Systems Security Certified Practitioner (SSCP)

01. Security Operations and Administration

• What is ISC/SSCP
• Exam length/type (3 hrs 125 questions)
• ISC^2 Code of Ethics
• Security Basics
• CIAA
• Least privilege
• Segregation of duties
• Security controls
• Technical controls
• Password requirements
• Lockout policies
• Physical controls
• Locks
• Bollards/fencing
• Cameras
• Mantraps
• Badges
• Administrative controls
• Policies
• Procedures
• Employee training
• Assessing compliance
• Periodic audit and review of policies
• Types of security controls
• Deterrent
• Corrective
• Preventative
• Asset management
• Data retention requirements
• Inventory
• Licensing models
• Change management lifecycle

02. Access Controls

• Types of authentication
• MFA
• SSO
• Access Controls
• Allow/deny access
• Read/Write/Execute privileges
• RBAC
• Rule Based Access Control
• MAC
• DAC
• Trust relationships
• Flow of trust
• One and two way
• Transitive
• Zero
• Identity management
• IAM systems
• Provision/deprovision
• Authorization

03. Risk Identification

• Definitions – risk, risk management, vulnerability
• Determining risk levels
• Probability x loss
• Values of assets
• Key Risk Indicator
• Types of risk responses
• Avoidance
• Transference
• Acceptance
• Mitigation
• Identifying risks and vulnerabilities
• Vulnerability scanners (Mod 1)
• Internal vs external testing
• Penetration testing
• STIGs
• Network vulnerabilities
• Creating baselines and anonamlies
• Risk management frameworks (RMF) – enterprise level
• NIST 800-171
• CMMC
• COBIT
• Vulnerability management planning
• Assessing risks
• Picking a tool or tools
• Creating reports
• Remediation
• Steps/planning
• Making changes
• Deploying countermeasures
• After actions reporting
• Continuous monitoring
• IDS/IPS
• Types of intrusions
• Indicators of intrusion
• File system
• New/missing files
• Changed permissions
• Slow performance of systems/crashing
• Network
• Failed/repeated login attempts
• Connections from other countries/unusual log activity
• Metrics and data analysis
• Logs
• Anomalies
• Event triggers
• Legal restraints
• Laws governing data
• Regulations
• Privacy laws

04. Incident Response

• Response plan
• First responder
• Contacts – who to call
• Documenting a response plan
• First steps
• Make contact
• Assessing the situation
• Recording any changes/moves made to secure data – chain of custody
• Contain damage (disconnect drives, etc)
• Next steps
• Assess damage
• Determine severity level
• Plan on how to resolve issue
• Investigate source of incident – forensic investigation
• Logs
• Network diagnostics
• Host AV/logs
• Begin recovery
• Pull data from backups
• Eliminate threat (if virus/malware)
• Document all actions
• After actions reporting
• Cost of damages
• Document all actions taken
• Document future prevention plan
• Provide employee/personal training to avoid repeat scenario
• Backup planning
• Types of backups
• How backups work
• Archive flags
• Changes
• Daily/weekly/monthly
• Advantages/disadvantages
• Some servers may require different needs, examples
• Differential
• Incremental
• Full
• Backup Locations
• Cloud
• Pros/cons
• Tapes
• Pros/cons
• Offsite backups
• Hot/cold/warm backup sites
• High availability
• Testing backups
• Recovery drills
• Emergency response plans
• Business continuity plans
• Implementation and design
• Testing
• Disaster recovery plans
• Implementation and design
• Testing

05. Cryptography

• Laws and regulations
• PII/PHI/intellectual property
• HIPAA
• Laws wrt these
• PCI-DSS
• ISO
• Data encryption
• How encryption works
• Symmetric vs asymmetric
• Encryption during transit
• Encryption at rest
• Strength of encryptions
• 128/216 bit etc
• RSA, AES etc
• What is Public Key Infrastructure (PKI)
• Private key and public key
• Explanation/metaphorical examples
• Certificate authority
• What uses PKI
• Key creation and destruction
• PGP
• GPG
• Blockchain
• Nonrepudiation
• Hashing
• Salting
• Digital Signatures
• Digital signature encryption
• HMAC
• Security protocols
• IPSEC
• TLS
• SSL/TLS
• S/MIME
• DKIM

