Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Pro Exam Objectives (9 - Audits and Assessments (9.1 Implement…
Security Pro Exam Objectives
3 - Physical Security
3.2 Harden Mobile Devices (iPad)
Set Autolock
Enable passcodes
Apply updates
Configure network security settings
3.3 Harden Mobile Devices (Laptop)
Set a login password
Implement full disk encryption
Set a BIOS password
3.1 Harden Data Center Physical Access
Use visitor identification and control
Protect doors and windows
Implement access rosters
Implement physical intrusion detection systems
1 - Access Control and Identity Management
1.2 Harden Authentication
Configure the Domain GPO to enforce User Account Control
Configure a GPO for smart card authentication for sensitive resources
Disable or rename default accounts, such as Guest and Administrator
Configure secure remote access
Configure the Domain GPO to control local administrator group membership and administrator password
Implement centralized authentication
Configure Domain GPO Account Policy to enforce a robust password policy
1.3 Manage Certificates
Approve, deny, and revoke certificate requests
Configure Domain GPO Kerberos settings
1.1 Create, Modify and Delete User Profiles
Manage Linux Users and Groups
Lock and unlock user accounts
Change a user's password
Assign users to appropriate groups
Create, rename and delete users and groups
Configure password aging
Manage Windows Local Users and Groups
Restrict use of local user accounts
Manage Domain Users and Groups
Assign users to appropriate groups
Lock and unlock user accounts
Create, rename and delete users and groups
Change a user's password
Restrict use of Common Access Accounts
2 - Policies Procedures and Awareness
2.2 Evaluate Information Risk
Perform risk calculation
Risk avoidance, transference, acceptance, mitigation, and deterrence
2.3 Maintain Hardware and Software Inventory
2.1 Promote Information Security Awareness
Using SSL encryption
Using email best practices
Using social networking sites
Password management
Storing personal information on the internet
Photo/GPS integration
Exchanging content between home and work
Information security
Traveling with Personal Mobile Devices
Auto-lock and passcode lock
4 - Perimeter Defenses (Network)
4.1 Harden the Network Perimeter (Using a Cisco Network Security Appliance)
Create a DMZ
Configure NAT
Configure a firewall
Configure VPN
Change the default user name and password
Implement web threat protection
4.2 Secure Wireless Devices and Clients
Implement WPA2
Configure enhanced security
SSID cloaking
Power control
MAC filtering
Change the default user name, password, and administration limits
Disable Network Discovery
6 - Host Defenses
6.2 Implement Patch Management/System Updates
Apply the latest Apple software updates
Configure Windows Update
6.3 Perform System Backup and Recovery
6.1 Harden Computer Systems Against Attack
Configure Domain Servers GPO to remove unneeded services (such as file and printer sharing)
Protect against spyware and unwanted software using Windows Defender
Configure Domain GPO to enforce Windows Firewall use
Configure NTFS permissions for secure file sharing
Configure a GPO to enforce workstation/server security settings
8 - Data Defenses
8.1 Protect and Maintain the Integrity of Data Files
Perform data backups and recovery
Implement redundancy and failover mechanisms
Implement encryption technologies
8.2 Protect Data Transmissions Across Open, Public Networks
Implement secure protocols
Remove unsecure protocols
Encrypt data communications
7 - Application Defenses
7.1 Implement Application Defenses
Configure parental controls to enforce web content filtering
Configure web application security
Configure secure browser settings
Enable Data Execution Prevention (DEP)
Configure secure email settings
Configure a GPO for application whitelisting
Configure virtual machines and switches
Configure a GPO to enforce Internet Explorer settings
7.2 Implement Patch Management/Software Updates
Configure Microsoft Update
5 - Network Defenses
5.1 Harden Network Devices (Using Cisco Small Business Switch)
Remove unsecure protocols (FTP, telnet, rlogin, rsh)
Implement access lists, deny everything else
Implement port security
Run latest iOS version
Shut down unnecessary services and ports
Turn on logging with timestamps
Use secure passwords
Segment traffic using VLANs
Change the default user name and password on network devices
5.2 Implement Intrusion Detection/Prevention (Using a Cisco Security Appliance)
Apply IPS signature updates
Configure IPS policy
Enable IPS protection for a LAN and DMZ
9 - Audits and Assessments
9.2 Review Security Logs and Violation Reports, Implement Remediation
9.3 Review Audit Reports, Implement Remediation
9.1 Implement Logging and Auditing
Configure Domain GPO audit policy
Configure Domain GPO for event logging
9.4 Review Vulnerability Reports, Implement Remediation