Security Pro Objectives

advertisement
Lesson Plans
LabSim
Security Pro
(Updated 2014)
Table of Contents
Course Overview .................................................................................................. 4
Course Introduction for Instructors ........................................................................ 6
Section 1.1: Security Overview ........................................................................... 11
Section 1.2: Using the Simulator ......................................................................... 14
Section 2.1: Access Control Models ................................................................... 15
Section 2.2: Authentication ................................................................................. 18
Section 2.3: Authorization ................................................................................... 21
Section 2.4: Access Control Best Practices ........................................................ 23
Section 2.5: Active Directory Overview ............................................................... 25
Section 2.6: Windows Domain Users and Groups .............................................. 26
Section 2.7: Linux Users ..................................................................................... 29
Section 2.8: Linux Groups ................................................................................... 32
Section 2.9: Linux User Security ......................................................................... 34
Section 2.10: Group Policy Overview.................................................................. 36
Section 2.11: Hardening Authentication 1 ........................................................... 38
Section 2.12: Hardening Authentication 2 ........................................................... 40
Section 2.13: Remote Access ............................................................................. 42
Section 2.14: Network Authentication ................................................................. 44
Section 2.15: Identity Management..................................................................... 46
Section 3.1: Cryptography .................................................................................. 47
Section 3.2: Hashing ........................................................................................... 50
Section 3.3: Symmetric Encryption ..................................................................... 52
Section 3.4: Asymmetric Encryption ................................................................... 54
Section 3.5: Public Key Infrastructure (PKI) ........................................................ 56
Section 3.6: Cryptographic Implementations ...................................................... 59
Section 4.1: Security Policies .............................................................................. 61
Section 4.2: Manageable Network Plan .............................................................. 65
Section 4.3: Business Continuity ........................................................................ 67
Section 4.4: Risk Management ........................................................................... 69
Section 4.5: Incident Response .......................................................................... 72
Section 4.6: Social Engineering .......................................................................... 75
Section 4.7: Certification and Accreditation ........................................................ 78
Section 4.8: Development ................................................................................... 81
Section 4.9: Employee Management .................................................................. 83
Section 4.10: Third-Party Integration .................................................................. 86
Section 5.1: Physical Security ............................................................................. 88
Section 5.2: Hardware Security........................................................................... 91
Section 5.3: Environmental Controls ................................................................... 93
Section 5.4: Mobile Devices ................................................................................ 96
Section 5.5: Mobile Device Security Enforcement .............................................. 99
Section 5.6: Telephony ..................................................................................... 101
Section 6.1: Networking Layer Protocol Review ............................................... 103
Section 6.2: Transport Layer Protocol Review .................................................. 105
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
1
Section 6.3: Perimeter Attacks 1 ....................................................................... 108
Section 6.4: Perimeter Attacks 2 ....................................................................... 111
Section 6.5: Security Appliances ...................................................................... 113
Section 6.6: Demilitarized Zones (DMZ) ........................................................... 116
Section 6.7: Firewalls ........................................................................................ 118
Section 6.8: Network Address Translation (NAT).............................................. 120
Section 6.9: Virtual Private Networks (VPN) ..................................................... 122
Section 6.10: Web Threat Protection ................................................................ 124
Section 6.11: Network Access Control (NAC) ................................................... 126
Section 6.12: Wireless Overview ...................................................................... 128
Section 6.13: Wireless Attacks ......................................................................... 130
Section 6.14: Wireless Defenses ...................................................................... 132
Section 7.1: Network Devices ........................................................................... 135
Section 7.2: Network Device Vulnerabilities ...................................................... 136
Section 7.3: Switch Attacks ............................................................................... 138
Section 7.4: Router Security ............................................................................. 139
Section 7.5: Switch Security ............................................................................. 141
Section 7.6: Intrusion Detection and Prevention ............................................... 144
Section 7.7: SAN Security ................................................................................. 147
Section 8.1: Malware ........................................................................................ 149
Section 8.2: Password Attacks ......................................................................... 152
Section 8.3: Windows System Hardening ......................................................... 154
Section 8.4: Hardening Enforcement ................................................................ 157
Section 8.5: File Server Security ....................................................................... 159
Section 8.6: Linux Host Security ....................................................................... 162
Section 8.7: Static Environment Security .......................................................... 164
Section 9.1: Web Application Attacks ............................................................... 166
Section 9.2: Internet Browsers .......................................................................... 169
Section 9.3: E-mail ............................................................................................ 171
Section 9.4: Network Applications..................................................................... 173
Section 9.5: Virtualization ................................................................................. 175
Section 9.6: Application Development .............................................................. 178
Section 10.1: Redundancy ................................................................................ 181
Section 10.2: Backup and Restore.................................................................... 184
Section 10.3: File Encryption ............................................................................ 186
Section 10.4: Secure Protocols ......................................................................... 188
Section 10.5: Cloud Computing ........................................................................ 191
Section 11.1: Vulnerability Assessment ............................................................ 193
Section 11.2: Penetration Testing ..................................................................... 196
Section 11.3: Protocol Analyzers ...................................................................... 198
Section 11.4: Log Management ........................................................................ 200
Section 11.5: Audits .......................................................................................... 203
Security Pro Practice Exams ............................................................................ 205
Security+ Practice Exams ................................................................................. 206
SSCP Practice Exams ...................................................................................... 207
Appendix A: Approximate Time for the Course ................................................. 208
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
2
Appendix B: Security Pro 2014 Changes .......................................................... 212
Appendix C: Security Pro Objectives ................................................................ 217
Appendix D: CompTIA Security+ (2014 Edition) Exam SY0-401 Objectives .... 222
Appendix E: (ISC)2 SSCP Objectives ............................................................... 238
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
3
Course Overview
This course prepares students for TestOut’s Security Pro, CompTIA’s Security+,
and (ISC)2's SSCP certification exams.
Module 1 – Introduction
This module introduces the students to the challenges of protecting electronic
information and using the LabSim simulator.
Module 2 – Access Control and Identity Management
In this module students will learn concepts about controlling access to system
resources. They will learn the access control models, terminology, best practices,
tools, and remote and network considerations to controlling access.
Module 3 – Cryptography
This module teaches the students about cryptographic attacks and the tools to
ensure data integrity. They will learn about hashing, symmetric and asymmetric
encryption, and certificates. Methods of implementing cryptography are also
presented.
Module 4 – Policies, Procedures, and Awareness
This module discusses security policies, procedures and security awareness.
Students will learn security classification levels, documents, business continuity
plans, risk management considerations, incident response, trusted computing,
software development concerns, and management of employees.
Module 5 – Physical Security
This module examines the fundamentals of physically securing access to
facilities and computer systems, protecting a computer system with proper
environmental conditions and fire-suppression systems, and securing mobile
devices and telephony transmissions.
Module 6 – Perimeter Defenses
In this module students will learn concepts about perimeter defenses to increase
network security. Topics covered will include types of perimeter attacks, security
zones and devices, configuring a DMZ, firewalls, NAT router, VPNs, protections
against web threats, Network Access Protection (NAP) and security for wireless
networks.
Module 7 – Network Defenses
This module discusses network device vulnerabilities and defenses, providing
security for a router and switch, and implementing intrusion monitoring and
prevention.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
4
Module 8 – Host Defenses
In this module students will learn about the types of malware and how to protect
against them, protecting against password attacks, recommendations for
hardening a Windows system, configuring GPOs to enforce security, managing
file system security, and procedures to increase network security of a Linux
system.
Module 9 – Application Defenses
This module discusses basic concepts of securing web applications from attacks,
fortifying the internet browser, securing e-mail from e-mail attacks, concerns
about networking software, and security considerations when using a virtual
machine.
Module 10 – Data Defenses
This module discusses the elements of securing data, such as, implementing
redundancy through RAID, proper management of backups and restores, file
encryption, implementing secure protocols, and cloud computing.
Module 11 – Assessments and Audits
This module examines tools that can be used to test and monitor the vulnerability
of systems and logs that provide a system manager to track and audit a variety of
events on a system.
Practice Exams
In Practice Exams students will have the opportunity to test themselves and
verify that they understand the concepts and are ready to take the certification
exam. The practice exams are divided into three separate areas and will contain
examples of the types of questions that a student will find on the actual exam:



Security Pro Certification Practice Exams
Security+ Practice Exams
SSCP Practice Exams
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
5
Course Introduction for Instructors
This course provides students with the knowledge to become industry certified as
a Security professional. This course actually meets the specifications for three
different industry certification programs. It prepares the student for the following:



TestOut's Security Pro certification
CompTIA's Security+ certification
(ISC)2's SSCP certification
TestOut’s Security Pro certification is a new certification which measures not just
what you know, but what you can do. The TestOut Security Pro Certification
(2012 edition) measures your ability to manage security threats and harden
security for computer systems. The following knowledge domains are addressed:









Access Control and Identity Management
Policies, Procedures, and Awareness
Physical Security
Perimeter Defenses
Network Defenses
Host Defenses
Application Defenses
Data Defenses
Audits and Assessments
Security Pro objectives are listed in Appendix C: Security Pro Objectives.
CompTIA’s Security+ certification is an international, vendor-neutral certification
that verifies the student can apply knowledge to applying security concepts, tools
and procedures to react to security incidents. Security+ Exam SY0-401(2014
edition) covers general knowledge of security concepts, threats, and tools. The
following knowledge domains are addressed:






Network Security
Compliance and Operational Security
Threats and Vulnerabilities
Application, Data and Host Security
Access Control and Identity Management
Cryptography
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
6
Security+ objectives are listed in Appendix D: CompTIA Security+ (2014
Edition) Exam SY0-401 Objectives.
(ISC)2’s SSCP certification (2012 edition) ensures students have the skills to
safeguard against threats and the knowledge to apply security concepts, tools,
and procedures. The following knowledge domains are addressed:







Access Control
Security Operations & Administration
Monitoring and Analysis
Risk, Response, and Recovery
Cryptography
Networks and Communications
Malicious Code and Attacks
SSCP objectives are listed in Appendix E: (ISC)2 SSCP Objectives.
The section introductions in LabSim and the lesson plans list the objectives that
are met for each of the exams in that section.
The following icons are placed in front of lesson items in LabSim to help students
quickly recognize the items in each section:
= Demonstration
= Exam
= Lab/Simulation
= Text lesson or fact sheet
= Video
The video and demonstration icons are used throughout the lesson plans to help
instructors differentiate between the timing for the videos and demonstrations.
In the lesson plans the Total Time for each section is calculated by adding the
approximate time for each section which is calculated using the following
elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes is assigned per simulation. This is the amount of
time it would take for a knowledgeable student to complete the lab activity.
Plan that the new students will take much longer than this depending upon
their knowledge level and computer experience.)
Questions (1 minute per question)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
7
Appendix A: Approximate Time for the Course contains all the times for each
section which are totaled for the whole course.
Comparison of Security+ and SSCP Objectives Covered in LabSim
Security Pro
The following table maps out where the Security+ and SSCP objectives are
covered in the Security Pro course. (Remember the objectives are in the
appendices.)
CompTIA Security+
Exam
SSCP Exam
Objectives
Objectives
1.3, 2.9
2.9
N/A
N/A
Security Pro Sections
X = This section meets objectives for the identified
exam.
1.0 Introduction
1.1 Security Overview
1.2 Using the Simulator
2.0 Access Control and Identity Management
2.1 Access Control Models
1.2, 2.7, 5.1, 5.2
1.1, 1.2, 1.4, 1.5
2.2 Authentication
5.2
1.3
2.3 Authorization
1.2, 4.4, 5.2, 5.3
1.1, 1.2
2.4 Access Control Best Practices
1.2, 2.1, 5.2
2.5 Active Directory Overview
2.6 Windows Domain Users and Groups
5.3
1.1, 1.2
2.7 Linux Users
5.3
1.1, 1.2
2.8 Linux Groups
5.3
1.1, 1.2
5.3
1.1, 1.2
4.3, 5.2, 5.3
1.1, 1.2
2.9 Linux User Security
2.10 Group Policy Overview
2.11 Hardening Authentication 1
5.2, 5.3
2.12 Hardening Authentication 2
5.2
2.13 Remote Access
1.3, 5.1, 5.2, 6.2
2.14 Network Authentication
3.2, 5.1, 5.2, 6.2
2.15 Identity Management
6.3
1.6
3.0 Cryptography
3.1 Cryptography
4.4, 6.1, 6.2, 6.3
5.1, 5.2, 5.3
3.2 Hashing
6.1, 6.2
5.1
3.3 Symmetric Encryption
6.1, 6.2
5.1
3.4 Asymmetric Encryption
6.1, 6.2, 6.3
3.5 Public Key Infrastructure (PKI)
6.1, 6.3
5.3
3.6 Cryptography Implementations
4.4, 6.1, 6.2
5.4
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
8
4.0 Policies, Procedures, and Awareness
4.1 Security Policies
2.1, 2.3, 2.6, 4.4
2.2, 2.3, 2.4, 2.5, 2.8
4.2 Manageable Network Plan
3.7
2.2
4.3 Business Continuity
2.8
4.4
4.4 Risk Management
2.1, 2.3, 3.7
4.1
4.5 Incident Response
2.3, 2.4, 2.5, 4.4
4.3
4.6 Social Engineering
2.6, 3.2, 3.3
7.3
4.7 Certification and Accreditation
2.6, 4.3
2.4, 5.2
4.8 Development
3.7, 4.1
2.4
4.9 Employee Management
2.1, 2.6
2.1, 2.2
4.10 Third-Party Integration
2.2
1.5
2.7, 2.9, 5.1, 5.2
4.2
2.3, 2.7, 4.3
2.2
2.7
2.3
3.2, 4.2, 4.4
2.7
5.0 Physical Security
5.1 Physical Security
5.2 Hardware Security
5.3 Environmental Controls
5.4 Mobile Devices
5.5 Mobile Device Security Enforcement
5.6 Telephony
4.2, 4.4
1.3
6.2
1.2, 1.3, 1.4, 3.6
6.1
1.4
6.1
3.2, 3.7
7.3
6.0 Perimeter Defenses
6.1 Network Layer Protocol Review
6.2 Transport Layer Protocol Review
6.3 Perimeter Attacks 1
6.4 Perimeter Attacks 2
3.2, 3.7, 4.4
7.3
6.5 Security Appliances
1.1, 1.2, 1.3, 4.3
1.5, 6.1, 6.4
6.6 Demilitarized Zones (DMZ)
6.7 Firewalls
1.1, 1.3
1.1, 1.2, 4.3
6.4
6.8 Network Address Translation (NAT)
1.3
6.9 Virtual Private Networks (VPN)
1.1
6.3
6.10 Web Threat Protection
1.1
4.1, 7.1
6.11 Network Access Control (NAC)
1.3
6.1
6.12 Wireless Overview
6.13 Wireless Attacks
6.14 Wireless Defenses
1.5
3.4, 4.4
6.5
1.2, 1.5, 5.1, 6.2
6.5
7.0 Network Defenses
7.1 Network Devices
7.2 Network Device Vulnerabilities
1.1
3.1, 3.2, 5.3
7.3 Switch Attacks
3.2
7.4 Router Security
1.4, 2.7
7.5 Switch Security
7.6 Intrusion Detection and Prevention
7.7 SAN Security
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
1.2, 1.3, 3.6
1.1, 2.1, 3.6, 3.7
3.1, 3.2, 5.2, 7.2
1.4, 4.4, 6.2
9
8.0 Host Defenses
8.1 Malware
3.1, 4.3
8.2 Password Attacks
2.6, 3.2, 3.6, 5.3
8.3 Windows System Hardening
3.6, 3.7, 4.3, 5.2
8.4 Hardening Enforcement
7.1, 7.2, 7.3, 7.4
2.3
4.3, 5.2, 5.3
8.5 File Server Security
1.2, 1.4, 2.3, 4.4, 5.2, 5.3
1.4
8.6 Linux Host Security
1.2, 2.3, 3.6
4.2
8.7 Static Environment Security
4.5
9.0 Application Defenses
9.1 Web Application Attacks
9.2 Internet Browsers
9.3 E-mail
2.3, 2.6, 3.2, 3.5, 4.1, 4.3
7.1, 7.3, 7.4
3.5
3.2, 6.2
5.4, 7.1, 7.3
2.6, 3.2, 4.3
7.2
9.5 Virtualization
1.1, 1.3, 2.1, 4.3
1.7, 2.7
9.6 Application Development
3.6, 3.7, 4.1, 4.4
9.4 Network Applications
10.0 Data Defenses
10.1 Redundancy
10.2 Backup and Restore
10.3 File Encryption
2.1, 2.8
4.1
2.8
2.8
4.4, 6.2
10.4 Secure Protocols
1.4, 5.1, 6.2
5.2, 5.4
10.5 Cloud Computing
1.3, 2.1, 4.4
1.7, 2.7
2.1, 3.6, 3.7, 3.8
2.6, 4.2
11.2 Penetration Testing
3.8
2.6, 4.2
11.3 Protocol Analyzers
1.1, 3.7
2.6
11.4 Log Management
1.2, 2.3, 3.6, 3.8
3.1, 3.2
2.3, 3.8
3.1, 3.2
11.0 Assessments and Audits
11.1 Vulnerability Assessment
11.5 Audits
Certification Practice Exams
Security Pro Practice Exams
Security+ Practice Exams
SSCP Practice Exams
X
X
In addition to covering everything the student needs to know for the Security+
and SSCP exams, this course has been designed to help students gain realworld skills that they will use every day on-the-job as a Security professional. The
real world skills are what is needed to pass the Security Pro Certification exam.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
10
Section 1.1: Security Overview
Summary
This section provides an overview of security. Basics discussed include:








Security challenges:
o Sophistication of attacks
o Proliferation of attack software
o Scale and velocity of attacks
Common security terms:
o Confidentiality
o Integrity
o Availability
o Non-repudiation
CIA of Security
Key Security Components:
o Physical security
o Users and administrators
o Policies
Risk Management items to take into account:
o Asset
o Threat
o Threat agent
o Vulnerability
o Exploit
Types of threat agents:
o Employee
o Spy
o Hacker
Steps of attack strategies:
o Reconnaissance
o Breach
o Escalate privileges
o Stage
o Exploit
Defense methodologies:
o Layering
o Principle of least privilege
o Variety
o Randomness
o Simplicity
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
11
Security+ Exam Objectives:
1.3 Explain network design elements and compounds.
o Layered security / Defense in depth
2.9 Given a scenario, select the appropriate control to meet the goals of
security.
o Confidentiality
 Encryption
 Access controls
 Steganography
o Integrity
 Hashing
 Digital signatures
 Certificates
 Non-repudiation
o Availability
 Redundancy
 Fault tolerance
 Patching
SSCP Exam Objectives:

2.9 Understand security concepts (e.g., confidentiality, integrity,
availability, privacy).
Lecture Focus Questions:







What challenges does a security professional face?
What is the difference between integrity and non-repudiation?
What process provides confidentiality by converting data into a form that it
is unlikely to be usable by an unintended recipient?
What are the three main goals of the CIA of Security?
Which security expression refers to verifying that someone is who they
say they are?
What are key components of risk management?
What are three types of threat agents?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
12
Video/Demo
Time
1.1.1 Security Challenges
8:22
1.1.2 Security Roles and Concepts
5:36
1.1.3 Threat Agent Types
8:20
1.1.5 General Attack Strategy
8:51
1.1.6 General Defense Strategy
Total
18:25
49:34
Number of Exam Questions
12 questions
Total Time
About 70 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
13
Section 1.2: Using the Simulator
Summary
This section introduces the student to the TestOut simulator, which is used in
most of the lab exercises throughout the course. Students will become familiar
with the:






Scenario
Main Bench
Shelf
Selected Component
Processes to complete labs
Elements of the Score Report
Students will learn how to:






Read simulated component documentation and view components to make
appropriate choices to meet the scenario.
Add and remove simulated computer components.
Change views to view and add simulated components.
Use the zoom feature to view additional image details.
Attach simulated cables.
Use the simulation interface to identify where simulated cables connect to
the computer.
Video/Demo
1.2.1 Using the Simulator
Time
13:19
Lab/Activity


Configure a Security Appliance
Install a Security Appliance
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
14
Section 2.1: Access Control Models
Summary
This section discusses access control models. Basics discussed include:









Access control involves:
o Objects
o Subjects
o System
Processes of the access control:
o Identification
o Authentication
o Authorization
o Auditing (also referred to as accounting)
Access controls can be classified according to the function they perform:
o Preventive
o Detective
o Corrective
o Deterrent
o Recovery
o Compensative
Access control measures to restrict or control access:
o Administrative
o Technical
o Physical
Directory services
Common access control models:
o Mandatory Access Control (MAC)
o Discretionary Access Control (DAC)
o Role-Based Access Control (RBAC)
o Rule Set-Based Access Control (RSBAC)
o Federated Access Control
Discretionary access controls
Access control models
Academic security models:
o Bell-LaPadula
o Biba
o Clark-Wilson
o State machine
o Brewer and Nash Module/Chinese Wall
o Take-Grant
o Combination models
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
15
Students will learn how to:

Implement DAC by configuring a discretionary access control list (DACL).
Security+ Exam Objectives:




1.2 Given a scenario, use secure network administration principles.
o Rule based management
o Access control lists
2.7 Compare and contrast physical security and environmental controls.
o Control types
 Deterrent
 Preventive
 Detective
 Compensating
 Technical
 Administrative
5.1 Compare and contrast the function and purpose of authentication
services.
o SAML
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Identification vs. authentication vs. authorization
o Authorization
 Least privilege
 Separation of duties
 ACLs
 Mandatory access
 Discretionary access
 Rule-based access control
 Role-based access control
 Time of day restrictions
o Authentication
 Access control
o Identification
 Personal identification verification card
 Username
o Federation
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
16


1.4 Apply Access Control Concepts (e.g., least privilege, and separation of
duties).
o Discretionary Access Control (DAC)
o Non-discretionary Access Control
1.5 Manage Internetwork Trust Architectures (e.g., extranet, third party
connections, federated access).
Security Pro Exam Objectives:

5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Implement access lists, deny everything else
Lecture Focus Questions:







What is access control and why is it important?
How does the Discretionary Access Control (DAC) provide access
control?
What type of entries does the Discretionary Access Control List (DACL)
contain?
What is the function of each of the two types of labels used by the
Mandatory Access Control (MAC) access model?
What is the difference between role-based access control and rule-based
access control?
How are Rule-Based Access Control and Mandatory Access Control
(MAC) similar?
In security terms, what does AAA refer to?
Video/Demo
Time
2.1.1 Access Control Models
3:38
2.1.5 Implementing Discretionary Access Control
6:09
Total
9:47
Number of Exam Questions
15 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
17
Section 2.2: Authentication
Summary
In this section students will learn the basics of identification and authentication.
Concepts covered in this section include:






Ways a User can prove identity to an authentication server:
o Type 1 Something you know
o Type 2 Something you have
o Type 3 Something you are
o Type 4 Somewhere you are
o Type 5 Something you do
Terms used to measure the effective of authentication solutions:
o False negative
o False positive
o Crossover error rate
o Processing rate
Authentication methods used to increase security:
o Two-factor
o Three-factor
o Multi-factor
o Strong
o One-factor
o Mutual
Considerations when implementing biometrics
Single Sign-on (SSO) authentication:
o Advantages of SSO
o Disadvantages of SSO
SSO solutions:
o Kerberos
o Secure European System for Applications in a Multi-Vendor
Environment (SESAME)
o Directory services
Students will learn how to:



Use a biometric scanner to enroll (record) fingerprints that can be used for
authentication.
Configure fingerprint settings to automate execution of an application.
Use single sign-on to access all authorized resources on the network.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
18
Security+ Exam Objectives:

5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Identification vs. authentication vs. authorization
o Authentication
 Tokens
 Common access card
 Smart card
 Multifactor authentication
 TOTP
 HOTP
 Single sign-on
 Access control
o Authentication factors
 Something you are
 Something you have
 Something you know
 Somewhere you are
 Something you do
o Identification
 Biometrics
 Personal identification verification card
 Username
SSCP Exam Objectives:

1.3 Implement Authentication Mechanisms (e.g., single/multi-factor
authentication, single sign-on, offline authentication).
Lecture Focus Questions:







What is the difference between authentication and identification?
Which authentication type is the most common?
Which form of authentication is generally considered the strongest?
What is the difference between synchronous and asynchronous token
devices?
Which type of biometric processing error is more serious, a false positive
or a false negative? Why?
What is the difference between strong authentication, two-factor
authentication, and multi-factor authentication?
What are the main advantages of SSO authentication? Disadvantages?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
19
Video/Demo
Time
2.2.1 Authentication Part 1
11:26
2.2.2 Authentication Part 2
8:53
2.2.4Using a Biometric Scanner
3:49
2.2.5 Using Single Sign-on
Total
12:20
36:28
Number of Exam Questions
15 questions
Total Time
About 60 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
20
Section 2.3: Authorization
Summary
This section examines using authorization to control access to resources.
Concepts covered include:



Types of NTFS access lists:
o Discretionary Access Control List (DACL)
o System Access Control List (SACL)
The role of a security principal
Types of permission:
o Effective Permissions
o Deny Permissions
o Cumulative Permissions
Students will learn how to:



Create a group and add members to the group.
Examine the elements of an access token using whoami /all.
After changes to user privileges, gain access to newly assigned resources
by creating a new access token (logging on again).
Security+ Exam Objectives:




1.2 Given a scenario, use secure network administration principles.
o Access control lists
4.4 Implement the appropriate controls to ensure data security.
o Permissions/ACL
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Identification vs. authentication vs. authorization
o Authorization
 ACLs
 Discretionary access control
o Authentication
 Access control
5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Group based privileges
o User assigned privileges
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
21
SSCP exam objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
Lecture Focus Questions:





What three types of information make up an access token?
How is the access token used to control access to resources?
On a Microsoft system, when is the access token generated?
What types of objects are considered security principals?
What is the difference between a discretionary access control list (DACL)
and a system access control list (SACL)?
Video/Demo
Time
2.3.1 Authorization
5:15
2.3.2 Cumulative Access
9:37
2.3.4 Examining the Access Token
9:08
Total
24:00
Number of Exam Questions
4 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
22
Section 2.4: Access Control Best Practices
Summary
This section provides information about best practices to control access to
system resources. Concepts covered include:




Security practices:
o Principle of least privilege
o Need to know
o Separation of duties
o Job rotation
o Defense-in-depth
Creeping privileges
Precautions to avoid creeping privileges
End-of-life procedures for media
Students will learn how to:


Enable and disable User Account Control (UAC).
Use alternate credentials to run programs that require elevated privileges.
Security+ Exam Objectives:



1.2 Given a scenario, use secure network administration principles.
o Implicit deny
2.1 Explain the importance of risk related concepts.
o Importance of policies in reducing risks
 Job rotation
 Separation of duties
 Least privilege
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authorization
 Least privilege
 Separation of duties
o Authentication
 Implicit deny
Security Pro Exam Objectives:

