課程名稱:CompTIA SecurityX 國際認可證書課程 - 簡稱:SecurityX Training Course
1. Designing a Secure Network Architecture
1.1 Physical, virtual network and security devices
1.1.1 OSI model
1.1.2 Unified threat management
1.1.3 IDS/IPS
1.1.4 Network IDS versus NIPS
1.1.5 Wireless IPS
1.1.6 Inline Encryptors
1.1.7 Network access control
1.1.8 SIEM
1.1.9 Switches
1.1.10 Firewalls
1.1.11 Routers
1.1.12 Proxy
1.1.13 Network address translation gateway
1.1.14 Load balancer
1.1.15 Hardware security module
1.2 Application- and protocol-aware technologies
1.2.1 DLP
1.2.2 WAF
1.2.3 Database activity monitoring
1.2.4 Spam filter
1.2.5 Advanced network design
1.2.6 Remote access
1.2.7 VPN
1.2.8 IPsec
1.2.9 SSH
1.2.10 Remote Desktop Protocol
1.2.11 Virtual Network Computing
1.2.12 Reverse proxy
1.2.13 Network authentication methods
1.2.14 Placement of hardware and applications
1.3 Network management and monitoring tools
1.3.1 Alert definitions and rule writing
1.3.2 Advanced configuration of network devices
1.3.3 Transport security
1.3.4 Port security
1.3.5 Route protection
1.3.6 Distributed DoS protection
1.3.7 Remotely triggered black hole
1.4 Security zones
1.4.1 DMZ
1.4.2 Zero Trust Architecture
2. Integrating Software Applications into the Enterprise
2.1 Integrating security into the development life cycle
2.1.1 Systems development life cycle
2.1.2 Development approaches
2.1.3 Versioning
2.2 Software assurance
2.2.1 Sandboxing/development environment
2.2.2 Validating third-party libraries
2.2.3 SecDevOps
2.2.4 Defining the DevOps pipeline
2.3 Baseline and templates
2.3.1 Secure coding standards
2.3.2 Application vetting processes
2.3.3 Hypertext Transfer Protocol
2.3.4 (HTTP) headers
2.3.5 Application Programming Interface (API) management
2.4 Considerations when integrating enterprise applications
2.4.1 Customer relationship management (CRM)
2.4.2 Enterprise resource planning (ERP)
2.4.3 Configuration Management Database (CMDB)
2.4.4 Content management systems
2.5 Integration enablers
2.5.1 Directory services
2.5.2 Domain name system
2.5.3 Service-oriented architecture
2.5.4 Enterprise service bus
3. Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
3.1 Implementing data loss prevention
3.1.1 Blocking the use of external media
3.1.2 Print blocking
3.1.3 Remote Desktop Protocol blocking
3.2 Implementing data loss detection
3.2.1 Watermarking
3.2.2 Digital rights management
3.2.3 Network traffic decryption/deep packet inspection
3.2.4 Network traffic analysis
3.3 Enabling data protection
3.3.1 Data classification
3.3.2 Metadata/attributes
3.3.3 Obfuscation
3.3.4 Anonymization
3.3.5 Encrypted versus unencrypted
3.3.6 Data life cycle
3.3.7 Data inventory and mapping
3.3.8 Data integrity management
3.3.9 Data storage, backup, and recovery
3.3.10 Redundant array of inexpensive disks
3.4 Implementing secure cloud and virtualization solutions
3.4.1 Virtualization strategies
3.4.2 Security considerations for virtualization
3.5 Investigating cloud deployment models
3.5.1 Deployment models and considerations
3.5.2 Private cloud
3.5.3 Public cloud
3.5.4 Hybrid cloud
3.5.5 Hosting models
3.5.6 Service models
3.5.7 Software as a service
3.5.8 Platform as a service
3.5.9 Infrastructure as a service
3.5.10 Cloud provider limitations
3.5.11 Cloud Access Security Broker (CASB)
3.5.12 API Security in Cloud Environments
3.5.13 Shared Responsibility Model
3.6 Extending appropriate on-premises controls
3.6.1 Micro-segmentation
3.6.2 Jump box
3.6.3 Examining cloud storage models
