CISM 2022: Network Security Competency (Intermediate Level)

  • 30m
  • 29 questions
The Network Security Competency (Intermediate Level) benchmark measures your knowledge and skills in protecting an organization's network infrastructure from unauthorized access, attacks, and other security threats. A learner who scores high on this benchmark demonstrates competency in the knowledge and understanding of the implementation of network security policies, procedures, controls, network segmentation, use of firewalls, intrusion detection and prevention systems, and other security technologies.

Topics covered

  • configure a honeypot
  • configure firewall rules in an Azure NSG
  • configure Linux network firewall settings
  • configure various types of firewall settings in Azure Firewall
  • create a VMware Workstation disconnected virtual network switch
  • describe common Wi-Fi attacks
  • discuss how IDS and IPS solutions address security issues
  • discuss the mechanics of a SYN flood attack
  • discuss the role played by forward and reverse proxy servers
  • harden DHCP and DNS services
  • install and configure the Snort IDS tool
  • list various ways of authenticating to a Wi-Fi network
  • open and analyze a packet capture using WireShark
  • recall how buffer overflow attacks work and how to mitigate them
  • recall how bug bounties offer rewards for the identification of flaws in hardware and software
  • recall how reverse shells works and how to mitigate this risk
  • recall the security aspect of DHCP and DNS usage
  • recognize how APTs are executed
  • recognize the different types of firewalls including WAF, their placement such as in the DMZ, and when they should be used
  • recognize the importance of the OWASP Top 10 when hardening web applications
  • recognize where honeypots and honeynets can be used to monitor malicious traffic
  • run a distributed denial-of-service (DoS) attack against a website
  • run a SQL injection attack
  • scan a network using Nmap to determine which devices are present
  • use hping3 to forge network traffic
  • use the BeEF tool to hack a web browser
  • use the Hydra tool to brute force a Windows remote desktop protocol (RDP) connection
  • use the MITRE ATT&CK knowledge base
  • use VPNs for anonymity and install and use the Tor browser