5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Implement access lists, deny everything else
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
23
Lecture Focus Questions:





What is the difference between implicit deny and explicit allow?
What is the difference between implicit deny and explicit deny? Which is
the strongest?
How does implementing the principle of separation of duties increase the
security in an organization?
What aspects of security does job rotation provide?
How do creeping privileges occur?
Video/Demo
2.4.1 Access Control Best Practices
2.4.3 Viewing Implicit Deny
Total
Time
3:12
10:13
13:25
Number of Exam Questions
12 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
24
Section 2.5: Active Directory Overview
Summary
This section provides an overview of Active Directory. Concepts covered include:

Active Directory components:
o Domain
o Trees and Forests
o Organizational Unit (OU)
o Generic Containers
o Objects
o Domain Controller
Students will learn how to:



Open and navigate the Active Directory Users and Computers dialog.
Distinguish between Organizational Unit (OU) and folder resources.
View and edit user and group account properties.
Lecture Focus Questions:




What is the purpose of a domain?
What is the difference between a tree and a forest?
How do Organizational Units (OUs) simplify administration of security?
What are the advantages of a hierarchical directory database over a flat
file database?
Video/Demo
Time
2.5.1 Active Directory Introduction
9:04
2.5.2 Active Directory Structure
9:24
2.5.3 Viewing Active Directory
8:05
Total
26:33
Number of Exam Questions
3 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
25
Section 2.6: Windows Domain Users and Groups
Summary
This section discusses managing Windows domain users and groups. Concepts
covered include:

User Account Management:
o Creating users
o Recommendations of managing user accounts
o Directory object attributes
o Managing users as groups
Students will learn how to:





Create domain user accounts.
Modify user account properties, including changing logon and password
settings in the user account.
Rename a user account.
Reset a user account password and unlock the account.
Enable and disable an account.
Security+ Exam Objectives:

5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Credential management
 Group policy
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password history
 Password reuse
 Password length
 Generic account prohibition
o Group based privileges
o User assigned privileges
o User access reviews
o Continuous monitoring
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
26
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
Security Pro Exam Objectives:


1.1 Create, modify, and delete user profiles.
o Manage Windows Domain Users and Groups
 Create, rename, and delete users and groups
 Lock and unlock user accounts
 Assign users to appropriate groups
 Change a user's password
1.2 Harden authentication.
o Configure the Domain GPO to control local administrator group
membership and Administrator password
Lecture Focus Questions:





What is the purpose of a domain?
What is the difference between a disabled, locked out, or expired user
account?
What is the best way to handle a user's account when an employee quits
the company and will be replaced by a new employee in the near future?
What are the recommendations for using a template user account?
What properties of a user account do not get duplicated when you copy
the user?
Video/Demo
Time
2.6.1 Creating User Accounts
4:50
2.6.2 Managing User Account Properties
7:45
2.6.5 Managing Groups
5:05
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
17:40
27
Lab/Activity




Create User Accounts
Manage User Accounts
Create a Group
Create Global Groups
Number of Exam Questions
5 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
28
Section 2.7: Linux Users
Summary
This section examines managing Linux users. Concepts covered include:




Options for storing Linux user and group information
Files used when files are stored in the local file system:
o /etc/passwd
o /etc/shadow
o /etc/group
o /etc/gshadow
Configuration files used when managing user accounts:
o /etc/default/useradd
o /etc/login.defs
o /etc/skel
Manage user accounts with the following commands:
o useradd
o passwd
o usermod
o userdel
Students will learn how to:



Create, rename, lock, and unlock a user account.
Change a user's password.
Rename or remove a user account.
Security+ Exam Objectives:

5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Credential management
 Group policy
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password history
 Password reuse
 Password length
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
29
 Generic account prohibition
o User assigned privileges
o User access reviews
o Continuous monitoring
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
Security Pro Exam Objectives:

1.1 Create, modify, and delete user profiles.
o Manage Linux Users and Groups
 Create, rename, and delete users and groups
 Assign users to appropriate groups
 Lock and unlock user accounts
 Change a user's password
Lecture Focus Questions:





Which directory contains configuration file templates that are copied into a
new user's home directory?
When using useradd to create a new user account, what type of default
values create the user account?
How can you view all the default values in the /etc/default/useradd file?
How would you create a user with useradd that does not receive the
default values in /etc/default/useradd file?
Which command deletes a user and their home directory at the same
time?
Video/Demo
2.7.1 Linux User and Group Overview
2.7.2 Managing Linux Users
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
Time
19:14
9:28
28:42
30
Lab/Activity






Create a User Account
Rename a User Account
Delete a User
Change Your Password
Change a User’s Password
Lock and Unlock User Accounts
Number of Exam Questions
7 questions
Total Time
About 70 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
31
Section 2.8: Linux Groups
Summary
This section examines managing Linux groups. Concepts covered include:

Commands to manage group accounts and group membership:
o groupadd
o groupmod
o groupdel
o gpasswd
o newgrp
o usermod
o groups
Students will learn how to:



Create groups and define the group ID.
Change secondary group membership for specific user accounts.
Enable a group password.
Security+ Exam Objectives:

5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Credential management
o Group based privileges
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
Security Pro Exam Objectives:

1.1 Create, modify, and delete user profiles.
o Manage Linux Users and Groups
 Create, rename, and delete users and groups
 Assign users to appropriate groups
 Change a user's password
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
32
Lecture Focus Questions:



Which usermod option changes the secondary group membership?
Which command removes all secondary group memberships for specific
user accounts?
Which groupmod option changes the name of a group?
Video/Demo
2.8.1 Managing Linux Groups
Time
3:15
Lab/Activity



Rename and Create Groups
Add Users to a Group
Remove a User from a Group
Number of Exam Questions
3 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
33
Section 2.9: Linux User Security
Summary
In this section students will explore user security for Linux. Details about the
following concepts will be covered:



Considerations for user security
Commands used to promote user security and restrictions
o chage
o ulimit
The /etc/security/limits.conf file
o Entry options:
 Entity
 Type
 Limits
 Value
Students will learn how to:




Configure password aging.
Configure password login limits.
Configure the maximum concurrent logins by a user.
Use the ulimit command to restrict user resource usage.
Security+ Exam Objectives:

5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password length
o Group based privileges
o User assigned privileges
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
34
o Requirements for access controls
o Object groups
Security Pro Exam Objectives:

1.1 Create, modify, and delete user profiles.
o Manage Linux Users and Groups.
 Configure password aging.
o Restrict use of common access accounts.
Lecture Focus Questions:





When using chage to set expiration of user passwords, which option sets
the number of days for the password warning message?
What is the difference between hard and soft limits?
When using ulimit to limit computer resources used for applications
launched from the shell, which option displays the current limits?
What command removes all restrictions for process memory usage?
Why should passwords not expire too frequently?
Video/Demo
Time
2.9.1 Linux User Security and Restrictions
9:53
2.9.2 Configuring Linux Users Security and Restrictions
6:40
Total
16:33
Number of Exam Questions
5 questions
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
35
Section 2.10: Group Policy Overview
Summary
This section provides an overview of using Group Policy to apply multiple objects
within the Active Directory domain at one time. Concepts covered include:




The role of GPOs
GPO Categories:
o Computer Configuration
o User Configuration
How GPOs apply to objects
The order in which GPOs are applied
Students will learn how to:





View the setting defined in a GPO.
Create a GPO.
Link a GPO to OUs.
Edit the settings of a GPO.
Import GPO settings.
Security+ Exam Objectives:



4.3 Given a scenario, select the appropriate solution to establish host
security.
o Operating system security and settings
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authentication
 Access control
5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password length
o Group based privileges
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
36
SSCP Exam Objectives:


1.1 Implement Logical Access Controls in Terms of Subjects.
o Requirements for access controls
1.2 Implement Logical Access Controls in Terms of Objects.
o Requirements for access controls
o Object groups
Security Pro Exam Objectives:


1.1 Create, modify, and delete user profiles.
o Manage Windows Local Users and Groups
 Restrict use of local user accounts
o Restrict use of common access accounts
1.2 Harden authentication.
o Configure the Domain GPO to enforce User Account Control
Lecture Focus Questions:






When are user policies applied?
How do computer policies differ from user policies?
How do GPOs applied to an OU differ from GPOs applied to a domain?
What is the order in which GPOs are applied?
If a setting is undefined in one GPO and defined in another, which setting
is used?
If a setting is defined in two GPOs, which setting is applied?
Video/Demo
Time
2.10.1 Group Policy Overview
8:41
2.10.2 Viewing Group Policy
14:31
Total
23:12
Lab/Activity

Create and Link a GPO
Number of Exam Questions
3 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
37
Section 2.11: Hardening Authentication 1
Summary
This section discusses methods of hardening authentication. Basics discussed
include:


Methods of authentication:
o Account lockout
o Account restrictions
o Account (password) policies
Considerations for controlling user account and password security
Students will learn how to:






Control logical access by configuring user account and account lockout
policies.
Configure day/time restrictions, computer restrictions, and expiration dates
for user accounts.
Enable and disable user accounts.
Configure the password policy for a domain.
Using Group Policy Management, configure security settings such as
password policy settings to define requirements for user passwords.
Using Group Policy Management, configure user right assignments to
identify actions users can perform on a system.
Security+ Exam Objectives:


5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authorization
 Time of day restrictions
5.3 Install and configure security controls when performing account
management, based on best practices.
o Account policy enforcement
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password length
Security Pro Exam Objectives:

1.1 Create, modify, and delete user profiles.
o Manage Windows Local Users and Groups
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
38


 Restrict use of local user accounts
o Restrict use of common access accounts
1.2 Harden authentication.
o Configure Domain GPO Account Policy to enforce a robust
password policy
o Disable or rename default accounts such as Guest and
Administrator
5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Use secure passwords
Lecture Focus Questions:





What characteristics on a Microsoft system typically define a complex
password?
What is the clipping level and how does it affect an account login?
What does the minimum password age setting prevent?
What is a drawback to account lockout for failed password attempts?
What are the advantages of a self-service password reset management
system?
Video/Demo
2.11.1 Hardening Authentication
2.11.2 Configuring User Account Restrictions
Time
19:31
9:30
2.11.4 Configuring Account Policies and UAC Settings
14:18
2.11.6 Hardening User Accounts
10:20
Total
53:39
Lab/Activity





Configure User Account Restrictions
Configure Account Policies
Restrict Local Accounts
Secure Default Accounts
Enforce User Account Control
Number of Exam Questions
11 questions
Total Time
About 90 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
39
Section 2.12: Hardening Authentication 2
Summary
This section discusses methods of hardening authentication using smart cards
and fine-grained password policies. Basics discussed include:







Facts about smart cards
Smart card categories:
o Contact smart cards
o Contactless smart cards
Key benefits of smart cards
Weaknesses of smart cards:
o Microprobing
o Software attacks
o Eavesdropping
o Fault generation
The role of granular password policies:
o Acronyms:
 Password Settings Object (PSO)
 Password Settings Container (PSC)
o PSO properties:
 msDS-PSOAppliesTo
 msDS-PasswordSettingsPrecedence
Creating a PSO using ADSI Edit
Using Active Directory Administrative Center to manage granular
passwords
Students will learn how to:


Configure authentication for a smart card.
Implement a fine-grained password policy to create a more restrictive
policy set.
Security+ Exam Objectives:

5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authentication
 Smart card
Security Pro Exam Objectives:

1.1 Create, modify, and delete user profiles.
o Manage Windows Local Users and Groups
 Restrict use of local user accounts
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
40

o Restrict use of common access accounts
1.2 Harden authentication.
o Configure a GPO for Smart Card authentication for sensitive
resources
Lecture Focus Questions:



What are the two different categories of smart cards and how they are
read by the smart card reader?
What are the advantages and disadvantages of using smart cards?
When would you choose to use fine-grained password policies?
Video/Demo
Time
2.12.1 Configuring Smart Card Authentication
6:20
2.12.4 Using Fine-Grained Password Policies
7:00
Total
13:20
Lab/Activity


Configure Smart Card Authentication
Create a Fine-Grained Password Policy
Number of Exam Questions
5 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
41
Section 2.13: Remote Access
Summary
In this section students will learn about remote access. Concepts covered
include:





The role of remote access.
Stages in the remote access process:
o Connection
o Authentication
o Authorization
o Accounting
Implementing a remote access server
Common AAA server solutions:
o Remote Authentication Dial-In User Server (RADIUS)
o Terminal Access Controller Access-Control System Plus
(TACACS+)
Considerations when comparing RADIUS vs. TACACS+
Students will learn how to:




Configure a remote access server to accept remote access connections.
Control remote access authorization using network policies.
Configure ports on a VPN server to allow VPN connections.
Configure a VPN client connection.
Security+ Exam Objectives:




1.3 Explain network design elements and compounds.
o Remote Access
5.1 Compare and contrast the function and purpose of authentication
services.
o RADIUS
o TACACS
o TACACS+
o XTACACS
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authentication
 CHAP
 PAP
6.2 Given a scenario, use appropriate cryptographic methods.
o CHAP
o PAP
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
42
SSCP Exam Objectives:

6.3 Understand remote access.
o Technology (e.g., think client, SSL/VPN)
o Common vulnerabilities
Security Pro Exam Objectives:

1.2 Harden authentication.
o Configure secure remote access.
Lecture Focus Questions:






How does EAP differ from CHAP or MS-CHAP?
What is the difference between authentication and authorization?
How does tunneling protect packets in transit through an unsecured
network?
What are examples of criteria used to restrict remote access?
Which remote server solution performs better and is considered more
secure?
What types of attacks are remote access servers vulnerable to?
Video/Demo
Time
2.13.1 Remote Access
8:43
2.13.3 RADIUS and TACACS+
6:51
Total
15:34
Number of Exam Questions
15 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
43
Section 2.14: Network Authentication
Summary
This section discusses using authentication too connect to a network and access
network resources. Concepts covered include:







The process of a three-way handshake
Authentication methods used for network authentication:
o LAN Manager (LANMAN or LM)
o NT LAN Manager (NTLM)
o Kerberos
The role of Lightweight Directory Access Protocol (LDAP)
Authentication Modes that LDAP supports when binding to a directory
service:
o Anonymous
o Simple
o Simple Authentication and Security Layer (SASL)
Trusts
o One-way trust
o Two-way trust
Transitivity:
o Transitive trust
o Non-transitive trust
Transitive access attack
Students will learn how to:


Edit Kerberos Policy settings using Group Policy Management.
Provide authentication backwards compatibility for pre-Windows 2000
clients using Group Policy.
Security+ Exam Objectives:




3.2 Summarize various types of attacks.
o Transitive access
5.1 Compare and contrast the function and purpose of authentication
services.
o Kerberos
o LDAP
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Transitive trust/authentication
6.2 Given a scenario, use appropriate cryptographic methods.
o NTLM
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
44
o NTLMv2
Security Pro Exam Objectives:


1.2 Harden authentication.
o Implement centralized authentication
1.3 Manage Certificates.
o Configure Domain GPO Kerberos Settings
Lecture Focus Questions:







Using a challenge/response process, what information is exchanged over
the network during logon? How does this provide security for logon
credentials?
What is the difference between authentication with LAN Manager and NT
LAN Manager?
What security vulnerabilities should an administrator be aware of when
using Kerberos for authentication?
What two entities are combined to make up the KDC?
Why does Kerberos require clock synchronization between devices?
What does transitivity define?
How is a non-transitive trust relationship established between domains?
Video/Demo
Time
2.14.1 Network Authentication Protocols
14:09
2.14.2 Network Authentication via LDAP
10:30
2.14.4 Controlling the Authentication Method
6:39
2.14.6 Browsing a Directory Tree via LDAP
6:38
2.14.7 Trusts and Transitive Access
5:33
2.14.9 Credential Management
Total
10:06
53:35
Lab/Activity

Configure Kerberos Policy Settings
Number of Exam Questions
14 questions
Total Time
About 70 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
45
Section 2.15: Identity Management
Summary
This section discusses the role of Identity Management (IDM). Details include:



The role of Identity Management IDM
Advantages of IDM
Terms:
o Identity Vault
o Identity Management Service
o Automated Provisioning
o Automated De-Provisioning
o Automated Maintenance
o Automated De-provisioning
o Automated Maintenance
o Password Synchronization
o Entitlement
o Authoritative Source
SSCP Exam Objectives:

1.6 Implement identity management.
o Provisioning
o Maintenance
o Entitlement
Lecture Focus Questions:




What are the advantages of implementing IDM? Disadvantages?
What is the significance of the authoritative source of an item?
What does entitlement define?
What is automated provisioning?
Video/Demo
2.15.1 Identity Management
Time
16:31
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
46
Section 3.1: Cryptography
Summary
In this section students will learn the basics of cryptography. Concepts covered in
this section include:



Terms related to cryptography:
o Plain text
o Cipher text
o Cryptographer
o Cryptanalysis
o Cryptosystem
o Cryptology
o Key
o Algorithm
o Encryption
o Decryption
o Steganography
o Quantum cryptography
o Initialization vector
o Transposition Cipher
o Substitution Cipher
Attack Types:
o Brute Force Attacks
o Plaintext Attacks
o Analytic
o Weakness Exploitation Attacks
o Encryption attacks
o Man-in-the-middle attack
Countermeasures to strengthen the cryptosystem
Security+ Exam Objectives:


4.4 Implement the appropriate controls to ensure data security.
o Hardware based encryption devices
 TPM
 HSM
 USB encryption
 Hard drive
6.1 Given a scenario, utilize general cryptography concepts.
o Session keys
o Non-repudiation
o Steganography
o Digital signatures
o Use of proven technologies
o Elliptic curve and quantum cryptography
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
47


6.2 Given a scenario, use appropriate cryptographic methods.
o One-time-pads
o Comparative strengths of algorithms
6.3 Given a scenario, use appropriate PKI, certificate management and
associated components.
o Certificate authorities and digital certificates
 CA
 CRLs
o PKI
o Recovery agent
o Public key
o Private key
o Registration
SSCP Exam Objectives:



5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption
mechanisms, performance).
5.2 Understand Requirements for Cryptography (e.g., data sensitivity,
regulatory requirements, end-user training).
5.3 Support Certificate and Key Management.
o Understand basic key management concepts (e.g., public key
infrastructure)
 Certificate authorities and digital certificates
 Administration and validation (e.g., key creation, exchange,
revocation, escrow)
Security Pro Exam Objectives:

1.3 Manage Certificates.
o Approve, deny, and revoke certificate requests
Lecture Focus Questions:







What is a legitimate use for cryptanalysis?
How is the strength of a cryptosystem related to the length of the key?
Which of the following is typically kept secret, the encryption algorithm or
the key (or both)?
What is the difference between a transposition cipher and a substitution
cipher?
What is a legitimate use of steganography?
What methods are used in a brute force attack?
What is the difference between a Registration Authority and a Certificate
Authority?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
48
Video/Demo
3.1.1 Cryptography Concepts
3.1.3 Cryptography Attacks
Total
Time
4:29
17:47
22:16
Number of Exam Questions
15 questions
Total Time
About 45 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
49
Section 3.2: Hashing
Summary
This section examines using hashing to ensure the data integrity of files and
messages in transit. Concepts covered include:




The role of hashing
Predominate hashing algorithms:
o MD5
o SHA-1
o RIPEMD
Uses of hashing:
o File integrity
o Secure logon credential exchange
Considerations regarding hashes
Students will learn how to:


Generate a hash value for a file.
Compare hash values to verify message integrity.
Security+ Exam Objectives:


6.1 Given a scenario, utilize general cryptography concepts.
o Hashing
6.2 Given a scenario, use appropriate cryptographic methods.
o MD5
o SHA
o RIPEMD
SSCP exam objectives:

5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption
mechanisms, performance).
o Install and maintain cryptographic systems
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
50
Lecture Focus Questions:





What security goal or function is provided by hashes?
Why doesn't a hash provide message encryption?
When comparing MD5 and SHA-1, which method provides greater
security? Why?
What is a collision and why is this condition undesirable in a hashing
algorithm?
Why is high amplification an indicator of a good hashing algorithm?
Video/Demo
3.2.1 Hashing
3.2.3 Using Hashes
Total
Time
11:31
7:43
19:14
Number of Exam Questions
12 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
51
Section 3.3: Symmetric Encryption
Summary
This section examines using symmetric encryption to encrypt and decrypt data.
Concepts covered include:



Symmetric encryption uses two algorithm types:
o Block ciphers
o Stream ciphers
Common symmetric cryptography methods include:
o Ron’s Cipher v2 or Ron’s Code v2 (RC2)
o Ron’s Cipher v5 or Ron’s Code v5 (RC5)
o International Data Encryption Algorithm (IDEA)
o Data Encryption Standard (DES)
o Triple DES (3DES)
o Advanced Encryption Standard (AES)
o Blowfish
o Twofish
o SkipJack
The role of Hashed Keyed Message Authentication Code (HMAC)
Students will learn how to:

Perform a brute force analysis of encrypted data to recover original data.
Security+ Exam Objectives:


6.1 Given a scenario, utilize general cryptography concepts.
o Symmetric vs. asymmetric
o In-band vs. out-of-band key exchange
o Fundamental differences and encryption methods
 Block vs. stream
6.2 Given a scenario, use appropriate cryptographic methods.
o MD5
o RIPEMD
o AES
o DES
o 3DES
o HMAC
o RC4
o Blowfish
o TwoFish
o Cipher suites
 Strong vs. weak ciphers
o Key stretching
 PBKDF2
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
52

Bcrypt
SSCP Exam Objectives:

5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption
mechanisms, performance).
Lecture Focus Questions:






A user needs to communicate securely with 5 other users using symmetric
key encryption. How many keys are required?
How are symmetric keys typically exchanged between communication
partners?
What is an advantage of increasing the number of bits in the key? What is
a disadvantage?
Why are symmetric key stream ciphers considered to be slower than
symmetric key block ciphers?
Considering symmetric key stream ciphers and block ciphers, which would
you select to process large amounts of data? Why?
How does 3DES differ from DES?
Video/Demo
Time
3.3.1 Symmetric Encryption
5:27
3.3.2 HMAC
6:13
3.3.4 Cracking a Symmetric Encryption Key
4:11
Total
15:51
Number of Exam Questions
15 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
53
Section 3.4: Asymmetric Encryption
Summary
This section discusses using asymmetric encryption to encrypt and decrypt data.
Details include:


Considerations of asymmetric encryption:
o Asymmetric encryption functionality
o Asymmetric encryption uses:
 Data encryption
 Digital signing
 Key exchange
o Using asymmetric and symmetric encryption together
o Common asymmetric encryption implementations:
 SSL/TLS
 IPSec
 VPNs (PPTP, L2TP, SSTP)
 S/MIME and PGP for e-mail security
 SSH tunnels
o Management considerations
o Protecting data in the event of key compromise
Common asymmetric key cryptography systems:
o Diffie-Hellman Key Exchange
o ElGamal
o Elliptic Curve Cryptography (ECC)
o Merkle-Hellman Knapsack
o Rivest, Shamir, Adelman (RSA)
Security+ Exam Objectives:



6.1 Given a scenario, utilize general cryptography concepts.
o Symmetric vs. asymmetric
o Session keys
o Non-repudiation
o Digital signatures
o Use of proven technologies
o Elliptic curve and quantum cryptography
o Ephemeral key
o Perfect forward secrecy
6.2 Given a scenario, use appropriate cryptographic methods.
o RSA
6.3 Given a scenario, use appropriate PKI, certificate management and
associated components.
o Public key
o Private key
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
54
Lecture Focus Questions:





How do public keys differ from private keys? What is the relationship
between the two?
For which type of environment is asymmetric cryptography best suited?
Why does asymmetric encryption require fewer keys than symmetric
encryption?
What services are provided by the cryptographic service provider (CSP)?
What is the main use for the Diffie-Hellman protocol?
Video/Demo
3.4.1 Asymmetric Encryption
Time
8:56
Number of Exam Questions
12 questions
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
55
Section 3.5: Public Key Infrastructure (PKI)
Summary
This section examines using a public key infrastructure (PKI) to issue and
manage certificates. Details include:







The role of a digital certificate
Process used to request, issue, and manage certificates
Example of using SSL and certificates to secure Web transactions
Terms to be familiar with:
o Certificate Authority (CA)
o Subordinate Certificate Authority
o Certificate Practice Statement (CPS)
o Cryptographic Service Provider (CSP)
o Online Certificate Status Protocol (OCSP)
o Certificate Revocation List (CRL)
o CRL Distribution Point (CDP)
o Registration Authority (RA)
o X.509
o Enrollment agent
o Authority Information Access (AIA)
A summary of the certificate lifecycle
Certificate management areas:
o Key protection
o Certificate validation
o Key archival
o Key escrow
o Certificate revocation
o Crypto period
o Certificate renewal
o Key disposal
Considerations when managing a public key infrastructure (PKI):
o PKI hierarchy
o Cross certification
o Dual key pairs
Students will learn how to:





Manage certificates by requesting, approving, and installing certificates.
Revoke a certificate and publish it to the CRL.
Create and configure a subordinate CA.
Manage certificate templates by deploying certificates for different
purposes.
Create and issue custom certificate templates.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
56
Security+ Exam Objectives:


6.1 Given a scenario, utilize general cryptography concepts.
o Key escrow
6.3 Given a scenario, use appropriate PKI, certificate management and
associated components.
o Certificate authorities and digital certificates
 CA
 CRLs
 OCSP
 CSR
 PKI
 Recovery agent
 Public key
 Private key
 Registration
 Key escrow
 Trust models
SSCP Exam Objectives:

5.3 Support Certificate and Key Management.
o Understand basic key management concepts (e.g., public key
infrastructure)
 Certificate authorities and digital certificates
 Administration and validation (e.g., key creation, exchange,
revocation, escrow)
Security Pro Exam Objectives:

1.3 Manage Certificates.
o Approve, deny, and revoke certificate requests
Lecture Focus Questions:








Who authorizes subordinate CAs? Why is this important?
What does the issuance policy on a CA control?
How does a client verify the information in an SSL certificate to determine
if it trusts the certificate?
What is the difference between a CSP and a CPS?
What is the role of the Registration Authority (RA)?
What is the difference between key archival and key escrow?
How are revoked certificates identified? Under what circumstances would
a certificate be revoked?
What security advantage do dual key pairs provide?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
57
Video/Demo
Time
3.5.1 Certificates
11:02
3.5.2 Managing Certificates
14:45
3.5.5 CA Implementation
3.5.6 Configuring a Subordinate CA
Total
5:17
14:13
45:17
Lab/Activity

Manage Certificates
Number of Exam Questions
15 questions
Total Time
About 70 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
58
Section 3.6: Cryptographic Implementations
Summary
In this section students will learn the basics of implementing cryptography.
Concepts covered include:



