2.7 -Web application Chapter 2, Module C
    1.7.2.8 -Network Chapter 2, Module C
    1.7.2.9 -Common Vulnerabilities and Exposures(CVE)/Common Vulnerability Scoring System(CVSS) Chapter 2, Module C
    1.7.2.10 -Configuration review Chapter 2, Module C
    1.7.3 • Syslog/Security information and event management (SIEM) Chapter 5, Module B
    1.7.3.1 -Review reports Chapter 5, Module B
    1.7.3.2 -Packet capture Chapter 5, Module B
    1.7.3.3 -Data inputs Chapter 5, Module B
    1.7.3.4 -User behavior analysis Chapter 5, Module B
    1.7.3.5 -Sentiment analysis Chapter 5, Module B
    1.7.3.6 -Security monitoring Chapter 5, Module B
    1.7.3.7 -Log aggregation Chapter 5, Module B
    1.7.3.8 -Log collectors Chapter 5, Module B
    1.7.3 • Security orchestration, automation, and response (SOAR) Chapter 14, Module C

    1.8 Explain the techniques used in penetration testing.


    1.8.1 •Penetration testing Chapter 2, Module C
    1.8.1.1 -White-box (known environment) Chapter 2, Module C
    1.8.1.2 -Black-box (unknown environment) Chapter 2, Module C
    1.8.1.3 -Gray-box (partially known environment) Chapter 2, Module C
    1.8.1.4 -Rules of engagement Chapter 2, Module C
    1.8.1.5 -Lateral movement Chapter 2, Module C
    1.8.1.6 -Privilege escalation Chapter 2, Module C
    1.8.1.7 -Persistence Chapter 2, Module C
    1.8.1.8 -Cleanup Chapter 2, Module C
    1.8.1.9 -Bug bounty Chapter 2, Module C
    1.8.1.10 -Pivoting Chapter 2, Module C
    1.8.2 • Passive and active reconnaissance Various
    Obj Num Obective Description Location
    1.8.2.1 -Drones/unmanned aerial vehicle (UAV) Chapter 2, Module C
    1.8.2.2 -War flying Chapter 4, Module A
    1.8.2.3 -War driving Chapter 4, Module A
    1.8.2.4 -Footprinting Chapter 2, Module C
    1.8.2.5 -OSINT Chapter 2, Module C
    1.8.3 • Exercise types Chapter 2, Module C
    1.8.3.1 -Red-team Chapter 2, Module C
    1.8.3.2 -Blue-team Chapter 2, Module C
    1.8.3.3 -White-team Chapter 2, Module C
    1.8.3.4 -Purple-team Chapter 2, Module C

    2.0 Architecture and Design


    2.1 Explain the importance of security concepts in an enterprise environment.
    2.1.1 • Configuration management Chapter 6, Module B
    2.1.1.1 -Diagrams Chapter 6, Module B
    2.1.1.2 -Baseline configuration Chapter 6, Module B
    2.1.1.3 -Standard naming conventions Chapter 6, Module B
    2.1.1.4 -Internet protocol (IP) schema Chapter 6, Module B
    2.1.2 • Data sovereignty Chapter 12, Module B
    2.1.3 • Data protection Chapter 9, Module B
    2.1.3.1 -Data loss prevention (DLP) Chapter 9, Module B
    2.1.3.2 -Masking Chapter 9, Module B
    2.1.3.3 -Encryption Chapter 9, Module B
    2.1.3.4 -At rest Chapter 9, Module B
    2.1.3.5 -In transit/motion Chapter 9, Module B
    2.1.3.6 -In processing Chapter 9, Module B
    2.1.3.7 -Tokenization Chapter 9, Module B
    2.1.3.8 -Rights management Chapter 9, Module B
    2.1.4 • Hardware security module (HSM) Chapter 9, Module B
    2.1.5 • Geographical considerations Chapter 14, Module B
    2.1.6 • Response and recovery controls Chapter 14, Module A
    2.1.7 • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection Chapter 6, Module A
    2.1.8 • Hashing Chapter 3, Module A
    2.1.9 • API considerations Chapter 12, Module A
    2.1.10 • Site resiliency Chapter 14, Module B
    2.1.10.1 -Hot site Chapter 14, Module B
    2.1.10.2 -Cold site Chapter 14, Module B
    2.1.10.3 -Warm site Chapter 14, Module B
    2.1.11 • Deception and disruption Chapter 5, Module A
    2.1.11.1 -Honeypots Chapter 5, Module A
    2.1.11.2 -Honeyfiles Chapter 5, Module A
    2.1.11.3 -Honeynets Chapter 5, Module A
    2.1.11.4 -Fake telemetry Chapter 5, Module A
    2.1.11.5 -DNS sinkhole Chapter 5, Module A

    2.2 Summarize virtualization and cloud computing concepts.


    2.2.1 • Cloud models Chapter 12, Module A
    2.2.1.1 -Infrastructure as a service (IaaS) Chapter 12, Module A
    2.2.1.2 -Platform as aservice (PaaS) Chapter 12, Module A
    2.2.1.3 -Software as a service (SaaS) Chapter 12, Module A
    2.2.1.4 -Anything as a service (XaaS) Chapter 12, Module A
    2.2.1.5 -Public Chapter 12, Module A
    2.2.1.6 -Community Chapter 12, Module A
    2.2.1.7 -Private Chapter 12, Module A
    2.2.1.8 -Hybrid Chapter 12, Module A
    2.2.2 • Cloud service providers Chapter 12, Module A
    2.2.3 • Managed service provider (MSP)/ managed security service provider (MSSP) Chapter 12, Module B
    2.2.4 • On-premises vs. off-premises Chapter 12, Module A
    2.2.5 • Fog computing Chapter 12, Module A
    2.2.6 • Edge computing Chapter 12, Module A
    2.2.7 • Thin client Chapter 12, Module A
    2.2.8 • Containers Chapter 12, Module A
    2.2.9 • Microservices/API Chapter 12, Module A
    2.2.10 • Infrastructure as code Chapter 12, Module A
    Obj Num Obective Description Location
    2.2.10.1 -Software-defined networking (SDN) Chapter 12, Module A
    2.2.10.2 -Software-defined visibility (SDV) Chapter 12, Module A
    2.2.11 • Serverless architecture Chapter 12, Module A
    2.2.12 • Services integration Chapter 12, Module B
    2.2.13 • Resource policies Chapter 12, Module B
    2.2.14 • Transit gateway Chapter 12, Module A
    2.2.15 • Virtualization Chapter 12, Module A
    2.2.15.1 -Virtual machine (VM) sprawl avoidance Chapter 12, Module A
    2.2.15.2 -VM escape protection Chapter 12, Module A

    2.3 Summarize secure application development, deployment, and automation concepts.


    2.3.1 • Environment Chapter 11, Module B
    2.3.1.1 -Development Chapter 11, Module B
    2.3.1.2 -Test Chapter 11, Module B
    2.3.1.3 -Staging Chapter 11, Module B
    2.3.1.4 -Production Chapter 11, Module B
    2.3.1.5 -Quality assurance (QA) Chapter 11, Module B
    2.3.2 • Provisioning and deprovisioning Chapter 11, Module B
    2.3.3 • Integrity measurement Chapter 9, Module C
    2.3.4 • Secure coding techniques Chapter 11, Module B
    2.3.4.1 -Normalization Chapter 11, Module B
    2.3.4.2 -Stored procedures Chapter 11, Module B
    2.3.4.3 -Obfuscation/camouflage Chapter 11, Module B
    2.3.4.4 -Code reuse/dead code Chapter 11, Module B
    2.3.4.5 -Server-side vs. client-side execution and validation Chapter 11, Module B
    2.3.4.6 -Memory management Chapter 11, Module B
    2.3.4.7 -Use of third-party libraries and software development kits (SDKs) Chapter 11, Module B
    2.3.4.8 -Data exposure Chapter 11, Module B
    2.3.5 • Open Web Application Security Project (OWASP) Chapter 11, Module A
    2.3.6 • Software diversity Chapter 11, Module B
    2.3.6.1 -Compiler Chapter 11, Module B
    2.3.6.2 -Binary Chapter 11, Module B
    2.3.7 • Automation/scripting Various
    2.3.7.1 -Automated courses of action Chapter 14, Module C
    2.3.7.2 -Continuous monitoring Chapter 11, Module B
    2.3.7.3 -Continuous validation Chapter 11, Module B
    2.3.7.4 -Continuous integration Chapter 11, Module B
    2.3.7.5 -Continuous delivery Chapter 11, Module B
    2.3.7.6 -Continuous deployment Chapter 11, Module B
    2.3.8 • Elasticity Chapter 14, Module B
    2.3.9 • Scalability Chapter 14, Module B
    2.3.10 • Version control Chapter 1, Module A

