ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

سرفصل های دوره

This course provides an in-depth exploration of the ISC2 Systems Security Certified Practitioner (SSCP) exam domains, equipping you with the cybersecurity skills you need to tackle the official exam. Instructor Mike Chapple covers the seven core domains of the exam: Security Concepts and Practices; Access Controls; Risk Identification, Monitoring, and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security. Ideal for experienced cybersecurity and cloud computing professionals tasked with managing and mitigating security risks, this course is designed to help prepare you for the SSCP exam.

01 - Introduction

01 - Earning your SSCP

02 - 1. The SSCP Exam

01 - The SSCP exam

02 - Is the SSCP right for you

03 - Careers in information security

04 - Value of certification

05 - Study resources

03 - 2. Inside the SSCP Exam

01 - Registering for the exam

02 - Exam environment

03 - Question types

04 - Passing the SSCP exam

04 - 3. Preparing for the Exam

01 - Exam tips

02 - Meeting the experience requirement

03 - Continuing education requirements

05 - 4. Domain 1 Security Concepts and Practices

01 - Overview of the Security Concepts and Practices Domain

06 - 5. Security Concepts

01 - The goals of information security

02 - Confidentiality

03 - Integrity

04 - Availability

05 - Accountability

06 - Need to know and least privilege

07 - Segregation of duties (SoD)