06. Network and Communication Security

• Parts of a network
• Hosts
• Servers
• Routers/switches
• Firewalls
• IDS/IPS
• TCP/IP model
• Layers
• Functions of each layer in brief
• OSI Model
• Layers
• Functions of each layer
• Compare/contrast models side by side
• Show how network traffic passes through end to end
• Important protocols in IP stack
• TCP
• UDP
• HTTP
• Email protocols
• Other common protocols – FTP, DNS
• Network topologies
• Mesh
• Star
• Bus
• Ring
• Hybrid
• Peer-to-peer
• Switches
• Function
• Topology diagram
• VLANs
• Switchport abilities
• Trunking
• Routers
• Function vs. switches
• Topology diagram
• Routing protocols
• Communication over the network
• Load balancing
• RADIUS
• TACACS
• ACLs
• Remote access through VPN
• VPN
• Benefits
• Remote work
• Security of data
• Encapsulation/tunneling
• L2TP
• SSH
• PPTP
• Types
• IPSec
• SSL VPN
• Site to site VPN
• Hardware VPN
• Software VPN
• Function
• Process of connection
• AAA
• MFA
• VPN topology
• Diagrams
• Firewalls
• Firewall policies
• ACLs
• Black/whitelisting
• Implicit deny
• Rulesets
• Firewall technologies
• NAT
• VPN
• Packet filtering
• Packet inspection
• DMZ
• Public facing servers
• Selecting an appropriate technology
• Best practices
• Logging
• Change management
• Non conflicting rules
• Patching
• Blocking traffic by type – pings etc
• Firewall evasion
• Other devices
• Honeypot
• Advantage/disadvantages
• Proxy server
• Advantages/disadvantages
• IDPS
• What does an IDS/IPS do
• Components of IDPS
• Network sensor
• Network analyzer
• Admin Console
• Alert system
• Database of attack signatures to compare
• IDS – detects intrusions
• IPS – prevents and blocks intrusions
• Inspection of traffic
• Placement – behind firewall – monitors already filtered traffic
• Activities of IDPS
• Sending logging information out
• Alerts to admins
• Reporting
• Signature matching of attacks
• IDS alerts
• True/false Positive/Negative
• Recovery after false positive/negative alert
• NIDS
• Information gathering
• Packet sniffing
• Network details
• False positives and negatives
• How to tune to be accurate
• Wireless technology
• Components of wireless network
• Wireless router
• Access points
• Wireless NIC
• Repeater
• Pros/Cons of wireless
• Security issues
• Mobile device usage
• No cords
• Ease of use
• Wireless topology
• IBSS (ad hoc)
• BSS
• Wireless Standards
• Encryption
• WEP
• WPA
• WPA2
• EAP
• Comparison/pros/cons
• Authentication
• Shared key
• Open connection
• Threats
• Evil Twin
• MAC Spoofing
• MITM
• War driving
• Rogue AP
• Prevention
• Security auditing tools
• Password complexity
• WiFi scanners
• Disabling SSID broadcast
• Using strong encryption
• Mac Address filtering
• Network/traffic monitoring
• Placement of APs/antennas
• RF interference
• Directional antenna
• Reducing signal strength/distance
• Bluetooth
• Functionality
• Technology
• NFC technology

07. Systems and Applications Security

• Network attacks
• DDOS
• Malicious code/malware
• Ransomware
• Trojans
• Exploits
• Spyware/Adware
• Man in the Middle
• Rootkits
• Social Engineering attacks
• Phishing
• Spear phishing
• Whaling
• Password hacking
• Brute force
• Dictionary attacks
• System hardening
• Baseline configurations
• Imaging
• STIG
• Common configurations
• Host security basics
• Patch management
• Windows best practices
• BIOS passwords
• User account creation/deletion
• Windows Firewall
• Hardening Windows servers
• Anti-Virus
• Types of AV
• Purpose of AV and function
• Signatures
• Patching
• Blocking executable/malicious code
• Linux security
• Log review and audit
• Disable unnecessary services/processes
• Switch/Router security
• Hardening switches
• Syslog review
• Virtualization security
• Hypervisors
• VMs
• Software firewalls
• Host based IDS
• Analyzes host traffic
• Detects host events
• Drawbacks
• Host Based firewalls
• Configuration
• Management
• Utilities
• Common types
• Application whitelisting
• Mobile device management
• BYOD
• COPE
• Encryption
• Mobile application management
• Restrictions
• DLP
• Disk encryption
• Bitlocker, etc
• Whole disk encryption
• File level encryption
• Containerization
• Cloud security
• Types of cloud deployments
• Public
• Private
• Hybrid
• Community
• Service models
• IAAS
• PAAS
• SAAS
• Data transmission
• Benefits/drawbacks of cloud
• Data ownership in cloud environments
• Service level agreements
• Uptime expectation
• Outsourcing data destruction
• Data portability
• Virtualization
• Components of virtual systems
• Hypervisor
• VM
• Virtual switch
• Data store – shared storage
• Containerization
• Virtualization threats