Security Pro Objectives
 

TestOut Security Pro Exam Objectives

Access Control and Identity Management

  • Create, modify, and delete user profiles
    • Manage Windows Local and Domain Users and Groups
    • Manage Linux Users and Groups
    • Restrict use of common access accounts
  • Harden Authentication
    • Configure Domain GPO Account Policy to enforce a robust password policy
    • Configure the Domain GPO to control local administrator group membership and Administrator password
    • Disable or rename default accounts such as Guest and Administrator
    • Configure the Domain GPO to enforce User Account Control
    • Configure a GPO for Smart Card authentication for sensitive resources
    • Configure secure Remote Access
    • Implement centralized authentication
  • Manage Certificates
    • Approve, deny, and revoke certificate requests
    • Configure Domain GPO Kerberos Settings

Policies, Procedures, and Awareness

  • Promote Information Security Awareness
    • Traveling with Personal Mobile Devices
    • Exchanging content between Home and Work
    • Storing of Personal Information on the Internet
    • Using Social Networking Sites
    • Using SSL Encryption
    • Utilizing E-mail best practices
    • Password Management
    • Photo/GPS Integration
    • Information Security
    • Auto-lock and Passcode Lock
  • Evaluate Information Risk
    • Perform Risk calculation
    • Risk avoidance, transference, acceptance, mitigation, and deterrence
  • Maintain Hardware and Software Inventory

Physical Security

  • Harden Data Center Physical Access
    • Implement Access Rosters
    • Utiliza Visitor Identification and control
    • Protect Doors and Windows
    • Implement Physical Intrusion Detection Systems
  • Harden mobile devices (iPad)
    • Apply updates
    • Set Autolock
    • Enable passcodes
    • Configure network security settings
  • Harden mobile devices (Laptop)
    • Set a BIOS Password
    • Set a Login Password
    • Implement full disk encryption

Perimeter Defenses

  • Harden the Network Perimeter (using a Cisco Network Security Appliance)
    • Change the Default Username and Password
    • Configure a Firewall
    • Create a DMZ
    • Configure NAT
    • Configure VPN
    • Implement Web Threat Protection
  • Secure Wireless Devices and Clients
    • Change the Default Username, Password, and Administration limits
    • Implement WPA2
    • Configure Enhanced Security
    • Disable Network Discovery

Network Defenses

  • Harden Network Devices (using a Cisco Small Business Switch)
    • Change the Default Username and Password on network devices
    • Use secure passwords
    • Shut down unneeded services and ports
    • Implement Port Security
    • Remove unsecure protocols (FTP, telnet, rlogin, rsh)
    • Implement access lists, deny everything else
    • Run latest iOS version
    • Turn on logging with timestamps
    • Segment Traffic using VLANs
  • Implement Intrusion Detection/Prevention (using a Cisco Network Security Appliance)
    • Enable IPS protection for a LAN and DMZ
    • Apply IPS Signature Updates
    • Configure IPS Policy

Host Defenses

  • Harden Computer Systems Against Attack
    • Configure a GPO to enforce Workstation/Server security settings
    • Configure Domain GPO to enforce use of Windows Firewall
    • Configure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing)
    • Protect against spyware and unwanted software using Windows Defender
    • Configure NTFS Permissions for Secure file sharing
  • Implement Patch Management/System Updates
    • Configure Windows Update
    • Apply the latest Apple Software Updates
  • Perform System Backups and Recovery

Application Defenses

  • Implement Application Defenses
    • Configure a GPO to enforce Internet Explorer settings
    • Configure a GPO for Application Whitelisting
    • Enable Data Execution Prevention (DEP)
    • Configure Web Application Security
    • Configure Parental Controls to enforce Web content filtering
    • Configure Secure Browser Settings
    • Configure Secure E-mail Settings
    • Configure virtual machines and switches
  • Implement Patch Management/Software Updates
    • Configure Microsoft Update

Data Defenses

  • Protect and maintain the integrity of data files
    • Implement encryption technologies
    • Perform data backups and recovery
    • Implement redundancy and failover mechanisms
  • Protect Data Transmissions across open, public networks
    • Encrypt Data Communications
    • Implement secure protocols
    • Remove unsecure protocols

Audits and Assessments

  • Implement Logging and Auditing
    • Configure Domain GPO Audit Policy
    • Configure Domain GPO for Event Logging
  • Review security logs and violation reports, implement remediation
  • Review audit reports, implement remediation
  • Review vulnerability reports, implement remediation
Explore TestOut Pro Certifications