08 - Privacy compliance

09 - Employee privacy

10 - Ethics

07 - 6. Resource Security

01 - Physical asset management

02 - Software licensing

03 - Change and configuration management

08 - 7. Data Security

01 - Understanding data security

02 - Data security policies

03 - Data security roles

04 - Limiting data collection

05 - The data lifecycle

09 - 8. Security Standards

01 - Developing security baselines

02 - Leveraging industry standards

03 - Customizing security standards

10 - 9. Security Controls

01 - Security control selection and implementation

02 - Control and risk frameworks

03 - Security policy framework

04 - DevOps and DevSecOps

11 - 10. Assessing Security Controls

01 - Collect security process data

02 - Management review

03 - Security metrics

04 - Audits and assessments

05 - Control management

12 - 11. Awareness and Training

01 - Security awareness and training

02 - Compliance training

03 - User habits

04 - Social engineering

05 - Measuring compliance and security posture

13 - 12. Physical Security

01 - Site and facility design

02 - Data center environmental controls

03 - Data center environmental protection

04 - Physical access control

05 - Visitor management

14 - 13. Domain 2 Access Controls

01 - Overview of the Access Controls Domain

15 - 14. Identity and Access Management

01 - Access controls

02 - Identification, authentication, and authorization

16 - 15. Identification

01 - Usernames and access cards

02 - Biometrics

03 - Registration and identity proofing

17 - 16. Authentication

01 - Authentication factors

02 - Multifactor authentication

03 - Something you have

04 - Password authentication protocols

05 - SSO and federation

06 - Internetwork trust architectures

07 - Third-party connections

08 - Zero-trust network architectures

09 - SAML

10 - OAuth and OpenID Connect

11 - Device authentication

18 - 17. Identity Management Lifecycle

01 - Understand account and privilege management

02 - Account policies

03 - Password policies

04 - Manage roles

05 - Monitoring, reporting, and maintenance

06 - Provisioning and deprovisioning

19 - 18. Authorization

01 - Understand authorization

02 - Mandatory access controls

03 - Discretionary access controls

04 - Access control lists

05 - Advanced authorization concepts

20 - 19. Domain 3 Risk Identification, Monitoring, and Analysis

01 - Overview of the Risk Identification, Monitoring, and Analysis Domain

21 - 20. Risk Management

01 - Risk assessment

02 - Quantitative risk assessment

03 - Risk management

04 - Ongoing risk management

05 - Risk management frameworks

06 - Risk visibility and reporting

22 - 21. Threat Modeling

01 - Threat intelligence

02 - Managing threat indicators

03 - Intelligence sharing

04 - Identifying threats

05 - Automating threat intelligence

06 - Threat hunting

07 - MITRE ATT&CK

23 - 22. Understanding Vulnerability Types

01 - Vulnerability impacts

02 - Supply chain vulnerabilities

03 - Configuration vulnerabilities

04 - Architectural vulnerabilities

24 - 23. Vulnerability Scanning

01 - What is vulnerability management

02 - Identifying scan targets

03 - Scan configuration

04 - Scan perspective

05 - SCAP

06 - CVSS

07 - Interpreting CVSS scores

08 - Analyzing scan reports

09 - Correlating scan results

25 - 24. Legal and Regulatory Concerns

01 - Legal and compliance risks

02 - Legal definitions

03 - Data privacy

04 - Data breaches

26 - 25. Security Monitoring

01 - Monitoring log files

02 - Security information and event management

03 - Continuous security monitoring

04 - Visualization and reporting

05 - Compliance monitoring

06 - Legal and ethical issues in monitoring

27 - 26. Domain 4 Incident Response and Recovery

01 - Overview of the Incident Response and Recovery Domain

28 - 27. Incident Management

01 - Build an incident response program

02 - Creating an incident response team

03 - Incident communications plan

04 - Incident detection

05 - Escalation and notification

06 - Mitigation

07 - Containment techniques

08 - Incident eradication and recovery

09 - Validation

10 - Post-incident activities

11 - Incident response exercises

29 - 28. Investigations and Forensics

01 - Conducting investigations

02 - Evidence types

03 - Introduction to forensics

04 - System and file forensics

05 - Network forensics

06 - Software forensics

07 - Mobile device forensics

08 - Embedded device forensics

09 - Chain of custody

10 - Reporting and documenting incidents

11 - Electronic discovery (ediscovery)

30 - 29. Business Continuity

01 - Business continuity planning

02 - Business continuity controls

03 - High availability and fault tolerance

31 - 30. Disaster Recovery

01 - Disaster recovery planning

02 - Backups

03 - Restoring backups

04 - Disaster recovery sites

05 - Testing BCDR plans

06 - After action reports

32 - 31. Emergency Response

01 - Building an emergency response plan

33 - 32. Domain 5 Cryptography

01 - Overview of the Cryptography Domain

34 - 33. Encryption

01 - Understanding encryption

02 - Symmetric and asymmetric cryptography

03 - Goals of cryptography

04 - Codes and ciphers

05 - Choosing encryption algorithms

06 - The perfect encryption algorithm

07 - The cryptographic lifecycle

35 - 34. Symmetric Cryptography

01 - Data encryption standard

02 - 3DES

03 - AES, Blowfish, and Twofish

04 - RC4

05 - Steganography

36 - 35. Asymmetric Cryptography

01 - Rivest-Shamir-Adleman (RSA)

02 - PGP and GnuPG

03 - Elliptic curve and quantum cryptography

37 - 36. Key Management

01 - Cryptographic key security

02 - Key exchange

03 - Diffie-Hellman

04 - Key escrow

05 - Key stretching

38 - 37. Public Key Infrastructure

01 - Trust models

02 - PKI and digital certificates

03 - Hash functions

04 - Digital signatures

05 - Create a digital certificate

06 - Revoke a digital certificate

07 - Certificate stapling

08 - Certificate authorities

09 - Certificate subjects

10 - Certificate types

11 - Certificate formats

39 - 38. Transport Encryption

01 - TLS and SSL

02 - IPSec

03 - Securing common protocols

04 - DKIM

05 - Tor and perfect forward secrecy

06 - Blockchain

40 - 39. Cryptanalytic Attacks

01 - Brute-force attacks

02 - Knowledge-based attacks

03 - Limitations of encryption algorithms

41 - 40. Domain 6 Network and Communications Security

01 - Overview of the Network and Communications Security Domain

42 - 41. TCPIP Networking

01 - Introducing TCPIP

02 - IP addressing and DHCP

03 - Domain Name System (DNS)

