- Hardware/device replacement
- Battery
- Keyboard/keys
- Random-access memory (RAM)
- Hard disk drive (HDD)/solid state drive (SSD) migration
- HDD/SSD replacement
- Wireless cards
|
- Physical privacy and security components
- Biometrics
- Near-field scanner features
|
1.2 Compare and contrast the display components of mobile devices.
[edit | edit source]
- Types
- Liquid crystal display (LCD)
- In-plane switching (IPS)
- Twisted nematic (TN)
- Vertical alignment (VA)
- Organic light-emitting diode (OLED)
|
- Mobile display components
- WiFi antenna connector/placement
- Camera/webcam
- Microphone
- Touch screen/digitizer
- Inverter
|
- Connection methods
- Universal Serial Bus (USB)/USB-C/microUSB/miniUSB
- Lightning
- Serial interfaces
- Near-field communication (NFC)
- Bluetooth
- Hotspot
|
- Accessories
- Touch pens
- Headsets
- Speakers
- Webcam
- Docking station
- Port replicator
- Trackpad/drawing pad
|
- Wireless/cellular data network (enable/disable)
- 2G/3G/4G/5G
- Hotspot
- Global System for Mobile Communications (GSM) vs. code-division multiple access (CDMA)
- Preferred Roaming List (PRL) updates
- Bluetooth
- Enable Bluetooth
- Enable pairing
- Find a device for pairing
- Enter the appropriate PIN code
- Test connectivity
- Location services
- Global Positioning System (GPS) services
- Cellular location services
|
- Mobile device management (MDM)/mobile application management (MAM)
- Corporate email configuration
- Two-factor authentication
- Corporate applications
- Mobile device synchronization
- Account setup
- Microsoft 365
- Google Workspace
- iCloud
- Data to synchronize
- Mail
- Photos
- Calendar
- Contacts
- Recognizing data caps
|
2.1 Compare and contrast Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, protocols, and their purposes.
[edit | edit source]
- Ports and protocols
- 20/21 - File Transfer Protocol (FTP)
- 22 - Secure Shell (SSH)
- 23 - Telnet
- 25 - Simple Mail Transfer Protocol (SMTP)
- 53 - Domain Name System (DNS)
- 67/68 - Dynamic Host Configuration Protocol (DHCP)
- 80 - Hypertext Transfer Protocol (HTTP)
- 110 - Post Office Protocol 3 (POP3)
- 137/139 - Network Basic Input/Output System (NetBIOS)/NetBIOS over TCP/IP (NetBT)
- 143 - Internet Mail Access Protocol (IMAP)
- 161/162 - Simple Network Management Protocol (SNMP)
- 389 - Lightweight Directory Access Protocol (LDAP)
- 443 - Hypertext Transfer Protocol Secure (HTTPS)
- 445 - Server Message Block (SMB)/Common Internet File System (CIFS)
- 3389 - Remote Desktop Protocol (RDP)
|
- TCP vs. UDP
- Connectionless
- DHCP
- Trivial File Transfer Protocol (TFTP)
- Connection-oriented
|
- Routers
- Switches
- Access points
- Patch panel
- Firewall
|
- Power over Ethernet (PoE)
- Injectors
- Switch
- PoE standards
- Hub
- Cable modem
- Digital subscriber line (DSL)
- Optical network terminal (ONT)
- Network interface card (NIC)
- Software-defined networking (SDN)
|
2.3 Compare and contrast protocols for wireless networking.
[edit | edit source]
- Frequencies
- Channels
- Regulations
- 2.4GHz vs. 5GHz
- Bluetooth
|
- 802.11
- a
- b
- g
- n
- ac (WiFi 5)
- ax (WiFi 6)
|
- Long-range fixed wireless
- Licensed
- Unlicensed
- Power
- Regulatory requirements for wireless power
- NFC
- Radio-frequency identification (RFID)
|
- Server roles
- DNS
- DHCP
- Fileshare
- Print servers
- Mail servers
- Syslog
- Web servers
- Authentication, authorization, and accounting (AAA)
|
- Internet applicances
- Spam gateways
- Unified threat management (UTM)
- Load balancers
- Proxy servers
- Legacy/embedded systems
- Supervisory control and data acquisition (SCADA)
- Internet of Things (IoT) devices
|
- Internet Protocol (IP) addressing
- IPv4
- Private addresses
- Public addresses
- IPv6
- Automatic Private IP Addressing (APIPA)
- Static
- Dynamic
- Gateway
|
2.6 Compare and contrast common network configuration concepts.
[edit | edit source]
- DNS
- Address
- Mail exchanger (MX)
- Text (TXT)
|
- DHCP
- Leases
- Reservations
- Scope
- Virtual LAN (VLAN)
- Virtual private network (VPN)
|
2.7 Compare and contrast Internet connection types, network types, and their features.
[edit | edit source]
- Internet connection types
- Satellite
- Fiber
- Cable
- DSL
- Cellular
- Wireless Internet service provider (WISP)
|
- Network types
- Local area network (LAN)
- Wide area network (WAN)
- Personal area network (PAN)
- Metropolitan area network (MAN)
- Storage area network (SAN)
- Wireless local area network (WLAN)
|
- Crimper
- Cable stripper
- WiFi analyzer
- Toner probe
|
- Punchdown tool
- Cable tester
- Loopback plug
- Network tap
|
3.1 Explain basic cable types and their connectors, features, and purposes.
[edit | edit source]
- Network cables
- Copper
- Cat 5
- Cat 5e
- Cat 6
- Cat 6a
- Coaxial
- Shielded twisted pair
- Unshielded twisted pair
- Plenum
- Optical
- T568A/T568B
|
- Peripheral cables
- USB 2.0
- USB 3.0
- Serial
- Thunderbolt
- Video cables
- High-Definition Multimedia Interface (HDMI)
- DisplayPort
- Digital Visual Interface (DVI)
- Video Graphics Array (VGA)
- Hard drive cables
- Serial Advanced Technology Attachment (SATA)
- Small Computer System Interface (SCSI)
- External SATA (eSATA)
- Integrated Drive Electronics (IDE)
|
- RAM types
- Virtual RAM
- Small outline dual inline memory module (SODIMM)
- Double Data Rate 3 (DDR3)
- Double Data Rate 4 (DDR4)
- Double Data Rate 5 (DDR5)
