CISM 2022: Cryptography and Data Protection Competency (Intermediate Level)

  • 30m
  • 30 questions
The Cryptography and Data Protection Competency (Intermediate Level) benchmark measures your knowledge and skills in protecting data from unauthorized access, modification, and theft. A learner who scores high on this benchmark demonstrates competency in encryption and decryption implementation techniques, cryptographic key management, and the creation and implementation of data protection policies and procedures. They have also had some working exposure to the protection of data in transit and at rest, as well as the use of secure storage and backup systems.

Topics covered

  • apply group policy settings to secure Windows stations
  • configure an HTTPS binding for a web application
  • configure EFS file encryption
  • configure Linux file system encryption to protect data at rest
  • configure Microsoft BitLocker to protect data at rest
  • configure Microsoft Windows virus and threat protection
  • configuring a web app to require client PKI certificates
  • consider how HSMs are used for encryption offloading and the storage of cryptographic secrets
  • create a repeatable compliant sandbox testing environment in the cloud
  • create a Windows-based private CA
  • delete a disk partition using a multiple pass disk wiping tool
  • determine when email messages are fraudulent for phishing and spear phishing attacks
  • discuss various methods of hardening network devices and device OSs
  • enable a VM managed identity for resource access
  • harden a network printer
  • harden a Wi-Fi router
  • list common digital forensic hardware and software solutions
  • list methods of securing a SAN
  • list the characteristics of common malware types
  • manage Windows public key infrastructure certificate templates
  • outline various cloud-based security solutions
  • recall how TPM provides a local device cryptographic store
  • recognize common secure coding practices
  • recognize how security applies to all SDLC phases
  • recognize how security should integrate with development and operations such as testing, deployment, and patching
  • recognize how social engineering uses deception to acquire sensitive information
  • recognize the various stages of the PKI certificate lifecycle
  • upload infected files for analysis to a scanning service
  • use Microsoft InTune to centrally manage devices
  • use the Social Engineering Toolkit (SET) to execute social engineering attacks