3.6.4 File-based storage
3.6.5 Database storage
3.6.6 Block storage
3.6.7 Blob storage
3.6.8 Key/value pairs
4. Deploying Enterprise Authentication and Authorization Controls
4.1 Credential management
4.1.1 Single Sign-On (SSO)
4.1.2 Password repository applications
4.1.3 On-premises versus cloud password repository
4.1.4 Hardware key manager
4.1.5 Privileged access management
4.1.6 Password policies
4.2 Identity federation
4.2.1 Transitive trust
4.2.2 OpenID
4.2.3 Security Assertion Markup Language (SAML)
4.3 Access control
4.3.1 Mandatory Access Control (MAC)
4.3.2 Discretionary Access Control (DAC)
4.3.3 Role-based access control
4.3.4 Rule-based access control
4.3.5 Attribute-based access control
4.4 Authentication and authorization protocols
4.4.1 Remote Authentication Dial-In User Server (RADIUS)
4.4.2 Terminal Access Controller Access Control System (TACACS)
4.4.3 Diameter
4.4.4 Lightweight Directory Access Protocol (LDAP)
4.4.5 Kerberos
4.4.6 OAuth
4.4.7 802.1X
4.4.8 Extensible Authentication Protocol (EAP)
4.5 Multi-Factor Authentication (MFA)
4.5.1 Two-Factor Authentication (2FA)
4.5.2 Two-step verification
4.5.3 In-band authentication
4.5.4 Out-of-Band Authentication (OOBA)
4.5.5 One-Time Password (OTP)
4.5.6 HMAC-based One-Time Password (HOTP)
4.5.7 Time-based One-Time Password (TOTP)
4.5.8 Hardware root of trust
4.5.9 JWT
5. Threat and Vulnerability Management
5.1 Intelligence types
5.1.1 Tactical intelligence
5.1.2 Strategic intelligence
5.1.3 Operational intelligence
5.1.4 Commodity malware
5.1.5 Targeted attacks
5.2 Actor types
5.2.1 Advanced persistent threat – nation-state
5.2.2 Insider threat
5.2.3 Competitor
5.2.4 Hacktivist
5.2.5 Script kiddie
5.2.6 Organized crime
5.3 Threat actor properties
5.3.1 Resources
5.3.2 Time
5.3.3 Money
5.3.4 Supply chain access
5.3.5 Capabilities and sophistication
5.3.6 Identifying techniques
5.4 Intelligence collection methods
5.4.1 Intelligence feeds
5.4.2 Deep web
5.4.3 Proprietary intelligence
5.4.4 Open source intelligence
5.4.5 Human intelligence
5.5 Frameworks
5.5.1 MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
5.5.2 ATT&CK for industrial control systems
5.5.3 The Diamond model of intrusion analysis
5.5.4 Cyber Kill Chain
5.5.5 Threat hunting
5.5.6 Threat emulation
5.5.7 Hypothesis-based Threat Hunting
5.5.8 Adversary Emulation
5.5.9 Methodologies (STRIDE, DREAD)
5.5.10 Application in Risk Assessment
5.6 Indicators of compromise
5.6.1 Packet capture
5.6.2 Logs
5.6.3 Network logs
5.6.4 Vulnerability logs
5.6.5 Operating system logs
5.6.6 Access logs
5.6.7 NetFlow logs
5.6.8 Notifications
5.6.9 File integrity monitoring alerts
5.6.10 SIEM alerts
5.6.11 Data loss prevention alerts
5.6.12 Intrusion detection system and intrusion prevention system alerts
5.6.13 Antivirus alerts
5.6.14 Notification severity and priorities
5.7 Responses
5.7.1 Firewall rules
5.7.2 Intrusion prevention system and intrusion detection system rules
5.7.3 Access control list rules
5.7.4 Signature rules
5.7.5 Behavior rules
5.7.6 Data loss prevention rules
5.7.7 Scripts/regular expressions
6. Vulnerability Assessment and Penetration Testing Methods and Tools
6.1 Vulnerability scans
6.1.1 Credentialed versus non-credentialed scans
6.1.2 Agent-based/server-based
6.1.3 Criticality ranking
6.1.4 Active versus passive scans
6.2 Security Content Automation Protocol (SCAP)
6.2.1 Extensible Configuration Checklist Description Format (XCCDF)
6.2.2 Open Vulnerability and Assessment Language (OVAL)