- Error correction code (ECC) RAM
|
- Single-channel
- Dual-channel
- Triple-channel
- Quad-channel
|
3.3 Given a scenario, select and install storage devices.
[edit | edit source]
- Hard drives
- Speeds
- 5,400rpm
- 7,200rpm
- 10,000rpm
- 15,000rpm
- Form factor
|
- SSDs
- Communications interfaces
- Non-volatile Memory Express (NVMe)
- SATA
- Peripheral Component Interconnect Express (PCIe)
- Form factors
|
- Drive configurations
- Redundant Array of Independent (or Inexpensive) Disks (RAID) 0, 1, 5, 10
- Removable storage
- Flash drives
- Memory cards
- Optical drives
|
- Motherboard form factor
- Advanced Technology eXtended (ATX)
- Information Technology eXtended (ITX)
- Motherboard connector types
- Peripheral Component Interconnect (PCI)
- PCI Express (PCIe)
- Power connectors
- SATA
- eSATA
- Headers
- M.2
- Motherboard compatibility
- CPU sockets
- Advanced Micro Devices, Inc. (AMD)
- Intel
- Server
- Multisocket
- Desktop
- Mobile
- Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) settings
- Boot options
- USB permissions
- Trusted Platform Module (TPM) security features
- Fan considerations
- Secure Boot
- Boot password
|
- Encryption
- CPU architecture
- x64/x86
- Advanced RISC Machine (ARM)
- Single-core
- Multicore
- Multithreading
- Virtualization support
- Expansion cards
- Sound card
- Video card
- Capture card
- NIC
- Cooling
- Fans
- Heat sink
- Thermal paste/pads
- Liquid
|
3.5 Given a scenario, install or replace the appropriate power supply.
[edit | edit source]
- Input 110-120 VAC vs. 220-240 VAC
- Output 3.3V vs. 5V vs. 12V
- 20-pin to 24-pin motherboard adapter
|
- Redundant power supply
- Modular power supply
- Wattage rating
|
- Properly unboxing a device – setup location considerations
- Use appropriate drivers for a given OS
- Printer Control Language (PCL) vs. PostScript
- Device connectivity
- Public/shared devices
- Printer share
- Print server
|
- Configuration settings
- Duplex
- Orientation
- Tray settings
- Quality
- Security
- User authentication
- Badging
- Audit logs
- Secured prints
- Network scan services
- Automatic document feeder (ADF)/flatbed scanner
|
3.7 Given a scenario, install and replace printer consumables.
[edit | edit source]
- Laser
- Imaging drum, fuser assembly, transfer belt, transfer roller, pickup rollers, separation pads, duplexing assembly
- Imaging process: processing, charging, exposing, developing, transferring, fusing, and cleaning
- Maintenance: Replace toner, apply maintenance kit, calibrate, clean
- Inkjet
- Ink cartridge, print head, roller, feeder, duplexing assembly, carriage belt
- Calibration
- Maintenance: Clean heads, replace cartridges, calibrate, clear jams
|
- Thermal
- Feed assembly, heating element
- Special thermal paper
- Maintenance: Replace paper, clean heating element, remove debris
- Heat sensitivity of paper
- Impact
- Print head, ribbon, tractor feed
- Impact paper
- Maintenance: Replace ribbon, replace print head, replace paper
- 3-D printer
|
- Common cloud models
- Private cloud
- Public cloud
- Hybrid cloud
- Community cloud
- Infrastructure as a service (IaaS)
- Software as a service (SaaS)
- Platform as a service (PaaS)
|
- Cloud characteristics
- Shared resources
- Metered utilization
- Rapid elasticity
- High availability
- File synchronization
- Desktop virtualization
- Virtual desktop infrastructure (VDI) on premises
- VDI in the cloud
|
- Purpose of virtual machines
- Sandbox
- Test development
- Application virtualization
- Legacy software/OS
- Cross-platform virtualization
- Resource requirements
- Security requirements
5.1 Given a scenario, apply the best practice methodology to resolve problems.
[edit | edit source]Always consider corporate policies, procedures, and impacts before implementing changes:
1. Identify the problem
- Gather information from the user, identify user changes, and, if applicable, perform backups before making changes
- Inquire regarding environmental or infrastructure changes
2. Establish a theory of probable cause (question the obvious)
- If necessary, conduct external or internal research based on symptoms
3. Test the theory to determine the cause
- Once the theory is confirmed, determine the next steps to resolve the problem
- If the theory is not confirmed, re-establish a new theory or escalate
4.Establish a plan of action to resolve the problem and implement the solution
- Refer to the vendor’s instructions for guidance
5.Verify full system functionality and, if applicable, implement preventive measures
6.Document the findings, actions, and outcomes
- Common symptoms
- Power-on self-test (POST) beeps
- Proprietary crash screens (blue screen of death [BSOD]/pinwheel)
- Black screen
- No power
- Sluggish performance
- Overheating
- Burning smell
- Intermittent shutdown
- Application crashes
- Grinding noise
- Capacitor swelling
- Inaccurate system date/time
5.3 Given a scenario, troubleshoot and diagnose problems with storage drives and RAID arrays.
[edit | edit source]- Common symptoms
- Light-emitting diode (LED) status indicators
- Grinding noises
- Clicking sounds
- Bootable device not found
- Data loss/corruption
- RAID failure
- Self-monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) failure
- Extended read/write times
- Input/output operations per second (IOPS)
