Cyber Security Training

Introduction to the CompTIA Security+ Exam

• The six domains of knowledge
• Expected level of expertise
• Assessing initial readiness

Threats, Attacks and Vulnerabilities

• Compare and contrast types of attacks
• Explore threat actor types and attributes
• Explain penetration testing and vulnerability scanning concepts
• Explore the impacts associated with vulnerability types

Technologies and Tools

• Install and configure network components
• Use software tools to assess the security posture
• Analyze and interpret output from security technologies
• Implement secure protocols

Architecture and Design

• Explain use cases and purpose for frameworks
• Implement secure network architecture concepts
• Implement secure systems design
• Explain secure application development and deployment concepts
• Summarize cloud and virtualization concepts
• Reduce risk with resiliency and automation strategies

Identify and Access Management

• Compare and contrast identify and access management concepts
• Install and configure identity and access services
• Implement identity and access management controls
• Differentiate common account management practices

Risk Management

• Explain the importance of policies, plans and procedures
• Summarize business impact analysis concepts
• Explore risk management processes and concepts
• Follow incident response procedures
• Carry out data security and privacy practices

CISSP

Introduction to CISSP

• CISSP
• About ISC
• CISSP Domains
• Why CISSP?
• How to Certify?
• About CISSP Exam

Security & Risk Management

• Information Security Management
• Confidentiality, Integrity, and Availability (CIA)
• Security Policy Implementation
• Information Risk Analysis and Risk Management
• Managing Personnel Security and Managing Security Function
• Computer crime
• Major legal systems
• Intellectual Property (IP) law
• US Privacy laws and EU Council Directive (Law) on Data Protection
• BCP process

Asset Security

• Classify information and supporting assets
• Determine and maintain ownership
• Protect Privacy
• Ensure appropriate retention
• Establish handling requirements

Security Engineering

• Understand security engineering processes using secure design principles
• Architecture Frameworks
• Security Models
• Evaluation Criteria
• Enterprise and System Security Architecture
• Distributed Systems
• System Security Threats and identify Countermeasures
• Cryptography
• Physical security

Communications & Network Security

• Secure network architecture and design
• Securing network components
• Secure communication channels
• Network Attacks and Countermeasures

Identity & Access Management

• Controlling physical and logical access to assets
• Identification and authentication of people and devices
• Integrate identity as a service and third-party identity services
• Implement and manage authorization mechanisms
• Prevent or mitigate access control attacks
• Manage the identity and access provisioning lifecycle

Security Assessment & Testing

• Design and validate assessment and test strategies
• Conduct security control testing
• Collect security process data
• Analyze and report test output
• Conduct or facilitate internal and third-party audits

Security Operations

• Understand and support investigations
• Understand the requirements for investigation types
• Conduct logging and monitoring activities
• Secure the provisioning of resources
• Understand and apply foundational security operations concepts
• Employ resource protection techniques
• Conduct incident response
• Operate and maintain preventative measures
• Implement and support patch and vulnerability management
• Participate in and understand change management processes
• Implement recovery strategies. Implement disaster recovery processes

Software Development Security

• Recognize the importance of system environments and programming concepts
• Discuss Object-Oriented Programming
• Describe the system life cycle and systems development
• Explain database and data warehousing environments
• List the ten best practices for secure software development – ISC

CISA

The Process of Auditing Information Systems

• Task Statements
• Knowledge Statements
• Executive Misconduct and Relevant Regulations
• Regulatory Objectives and Assessing Threats and Vulnerabilities
• Leadership through Governance
• Understanding Policies, Standards, Guidelines and Procedures
• Understanding Professional Ethics
• Understanding the Purpose of an Audit
• Implementing Audit Standards
• The Executive Position of Auditor
• Understanding the Corporate Organizational Structure
• Exam Essentials

Governance & Management of IT

• Task Statements and Knowledge Statements
• Managing IT Governance
• Tactical Management
• Business Process Re-engineering
• Operations Management
• Exam Essentials

Information Systems Acquisition, Development, and Implementation

• Task Statements and Knowledge Statements
• Audit Process
• Performing the Audit
• Gathering Audit Evidence
• Conducting Audit Evidence Testing
• Report Findings and Conduct Follow-Up

Information Systems Operation, Maintenance, and Support

• Task Statements and Knowledge Statements
• System Implementation and Operations
• Understanding IT Services
• IT Operations Management
• Administrative Protection
• Problem Management
• Monitoring Controls Status
• Implementing Physical Protection
• Exam Essentials

Protection and Information Assets

• Protection of Information Assets
• Technical Protection

CISM

Information Security Governance

• An Introduction to Information Security Governance
• The Role of Information Security within an Organization
• Confidentiality, Integrity and Availability: The C-I-A Triad
• Information Security Governance
• Secure Network Design Concepts
• Securing the Local Area Network (LAN)
• Access Control Models
• Cryptography
• Hybrid Cryptography in SSL/TLS
• Digital Certificates
• Information Security Governance and the Law
• Export/Import Restrictions

Risk Management

• An Overview of Risk Management
• Risk Related Definitions
• The NIST 800-30 of Risk Assessment
• Additional Risk Terms

Security Architecture

• An Overview of Information Security Program Management
• Security Models
• Evaluation Criteria
• Additional Evaluation Criteria
• Technical Project Management

Information Security Management

• An Overview of Information Security Management
• Service Level Agreements
• Configuration Management and Change Control
• Monitoring and Auditing

Incident Response & Business Continuity

• An Overview of Incident Response and Business Continuity
• Intrusion Detection Systems
• Security Incident Response
• Business Continuity and Disaster Recovery
• Business Continuity Sub-Plans
• Recovery strategies

CRISC

• Risk identification
• IT risk assessment
• Risk response
• Risk control, monitoring, and reporting

Security Concepts

• Threatscape
• Threat defence technologies
• Security policy and basic security architectures
• Cryptographic technologies

Secure Network Devices

• Implementing AAA
• Management protocols and systems
• Securing the control plane
• Layer 2 Security
• Securing Layer 2 infrastructures
• Securing Layer 2 protocols

Firewall

• Firewall technologies
• Introducing the Cisco ASA v9.2
• Cisco ASA access control and service policies
• Cisco IOS zone-based firewall

VPN

• IPsec technologies
• Site-to-site VPN
• Client-based remote access VPN
• Clientless remote access VPN

Advanced Topics

• Intrusion detection and protection
• Endpoint protection
• Content security
• Advanced network security architectures

varoit offers advanced Cyber Security interview questions and answers along with Cyber Security resume samples. Take a free sample practice test before appearing in the certification to improve your chances of scoring high.