6.2.3 Common Platform Enumeration (CPE)
6.2.4 Common Vulnerabilities and Exposures (CVE)
6.2.5 Common Vulnerability Scoring System (CVSS)
6.2.6 Common Configuration Enumeration (CCE)
6.2.7 Asset Reporting Format (ARF)
6.2.8 Self-assessment versus third-party vendor assessment
6.2.9 Patch management
6.3 Information sources
6.3.1 Advisories
6.3.2 Bulletins
6.3.3 Vendor websites
6.3.4 Information Sharing and Analysis
6.3.5 News reports
6.4 Testing methods
6.4.1 Static analysis
6.4.2 Dynamic analysis
6.4.3 Side-channel analysis
6.4.4 Wireless vulnerability scan
6.4.5 Software Composition Analysis (SCA)
6.4.6 Fuzz testing
6.5 Penetration testing
6.5.1 Requirements
6.5.2 Box testing
6.5.3 Post-exploitation
6.5.4 Persistence
6.5.5 Pivoting
6.5.6 Rescanning for corrections/changes
6.6 Security tools
6.6.1 SCAP scanner
6.6.2 Network traffic analyzer
6.6.3 Vulnerability scanner
6.6.4 Protocol analyzer
6.6.5 Port scanner
6.6.6 HTTP interceptor
6.6.7 Exploit framework
6.6.8 Password crackers
6.6.9 Dependency management tools
7. Risk Mitigation Controls
7.1 Understanding application vulnerabilities
7.1.1 Race conditions
7.1.2 Buffer overflows
7.1.3 Integer overflow
7.1.4 Broken authentication
7.1.5 Insecure references
7.1.6 Poor exception handling
7.1.7 Security misconfiguration
7.1.8 Information disclosure
7.1.9 Certificate errors
7.1.10 Weak cryptography implementations
7.1.11 Weak ciphers
7.1.12 Software composition analysis
7.1.13 Use of vulnerable frameworks and software modules
7.1.14 Use of unsafe functions
7.1.15 Third-party libraries
7.1.16 Dependencies
7.1.17 End-of-support and end-of-life
7.1.18 Regression issues
7.2 Assessing inherently vulnerable systems and applications
7.2.1 Client-side processing and server-side processing
7.2.2 JSON and representational state transfer
7.2.3 Browser extensions
7.2.4 Hypertext Markup Language 5 (HTML5)
7.2.5 Asynchronous JavaScript and XML (AJAX)
7.2.6 Simple Object Access Protocol (SOAP)
7.3 Recognizing common attacks
7.3.1 Directory traversal
7.3.2 Cross-site scripting
7.3.3 Cross-site request forgery
7.3.4 Injection attacks
7.3.5 Sandbox escape
7.3.6 VM hopping
7.3.7 VM escape
7.3.8 Border Gateway Protocol and route hijacking
7.3.9 Interception attacks
7.3.10 Denial of service and distributed denial of service
7.3.11 Social engineering
7.3.12 VLAN hopping
7.4 Proactive and detective risk reduction
7.4.1 Hunts
7.4.2 Developing countermeasures
7.4.3 Deceptive technologies
7.4.4 Security data analytics
7.5 Applying preventative risk reduction
7.5.1 Application control
7.5.2 Security automation
7.5.3 Physical security
7.5.4 Security Orchestration, Automation, and Response (SOAR)
7.5.5 Scripting for Security Tasks
7.5.6 Infrastructure as Code (IaC) Security
8. Implementing Incident Response and Forensics Procedures
8.1 Understanding incident response planning
8.1.1 Understanding the incident response process
8.1.2 Preparation
8.1.3 Detection
8.1.4 Analysis
8.1.5 Containment
8.1.6 Eradication and recovery
8.1.7 Lessons learned
8.1.8 Specific response playbooks/processes
8.1.9 Non-automated response methods
8.1.10 Automated response methods
8.1.11 Communication plan
8.2 Understanding forensic concepts
8.2.1 Forensic process
8.2.2 Chain of custody
8.2.3 Order of volatility
8.2.4 Memory snapshots
8.2.5 Images
8.2.6 Evidence preservation
8.2.7 Cryptanalysis
8.2.8 Steganalysis
8.3 Using forensic analysis tools
8.3.1 File carving tools
8.3.2 Binary analysis tools
8.3.3 Analysis tools
8.3.4 ExifTool