- Missing drives in OS
5.4 Given a scenario, troubleshoot video, projector, and display issues.
[edit | edit source]- Common symptoms
- Incorrect data source
- Physical cabling issues
- Burned-out bulb
- Fuzzy image
- Display burn-in
- Dead pixels
- Flashing screen
- Incorrect color display
- Audio issues
- Dim image
- Intermittent projector shutdown
5.5 Given a scenario, troubleshoot common issues with mobile devices.
[edit | edit source]- Common symptoms
- Poor battery health
- Swollen battery
- Broken screen
- Improper charging
- Poor/no connectivity
- Liquid damage
- Overheating
- Digitizer issues
- Physically damaged ports
- Malware
- Cursor drift/touch calibration
5.6 Given a scenario, troubleshoot and resolve printer issues.
[edit | edit source]- Common symptoms
- Lines down the printed pages
- Garbled print
- Toner not fusing to paper
- Paper jams
- Faded print
- Incorrect paper size
- Paper not feeding
- Multipage misfeed
- Multiple prints pending in queue
- Speckling on printed pages
- Double/echo images on the print
- Incorrect color settings
- Grinding noise
- Finishing issues
- Incorrect page orientation
5.7 Given a scenario, troubleshoot problems with wired and wireless networks.
[edit | edit source]- Common symptoms
- Intermittent wireless connectivity
- Slow network speeds
- Limited connectivity
- Jitter
- Poor Voice over Internet Protocol (VoIP) quality
- Port flapping
- High latency
- External interference
1.1 Identify basic features of Microsoft Windows editions.
[edit | edit source]
- Windows 10 editions
- Home
- Pro
- Pro for Workstations
- Enterprise
- Upgrade paths
|
- Feature differences
- Domain access vs. workgroup
- Desktop styles/user interface
- Availability of Remote Desktop Protocol (RDP)
- Random-access memory (RAM) support limitations
- BitLocker
- gpedit.msc
|
- Navigation
- cd
- dir
- md
- rmdir
- Drive navigation inputs:
|
- Command-line tools
- ipconfig
- ping
- hostname
- netstat
- nslookup
- chkdsk
- net user
- net use
- tracert
- format
- xcopy
- copy
- robocopy
- gpupdate
- gpresult
- shutdown
- sfc
- [command name] /?
- diskpart
- pathping
- winver
|
- Task Manager
- Services
- Startup
- Performance
- Processes
- Users
|
- Microsoft Management Console (MMC) snap-in
- Event Viewer (eventvwr.msc)
- Disk Management (diskmgmt.msc)
- Task Scheduler (taskschd.msc)
- Device Manager (devmgmt.msc)
- Certificate Manager (certmgr.msc)
- Local Users and Groups (lusrmgr.msc)
- Performance Monitor (perfmon.msc)
- Group Policy Editor (gpedit.msc)
|
- Additional tools
- System Information (msinfo32.exe)
- Resource Monitor (resmon.exe)
- System Configuration (msconfig.exe)
- Disk Cleanup (cleanmgr.exe)
- Disk Defragment (dfrgui.exe)
- Registry Editor (regedit.exe)
|
1.4 Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility.
[edit | edit source]
- Internet Options
- Devices and Printers
- Programs and Features
- Network and Sharing Center
- System
- Windows Defender Firewall
- Mail
- Sound
- User Accounts
- Device Manager
- Indexing Options
- Administrative Tools
- Ease of Access
|
- File Explorer Options
- Show hidden files
- Hide extensions
- General options
- View options
- Power Options
- Hibernate
- Power plans
- Sleep/suspend
- Standby
- Choose what closing the lid does
- Turn on fast startup
- Universal Serial Bus (USB) selective suspend
|
1.5 Given a scenario, use the appropriate Windows settings.
[edit | edit source]
- Time and Language
- Update and Security
- Personalization
- Apps
- Privacy
|
- System
- Devices
- Network and Internet
- Gaming
- Accounts
|
- Workgroup vs. domain setup
- Shared resources
- Printers
- File servers
- Mapped drives
- Client network configuration
- Internet Protocol (IP) addressing scheme
- Domain Name System (DNS) settings
- Subnet mask
- Gateway
- Static vs. dynamic
|
- Establish network connections
- Virtual private network (VPN)
- Wireless
- Wired
- Wireless wide area network (WWAN)
- Proxy settings
- Public network vs. private network
- File Explorer navigation – network paths
- Metered connections and limitations
- Local OS firewall settings
- Application restrictions and exceptions
- Configuration
|
1.7 Given a scenario, apply application installation and configuration concepts.
[edit | edit source]
- System requirements for applications
- 32-bit vs. 64-bit dependent application requirements
- Dedicated graphics card vs. integrated
- Video random-access memory (VRAM) requirements
- RAM requirements
- Central processing unit (CPU) requirements
- External hardware tokens
- Storage requirements
|
- OS requirements for applications
- Application to OS compatibility
- 32-bit vs. 64-bit OS
- Distribution methods
- Physical media vs. downloadable
- ISO mountable
- Other considerations for new applications
- Impact to device
- Impact to network
- Impact to operation
- Impact to business
|
- Workstation OSs
- Windows
- Linux
- macOS
- Chrome OS
- Cell phone/tablet OSs
|
- Various filesystem types
- New Technology File System (NTFS)
- File Allocation Table 32 (FAT32)
- Third extended filesystem (ext3)
- Fourth extended filesystem (ext4)
- Apple File System (APFS)
- Extensible File Allocation Table (exFAT)
- Vendor life-cycle limitations
- End-of-life (EOL)
- Update limitations
- Compatibility concerns between OSs
|
- Boot methods
- USB
- Optical media
- Network
- Solid-state/flash drives
- Internet-based
- External/hot-swappable drive
- Internal hard drive (partition)
- Types of installations
- Upgrade
- Recovery partition
- Clean install
- Image deployment
- Repair installation
- Remote network installation
- Other considerations
|
- Partitioning
- GUID [globally unique identifier] Partition Table (GPT)
- Master boot record (MBR)
- Drive format
- Upgrade considerations
- Backup files and user preferences
- Application and driver support/ backward compatibility
- Hardware compatibility
- Feature updates
|
- Installation and uninstallation of applications
- File types
- App Store
- Uninstallation process
- Apple ID and corporate restrictions
- Best practices
- Backups
- Antivirus
- Updates/patches
- System Preferences
- Displays
- Networks
- Printers
- Scanners
- Privacy
- Accessibility
- Time Machine
|
- Features
- Multiple desktops
- Mission Control
- Keychain
- Spotlight
- iCloud
- Gestures
- Finder
- Remote Disc
- Dock
- Disk Utility
- FileVault
- Terminal
- Force Quit
|
- Common commands
- ls
- pwd
- mv
- cp
- rm
- chmod
- chown
- su/sudo
- apt-get
- yum
- ip
- df
- grep
- ps
- man
- top
- find
- dig
- cat
- nano
|
- Best practices
- Backups
- Antivirus
- Updates/patches
- Tools
|
2.1 Summarize various security measures and their purposes.
[edit | edit source]
- Physical security
- Access control vestibule
- Badge reader
- Video surveillance
- Alarm systems
- Motion sensors
- Door locks
- Equipment locks
- Guards
- Bollards
- Fences
- Physical security for staff
- Key fobs
- Smart cards
- Keys
- Biometrics
- Retina scanner
- Fingerprint scanner
- Palmprint scanner
- Lighting
- Magnetometers
|
- Logical security
- Principle of least privilege
- Access control lists (ACLs)
- Multifactor authentication (MFA)
- Email
- Hard token
- Soft token
- Short message service (SMS)
- Voice call
- Authenticator application
- Mobile device management (MDM)