04 - Network ports

05 - ICMP

06 - Network topologies

07 - Network relationships

43 - 42. Network Security Devices

01 - Routers, switches, and bridges

02 - Firewalls

03 - Proxy servers

04 - Load balancers

05 - VPNs and VPN concentrators

06 - Network intrusion detection and prevention

07 - Protocol analyzers

08 - Content distribution networks

09 - Traffic shaping and WAN optimization

10 - Unified threat management

44 - 43. Secure Network Design

01 - Public and private addressing

02 - Subnetting

03 - Security zones

04 - VLANs and network segmentation

05 - Security device placement

06 - Software-defined networking (SDN)

07 - Transmission media

45 - 44. Network Security Technologies

01 - Restricting network access

02 - Network access control

03 - RADIUS and TACACS

04 - Firewall rule management

05 - Router configuration security

06 - Switch configuration security

07 - Maintaining network availability

08 - Network monitoring

09 - SNMP

10 - Isolating sensitive systems

46 - 45. Remote Network Access

01 - Remote network access

02 - Desktop and application virtualization

47 - 46. Wireless Networking

01 - Understanding wireless networking

02 - Wireless encryption

03 - Wireless authentication

04 - Wireless signal propagation

05 - Wireless networking equipment

48 - 47. Network Attacks

01 - Denial of service attacks

02 - Eavesdropping attacks

03 - DNS attacks

04 - Layer 2 attacks

05 - Network address spoofing

06 - Wireless attacks

07 - Propagation attacks

08 - Preventing rogues and evil twins

09 - Disassociation attacks

10 - Understanding Bluetooth and NFC attacks

49 - 48. Domain 7 Systems and Application Security

01 - Overview of the Systems and Application Security Domain

50 - 49. Malware

01 - Comparing viruses, worms, and trojans

02 - Malware payloads

03 - Understanding backdoors and logic bombs

04 - Looking at advanced malware

05 - Understanding botnets

06 - Code signing

51 - 50. Understanding Attackers

01 - Cybersecurity adversaries

02 - Preventing insider threats

03 - Attack vectors

04 - Zero-days and the Advanced Persistent Threat

52 - 51. Social Engineering Attacks

01 - Social engineering

02 - Impersonation attacks

03 - Identity fraud and pretexting

04 - Watering hole attacks

05 - Physical social engineering

53 - 52. Web Application Attacks

01 - OWASP Top Ten

02 - Application security

03 - Preventing SQL injection

04 - Understanding cross-site scripting

05 - Request forgery

06 - Defending against directory traversal

07 - Overflow attacks

08 - Explaining cookies and attachments

09 - Session hijacking

10 - Code execution attacks

54 - 53. Host Security

01 - Operating system security

02 - Malware prevention

03 - Application management

04 - Host-based network security controls

05 - File integrity monitoring

06 - Data loss prevention

07 - Endpoint monitoring

55 - 54. Hardware Security

01 - Hardware encryption

02 - Hardware and firmware security

03 - Peripheral security

56 - 55. Mobile Device Security

01 - Mobile connection methods

02 - Mobile device security

03 - Mobile device management

04 - Mobile device tracking

05 - Mobile application management

06 - Mobile security enforcement

07 - Bring Your Own Device (BYOD)

08 - Mobile deployment models

57 - 56. Embedded Systems Security

01 - Industrial control systems

02 - Internet of Things

03 - Securing smart devices

04 - Secure networking for smart devices

58 - 57. Cloud Computing

01 - What is the cloud

02 - Cloud activities and the Cloud Reference Architecture

03 - Cloud deployment models

04 - Cloud service categories

05 - Virtualization

06 - Cloud compute resources

07 - Cloud storage

08 - Containers

59 - 58. Cloud Issues

01 - Security and privacy concerns in the cloud

02 - Data sovereignty

03 - Cloud access security brokers

04 - Operational concerns in the cloud

60 - Conclusion

01 - Preparing for the exam

139,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)