8.3.5 Imaging tools
8.3.6 Hashing utilities
8.3.7 Using live collection and post-mortem tools
8.3.8 Malware Reverse Engineering
8.3.9 Memory Forensics
8.3.10 Network Traffic Analysis
9. Enterprise Mobility and Endpoint Security Controls
9.1 Implementing enterprise mobility management
9.1.1 Managed configurations
9.1.2 Application control
9.1.3 Passwords
9.1.4 Multi-factor authentication requirements
9.1.5 Patch repositories
9.1.6 Patch repositories
9.1.7 Firmware over-the-air (FOTA)
9.1.8 Remote wipe options
9.1.9 Wi-Fi
9.1.10 Wi-Fi protected access (WPA2/3)
9.1.11 Device certificates
9.1.12 Device profiles
9.1.13 Bluetooth
9.1.14 Near-field communication
9.1.15 Peripherals
9.1.16 Geofencing
9.1.17 Geotagging
9.1.18 Full device encryption
9.1.19 Tethering
9.1.20 Airplane mode
9.1.21 Location services
9.1.22 DNS over HTTPS (DoH)
9.1.23 Custom DNS settings
9.1.24 Deployment scenarios
9.1.25 Bring your own device challenges
9.1.26 Corporate-owned devices
9.1.27 Corporate-owned, personally enabled (COPE) devices
9.1.28 Choose your own device (CYOD) challenges
9.2 Security considerations for mobility management
9.2.1 The unauthorized remote activation and deactivation of devices or features
9.2.2 Encrypted and unencrypted communication concerns
9.2.3 Physical reconnaissance
9.2.4 Personal data theft
9.2.5 Health privacy
9.2.6 The implications of wearable devices
9.2.7 The digital forensics of collected data
9.2.8 Unauthorized application stores
9.2.9 Containerization
9.2.10 Original equipment manufacturer (OEM) and carrier differences
9.2.11 Supply chain issues
9.2.12 The use of an eFuse
9.3 Implementing endpoint security controls
9.3.1 Hardening techniques
9.3.2 Compensating controls
9.3.3 Hardware Security Modules (HSM)
9.3.4 Trusted Platform Module (TPM)
9.3.5 Secure Boot
10. Security Considerations Impacting Specific Sectors and Operational Technologies
10.1 Identifying regulated business sectors
10.1.1 Energy sector
10.1.2 Manufacturing
10.1.3 Healthcare
10.1.4 Public utilities
10.1.5 Public services
10.1.6 Facility services
10.2 Understanding embedded systems
10.2.1 Internet of things
10.2.2 System on a chip
10.2.3 Application-specific integrated circuits
10.2.4 Field-programmable gate array
10.3 Understanding ICS/SCADA
10.3.1 PLCs
10.3.2 Historian
10.3.3 Ladder logic
10.3.4 Safety instrumented system
10.3.5 Heating, ventilation, and air conditioning
10.4 Understanding OT protocols
10.4.1 Controller area network bus (CANBus)
10.4.2 Modbus
10.4.3 Distributed Network Protocol 3.0
10.4.4 Zigbee
10.4.5 Common Industrial Protocol
10.4.6 Data Distribution Service
13. Applying Appropriate Risk Strategies
13.1 Understanding risk assessments
13.1.1 Qualitative risk assessments
13.1.2 Quantitative risk assessments
13.1.3 Gap analysis
13.2 Implementing risk-handling techniques
13.2.1 Transfer
13.2.2 Accept
13.2.3 Avoid
13.2.4 Mitigate
13.2.5 Risk types
13.3 Understanding the risk management life cycle
13.3.1 Department of Defense Risk Management Framework
13.3.2 NIST Cybersecurity Framework (CSF)
13.3.3 Understanding risk controls
13.4 Understanding risk tracking
13.4.1 Key performance indicators
13.4.2 Key risk indicators
13.4.3 Risk appetite
13.4.4 Risk tolerance
13.4.5 Trade-off analysis
13.5 Managing risk with policies and security practices
13.5.1 Separation of duties (SoD)
13.5.2 Job rotation
13.5.3 Mandatory vacation
13.5.4 Least privilege
13.5.5 Employment and termination procedures
13.5.6 Training and awareness for users
