Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability
Expert
- 16 videos | 1h 4m 15s
- Includes Assessment
- Earns a Badge
This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, and explores auditor responsibilities such as identifying network and host weaknesses, reporting them to stakeholders, and suggesting recommendations to improve an organization's security. Learn to distinguish between white, black, and gray box testing, and then explore the benefits of periodic scans for identifying vulnerabilities. Learn how to use pen tests, and evaluate environmental and physical security controls. Next, learn how to use Nessus, a free remote security scanning tool. This course demonstrates how to forge TCP (transmission control protocol) network traffic by using the hping3 tool in Kali Linux. This course demonstrates the OWASP (open-source web application security scanner) ZAP (zed attack proxy) tool to identify web app vulnerabilities. You will learn how to secure traffic by using IPSec (internet security protocol), configure a cloud-based jump box, and about honey pots. Next, learn to secure assets with physical controls and the eavesdropping risk of drones. Finally, learners will be able to identify different types of fire suppression systems.
WHAT YOU WILL LEARN
-
discover the subject areas covered in this course
distinguish between white, gray, and black-box testing
recall the benefits of periodic vulnerability scans and awareness of CVEs
use the free Nessus tool to execute a vulnerability scan
compare baseline and current network scans to identify changes
describe the pen test procedure from reconnaissance to exploiting vulnerabilities
forge network traffic using hping3 in Kali Linux
use OWASP ZAP to scan a web site for vulnerabilities -
analyze IPsec network traffic
configure a cloud-based jump box to allow access to internal hosts
recognize where honeypots can be used to monitor malicious traffic
consider potential business process risks related to heating, ventilation, and air conditioning
describe methods of securing assets using physical controls
describe how drones can present eavesdropping and other risks
identify different types of fire suppression
differentiate between vulnerability and penetration testing, describe the purpose of a jump box, list physical security examples, and perform a non-credentialed vulnerability scan
IN THIS COURSE
-
2m 44s
-
4m 12s
-
3. Vulnerability Scanning3m 36s
-
4. Performing a Vulnerability Scan6m 12s
-
5. Network Scan Comparison2m 32s
-
6. Penetration Testing3m 31s
-
7. Packet Forgery3m 38s
-
8. Web Application Vulnerability Scan3m 40s
-
9. IPsec Network Traffic5m 26s
-
10. Jump Boxes5m 2s
-
11. Honeypots3m 41s
-
12. HVAC3m 6s
-
13. Physical Security5m 9s
-
14. Drones and Proximity Security5m 26s
-
15. Fire Suppression Systems2m 38s
-
16. Exercise: Host and Network Weaknesses3m 40s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