    2.4 Summarize authentication and authorization design concepts.


    2.4.1 • Authentication methods Various
    2.4.1.1 -Directory services Chapter 7, Module B
    2.4.1.2 -Federation Chapter 7, Module A
    2.4.1.3 -Attestation Chapter 7, Module A
    2.4.1.4 -Technologies Chapter 7, Module A
    2.4.1.4.1 -Time-based one-time password (TOTP) Chapter 7, Module A
    2.4.1.4.2 -HMAC-based one-time password (HOTP) Chapter 7, Module A
    2.4.1.4.3 -Short message service (SMS) Chapter 7, Module A
    2.4.1.4.4 -Token key Chapter 7, Module A
    2.4.1.4.5 -Static codes Chapter 7, Module A
    2.4.1.4.6 -Authentication applications Chapter 7, Module A
    2.4.1.4.7 -Push notifications Chapter 7, Module A
    2.4.1.4.8 -Phone call Chapter 7, Module A
    2.4.1.5 -Smart card authentication Chapter 7, Module A
    2.4.2 • Biometrics Chapter 7, Module A
    2.4.2.1 -Fingerprint Chapter 7, Module A
    2.4.2.2 -Retina Chapter 7, Module A
    2.4.2.3 -Iris Chapter 7, Module A
    2.4.2.4 -Facial Chapter 7, Module A
    2.4.2.5 -Voice Chapter 7, Module A
    2.4.2.6 -Vein Chapter 7, Module A
    2.4.2.7 -Gait analysis Chapter 7, Module A
    Obj Num Obective Description Location
    2.4.2.8 -Efficacy rates Chapter 7, Module A
    2.4.2.9 -False acceptance Chapter 7, Module A
    2.4.2.10 -False rejection Chapter 7, Module A
    2.4.2.11 -Crossover error rate Chapter 7, Module A
    2.4.3 • Multifactor authentication (MFA) factors and attributes Chapter 7, Module A
    2.4.3.1 -Factors Chapter 7, Module A
    2.4.3.1.2 -Something you know Chapter 7, Module A
    2.4.3.1.3 -Something you have Chapter 7, Module A
    2.4.3.1.4 -Something you are Chapter 7, Module A
    2.4.3.2 -Attributes Chapter 7, Module A
    2.4.3.2.2 -Somewhere you are Chapter 7, Module A
    2.4.3.2.3 -Something you can do Chapter 7, Module A
    2.4.3.2.4 -Something you exhibit Chapter 7, Module A
    2.4.3.2.5 -Someone you know Chapter 7, Module A
    2.4.4 • Authentication, authorization, and accounting (AAA) Chapter 7, Module A
    2.4.5 • Cloud vs. on-premises requirements Chapter 12, Module B

    2.5 Given a scenario, implement cybersecurity resilience.


    2.5.1 • Redundancy Chapter 14, Module B
    2.5.1.1 -Geographic dispersal Chapter 14, Module B
    2.5.1.2 -Disk Chapter 14, Module B
    2.5.1.2.1 -Redundant array of inexpensive disks (RAID) levels Chapter 14, Module B
    2.5.1.2.2 -Multipath Chapter 14, Module B
    2.5.1.3 -Network Chapter 14, Module B
    2.5.1.3.1 -Load balancers Chapter 14, Module B
    2.5.1.3.2 -Network interface card (NIC) teaming Chapter 14, Module B
    2.5.1.4 -Power Chapter 14, Module B
    2.5.1.4.1 -Uninterruptible powers upply (UPS) Chapter 14, Module B
    2.5.1.4.2 -Generator Chapter 14, Module B
    2.5.1.4.3 -Dual supply Chapter 14, Module B
    2.5.1.4.4 -Managed power distribution units (PDUs) Chapter 14, Module B
    2.5.2 • Replication Chapter 14, Module B
    2.5.2.2 -Storage area network Chapter 14, Module B
    2.5.2.3 -VM Chapter 14, Module B
    2.5.3 • On-premises vs. cloud Chapter 14, Module B
    2.5.4 • Backup types Chapter 14, Module B
    2.5.4.1 -Full Chapter 14, Module B
    2.5.4.2 -Incremental Chapter 14, Module B
    2.5.4.3 -Snapshot Chapter 14, Module B
    2.5.4.4 -Differential Chapter 14, Module B
    2.5.4.5 -Tape Chapter 14, Module B
    2.5.4.6 -Disk Chapter 14, Module B
    2.5.4.7 -Copy Chapter 14, Module B
    2.5.4.8 -Network-attached storage (NAS) Chapter 14, Module B
    2.5.4.9 -Storage area network Chapter 14, Module B
    2.5.4.10 -Cloud Chapter 14, Module B
    2.5.4.11 -Image Chapter 14, Module B
    2.5.4.12 -Online vs. offline Chapter 14, Module B
    2.5.4.13 -Offsite storage Chapter 14, Module B
    2.5.4.13.1 -Distance considerations Chapter 14, Module B
    2.5.5 • Non-persistence Chapter 14, Module B
    2.5.5.1 -Revert to known state Chapter 14, Module B
    2.5.5.2 -Last known-good configuration Chapter 14, Module B
    2.5.5.3 -Live boot media Chapter 14, Module B
    2.5.6 • High availability Chapter 14, Module B
    2.5.6.1 -Scalability Chapter 14, Module B
    2.5.7 • Restoration order Chapter 14, Module A
    2.5.8 • Diversity Chapter 14, Module B
    2.5.8.1 -Technologies Chapter 14, Module B
    2.5.8.2 -Vendors Chapter 14, Module B
    2.5.8.3 -Crypto Chapter 14, Module B
    2.5.8.4 -Controls Chapter 14, Module B

    2.6 Explain the security implications of embedded and specialized systems.


    2.6.1 • Embedded systems Chapter 10, Module B
    2.6.1.1 -Raspberry Pi Chapter 10, Module B
    Obj Num Obective Description Location
    2.6.1.2 -Field-programmable gate array (FPGA) Chapter 10, Module B
    2.6.1.3 -Arduino Chapter 10, Module B
    2.6.2 • Supervisory control and data acquisition (SCADA)/industrial control system (ICS) Chapter 10, Module B
    2.6.3 -Facilities Chapter 10, Module B
    2.6.4 -Industrial Chapter 10, Module B
    2.6.5 -Manufacturing Chapter 10, Module B
    2.6.6 -Energy Chapter 10, Module B
    2.6.7 -Logistics Chapter 10, Module B
    2.6.3 • Internet of Things (IoT) Chapter 10, Module B
    2.6.3.1 -Sensors Chapter 10, Module B
    2.6.3.2 -Smart devices Chapter 10, Module B
    2.6.3.3 -Wearables Chapter 10, Module B
    2.6.3.4 -Facility automation Chapter 10, Module B
    2.6.3.5 -Weak defaults Chapter 10, Module B
    2.6.4 • Specialized Chapter 10, Module B
    2.6.4.1 -Medical systems Chapter 10, Module B
    2.6.4.2 -Vehicles Chapter 10, Module B
    2.6.4.3 -Aircraft Chapter 10, Module B
    2.6.4.4 -Smart meters Chapter 10, Module B
    2.6.5 • Voice over IP (VoIP) Chapter 10, Module B
    2.6.6 • Heating, ventilation, air conditioning (HVAC) Chapter 10, Module B
    2.6.7 • Drones/AVs Chapter 10, Module B
    2.6.8 • Multifunction printer (MFP) Chapter 10, Module B
    2.6.9 • Real-time operating system (RTOS) Chapter 10, Module B
    2.6.10 • Surveillance systems Chapter 10, Module B
    2.6.11 • System on chip (SoC) Chapter 10, Module B
    2.6.12 • Communication considerations Chapter 10, Module B
    2.6.12.1 -5G Chapter 10, Module B
    2.6.12.2 -Narrow-band Chapter 10, Module B
    2.6.12.3 -Baseband radio Chapter 10, Module B
    2.6.12.4 -Subscriber identity module (SIM) cards Chapter 10, Module B
    2.6.12.5 -Zigbee Chapter 10, Module B
    2.6.13 • Constraints Chapter 10, Module B
    2.6.14 -Power Chapter 10, Module B
    2.6.15 -Compute Chapter 10, Module B
    2.6.16 -Network Chapter 10, Module B
    2.6.17 -Crypto Chapter 10, Module B
    2.6.18 -Inability to patch Chapter 10, Module B
    2.6.19 -Authentication Chapter 10, Module B
    2.6.20 -Range Chapter 10, Module B
    2.6.21 -Cost Chapter 10, Module B
    2.6.22 -Implied trust Chapter 10, Module B

