SecOps Competency (Intermediate Level)

Topics covered

• compare vulnerability to penetration testing and describe the function of each
• describe black box penetration testing and why it may be used
• describe cryptography and its four goals
• describe grey box penetration testing and why it may be used
• describe how indicators of compromise can help reduce exploits in an environment
• describe how to find a vulnerability using scanners and other techniques
• describe organizational risk tolerance and why it is important
• describe policies and procedures for keeping systems secure in preemptive troubleshooting
• describe preemptive troubleshooting and how it applies to security and SecOps
• describe the common types of penetration and the importance of testing each type
• describe the different categories of findings
• describe the importance of setting stopping points and when to stop a penetration test
• describe the rules of engagement and how they are used
• describe what should be documented during a penetration test and why it is important
• describe white box penetration testing and why it may be used
• differentiate between malware types and recognize some of the consequences of using targeted malware
• differentiate between scanning and enumeration
• differentiate between symmetric and asymmetric cryptography
• recognize how preemptive troubleshooting is different than intrusion detection systems
• recognize how to choose a password cracking technique
• update hardware and recognize the importance of doing so
• update software and recognize the importance of doing so
• use password policies to enforce compliance
• use tools to troubleshoot hardware and policies to prevent security compromise