CISM 2022: Security Operations and Identity and Access Management (IAM) Competency (Intermediate Level)

Topics covered

• analyze web server access logs
• assign roles to the Microsoft Azure hierarchy
• benefit from lessons learned during incident response
• configure Microsoft Sentinel for data ingestion
• configure the Linux syslog daemon for log forwarding
• configure triggers to automate incident response
• configure Windows Event Viewer log forwarding
• create AWS IAM users and groups
• create Azure AD users and groups
• create Linux users and groups
• create Windows users and groups
• describe common characteristics of an incident response plan including communication plans
• determine group memberships and permissions through user attributes
• determine when and how specific incidents, such as with cloud providers, are escalated
• discuss the role authentication plays to allow resource access
• discuss true positives and negatives as well as false positives and negatives
• enable MFA for AWS IAM user accounts
• implement DAC with Linux file system permissions
• implement DAC with Windows file system permissions
• monitor Linux host performance
• monitor performance metrics in a cloud computing environment
• monitor Windows host performance
• recall how a SIEM solution servers as a central ingestion point for security analysis
• recall how a SOAR solution servers as a method of automating security incident remediation
• recall how security incidents can be contained to limit further damage
• recall how security incidents can be eradicated through threat removal and restoration of services
• use resource and Active Directory attributes to conditionally grant file system permissions
• use the delegation of control wizard to enable others to manage AD objects
• view, search and filter Linux logs
• view, search and filter Windows logs