- Active Directory
- Login script
- Domain
- Group Policy/updates
- Organizational units
- Home folder
- Folder redirection
- Security groups
|
2.2 Compare and contrast wireless security protocols and authentication methods.
[edit | edit source]
- Protocols and encryption
- WiFi Protected Access 2 (WPA2)
- WPA3
- Temporal Key Integrity Protocol (TKIP)
- Advanced Encryption Standard (AES)
|
- Authentication
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access-Control System (TACACS+)
- Kerberos
- Multifactor
|
- Malware
- Trojan
- Rootkit
- Virus
- Spyware
- Ransomware
- Keylogger
- Boot sector virus
- Cryptominers
|
- Tools and methods
- Recovery mode
- Antivirus
- Anti-malware
- Software firewalls
- Anti-phishing training
- User education regarding common threats
- OS reinstallation
|
2.4 Explain common social-engineering attacks, threats, and vulnerabilities.
[edit | edit source]
- Social engineering
- Phishing
- Vishing
- Shoulder surfing
- Whaling
- Tailgating
- Impersonation
- Dumpster diving
- Evil twin
|
- Threats
- Distributed denial of service (DDoS)
- Denial of service (DoS)
- Zero-day attack
- Spoofing
- On-path attack
- Brute-force attack
- Dictionary attack
- Insider threat
- Structured Query Language (SQL) injection
- Cross-site scripting (XSS)
- Vulnerabilities
- Non-compliant systems
- Unpatched systems
- Unprotected systems (missing antivirus/missing firewall)
- EOL OSs
- Bring your own device (BYOD)
|
- Defender Antivirus
- Activate/deactivate
- Updated definitions
- Firewall
- Activate/deactivate
- Port security
- Application security
- Users and groups
- Local vs. Microsoft account
- Standard account
- Administrator
- Guest user
- Power user
|
- Login OS options
- Username and password
- Personal identification number (PIN)
- Fingerprint
- Facial recognition
- Single sign-on (SSO)
- NTFS vs. share permissions
- File and folder attributes
- Inheritance
- Run as administrator vs. standard user
- User Account Control (UAC)
- BitLocker
- BitLocker To Go
- Encrypting File System (EFS)
|
- Data-at-rest encryption
- Password best practices
- Complexity requirements
- Expiration requirements
- Basic input/output system (BIOS)/Unified Extensible Firmware Interface (UEFI) passwords
- End-user best practices
- Use screensaver locks
- Log off when not in use
- Secure/protect critical hardware (e.g., laptops)
- Secure personally identifiable information (PII) and passwords
|
- Account management
- Restrict user permissions
- Restrict login times
- Disable guest account
- Use failed attempts lockout
- Use timeout/screen lock
- Change default administrator’s user account/password
- Disable AutoRun
- Disable AutoPlay
|
2.7 Explain common methods for securing mobile and embedded devices.
[edit | edit source]
- Screen locks
- Facial recognition
- PIN codes
- Fingerprint
- Pattern
- Swipe
- Remote wipes
- Locator applications
- OS updates
|
- Device encryption
- Remote backup applications
- Failed login attempts restrictions
- Antivirus/anti-malware
- Firewalls
- Policies and procedures
- BYOD vs. corporate owned
- Profile security requirements
- Internet of Things (IoT)
|
2.8 Given a scenario, use common data destruction and disposal methods
[edit | edit source]
- Physical destruction
- Drilling
- Shredding
- Degaussing
- Incinerating
|
- Recycling or repurposing best practices
- Erasing/wiping
- Low-level formatting
- Standard formatting
- Outsourcing concepts
- Third-party vendor
- Certification of destruction/ recycling
|
- Home router settings
- Change default passwords
- IP filtering
- Firmware updates
- Content filtering
- Physical placement/secure locations
- Dynamic Host Configuration Protocol (DHCP) reservations
- Static wide-area network (WAN) IP
- Universal Plug and Play (UPnP)
- Screened subnet
|
- Wireless specific
- Changing the service set identifier (SSID)
- Disabling SSID broadcast
- Encryption settings
- Disabling guest access
- Changing channels
- Firewall settings
- Disabling unused ports
- Port forwarding/mapping
|
- Browser download/installation
- Trusted sources
- Untrusted sources
- Extensions and plug-ins
- Trusted sources
- Untrusted sources
- Password managers
|
- Secure connections/sites – valid certificates
- Settings
- Pop-up blocker
- Clearing browsing data
- Clearing cache
- Private-browsing mode
- Sign-in/browser data synchronization
- Ad blockers
|
3.1 Given a scenario, troubleshoot common Windows OS problems.
[edit | edit source]
- Common symptoms
- Blue screen of death (BSOD)
- Sluggish performance
- Boot problems
- Frequent shutdowns
- Services not starting
- Applications crashing
- Low memory warnings
- USB controller resource warnings
- System instability
- No OS found
- Slow profile load
- Time drift
|
- Common troubleshooting steps
- Reboot
- Restart services
- Uninstall/reinstall/update applications
- Add resources
- Verify requirements
- System file check
- Repair Windows
- Restore
- Reimage
- Roll back updates
- Rebuild Windows profiles
|
3.2 Given a scenario, troubleshoot common personal computer (PC) security issues.
[edit | edit source]- Common symptoms
- Unable to access the network
- Desktop alerts
- False alerts regarding antivirus protection
- Altered system or personal files
- Unwanted notifications within the OS
- OS update failures
- Browser-related symptoms
- Random/frequent pop-ups
- Certificate warnings
- Redirection
3.3 Given a scenario, use best practice procedures for malware removal.
[edit | edit source]- Investigate and verify malware symptoms
- Quarantine infected systems
- Disable System Restore in Windows
- Remediate infected systems
- Update anti-malware software
- Scanning and removal techniques (e.g., safe mode, preinstallation environment)
- Schedule scans and run updates
- Enable System Restore and create a restore point in Windows
- Educate the end user
3.4 Given a scenario, troubleshoot common mobile OS and application issues.
[edit | edit source]- Common symptoms
- Application fails to launch
- Application fails to close/crashes
- Application fails to update
- Slow to respond
- OS fails to update
- Battery life issues
- Randomly reboots
- Connectivity issues
- Bluetooth
- WiFi
- Near-field communication (NFC)