    2.7 Explain the importance of physical security controls.


    2.7.1 • Bollards/barricades Chapter 13, Module D
    2.7.2 • Access control vestibules Chapter 13, Module D
    2.7.3 • Badges Chapter 13, Module D
    2.7.4 • Alarms Chapter 13, Module D
    2.7.5 • Signage Chapter 13, Module D
    2.7.6 • Cameras Chapter 13, Module D
    2.7.6.1 -Motion recognition Chapter 13, Module D
    2.7.6.2 -Object detection Chapter 13, Module D
    2.7.7 • Closed-circuit television (CCTV) Chapter 13, Module D
    2.7.8 • Industrial camouflage Chapter 13, Module D
    2.7.9 • Personnel Chapter 13, Module D
    2.7.9.1 -Guards Chapter 13, Module D
    2.7.9.2 -Robot sentries Chapter 13, Module D
    2.7.9.3 -Reception Chapter 13, Module D
    2.7.9.4 -Two-person integrity/control Chapter 13, Module D
    2.7.10 • Locks Chapter 13, Module D
    2.7.10.1 -biometrics Chapter 13, Module D
    2.7.10.2 -Electronic Chapter 13, Module D
    2.7.10.3 -Physical Chapter 13, Module D
    2.7.10.4 -Cable locks Chapter 13, Module D
    2.7.11 • USB data blocker Chapter 13, Module D
    2.7.12 • Lighting Chapter 13, Module D
    Obj Num Obective Description Location
    2.7.13 • Fencing Chapter 13, Module D
    2.7.14 • Fire suppression Chapter 13, Module D
    2.7.15 • Sensors Chapter 13, Module D
    2.7.15.1 -Motion detection Chapter 13, Module D
    2.7.15.2 -Noise detection Chapter 13, Module D
    2.7.15.3 -Proximity reader Chapter 13, Module D
    2.7.15.4 -Moisture detection Chapter 13, Module D
    2.7.15.5 -Cards Chapter 13, Module D
    2.7.15.6 -Temperature Chapter 13, Module D
    2.7.16 • Drones/UAV Chapter 13, Module D
    2.7.17 • Visitor logs Chapter 13, Module D
    2.7.18 • Faraday cages Chapter 13, Module D
    2.7.19 • Air gap Chapter 13, Module D
    2.7.20 • Screened subnet (previously known as demilitarized zone) Chapter 13, Module D
    2.7.21 • Protected cable distribution Chapter 13, Module D
    2.7.22 • Secure areas Chapter 13, Module D
    2.7.22.1 -Air gap Chapter 13, Module D
    2.7.22.2 -Vault Chapter 13, Module D
    2.7.22.3 -Safe Chapter 13, Module D
    2.7.22.4 -Hot aisle Chapter 13, Module D
    2.7.22.5 -Cold aisle Chapter 13, Module D
    2.7.23 • Secure data destruction Chapter 9, Module B
    2.7.23.1 -Burning Chapter 9, Module B
    2.7.23.2 -Shredding Chapter 9, Module B
    2.7.23.3 -Pulping Chapter 9, Module B
    2.7.23.4 -Pulverizing Chapter 9, Module B
    2.7.23.5 -Degaussing Chapter 9, Module B
    2.7.23.6 -Third-party solutions Chapter 9, Module B

    2.8 Summarize the basics of cryptographic concepts.


    2.8.1 • Digital signatures Chapter 3, Module A
    2.8.2 • Key length Chapter 3, Module A
    2.8.3 • Key stretching Chapter 3, Module A
    2.8.4 • Salting Chapter 3, Module A
    2.8.5 • Hashing Chapter 3, Module A
    2.8.6 • Key exchange Chapter 3, Module A
    2.8.7 • Elliptic-curve cryptography Chapter 3, Module A
    2.8.8 • Perfect forward secrecy Chapter 3, Module A
    2.8.9 • Quantum Chapter 3, Module A
    2.8.9.1 -Communications Chapter 3, Module A
    2.8.9.2 -Computing Chapter 3, Module A
    2.8.10 • Post-quantum Chapter 3, Module A
    2.8.11 • Ephemeral Chapter 3, Module A
    2.8.12 • Modes of operation Chapter 3, Module A
    2.8.12.1 -Authenticated Chapter 3, Module A
    2.8.12.2 -Unauthenticated Chapter 3, Module A
    2.8.12.3 -Counter Chapter 3, Module A
    2.8.13 • Blockchain Chapter 3, Module A
    2.8.13.1 -Public ledgers Chapter 3, Module A
    2.8.14 • Cipher suites Chapter 3, Module A
    2.8.14.1 -Stream Chapter 3, Module A
    2.8.14.2 -Block Chapter 3, Module A
    2.8.15 • Symmetric vs. asymmetric Chapter 3, Module A
    2.8.16 • Lightweight cryptography Chapter 3, Module A
    2.8.17 • Steganography Chapter 3, Module A
    2.8.17.1 -Audio Chapter 3, Module A
    2.8.17.2 -Video Chapter 3, Module A
    2.8.17.3 -Image Chapter 3, Module A
    2.8.18 • Homomorphic encryption Chapter 3, Module A
    2.8.19 • Common use cases Chapter 3, Module A
    2.8.19.1 -Low power devices Chapter 3, Module A
    2.8.19.2 -Low latency Chapter 3, Module A
    2.8.19.3 -High resiliency Chapter 3, Module A
    2.8.19.4 -Supporting confidentiality Chapter 3, Module A
    2.8.19.5 -Supporting integrity Chapter 3, Module A
    2.8.19.6 -Supporting obfuscation Chapter 3, Module A
    Obj Num Obective Description Location
    2.8.19.7 -Supporting authentication Chapter 3, Module A
    2.8.19.8 -Supporting non-repudiation Chapter 3, Module A
    2.8.19.9 -Resource vs. security constraints Chapter 3, Module A
    2.8.20 • Limitations Chapter 3, Module A
    2.8.20.1 -Speed Chapter 3, Module A
    2.8.20.2 -Size Chapter 3, Module A
    2.8.20.3 -Weak keys Chapter 3, Module A
    2.8.20.4 -Time Chapter 3, Module A
    2.8.20.5 -Longevity Chapter 3, Module A
    2.8.20.6 -Predictability Chapter 3, Module A
    2.8.20.7 -Reuse Chapter 3, Module A
    2.8.20.8 -Entropy Chapter 3, Module A
    2.8.20.9 -Computational overheads Chapter 3, Module A
    2.8.20.10 -Resource vs. security constraints Chapter 3, Module A

    3.0 Implementation
    3.1 Given a scenario, implement secure protocols
    3.1.1 • Protocols Chapter 6, Module A
    3.1.1.1 -Domain Name System Security Extension (DNSSEC) Chapter 6, Module A
    3.1.1.2 -SSH Chapter 6, Module A
    3.1.1.3 -Secure/Multipurpose Internet Mail Extensions (S/MIME) Chapter 6, Module A
    3.1.1.4 -Secure Real-time Protocol (SRTP) Chapter 6, Module A
    3.1.1.5 -Lightweight Directory Access Protocol Over SSL (LDAPS) Chapter 6, Module A
    3.1.1.6 -File Transfer Protocol, Secure (FTPS) Chapter 6, Module A
    3.1.1.7 -SSH File Transfer Protocol (SFTP) Chapter 6, Module A
    3.1.1.8 -Simple Network Management Protocol, version3 (SNMPv3) Chapter 6, Module A
    3.1.1.9 -Hypertext transfer protocol over SSL/TLS (HTTPS) Chapter 6, Module A
    3.1.1.10 -IPSec Chapter 6, Module A
    3.1.1.10.1 -Authentication header (AH)/ Encapsulating Security Payloads (ESP) Chapter 6, Module A
    3.1.1.10.2 -Tunnel/transport Chapter 6, Module A
    3.1.1.11 -Secure Post Office Protocol (POP)/ Internet Message Access Protocol (IMAP) Chapter 6, Module A
    3.1.2 • Use cases Various
    3.1.2.1 -Voice and video Chapter 6, Module A
    3.1.2.2 -Time synchronization Chapter 6, Module A
    3.1.2.3 -Email and web Chapter 6, Module A
    3.1.2.4 -File transfer Chapter 6, Module A
    3.1.2.5 -Directory services Chapter 6, Module A
    3.1.2.6 -Remote access Chapter 6, Module A
    3.1.2.7 -Domain name resolution Chapter 6, Module A
    3.1.2.8 -Routing and switching Chapter 6, Module B
    3.1.2.9 -Network address allocation Chapter 6, Module A
    3.1.2.10 -Subscription services Chapter 6, Module B