Implementations of cryptography:
o File system encryption
o Digital signatures
o Digital envelope
o Trusted Platform Module (TPM)
o Hardware Security Modules (HSM)
How technologies are implemented in LAN-and Web-based environments:
o Secure Electronic Transaction (SET)
o Secure Sockets Layers (SSL)
o Transport Layer Security (TLS)
o Secure Hyper Text Transport Protocol (S-HTTP)
o Hyper Text Transport Protocol Secure (HTTPS)
o Secure Shell (SSH)
o Internet Protocol Security (IPSec)
Encryption technologies implemented to secure e-mail messages:
o Privacy Enhanced Mail (PEM)
o Pretty Good Privacy (PGP)
o Secure Multipurpose Internet Mail Extensions (S/MIME)
o Message Security Protocol (MSP)
Security+ Exam Objectives:



4.4 Implement the appropriate controls to ensure data security.
o Data encryption
 Full disk
 Individual files
 Removable media
o Hardware based encryption devices
 TPM
 HSM
6.1 Given a scenario, utilize general cryptography concepts.
o Transport encryption
6.2 Given a scenario, use appropriate cryptographic methods.
o PGP/GPG
o Use of algorithms/protocols with transport encryption
 SSL
 TLS
 IPSec
 SSH
 HTTPS
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
59
SSCP Exam Objectives:

5.4 Understand the use of Secure Protocols (e.g., difference in
implementation, appropriate use).
o Support the implementation of secure protocols (e.g., IPSec,
SSL/TLS, S/MIME)
Lecture Focus Questions:






What are the advantages of asymmetric over symmetric encryption? What
are the disadvantages?
How are asymmetric encryption and hashing combined to create digital
signatures?
What is the difference between digital signatures and digital envelopes?
How does the protection offered by BitLocker differ from EFS?
How does S-HTTP differ from HTTPS? Which is more secure?
Which types of traffic can SSL protect?
Video/Demo
3.6.1 Combining Cryptographic Methods
3.6.2 Hardware Based Encryption Devices
Total
Time
10:30
7:12
17:42
Number of Exam Questions
15 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
60
Section 4.1: Security Policies
Summary
This section discusses using security policies to define the overall security
outlook for an organization. Details include:









Types of documents used to create security policies:
o Regulation
o Procedure
o Baseline
o Guideline
Elements of security planning
Due care and due diligence
Types of security policy documents:
o Acceptable use
o Authorized access
o Change and configuration management
o Code escrow agreement
o Code of ethics
o Human resource policies
o Organizational security policy
o Password
o Privacy
o Resource allocation
o Service Level Agreement (SLA)
o User education and awareness training
o User management
The role of security management
Components of operational security that help to establish defense and
depth:
o Change management
o Employee management
o Security awareness
o Physical security
Information Security Classification Framework:
o High
o Medium
o Low
Common information classification levels:
o Public with full distribution
o Public with limited distribution
o Private internal
o Private restricted
Government and military classifications:
o Unclassified
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
61


o Sensitive but unclassified
o Confidential
o Secret
o Top secret
Data retention policies
Methods of disposing media to prevent data recovery:
o Shredding/Burning
o Partitioning/Formatting/Degaussing
o Wiping a Hard Drive
o Destruction
Security+ Exam Objectives:




2.1 Explain the importance of risk related concepts.
o Importance of policies in reducing risk
 Privacy policy
 Acceptable use
 Security policy
 Mandatory vacations
 Job rotation
 Separation of duties
 Least privilege
2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Change management
2.6 Explain the importance of security related awareness and training.
o Security policy training and procedures
o Personally identifiable information
o Information classification
 High
 Medium
 Low
 Confidential
 Private
 Public
o Data labeling, handling, and disposal
o Compliance with laws, best practices, and standards
o User habits
 Password behaviors
o Follow up and gather training metrics to validate compliance and
security
4.4 Implement the appropriate controls to ensure data security.
o Data policies
 Wiping
 Disposing
 Retention
 Storage
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
62
SSCP Exam Objectives:





2.2 Perform Security Administrative Duties.
o Maintain adherence to security policies, baselines, standards, and
procedures
o Validate security controls
o Data classification (e.g., control, handling, categorization)
o Asset Management (e.g., hardware, software, data)
o Develop and maintain systems and security control documentation
2.3 Perform Change Management Duties.
o Assist with the implementation of Configuration Management Plan
o Understand the impact of changes to the environment
2.4 Provide security evaluation and assistance to the organization (e.g.,
product evaluation, data flow management).
o Support certification and accreditation (i.e., security authorization)
2.5 Participate in Security Awareness Education.
2.8 Comply with data management policies (e.g., storage media [paper or
electronic], transmission archiving, retention requirements, destruction,
duplication, data lost prevention, social network usage, information rights
management [IRM]).
Security Pro Exam Objectives:

2.1 Promote Information Security Awareness.
o Support certification and accreditation (i.e., security authorization)
o Exchanging content between Home and Work
o Storing of Personal Information on the Internet
o Using Social Networking Sites
o Password Management
o Information Security
Lecture Focus Questions:







What is the difference between a regulation and a guideline?
What are the main reasons for implementing security policies within an
organization?
How is due diligence different than due process?
How can a code escrow agreement provide security for an organization?
When a new security plan is distributed, why is it important to destroy all
copies of the old version?
What are the characteristics of a strong password policy?
How is the government's secret classification different than the top secret
classification?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
63
Video/Demo
Time
4.1.1 Security Policies
7:23
4.1.2 Data Privacy Laws
9:42
4.1.6 Information Classification
5:40
4.1.8 Data Retention Policies
11:40
4.1.9 Wiping a Hard Drive
12:58
Total
47:23
Number of Exam Questions
15 questions
Total Time
About 80 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
64
Section 4.2: Manageable Network Plan
Summary
This section discusses milestones to develop a manageable network plan.








Prepare to Document
Map the Network
Protect Your Network (Network Architecture)
Reach Your Network (Device Accessibility)
Control Your network (User Access)
Manage Your Network Part I (Patch Management)
Manage Your Network Part II (Baseline Management)
Document Your Network
Security+ Exam Objectives:

3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Assessment technique
 Review architecture
SSCP Exam Objectives:

2.2 Perform Security Administrative Duties.
o Maintain adherence to security policies, baselines, standards, and
procedures
o Validate security controls
o Data classification (e.g., control, handling, categorization)
o Asset Management (e.g., hardware, software, data)
o Develop and maintain systems and security control documentation
Security Pro Exam Objectives:

2.3 Maintain Hardware and Software Inventory.
Lecture Focus Questions:





When you are developing a manageable network plan, what should you
keep in mind when you prepare to document your network?
What elements of the network are identified when you map your network?
What steps should you perform to protect your network?
How can you ensure that all the devices in the network have access but
still maintain security?
What are the considerations to keep in mind to control user access and
ensure network security?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
65
Video/Demo
Time
4.2.1 Manageable Network Plan
16:49
4.2.2 Manageable Network Plan 2
14:05
Total
30:54
Number of Exam Questions
3 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
66
Section 4.3: Business Continuity
Summary
This section provides basic information about the activities that will ensure
business continuity. Concepts covered include:



Plans pertaining to business continuity include:
o Business Continuity Plan (BCP)
o Business Impact Analysis (BIA)
o Disaster Recovery Plan (DRP)
Considerations when creating the disaster recovery and business
continuity plans
The role of succession planning
Security+ Exam Objectives:

2.8 Summarize risk management best practices.
o Business continuity concepts
 Business impact analysis
 Identification of critical systems and components
 Removing single points of failure
 Business continuity planning and testing
 Risk assessment
 Continuity of operations
 Disaster recovery
 IT contingency planning
 Succession planning
 High availability
 Redundancy
 Tabletop exercises
SSCP Exam Objectives:

4.4 Understand and Support Business Continuity Plan (BCP) and Disaster
Recovery Plan (DRP).
o Understand the Components of a Business Continuity Plan (BCP)
o Understand and support Disaster Recovery Plan (DRP)
Security Pro Exam Objectives:

2.2 Evaluate Information Risk.
o Perform Risk calculation
o Risk avoidance, transference, acceptance, mitigation, and
deterrence
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
67
Lecture Focus Questions:






When is the best time to start planning for disaster recovery?
How is the Disaster Recovery Plan (DRP) related to the Business
Continuity Plan (BCP)?
What is the top priority when planning for a disaster?
How does a Business Impact Analysis (BIA) help to improve the security
of an organization?
In addition to planning for how to keep operations going in the event of an
incident, what else should a disaster recovery plan include?
How does succession planning differ from replacement planning?
Video/Demo
Time
4.3.1 Business Continuity
2:39
4.3.2 Succession Planning
5:23
Total
8:02
Number of Exam Questions
7 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
68
Section 4.4: Risk Management
Summary
In this section students will learn about using risk management to reduce risk for
an organization. Concepts covered include:





Terms related to risk analysis:
o Asset
o Threat
o Vulnerability
o Threat agent
o Attack
o Countermeasure
o Exposure
o Loss
o Risk
o Residual risk
Processes involved in risk management:
o Asset identification
o Threat identification
o Risk assessment
o Risk response
Methods to prioritize assets:
o Delphi method
o Sensitivity vs. risk
o Comparative
o Asset classification
Document procedures
Data Loss Prevention (DLP):
o Network DLP
o Endpoint DLP
o File-Level DLP
Security+ Exam Objectives:

2.1 Explain the importance of risk related concepts.
o Control types
 Technical
 Management
 Operational
o Risk calculation
 Likelihood
 ALE
 Impact
 SLE
 ARO
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
69


o Quantitative vs. qualitative
o Threat vectors
o Probability / threat likelihood
o Risk-avoidance, transference, acceptance, mitigation, deterrence
2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Incident management
o Enforce policies and procedures to prevent data loss or theft
o Enforce technology controls
 Data Loss Prevention (DLP)
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Risk calculations
 Threat vs. likelihood
o Assessment types
 Risk
 Threat
 Vulnerability
SSCP Exam Objectives:

4.1 Understand Risk Management Process.
o Understand risk management concepts (e.g., impacts, threats,
vulnerabilities)
o Participate in risk assessment
o Support mitigation activity (e.g., safeguards, countermeasures)
o Address audit findings
Lecture Focus Questions:







What kinds of components are tangible assets?
How can an asset have both a tangible and intangible value?
Why is determining the value of an asset important to an organization?
How is quantitative analysis different than qualitative analysis?
Which components are used to measure risk quantitatively?
What method is typically deployed in risk transference?
Why is risk rejection not a wise risk response?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
70
Video/Demo
Time
4.4.1 Risk Management
4:04
4.4.2 Security Controls
3:21
4.4.3 Data Loss Prevention (DLP)
4:57
Total
12:22
Number of Exam Questions
15 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
71
Section 4.5: Incident Response
Summary
This section discusses strategies for responding to an incident during and after
the incident. Concepts covered include:















What is a security incident?
Incident response plans
Actions to take after an incident has been discovered
Responding to a security incident:
o Short-term (triage) actions
o Mid-term (action/reaction) actions
o Long-term (follow up) actions
The role of the first responder
The elements of incident response
Considerations when responding to a security incident
Ways investigations can be performed for computer systems:
o Live analysis
o Dead analysis
Procedures for collecting and analyzing computer evidence
Report the findings following the analysis
Forensic investigation
Evidence life cycle
Chain of custody
Types of evidence:
o Best
o Corroborative
o Hearsay
Stages of the evidence life cycle:
o Collection and identification
o Preservation and analysis
o Storage
o Transportation and processing
o Presentation in court
o Return to owner
Students will learn how to:



Gather and authenticate forensic information from a system using a
computer forensic tool.
Analyze and record forensic evidence.
View and build a case using the forensic evidence that has been gathered.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
72
Security+ Exam Objectives:




2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Incident management.
2.4 Given a scenario, implement basic forensic procedures.
o Order of volatility
o Capture system image
o Network traffic and logs
o Capture video
o Record time offset
o Take hashes
o Screenshots
o Witnesses
o Track man hours and expense
o Chain of custody
o Big Data analysis
2.5 Summarize common incident response procedures.
o Preparation
o Incident identification
o Escalation and notification
o Mitigation steps
o Lessons learned
o Reporting
o Recovery/reconstitution procedures
o First responder
o Incident isolation
 Quarantine
 Device removal
o Data breach
o Damage and loss
4.4 Implement the appropriate controls to ensure data security.
o Handling Big Data
SSCP Exam Objectives:

4.3 Participate in incident handling analysis.
o Understand the concepts of incident handling (e.g., discovery,
escalation, reporting)
o Understand the concept of forensic investigations (e.g., first
responder, evidence handling, chain of custody, preservation of
scene)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
73
Lecture Focus Questions:





What actions should take place when an incident occurs?
What types of things would a computer forensic investigator want to
analyze if he selected a live analysis over a dead analysis?
What methods can be used to save the contents of memory as part of a
forensic investigation?
How should you ensure the integrity of collected digital evidence?
Why is chain of custody so important with forensic investigations?
Video/Demo
4.5.1 First Responder
4.5.2 Basic Forensic Procedures
4.5.3 Using Forensic Tools
4.5.4 Creating a Forensic Drive Image
Total
Time
7:17
18:31
6:17
10:00
42:05
Number of Exam Questions
15 questions
Total Time
About 65 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
74
Section 4.6: Social Engineering
Summary
This section examines details about social engineering. Concepts covered
include:




Forms of social engineering:
o Passive
o Active
Types of social engineering attacks:
o Persuasive
o Reciprocity
o Social validation
o Commitment
o Scarcity
o Friendship
o Authority
Social engineering attacks:
o Shoulder surfing
o Eavesdropping
o Dumpster diving
o Tailgating and Piggybacking
o Masquerading
o Phishing
o Spear phishing
o Caller ID spoofing
o Hoax e-mails
o Spyware/Adware
o Pretexting
Employee awareness training is the most effective countermeasure for
social engineering. Train employees:
o Actions to protect information
o Actions to implement online security
o Determine the value for types of information
o Not allow others to use the employees identification
o Demand proof of identity of others
Students will learn how to:


Identify and ignore e-mail hoaxes to protect system resources.
Train users to identify phishing scams by mousing over links, verifying the
URL, and verifying HTTPS.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
75
Security+ Exam Objectives:



2.6 Explain the importance of security related awareness and training.
o User habits
 Prevent tailgating
o New threats and new security trends/alerts
 Phishing attacks
3.2 Summarize various types of attacks.
o Phishing
o Vishing
o Spear phishing
3.3 Summarize social engineering attacks and the associated
effectiveness with each attack.
o Shoulder surfing
o Dumpster diving
o Tailgating
o Impersonation
o Hoaxes
o Whaling
o Vishing
o Principles (reason for effectiveness)
 Authority
 Intimidation
 Consensus/Social proof
 Scarcity
 Urgency
 Familiarity/liking
 Trust
SSCP Exam Objectives:

7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
o Understand malicious web activity (e.g., cross site scripting, cross
site request forgery, injection, social networking attacks)
Lecture Focus Questions:






How is passive social engineering different than active social engineering?
What methods do attackers use to make an interaction appear legitimate?
How is employee awareness training the most effective countermeasure
for social engineering?
What specific countermeasures should be implemented to mitigate social
engineering?
How is tailgating different than piggybacking?
How does using bookmarks instead of e-mail links improve security?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
76
Video/Demo
Time
4.6.1 Social Engineering
4:39
4.6.2 Phishing Variations
13:04
4.6.4 Investigating Social Engineering Attack
Total
9:45
27:28
Lab/Activity

Respond to Social Engineering
Number of Exam Questions
15 questions
Total Time
About 55 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
77
Section 4.7: Certification and Accreditation
Summary
This section examines using certification and accreditation to provide security.
Concepts covered include:





Security kernel
Methods to determine levels of access:
o Token
o Security label
o Capabilities list
Methods used by secure operating systems to provide security:
o Ring architecture
o Security perimeter
o Confinement
o Bounds
o Isolation
o Layering
o Abstraction
o Hiding
o Classification
o Target of Evaluation (TOE)
o Virtual machine
Main modes of security used in a Protection Profile (PP):
o Dedicated Security
o System High
o Compartmentalized
o Multilevel Secure
Concepts associated with the quality assurance process are:
o The Target of Evaluation (TOE)
o Security Target (ST)
o Security Assurance Requirements (SARs)
o Designated Approval authority (DAA)
o Evaluation Assurance Level (EAL):
 No Assurance (EAL0)
 Functionally Tested (EAL1)
 Structurally Tested (EAL2)
 Methodically Tested and Checked (EAL3)
 Methodically Designed, Tested and Reviewed (EAL4)
 Semi-formally Designed and Tested (EAL5)
 Semi-formally Verified Design and Tested (EAL6)
 Formally Verified Design and Tested (EAL7)
o Considerations regarding EAL levels
o Levels of approval:
 Acceptance
 Certification
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
78


Accreditation
Assurance
Security+ Exam Objectives:


2.6 Explain the importance of security related awareness and training.
o Information classification
 High
 Medium
 Low
 Confidential
 Private
 Public
o Compliance with laws, best practices, and standards
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Trusted OS
SSCP exam objectives:


2.4 Provide security evaluation and assistance to the organization (e.g.,
product evaluation, data flow management).
o Support certification and accreditation (i.e., security authorization).
5.2 Understand Requirements for Cryptography (e.g., data sensitivity,
regulatory requirements, end-user training).
Lecture Focus Questions:






Which methods does a reference monitor use to determine levels of
access?
Where is the reference monitor in relation to the security perimeter?
How does layering provide security to an operating system?
In a layered system, where does the operating system function?
How does commercial classification labeling differ from military?
How does acceptance differ from certification and accreditation?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
79
Video/Demo
4.7.1 Trusted Computing
4.7.2 Certification and Accreditation
Total
Time
10:01
4:46
14:47
Number of Exam Questions
12 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
80
Section 4.8: Development
Summary
In this section students will learn about the System Development Life Cycle
(SDLC). SDLC is a systematic method for used for software development and
implementation of system and security projects. Concepts covered include:



Phases of the SDLC:
o Project initiation
o Functional design
o System Design
o Development and coding
o Installation and implementation
o Release
o Operations and maintenance
o End of life
Change control
Standardized models that developers use when developing new software
are:
o Ad-hoc
o Waterfall planning
o Structured programming
o Prototype
o Object-oriented programming
o Spiral
o Clean room
o Extreme programming
o Computer-Aided Software Engineering (CASE)
Security+ Exam Objectives:


3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Assessment technique
 Review architecture
 Review designs
4.1 Explain the importance of application security controls and techniques.
o Secure coding concepts
 Error and exception handling
 Input validation
SSCP Exam Objectives:

2.4 Provide security evaluation and assistance to the organization (e.g.,
product evaluation, data flow management).
o Support certification and accreditation (i.e., security authorization).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
81
Lecture Focus Questions:





How does the spiral model combine the waterfall model and the prototype
model?
How should security be employed in the different stages of development?
What does functional design entail?
When is change control necessary?
What are the responsibilities of developers after a product is released?
Video/Demo
Time
4.8.1 System Development Life Cycle
8:40
4.8.2 System Development Life Cycle 2
7:49
Total
16:29
Number of Exam Questions
7 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
82
Section 4.9: Employee Management
Summary
This section discusses strategies for managing employees. Details covered
include:











The role of employee management
Principles that should be part of employee management decisions:
o Least privilege
o Separation of duties
o Two-man control
Common employee-related security vulnerabilities:
o Fraud
o Collusion
Employee security process:
o Pre-employment
o Employment
o Termination
Security awareness includes:
o Security training
o Security retraining
o Random security audits
Employee agreement documents:
o Non-disclosure agreement (NDA)
o Non-compete agreement
o Ownership of materials agreement
o Data handling and classification policy
o Clean desk policy
o Acceptable use agreement
o Password security policy
o Employee monitoring agreement
o Exit interview cooperation agreement
First day of employment documents:
o Security policy
o Employee Handbook
o Job description
Ethics
Code of ethics
Components of code of ethics:
o Values
o Principles
o Management Support
o Personal Responsibility
o Compliance
The (ISC)2 Code of Ethics canons include:
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
83
o Protect society, the common wealth, and the infrastructure (do no
harm),
o Act honorably, honestly, justly, responsibly, and legally (be a good
person).
o Provide diligent and competent service to the principles (be a good
CISSP).
o Advance and protect the security profession.
Security+ Exam Objectives:


2.1 Explain the importance of risk related concepts.
o Importance of policies in reducing risk
 Privacy policy
 Acceptable use
 Security policy
2.6 Explain the importance of security related awareness and training.
o Role-based training and procedures
o Data labeling, handling, and disposal
o Compliance with laws, best practices, and standards
o User habits
 Password behaviors
 Data handling
 Clean desk policies
 Prevent tailgating
 Personally owned devices
SSCP Exam Objectives:


2.1 Adhere to Code of Ethics.
o Understand and comply with (ISC)2 code of ethics
o Understand and comply with the organizational code of ethics
2.2 Perform Security Administrative Duties.
o Maintain adherence to security policies, baselines, standards, and
procedures
o Validate security controls
Lecture Focus Questions:







How can pre-employment processing improve the security of an
organization?
What is the role of the policy handbook regarding security?
What guidelines must be considered when monitoring employees?
Why should employees be required to sign employment agreements?
How are separation of duties and two-man control different?
How can collusion be avoided?
What is the importance of a clear job description?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
84
Video/Demo
4.9.1 Employment Practices
Time
13:45
Number of Exam Questions
15 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
85
Section 4.10: Third-Party Integration
Summary
This section discusses strategies for securing integration with third parties.
Details covered include:



Onboarding considerations
Ongoing operations
Off-boarding
Security+ Exam Objectives:

2.2 Summarize the security implications of integrating systems and data
with third parties.
o Onboarding/off-boarding business partners
o Social media networks and/or applications
o Interoperability agreements
 SLA
 BPA
 MOU
 ISA
o Privacy considerations
o Risk awareness
o Unauthorized data sharing
o Data ownership
o Data backups
o Follow security policy and procedures
o Review agreement requirements to verify compliance and
performance standards
SSCP Exam Objectives:

1.5 Manage Internetwork Trust Architectures (e.g., extranet, third-party
connections, federated access).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
86
Lecture Focus Questions:





What security issues must be identified and addressed during the
onboarding phase of a third-party relationship?
What are the key documents that are included in an Interoperability
Agreement (IA)?
What is the role of the Service Level Agreement (SLA)?
During the ongoing phase of the relationship, how do you ensure that
security has not been compromised?
Which items need to be disabled or reset during the off-boarding phase of
the relationship?
Video/Demo
4.10.1 Third-Party Integration Security Issues
Time
11:24
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
87
Section 5.1: Physical Security
Summary
This section provides information about physical security. Concepts covered
include:






Factors for physical security:
o Prevention
o Detection
o Recovery
Important aspects of physical security
Physical control measures:
o Perimeter barriers
o Closed-circuit television (CCTV)
o Doors
o Door locks
o Physical access logs
o Physical access controls
The sequence of physical security:
o Deter initial access attempts
o Deny direct physical access
o Detect the intrusion
o Delay the violator to allow for response
Implementing a layered defense system
Tailgating and piggybacking
Security+ Exam Objectives:

2.7 Compare and contrast physical security and environmental controls.
o Physical security
 Hardware locks
 Mantraps
 Video Surveillance
 Fencing
 Proximity readers
 Access list
 Proper lighting
 Signs
 Guards
 Barricades
 Biometrics
 Protected distribution (cabling)
 Alarms
 Motion detection
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
88

2.9 Given a scenario, select the appropriate control to meet the goals of
security.
o Safety
 Fencing
 Lighting
 Locks
 CTV
 Escape plans
 Drills
 Escape routes
 Testing controls
SSCP Exam Objectives:

4.2 Perform Security Assessment Activities.
o Review security configurations of infrastructure
Security Pro Exam Objectives:

3.1 Harden Data Center Physical Access.
o Implement Access Rosters
o Utilize Visitor Identification and control
o Protect Doors and Windows
o Implement Physical Intrusion Detection Systems
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
89
Lecture Focus Questions:






What types of physical controls can be implemented to protect the
perimeter of a building?
What is the difference between a mantrap and a double entry door?
What types of doors are effective deterrents to piggybacking?
How does an anti-passback system work?
What types of devices are best suited for interior motion detection?
Perimeter motion detection?
How do physical access logs help to increase the security of a facility?
Video/Demo
5.1.1 Physical Security
5.1.2 Tailgating and Piggybacking
Total
Time
18:39
3:28
22:07
Lab/Activity

Implement Physical Security
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
90
Section 5.2: Hardware Security
Summary
This section examines the following general hardware security guidelines:




Checkout policy
Room security
Hardware locks
Backup Storage
Security+ Exam Objectives:



2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Enforce policies and procedures to prevent data loss or theft
2.7 Compare and contrast physical security and environmental controls.
o Physical security
 Hardware locks
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Hardware security
 Cable locks
 Safe
 Locking cabinets
SSCP Exam Objectives:

2.2 Perform Security Administrative Duties.
o Maintain adherence to security policies, baselines, standards, and
procedures
o Validate security controls
o Data classification (e.g. control, handling, categorization)
o Asset Management (e.g., hardware, software, data)
o Develop and maintain systems and security control documentation
Security Pro Exam Objectives:

3.1 Harden Data Center Physical Access.
o Utilize Visitor Identification and control
o Protect Doors and Windows
o Implement Physical Intrusion Detection Systems
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
91
Lecture Focus Questions:




How can you protect computers that are placed in cubicles?
What are the security guidelines you should implement to protect servers
in your organization?
How can you ensure that the memory and hard disks cannot be removed
from a computer that is bolted to a desk?
What types of details should a hardware checkout policy include?
Video/Demo
Time
5.2.1 Hardware Security Guidelines
7:50
5.2.2 Breaking into a System
7:30
Total
15:20
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
92
Section 5.3: Environmental Controls
Summary
This section discusses how environmental controls can be implemented to
protect computer systems. Details covered include:












Power conditions to be aware of:
o Surge/Spike
o Sag/Dip
o Brownout
o Blackout
o Fault
o Transient
Recommendations for preventing or correcting infrastructure problems for:
o HVAC system
o AC power
o Water and gas
Interference:
o Electro-magnetic interference (EMI)
o Radio Frequency interference (RFI)
Shielding
Recommendations for the location of the data center
Environmental monitoring:
o Temperature
o Air flow
o Humidity
Using hot and cold aisles with server rooms to reduce the temperature of
server rooms.
Elements required for fire:
o Fuel
o Heat
o Oxygen
o Chemical reaction between oxygen and the fuel
Primary fire-suppression systems:
o Portable
o Fixed
Extinguishing agents used to suppress fire:
o Water
o Gas that displaces oxygen
o Dry chemicals such as sodium bicarbonate, wet chemicals and
foam used to extinguish fuel from burning
US fire classes and suppressant types
Considerations when responding to fire emergencies
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
93
Security+ Exam Objectives:

2.7 Compare and contrast physical security and environmental controls.
o Environmental controls
 HVAC
 Fire suppression
 EMI shielding
 Hot and cold aisles
 Environmental monitoring
 Temperature and humidity controls
SSCP Exam Objectives:

2.3 Perform Change Management Duties.
o Understand the impact of changes to the environment
Lecture Focus Questions:









What temperature range protects equipment from overheating?
What is a good HVAC practice to help prevent electrostatic discharge?
What is the difference between a positive pressure system and a negative
pressure system? Which is the best to use in a server room?
What is the difference between a sag and a brownout?
How does a deluge sprinkler function differently than a wet pipe system?
What should you do first in the event of a fire?
When using a portable fire extinguisher, it is recommended that you use
the PASS system to administer the fire suppressant. How does the PASS
system work?
What is the recommended range for extinguishing a small fire using a fire
extinguisher?
What are the advantages of using a gas as a fire suppressant?
Disadvantages?
Video/Demo
5.3.1 Environmental Controls
5.3.2 Environmental Monitoring
5.3.3 Hot and Cold Aisles
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
Time
6:00
11:33
5:17
22:50
94
Number of Exam Questions
11 questions
Total Time
About 45 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
95
Section 5.4: Mobile Devices
Summary
In this section students will explore securing mobile devices. Details about the
following concepts will be covered:




Mobile devices include:
o Smartphones
o Laptops
o PC tablets
o PDAs
o Other small handheld computing devices
Considerations for mobile devices:
o Request process
o Asset tracking and inventory control
o Acceptable Use
o Personal Identification Number (PIN)
o Unused features
o Lockout or screen lock
o Encryption
o Remote wipe
o Storage segmentation
o Reporting system
Train employees on security considerations
BYOD security issues and remedies:
o Malware propagation
o Loss of control of sensitive data
o Malicious insider attacks
o Device management
o Support
Security+ Exam Objectives:


3.2 Summarize various types of attacks.
o Malicious insider threat
4.2 Summarize mobile security concepts and technologies.
o Device security
 Full device encryption
 Remote wiping
 Lockout
 Screen-locks
 GPS
 Application control
 Storage segmentation
 Asset tracking
 Inventory control
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
96

 Mobile device management
 Device access control
 Removable storage
 Disabling unused features
o BYOD concerns
 Data ownership
 Support ownership
 Patch management
 Antivirus management
 Forensics
 Privacy
 On-boarding/off-boarding
 Adherence to corporate policies
 User acceptance
 Architecture/infrastructure considerations
 Legal concerns
 Acceptable use policy
 On-board camera/video
4.4 Implement the appropriate controls to ensure data security.
o Data encryption
 Mobile devices
SSCP Exam Objectives:

2.7 Understand the concepts of endpoint device security (e.g.,
virtualization, thin clients, thick clients, USB devices, mobile devices).
Security Pro Exam Objectives:



2.1 Promote Information Security Awareness.
o Traveling with Personal Mobile Devices
o Exchanging content between Home and Work
o Password Management
o Photo/GPS Integration
o Information Security
o Auto-lock and Passcode Lock
3.2 Harden mobile devices (Laptop).
o Set a BIOS Password
o Set a Login Password
o Implement full disk encryption
6.2 Implement Patch Management/System Updates.
o Apply the latest Apple Software Updates
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
97
Lecture Focus Questions:





What types of electronic devices are considered part of the mobile devices
group?
How do you unlock a mobile device after it has gone into lockout?
Under what conditions would you consider using remote wipe on a mobile
device?
What mobile device feature can display its current location if lost or
stolen?
What security technique ensures data confidentiality if a mobile device is
lost or stolen?
Video/Demo
Time
5.4.1 Mobile Device Security
7:33
5.4.3 BYOD Security Issues
9:33
5.4.5 Securing Mobile Devices
Total
10:20
27:26
Lab/Activity

Secure an iPad
Number of Exam Questions
8 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
98
Section 5.5: Mobile Device Security Enforcement
Summary
This section discusses enforcing security for mobile devices. Details about the
following concepts will be covered:





Windows Intune currently supports:
o Windows 8.x
o Windows RT 8.x
o Windows Phone 8
o Apple iOS devices, such as the iPhone
Configurations that Windows Intune can be deployed:
o Cloud-only mode
o United configuration mode
Intune management portals:
o Account Portal
o Admin Portal
o Company Portal
Tasks to configure the system:
o Add Intune users
o Define Intune policies
o Manage users and groups
o Enroll computers
o Enroll mobile devices
Security issues when working with mobile device apps:
o App control
o Authentication and credential management
o App whitelisting
o Geo-tagging
Security+ Exam Objectives:


4.2 Summarize mobile security concepts and technologies.
o Application security
 Key management
 Credential management
 Authentication
 Geo-tagging
 Encryption
 Application whitelisting
 Transitive trust/authentication
4.4 Implement the appropriate controls to ensure data security.
o Data encryption
 Mobile devices
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
99
Lecture Focus Questions:





What is the role of a mobile device management (MDM) solution?
What are the two different types of configurations that can be used when
deploying Windows Intune?
Which Intune management portal is used by end users to manage their
own account and enroll devices?
Windows Intune uses two types of groups to manage users and devices.
Which group is used to deploy Intune agent settings?
What two ways can you enroll standard computer systems in Windows
Intune?
Video/Demo
Time
5.5.1 Enforcing Security Policies on Mobile Devices
7:57
5.5.2 Enrolling Devices and Performing a Remote Wipe
8:49
5.5.4 Mobile Application Security
9:00
Total
25:46
Number of Exam Questions
8 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
100
Section 5.6: Telephony
Summary
In this section students will learn the basics of telephony, the transmission of
voice communication. Concepts covered include:





Implementations of voice communications:
o Public Switched Telephone Network (PSTN)
o Voice over IP (VoIP)
VoIP terms:
o Convergence
o H.323
o IPT (Internet Protocol Telephony)
o Real Time protocol (RTP)
o Session Initiation Protocol (SIP)
o Service Delivery Platform (SDP)
o Media stream
o Softswitch
o Voice gateway
Common exploitation attacks:
o Cramming
o Slamming
o War dialing
o Denial of Service (DoS)
o Cross-site Scripting (XSS)
o Cross Site Request Forgery (CSRF)
Common cell phone exploitation attacks:
o Cloning
o Sniffing
o Tumbling
Considerations when managing telephony solutions
Security+ Exam Objectives:

1.3 Explain network design elements and compounds.
o Telephony
SSCP Exam Objectives:

6.2 Understand Telecommunications.
o Technology (e.g., VoIP, facsimile, PSTN)
o Common Vulnerabilities
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
101
Lecture Focus Questions:







What methods can be used to send digital data through Plain Old
Telephone System (POTS) lines?
What are common threats to a PBX system? How do you secure the
PBX?
What types of security issues must be considered when using VoIP?
What is the difference between cramming and slamming?
What countermeasures protect against war dialing?
What is the function of the SIP protocol?
How can VLANs increase network security on systems with VoIP
implemented?
Video/Demo
5.5.1 Telephony
Time
15:00
Number of Exam Questions
4 questions
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
102
Section 6.1: Networking Layer Protocol Review
Summary
This section reviews elements of the networking layer protocol design. Details
covered include:




Open System Interconnection (OSI) model layers:
o Application (Layer 7)
o Presentation (Layer 6)
o Session (Layer 5)
o Transport (Layer 4)
o Network (Layer 3)
o Data Link (Layer 2)
o Physical (Layer 1)
IP Addresses:
o IPv4 address is a 32-bit binary number between 0 and 255:
 Converting binary to decimal and vice versa
 Subnet mask
 IPv4 classes
o IPv6 address is a 128-bit binary number:
 Prefix
 Interface ID
The role of subnetting
Custom subnet masks
Students will learn how to:


Configure IPv6
Configure subnetting
Security+ Exam Objectives:




1.2 Given a scenario, use secure network administration principles.
o Network separation
1.3 Explain network design elements and compounds.
o Subnetting
1.4 Given a scenario, implement common protocols and services.
o Protocol
 IPv4
 IPv6
o OSI relevance
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Network security
 Rogue machine detection
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
103
SSCP Exam Objectives:

6.1 Understand Security issues related to Networks.
o OSI and TCP/IP Models
o Network topographies and relationships (e.g., token ring, star, bus,
Ethernet)
o Network security concepts (e.g., address translation, defense in
depth, IP addressing)
Lecture Focus Questions:





What is the OSI model and why is it important in understanding
networking?
What are the advantages of using a theoretical model to describe
networking?
What type of network would the 192.168.174.34 address represent?
What are the two parts of an IPv6 address and what do they represent?
Under what conditions would you choose to subnet a network?
Video/Demo
6.1.1 OSI Model
6.1.3 IP Addressing
6.1.5 Configuring IPv6
6.1.6 IP Subnetting
6.1.7 Configuring Subnetting
Total
Time
4:08
17:22
5:28
12:35
8:07
47:40
Number of Exam Questions
9 questions
Total Time
About 65 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
104
Section 6.2: Transport Layer Protocol Review
Summary
This section reviews elements of the transport layer protocol design. Details
covered include:






Custom subnet masks
Major protocols:
o Transmission Control Protocol (TCP)
o User Datagram Protocol (UDP)
o Internet Protocol (IP)
o Internetwork Packet Exchange (IPX)
o Network Basic Input/Output System (NetBIOS)
o Internet Control Message Protocol (ICMP)
o Address Resolution Protocol (ARP)
o Domain Name System (DNS)
o Simple Network Management Protocol (SNMP)
The role of ports
Internet Corporation for Assigning Names and Numbers (ICANN)
categories for ports:
o Well-known
o Registered
o Dynamic
Well-known ports that correspond to common Internet services
Considerations regarding ports
Students will learn how to:

Analyze a TCP three-way handshake.
Security+ Exam Objectives:

1.4 Given a scenario, implement common protocols and services.
o Protocol
 IPSec
 SNMP
 SSH
 DNS
 TLS
 SSL
 TCP/IP
 FTPS
 HTTPS
 SCP
 ICMP
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
105











o Ports










IPv4
IPv6
iSCSI
Fibre Channel
FCoE
FTP
SFTP
TFTP
TELNET
HTTP
NetBIOS
21
22
25
53
80
110
139
143
443
3389
SSCP Exam Objectives:

6.1 Understand Security issues related to Networks.
o OSI and TCP/IP Models
o Commonly use ports and protocols
Lecture Focus Questions:




What are the major differences between TCP and UDP?
How can ICMP messages be used to provide a valuable security tool?
What is the best practice when deciding which protocol ports to allow
through a network firewall?
Why would an administrator find it important to run a port scanner on the
system?
Video/Demo
Time
6.2.1 Network Protocols
4:45
6.2.3 Analyzing a TCP Three-way Handshake
2:14
6.2.4 TCP and UDP Ports
9:02
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
16:01
106
Number of Exam Questions
15 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
107
Section 6.3: Perimeter Attacks 1
Summary
This section discusses different types of attacks and the countermeasures for
them to improve security. Details covered include:










Reconnaissance types:
o Organizational
o Technical
Basic stages of reconnaissance:
o Passive reconnaissance
o Active scanning
Countermeasures for preventing reconnaissance
Denial of Service attacks (DoS)
Distributed Denial of Service (DDoS) attacks
Distributed Reflective Denial of Service (DRDoS)
DoS attacks that use the ICMP protocol:
o Ping flood
o Ping of death
o Smurf
DoS attacks that exploit the TCP protocol:
o SYN flood
o LAND
o Christmas (Xmas) Tree
DoS attacks that exploit the UDP protocol include:
o Fraggle
o Teardrop
Countermeasures for DoS and DDoS
Students will learn how to:








View and analyze captured traffic using a network analyzer.
Analyze captured traffic to determine the extent to which the bandwidth is
being compromised.
Perform a port scan on a system using netstat to determine connections
and listening ports.
Perform a port scan using nmap to find all the open ports on a remote
system.
Use a UDP flooder to test network bandwidth.
Scan for MAC addresses and the corresponding IP addresses using a
MAC address scanning tool.
Perform an ARP poisoning attack on a host to identify vulnerabilities.
Use a sniffer to detect an unusually high traffic pattern of ARP replies.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
108
Security+ Exam Objectives:


3.2 Summarize various types of attacks.
o DDoS
o DoS
o Smurf attack
o Xmas attack
o DNS poisoning and ARP poisoning
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Tools
 Protocol analyzer
 Port scanner
 Banner grabbing
SSCP Exam Objectives:

7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
Lecture Focus Questions:




What types of resources make organizational reconnaissance so readily
available?
How is footprinting used to determine the operating system of the
recipient?
How does a Distributed Reflective Denial of Service (DRDoS) increase the
severity of a DoS attack?
What countermeasures will help to mitigate DoS and DDoS attacks?
Video/Demo
Time
6.3.1 Reconnaissance
2:40
6.3.2 Performing Reconnaissance
9:01
6.3.4 Denial of Service (DoS)
7:49
6.3.5 Xmas Tree Attacks
3:23
6.3.7 Performing a UDP Flood Attack
3:54
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
26:47
109
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
110
Section 6.4: Perimeter Attacks 2
Summary
This section discusses additional types of attacks and the countermeasures to
improve security. Details covered include:






Common methods of session based attacks include:
o Man-in-the-middle
o TCP/IP hijacking
o HTTP (session) hijacking
o Replay attack
o Null session
Common methods of spoofing:
o IP spoofing
o MAC spoofing
o ARP spoofing
Countermeasures to prevent spoofing
DNS-based attacks
Main methods to attack DNS servers:
o Reconnaissance
o DNS poisoning
o Domain name kiting
Using the HOSTS file to improve security
Students will learn how to:





Perform queries on name server records using nslookup.
Restrict zone transfers to specific servers.
Map malicious Web sites to a loopback address (127.0.0.0) in the HOSTS
file.
Identify who has registered a domain name using Whois.net and
SamSpade.org.
Gather organizational information using Google, job boards, or other
common Internet tools.
Security+ Exam Objectives:


3.2 Summarize various types of attacks.
o Man-in-the-middle
o Replay
o Spoofing
o DNS poisoning and ARP poisoning
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Tools
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
111

 Protocol analyzer
 Port scanner
4.4 Implement the appropriate controls to ensure data security.
o Data in-transit, Data at-rest, Data in-use
SSCP Exam Objectives:

7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
Lecture Focus Questions:







Why is a man-in-the-middle attack so dangerous for the victim?
What countermeasures can be used to control TCP/IP hijacking?
What methods should you employ to prevent a replay attack?
What countermeasures can help prevent spoofing?
What is the difference between a primary and a secondary DNS server?
How does domain name kiting work?
In what ways can the HOSTS file be used to improve security?
Video/Demo
Time
6.4.1 Session and Spoofing Attacks
6:41
6.4.3 Performing ARP Poisoning
4:24
6.4.5 DNS Attacks
4:30
6.4.7 Examining DNS Attacks
Total
13:29
29:04
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
112
Section 6.5: Security Appliances
Summary
This section provides basic information about security appliances. Concepts
covered include:



The role of security zones
Common zones:
o Intranet
o Internet
o Extranet
o Demilitarized Zone
Network security solutions:
o Proxy server
o Internet content filter
o Network Access Control (NAC)
o All-in-one security appliance
o Application-aware devices
Students will learn how to:





Enable Parental Controls for a user and configure control settings for
allowed Web sites, time limits, games, and specific programs.
Enable activity reporting to view Web browsing activities of a user in which
you have configured parental controls.
Manage users on a security appliance.
Restrict access to a security appliance based on IP address.
Use a security appliance to set a user for LAN access only.
Security+ Exam Objectives:


1.1 Implement security configuration parameters on network devices and
other technologies.
o Proxies
o Web security gateways
o Spam filter
o UTM security appliances
 URL filter
o Web application firewall vs. network firewall
o Application aware devices
 Firewalls
 IPS
 IDS
 Proxies
1.2 Given a scenario, use secure network administration principles.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
113


o Unified Threat Management
1.3 Explain network design elements and compounds.
o NAC
4.3 Given a scenario, select the appropriate solution to establish host
security.
o White listing vs. black listing applications
SSCP Exam Objectives:



1.5 Manage Internetwork Trust Architectures (e.g., extranet, third party
connections, federated access).
6.1 Understand Security issues related to Networks.
o Admission control (e.g., NAC, remediation, quarantine)
6.4 Understand Firewalls & Proxies.
o Methods (e.g., application filtering, packet filtering, stateful/stateless
inspection)
o Types (e.g., host based, network based)
Security Pro Exam Objectives:


4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Change the Default Username and Password
7.1 Implement Application Defenses.
o Configure Parental Controls to enforce Web content filtering
Lecture Focus Questions:





To which security device might you choose to restrict access by user
account?
What types of restrictions can be configured for proxy servers?
What types of entities commonly use Internet content filtering software?
What functions does keyword filtering provide?
How can Network Access Controls (NAC) help to improve the security of a
network?
Video/Demo
Time
6.5.1 Security Solutions
4:02
6.5.2 Security Zones
5:31
6.5.4 All-In-One Security Appliances
4:30
6.5.6 Configuring Network Security Appliance Access
6:55
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
20:58
114
Lab/Activity

Configure Network Security Appliance Access
Number of Exam Questions
4 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
115
Section 6.6: Demilitarized Zones (DMZ)
Summary
This section examines the role of demilitarized zones (DMZ). Terms discussed
that are related to DMZs are:





Bastian or sacrificial host
Screening router
Duel-homed gateway
Screened host gateway
Screened subnet
Students will learn how to:


Add a server to a DMZ.
Configure a DMZ port to act as a DHCP Server.
Security+ Exam Objectives:


1.1 Implement security configuration parameters on network devices and
other technologies.
o Firewalls
1.3 Explain network design elements and compounds.
o DMZ
Security Pro exam objectives:

4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Create a DMZ
Lecture Focus Questions:






How is a honey pot used to increase network security?
How is a gateway different from a router?
What is the typical configuration for a DMZ configured as dual-homed
gateway?
A screened subnet uses two firewalls. What are the functions of each
firewall?
What type of computers might exist inside of a demilitarized zone (DMZ)?
What makes bastion hosts vulnerable to attack? What should you do to
harden bastion hosts?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
116
Video/Demo
Time
6.6.1 Demilitarized Zones (DMZ)
9:49
6.6.2 Configuring a DMZ
5:42
Total
15:31
Lab/Activity

Configure a DMZ
Number of Exam Questions
8 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
117
Section 6.7: Firewalls
Summary
This section discusses basic information about firewalls. Concepts covered
include:



Firewall considerations:
o Network-based firewall
o Host-based firewall
o Filtering rules
o Access control lists (ACLs)
Firewall types:
o Packet filtering
o Stateful
o Application
Managing firewalls
Students will learn how to:




Enable Windows Firewall and configure exceptions to control
communications through the firewall.
Configure inbound and outbound rules to control traffic.
Create a custom rule to allow ICMP Echo Requests through a firewall.
Import and export firewall rules to other machines to create firewalls with
uniform settings.
Security+ Exam Objectives:



1.1 Implement security configuration parameters on network devices and
other technologies.
o Firewalls
o Web application firewall vs. network firewall
1.2 Given a scenario, use secure network administration principles.
o Firewall rules
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Host-based firewalls
o Host-based intrusion detection
SSCP Exam Objectives:

6.4 Understand Firewalls & Proxies.
o Methods (e.g., application filtering, packet filtering, stateful/stateless
inspection)
o Types (e.g., host based, network based)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
118
o Common Vulnerabilities
Security Pro Exam Objectives:

4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Configure a Firewall
Lecture Focus Questions:






What is the difference between a network-based firewall and a host-based
firewall?
When would you choose to implement a host-based firewall?
What traffic characteristics can be specified in a filtering rule for a packet
filtering firewall?
How does a packet filtering firewall differ from a circuit-level gateway?
Why is a packet filtering firewall a stateless device?
What types of filter criteria can an application layer firewall use for
filtering?
Video/Demo
Time
6.7.1 Firewalls
5:33
6.7.3 Configuring a Perimeter Firewall
9:47
Total
15:20
Lab/Activity
 Configure a Perimeter Firewall
Number of Exam Questions
15 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
119
Section 6.8: Network Address Translation (NAT)
Summary
This section examines using a Network Address Translation (NAT) router to
translate multiple private addresses into a single registered IP address. Concepts
covered include:


NAT implementations:
o Network Address and port Translation
o Static NAT
o Dynamic and Static NAT
Considerations when implementing NAT
Students will learn how to:



Install and configure the Network Address Translation (NAT) IP routing
protocol on a router.
Configure the NAT router to act as a DHCP server.
Configure the NAT router to act as a DNS proxy.
Security+ Exam Objectives:

1.3 Explain network design elements and compounds.
o NAT
Security Pro Exam Objectives:

4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Configure NAT
Lecture Focus Questions:





How has NAT extended the use of IPv4?
How does a NAT router associate a port number with a request from a
private host?
What are the three ways in which NAT can be implemented?
Where is NAT typically implemented?
Why do private networks have a limited range of IP addresses they can
use?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
120
Video/Demo
6.8.1 Network Address Translation
6.8.2 Configuring NAT
Total
Time
15:57
5:11
21:08
Number of Exam Questions
6 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
121
Section 6.9: Virtual Private Networks (VPN)
Summary
This section discusses using a virtual private network (VPN) to securely send
data over an untrusted network. Details include:






VPNs work by using a tunneling protocol
Ways VPNs can be implemented:
o Host-to-host VPN
o Site-to-site VPN
o Remote access VPN
Tunnel endpoints
Implementing a VPN
Types of protocols used by VPNs:
o Carrier protocol
o Tunneling protocol
o Passenger protocol
Common VPN tunneling protocols:
o Point-to-Point Tunneling Protocol (PPTP)
o Layer 2 Forwarding (L2F)
o Layer Two Tunneling Protocol (L2TP)
o Internet Protocol Security (IPSec)
o Secure Sockets Layer (SSL)
Students will learn how to:

Configure a remote access VPN connection.
Security+ Exam Objectives:

1.1 Implement security configuration parameters on network devices and
other technologies.
o VPN concentrators
SSCP Exam Objectives:

6.3 Understand remote access.
o Technology (e.g., think client, SSL/VPN)
o Common vulnerabilities
Security Pro Exam Objectives:

4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Configure VPN
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
122
Lecture Focus Questions:






What are the three ways VPNs can be implemented?
What is a VPN concentrator?
What function do VPN endpoints provide?
Which IPsec mode does not encrypt the header of a transmission? Why?
What are the three types of protocols used by VPNs?
Which IPsec protocol does not encrypt data?
Video/Demo
6.9.1 Virtual Private Networks (VPNs)
6.9.2 Configuring a VPN
Total
Time
10:16
4:25
14:41
Lab/Activity


Configure a Remote Access VPN
Configure a VPN Connection iPad
Number of Exam Questions
11 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
123
Section 6.10: Web Threat Protection
Summary
In this section students will learn about the following protections against web
threats:





Website/URL content filtering
Web threat filtering
Gateway E-mail Spam blockers
Virus blockers
Antiphishing software
Students will learn how to:

Configure Web threat protection.
Security+ Exam Objectives:

1.1 Implement security configuration parameters on network devices and
other technologies.
o UTM security appliances
 URL filtering
 Content inspection
 Malware inspection
Security Pro Exam Objectives:


4.1 Harden the Network Perimeter (using a Cisco Network Security
Appliance).
o Implement Web Threat Protection
7.1 Implement Application Defenses.
o Configure Parental Controls to enforce Web content filtering
Lecture Focus Questions:




How have Web threats become more sophisticated?
Which Web threat protections prevent a user from visiting restricted
websites?
How is Web threat filtering implemented?
What types of filters can be used by spam blockers?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
124
Video/Demo
Time
6.10.1 Web Threat Protection
9:29
6.10.2 Configuring Web Threat Protection
4:26
Total
13:55
Lab/Activity

Configure Web Threat Protection
Number of Exam Questions
4 questions
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
125
Section 6.11: Network Access Control (NAC)
Summary
In this section students will explore network access control (NAC). Details about
the following concepts will be covered:


Components of Network Access Protection (NAP):
o NAP Client
o NAP Server
o Enforcement Server (ES)
o Remediation Server
Enforcement point types:
o DHCP
o Remote Desktop (RD) Gateway
o VPN
o 802.1x
o IPSec
Students will learn how to:





Configure Network Access Protection to restrict network access to only
clients that meet specified health criteria.
Add the necessary role services to implement Network Access Protection
(NAP).
Enable NAP on an enforcement point.
Create domain and server isolation rules.
Configure system health validator and health policy settings.
Security+ Exam Objectives:

1.3 Explain network design elements and compounds.
o NAC
SSCP Exam Objectives:

6.1 Understand Security issues related to Networks.
o Admission control (e.g., NAC, remediation, quarantine)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
126
Lecture Focus Questions:





How do remediation servers and auto-remediation help clients become
compliant?
What server role service do you add to configure a server as an
enforcement point for NAP?
How do you define the quarantine network when using 802.1x
enforcement?
Which enforcement method uses a Health Registration Authority (HRA)?
What type of communication occurs in the boundary network when using
IPsec enforcement?
Video/Demo
Time
6.11.1 Network Access Protection
19:57
6.11.2 Implementing NAP with DHCP Enforcement
15:56
Total
35:53
Number of Exam Questions
4 questions
Total Time
About 45 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
127
Section 6.12: Wireless Overview
Summary
This section provides an overview of wireless networking. Details include:



Wireless networking concepts:
o Wireless access point (WAP)
o Wireless antennae
o Wireless interface
o Wireless bridge
o Wireless configuration
o Worldwide Interoperability for Microwave Access (WiMAX)
o GSM (Global System for Mobile Communications)
o Near field communication (NFC)
Methods to implement security for wireless networking:
o Wired Equivalent Privacy (WEP)
o Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2) or 802.11i
Students will learn how to:



Manually connect to a wireless network.
Manage wireless networks.
Secure a wireless network from unauthorized connections.
Security+ Exam Objectives:

1.5 Given a scenario, troubleshoot security issues related to wireless
networking.
o WPA
o WPA2
o WEP
o Antenna Placement
o Antenna types
o Site surveys
o VPN (over open wireless)
Lecture Focus Questions:




What is the role of a wireless access point (WAP)?
What is the difference in functionality between an omnidirectional antenna
and a directional antenna?
What two methods are available for configuring a wireless network?
What are the advantages of using the WiMAX protocol for long-range
wireless networking?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
128
Video/Demo
Time
6.12.1 Wireless Networking Overview
5:35
6.12.2 Wireless Antenna Types
8:03
6.12.4 Wireless Encryption
6:45
6.12.6 Configuring a Wireless Connection
Total
12:22
32:45
Lab/Activity
 Secure a Wireless Network
Number of Exam Questions
15 questions
Total Time
About 60 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
129
Section 6.13: Wireless Attacks
Summary
In this section students will learn about security attacks that wireless networks
are vulnerable to:









Rogue access point
Wardriving
War chalking
Packet sniffing
Initialization Vector (IV) attack
Interference
Bluetooth
Near Field Communication (NFC)
Wi-Fi Protected Setup
Security+ Exam Objectives:


3.4 Explain types of wireless attacks.
o Rogue access points
o Jamming/Interference
o Evil twin
o War driving
o Bluejacking
o Bluesnarfing
o War chalking
o IV attack
o Packet sniffing
o Near field communication
o Replay attacks
o WEP/WPA attacks
o WPS attacks
4.4 Implement the appropriate controls to ensure data security.
o Data in-transit, Data at-rest, Data in-use
SSCP Exam Objectives:

6.5 Understand Wireless and Cellular Technologies.
o Common Vulnerabilities
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
130
Lecture Focus Questions:






What steps can you take to protect your wireless network from data
emanation?
What is the difference between bluejacking and bluesnarfing?
Why is a successful bluebugging attack more dangerous for the victim
than a bluesnarfing attack?
What is the best method to protect against attacks directed towards
Bluetooth capabilities?
What is the difference between a rogue access point and evil twin?
How can you protect your network against rogue access points?
Video/Demo
6.13.1 Wireless Attacks
Time
13:28
6.13.3 Using Wireless Attack Tools
9:06
6.13.4 Detecting Rogue Hosts
7:37
Total
30:11
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
131
Section 6.14: Wireless Defenses
Summary
This section discusses defenses to secure wireless transmissions. Details
include:



Considerations when using 802.1x authentication for wireless networks.
Extensible protocols that support 802.1x authentication:
o Extensible Authentication Protocol (EAP)
o Light-weight Extensible Authentication Protocol (LEAP)
o Protected Extensible Authentication Protocol (PEAP)
Additional security considerations with wireless networks:
o SSID obfuscation
o MAC address filtering
o Antenna placement, power level, and orientation
o Encryption
o Captive portals
o Authentication
o Rogue host detection
Students will learn how to:



Configure a wireless access point by disabling the SSID broadcast and
enabling security.
Configure a wireless network profile to automatically connect even if the
SSID broadcast is turned off.
Scan a network to detect wireless access points and determine if the
access points are secure.
Security+ Exam Objectives:


1.2 Given a scenario, use secure network administration principles.
o 802.1x
1.5 Given a scenario, troubleshoot security issues related to wireless
networking.
o WPA
o WPA2
o WEP
o EAP
o PEAP
o LEAP
o MAC filter
o Disable SSID broadcast
o TKIP
o CCMP
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
132


o Antenna Placement
o Power level controls
o Captive portals
5.1 Compare and contrast the function and purpose of authentication
services.
o RADIUS
6.2 Given a scenario, use appropriate cryptographic methods.
o WEP vs. WPA/WPA2 and preshared key
o CHAP
o PAP
SSCP Exam Objectives:

6.5 Understand Wireless and Cellular Technologies.
o Protocols (e.g., WPA, WPA2, TKIP)
o Technology (e.g., Bluetooth, RFID, 802.11, WiMax, GSM, 3G,
NFC)
Security Pro Exam Objectives:

4.2 Secure a Wireless Access Point (WAP).
o Change the Default Username, Password, and Administration limits
o Implement WPA2
o Configure Enhanced Security
 MAC filtering
 SSID cloaking
 Power Control
o Disable Network Discovery
Lecture Focus Questions:









How does turning off the SSID broadcast help to secure the wireless
network?
What methods can you use to secure a wireless network from data
emanation?
What does open authentication use for authenticating a device? Why is
this not a very secure solution?
What two additional components are required to implement 802.1x
authentication?
What does WEP use for the encryption key? Why does this present a
security problem?
Why should you not use shared key authentication with WEP?
What is the difference between WPA Personal and WPA Enterprise?
You have an access point that currently supports only WEP. What would
you typically need to do to support WPA2?
What is the encryption method used with WPA? WPA2?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
133
Video/Demo
6.14.1 Wireless Security Considerations
6.14.2 Wireless Authentication
Time
12:54
4:40
6.14.4 Configuring a Wireless Access Point
19:54
6.14.7 Configuring a Captive Portal
12:02
Total
49:30
Lab/Activity


Obscure a Wireless Network
Configure a Wireless Profile
Number of Exam Questions
15 questions
Total Time
About 80 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
134
Section 7.1: Network Devices
Summary
This section examines the characteristics of the following common network
devices:







Network Interface Card (NIC)
Hub
Wireless Access Point (WAP)
Switch
Bridge
Router
Gateway
Security+ Exam Objectives:

1.1 Implement security configuration parameters on network devices and
other technologies.
o Routers
o Switches
Lecture Focus Questions:




What are the security advantages of using switches over hubs?
What security problems could static routing pose on a large network?
What security threat do broadcasts allow?
What information does a router ACL use to allow or reject packets?
Video/Demo
7.1.1 Network Devices
Time
5:51
Number of Exam Questions
7 questions
Total Time
About 15 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
135
Section 7.2: Network Device Vulnerabilities
Summary
In this section students will learn about the following network device
vulnerabilities:




Default accounts and passwords
Weak passwords
Privilege escalation
Backdoor
Students will learn how to:

Search a database for default passwords for network devices.
Security+ Exam Objectives:



3.1 Explain types of malware.
o Backdoors
3.2 Summarize various types of attacks.
o Privilege escalation
5.3 Install and configure security controls when performing account
management, based on best practices.
o Account policy enforcement
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password length
Security Pro Exam Objectives:

5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Change the Default Username and Password on network devices
Lecture Focus Questions:




For security considerations, what is the first thing you should do when new
hardware and software is turned on for the first time?
What are the characteristics of a complex password?
How is privilege escalation different than hacking into a system to gain
access to resources?
What measures should be completed to protect against backdoors?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
136
Video/Demo
Time
7.2.1 Device Vulnerabilities
1:47
7.2.3 Searching Defaultpasswords.com
1:23
7.2.4 Securing a Switch
3:21
Total
6:31
Lab/Activity

Secure a Switch
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
137
Section 7.3: Switch Attacks
Summary
This section discusses common attacks that are perpetrated against switches:




MAC flooding
ARP spoofing/poisoning
MAC spoofing
Dynamic Trunking Protocol (DTP)
Students will learn how to:

Secure a switch.
Security+ Exam Objectives:

3.2 Summarize various types of attacks.
o Spoofing
o DNS poisoning and ARP poisoning
Security Pro Exam Objectives:

5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Implement Port Security
Lecture Focus Questions:





What types of attacks are commonly perpetrated against switches?
How does MAC flooding make a switch function as a hub? What is this
state called?
How are switches indirectly involved in ARP poisoning?
How does the attacker hide his identity when performing MAC spoofing?
What is a more secure alternative to using the Dynamic Trunking Protocol
(DTP)?
Video/Demo
7.3.1 Switch Attacks
Time
5:04
Number of Exam Questions
4 questions
Total Time
About 10 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
138
Section 7.4: Router Security
Summary
This section discusses actions to take to increase router security. Concepts
covered include:

General actions to secure routers:
o Secure passwords
o Secure protocols
o Physical security
o Secure configuration file
Security+ Exam Objectives:


1.4 Given a scenario, implement common protocols and services.
o Protocols
 SSH
 HTTPS
 SCP
2.7 Compare and contrast physical security and environmental controls.
o Physical security
 Hardware locks
 Mantraps
 Video Surveillance
 Fencing
 Proximity readers
 Access list
 Proper lighting
 Signs
 Guards
 Barricades
 Biometrics
 Protected distribution (cabling)
 Alarms
 Motion detection
Security Pro Exam Objectives:


5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Shut down unneeded services and ports
o Implement Port Security
o Remove unsecure protocols (FTP, telnet, rlogin, rsh)
o Run latest iOS version
8.2 Protect Data Transmissions across open, public networks.
o Encrypt Data Communications
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
139
Lecture Focus Questions:



What hashing algorithm is used to encrypt the password on a Cisco
device?
What secure protocols should you use to remotely manage a router?
What type of actions can be used to ensure the physical security of
network devices?
Video/Demo
7.4.1 Router Security
Time
8:56
Number of Exam Questions
4 questions
Total Time
About 15 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
140
Section 7.5: Switch Security
Summary
This section discusses actions to take to increase switch security. Concepts
covered include:





Switch features that can be implemented to increase network security:
o Virtual LAN (VLAN)
o MAC filtering/port security
o Port authentication (802.1x)
Considerations when implementing switch security
Switching loop
Types of ports used by the spanning tree protocol:
o Root ports
o Designated ports
o Blocked ports
Ports in the spanning tree protocol exist in one of five states:
o Blocking
o Listening
o Learning
o Forwarding
o Disabled
Students will learn how to:




Create VLANs and assign switch ports to VLANs.
Configure a trunk port on a switch.
Harden a switch.
Secure access to a new switch.
Security+ Exam Objectives:



1.2 Given a scenario, use secure network administration principles.
o VLAN management
o Secure router configuration
o Port Security
o 802.1x
o Flood guards
o Loop protection
1.3 Explain network design elements and compounds.
o VLAN
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Network security
 MAC limiting and filtering
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
141


802.1x
Disabling unused interfaces and unused application service
ports
Security Pro Exam Objectives:

5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Implement Port Security
o Remove unsecure protocols (FTP, telnet, rlogin, rsh)
o Run latest iOS version
o Segment Traffic using VLANs
Lecture Focus Questions:






How does a switch identify devices that are in different VLANs?
What is the function of a trunk port?
When trunking is used, how is the receiving switch able to identify which
VLAN the frame belongs to?
What is required for devices to communicate between VLANs?
How is port security different from port filtering?
Which secure protocols should you use to remotely manage a router?
Video/Demo
Time
7.5.1 Switch Security
13:01
7.5.2 Switch Loop Protection
10:46
7.5.4 Configuring VLANs from the CLI
4:32
7.5.6 Configuring VLANs
3:32
7.5.8 Hardening a Switch
14:10
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
46:01
142
Lab/Activity





Explore VLANs from the CLI
Explore VLANs
Harden a Switch
Secure Access to a Switch
Secure Access to a Switch 2
Number of Exam Questions
15 questions
Total Time
About 90 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
143
Section 7.6: Intrusion Detection and Prevention
Summary
In this section students will learn the basics of intrusion detection and prevention.
Concepts covered include:






The role of an intrusion detection system (IDS)
State of how IDS is labeled:
o Positive
o False positive
o Negative
o False negative
Typical detection systems:
o Response capability
o Recognition method
o Detection scope
Fake resources to protect servers and networks:
o Honeypot
o Honeynet
o Tarpit (also called a sticky honeypot)
Cautions when implementing solutions:
o Enticement
o Entrapment
Intruder Detection considerations
Students will learn how to:

Monitor network activity using intrusion detection software to capture and
view network traffic.
Security+ Exam Objectives:


1.1 Implement security configuration parameters on network devices and
other technologies.
o NIDS and NIPS
 Behavior based
 Signature based
 Anomaly based
 Heuristic
o Application aware devices
 IPS
 IDS
2.1 Explain the importance of risk related concepts.
o False positives
o False negatives
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
144


3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Detection controls vs. prevention controls
 IDS vs. IPS
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Tools
 Vulnerability scanner
 Honeypots
 Honeynets
 Passive vs. active tools
SSCP Exam Objectives:




3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring).
o Monitor Intrusion Detection/Prevention Systems
o Review systems for unauthorized changes (i.e., file integrity
checkers, honeypots, unauthorized connections)
o Monitor deviations from normal activity (e.g., white lists, anomaly
detection, profiling)
o Install and configure agents and management systems
3.2 Analyze Monitoring Results (e.g., review and analysis of log and
reports, false positives, communicate findings).
5.2 Implement Intrusion Detection/Prevention (using a Cisco Network
Security Appliance).
o Enable IPS protection for a LAN and DMZ
o Apply IPS Signature Updates
o Configure IPS Policy
7.2 Implement Malicious Code Countermeasures.
o Scanners (e.g., heuristic, integrity checker, signatures)
o Deploy and manage anti-malware
o Containment & Remediation
Lecture Focus Questions:







What does it mean when traffic is labeled as a false negative?
What data sources does an IDS system use to gather information that it
will analyze to find attacks?
How does an IPS differ from an IDS?
What type of recognition method is used by most virus scanning software?
What is the advantage to using a network-based IDS instead of a hostbased IDS?
What are the security reasons for using a honeypot or honeynet?
After an attack, what types of data should you back up to retain
information about the attack for future investigations?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
145
Video/Demo
Time
7.6.1 Intrusion Detection
7:31
7.6.2 Detection vs. Prevention Controls
7:50
7.6.4 Implementing Intrusion Monitoring
3:33
7.6.5 Implementing Intrusion Prevention
7:51
Total
26:45
Lab/Activity

Implement Intrusion Prevention
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
146
Section 7.7: SAN Security
Summary
This section discusses the following security controls to increase the security of a
Storage Area Network (SAN):






Default user names and passwords
Logical unit number (LUN) masking
Fabric zoning
Virtual SANs (VSANs)
Authentication
Encryption
Students will learn how to:

Secure an iSCSI SAN using an access control list and mutual
authentication.
Security+ Exam Objectives:



1.4 Given a scenario, implement common protocols and services.
o Fibre Channel
4.4 Implement the appropriate controls to ensure data security.
o SAN
6.2 Given a scenario, use appropriate cryptographic methods.
o Diffie-Hellman
Lecture Focus Questions:





How does LUN masking increase security?
What are the three different ways that fabric zoning can be implemented?
What is the role of VSANs?
What device connection controls can be implemented to protect SANs
from common network attacks?
What types of authentication mechanisms are available for Fibre Channel
SANs?
Video/Demo
7.7.1 SAN Security Issues
7.7.2 Configuring an iSCSI SAN
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
Time
14:32
9:57
24:29
147
Number of Exam Questions
5 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
148
Section 8.1: Malware
Summary
This section provides an overview of malware. Concepts covered include:





Common malware:
o Virus
o Worm
o Trojan horse
o Zombie
o Botnet
o Rootkit
o Logic bomb
o Spyware
o Adware
o Ransomware
o Scareware
o Crimeware
Terms related to exploiting software and system vulnerabilities:
o Hacker
o Cracker
o Script kiddy
o Phreaker
Historic malware events:
o Stoned
o Michelangelo
o CHI/Chernobyl Virus
o Melissa
o I Love You
o Code Red
o Nimda
o Klez
Actions to take to prevent being infected with malware
Actions to take to recover from malware
Students will learn how to:




Scan a system with anti-malware software to identify potential threats.
Configure Windows Defender protections to secure a network from
malware.
Quarantine and remove malware.
Analyze startup programs to detect possible malware.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
149
Security+ Exam Objectives:


3.1 Explain types of malware.
o Adware
o Virus
o Spyware
o Trojan
o Rootkits
o Backdoors
o Logic bomb
o Botnets
o Ransomware
o Polymorphic malware
o Armored virus
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Operating system security and settings
o Anti-malware
 Anti-virus
 Anti-spam
 Anti-spyware
 Pop-up blockers
SSCP Exam Objectives:



7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic
bombs).
o Understand the concepts of rootkits
o Understand types of malware (e.g., spyware, scareware,
ransomware)
o Understand the concepts of Trapdoors & Backdoors
o Understand the concepts of Botnets
o Understand the concepts of Mobile Code
7.2 Implement Malicious Code Countermeasures.
o Scanners (e.g., heuristic, integrity checker, signatures)
o Deploy and manage anti-malware
o Containment & Remediation
o Software Security (e.g., code signing, application review, server
side input validation)
7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
o Understand malicious web activity (e.g., cross site scripting, cross
site request forgery, injection, social networking attacks)
o Understand the concept of zero day exploits
o Understand the concept of Advanced Persistent Threat (APT)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
150

7.4 Implement Malicious Activity Countermeasures (e.g., user awareness,
system hardening).
Security Pro Exam Objectives:


6.1 Harden Computer Systems Against Attack.
o Protect against spyware and unwanted software using Windows
Defender
9.2 Review security logs and violation reports, implement remediation.
Lecture Focus Questions:






What is the difference between a virus and a worm?
Which types of malware can be spread through e-mail?
How are Trojans and botnets related?
What does it mean for software to be quarantined?
Why is it a good practice to show file extensions?
In addition to implementing virus scanning software, what must you do to
ensure that you are protected from the latest virus variations?
Video/Demo
8.1.1 Malware
Time
9:28
8.1.4 Implementing Malware Protections
23:43
8.1.5 Using Windows Defender
14:22
Total
47:33
Lab/Activity

Configure Windows Defender
Number of Exam Questions
15 questions
Total Time
About 75 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
151
Section 8.2: Password Attacks
Summary
This section provides information about password attacks. Concepts covered
include:



Methods that threat agents use to discover or crack passwords:
o Tools to check for unencrypted or weakly encrypted passwords
o Social engineering
o Brute force attacks
o Tools to crack passwords:
 Programs such as SnadBoy’s Revelation
 Keylogging software
 Rainbow tables
Hashed passwords collection methods
Strategies to protect against password attacks:
o Educate users on how to create and remember strong passwords
o Protect access to the password file
o Salt the hash to mitigate rainbow table attacks
o Implement two-factor authentication
Students will learn how to:



Analyze the strength of passwords by using a rainbow table to perform a
cryptanalysis attack on the hashed values of passwords.
Use SnadBoy's Revelation to reveal a password.
Use a keylogger to capture a password.
Security+ Exam Objectives:



2.6 Explain the importance of security related awareness and training.
o User habits
 Password behaviors
3.2 Summarize various types of attacks.
o Password attacks
 Brute force
 Dictionary attacks
 Hybrid
 Birthday attacks
 Rainbow tables
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Hardening
 Password protection
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
152

5.3 Install and configure security controls when performing account
management, based on best practices.
o Account policy enforcement
 Password complexity
 Lockout
Lecture Focus Questions:





How are attackers able to recover passwords?
What are the characteristics of a complex password?
What are the differences between brute force and dictionary attacks?
How does account lockout help secure an account?
What technique will mitigate rainbow table attacks?
Video/Demo
Time
8.2.1 Password Attacks
2:04
8.2.3 Using Rainbow Tables
4:48
8.2.4 Capturing Passwords
5:40
Total
12:32
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
153
Section 8.3: Windows System Hardening
Summary
In this section students will learn about hardening a Windows system. Concepts
covered include:




The role of hardening to secure devices and hardware
Recommendations for hardening systems
Types of updates:
o Hotfix
o Patch
o Service pack
Consideration when managing updates
Students will learn how to:





Harden a system by changing default account passwords and verifying
user and group assignments.
Lock down system security by installing only required software and roles
and disabling unnecessary services.
Use security templates to apply or audit security settings on your system.
Use Group Policy to deploy multiple settings to multiple machines in an
Active Directory domain.
Use Windows Updates and WSUS to automate patch management of
your Windows system.
Security+ Exam Objectives:



3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Hardening
 Disabling unnecessary services
 Protecting management interfaces and applications
 Password protection
 Disabling unnecessary accounts
o Security posture
 Initial baseline configuration
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Assessment technique
 Determine attack surface
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Operating system security and settings
o Patch management
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
154

o OS hardening
o Host software baselining
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authentication
 Trusted OS
SSCP Exam Objectives:

2.3 Perform Change Management Duties.
o Test patches, fixes and updates (e.g., operating systems,
applications, SLDC)
Security Pro Exam Objectives:


6.1 Harden Computer Systems Against Attack.
o Configure a GPO to enforce Workstation/Server security settings
o Configure Domain GPO to enforce use of Windows Firewall
6.2 Implement Patch Management/System Updates.
o Configure Windows Update
Lecture Focus Questions:




What is hardening? How does it benefit the security of an organization?
How do you reduce the attack surface of a device?
What is a security baseline?
What is the difference between a hotfix and a patch? Why would you use
one over the other?
Video/Demo
Time
8.3.1 Operating System Hardening
5:13
8.3.3 Hardening an Operating System
6:41
8.3.4 Managing Automatic Updates
18:31
8.3.6 Configuring Windows Firewall
10:11
8.3.8 Configuring Windows Firewall Advanced Features
16:59
8.3.9 Configuring Parental Controls
18:21
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
75:56
155
Lab/Activity



Configure Automatic Updates
Configure Windows Firewall
Configure Parental Controls
Number of Exam Questions
10 questions
Total Time
About 105 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
156
Section 8.4: Hardening Enforcement
Summary
This section discusses hardening enforcement using GPOs. Concepts covered
include:




The role of GPOs
Using GPOs to perform specific hardening tasks
Using the Security Configuration and Analysis snap-in
Considerations when using GPOs
Students will learn how to:


Configure a GPO.
Implement controls using a security template.
Security+ Exam Objectives:



4.3 Given a scenario, select the appropriate solution to establish host
security.
o Operating system security and settings
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authentication
 Access control
5.3 Install and configure security controls when performing account
management, based on best practices.
o Mitigates issues associated with users with multiple accounts/roles
and/or shared accounts
o Account policy enforcement
 Password complexity
 Expiration
 Recovery
 Disablement
 Lockout
 Password length
o Group based privileges
Security Pro Exam Objectives:

6.1 Harden Computer Systems Against Attack.
o Configure a GPO to enforce Workstation/Server security settings
o Configure Domain Servers GPO to remove unneeded services
(such as File and Printer Sharing)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
157
Lecture Focus Questions:





How do GPOs ensure the consistent application of controls?
Which hardening tasks can be implemented using a GPO?
How can you determine that the security controls implemented are still
enforced?
What are security templates and how are they used?
What is the easiest way to set controls on a Windows system according
the NSA recommendation?
Video/Demo
Time
8.4.1 Hardening Enforcement with GPOs
1:50
8.4.2 Using Security Templates and Group Policy
6:53
8.4.3 Configuring GPOs to Enforce Security
Total
15:24
24:07
Lab/Activity

Manage Services with Group Policy
Number of Exam Questions
4 questions
Total Time
About 35 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
158
Section 8.5: File Server Security
Summary
This section examines managing file server security. Details include:




Considerations when managing file system security
Considerations for securing file transfer using the following TCP/IP
protocols:
o File Transfer Protocol (FTP)
o Trivial File Transfer Protocol (TFTP)
o Secure Copy Protocol (SCP)
o Secure Shell File Transfer Protocol (SFTP)
o Secure FTP
o FTP Secure (FTPS)
File Server Resource Manager (FSRM)
Managing file system permissions:
o Share permissions
o NTFS permissions
o Effective permissions
Students will learn how to:


Configure the NTFS permissions by turning off the permissions
inheritance.
Assign NTFS permission for a folder to the appropriate group.
Security+ Exam Objectives:





1.2 Given a scenario, use secure network administration principles.
o Implicit deny
1.4 Given a scenario, implement common protocols and services.
o TCP/IP
o FTPS
o SCP
o SFTP
2.3 Given a scenario, implement appropriate risk mitigation strategies.
o User rights and permissions reviews
5.2 Given a scenario, select the appropriate authentication, authorization,
or access control.
o Authorization
 ACLs
o Authentication
 Access control
5.3 Install and configure security controls when performing account
management, based on best practices.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
159

o Group based privileges
o User assigned privileges
4.4 Implement the appropriate controls to ensure data security.
o Handling Big Data
SSCP exam objectives:

1.4 Apply Access Control Concepts (e.g., least privilege, and separation of
duties).
o Discretionary Access Control (DAC)
o Non-discretionary Access Control
Security Pro exam objectives:


6.1 Harden Computer Systems Against Attack.
o Configure NTFS Permissions for Secure file sharing
8.2 Protect Data Transmissions across open, public networks.
o Implement secure protocols
Lecture Focus Questions:






How can you identify if a permission has been inherited?
How do Share and NTFS permissions differ?
On what elements can NTFS permissions be set?
How can you view the users that have permissions for a particular drive?
How can permissions inheritance influence the effective permissions that
a user has? How can you determine if a permission is inherited or
specifically assigned?
As the administrator, you have given Fred the write permission to the
SalesReport file, but he cannot write to the file. What items would you
check to determine why Fred can't write to the file?
Video/Demo
Time
8.5.1 File Server Security
7:58
8.5.2 Scanning for Open Ports
3:52
8.5.5 Configuring NTFS Permissions
Total
14:05
25:55
Lab/Activity


Configure NTFS Permissions
Disable Inheritance
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
160
Number of Exam Questions
8 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
161
Section 8.6: Linux Host Security
Summary
In this section students will learn the basics of securing a Linux host. General
procedures and the commands to perform them include:




Removing unneeded software
Checking for unneeded network services
Locating open ports
Checking network connections
Students will learn how to:


Scan for open ports on Linux.
Identify open network connections on Linux.
Security+ Exam Objectives:



1.2 Given a scenario, use secure network administration principles.
o Port Security
2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Enforce policies and procedures to prevent data loss or theft
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Hardening
 Disabling unnecessary services
SSCP Exam Objectives:

4.2 Perform Security Assessment Activities.
o Scan for vulnerabilities
o Review security configurations of infrastructure
Lecture Focus Questions:




What is a socket?
Which utility will scan for all listening and non-listening sockets?
Which utility will identify open ports on the Linux system?
Which commands should you use to disable unneeded daemons?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
162
Video/Demo
`
Time
8.6.1 Linux Host Security
7:10
8.6.2 Removing Unneeded Services and Scanning Ports
6:30
Total
13:40
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
163
Section 8.7: Static Environment Security
Summary
This section discusses how smart devices have created a security problem for
networks and how to protect against them. Details include:





Examples of embedded smart technology in:
o Household appliances
o Industrial equipment
What are static environments?
The Internet of Things (IoT) attack
Download and update the firmware of smart devices when the option is
available
Secure networks and systems against the highly distributed attacks
facilitated by smart devices
Security+ Exam Objectives:

4.5 Compare and contrast alternative methods to mitigate security risks in
static environments.
o Environments
 SCADA
 Embedded (Printer, Smart TV, HVAC control)
 Android
 iOS
 Mainframe
 Game consoles
 In-vehicle computing systems
o Methods
 Network segmentation
 Security layers
 Application firewalls
 Manual updates
 Firmware version control
 Wrappers
 Control redundancy and diversity
Lecture Focus Questions:


What type of common consumer devices have been used to conduct
malicious activities?
What are the reasons that smart devices are common targets for cipher
criminals?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
164
Video/Demo
8.7.1 Security Risks in Static Environments
`
Time
4:26
Number of Exam Questions
3 questions
Total Time
About 10 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
165
Section 9.1: Web Application Attacks
Summary
This section discusses the following Web application attacks:
















Drive-by download
Typosquatting/URL hijacking
Watering hole
Buffer overflow
Integer overflow
Cross-site scripting (XSS)
Cross-site Request Forgery (CSRF/XSRF)
LDAP injection
XML injection
Command injection
SQL injection
DLL injection
Directory traversal
Header manipulation
Zero-day
Client-side
Students will learn how to:




Improve security by using a Firefox add-on, NoScript, to protect against
XSS and drive-by-downloadings.
Configure pop-up blockers to block or allow pop-ups.
Implement phishing protection within the browser.
Configure Internet Explorer Enhanced Security Configuration security
settings to manage the security levels of security zones.
Security+ Exam Objectives:




2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Enforce policies and procedures to prevent data loss or theft
2.6 Explain the importance of security related awareness and training.
o New threats and new security trends/alert
 Zero-days exploits
3.2 Summarize various types of attacks.
o Client-side attacks
o Typo squatting/URL hijacking
o Watering hole attack
3.5 Explain types of application attacks.
o Cross-site scripting
o SQL injection
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
166


o LDAP injection
o XML injection
o Directory traversal/command injection
o Buffer overflow
o Integer overflow
o Zero-day
o Cookies and attachments
o LSO (Locally Shared Objects)
o Flash Cookies
o Malicious add-ons
o Session hijacking
o Header manipulation
o Arbitrary code execution / remote code execution
4.1 Explain the importance of application security controls and techniques.
o Cross-site scripting prevention
o Cross-site Request Forgery (XSRF) prevention
o Server-side vs. Client-side validation
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Anti-malware
 Pop-up blockers
SSCP Exam Objectives:



7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic
bombs).
o Understand the concepts of Mobile Code
7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
o Understand malicious web activity (e.g., cross site scripting, cross
site request forgery, injection, social networking attacks)
o Understand the concept of zero day exploits
o Understand the concept of Advanced Persistent Threat (APT)
7.4 Implement Malicious Activity Countermeasures (e.g., user awareness,
system hardening).
Security Pro Exam Objectives:

7.1 Implement Application Defenses.
o Configure Web Application Security
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
167
Lecture Focus Questions:





What are two ways that drive-by download attacks occur?
What countermeasures can be used to eliminate buffer overflow attacks?
How can cross-site scripting (XSS) be used to breach the security of a
Web user?
What is the best method to prevent SQL injection attacks?
What mitigation practices will help to protect Internet-based activities from
Web application attacks?
Video/Demo
9.1.1 Web Application Attacks
Time
2:49
9.1.2 Cross-site Request Forgery (XSRF) Attack
10:51
9.1.3 Injection Attacks
14:30
9.1.4 Header Manipulation
9:01
9.1.5 Zero Day Application Attacks
6:59
9.1.6 Client Side Attacks
6:22
9.1.8 Preventing Cross-site Scripting
4:05
Total
54:37
Number of Exam Questions
15 questions
Total Time
About 75 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
168
Section 9.2: Internet Browsers
Summary
This section provides information about configuring internet browsers to enhance
the privacy and security of a system. Concepts covered include:



Indications of an unsecured connection or attack
Configuring security settings in Internet Explorer:
o Zones
o Add-ons
o Privacy
Configuring security settings in Firefox:
o General
o Content
o Privacy
o Security
Students will learn how to:




Customize security levels and security settings for security zones in
Internet Explorer.
Download and manage add-ons in Internet Explorer.
Protect privacy by configuring cookie handling.
Clear the browser cache.
Security+ Exam Objectives:

3.5 Explain types of application attacks.
o Cookies and attachments
o Malicious add-ons
Security Pro Exam Objectives:

7.1 Implement Application Defenses.
o Configure a GPO to enforce Internet Explorer settings
o Configure Secure Browser Settings
Lecture Focus Questions:



What types of information do cookies store? Why could this be a security
concern?
What steps should you take to secure the browser from add-ons that are
not appropriate for your environment?
For security's sake, what should you do whenever you use a public
computer to access the Internet and retrieve personal data?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
169


What elements might indicate an unsecured connection or an attack?
Why should you turn off the remember search and form history feature?
Video/Demo
9.2.1 Managing Security Zones and Add-ons
9.2.2 Configuring IE Enhanced Security
9.2.3 Managing Cookies
Time
20:26
9:11
12:38
9.2.5 Clearing the Browser Cache
9:28
9.2.7 Implementing Popup Blockers
7:26
9.2.10 Enforcing IE Settings through GPO
Total
12:47
71:56
Lab/Activity





Configure Cookie Handling
Clear the Browser Cache
Configure IE Popup Blocker
Enforce IE Settings through GPO
Configure IE Preferences in a GPO
Number of Exam Questions
8 questions
Total Time
About 105 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
170
Section 9.3: E-mail
Summary
This section discusses how to secure e-mail from attacks. Details include:


E-mail attacks:
o Virus
o Spam
o Open SMTP relay
o Phishing
To secure e-mail use:
o Secure/Multipurpose Internet Mail Extensions (S/MIME)
o Pretty Good Privacy (PGP)
Students will learn how to:




Filter junk mail by selecting the level of junk e-mail protection you want.
Control spam on the client by configuring safe sender, blocked senders,
white lists, and black lists.
Configure e-mail filtering to block e-mails from specified countries and
languages.
Configure relay restrictions to specify who can relay through the SMTP
server.
Security+ Exam Objectives:


3.2 Summarize various types of attacks.
o Spam
o Phishing
6.2 Given a scenario, use appropriate cryptographic methods.
o PGP/GPG
SSCP Exam Objectives:



5.4 Understand the use of Secure Protocols (e.g., difference in
implementation, appropriate use).
o Support the implementation of secure protocols (e.g., IPSec,
SSL/TLS, S/MIME)
7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic
bombs).
7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data
theft, DDoS, spoofing, phishing, pharming, spam).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
171
Security Pro Exam Objectives:


2.1 Promote Information Security Awareness.
o Utilizing E-mail best practices
3.2 Harden mobile devices (iPad).
o Configure Secure E-mail Settings
Lecture Focus Questions:






What are the advantages of scanning for e-mail viruses at the server
instead of at the client?
How can spam cause denial of service?
What is a best practice when configuring an SMTP relay to prevent
spammers from using your mail server to send mail?
How can you protect yourself against phishing attacks?
What services do S/MIME and PGP provide for e-mail?
How does S/MIME differ from PGP?
Video/Demo
9.3.1 E-mail Security
9.3.3 Protecting a Client from Spam
Time
4:43
10:29
9.3.4 Securing an E-mail Server
2:45
9.3.6 Securing E-mail on iPad
5:52
Total
23:49
Lab/Activity


Configure E-mail Filters
Secure E-mail on iPad
Number of Exam Questions
8 questions
Total Time
About 45 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
172
Section 9.4: Network Applications
Summary
This section provides information about security concerns for the following
networking software:


Peer-to-peer (P2P)
Instant Messaging (IM)
Students will learn how to:




Set up content filters for downloading or uploading copyrighted materials.
Use P2P file sharing programs to search for and share free files.
Block ports used by P2P software.
Secure instant messaging by blocking invitations from unknown persons.
Security+ Exam Objectives:



2.6 Explain the importance of security related awareness and training.
o Use of social networking and P2P
3.2 Summarize various types of attacks.
o Spim
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Operating system security and settings
o Anti-malware
 Anti-spam
SSCP Exam Objectives:

7.2 Implement malicious code countermeasures.
o Deploy and manage anti-malware
Lecture Focus Questions:




What kinds of security problems might you have with P2P software?
What types of malware are commonly spread through instant messaging
(IM)?
What security concerns should you be aware of with instant messaging
software?
What security measures should you incorporate to control the use of
networking software?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
173
Video/Demo
Time
9.4.1 Network Application Security
2:19
9.4.2 Spim
3:43
9.4.3 Using Peer-to-peer Software
3:04
9.4.4 Securing Windows Messenger
2:48
9.4.5 Configuring Application Control Software
9:05
Total
20:59
Number of Exam Questions
5 questions
Total Time
About 25 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
174
Section 9.5: Virtualization
Summary
This section provides information about virtualization. Concepts covered include:





Components of virtualization:
o Physical machine
o Virtual machine
o Virtual Hard Disk (VHD)
o Hypervisor
Advantages of virtualization:
o Flexibility
o Security
o Testing
o Server consolidation
o Isolation
o Applications virtualization
Disadvantages of virtualization
Security considerations for a virtual machine
Load Balancing methods with virtualization include:
o Resource pooling
o Workload balancing
Students will learn how to:



Create and configure a new virtual machine.
Configure the virtual machine by allocating resources for memory and a
virtual hard disk.
Create a virtual network and configure it as an external, internal, or private
virtual network.
Security+ Exam Objectives:




1.1 Implement security configuration parameters on network devices and
other technologies.
o Load Balancers
1.3 Explain network design elements and compounds.
o Virtualization
2.1 Explain the importance of risk related concepts.
o Risks associated to Cloud Computing and Virtualization
4.3 Given a scenario, select the appropriate solution to establish host
security.
o Virtualization
 Snapshots
 Patch compatibility
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
175



Host availability/elasticity
Security control testing
Sandboxing
SSCP Exam Objectives:


1.7 Understand basic security concepts related to cloud computing (e.g.,
virtualization, data control, storage, privacy, compliance).
2.7 Understand the concepts of endpoint device security (e.g.,
virtualization, thin clients, thick clients, USB devices, mobile devices).
Lecture Focus Questions:






What is the relationship between the host and the guest operating
systems?
What is the function of the hypervisor?
How can virtualization be used to increase the security on a system?
What are the advantages of virtualization? Disadvantages?
What is the purpose of load balancing?
What type of load balancing distributes a workload?
Video/Demo
Time
9.5.1 Virtualization Introduction
4:01
9.5.2 Virtualization Benefits
3:08
9.5.3 Load Balancing with Virtualization
10:39
9.5.4 Creating Virtual Machines
4:22
9.5.5 Managing Virtual Machines
5:09
9.5.7 Adding Virtual Network Adapters
1:30
9.5.8 Creating Virtual Switches
3:26
Total
32:15
Lab/Activity


Create Virtual Machines
Create Virtual Switches
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
176
Number of Exam Questions
8 questions
Total Time
About 55 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
177
Section 9.6: Application Development
Summary
This section discusses hardening applications. Concepts covered include:






Secure coding concepts:
o Error and exception handling
o Input validation
Terms:
o Exception-safe
o Fuzz testing:
 Mutation based
 Generation-based
o Code review
o Baselines
o Configuration testing
Basic hardening guidelines for applications
Techniques used for application hardening:
o Block process spawning
o Control access to executable files
o Protect OS components
o Use exception rules
o Monitor logs
o Use Data Execution Prevention
o Implement third-party applications hardening tools
NoSQL:
o Key security issues
Actions to harden a NoSQL implementation
Students will learn how to:


Use AppArmor to harden a Linux system.
Implement application whitelisting with AppLocker.
Security+ Exam Objectives:


3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Hardening
 Protecting management interfaces and applications
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Assessment technique
 Baseline reporting
 Code review
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
178


4.1 Explain the importance of application security controls and techniques.
o Fuzzing
o Secure coding concepts
 Error and exception handling
 Input validation
o Application configuration baseline (proper settings)
o Application hardening
o Application patch management
o NoSQL databases vs. SQL databases
4.4 Implement the appropriate controls to ensure data security.
o Data in-transit, Data at-rest, Data in-use
Security Pro Exam Objectives:

7.1 Implement Application Defenses.
o Configure a GPO for Application Whitelisting
o Enable Data Execution Prevention (DEP)
Lecture Focus Questions:




What is the purpose of fuzzing?
What will input validation ensure?
What are the basic techniques for application hardening?
When should you update applications with the latest patches?
Video/Demo
Time
9.6.1 Secure Coding Concepts
16:18
9.6.2 Application Hardening
11:02
9.6.4 Hardening Applications on Linux
9.6.5 Implementing Application Whitelisting with AppLocker
4:26
13:03
9.6.7 Implementing Data Execution Preventions (DEP)
4:01
9.6.10 NoSQL Security
5:18
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
54:08
179
Lab/Activity


Implement Application Whitelisting with AppLocker
Implement Data Execution Preventions (DEP)
Number of Exam Questions
6 questions
Total Time
About 75 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
180
Section 10.1: Redundancy
Summary
In this section students will explore methods for providing redundancy for
network services. Details about the following concepts will be covered:









Methods for providing redundancy for network services and components
Types of redundancy solutions:
o Hot site
o Warm site
o Cold site
The role of a service bureau
Important facts about redundant facilities
Redundancy measurement parameters:
o Recovery Time Objective (RTO)
o Recovery Point Objective (RPO)
o Mean Time Between Failures (MTBF)
o Mean Time to Failure (MTTF)
o Mean Time to Repair (MTTR)
o Maximum Tolerable Downtime (MTD)
Common RAID levels:
o RAID 0 (striping)
o RAID 5 (striping with distributed parity)
o RAID 1 (mirroring)
o RAID 0+1
o RAID 1+0
The role of clustering
A high availability cluster (HA)
A load balancing cluster
Students will learn how to:

Configure a mirrored or a RAID 5 volume for data redundancy.
Security+ Exam Objectives:


2.1 Explain the importance of risk related concepts.
o Risk calculation
 MTTR
 MTTF
 MTBF
o Recovery time objective and recovery point objective
2.8 Summarize risk management best practices.
o Business continuity concepts
 High availability
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
181
o Fault tolerance
 Hardware
 RAID
 Clustering
 Load balancing
 Servers
o Disaster recovery concepts
 Cold site
 Hot site
 Warm site
SSCP Exam Objectives:

4.1 Understand Risk Management Process.
o Support mitigation activity (e.g., safeguards, countermeasures)
Security Pro Exam Objectives:

8.1 Protect and maintain the integrity of data files.
o Implement redundancy and failover mechanisms
Lecture Focus Questions:








What is the usual activation goal time for a hot site? How does that differ
from a warm site?
Why is a hot site so much more expensive to operate than a warm site?
Why is it important that two companies with a reciprocal agreement should
not be located too closely to each other?
Of the three redundancy solutions, which is the most common redundant
site type? Why is it the most common?
Which functions should be returned first when returning services from the
backup facility back to the primary facility?
Why should you locate redundant sites at least 25 miles from the primary
site?
What is the main advantage of RAID 0? Disadvantage?
What is the difference between RAID 0+1 and RAID 1+0?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
182
Video/Demo
Time
10.1.1 Redundancy
4:55
10.1.2 Redundancy Measurement Parameters
5:12
10.1.4 RAID
7:27
10.1.5 Implementing RAID
6:16
10.1.8 Clustering
9:06
Total
32:56
Lab/Activity

Configure Fault Tolerant Volumes
Number of Exam Questions
15 questions
Total Time
About 65 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
183
Section 10.2: Backup and Restore
Summary
This section covers the following details about backup and restore.





Types of backups:
o Full
o Incremental
o Differential
o Image
o Copy
o Daily
Backup strategies:
o Full Backup
o Full + Incremental
o Full + Differential
Considerations when managing backups
Backup media rotation systems:
o Grandfather Father Son (GFS)
o Tower of Hanoi
o Round Robin
Types of data that can be backed up:
o System state data
o Application data
o User data
Students will learn how to:


Back up a Windows system.
Schedule automatic backups for Windows computers.
Security+ Exam Objectives:

2.8 Summarize risk management best practices.
o Disaster recovery concepts
 Backup plans/policies
 Backup execution/frequency
SSCP Exam Objectives:

2.8 Comply with data management policies (e.g., storage media (paper or
electronic), transmission archiving, retention requirements, destruction,
duplication, data lost prevention, social network usage, information rights
management (IRM)).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
184
Security Pro Exam Objectives:


6.3 Perform System Backups and Recovery.
8.1 Protect and maintain the integrity of data files.
o Perform data backups and recovery
Lecture Focus Questions:







How is an incremental backup different than a differential backup?
When is the archive bit set? Which backup types reset the archive bit?
What is the advantage of the Full + Incremental backup strategy? What is
the disadvantage?
Why should backup tapes be stored offsite?
What are common types of backup media rotation systems used to
provide protection to adequately restore data?
How do you back up Active Directory?
What should you regularly do to make sure your backup strategy is
working properly?
Video/Demo
10.2.1 Backup and Restore
Time
13:27
10.2.4 Backing up Workstations
6:18
10.2.6 Restoring Workstation Data from Backup
2:19
10.2.7 Backing Up a Domain Controller
2:33
10.2.9 Restoring Server Data from Backup
2:12
Total
26:49
Lab/Activity


Back Up a Workstation
Back Up a Domain Controller
Number of Exam Questions
15 questions
Total Time
About 55 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
185
Section 10.3: File Encryption
Summary
In this section students will learn about the following file encryption programs:



Encrypting File System (EFS)
GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP)
Whole disk encryption (BitLocker)
Students will learn how to:





Encrypt a file to secure data using EFS.
Authorize additional users who can access files encrypted with EFS.
Encrypt a file using GPG.
Protect hard drive contents with BitLocker.
Configure settings to control BitLocker using Group Policy.
Security+ Exam Objectives:


4.4 Implement the appropriate controls to ensure data security.
o Data encryption
 Full disk
 Database
 Individual files
6.2 Given a scenario, use appropriate cryptographic methods.
o PGP/GPG
Security Pro Exam Objectives:


8.1 Protect and maintain the integrity of data files.
o Implement encryption technologies
8.2 Protect Data Transmissions across open, public networks.
o Encrypt Data Communications
Lecture Focus Questions:





On which computers should you implement EFS?
What is the FEK? How is it used?
Under what conditions can EFS encryption be compromised?
What happens when an EFS encrypted file is copied over the network
using the SMB protocol?
Once a system encrypted with BitLocker boots, who is able to access
files?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
186
Video/Demo
Time
10.3.1 Encrypting File System (EFS)
11:47
10.3.2 Securing Files using EFS
11:45
10.3.4 PGP and GPG
4:34
10.3.5 Encrypting Files with GPG
4:58
10.3.6 BitLocker and Database Encryption
10.3.7 Configuring BitLocker
Total
13:02
6:17
52:23
Lab/Activity


Encrypt Files with EFS
Configure BitLocker with a TPM
Number of Exam Questions
8 questions
Total Time
About 75 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
187
Section 10.4: Secure Protocols
Summary
This section discusses secure protocols. Details include:






Types of secure protocols:
o Secure Sockets Layer (SSL)
o Transport Layer Security (TLS)
o Secure Shell (SSH)
Protocols to secure HTTP:
o HTTPS
o S-HTTP
IPSec includes two protocols:
o Authentication Header (AH)
o Encapsulating Security Payload (ESP)
Modes of operation that can be implemented with IPSec:
o Transport mode
o Tunnel mode
Security Association (SA)
Internet Key Exchange (IKE)
Students will learn how to:




Add SSL bindings to a Web site to support secure connections.
Modify Web site settings to require SSL.
Use SSL from a browser to create a secure connection.
Enforce the use of IPSec through Connection Security Rules.
Security+ Exam Objectives:



1.4 Given a scenario, implement common protocols and services.
o IPSec
o SSH
o TLS
o SSL
o HTTPS
5.1 Compare and contrast the function and purpose of authentication
services.
o Secure LDAP
6.2 Given a scenario, use appropriate cryptographic methods.
o Use of algorithms with transport encryption
 SSL
 TLS
 IPSec
 SSH
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
188

HTTPS
SSCP Exam Objectives:


5.2 Understand Requirements for Cryptography (e.g., data sensitivity,
regulatory requirements, end-user training).
5.4 Understand the use of Secure Protocols (e.g., difference in
implementation, appropriate use).
o Support the implementation of secure protocols (e.g., IPSec,
SSL/TLS, S/MIME)
Security Pro Exam Objectives:


2.1 Promote Information Security Awareness.
o Using SSL Encryption
8.2 Protect Data Transmissions across open, public networks.
o Implement secure protocols
Lecture Focus Questions:






How does SSL verify authentication credentials?
What protocol is the successor to SSL 3.0?
How can you tell that a session with a Web server is using SSL?
What is the difference between HTTPS and S-HTTP?
What does it mean when HTTPS is referenced as being stateful?
What is the difference between IPSec tunnel mode and transport mode?
Video/Demo
10.4.1 Secure Protocols
10.4.2 Secure Protocols 2
Time
8:44
15:26
10.4.4 Adding SSL to a Web Site
5:23
10.4.6 IPSec
5:14
10.4.8 Requiring IPSec for Communications
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
14:22
49:09
189
Lab/Activity

Allow SSL Connections
Number of Exam Questions
15 questions
Total Time
About 75 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
190
Section 10.5: Cloud Computing
Summary
This section provides students with an overview of cloud computing. Concepts
covered include:






The role of cloud computing
Ways in which could computing can be implemented:
o Public cloud
o Private cloud
o Community cloud
o Hybrid cloud
The advantages of cloud computing
Cloud computing service models:
o Infrastructure as a Service (IaaS)
o Platform as a Service (PaaS)
o Software as a Service (SaaS)
Ways that cloud computing service providers reduce the risk of security
breaches
The advantages of using a Virtual Desktop Infrastructure (VDI)
Security+ Exam Objectives:



1.3 Explain network design elements and compounds.
o Cloud Computing
 Platform as a Service
 Software as a Service
 Infrastructure as a Service
 Private
 Public
 Hybrid
 Community
2.1 Explain the importance of risk related concepts.
o Risks associated to Cloud Computing and Virtualization
4.4 Implement the appropriate controls to ensure data security.
o Cloud storage
SSCP Exam Objectives:


1.7 Understand basic security concepts related to cloud computing (e.g.,
virtualization, data control, storage, privacy, compliance).
2.7 Understand the concepts of endpoint device security (e.g.,
virtualization, thin clients, thick clients, USB devices, mobile devices).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
191
Lecture Focus Questions:




What are the advantages of cloud computing?
Which cloud computing service model delivers software applications to the
client?
What is the difference between Infrastructure as a Service and Platform as
a Service?
How does the cloud computing service reduce the risk of security
breaches?
Video/Demo
10.5.1 Cloud Computing Introduction
10.5.2 Cloud Computing Security Issues
Total
Time
15:59
6:32
22:31
Number of Exam Questions
5 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
192
Section 11.1: Vulnerability Assessment
Summary
This section provides information about using vulnerability assessment to identify
the vulnerabilities in a system or network. Tools to monitor vulnerability include:






Vulnerability scanner
Ping scanner
Port Scanner
Network mapper
Password cracker
Open Vulnerability and Assessment Language (OVAL)
Students will learn how to:





Scan a network with a vulnerability scanner, such as Nessus or MBSA, to
identify risk factors.
Download the latest security update information before starting a
vulnerability scan.
View security scan reports and identify vulnerabilities.
Perform a port scan using nmap on a single machine.
Use a password cracker to analyze a network for password vulnerabilities.
Security+ Exam Objectives:




2.1 Explain the importance of risk related concepts.
o Vulnerabilities
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Security posture
 Continuous security monitoring
 Remediation
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Interpret results of security assessment tools
o Tools
 Protocol analyzer
 Vulnerability scanner
 Port scanner
o Risk calculations
 Threat vs. likelihood
3.8 Explain the proper use of penetration testing versus vulnerability
scanning.
o Vulnerability scanning
 Passively testing security controls
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
193





Identify vulnerability
Identify lack of security controls
Identify common misconfiguration
Intrusive vs. non-intrusive
Credentialed vs. non-credentialed
SSCP Exam Objectives:


2.6 Assess the information communication technology infrastructure using
appropriate tools (e.g., discovery, security).
o Understand the impact of security testing
4.2 Perform Security Assessment Activities.
o Scan for vulnerabilities
o Interpret results of scanning and testing
Security Pro Exam Objectives:

9.4 Review vulnerability reports, implement remediation.
Lecture Focus Questions:





Why should an administrator perform a vulnerability assessment on the
system?
What is the most important step to perform before running a vulnerability
scan? Why?
How does a port scanner identify devices with ports that are in a listening
state?
How do network mappers discover devices and identify open ports on
those devices?
What types of items does OVAL identify as a definition?
Video/Demo
11.1.1 Vulnerability Assessment
Time
4:54
11.1.3 Scanning a Network and Nessus
18:26
11.1.4 Scanning a Network with Retina
12:12
11.1.5 Scanning for Vulnerabilities Using MBSA
6:02
11.1.9 Performing Port and Ping Scans
2:36
11.1.10 Checking for Weak Passwords
9:21
Total
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
53:31
194
Lab/Activity



Review a Vulnerability Scan 1
Review a Vulnerability Scan 2
Review a Vulnerability Scan 3
Number of Exam Questions
14 questions
Total Time
About 85 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
195
Section 11.2: Penetration Testing
Summary
This section discusses penetration testing. Details include:







Steps included in the penetration testing process:
o Verifying that a threat exists
o Bypassing security controls
o Actively testing security controls
o Exploiting vulnerabilities
Defining the Rules of Engagement (ROE)
Types of penetration testing:
o Physical penetration
o Operations penetration
o Electronic penetration
Classifications of penetration testing:
o Zero knowledge test (black box test)
o Full knowledge test (white box test)
o Partial knowledge test (grey box test)
o Single blind test
o Double blind test
The Open Source Security Testing Methodology Manual (OSSTMM)
Stages of penetration testing:
o Passive reconnaissance
o Network enumeration
o System enumeration
o Target selection
o Gaining access
o Control and reporting
Steps a hacker would take after gaining access to the system
Students will learn how to:



Identify available penetration testing tools that can be used to analyze the
security of a network.
Utilize penetration testing tools to identify vulnerabilities in information
systems.
Verify the distribution of a security tool to ensure its integrity.
Security+ Exam Objectives:

3.8 Explain the proper use of penetration testing versus vulnerability
scanning.
o Penetration testing
 Verify a threat exists
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
196
 Bypass security controls
 Actively test security controls
 Exploiting vulnerabilities
o Black box
o White box
o Gray box
SSCP Exam Objectives:


2.6 Assess the information communication technology infrastructure using
appropriate tools (e.g., discovery, security).
o Understand the impact of security testing
4.2 Perform Security Assessment Activities.
o Participate in penetration testing
o Interpret results of scanning and testing
Lecture Focus Questions:







What is the main goal of penetration testing?
What type of tools or methods does a penetration test use? Why should
you be careful in the methods you deploy?
What should you do first before performing a penetration test?
How does a penetration test differ from a vulnerability assessment or
scan?
What types of details do the Rules of Engagement identify?
What types of actions might a tester perform when attempting a physical
penetration?
What security function does the Open Source Security Testing
Methodology Manual (OSSTMM) provide?
Video/Demo
11.2.1 Penetration Testing
Time
2:32
11.2.3 Exploring Penetration Testing Tools 11:22
Total
13:54
Number of Exam Questions
12 questions
Total Time
About 30 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
197
Section 11.3: Protocol Analyzers
Summary
In this section students will learn about the role of protocol analyzers. Concepts
covered include:






Other names for protocol analyzers:
o Packet sniffers
o Packet analyzers
o Network analyzers
o Network sniffers
o Network scanners
Use a protocol analyzer to:
o Monitor and log network traffic
o Check for specific protocols on the network
o Identify frames that might cause errors
o Examine the data contained within a packet
o Analyze network performance
o Troubleshoot communication problems or investigate the source of
heavy network traffic
Using a packet sniffer requires the following configuration changes:
o Configure the NIC in promiscuous mode (sometimes called pmode)
o Configure port mirroring on the switch
Filtering frames when using a protocol analyzer
Protocol tools can be used with protocol analyzers for active interception
of network traffic to perform attacks
Common protocol analyzers include:
o Wireshark
o Ethereal
o dSniff
o Ettercap
o Tcpdump
o Microsoft Network Monitor
Students will learn how to:

Capture and analyze packets to troubleshoot a network using Wireshark.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
198
Security+ Exam Objectives:


1.1 Implement security configuration parameters on network devices and
other technologies.
o Protocol analyzers
3.7 Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
o Interpret results of security assessment tools
o Tools
 Protocol analyzer
SSCP Exam Objectives:

2.6 Assess the information communication technology infrastructure using
appropriate tools (e.g., discovery, security).
o Understand the impact of security testing
Lecture Focus Questions:




What types of information can a protocol analyzer provide?
When using a protocol analyzer, why is it necessary to configure the NIC
in promiscuous mode?
When running a protocol analyzer on a switch, how does port mirroring
work?
What are some common protocol analyzers?
Video/Demo
Time
11.3.1 Protocol Analyzers
3:07
11.3.3 Analyzing Network Traffic
6:50
Total
9:57
Number of Exam Questions
8 questions
Total Time
About 20 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
199
Section 11.4: Log Management
Summary
This section discusses information about managing logs. Details include:




The role of logs
Types of events a log should include:
o Internet connection
o System level
o Application level
o User level
o Access
o Performance
o Firewall
The operating system audit subsystem provides the mechanism whereby
system events are monitored and logged:
o Kernel
o Device driver
o Daemon
o Manager interface
o Data analysis and reduction
Considerations when setting up a log archive:
o Retention Policies
o System requirements
o Security
Students will learn how to:



Use Event Viewer to troubleshoot a system by viewing details of a logged
event.
Manage logging by saving or clearing logs, configuring filtering of logs, or
attaching a task to a log or event.
Identify operating system activities, warnings, informational messages,
and error messages using system logs.
Security+ Exam Objectives:



1.2 Given a scenario, use secure network administration principles.
o Log analysis
2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Perform routine audits
3.6 Analyze a scenario and select the appropriate type of mitigation and
deterrent techniques.
o Monitoring system logs
 Event logs
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
200

 Audit logs
 Security logs
 Access logs
o Security posture
 Continuous security monitoring
 Remediation
3.8 Explain the proper use of penetration testing versus vulnerability
scanning.
o Vulnerability scanning
 False positive
SSCP Exam Objectives:


3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring).
o Review systems for unauthorized changes (i.e., file integrity
checkers, honeypots, unauthorized connections)
o Monitor deviations from normal activity (e.g., white lists, anomaly
detection, profiling)
o Install and configure agents and management systems
3.2 Analyze Monitoring Results (e.g., review and analysis of log and
reports, false positives, communicate findings).
Security Pro Exam Objectives:




9.1 Implement Logging and Auditing.
o Configure Domain GPO for Event Logging
9.2 Review security logs and violation reports, implement remediation.
9.3 Review audit reports, implement remediation.
9.4 Review vulnerability reports, implement remediation.
Lecture Focus Questions:



How does logging affect system resources?
What factors should you take into consideration when archiving log files?
What types of information are included in events recorded in logs?
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
201
Video/Demo
Time
11.4.1 Logs
3:24
10.4.3 Logging Events with Event Viewer
3:52
10.4.4 Windows Event Subscriptions
10:36
10.4.5 Configuring Source-initiated Subscriptions
4:50
10.4.6 Configuring Remote Logging on Linux
8:23
Total
31:05
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
202
Section 11.5: Audits
Summary
This section examines using audits to ensure the security of a system. Concepts
include:



The role of auditing
Types of auditors:
o Internal
o External
Terms to be familiar with:
o User access and rights review
o Privilege auditing
o Usage auditing
o Escalation auditing
Students will learn how to:


Configure the audit logon events policy to audit the failure of a logon
attempt.
View and evaluate the recorded logs under Security in Event Viewer.
Security+ Exam Objectives:


2.3 Given a scenario, implement appropriate risk mitigation strategies.
o Perform routine audits
3.8 Explain the proper use of penetration testing versus vulnerability
scanning.
o Vulnerability scanning
 False positive
SSCP Exam Objectives:


3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring).
o Review systems for unauthorized changes (i.e., file integrity
checkers, honeypots, unauthorized connections)
o Monitor deviations from normal activity (e.g., white lists, anomaly
detection, profiling)
o Install and configure agents and management systems
3.2 Analyze Monitoring Results (e.g., review and analysis of log and
reports, false positives, communicate findings).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
203
Security Pro Exam Objectives:





5.1 Harden Network Devices (using a Cisco Small Business Switch).
o Turn on logging with timestamps
9.1 Implement Logging and Auditing.
o Configure Domain GPO Audit Policy
9.2 Review security logs and violation reports, implement remediation.
9.3 Review audit reports, implement remediation.
9.4 Review vulnerability reports, implement remediation.
Lecture Focus Questions:




How can you protect audit log files from access and modification attacks?
When would you choose an external auditor over an internal auditor?
What is the difference between privilege auditing and usage auditing?
How can escalation auditing help to secure the system?
Video/Demo
10.5.1 Audits
10.5.3 Auditing the Windows Security Log
10.5.5 Auditing Device Logs
Total
Time
3:13
11:41
6:57
21:51
Lab/Activity


Configure Advanced Audit Policy
Enable Device Logs
Number of Exam Questions
7 questions
Total Time
About 40 minutes
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
204
Security Pro Practice Exams
Summary
This section provides information to help prepare students to take the Security
Pro Certification exam. Students will have the opportunity of testing their mastery
of the concepts presented in this course to reaffirm that they are ready for the
certification exam.
Students will typically take about 5-10 minutes (depending upon the complexity
and their level of knowledge) to complete each simulation question in the
following practice exams. There is no time limit on the amount of time a student
can take to complete the practice exams for the following domains. The domain
practice exams are NOT randomized.
Security Pro Domain 1: Access Control and Identity Management (22 simulation
questions)
Security Pro Domain 2: Policies, Procedures, Awareness (1 simulation question)
Security Pro Domain 3: Physical Security (2 simulation questions)
Security Pro Domain 4: Perimeter Defenses (10 simulation questions)
Security Pro Domain 5: Network Defenses (7 simulation questions)
Security Pro Domain 6: Host Defenses (7 simulation questions)
Security Pro Domain 7: Application Defenses (10 simulation questions)
Security Pro Domain 8: Data Defenses (6 simulation questions)
Security Pro Domain 9: Audits and Assessments (5 simulation questions)
The Security Pro Certification Practice Exam consists of 15 simulation questions
that are randomly selected from the above practice exams. Each time the
Certification Practice Exam is accessed different questions may be presented.
The Certification Practice Exam has a time limit of 120 minutes. A passing score
of 95% should verify that the student has mastered the concepts and is ready to
take the real certification exam.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
205
Security+ Practice Exams
Summary
This section provides information to help prepare students to take the Security+
exam and to register for the exam. Students will have the opportunity of testing
their mastery of the concepts presented in this course to reaffirm that they are
ready for the certification exam.
Students will typically take about 1 minute to complete each question in the
following practice exams. There is no time limit on the amount of time a student
can take to complete the practice exams for the following domains. The domain
practice exams are NOT randomized.
Security+ Domain 1: Network Security (172 questions)
Security+ Domain 2: Compliance and Operational Security (128 questions)
Security+ Domain 3: Threats and Vulnerabilities (178 questions)
Security+ Domain 4: Application, Data and Host Security (70 questions)
Security+ Domain 5: Access Control and Identity Management (98 questions)
Security+ Domain 6: Cryptography (92 questions)
The Security+ Certification Practice Exam consists of 100 questions that are
randomly selected from the above practice exams. Each time the Certification
Practice Exam is accessed different questions may be presented. The
Certification Practice Exam has a time limit of 90 minutes. A passing score of
95% should verify that the student has mastered the concepts and is ready to
take the real certification exam.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
206
SSCP Practice Exams
Summary
This section provides information to help prepare students to take the SSCP
exam and to register for the exam. Students will have the opportunity of testing
their mastery of the concepts presented in this course to reaffirm that they are
ready for the certification exam.
Students will typically take about 1 minute to complete each question in the
following practice exams. There is no time limit on the amount of time a student
can take to complete the practice exams for the following domains. The domain
practice exams are NOT randomized.
SSCP Domain 1: Access Control (60 questions)
SSCP Domain 2: Security Operations & Administration (64 questions)
SSCP Domain 3: Monitoring and Analysis (21 questions)
SSCP Domain 4: Risk, Response, and Recovery (38 questions)
SSCP Domain 5: Cryptography (90 questions)
SSCP Domain 6: Networks and Communications (68 questions)
SSCP Domain 7: Malicious Code and Attacks (85 questions)
The SSCP Certification Practice Exam consists of 125 questions that are
randomly selected from the above practice exams. Each time the Certification
Practice Exam is accessed different questions may be presented. The
Certification Practice Exam has a time limit of 3 hours. A passing score of 95%
should verify that the student has mastered the concepts and is ready to take the
real certification exam.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
207
Appendix A: Approximate Time for the Course
The total time for the LabSim Security Pro course is approximately 91 hours and
35 minutes. The time is calculated by adding the approximate time for each
section which is calculated using the following elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation)
Questions (1 minute per question)
The breakdown for this course is as follows:
Module
Sections
Time
Total
HR:MM
70
25
95
1:35
30
60
30
30
30
50
70
20
25
35
90
30
35
70
20
625
10:25
45
35
35
25
70
40
250
4:10
1.0 Introduction
1.1 Security Overview
1.2 Using the Simulator
2.0 Access Control and Identity Management
2.1 Access Control Models
2.2 Authentication
2.3 Authorization
2.4 Access Control Best Practices
2.5 Active Directory Overview
2.6 Windows Domain Users and Groups
2.7 Linux Users
2.8 Linux Groups
2.9 Linux User Security
2.10 Group Policy Overview
2.11 Hardening Authentication 1
2.12 Hardening Authentication 2
2.13 Remote Access
2.14 Network Authentication
2.15 Identity Management
3.0 Cryptography
3.1 Cryptography
3.2 Hashing
3.3 Symmetric Encryption
3.4 Asymmetric Encryption
3.5 Public Key Infrastructure (PKI)
3.6 Cryptography Implementations
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
208
4.0 Policies, Procedures, and Awareness
4.1 Security Policies
4.2 Manageable Network Plan
4.3 Business Continuity
4.4 Risk Management
4.5 Incident Response
4.6 Social Engineering
4.7 Certification and Accreditation
4.8 Development
4.9 Employee Management
4.10 Third-Party Integration
80
35
20
30
65
55
40
35
40
20
420
7:00
50
20
45
40
40
40
25
260
4:20
65
35
50
50
35
30
40
30
40
25
45
60
50
80
570
9:30
5.0 Physical Security
5.1 Physical Security
5.2 Hardware Security
5.3 Environmental Controls
5.4 Mobile Devices
5.5 Mobile Device Security Enforcement
5.4 Mobile Devices
5.6 Telephony
6.0 Networking
6.1 Networking Layer Protocol Review
6.2 Transport Layer Protocol Review
6.3 Perimeter Attacks 1
6.4 Perimeter Attacks 2
6.5 Security Appliances
6.6 Demilitarized Zones (DMZ)
6.7 Firewalls
6.8 Network Address Translation (NAT)
6.9 Virtual Private Networks (VPN)
6.10 Web Threat Protection
6.11 Network Access Control (NAC)
6.12 Wireless Overview
6.13 Wireless Attacks
6.14 Wireless Defenses
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
209
7.0 Network Defenses
7.1 Network Devices
7.2 Network Device Vulnerabilities
7.3 Switch Attacks
7.4 Router Security
7.5 Switch Security
7.6 Intrusion Detection and Prevention
7.7 SAN Security
15
20
10
15
90
50
30
230
3:50
75
20
105
35
50
20
10
315
5:15
75
105
45
25
55
75
380
6:20
65
55
75
75
30
300
5:00
85
30
20
50
40
225
3:45
8.0 Host Defenses
8.1 Malware
8.2 Password Attacks
8.3 Windows System Hardening
8.4 Hardening Enforcement
8.5 File Server Security
8.6 Linux Host Security
8.7 Static Environment Security
9.0 Application Defenses
9.1 Web Application Attacks
9.2 Internet Browsers
9.3 E-mail
9.4 Network Applications
9.5 Virtualization
9.6 Application Development
10.0 Data Defenses
10.1 Redundancy
10.2 Backup and Restore
10.3 File Encryption
10.4 Secure Protocols
10.5 Cloud Computing
11.0 Assessments and Audits
11.1 Vulnerability Assessment
11.2 Penetration Testing
11.3 Protocol Analyzers
11.4 Log Management
11.5 Audits
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
210
Security Pro Practice Exams
Domain 1: Access Control and Identity
Management (22 sims)
Domain 2: Policies, Procedures, Awareness (1 sim)
Domain 3: Physical Security (2 sims)
Domain 4: Perimeter Defenses (10 sims)
Domain 5: Network Defenses (7 sims)
Domain 6: Host Defenses (7 sims)
Domain 7: Application Defenses (10 sims)
Domain 8: Data Defenses (6 sims)
Domain 9: Audits and Assessments (5 sims)
Security Pro Certification Practice Exam (15 sims)
110
5
10
50
35
35
50
30
25
90
440
7:20
834
13:54
551
9:11
5495
91:35
Security+ Practice Exams
Domain 1: Network Security (172 questions)
Domain 2: Compliance and Operational Security
(128 questions)
Domain 3: Threats and Vulnerabilities (178
questions)
Domain 4: Application, Data and Host Security (70
questions)
Domain 5: Access Control and Identity
Management (98 questions)
Domain 6: Cryptography (92 questions)
Security+ Certification Practice Exam (100
questions)
172
128
178
70
98
88
100
SSCP Practice Exams
Domain 1: Access Control (60 questions)
Domain 2: Security Operations & Administration
(64 questions)
Domain 3: Monitoring and Analysis (21 questions)
Domain 4: Risk, Response, and Recovery (38
questions)
Domain 5: Cryptography (90 questions)
Domain 6: Networks and Communications (68
questions)
Domain 7: Malicious Code and Attacks (85
questions)
SSCP Certification Practice Exam (125 questions)
60
64
21
38
90
68
85
125
Total
Time
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
211
Appendix B: Security Pro 2014 Changes
Instructors who have taught the previous LabSim Security Pro version of this
course may find the following information valuable.
This report details all the changes that were made from the previous course such
as:




A new video, demo, simulation, or text that has been created
A video, demo, or text that has been updated
New questions that have been added to a section
A new section that has been added to a module
Section Changes
2.1
2.1.4 Updated Demo: Implementing Discretionary Access Control
2.2
2.2.1 Updated Video: Authentication Part 1
2.2.2 New Video: Authentication Part 2
2.2.3 Updated Text Lesson: Authentication Facts
2.2.7 Added New Practice Questions
2.3
2.3.4 Updated Demo: Examining the Access Token
2.4
2.4.2 Updated Demo: Viewing Implicit Deny
2.4.3 Updated Text Lesson: Best Practices Facts
2.5
2.5 New Section: Active Directory Overview
2.5.3 Updated Demo: Viewing Active Directory
2.5.5 New Practice Questions set
2.6
2.6.1 Updated Demo: Creating User Accounts
2.6.2 Updated Demo: Managing User Account Properties
2.6.3 Updated Lab: Create User Accounts
2.6.4 Updated Lab: Manage User Accounts
2.6.5 Updated Demo: Managing Groups
2.6.6 Updated Lab: Create a Group
2.6.7 Updated Lab: Create Global Groups
2.6.9 Added New Practice Questions
2.8
2.8 New Section: Linux Groups
2.8.6 New Practice Questions set
2.10
2.10.2 Updated Demo: Viewing Group Policy
2.10.4 Updated Lab: Create and Link a GPO
2.11
2.11.10 Updated Text Lesson: Hardening Authentication Facts
2.11.11 Added New Practice Questions
2.12
2.12 New Section: Hardening Authentication 2
2.12.1 Updated Demo: Configuring Smart Card Authentication
2.12.2 Updated Lab: Configure Smart Card Authentication
2.12.3 New Text Lesson: Smart Card Authentication Facts
2.12.4 New Demo: Using Fine-Grained Password Policies
2.12.5 New Text Lesson: Fine-Grained Password Policy Facts
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
212
2.14
2.15
3.3
3.4
3.5
4.1
4.2
4.3
4.4
4.5
4.6
4.9
4.10
5.1
5.2
5.4
5.5
2.12.6 New Lab: Create a Fine-Grained Password Policy
2.12.7 New Practice Questions set
2.14.4 Updated Demo: Controlling the Authentication Method
2.14.5 Updated Lab: Configure Kerberos Policy Settings
2.14.9 New Demo: Credential Management
2.14.10 New Text Lesson: Credential Management Facts
2.14.11 Added New Practice Questions
2.15.3 Added New Practice Questions
3.3.3 Updated Text Lesson: Symmetric Encryption Facts
3.3.5 Added New Practice Questions
3.4.2 Updated Text Lesson: Asymmetric Encryption Facts
3.4.3 Added New Practice Questions
3.5.2 Updated Demo: Managing Certificates
3.5.3 Updated Lab: Manage Certificates
3.5.6 Updated Demo: Configuring a Subordinate CA
4.1.5 Updated Text Lesson: Security Management Facts
4.1.7 Updated Text Lesson: Information Classification Facts
4.1.8 New Video: Data Retention Policies
4.1.10 New Text Lesson: Data Retention Facts
4.2 New Section: Manageable Network Plan
4.2.4 New Practice Questions set
4.3.3 Updated Text Lessons: Business Continuity Facts
4.3.4 Added New Practice Questions
4.4.3 New Video: Data Loss Prevention (DLP)
4.4.4 Updated Text Lesson: Risk Management Facts
4.4.5 Added New Practice Questions
4.5.4 New Demo: Creating a Forensic Drive Image
4.5.5 Updated Text Lesson: Incident Response Facts
4.5.6 Updated Text Lesson: Forensic Investigation Facts
4.5.7 Added New Practice Questions
4.6.6 Added New Practice Questions
4.9.2 Updated Text Lesson: Employee Management Facts
4.9.5 Added New Practice Questions
4.10 New Section: Third-Party Integration
4.10.1 New Video: Third-Party Integration Security Issues
4.10.2 New Text Lesson: Third-Party Integration Security Facts
4.10.3 New Practice Questions set
5.1.3 Updated Text Lesson: Physical Security Facts
5.1.5 Added New Practice Questions
5.2.4 Added New Practice Questions
5.4.2 New Text Lesson: Mobile Device Security Facts
5.4.3 New Video: BYOD Security Issues
5.4.4 New Text Lesson: BYOD Security Facts
5.4.7 Added New Practice Questions
5.5 New Section: Mobile Device Security Enforcement
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
213
6.1
6.2
6.3
6.4
6.5
6.7
6.9
6.10
6.12
6.13
6.14
7.2
7.4
7.6
7.7
5.5.1 New Demo: Enforcing Security Policies on Mobile Devices
5.5.2 New Demo: Enrolling Devices and Performing a Remote Wipe
5.5.3 New Text Lesson: Mobile Device Security Enforcement Facts
5.5.4 New Video: Mobile Application Security
5.5.5 New Text Lesson: Mobile Application Security Facts
5.5.6 New Practice Questions set
6.1 New Section: Network Layer Protocol Review
6.1.5 Updated Demo: Configuring IPv6
6.1.9 New Practice Questions set
6.2 New Section: Transport Layer Protocol Review
6.2.6 Added New Practice Questions
6.3.8 New Practice Questions set
6.4 New Section: Perimeter Attacks 2
6.4.7 Updated Demo: Examining DNS Attacks
6.4.8 New Lab: Prevent Zone Transfers
6.4.9 New Practice Questions set
6.5.5 Updated Text Lesson: Security Solution Facts
6.5.8 Added New Practice Questions
6.7.5 Added New Practice Questions
6.9.5 Updated Text Lesson: VPN Facts
6.9.7 Added New Practice Questions
6.10.5 Added New Practice Questions
6.12 New Section: Wireless Overview
6.12.2 New Video: Wireless Antenna Types
6.12.3 New Text Lesson: Wireless Networking Facts
6.12.5 New Text Lesson: Wireless Encryption Facts
6.12.8 New Practice Questions set
6.13.2 Updated Text Lesson: Wireless Attack Facts
6.13.4 New Demo: Detecting Rogue Hosts
6.13.5 Added New Practice Questions
6.14.3 New Text Lesson: Wireless Authentication Facts
6.14.5 Updated Demo: Obscure a Wireless Network
6.14.7 New Demo: Configuring a Captive Portal
6.14.8 New Text Lesson: Wireless Security Facts
6.14.9 Added New Practice Questions
7.2.6 Added New Practice Questions
7.4 New Section: Router Security
7.4.2 Updated Text Lesson: Router Security Facts
7.4.3 New Practice Questions set
7.6.3 Updated Text Lesson: IDS Facts
7.6.7 Added New Practice Questions
7.7 New Section: SAN Security
7.7.1 New Video: SAN Security Issues
7.7.2 New Demo: Configuring an iSCSI SAN
7.7.3 New Text Lesson: SAN Security Facts
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
214
8.2
8.4
8.5
8.7
9.1
9.2
9.3
9.4
9.5
9.6
10.1
10.2
10.3
10.5
7.7.4 New Practice Questions set
8.2.5 Added New Practice Questions
8.4.4 Updated Text Lesson: Hardening Enforcement Facts
8.4.6 Added New Practice Questions
8.5.3 Updated Text Lesson: File System Security Facts
8.5.5 Updated Demo: Configuring NTFS Permissions
8.5.6 Updated Lab: Configure NTFS Permissions
8.5.7 New Lab: Disable Inheritance
8.7 New Section: Static Environment Security
8.7.1 New Video: Security Risks in Static Environments
8.7.2 New Text Lesson: Static Environment Security Facts
8.7.3 New Practice Questions set
9.1.7 Updated Text Lesson: Web Application Attack Facts
9.1.9 Added New Practice Questions
9.2.9 Updated Text Lesson: Internet Explorer Security Facts
9.2.12 New Lab: Configure IE Preferences in a GPO
9.2.13 Added New Practice Questions
9.3.8 Added New Practice Questions
9.4.5 New Demo: Configuring Application Control Software
9.4.6 Updated Text Lesson: Network Application Facts
9.4.7 Added New Practice Questions
9.5.4 New Demo: Creating Virtual Machines
9.5.5 Updated Demo: Managing Virtual Machines
9.5.6 New Lab: Create Virtual Machines
9.5.7 New Demo: Adding Virtual Network Adapters
9.5.8 New Demo: Creating Virtual Switches
9.5.9 New Lab: Create Virtual Switches
9.5.10 Updated Text Lesson: Virtualization Facts
9.5.11 Added New Practice Questions
9.6.10 New Video: NoSQL Security
9.6.11 New Text Lesson: NoSQL Security Facts
9.6.12 Added New Practice Questions
10.1.3 Updated Text Lesson: Redundancy Facts
10.1.5 Updated Demo: Implementing RAID
10.1.7 Updated Lab: Configure Fault Tolerant Volumes
10.1.10 Added New Practice Questions
10.2.4 New Demo: Backing Up Workstations
10.2.6 New Demo: Restoring Workstation Data from Backup
10.2.7 New Demo: Backing Up a Domain Controller
10.2.8 New Lab: Back Up a Domain Controller
10.2.9 New Demo: Restoring Server Data from Backup
10.2.10 Added New Practice Questions
10.3.9 Updated Text Lesson: File Encryption Facts
10.3.10 Added New Practice Questions
10.5.3 Updated Text Lesson: Cloud Computing Facts
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
215
11.1
11.2
11.3
11.4
11.5
10.5.4 Added New Practice Questions
11.1.2 Updated Text Lesson: Vulnerability Assessment Facts
11.1.11 Added New Practice Questions
11.2.2 Updated Text Lesson: Penetration Testing Facts
11.2.4 Added New Practice Questions
11.3.4 Added New Practice Questions
11.4 New Section: Log Management
11.4.4 New Video: Windows Event Subscriptions
11.4.5 New Demo: Configuring Source-initiated Subscriptions
11.4.6 New Demo: Configuring Remote Logging on Linux
11.4.7 New Text Lesson: Remote Logging Facts
11.4.8 New Practice Questions set
11.5 New Section: Audits
11.5.7 Added New Practice Questions
Exam Objectives: Updated for 401
All Domain Exams: Questions no longer randomized
All Section Exams: Questions no longer randomized
SSCP Practice Exams
7 Domains: 450 Questions
SSCP Certification Practice Exam: 125 Questions
New: Feature was not in previous course – new feature
Updated: Replaces previous feature - new version
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
216
Appendix C: Security Pro Objectives
The Security Pro certification exam (2012 edition) covers the following:
#
Domain
1.0
Access Control and Identity Management
1.1
Create, modify, and delete user profiles.
Module.Section
2.6, 2.7, 2.8, 2.9,
2.10, 2.11, 2.12
Manage Windows Domain Users and Groups
o Create, rename, and delete users and
groups
o Assign users to appropriate groups
o Lock and unlock user accounts
o Change a user's password
Manage Linux Users and Groups
o Create, rename, and delete users and
groups
o Assign users to appropriate groups
o Lock and unlock user accounts
o Change a user's password
o Configure password aging
Manage Windows Local Users and Groups
o Restrict use of local user accounts
Restrict use of common access accounts
1.2
Harden authentication.
2.6, 2.10, 2.11, 2.12,
2.13, 2.14
Configure Domain GPO Account Policy to enforce
a robust password policy
Configure the Domain GPO to control local
administrator group membership and
Administrator password
Disable or rename default accounts such as Guest
and Administrator
Configure the Domain GPO to enforce User
Account Control
Configure a GPO for Smart Card authentication for
sensitive resources
Configure secure Remote Access
Implement centralized authentication
1.3
Manage Certificates.
2.14
3.1, 3.5
Approve, deny, and revoke certificate requests
Configure Domain GPO Kerberos Settings
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
217
2.0
Policies, Procedures, and Awareness
2.1
Promote Information Security Awareness.
Traveling with Personal Mobile Devices
Exchanging content between Home and Work
Storing of Personal Information on the Internet
Using Social Networking Sites
Using SSL Encryption
Utilizing E-mail best practices
Password Management
Photo/GPS Integration
Information Security
Auto-lock and Passcode Lock
2.2
Evaluate Information Risk.
4.1
5.4
9.3
10.4
4.3
Perform Risk calculation
Risk avoidance, transference, acceptance,
mitigation, and deterrence
2.3
Maintain Hardware and Software Inventory.
3.0
Physical Security
3.1
Harden Data Center Physical Access.
4.2
5.1, 5.2
Implement Access Rosters
Utilize Visitor Identification and control
Protect Doors and Windows
Implement Physical Intrusion Detection Systems
3.2
Harden mobile devices (Laptop).
5.4
Set a BIOS Password
Set a Login Password
Implement full disk encryption
4.0
Perimeter Defenses
4.1
Harden the Network Perimeter (using a Cisco Network
Security Appliance).
6.5, 6.6, 6.7, 6.8,
6.9, 6.10
Change the Default Username and Password
Configure a Firewall
Create a DMZ
Configure NAT
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
218
Configure VPN
Implement Web Threat Protection
4.2
Secure Wireless Devices and Clients.
6.14
Change the Default Username, Password, and
Administration limits
Implement WPA2
Configure Enhanced Security
o MAC filtering
o SSID cloaking
o Power Control
Disable Network Discovery
5.0
Network Defenses
5.1
Harden Network Devices (using a Cisco Small Business
Switch).
2.1, 2.4, 2.11
7.2, 7.3, 7.4, 7.5
11.5
Change the Default Username and Password on
network devices
Use secure passwords
Shut down unneeded services and ports
Implement Port Security
Remove unsecure protocols (FTP, telnet, rlogin,
rsh)
Implement access lists, deny everything else
Run latest iOS version
Turn on logging with timestamps
Segment Traffic using VLANs
5.2
Implement Intrusion Detection/Prevention (using a Cisco
Network Security Appliance).
7.6
Enable IPS protection for a LAN and DMZ
Apply IPS Signature Updates
Configure IPS Policy
6.0
Host Defenses
6.1
Harden Computer Systems Against Attack.
8.1, 8.3, 8.4, 8.5
Configure a GPO to enforce Workstation/Server
security settings
Configure Domain GPO to enforce use of Windows
Firewall
Configure Domain Servers GPO to remove
unneeded services (such as File and Printer
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
219
Sharing)
Protect against spyware and unwanted software
using Windows Defender
Configure NTFS Permissions for Secure file
sharing
6.2
Implement Patch Management/System Updates.
5.4
8.3
Configure Windows Update
Apply the latest Apple Software Updates
6.3
Perform System Backups and Recovery.
7.0
Application Defenses
7.1
Implement Application Defenses.
10.2
6.5, 6.10
9.1, 9.2, 9.3, 9.6
Configure a GPO to enforce Internet Explorer
settings
Configure a GPO for Application Whitelisting
Enable Data Execution Prevention (DEP)
Configure Web Application Security
Configure Parental Controls to enforce Web
content filtering
Configure Secure Browser Settings
Configure Secure E-mail Settings
7.2
Implement Patch Management/Software Updates.
8.3
Configure Microsoft Update
8.0
Data Defenses
8.1
Protect and maintain the integrity of data files.
10.1, 10.2, 10.3
Implement encryption technologies
Perform data backups and recovery
Implement redundancy and failover mechanisms
8.2
Protect Data Transmissions across open, public networks.
Encrypt Data Communications
Implement secure protocols
Remove unsecure protocols
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
7.4
8.5
5.4
10.3, 10.4
220
9.0
Audits and Assessments
9.1
Implement Logging and Auditing.
11.4, 11.5
Configure Domain GPO Audit Policy
Configure Domain GPO for Event Logging
9.2
Review security logs and violation reports, implement
remediation.
9.3
Review audit reports, implement remediation.
9.4
Review vulnerability reports, implement remediation.
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
8.1, 11.4 , 11.5
11.4, 11.5
11.1. 11.4, 11.5
221
Appendix D: CompTIA Security+ (2014 Edition) Exam
SY0-401 Objectives
The Security + exam tests general knowledge of security concepts, threats, and
tools. The exam covers the following topics.
#
Objective
1.0
Network Security
1.1
Implement security configuration parameters on network
devices and other technologies.
Firewalls
Routers
Switches
Load Balancers
Proxies
Web security gateways
VPN concentrators
NIDS and NIPS
o Behavior based
o Signature based
o Anomaly based
o Heuristic
Protocol analyzers
Spam filter
UTM security appliances
o URL filter
o Content inspection
o Malware inspection
Web application firewall vs. network firewall
Application aware devices
o Firewalls
o IPS
o IDS
o Proxies
1.2
Given a scenario, use secure network administration
principles.
Rule-based management
Firewall rules
VLAN management
Secure router configuration
Access control lists
Port Security
802.1x
Flood guards
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
Module.Section
6.5, 6.6, 6.7, 6.9,
6.10
7.1, 7.4, 7.5, 7.6
9.5
10.1
11.3
2.1, 2.3, 2.4
6.1, 6.5, 6.7, 6.14
7.2, 7.3, 7.4, 7.5
8.5, 8.6
11.4
222
Loop protection
Implicit deny
Network separation
Log analysis
Unified Threat Management
1.3
Explain network design elements and compounds.
DMZ
Subnetting
VLAN
NAT
Remote Access
Telephony
NAC
Virtualization
Cloud Computing
o Platform as a Service
o Software as a Service
o Infrastructure as a Service
o Private
o Public
o Hybrid
o Community
Layered security / Defense in depth
1.4
Given a scenario, implement common protocols and services.
Protocol
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
IPSec
SNMP
SSH
DNS
TLS
SSL
TCP/IP
FTPS
HTTPS
SCP
ICMP
IPv4
IPv6
iSCSI
Fibre Channel
FCoE
FTP
SFTP
TFTP
TELNET
HTTP
NetBIOS
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
1.1
2.13
5.6
6.1, 6.5, 6.6, 6.8,
6.11
7.5
9.5
10.5
6.1, 6.2
7.4, 7.7
8.5
10.4
223
Ports
o 21
o 22
o 25
o 53
o 80
o 110
o 139
o 143
o 443
o 3389
OSI relevance
1.5
Given a scenario, troubleshoot security issues related to
wireless networking.
6.12, 6.13, 6.14
WPA
WPA2
WEP
EAP
PEAP
LEAP
MAC filter
Disable SSID broadcast
TKIP
CCMP
Antenna Placement
Power level controls
Captive portals
Antenna types
Site surveys
VPN (over open wireless)
2.0
Compliance and Operational Security
2.1
Explain the importance of risk related concepts.
Control types
o Technical
o Management
o Operational
False positives
False negatives
Importance of policies in reducing risk
o Privacy policy
o Acceptable use
o Security policy
o Mandatory vacations
o Job rotation
o Separation of duties
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
2.4
4.1, 4.4, 4.9
7.6
9.5
10.1, 10.5
11.1
224
o Least privilege
Risk calculation
o Likelihood
o ALE
o Impact
o SLE
o ARO
o MTTR
o MTTF
o MTBF
Quantitative vs. qualitative
Vulnerabilities
Threat vectors
Probability / threat likelihood
Risk-avoidance, transference, acceptance, mitigation,
deterrence
Risks associated to Cloud Computing and
Virtualization
Recovery time objective and recovery point objective
2.2
Summarize the security implications of integrating systems
and data with third parties.
4.10
On-boarding/off-boarding business partners
Social media networks and/or applications
Interoperability agreements
o SLA
o BPA
o MOU
o ISA
Privacy considerations
Risk awareness
Unauthorized data sharing
Data ownership
Data backups
Follow security policy and procedures
Review agreement requirements to verify compliance
and performance standards
2.3
Given a scenario, implement appropriate risk mitigation
strategies.
Change management
Incident management
User rights and permissions reviews
Perform routine audits
Enforce policies and procedures to prevent data loss
or theft
Enforce technology controls
o Data Loss Prevention (DLP)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
4.1, 4.4, 4.5
5.2
8.5, 8.6
9.1
11.4, 11.5
225
2.4
Given a scenario, implement basic forensic procedures.
4.5
Order of volatility
Capture system image
Network traffic and logs
Capture video
Record time offset
Take hashes
Screenshots
Witnesses
Track man hours and expense
Chain of custody
Big Data analysis
2.5
Summarize common incident response procedures.
4.5
Preparation
Incident identification
Escalation and notification
Mitigation steps
Lessons learned
Reporting
Recovery/reconstitution procedures
First responder
Incident isolation
o Quarantine
o Device removal
Data breach
Damage and loss control
2.6
Explain the importance of security related awareness and
training.
4.1, 4.6, 4.7, 4.9
8.2
9.1, 9.4
Security policy training and procedures
Role-based training
Personally identifiable information
Information classification
o High
o Medium
o Low
o Confidential
o Private
o Public
Data labeling, handling, and disposal
Compliance with laws, best practices, and standards
User habits
o Password behaviors
o Data handling
o Clean desk policies
o Prevent tailgating
o Personally owned devices
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
226
New threats and new security trends/alerts
o New viruses
o Phishing attacks
o Zero-day exploits
Use of social networking and P2P
Follow up and gather training metrics to validate
compliance and security
2.7
Compare and contrast physical security and environmental
controls.
2.1
5.1, 5.2, 5.3
7.4
Environmental controls
o HVAC
o Fire suppression
o EMI shielding
o Hot and cold aisles
o Environmental monitoring
o Temperature and humidity controls
Physical security
o Hardware locks
o Mantraps
o Video Surveillance
o Fencing
o Proximity readers
o Access list
o Proper lighting
o Signs
o Guards
o Barricades
o Biometrics
o Protected distribution (cabling)
o Alarms
o Motion detection
Control types
o Deterrent
o Preventive
o Detective
o Compensating
o Technical
o Administrative
2.8
Summarize risk management best practices.
4.3
10.1, 10.2
Business continuity concepts
o Business impact analysis
o Identification of critical systems and
components
o Removing single points of failure
o Business continuity planning and testing
o Risk assessment
o Continuity of operations
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
227
o Disaster recovery
o IT contingency planning
o Succession planning
o High availability
o Redundancy
o Tabletop exercises
Fault tolerance
o Hardware
o RAID
o Clustering
o Load balancing
o Servers
Disaster recovery concepts
o Backup plans/policies
o Backup execution/frequency
o Cold site
o Hot site
o Warm site
2.9
Given a scenario, select the appropriate control to meet the
goals of security.
Confidentiality
o Encryption
o Access controls
o Steganography
Integrity
o Hashing
o Digital signatures
o Certificates
o Non-repudiation
Availability
o Redundancy
o Fault tolerance
o Patching
Safety
o Fencing
o Lighting
o Locks
o CTV
o Escape plans
o Drills
o Escape routes
o Testing controls
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
1.1
5.1
8.2
9.1
228
3.0
Threats and Vulnerabilities
3.1
Explain types of malware.
7.2
8.1
Adware
Virus
Spyware
Trojan
Rootkits
Backdoors
Logic bomb
Botnets
Ransomware
Polymorphic malware
Armored virus
3.2
Summarize various types of attacks.
Man-in-the-middle
DDoS
DoS
Replay
Smurf attack
Spoofing
Spam
Phishing
Spim
Vishing
Spear phishing
Xmas attack
Pharming
Privilege escalation
Malicious insider threat
DNS poisoning and ARP poisoning
Transitive access
Client-side attacks
Password attacks
o Brute force
o Dictionary attacks
o Hybrid
o Birthday attacks
o Rainbow tables
Typo squatting/URL hijacking
Watering hole attack
3.3
Summarize social engineering attacks and the associated
effectiveness with each attack.
2.14
4.6
5.4
6.3, 6.4
7.2, 7.3
9.1, 9.3, 9.4
4.6
Shoulder surfing
Dumpster diving
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
229
Tailgating
Impersonation
Hoaxes
Whaling
Vishing
Principles (reasons for effectiveness)
o Authority
o Intimidation
o Consensus/Social proof
o Scarcity
o Urgency
o Familiarity/liking
o Trust
3.4
Explain types of wireless attacks.
6.13
Rogue access points
Jamming/Interference
Evil twin
War driving
Bluejacking
Bluesnarfing
War chalking
IV attack
Packet sniffing
Near field communication
Replay attacks
WEP/WPA attacks
WPS attacks
3.5
Explain types of application attacks.
9.1, 9.2
Cross-site scripting
SQL injection
LDAP injection
XML injection
Directory traversal/command injection
Buffer overflow
Integer overflow
Zero-day
Cookies and attachments
LSO (Locally Shared Objects)
Flash Cookies
Malicious add-ons
Session hijacking
Header manipulation
Arbitrary code execution / remote code execution
3.6
Analyze a scenario and select the appropriate type of mitigation
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
5.1
230
and deterrent techniques.
Monitoring system logs
o Event logs
o Audit logs
o Security logs
o Access logs
Hardening
o Disabling unnecessary services
o Protecting management interfaces and
applications
o Password protection
o Disabling unnecessary accounts
Network security
o MAC limiting and filtering
o 802.1x
o Disabling unused interfaces and unused
application service ports
o Rogue machine detection
Security posture
o Initial baseline configuration
o Continuous security monitoring
o Remediation
Reporting
o Alarms
o Alerts
o Trends
Detection controls vs. prevention controls
o IDS vs. IPS
o Camera vs. guard
3.7
Given a scenario, use appropriate tools and techniques to discover
security threats and vulnerabilities.
Interpret results of security assessment tools
Tools
o Protocol analyzer
o Vulnerability scanner
o Honeypots
o Honeynets
o Port scanner
o Passive vs. active tools
o Banner grabbing
Risk calculations
o Threat vs. likelihood
Assessment types
o Risk
o Threat
o Vulnerability
Assessment technique
o Baseline reporting
o Code review
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
6.14
7.5, 7.6
8.2, 8.3, 8.6
9.6
11.1, 11.4
4.2, 4.4, 4.8
6.3, 6.4
7.6
8.3
9.6
11.1, 11.3
231
o
o
o
3.8
Determine attack surface
Review architecture
Review designs
Explain the proper use of penetration testing versus vulnerability
scanning.
11.1, 11.2,
11.4, 11.5
Penetration testing
o Verify a threat exists
o Bypass security controls
o Actively test security controls
o Exploiting vulnerabilities
Vulnerability scanning
o Passively testing security controls
o Identify vulnerability
o Identify lack of security controls
o Identify common misconfigurations
o Intrusive vs. non-intrusive
o Credentialed vs. non-credentialed
o False positive
Black box
White box
Gray box
4.0
Application, Data and Host Security
4.1
Explain the importance of application security controls and
techniques.
4.8
9.1, 9.6
Fuzzing
Secure coding concepts
o Error and exception handling
o Input validation
Cross-site scripting prevention
Cross-site Request Forgery (XSRF) prevention
Application configuration baseline (proper settings)
Application hardening
Application patch management
NoSQL databases vs. SQL databases
Server-side vs. Client-side validation
4.2
Summarize mobile security concepts and technologies.
5.4, 5.5
Device security
o Full device encryption
o Remote wiping
o Lockout
o Screen-locks
o GPS
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
232
o Application control
o Storage segmentation
o Asset tracking
o Inventory control
o Mobile device management
o Device access control
o Removable storage
o Disabling unused features
Application security
o Key management
o Credential management
o Authentication
o Geo-tagging
o Encryption
o Application whitelisting
o Transitive trust/authentication
BYOD concerns
o Data ownership
o Support ownership
o Patch management
o Antivirus management
o Forensics
o Privacy
o On-boarding/off-boarding
o Adherence to corporate policies
o User acceptance
o Architecture/infrastructure considerations
o Legal concerns
o Acceptable use policy
o On-board camera/video
4.3
Given a scenario, select the appropriate solution to establish host
security.
Operating system security and settings
OS hardening
Anti-malware
o Antivirus
o Anti-spam
o Anti-spyware
o Pop-up blockers
Patch management
White listing vs. black listing applications
Trusted OS
Host-based firewalls
Host-based intrusion detection
Hardware security
o Cable locks
o Safe
o Locking cabinets
Host software baselining
Virtualization
o Snapshots
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
2.10
4.7
5.2
6.5, 6.7
8.1, 8.3, 8.4
9.1, 9.4, 9.5
233
o
o
o
o
4.4
Patch compatibility
Host availability/elasticity
Security control testing
Sandboxing
Implement the appropriate controls to ensure data security.
Cloud storage
SAN
Handling Big Data
Data encryption
o Full disk
o Database
o Individual files
o Removable media
o Mobile devices
Hardware based encryption devices
o TPM
o HSM
o USB encryption
o Hard drive
Data in-transit, Data at-rest, Data in-use
Permissions/ACL
Data policies
o Wiping
o Disposing
o Retention
o Storage
4.5
Compare and contrast alternative methods to mitigate security
risks in static environments.
2.3
3.1, 3.6
4.1, 4.5
5.4
6.4, 6.13
7.7
8.5
9.6
10.3, 10.5
8.7
Environments
o SCADA
o Embedded (Printer, Smart TV, HVAC control)
o Android
o iOS
o Mainframe
o Game consoles
o In-vehicle computing systems
Methods
o Network segmentation
o Security layers
o Application firewalls
o Manual updates
o Firmware version control
o Wrappers
o Control redundancy and diversity
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
234
5.0
Access Control and Identity Management
5.1
Compare and contrast the function and purpose of authentication
services.
RADIUS
TACACS
TACACS+
Kerberos
LDAP
XTACACS
SAML
Secure LDAP
5.2
Given a scenario, select the appropriate authentication,
authorization, or access control.
Identification vs. authentication vs. authorization
Authorization
o Least privilege
o Separation of duties
o ACLs
o Mandatory access
o Discretionary access
o Rule-based access control
o Role-based access control
o Time of day restrictions
Authentication
o Tokens
o Common access card
o Smart card
o Multifactor authentication
o TOTP
o HOTP
o CHAP
o PAP
o Single sign-on
o Access control
o Implicit deny
o Trusted OS
Authentication factors
o Something you are
o Something you have
o Something you know
o Somewhere you are
o Something you do
Identification
o Biometrics
o Personal identification verification card
o Username
Federation
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
2.1, 2.13,
2.14
6.14
10.4
2.1, 2.2, 2.3,
2.4, 2.10,
2.11, 2.12,
2.13, 2.14
5.1
8.3, 8.4, 8.5
235
Transitive trust/authentication
5.3
Install and configure security controls when performing account
management, based on best practices.
Mitigates issues associated with users with multiple
accounts/roles and/or shared accounts
Account policy enforcement
o Credential management
o Group policy
o Password complexity
o Expiration
o Recovery
o Disablement
o Lockout
o Password history
o Password reuse
o Password length
o Generic account prohibition
Group based privileges
User assigned privileges
User access reviews
Continuous monitoring
6.0
Cryptography
6.1
Given a scenario, utilize general cryptography concepts.
2.3, 2.5, 2.6,
2.7, 2.8, 2.9,
2.10, 2.11
7.2
8.2, 8.4, 8.5
3.1, 3.2, 3.3,
3.4, 3.5, 3.6
Symmetric vs. asymmetric
Session keys
In-band vs. out-of-band key exchange
Fundamental differences and encryption methods
o Block vs. stream
Transport encryption
Non-repudiation
Hashing
Key escrow
Steganography
Digital signatures
Use of proven technologies
Elliptic curve and quantum cryptography
Ephemeral key
Perfect forward secrecy
6.2
Given a scenario, use appropriate cryptographic methods.
WEP vs. WPA/WPA2 and preshared key
MD5
SHA
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
2.13, 2.14
3.1, 3.2, 3.3,
3.4, 3.6
6.14
7.7
236
RIPEMD
AES
DES
3DES
HMAC
RSA
Diffie-Hellman
RC4
One-time-pads
NTLM
NTLMv2
Blowfish
PGP/GPG
TwoFish
DHE
ECDHE
CHAP
PAP
Comparative strengths of algorithms
Use of algorithms/protocols with transport encryption
o SSL
o TLS
o IPSec
o SSH
o HTTPS
Cipher suites
o Strong vs. weak ciphers
Key stretching
o PBKDF2
o Bcrypt
6.3
Given a scenario, use appropriate PKI, certificate management
and associated components.
9.3
10.3, 10.4
3.1, 3.4, 3.5
Certificate authorities and digital certificates
o CA
o CRLs
o OCSP
o CSR
PKI
Recovery agent
Public key
Private key
Registration
Key escrow
Trust models
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
237
Appendix E: (ISC)2 SSCP Objectives
The SSCP certification exam (2012 edition) covers 7 content domains as follows:
#
Domain
1.0
Access Control
1.1
Implement Logical Access Controls in Terms of Subjects.
Module.Section
2.1, 2.3, 2.6, 2.7, 2.8,
2.9, 2.10
Requirements for access controls
1.2
Implement Logical Access Controls in Terms of Objects.
2.1, 2.3, 2.6, 2.7, 2.8,
2.9, 2.10
Requirements for access controls
Object groups
1.3
Implement Authentication Mechanisms (e.g., single/multifactor authentication, single sign-on, offline authentication).
2.2
1.4
Apply Access Control Concepts (e.g., least privilege, and
separation of duties).
2.1
8.5
Discretionary Access Control (DAC)
Non-discretionary Access Control
1.5
Manage Internetwork Trust Architectures (e.g., extranet,
third party connections, federated access).
2.1
4.10
6.5
1.6
Implement identity management.
2.15
Provisioning
Maintenance
Entitlement
1.7
Understand basic security concepts related to cloud
computing (e.g., virtualization, data control, storage,
privacy, compliance).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
9.5, 10.5
238
2.0
Security Operations & Administration
2.1
Adhere to Code of Ethics.
4.9
Understand and comply with (ISC)2 code of ethics
Understand and comply with the organizational code of ethics
2.2
Perform Security Administrative Duties.
Maintain adherence to security policies, baselines, standards,
and procedures
Validate security controls
Data classification (e.g., control, handling, categorization)
Asset Management (e.g., hardware, software, data)
Develop and maintain systems and security control
documentation
2.3
Perform Change Management Duties.
Assist with the implementation of Configuration Management
Plan
Understand the impact of changes to the environment
Test patches, fixes and updates (e.g., operating systems,
application, SDLC)
2.4
Provide security evaluation and assistance to the organization (e.g.,
product evaluation, data flow management).
4.1, 4.2,
4.9
5.2
4.1
5.3
8.3
4.1, 4.7,
4.8
Support certification and accreditation (i.e., security
authorization)
2.5
Participate in Security Awareness Education.
2.6
Assess the information communication technology infrastructure using
appropriate tools (e.g., discovery, security).
4.1
11.1,
11.2,
11.3
Understand the impact of security testing
2.7
Understand the concepts of endpoint device security (e.g.,
virtualization, thin clients, thick clients, USB devices, mobile devices).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
5.4
9.5
10.5
239
2.8
Comply with data management policies (e.g., storage media (paper or
electronic), transmission archiving, retention requirements, destruction,
duplication, data loss prevention, social network usage, information
rights management (IRM)).
4.1
10.2
2.9
Understand security concepts (e.g., confidentiality, integrity, availability,
privacy).
1.1
3.0
Monitoring and Analysis
3.1
Maintain Effective Monitoring Systems (e.g., continuous monitoring).
Monitor Intrusion Detection/Prevention Systems
Monitor event correlation systems (e.g., SIM, SEM, SIEM)
Review systems for unauthorized changes (i.e., file integrity
checkers, honeypots, unauthorized connections)
Monitor deviations from normal activity (e.g., white lists, anomaly
detection, profiling)
Install and configure agents and management systems
3.2
Analyze Monitoring Results (e.g., review and analysis of log and reports,
false positives, communicate findings).
4.0
Risk, Response, and Recovery
4.1
Understand Risk Management Process.
7.6
11.4,
11.5
7.6
11.4,
11.5
4.4
10.1
Understand risk management concepts (e.g., impacts, threats,
vulnerabilities)
Participate in risk assessment
Support mitigation activity (e.g., safeguards, countermeasures)
Address audit findings
4.2
Perform Security Assessment Activities.
Scan for vulnerabilities
Participate in penetration testing
Review security configurations of infrastructure
Interpret results of scanning and testing
4.3
Participate in incident handling analysis.
5.1
8.6
11.1,
11.2
4.5
Understand the concepts of incident handling (e.g., discovery,
escalation, reporting)
Understand the concept of forensic investigations (e.g., first
responder, evidence handling, chain of custody, preservation of
scene)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
240
Participate in the implementation of countermeasures
4.4
Understand and Support Business Continuity Plan (BCP) and Disaster
Recovery Plan (DRP).
4.3
Understand the Components of a Business Continuity Plan
(BCP)
Understand and support Disaster Recovery Plan (DRP)
5.0
Cryptography
5.1
Understand basic concepts of Cryptography (e.g., hashing, encryption
mechanisms, performance).
3.1,
3.2, 3.3
Install and maintain cryptographic systems
5.2
Understand Requirements for Cryptography (e.g., data sensitivity,
regulatory requirements, end-user training).
5.3
Support Certificate and Key Management.
3.1,
4.7,
10.4
3.1, 3.5
Understand basic key management concepts (e.g., public key
infrastructure)
Administration and validation (e.g., key creation, exchange,
revocation, escrow)
5.4
Understand the use of Secure Protocols (e.g., difference in
implementation, appropriate use).
3.6
9.3
10.4
Support the implementation of secure protocols (e.g., IPSec,
SSL/TLS, S/MIME)
6.0
Networks and Communications
6.1
Understand Security issues related to Networks.
OSI and TCP/IP Models
Network topographies and relationships (e.g., token ring, star,
bus, Ethernet)
Commonly use ports and protocols
Admission control (e.g., NAC, remediation, quarantine)
Network security concepts (e.g., address translation, defense in
depth, IP addressing)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
6.1,
6.2,
6.5,
6.11
241
6.2
Understand Telecommunications.
5.6
Technology (e.g., VoIP, facsimile, PSTN)
Common Vulnerabilities
6.3
Understand Remote Access.
2.13
6.9
Technology (e.g., think client, SSL/VPN)
Common Vulnerabilities
6.4
Understand Firewalls & Proxies.
6.5
6.7
Methods (e.g., application filtering, packet filtering,
stateful/stateless inspection)
Types (e.g., host based, network based)
Common Vulnerabilities
6.5
Understand Wireless and Cellular Technologies.
6.13,
6.14
Protocols (e.g., WPA, WPA2, TKIP)
Technology (e.g., Bluetooth, RFID, 802.11, WiMax, GSM, 3G,
NFC)
Common Vulnerabilities
7.0
Malicious Code and Attacks
7.1
Identify Malicious Code (e.g., virus, worms, Trojan horses, logic bombs).
8.1
9.1, 9.3
Understand the concepts of rootkits
Understand types of malware (e.g., spyware, scareware,
ransomware)
Understand the concepts of Trapdoors & Backdoors
Understand the concepts of Botnets
Understand the concepts of Mobile Code
7.2
Implement Malicious Code Countermeasures.
Scanners (e.g., heuristic, integrity checker, signatures)
Deploy and manage anti-malware
Containment & Remediation
Software Security (e.g., code signing, application review, server
side input validation)
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
7.6
8.1
9.4
242
7.3
Identify Malicious Activity (e.g., social engineering, insider threat, data theft,
DDoS, spoofing, phishing, pharming, spam).
Understand malicious Web activity (e.g., cross site scripting, cross
site request forgery, injection, social networking attacks)
Understand the concept of zero day exploits
Understand the concept of Advanced Persistent Threat (APT)
7.4
Implement Malicious Activity Countermeasures (e.g., user awareness,
system hardening).
©2014 TestOut Corporation (Rev 11/14)
LabSim Security Pro (Updated 2014)
4.6
6.3,
6.4
8.1
9.1,
9.3
8.1,
9.1
243
Download