- AirDrop
- Screen does not autorotate
3.5 Given a scenario, troubleshoot common mobile OS and application security issues.
[edit | edit source]
- Security concerns
- Android package (APK) source
- Developer mode
- Root access/jailbreak
- Bootleg/malicious application
|
- Common symptoms
- High network traffic
- Sluggish response time
- Data-usage limit notification
- Limited Internet connectivity
- No Internet connectivity
- High number of ads
- Fake security warnings
- Unexpected application behavior
- Leaked personal files/data
|
- Ticketing systems
- User information
- Device information
- Description of problems
- Categories
- Severity
- Escalation levels
- Clear, concise written communication
- Problem description
- Progress notes
- Problem resolution
- Asset management
- Inventory lists
- Database system
- Asset tags and IDs
- Procurement life cycle
- Warranty and licensing
- Assigned users
|
- Types of documents
- Acceptable use policy (AUP)
- Network topology diagram
- Regulatory compliance requirements
- Incident reports
- Standard operating procedures
- Procedures for custom installation of software package
- New-user setup checklist
- End-user termination checklist
- Knowledge base/articles
|
- Documented business processes
- Rollback plan
- Sandbox testing
- Responsible staff member
|
- Change management
- Request forms
- Purpose of the change
- Scope of the change
- Date and time of the change
- Affected systems/impact
- Risk analysis
- Change board approvals
- End-user acceptance
|
4.3 Given a scenario, implement workstation backup and recovery methods.
[edit | edit source]
- Backup and recovery
- Full
- Incremental
- Differential
- Synthetic
|
- Backup testing
- Backup rotation schemes
- On site vs. off site
- Grandfather-father-son (GFS)
- 3-2-1 backup rule
|
- Electrostatic discharge (ESD) straps
- ESD mats
- Equipment grounding
- Proper power handling
- Proper component handling and storage
- Antistatic bags
- Compliance with government regulations
|
- Personal safety
- Disconnect power before repairing PC
- Lifting techniques
- Electrical fire safety
- Safety goggles
- Air filtration mask
|
4.5 Summarize environmental impacts and local environmental controls.
[edit | edit source]- Material safety data sheet (MSDS)/documentation for handling and disposal
- Proper battery disposal
- Proper toner disposal
- Proper disposal of other devices and assets
- Temperature, humidity-level awareness, and proper ventilation
- Location/equipment placement
- Dust cleanup
- Compressed air/vacuums
- Power surges, under-voltage events, and power failures
- Battery backup
- Surge suppressor
4.6 Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts.
[edit | edit source]
- Incident response
- Chain of custody
- Inform management/law enforcement as necessary
- Copy of drive (data integrity and preservation)
- Documentation of incident
|
- Licensing/digital rights management (DRM)/end-user license agreement (EULA)
- Valid licenses
- Non-expired licenses
- Personal use license vs. corporate use license
- Open-source license
- Regulated data
- Credit card transactions
- Personal government-issued information
- PII
- Healthcare data
- Data retention requirements
|
4.7 Given a scenario, use proper communication techniques and professionalism.
[edit | edit source]
- Professional appearance and attire
- Match the required attire of the given environment
- Use proper language and avoid jargon, acronyms, and slang, when applicable
- Maintain a positive attitude/ project confidence
- Actively listen, take notes, and avoid interrupting the customer
- Be culturally sensitive
- Use appropriate professional titles, when applicable
- Be on time (if late, contact the customer)
- Avoid distractions
- Personal calls
- Texting/social media sites
- Personal interruptions
|
- Dealing with difficult customers or situations
- Do not argue with customers or be defensive
- Avoid dismissing customer problems
- Avoid being judgmental
- Clarify customer statements (ask open-ended questions to narrow the scope of the problem, restate the issue, or question to verify understanding)
- Do not disclose experience via social media outlets
- Set and meet expectations/time line and communicate status with the customer
- Offer repair/replacement options, as needed
- Provide proper documentation on the services provided
- Follow up with customer/user at a later date to verify satisfaction
- Deal appropriately with customers’ confidential and private materials
- Located on a computer, desktop, printer, etc.
|
- Script file types
- .bat
- .ps1
- .vbs
- .sh
- .js
- .py
- Use cases for scripting
- Basic automation
- Restarting machines
- Remapping network drives
- Installation of applications
- Automated backups
- Gathering of information/data
- Initiating updates
- Other considerations when using scripts
- Unintentionally introducing malware
- Inadvertently changing system settings
- Browser or system crashes due to mishandling of resources
- Methods/tools
- RDP
- VPN
- Virtual network computer (VNC)
- Secure Shell (SSH)
- Remote monitoring and management (RMM)
- Microsoft Remote Assistance (MSRA)
- Third-party tools
- Screen-sharing software
- Video-conferencing software
- File transfer software
- Desktop management software
- Security considerations of each access method
1.2 Compare and contrast networking appliances, applications, and functions.
[edit | edit source]
- Physical and virtual appliances
|
|
- Network functions virtualization (NFV)
- Virtual private cloud (VPC)
- Network security groups
- Network security lists
- Cloud gateways
- Internet gateway
- Network address translation (NAT) gateway
- Cloud connectivity options
|
|
1.4 Explain common networking ports, protocols, services, and traffic types.
[edit | edit source]1.6 Compare and contrast network topologies, architectures, and types.
[edit | edit source]
- Mesh
- Hybrid
- Star/hub and spoke
- Spine and leaf
- Point to point
|
- Three-tier hierarchical model
- Collapsed core
- Traffic flows
|
1.7 Given a scenario, use appropriate IPv4 network addressing.
[edit | edit source]1.8 Summarize evolving use cases for modern network environments
[edit | edit source]
- Channels
- Channel width
- Non-overlapping channels
- Regulatory impacts
- Frequency options
- 2.4GHz
- 5GHz
- 6GHz
- Band steering
- Service set identifier (SSID)
- Basic service set identifier (BSSID)
- Extended service set identifier (ESSID)