    3.2 Given a scenario, implement host or application security solutions.


    3.2.1 • Endpoint protection Chapter 9, Module C
    3.2.1.1 -Antivirus Chapter 9, Module C
    3.2.1.2 -Anti-malware Chapter 9, Module C
    3.2.1.3 -Endpoint detection and response (EDR) Chapter 9, Module C
    3.2.1.4 -DLP Chapter 9, Module C
    3.2.1.5 -Next-generation firewall (NGFW) Chapter 9, Module C
    3.2.1.6 -Host-based intrusion prevention system (HIPS) Chapter 9, Module C
    3.2.1.7 -Host-based intrusion detection system (HIDS) Chapter 9, Module C
    3.2.1.8 -Host-based firewall Chapter 9, Module C
    3.2.2 • Boot integrity Chapter 9, Module C
    3.2.1.1 -Boot security/Unified Extensible FirmwareInterface(UEFI) Chapter 9, Module C
    3.2.1.2 -Measured boot Chapter 9, Module C
    3.2.1.3 -Boot attestation Chapter 9, Module C
    3.2.3 • Database Chapter 11, Module B
    3.2.3.1 -Tokenization Chapter 11, Module B
    3.2.3.2 -Salting Chapter 11, Module B
    3.2.3.3 -Hashing Chapter 11, Module B
    3.2.4 • Application security Various
    3.2.4.1 -Input validations Chapter 11, Module B
    Obj Num Obective Description Location
    3.2.4.2 -Secure cookies Chapter 11, Module B
    3.2.4.3 -Hypertext Transfer Protocol (HTTP) headers Chapter 11, Module B
    3.2.4.4 -Code signing Chapter 9, Module C
    3.2.4.5 -Allow list Chapter 9, Module C
    3.2.4.6 -Block list/deny list Chapter 9, Module C
    3.2.4.7 -Secure coding practices Chapter 11, Module B
    3.2.4.8 -Static code analysis Chapter 11, Module B
    3.2.4.8.1 -Manual code review Chapter 11, Module B
    3.2.4.9 -Dynamic code analysis Chapter 11, Module B
    3.2.4.10 -Fuzzing Chapter 11, Module B
    3.2.5 • Hardening Various
    3.2.5.1 -Open ports and services Chapter 9, Module C
    3.2.5.2 -Registry Chapter 9, Module C
    3.2.5.3 -Disk encryption Chapter 9, Module B
    3.2.5.4 -OS Chapter 9, Module C
    3.2.5.5 -Patch management Chapter 9, Module C
    3.2.5.5.1 -Third-party updates Chapter 9, Module C
    3.2.5.5.2 -Auto-update Chapter 9, Module C
    3.2.6 • Self-encrypting drive (SED)/ full-disk encryption (FDE) Chapter 9, Module B
    3.2.6.1 -Opal Chapter 9, Module B
    3.2.7 • Hardware root of trust Chapter 9, Module C
    3.2.8 • Trusted Platform Module (TPM) Chapter 9, Module C
    3.2.9 • Sandboxing Chapter 9, Module C

    3.3 Given a scenario, implement secure network designs.


    3.3.1 • Load balancing Chapter 5, Module A
    3.3.1.1 -Active/active Chapter 5, Module A
    3.3.1.2 -Active/passive Chapter 5, Module A
    3.3.1.3 -Scheduling Chapter 5, Module A
    3.3.1.4 -Virtual IP Chapter 5, Module A
    3.3.1.5 -Persistence Chapter 5, Module A
    3.3.2 • Network segmentation Various
    3.3.2.1 -Virtual local area network(VLAN) Chapter 6, Module B
    3.3.2.2 - Screened subnet (previously known as demilitarized zone) Chapter 4, Module B
    3.3.2.3 -East-west traffic Chapter 4, Module B
    3.3.2.4 -Extranet Chapter 4, Module B
    3.3.2.5 -Intranet Chapter 4, Module B
    3.3.2.6 -Zero Trust Chapter 6, Module B
    3.3.3 • Virtual private network (VPN) Chapter 6, Module A
    3.3.3.1 -Always-on Chapter 6, Module A
    3.3.3.2 -Split tunnel vs. full tunnel Chapter 6, Module A
    3.3.3.3 -Remote access vs. site-to-site Chapter 6, Module A
    3.3.3.4 -IPSec Chapter 6, Module A
    3.3.3.5 -SSL/TLS Chapter 6, Module A
    3.3.3.6 -HTML5 Chapter 6, Module A
    3.3.3.7 -Layer 2 tunneling protocol (L2TP) Chapter 6, Module A
    3.3.4 • DNS Chapter 6, Module B
    3.3.5 • Network access control (NAC) Chapter 5, Module A
    3.3.5.1 -Agent and agentless Chapter 5, Module A
    3.3.6 • Out-of-band management Chapter 4, Module B
    3.3.7 • Port security Chapter 4, Module B
    3.3.7.1 -Broadcast storm prevention Chapter 4, Module B
    3.3.7.2 -Bridge Protocol Data Unit (BPDU) guard Chapter 4, Module B
    3.3.7.3 -Loop prevention Chapter 4, Module B
    3.3.7.4 -Dynamic Host Configuration Protocol (DHCP) snooping Chapter 4, Module B
    3.3.7.5 -Media access control (MAC)filtering Chapter 4, Module B
    3.3.8 • Network appliances Various
    3.3.8.1 -Jump servers Chapter 4, Module B
    3.3.8.2 -Proxy servers Chapter 5, Module A
    3.3.8.2.1 -Forward Chapter 5, Module A
    3.3.8.2.2 -Reverse Chapter 5, Module A
    3.3.8.3 -Network-based intrusion detection system (NIDS)/network-based intrusion prevention system (NIPS) Chapter 5, Module A
    3.3.8.3.1 -Signature-based Chapter 5, Module A
    3.3.8.3.2 -Heuristic/behavior Chapter 5, Module A
    3.3.8.3.3 -Anomaly Chapter 5, Module A
    3.3.8.3.4 -Inline vs.passive Chapter 5, Module A
    Obj Num Obective Description Location
    3.3.8.4 -HSM Chapter 9, Module B
    3.3.8.5 -Sensors Chapter 5, Module B
    3.3.8.6 -Collectors Chapter 5, Module B
    3.3.8.7 -Aggregators Chapter 5, Module B
    3.3.8.8 -Firewalls Various
    3.3.8.8.1 -Web application firewall (WAF) Chapter 5, Module A
    3.3.8.8.2 -NGFW Chapter 5, Module A
    3.3.8.8.3 -Stateful Chapter 4, Module B
    3.3.8.8.4 -Stateless Chapter 4, Module B
    3.3.8.8.5 -Unified threat management (UTM) Chapter 5, Module A
    3.3.8.8.6 -Network address translation (NAT) gateway Chapter 4, Module B
    3.3.8.8.7 -Content/URL filter Chapter 5, Module A
    3.3.8.8.8 -Open-source vs. proprietary Chapter 4, Module B
    3.3.8.8.9 -Hardware vs. software Chapter 4, Module B
    3.3.8.8.10 -Appliance vs. host-based vs. virtual Chapter 4, Module B
    3.3.9 • Access control list (ACL) Chapter 4, Module B
    3.3.10 • Route security Chapter 6, Module B
    3.3.11 • Quality of service (QoS) Chapter 4, Module B
    3.3.12 • Implications of IPv6 Chapter 6, Module B
    3.3.13 • Port spanning/port mirroring Chapter 5, Module B
    3.3.13.1 -Port taps Chapter 5, Module B
    3.3.14 • Monitoring services Chapter 12, Module B
    3.3.15 • File integrity monitors Chapter 9, Module C

    3.4 Given a scenario, install and configure wireless security settings.


    3.4.1 • Cryptographic protocols Chapter 6, Module A
    3.4.1.1 -Wi-Fi protected access II (WPA2) Chapter 6, Module A
    3.4.1.2 -Wi-Fi protected accessIII (WPA3) Chapter 6, Module A
    3.4.1.3 -Counter-mode/CBC-MAC protocol(CCMP) Chapter 6, Module A
    3.4.1.4 -Simultaneous Authentication of Equals (SAE) Chapter 6, Module A
    3.4.2 • Authentication protocols Chapter 7, Module B
    3.4.2.1 -Extensible Authentication Protocol(EAP) Chapter 7, Module B
    3.4.2.2 -Protected Extensible Application Protocol (PEAP) Chapter 7, Module B
    3.4.2.3 -EAP-FAST Chapter 7, Module B
    3.4.2.4 -EAP-TLS Chapter 7, Module B
    3.4.2.5 -EAP-TTLS Chapter 7, Module B
    3.4.2.6 -IEEE802.1X Chapter 7, Module B
    3.4.2.7 -Remote Authentication Dial-in User Service (RADIUS) Federation Chapter 7, Module B
    3.4.3 • Methods Chapter 6, Module A
    3.4.3.1 -Pre-shared key (PSK) vs. Enterprise vs. Open Chapter 6, Module A
    3.4.3.2 -WiFi Protected Setup (WPS) Chapter 6, Module A
    3.4.3.3 -Captive portals Chapter 6, Module A
    3.4.5 • Installation considerations Chapter 6, Module B
    3.4.5.1 -Site surveys Chapter 6, Module B
    3.4.5.2 -Heatmaps Chapter 6, Module B
    3.4.5.3 -WiFi analyzers Chapter 6, Module B
    3.4.5.4 -Channel overlays Chapter 6, Module B
    3.4.5.5 -Wireless access point (WAP) placement Chapter 6, Module B
    3.4.5.6 -Controller and access point security Chapter 6, Module B