13.5.7 Auditing requirements and frequency
13.6 Explaining the importance of managing and mitigating vendor risk
13.6.1 Vendor lock-in
13.6.2 Vendor Lock-Out
13.6.3 Vendor viability
13.6.4 Merger or acquisition risk
13.6.5 Meeting client requirements
13.6.6 Ongoing vendor assessment tools
14. Compliance Frameworks, Legal Considerations, and Their Organizational Impact
14.1 Security concerns associated with integrating diverse industries
14.1.1 Data considerations
14.1.2 Understanding geographic considerations
14.1.3 Third-party attestation of compliance
14.2 Understanding regulations, accreditations, and standards
14.2.1 Understanding legal considerations
14.2.2 Application of contract and agreement types
15. Business Continuity and Disaster Recovery Concepts
15.1 Conducting a business impact analysis
15.1.1 Maximum Tolerable Downtime (MTD)
15.1.2 Recovery Time Objective (RTO)
15.1.3 Recovery Point Objective (RPO)
15.1.4 Recovery service level
15.1.5 Mission-essential functions
15.1.6 Privacy Impact Assessment (PIA)
15.1.7 Preparing a Disaster Recovery Plan/Business Continuity Plan
15.1.8 Backup and recovery methods
15.2 Planning for high availability and automation
15.2.1 Scalability
15.2.2 Resiliency
15.2.3 Automation
15.2.4 Content Delivery Network (CDN)
15.2.5 Testing plans
15.3 Explaining how cloud technology aids enterprise resilience
15.3.1 Using cloud solutions for business continuity and disaster recovery (BCDR)
15.3.2 Infrastructure versus serverless computing
15.3.3 Collaboration tools
15.3.4 Storage configurations
15.3.5 Cloud Access Security Broker (CASB)
16. Operations Security and Safety
16.1 Physical/Logical Operations
16.1.1 Facilities and Redundancy
16.1.2 American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE)
16.1.3 Power Redundancy
16.1.4 Power Provider Redundancy
16.1.5 Power Line Redundancy
16.1.6 Power Conditioning and Distribution Redundancy
16.1.7 Communications Redundancy
16.1.8 Personnel Redundancy
16.1.9 Security Redundancy
16.1.10 Holistic Redundancy: The Uptime Institute Tiers
16.1.11 Virtualization Operations
16.1.12 Instance Isolation
16.1.13 Storage Operations
16.1.14 Physical and Logical Isolation
16.2 Security Operations Center
16.2.1 Continuous Monitoring
16.2.2 Incident Management
16.2.3 Advanced SIEM Configuration
16.2.4 User Behavior Analytics (UBA)
17. Information Security Challenges with AI Adoption
17.1 Legal and Privacy Implications
17.1.1 Compliance with Data Protection Laws
17.1.2 Privacy Concerns in AI Data Processing
17.1.3 Ethical Considerations in AI Development and Deployment
17.2 Potential Misuse of AI
17.2.1 AI-Generated Misinformation and Deepfakes
17.2.2 AI in Cybercrime and Automated Attacks
17.2.3 Unethical Surveillance and Privacy Invasion
17.3 Threats to AI Models
17.3.1 Adversarial Attacks on AI Models
17.3.2 Data Poisoning and Training Data Manipulation
17.3.3 Model Inversion and Information Extraction
17.3.4 Intellectual Property Theft in AI
17.4 AI-enabled Attacks
17.4.1 AI-Powered Malware and Adaptive Threats
17.4.2 Advanced Phishing Campaigns Using AI
17.4.3 Automated Vulnerability Discovery and Exploitation
17.5 Risks of AI Usage
17.5.1 Overreliance on AI and Reduced Human Oversight
17.5.2 Lack of Transparency and Accountability in AI Systems
17.5.3 Bias and Errors in AI Decision-Making
17.5.4 Security Vulnerabilities in AI Implementations
The course content above may change at any time without notice in order to better reflect the contents of the examination.
繳付學費,過程簡便!