|
- Network types
- Mesh networks
- Ad hoc
- Point to point
- Infrastructure
- Encryption
- Guest networks
- Authentication
- Antennas
- Omnidirectional vs. directional
- Autonomous vs. lightweight access point
|
2.4 Explain important factors of physical installations.
[edit | edit source]
- Important installation implications
- Locations
- Rack size
- Port-side exhaust/intake
- Cabling
- Lockable
|
- Power
- Environmental factors
- Humidity
- Fire suppression
- Temperature
|
3.1 Explain the purpose of organizational processes and procedures.
[edit | edit source]
- Documentation
- Physical vs. logical diagrams
- Rack diagrams
- Cable maps and diagrams
- Network diagrams
- Asset inventory
- Hardware
- Software
- Licensing
- Warranty support
- IP address management (IPAM)
- Service-level agreement (SLA)
- Wireless survey/heat map
|
- Life-cycle management
- End-of-life (EOL)
- End-of-support (EOS)
- Software management
- Patches and bug fixes
- Operating system (OS)
- Firmware
- Decommissioning
- Change management
- Request process tracking/service request
- Configuration management
- Production configuration
- Backup configuration
- Baseline/golden configuration
|
3.2 Given a scenario, use network monitoring technologies.
[edit | edit source]
- Methods
- SNMP
- Flow data
- Packet capture
- Baseline metrics
- Anomaly alerting/notification
- Log aggregation
- Application programming interface (API) integration
- Port mirroring
|
- Solutions
- Network discovery
- Traffic analysis
- Performance monitoring
- Availability monitoring
- Configuration monitoring
|
- DR metrics
- Recovery point objective (RPO)
- Recovery time objective (RTO)
- Mean time to repair (MTTR)
- Mean time between failures (MTBF)
- DR sites
- Cold site
- Warm site
- Hot site
|
- High-availability approaches
- Active-active
- Active-passive
- Testing
- Tabletop exercises
- Validation tests
|
3.4 Given a scenario, implement IPv4 and IPv6 network services.
[edit | edit source]
- Dynamic addressing
- Time protocols
|
|
3.5 Compare and contrast network access and management methods.
[edit | edit source]- Site-to-site VPN
- Client-to-site VPN
- Clientless
- Split tunnel vs. full tunnel
- Connection methods
- SSH
- Graphical user interface (GUI)
- API
- Console
- Jump box/host
- In-band vs. out-of-band management
4.1 Explain the importance of basic network security concepts.
[edit | edit source]
|
|
- Physical security
- Deception technologies
- Common security terminology
- Audits and regulatory compliance
- Network segmentation enforcement
|
4.2 Summarize various types of attacks and their impact to the network.
[edit | edit source]4.3 Given a scenario, apply network security features, defense techniques, and solutions.
[edit | edit source]
|
1. Identify the problem
- Gather information
- Question users
- Identify symptoms
- Determine if anything has changed
- Duplicate the problem, if possible
- Approach multiple problems individually
2. Establish a theory of probable cause
- Question the obvious
- Consider multiple approaches
- Top-to-bottom/bottom-to-top OSI model
- Divide and conquer
|
3. Test the theory to determine the cause
- If theory is confirmed, determine next steps to resolve problem
- If theory is not confirmed, establish a new theory or escalate
4. Establish a plan of action to resolve the problem and identify potential effects
5. Implement the solution or escalate as necessary
6. Verify full system functionality and implement preventive measures if applicable
7. Document findings, actions, outcomes, and lessons learned throughout the process
|
5.2 Given a scenario, troubleshoot common cabling and physical interface issues.
[edit | edit source]
- Cable issues
- Incorrect cable
- Signal degradation
- Improper termination
- Transmitter (TX)/Receiver (RX) transposed
|
- Interface issues
- Increasing interface counters
- Port status
- Error disabled
- Administratively down
- Suspended
- Hardware issues
|
5.3 Given a scenario, troubleshoot common issues with network services.
[edit | edit source]
|
|
- Route selection
- Address pool exhaustion
- Incorrect default gateway
- Incorrect IP address
- Incorrect subnet mask
|
|
|
- Wireless
- Interference
- Signal degradation or loss
- Insufficient wireless coverage
- Client disassociation issues
- Roaming misconfiguration
|
|
|
- Hardware tools
- Basic networking device commands
- show mac-address-table
- show route
- show interface
- show config
- show arp
- show vlan
- show power
|
1.1 Compare and contrast various types of security controls
[edit | edit source]
|
|
- Control types
- Preventive
- Deterrent
- Detective
- Corrective
- Compensating
- Directive
|
1.3 Explain the importance of change management processes and the impact to security.
[edit | edit source]
- Business processes impacting security operation
- Approval process
- Ownership
- Stakeholders
- Impact analysis
- Test results
- Backout plan
- Maintenance window
- Standard operating procedure
|
- Technical implications
- Allow lists/deny lists
- Restricted activities
- Downtime
- Service restart
- Application restart
- Legacy applications
- Dependencies
- Documentation
- Updating diagrams
- Updating policies/procedures
- Version control
|
1.4 Explain the importance of using appropriate cryptographic solutions.
[edit | edit source]
- Public key infrastructure (PKI)
- Encryption
- Level
- Full-disk
- Partition
- File
- Volume
- Database
- Record
- Transport/communication
- Asymmetric
- Symmetric
- Key exchange
- Algorithms
- Key length
|
|
2.1 Compare and contrast common threat actors and motivations.
[edit | edit source]
- Threat actors
- Nation-state
- Unskilled attacker
- Hacktivist
- Insider threat
- Organized crime
- Shadow IT
- Attributes of actors
- Internal/external
- Resources/funding
- Level of sophistication/capability
|
- Motivations
- Data exfiltration
- Espionage
- Service disruption
- Blackmail
- Financial gain
- Philosophical/political beliefs
- Ethical
- Revenge
- Disruption/chaos
- War
|
- Message-based
- Email
- Short Message Service (SMS)
- Instant messaging (IM)
- Image-based
- File-based
- Voice call
- Removable device
- Vulnerable software
- Client-based vs. agentless
- Unsupported systems and applications
- Unsecure networks
- Open service ports
|
- Default credentials
- Supply chain
- Managed service providers (MSPs)
- Vendors
- Suppliers
- Human vectors/social engineering
- Phishing
- Vishing
- Smishing
- Misinformation/disinformation
- Impersonation
- Business email compromise
- Pretexting
- Watering hole
- Brand impersonation
- Typosquatting
|
- Application
- Memory injection
- Buffer overflow
- Race conditions
- Time-of-check (TOC)
- Time-of-use (TOU)
- Malicious update
- Operating system (OS)-based
- Web-based
- Structured Query Language injection (SQLi)
- Cross-site scripting (XSS)