    3.5 Given a scenario, implement secure mobile solutions.


    3.5.1 • Connection methods and receivers Chapter 10, Module A
    3.5.1.1 -Cellular Chapter 10, Module A
    3.5.1.2 -WiFi Chapter 10, Module A
    3.5.1.3 -Bluetooth Chapter 10, Module A
    3.5.1.4 -NFC Chapter 10, Module A
    3.5.1.5 -Infrared Chapter 10, Module A
    3.5.1.6 -USB Chapter 10, Module A
    3.5.1.7 -Point-to-point Chapter 10, Module A
    3.5.1.8 -Point-to-multipoint Chapter 10, Module A
    3.5.1.9 -Global Positioning System(GPS) Chapter 10, Module A
    3.5.1.10 -RFID Chapter 10, Module A
    3.5.2 • Mobile device management (MDM) Chapter 10, Module A
    3.5.2.1 -Application management Chapter 10, Module A
    3.5.2.2 -Content management Chapter 10, Module A
    3.5.2.3 -Remote wipe Chapter 10, Module A
    Obj Num Obective Description Location
    3.5.2.4 -Geofencing Chapter 10, Module A
    3.5.2.5 -Geolocation Chapter 10, Module A
    3.5.2.6 -Screenlocks Chapter 10, Module A
    3.5.2.7 -Push notifications Chapter 10, Module A
    3.5.2.8 -Passwords and pins Chapter 10, Module A
    3.5.2.9 -Biometrics Chapter 10, Module A
    3.5.2.10 -Context-aware authentication Chapter 10, Module A
    3.5.2.11 -Containerization Chapter 10, Module A
    3.5.2.12 -Storage segmentation Chapter 10, Module A
    3.5.2.13 -Full device encryption Chapter 10, Module A
    3.5.3 • Mobile devices Chapter 10, Module A
    3.5.3.1 -MicroSD HSM Chapter 10, Module A
    3.5.3.2 -MDM/Unified Endpoint Management (UEM) Chapter 10, Module A
    3.5.3.3 -Mobile application management (MAM) Chapter 10, Module A
    3.5.3.4 -SEAndroid Chapter 10, Module A
    3.5.4 • Enforcement and monitoring of: Chapter 10, Module A
    3.5.4.1 -Third-party application stores Chapter 10, Module A
    3.5.4.2 -Rooting/jailbreaking Chapter 10, Module A
    3.5.4.3 -Sideloading Chapter 10, Module A
    3.5.4.4 -Custom firmware Chapter 10, Module A
    3.5.4.5 -Carrier unlocking Chapter 10, Module A
    3.5.4.6 -Firmware over-the-air (OTA) updates Chapter 10, Module A
    3.5.4.7 -Camera use Chapter 10, Module A
    3.5.4.8 -SMS/Multimedia Messaging Service (MMS)/Rich communication services (RCS) Chapter 10, Module A
    3.5.4.9 -External media Chapter 10, Module A
    3.5.4.10 -USB On-The-Go (USBOTG) Chapter 10, Module A
    3.5.4.11 -Recording microphone Chapter 10, Module A
    3.5.4.12 -GPS tagging Chapter 10, Module A
    3.5.4.13 -WiFi direct/ad hoc Chapter 10, Module A
    3.5.4.14 -Tethering Chapter 10, Module A
    3.5.4.15 -Hotspot Chapter 10, Module A
    3.5.4.16 -Payment methods Chapter 10, Module A
    3.5.5 • Deployment models Chapter 10, Module A
    3.5.5.1 -Bring your own device (BYOD) Chapter 10, Module A
    3.5.5.2 -Corporate-owned personally enabled (COPE) Chapter 10, Module A
    3.5.5.3 -Choose your own device (CYOD) Chapter 10, Module A
    3.5.5.4 -Corporate-owned Chapter 10, Module A
    3.5.5.5 -Virtual desktop infrastructure (VDI) Chapter 10, Module A

    3.6 Given a scenario, apply cybersecurity solutions to the cloud.


    3.6.1 • Cloud security controls Chapter 12, Module B
    3.6.1.1 -High availability across zones Chapter 12, Module B
    3.6.1.2 -Resource policies Chapter 12, Module B
    3.6.1.3 -Secrets management Chapter 12, Module B
    3.6.1.4 -Integration and auditing Chapter 12, Module B
    3.6.1.5 -Storage Chapter 12, Module B
    3.6.1.5.1 -Permissions Chapter 12, Module B
    3.6.1.5.2 -Encryption Chapter 12, Module B
    3.6.1.5.3 -Replication Chapter 12, Module B
    3.6.1.5.4 -High availability Chapter 12, Module B
    3.6.1.6 -Network Chapter 12, Module B
    3.6.1.6.1 -Virtual networks Chapter 12, Module B
    3.6.1.6.2 -Public and private subnets Chapter 12, Module B
    3.6.1.6.3 -Segmentation Chapter 12, Module B
    3.6.1.6.4 -API inspection and integration Chapter 12, Module B
    3.6.1.7 -Compute Chapter 12, Module B
    3.6.1.7.1 -Security groups Chapter 12, Module B
    3.6.1.7.2 -Dynamic resource allocation Chapter 12, Module B
    3.6.1.7.3 -Instance awareness Chapter 12, Module B
    3.6.1.7.4 -Virtual private cloud (VPC) endpoint Chapter 12, Module B
    3.6.1.7.5 -Container security Chapter 12, Module B
    3.6.2 • Solutions Chapter 12, Module B
    3.6.2.1 -CASB Chapter 12, Module B
    3.6.2.2 -Application security Chapter 12, Module B
    3.6.2.3 -Next-generation Secure Web Gateway (SWG) Chapter 12, Module B
    3.6.2.4 -Firewall considerations in a cloud environment Chapter 12, Module B
    Obj Num Obective Description Location
    3.6.2.4.1 -Cost Chapter 12, Module B
    3.6.2.4.2 -Need for segmentation Chapter 12, Module B
    3.6.2.4.3 -Open Systems Interconnection (OSI) layers Chapter 12, Module B
    3.6.3 • Cloud native controls vs. third-party solutions Chapter 12, Module B

    3.7 Given a scenario, implement identity and account management controls.


    3.7.1 • Identity Chapter 8, Module B
    3.7.1.1 -Identity provider(IdP) Chapter 8, Module B
    3.7.1.2 -Attributes Chapter 8, Module B
    3.7.1.3 -Certificates Chapter 8, Module B
    3.7.1.4 -Tokens Chapter 8, Module B
    3.7.1.5 -SSHkeys Chapter 8, Module B
    3.7.1.6 -Smart cards Chapter 8, Module B
    3.7.2 • Account types Chapter 8, Module B
    3.7.2.1 -User account Chapter 8, Module B
    3.7.2.2 -Shared and generic accounts/credentials Chapter 8, Module B
    3.7.2.3 -Guest accounts Chapter 8, Module B
    3.7.2.4 -Service accounts Chapter 8, Module B
    3.7.3 • Account policies Various
    3.7.3.1 -Password complexity Chapter 8, Module B
    3.7.3.2 -Password history Chapter 8, Module B
    3.7.3.3 -Password reuse Chapter 8, Module B
    3.7.3.4 -Time of day Chapter 8, Module A
    3.7.3.5 -Network location Chapter 8, Module A
    3.7.3.6 -Geofencing Chapter 8, Module A
    3.7.3.7 -Geotagging Chapter 8, Module A
    3.7.3.8 -Geolocation Chapter 8, Module A
    3.7.3.9 -Time-based logins Chapter 8, Module A
    3.7.3.10 -Access policies Chapter 8, Module B
    3.7.3.11 -Account permissions Chapter 8, Module B
    3.7.3.12 -Account audits Chapter 8, Module B
    3.7.3.13 -Impossible travel time/risky login Chapter 8, Module A
    3.7.3.14 -Lockout Chapter 8, Module B
    3.7.3.15 -Disablement Chapter 8, Module B

    3.8 Given a scenario, implement authentication and authorization solutions.


    3.8.1 • Authentication management Chapter 8, Module B
    3.8.1.1 -Password keys Chapter 8, Module B
    3.8.1.2 -Password vaults Chapter 8, Module B
    3.8.1.3 -TPM Chapter 8, Module B
    3.8.1.4 -HSM Chapter 8, Module B
    3.8.1.5 -Knowledge-based Authentication Chapter 8, Module B
    3.8.2 • Authentication Various
    3.8.2.1 -EAP Chapter 7, Module B
    3.8.2.2 -Challenge Handshake Authentication Protocol (CHAP) Chapter 7, Module B
    3.8.2.3 -Password Authentication protocol(PAP) Chapter 7, Module B
    3.8.2.4 -802.1X Chapter 7, Module B
    3.8.2.5 -RADIUS Chapter 7, Module B
    3.8.2.6 -Single sign-on (SSO) Chapter 7, Module A
    3.8.2.7 -Security Assertions Markup Language (SAML) Chapter 7, Module B
    3.8.2.8 -Terminal Access Controller Access Control System Plus (TACACS+) Chapter 7, Module B
    3.8.2.9 -OAuth Chapter 7, Module B
    3.8.2.10 -OpenID Chapter 7, Module B
    3.8.2.11 -Kerberos Chapter 7, Module B
    3.8.3 • Access control schemes Various
    3.8.3.1 -Attribute-based access control (ABAC) Chapter 8, Module A
    3.8.3.2 -Role-based access control Chapter 8, Module A
    3.8.3.3 -Rule-based access control Chapter 8, Module A
    3.8.3.4 -MAC Chapter 8, Module A
    3.8.3.5 -Discretionary access control (DAC) Chapter 8, Module A
    3.8.3.6 -Conditional access Chapter 8, Module A
    3.8.3.7 -Privilege access management Chapter 8, Module B
    3.8.3.8 -File system permissions Chapter 9, Module B

    3.9 Given a scenario, implement public key infrastructure.


    Obj Num Obective Description Location
    3.9.1 • Public key infrastructure (PKI) Chapter 3, Module B
    3.9.1.1 -Key management Chapter 3, Module B
    3.9.1.2 -Certificate authority (CA) Chapter 3, Module B
    3.9.1.3 -Intermediate CA Chapter 3, Module B
    3.9.1.4 -Registration authority (RA) Chapter 3, Module B
    3.9.1.5 -Certificate revocation list (CRL) Chapter 3, Module B
    3.9.1.6 -Certificate attributes Chapter 3, Module B
    3.9.1.7 -Online Certificate Status Protocol (OCSP) Chapter 3, Module B
    3.9.1.8 -Certificate signing request (CSR) Chapter 3, Module B
    3.9.1.9 -CN Chapter 3, Module B
    3.9.1.10 -Subject alternative name Chapter 3, Module B
    3.9.1.11 -Expiration Chapter 3, Module B
    3.9.2 • Types of certificates Chapter 3, Module B
    3.9.2.1 -Wildcard Chapter 3, Module B
    3.9.2.2 -Subject alternative name Chapter 3, Module B
    3.9.2.3 -Code signing Chapter 3, Module B
    3.9.2.4 -Self-signed Chapter 3, Module B
    3.9.2.5 -Machine/computer Chapter 3, Module B
    3.9.2.6 -Email Chapter 3, Module B
    3.9.2.7 -User Chapter 3, Module B
    3.9.2.8 -Root Chapter 3, Module B
    3.9.2.9 -Domain validation Chapter 3, Module B
    3.9.2.10 -Extended validation Chapter 3, Module B
    3.9.3 • Certificate formats Chapter 3, Module B
    3.9.3.1 -Distinguished encoding rules (DER) Chapter 3, Module B
    3.9.3.2 -Privacy enhanced mail (PEM) Chapter 3, Module B
    3.9.3.3 -Personal information exchange (PFX) Chapter 3, Module B
    3.9.3.4 -.cer Chapter 3, Module B
    3.9.3.5 -P7B Chapter 3, Module B
    3.9.4 • Concepts Chapter 3, Module B
    3.9.4.1 -Online vs. offline CA Chapter 3, Module B
    3.9.4.2 -Stapling Chapter 3, Module B
    3.9.4.3 -Pinning Chapter 3, Module B
    3.9.4.4 -Trust model Chapter 3, Module B
    3.9.4.5 -Key escrow Chapter 3, Module B
    3.9.4.6 -Certificate chaining Chapter 3, Module B

    4.0 Operations and Incident Response


    4.1 Given a scenario, use the appropriate tool to assess organizational security.
    4.1.1 • Network reconnaissance and discovery Various
    4.1.1.1 -tracert/traceroute Chapter 2, Module C
    4.1.1.2 -nslookup/dig Chapter 2, Module C
    4.1.1.3 -ipconfig/ifconfig Chapter 2, Module C
    4.1.1.4 -nmap Chapter 2, Module C
    4.1.1.5 -ping/pathping Chapter 2, Module C
    4.1.1.6 -hping Chapter 2, Module C
    4.1.1.7 -netstat Chapter 2, Module C
    4.1.1.8 -netcat Chapter 2, Module C
    4.1.1.9 -IP scanners Chapter 2, Module C
    4.1.1.10 -arp Chapter 2, Module C
    4.1.1.11 -route Chapter 2, Module C
    4.1.1.12 -curl Chapter 2, Module C
    4.1.1.13 -the harvester Chapter 2, Module C
    4.1.1.14 -sn1per Chapter 2, Module C
    4.1.1.15 -scanless Chapter 2, Module C
    4.1.1.16 -dnsenum Chapter 2, Module C
    4.1.1.17 -Nessus Chapter 2, Module C
    4.1.1.18 -Cuckoo Chapter 9, Module A
    4.1.2 • File manipulation Various
    4.1.2.1 -head Chapter 5, Module B
    4.1.2.2 -tail Chapter 5, Module B
    4.1.2.3 -cat Chapter 5, Module B
    4.1.2.4 -grep Chapter 5, Module B
    4.1.2.5 -chmod Chapter 9, Module B
    Obj Num Obective Description Location
    4.1.2.6 -logger Chapter 5, Module B
    4.1.3 • Shell and script environments Various
    4.1.3.1 -SSH Chapter 2, Module C
    4.1.3.2 -PowerShell Chapter 9, Module A
    4.1.3.3 -Python Chapter 9, Module A
    4.1.3.4 -OpenSSL Chapter 6, Module A
    4.1.4 • Packet capture and replay Chapter 2, Module C
    4.1.4.1 -Tcpreplay Chapter 2, Module C
    4.1.4.2 -Tcpdump Chapter 2, Module C
    4.1.4.3 -Wireshark Chapter 2, Module C
    4.1.5 • Forensics Chapter 14, Module C
    4.1.5.1 -dd Chapter 14, Module C
    4.1.5.2 -Memdump Chapter 14, Module C
    4.1.5.3 -WinHex Chapter 14, Module C
    4.1.5.4 -FTK imager Chapter 14, Module C
    4.1.5.5 -Autopsy Chapter 14, Module C
    4.1.6 • Exploitation frameworks Chapter 2, Module C
    4.1.7 • Password crackers Chapter 14, Module C
    4.1.8 • Data sanitization Chapter 9, Module B

    4.2 Summarize the importance of policies, processes, and procedures for incident response.
    4.2.1 • Incident response plans Chapter 14, Module C
    4.2.2 • Incident response process Chapter 14, Module C
    4.2.2.1 -Preparation Chapter 14, Module C
    4.2.2.2 -Identification Chapter 14, Module C
    4.2.2.3 -Containment Chapter 14, Module C
    4.2.2.4 -Eradication Chapter 14, Module C
    4.2.2.5 -Recovery Chapter 14, Module C
    4.2.2.6 -Lessons learned Chapter 14, Module C
    4.2.3 • Exercises Chapter 14, Module A
    4.2.3.1 -Tabletop Chapter 14, Module A
    4.2.3.2 -Walkthroughs Chapter 14, Module A
    4.2.3.3 -Simulations Chapter 14, Module A
    4.2.4 • Attack frameworks Chapter 2, Module A
    4.2.4.1 -MITREATT&CK Chapter 2, Module A
    4.2.4.2 -The Diamond Model of Intrusion Analysis Chapter 2, Module A
    4.2.4.3 -Cyber Kill Chain Chapter 2, Module A
    4.2.5 • Stakeholder management Chapter 14, Module A
    4.2.6 • Communication plan Chapter 14, Module A
    4.2.7 • Disaster recovery plan Chapter 14, Module A
    4.2.8 • Business continuity plan Chapter 14, Module A
    4.2.9 • Continuity of operations planning (COOP) Chapter 14, Module A
    4.2.10 • Incident response team Chapter 14, Module C
    4.2.11 • Retention policies Chapter 14, Module C