- Hardware
- Firmware
- End-of-life
- Legacy
|
- Virtualization
- Virtual machine (VM) escape
- Resource reuse
- Cloud-specific
- Supply chain
- Service provider
- Hardware provider
- Software provider
- Cryptographic
- Misconfiguration
- Mobile device
- Side loading
- Jailbreaking
- Zero-day
|
2.4 Given a scenario, analyze indicators of malicious activity.
[edit | edit source]
- Malware attacks
- Ransomware
- Trojan
- Worm
- Spyware
- Bloatware
- Virus
- Keylogger
- Logic bomb
- Rootkit
- Physical attacks
- Brute force
- Radio frequency identification (RFID) cloning
- Environmental
- Network attacks
- Distributed denial-of-service (DDoS)
- Domain Name System (DNS) attacks
- Wireless
- On-path
- Credential replay
- Malicious code
|
- Application attacks
- Injection
- Buffer overflow
- Replay
- Privilege escalation
- Forgery
- Directory traversal
- Cryptographic attacks
- Downgrade
- Collision
- Birthday
- Password attacks
- Indicators
- Account lockout
- Concurrent session usage
- Blocked content
- Impossible travel
- Resource consumption
- Resource inaccessibility
- Out-of-cycle logging
- Published/documented
- Missing logs
|
2.5 Explain the purpose of mitigation techniques used to secure the enterprise.
[edit | edit source]
- Segmentation
- Access control
- Access control list (ACL)
- Permissions
- Application allow list
- Isolation
- Patching
- Encryption
- Monitoring
- Least privilege
|
- Configuration enforcement
- Decommissioning
- Hardening techniques
- Encryption
- Installation of endpoint protection
- Host-based firewall
- Host-based intrusion prevention system (HIPS)
- Disabling ports/protocols
- Default password changes
- Removal of unnecessary software
|
3.1 Compare and contrast security implications of different architecture models.
[edit | edit source]
- Architecture and infrastructure concepts
- Cloud
- Responsibility matrix
- Hybrid considerations
- Third-party vendors
- Infrastructure as code (IaC)
- Serverless
- Microservices
- Network infrastructure
- Physical isolation
- Logical segmentation
- Software-defined networking (SDN)
- On-premises
- Centralized vs. decentralized
- Containerization
- Virtualization
- IoT
- Industrial control systems (ICS)/ supervisory control and data acquisition (SCADA)
- Real-time operating system (RTOS)
- Embedded systems
- High availability
|
- Considerations
- Availability
- Resilience
- Cost
- Responsiveness
- Scalability
- Ease of deployment
- Risk transference
- Ease of recovery
- Patch availability
- Inability to patch
- Power
- Compute
|
3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
[edit | edit source]
- Infrastructure considerations
- Device placement
- Security zones
- Attack surface
- Connectivity
- Failure modes
- Device attribute
- Active vs. passive
- Inline vs. tap/monitor
- Network appliances
- Jump server
- Proxy server
- Intrusion prevention system (IPS)/intrusion detection system (IDS)
- Load balancer
- Sensors
- Port security
- 802.1X
- Extensible Authentication Protocol (EAP)
- Firewall types
- Web application firewall (WAF)
- Unified threat management (UTM)
- Next-generation firewall (NGFW)
- Layer 4/Layer 7
|
- Secure communication/access
- Virtual private network (VPN)
- Remote access
- Tunneling
- Transport Layer Security (TLS)
- Internet protocol security (IPSec)
- Software-defined wide area network (SD-WAN)
- Secure access service edge (SASE)
- Selection of effective controls
|
3.3 Compare and contrast concepts and strategies to protect data.
[edit | edit source]
- Data types
- Regulated
- Trade secret
- Intellectual property
- Legal information
- Financial information
- Human- and non-human-readable
- Data classifications
- Sensitive
- Confidential
- Public
- Restricted
- Private
- Critical
|
- General data considerations
- Data states
- Data at rest
- Data in transit
- Data in use
- Data sovereignty
- Geolocation
- Methods to secure data
- Geographic restrictions
- Encryption
- Hashing
- Masking
- Tokenization
- Obfuscation
- Segmentation
- Permission restrictions
|
3.4 Explain the importance of resilience and recovery in security architecture.
[edit | edit source]
- High availability
- Load balancing vs. clustering
- Site considerations
- Hot
- Cold
- Warm
- Geographic dispersion
- Platform diversity
- Multi-cloud systems
- Continuity of operations
- Capacity planning
- People
- Technology
- Infrastructure
|
- Testing
- Tabletop exercises
- Fail over
- Simulation
- Parallel processing
- Backups
- Onsite/offsite
- Frequency
- Encryption
- Snapshots
- Recovery
- Replication
- Journaling
- Power
- Generators
- Uninterruptible power supply (UPS)
|
4.1 Given a scenario, apply common security techniques to computing resources.
[edit | edit source]
- Secure baselines
- Establish
- Deploy
- Maintain
- Hardening targets
- Mobile devices
- Workstations
- Switches
- Routers
- Cloud infrastructure
- Servers
- ICS/SCADA
- Embedded systems
- RTOS
- IoT devices
- Wireless devices
- Installation considerations
|
- Mobile solutions
- Mobile device management (MDM)
- Deployment models
- Bring your own device (BYOD)
- Corporate-owned, personally enabled (COPE)
- Choose your own device (CYOD)
- Connection methods
- Wireless security settings
- Wi-Fi Protected Access 3 (WPA3)
- AAA/Remote Authentication Dial-In User Service (RADIUS)
- Cryptographic protocols
- Authentication protocols
- Application security
- Input validation
- Secure cookies
- Static code analysis
- Code signing
- Sandboxing
- Monitoring
|
4.2 Explain the security implications of proper hardware, software, and data asset management.
[edit | edit source]