    4.3 Given an incident, utilize appropriate data sources to support an investigation.


    4.3.1 • Vulnerability scan output Chapter 14, Module C
    4.3.2 • SIEM dashboards Chapter 5, Module B
    4.3.2.1 -Sensor Chapter 5, Module B
    4.3.2.2 -Sensitivity Chapter 5, Module B
    4.3.2.3 -Trends Chapter 5, Module B
    4.3.2.4 -Alerts Chapter 5, Module B
    4.3.2.5 -Correlation Chapter 5, Module B
    4.3.3 • Log files Chapter 14, Module C
    4.3.3.1 -Network Chapter 14, Module C
    4.3.3.2 -System Chapter 14, Module C
    4.3.3.3 -Application Chapter 14, Module C
    4.3.3.4 -Security Chapter 14, Module C
    4.3.3.5 -Web Chapter 14, Module C
    4.3.3.6 -DNS Chapter 14, Module C
    4.3.3.7 -Authentication Chapter 14, Module C
    4.3.3.8 -Dump files Chapter 14, Module C
    4.3.3.9 -VoIP and call managers Chapter 14, Module C
    4.3.3.10 -Session Initiation Protocol (SIP) traffic Chapter 14, Module C
    4.3.4 • syslog/rsyslog/syslog-ng Chapter 5, Module B
    4.3.5 • journalctl Chapter 5, Module B
    Obj Num Obective Description Location
    4.3.6 • nxlog Chapter 5, Module B
    4.3.7 • Retention Chapter 14, Module C
    4.3.8 • Bandwidth monitors Chapter 5, Module B
    4.3.9 • Metadata Chapter 14, Module C
    4.3.9.1 -Email Chapter 14, Module C
    4.3.9.2 -Mobile Chapter 14, Module C
    4.3.9.3 -Web Chapter 14, Module C
    4.3.9.4 -File Chapter 14, Module C
    4.3.10 • Netflow/sflow Chapter 5, Module B
    4.3.10.1 -Netflow Chapter 5, Module B
    4.3.10.2 -sflow Chapter 5, Module B
    4.3.10.3 -IPFIX Chapter 5, Module B

    4.4 Given an incident, apply mitigation techniques or controls to secure an environment.


    4.4.1 • Reconfigure endpoint security solutions Chapter 14, Module C
    4.4.1.1 -Application whitelisting (approved list) Chapter 14, Module C
    4.4.1.2 -Application blacklisting (block list/deny list) Chapter 14, Module C
    4.4.1.3 -Quarantine Chapter 14, Module C
    4.4.2 • Configuration changes Chapter 14, Module C
    4.4.2.1 -Firewall rules Chapter 14, Module C
    4.4.2.2 -MDM Chapter 14, Module C
    4.4.2.3 -DLP Chapter 14, Module C
    4.4.2.4 -Content filter/URL filter Chapter 14, Module C
    4.4.2.5 -Update or revoke certificates Chapter 14, Module C
    4.4.3 • Isolation Chapter 14, Module C
    4.4.4 • Containment Chapter 14, Module C
    4.4.5 • Segmentation Chapter 14, Module C
    4.4.6 • SOAR Chapter 14, Module C
    4.4.6.1 -Runbooks Chapter 14, Module C
    4.4.6.2 -Playbooks Chapter 14, Module C

    4.5 Explain the key aspects of digital forensics.


    4.5.1 • Documentation/evidence Chapter 14, Module C
    4.5.1.1 -Legal hold Chapter 14, Module C
    4.5.1.2 -Video Chapter 14, Module C
    4.5.1.3 -Admissibility Chapter 14, Module C
    4.5.1.4 -Chain of custody Chapter 14, Module C
    4.5.1.5 -Timelines of sequence of events Chapter 14, Module C
    4.5.1.5.1 -Timestamps Chapter 14, Module C
    4.5.1.5.2 -Time offset Chapter 14, Module C
    4.5.1.6 -Tags Chapter 14, Module C
    4.5.1.7 -Reports Chapter 14, Module C
    4.5.1.8 -Eventlogs Chapter 14, Module C
    4.5.1.9 -Interviews Chapter 14, Module C
    4.5.2 • Acquisition Chapter 14, Module C
    4.5.2.1 -Order of volatility Chapter 14, Module C
    4.5.2.2 -Disk Chapter 14, Module C
    4.5.2.3 -Random-access memory (RAM) Chapter 14, Module C
    4.5.2.4 -Swap/page file Chapter 14, Module C
    4.5.2.5 -OS Chapter 14, Module C
    4.5.2.6 -Device Chapter 14, Module C
    4.5.2.7 -Firmware Chapter 14, Module C
    4.5.2.8 -Snapshot Chapter 14, Module C
    4.5.2.9 -Cache Chapter 14, Module C
    4.5.2.10 -Network Chapter 14, Module C
    4.5.2.11 -Artifacts Chapter 14, Module C
    4.5.3 • On-premises vs. cloud Chapter 14, Module C
    4.5.3.1 -Right-to-audit clauses Chapter 14, Module C
    4.5.3.2 -Regulatory/jurisdiction Chapter 14, Module C
    4.5.3.3 -Data breach notification laws Chapter 14, Module C
    4.5.4 • Integrity Chapter 14, Module C
    4.5.4.1 -Hashing Chapter 14, Module C
    4.5.4.2 -Checksums Chapter 14, Module C
    4.5.4.3 -Provenance Chapter 14, Module C
    4.5.5 • Preservation Chapter 14, Module C
    4.5.6 • E-discovery Chapter 14, Module C
    Obj Num Obective Description Location
    4.5.7 • Data recovery Chapter 14, Module C
    4.5.8 • Non-repudiation Chapter 3, Module A
    4.5.9 • Strategic intelligence/counterintelligence Chapter 2, Module A

    5.0 Governance, Risk, and Compliance


    5.1 Compare and contrast various types of controls.
    5.1.1 • Category Chapter 1, Module A
    5.1.1.1 - Managerial Chapter 1, Module A
    5.1.1.2 -Operational Chapter 1, Module A
    5.1.1.3 -Technical Chapter 1, Module A
    5.1.2 • Control type Chapter 1, Module A
    5.1.2.1 - Preventative Chapter 1, Module A
    5.1.2.2 -Detective Chapter 1, Module A
    5.1.2.3 -Corrective Chapter 1, Module A
    5.1.2.4 -Deterrent Chapter 1, Module A
    5.1.2.5 -Compensating Chapter 1, Module A
    5.1.2.6 -Physical Chapter 1, Module A

    Explain the importance of applicable regulations, standards,


    5.2 or frameworks that impact organizational security posture.
    5.2.1 • Regulations, standards, and legislation Chapter 1, Module B
    5.2.1.1 -General Data Protection Regulation(GDPR) Chapter 1, Module B
    5.2.1.2 -National ,territory, or state laws Chapter 1, Module B
    5.2.1.3 -Payment card Industry Data Security Standard (PCIDSS) Chapter 1, Module B
    5.2.2 • Key frameworks Chapter 1, Module C
    5.2.2.1 -Center for Internet Security (CIS) Chapter 1, Module C
    5.2.2.2 -National Institute of Standards and Technology (NIST) RMF/CSF Chapter 1, Module C
    5.2.2.3 -International Organization for Standardization (ISO) 27001/27002/27701/31000 Chapter 1, Module C
    5.2.2.4 -SSAE SOC2 Type I/II Chapter 1, Module C
    5.2.2.5 -Cloud security alliance Chapter 1, Module C
    5.2.2.5.1 -Cloud control matrix Chapter 1, Module C
    5.2.2.5.2 -Reference architecture Chapter 1, Module C
    5.2.3 • Benchmarks /secure configuration guides Chapter 1, Module C
    5.2.3.1 -Platform/vendor-specific guides Chapter 1, Module C
    5.2.3.1.1 -Webserver Chapter 1, Module C
    5.2.3.1.2 -OS Chapter 1, Module C
    5.2.3.1.3 -Application server Chapter 1, Module C
    5.2.3.1.4 -Networkinfrastructure devices Chapter 1, Module C