- Acquisition/procurement process
- Assignment/accounting
- Monitoring/asset tracking
|
- Disposal/decommissioning
- Sanitization
- Destruction
- Certification
- Data retention
|
4.3 Explain various activities associated with vulnerability management.
[edit | edit source]
- Identification methods
- Vulnerability scan
- Application security
- Static analysis
- Dynamic analysis
- Package monitoring
- Threat feed
- Open-source intelligence (OSINT)
- Proprietary/third-party
- Information-sharing organization
- Dark web
- Penetration testing
- Responsible disclosure program
- System/process audit
|
- Analysis
- Confirmation
- False positive
- False negative
- Prioritize
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerability Enumeration (CVE)
- Vulnerability classification
- Exposure factor
- Environmental variables
- Industry/organizational impact
- Risk tolerance
- Vulnerability response and remediation
- Patching
- Insurance
- Segmentation
- Compensating controls
- Exceptions and exemptions
- Validation of remediation
- Rescanning
- Audit
- Verification
- Reporting
|
- Monitoring computing resources
- Systems
- Applications
- Infrastructure
- Activities
- Log aggregation
- Alerting
- Scanning
- Reporting
- Archiving
- Alert response and remediation/validation
|
- Tools
- Security Content Automation Protocol (SCAP)
- Benchmarks
- Agents/agentless
- Security information and event management (SIEM)
- Antivirus
- Data loss prevention (DLP)
- Simple Network Management Protocol (SNMP) traps
- NetFlow
- Vulnerability scanners
|
4.5 Given a scenario, modify enterprise capabilities to enhance security.
[edit | edit source]
- Firewall
- Rules
- Access lists
- Ports/protocols
- Screened subnets
- IDS/IPS
- Web filter
- Agent-based
- Centralized proxy
- Universal Resource Locator (URL) scanning
- Content categorization
- Block rules
- Reputation
- Operating system security
|
- Implementation of secure protocols
- Protocol selection
- Port selection
- Transport method
- DNS filtering
- Email security
- Domain-based Message Authentication Reporting and Conformance (DMARC)
- DomainKeys Identified Mail (DKIM)
- Sender Policy Framework (SPF)
- Gateway
- File integrity monitoring
- DLP
- Network access control (NAC)
- Endpoint detection and response (EDR)/extended detection and response (XDR)
- User behavior analytics
|
4.6 Given a scenario, implement and maintain identity and access management.
[edit | edit source]
- Provisioning/de-provisioning user accounts
- Permission assignments and implications
- Identity proofing
- Federation
- Single sign-on (SSO)
- Lightweight Directory Access Protocol (LDAP)
- Open authorization (OAuth)
- Security Assertions Markup Language (SAML)
- Interoperability
- Attestation
- Access controls
- Mandatory
- Discretionary
- Role-based
- Rule-based
- Attribute-based
- Time-of-day restrictions
- Least privilege
|
- Multifactor authentication
- Implementations
- Biometrics
- Hard/soft authentication tokens
- Security keys
- Factors
- Something you know
- Something you have
- Something you are
- Somewhere you are
- Password concepts
- Password best practices
- Length
- Complexity
- Reuse
- Expiration
- Age
- Password managers
- Passwordless
- Privileged access management tools
- Just-in-time permissions
- Password vaulting
- Ephemeral credentials
|
- Use cases of automation and scripting
- User provisioning
- Resource provisioning
- Guard rails
- Security groups
- Ticket creation
- Escalation
- Enabling/disabling services and access
- Continuous integration and testing
- Integrations and Application programming interfaces (APIs)
|
- Benefits
- Efficiency/time saving
- Enforcing baselines
- Standard infrastructure configurations
- Scaling in a secure manner
- Employee retention
- Reaction time
- Workforce multiplier
- Other considerations
- Complexity
- Cost
- Single point of failure
- Technical debt
- Ongoing supportability
|
- Process
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Lessons learned
- Training
- Testing
- Tabletop exercise
- Simulation
|
- Root cause analysis
- Threat hunting
- Digital forensics
- Legal hold
- Chain of custody
- Acquisition
- Reporting
- Preservation
- E-discovery
|
4.9 Given a scenario, use data sources to support an investigation
[edit | edit source]
- Log data
- Firewall logs
- Application logs
- Endpoint logs
- OS-specific security logs
- IPS/IDS logs
- Network logs
- Metadata
|
- Data sources
- Vulnerability scans
- Automated reports
- Dashboards
- Packet captures
|
5.1 Summarize elements of effective security governance.
[edit | edit source]
- Guidelines
- Policies
- Standards
- Password
- Access control
- Physical security
- Encryption
- Procedures
- Change management
- Onboarding/offboarding
- Playbooks
|
- External considerations
- Regulatory
- Legal
- Industry
- Local/regional
- National
- Global
- Monitoring and revision
- Types of governance structures
- Boards
- Committees
- Government entities
- Centralized/decentralized
- Roles and responsibilities for systems and data
- Owners
- Controllers
- Processors
- Custodians/stewards
|
5.3 Explain the processes associated with third-party risk assessment and management.
[edit | edit source]
- Vendor assessment
- Penetration testing
- Right-to-audit clause
- Evidence of internal audits
- Independent assessments
- Supply chain analysis
- Vendor selection
- Due diligence
- Conflict of interest
|
- Agreement types
- Service-level agreement (SLA)
- Memorandum of agreement (MOA)
- Memorandum of understanding (MOU)
- Master service agreement (MSA)
- Work order (WO)/statement of work (SOW)
- Non-disclosure agreement (NDA)
- Business partners agreement (BPA)
- Vendor monitoring
- Questionnaires
- Rules of engagement
|
5.4 Summarize elements of effective security compliance.
[edit | edit source]
- Compliance reporting
- Consequences of non-compliance
- Fines
- Sanctions
- Reputational damage
- Loss of license
- Contractual impacts
- Compliance monitoring
- Due diligence/care
- Attestation and acknowledgement
- Internal and external
- Automation
|
- Privacy
- Legal implications
- Local/regional
- National
- Global
- Data subject
- Controller vs. processor
- Ownership
- Data inventory and retention
- Right to be forgotten
|
5.5 Explain types and purposes of audits and assessments.
[edit | edit source]
- Attestation
- Internal
- Compliance
- Audit committee
- Self-assessments
- External
- Regulatory
- Examinations
- Assessment
- Independent third-party audit
|
- Penetration testing
- Physical
- Offensive
- Defensive
- Integrated
- Known environment
- Partially known environment
- Unknown environment
- Reconnaissance
|
5.6 Given a scenario, implement security awareness practices.
[edit | edit source]
- Phishing
- Campaigns
- Recognizing a phishing attempt
- Responding to reported suspicious messages
- Anomalous behavior recognition
- Risky
- Unexpected
- Unintentional
|
- User guidance and training
- Policy/handbooks
- Situational awareness
- Insider threat
- Password management
- Removable media and cables
- Social engineering
- Operational security
- Hybrid/remote work environments
- Reporting and monitoring
- Development
- Execution
|