    5.3 Explain the importance of policies to organizational security.


    5.3.1 • Personnel Various
    5.3.1.1 -Acceptable use policy Chapter 13, Module B
    5.3.1.2 -Job rotation Chapter 13, Module C
    5.3.1.3 -Mandatory vacation Chapter 13, Module B
    5.3.1.4 -Separation of duties Chapter 13, Module B
    5.3.1.5 -Least privilege Chapter 13, Module B
    5.3.1.6 -Clean desk space Chapter 13, Module B
    5.3.1.7 -Background checks Chapter 13, Module B
    5.3.1.8 -Non-disclosure agreement (NDA) Chapter 13, Module B
    5.3.1.9 -Social media analysis Chapter 13, Module B
    5.3.1.10 -Onboarding Chapter 13, Module B
    5.3.1.11 -Offboarding Chapter 13, Module B
    5.3.1.12 -User training Chapter 13, Module C
    5.3.1.12.1 -Gamification Chapter 13, Module C
    5.3.1.12.2 -Capture the flag Chapter 13, Module C
    5.3.1.12.3 -Phishing campaigns Chapter 13, Module A
    5.3.1.12.3.1 -Phishing simulations Chapter 13, Module A
    5.3.1.12.4 -Computer-based training (CBT) Chapter 13, Module C
    5.3.1.12.5 -Role-based training Chapter 13, Module C
    5.3.2 • Diversity of training techniques Chapter 13, Module C
    5.3.3 • Third-party risk management Various
    5.3.3.1 -Vendors Chapter 13, Module B
    5.3.3.2 -Supply chain Chapter 13, Module B
    Obj Num Obective Description Location
    5.3.3.3 -Business partners Chapter 13, Module B
    5.3.3.4 -Service level agreement (SLA) Chapter 13, Module B
    5.3.3.5 -Memorandum of understanding (MOU) Chapter 13, Module B
    5.3.3.6 -Measurement systems analysis (MSA) Chapter 1, Module C
    5.3.3.7 -Business partnership agreement (BPA) Chapter 13, Module B
    5.3.3.8 -End of life (EOL) Chapter 13, Module B
    5.3.3.9 -End of service life (EOSL) Chapter 13, Module B
    5.3.3.10 -NDA Chapter 13, Module B
    5.3.4 • Data Chapter 9, Module B
    5.3.4.1 -Classification Chapter 9, Module B
    5.3.4.2 -Governance Chapter 9, Module B
    5.3.4.3 -Retention Chapter 9, Module B
    5.3.5 • Credential policies Chapter 13, Module B
    5.3.5.1 -Personnel Chapter 13, Module B
    5.3.5.2 -Third-party Chapter 13, Module B
    5.3.5.3 -Devices Chapter 13, Module B
    5.3.5.4 -Service accounts Chapter 13, Module B
    5.3.5.5 -Administrator/root accounts Chapter 13, Module B
    5.3.6 • Organizational policies Chapter 1, Module C
    5.3.6.1 -Change management Chapter 1, Module C
    5.3.6.2 -Change control Chapter 1, Module C
    5.3.6.3 -Asset management Chapter 1, Module C

    5.4 Summarize risk management processes and concepts.


    5.4.1 • Risk types Chapter 2, Module B
    5.4.1.1 -External Chapter 2, Module B
    5.4.1.2 -Internal Chapter 2, Module B
    5.4.1.3 -Legacy systems Chapter 2, Module B
    5.4.1.4 -Multiparty Chapter 2, Module B
    5.4.1.5 -IP theft Chapter 2, Module B
    5.4.1.6 -Software compliance/licensing Chapter 2, Module B
    5.4.2 • Risk management strategies Chapter 2, Module B
    5.4.2.1 -Acceptance Chapter 2, Module B
    5.4.2.2 -Avoidance Chapter 2, Module B
    5.4.2.3 -Transference Chapter 2, Module B
    5.4.2.3.1 -Cybersecurity insurance Chapter 2, Module B
    5.4.2.4 -Mitigation Chapter 2, Module B
    5.4.3 • Risk analysis Chapter 2, Module B
    5.4.3.1 -Risk register Chapter 2, Module B
    5.4.3.2 -Risk matrix/heatmap Chapter 2, Module B
    5.4.3.3 -Risk control assessment Chapter 2, Module B
    5.4.3.4 -Risk control self-assessment Chapter 2, Module B
    5.4.3.5 -Risk awareness Chapter 2, Module B
    5.4.3.6 -Inherent risk Chapter 2, Module B
    5.4.3.7 -Residual risk Chapter 2, Module B
    5.4.3.8 -Control risk Chapter 2, Module B
    5.4.3.9 -Risk appetite Chapter 2, Module B
    5.4.3.10 -Regulations that affect risk posture Chapter 2, Module B
    5.4.3.11 -Risk assessment types Chapter 2, Module B
    5.4.3.11.1 -Qualitative Chapter 2, Module B
    5.4.3.11.2 -Quantitative Chapter 2, Module B
    5.4.3.12 -Likelihood of occurrence Chapter 2, Module B
    5.4.3.13 -Impact Chapter 2, Module B
    5.4.3.14 -Asset value Chapter 2, Module B
    5.4.3.15 -Single loss expectancy (SLE) Chapter 2, Module B
    5.4.3.16 -Annualized loss expectancy (ALE) Chapter 2, Module B
    5.4.3.17 -Annualized rate of occurrence (ARO) Chapter 2, Module B
    5.4.4 • Disasters Chapter 2, Module B
    5.4.4.1 -Environmental Chapter 2, Module B
    5.4.4.2 -Person-made Chapter 2, Module B
    5.4.4.3 -Internal vs. external Chapter 2, Module B
    5.4.5 • Business impact analysis Various
    5.4.5.1 -Recovery time objective (RTO) Chapter 14, Module B
    5.4.5.2 -Recovery point objective (RPO) Chapter 14, Module B
    5.4.5.3 -Mean time to repair (MTTR) Chapter 2, Module B
    5.4.5.4 -Mean time between failures (MTBF) Chapter 2, Module B
    Obj Num Obective Description Location
    5.4.5.5 -Functional recovery plans Chapter 14, Module A
    5.4.5.6 -Single point of failure Chapter 14, Module B
    5.4.5.7 -Disaster recovery plan (DRP) Chapter 14, Module A
    5.4.5.8 -Mission essential functions Chapter 14, Module A
    5.4.5.9 -Identification of critical systems Chapter 14, Module A
    5.4.5.10 -Site risk assessment Chapter 14, Module A

    5.5 Explain privacy and sensitive data concepts in relation to security.


    5.5.1 • Organizational consequences of privacy breaches Chapter 9, Module B
    5.5.1.1 -Reputation damage Chapter 9, Module B
    5.5.1.2 -Identity theft Chapter 9, Module B
    5.5.1.3 -Fines Chapter 9, Module B
    5.5.1.4 -IP theft Chapter 9, Module B
    5.5.2 • Notifications of breaches Chapter 9, Module B
    5.5.2.1 -Escalation Chapter 9, Module B
    5.5.2.2 -Public notifications and disclosures Chapter 9, Module B
    5.5.3 • Data types Chapter 9, Module B
    5.5.3.1 -Classifications Chapter 9, Module B
    5.5.3.1.1 -Public Chapter 9, Module B
    5.5.3.1.2 -Private Chapter 9, Module B
    5.5.3.1.3 -Sensitive Chapter 9, Module B
    5.5.3.1.4 -Confidential Chapter 9, Module B
    5.5.3.1.5 -Critical Chapter 9, Module B
    5.5.3.1.6 -Proprietary Chapter 9, Module B
    5.5.3.2 -Personally identifiable information (PII) Chapter 9, Module B
    5.5.3.3 -Health information Chapter 9, Module B
    5.5.3.4 -Financial information Chapter 9, Module B
    5.5.3.5 -Government data Chapter 9, Module B
    5.5.3.6 -Customer data Chapter 9, Module B
    5.5.4 • Privacy enhancing technologies Chapter 9, Module B
    5.5.4.1 -Data minimization Chapter 9, Module B
    5.5.4.2 -Data masking Chapter 9, Module B
    5.5.4.3 -Tokenization Chapter 9, Module B
    5.5.4.4 -Anonymization Chapter 9, Module B
    5.5.4.5 -Pseudo-Anonymization Chapter 9, Module B
    5.5.5 • Roles and responsibilities Chapter 9, Module B
    5.5.5.1 -Data owners Chapter 9, Module B
    5.5.5.2 -Data controller Chapter 9, Module B
    5.5.5.3 -Data processor Chapter 9, Module B
    5.5.5.4 -Data custodian/steward Chapter 9, Module B
    5.5.5.5 -Data protection officer(DPO) Chapter 9, Module B
    5.5.6 • Information life cycle Chapter 9, Module B
    5.5.7 • Impact assessment Chapter 9, Module B
    5.5.8 • Terms of agreement Chapter 9, Module B
    5.5.9 • Privacy notice Chapter 9, Module B

    You might also like