Skip to content

Kurikulum

Comparing Security Roles and Security Controls

  • Compare and Contrast Information Security Roles
  • Cybersecurity Framework
  • Information Security Competencies
  • Information Security Roles and Responsibilities
  • Information Security Business Units
  • Compare and Contrast Security Control And Framework Types
  • Security Control Categories
  • Security Control Functional Types
  • NIST Cybersecurity Framework
  • ISO and Cloud Frameworks
  • Benchmarks and Secure Configuration Guides
  • Regulations, Standards, and Legislation
  • Lab 1 - Compare and Contrast Security Control and Framework Types (PBQ)
  • kuis 01

Explaining Threat Actors and Threat Intelligence

  • Explain Threat Actor Types and Attack Vectors
  • Attributes of Threat Actors
  • Hackers, Script Kiddies, and Hacktivists
  • State Actors and Advanced Persistent Threats
  • Criminal Syndicates and Competitors
  • Insider Threat Actors
  • Attack Surface and Attack Vectors
  • Explain Threat Intelligence Sources
  • Threat Research Sources
  • Threat Intelligence Providers
  • Other Threat Intelligence Research Sources
  • Tactics, Techniques, and Procedures and Indicators of Compromise
  • Threat Data Feeds
  • Artificial Intelligence and Predictive Analysis
  • kuis 02

Performing Security Assessment

  • Assess Organizational Security with Network Reconnaissance Tools
  • ipconfig, ping, and ARP
  • route and traceroute
  • IP Scanners and Nmap
  • Service Discovery and Nmap
  • netstat and nslookup
  • Other Reconnaissance and Discovery Tools
  • Packet Capture and tcpdump
  • Packet Analysis and Wireshark
  • Packet Injection and Replay
  • Exploitation Frameworks
  • Netcat
  • Explain Security Concerns with General Vulnerability Types
  • Zero-day and Legacy Platform Vulnerabilities
  • Weak Host Configurations
  • Weak Network Configurations
  • Impacts from Vulnerabilities
  • Third-Party Risks
  • Summarize Vulnerability Scanning Techniques
  • Vulnerability Scan Types
  • Common Vulnerabilities and Exposures
  • Intrusive versus Non-intrusive Scanning
  • Credentialed versus Non-Credentialed Scanning
  • False Positives, False Negatives, and Log Review
  • Configuration Review
  • Threat Hunting
  • Explain Penetration Testing Concepts
  • Rules of Engagement
  • Exercise Types
  • Passive and Active Reconnaissance
  • Pen Test Attack Life Cycle
  • Lab 3: Assess Organizational Security with Network Reconnaissance Tools (PBQ)
  • kuis 03

Identifying Social Engineering and Malware

  • Compare and Contrast Social Engineering Techniques
  • Social Engineering Principles
  • Impersonation and Trust
  • Dumpster Diving and Tailgating
  • Identity Fraud and Invoice Scams
  • Phishing, Whaling, and Vishing
  • Spam, Hoaxes, and Prepending
  • Pharming and Credential Harvesting
  • Influence Campaigns
  • Analyze Indicators of Malware-Based Attacks
  • Malware Classification
  • Computer Viruses
  • Computer Worms and Fileless Malware
  • Spyware and Keyloggers
  • Backdoors and Remote Access Trojans
  • Rootkits
  • Ransomware, Crypto-Malware, and Logic Bombs
  • Malware Indicators
  • Process Analysis
  • Lab 4: Analyze Indicators of Malware-Based Attacks (PBQ)
  • kuis 04

Summarizing Basic Cryptographic Concepts

  • Compare and Contrast Cryptographic Ciphers
  • Cryptographic Concepts
  • Hashing Algorithms
  • Encryption Ciphers and Keys
  • Symmetric Encryption
  • Stream and Block Ciphers
  • Asymmetric Encryption
  • Public Key Cryptography Algorithms
  • Summarize Cryptographic Modes of Operation
  • Digital Signatures
  • Digital Envelopes and Key Exchange
  • Digital Certificates
  • Perfect Forward Secrecy
  • Cipher Suites and Modes of Operation
  • Authenticated Modes of Operation
  • Summarize Cryptographic Use Cases and Weaknesses
  • Cryptography Supporting Authentication and Non-repudiation
  • Cryptography Supporting Confidentiality
  • Cryptography Supporting Integrity and Resiliency
  • Cryptographic Performance Limitations
  • Cryptographic Security Limitations
  • Longevity and Cryptographic Attacks
  • Man-in-the-Middle and Downgrade Attacks
  • Key Stretching and Salting
  • Collisions and the Birthday Attack
  • Summarize Other Cryptographic Technologies
  • Quantum and Post-quantum
  • Homomorphic Encryption
  • Steganography
  • kuis 05

Implementing Public Key Infrastructure

  • Implement Certificates and Certificate Authorities
  • Public and Private Key Usage
  • Certificate Authorities
  • PKI Trust Models
  • Registration Authorities and CSRs
  • Digital Certificates
  • Certificate Attributes
  • Subject Name Attributes
  • Types of Certificate
  • Web Server Certificate Types
  • Other Certificate Types
  • Implement PKI Management
  • Certificate and Key Management
  • Key Recovery and Escrow
  • Certificate Expiration
  • Certificate Revocation Lists
  • Online Certificate Status Protocol Responders
  • Certificate Pinning
  • Certificate Formats
  • OpenSSL
  • Certificate Issues
  • Lab 6: Implement Certificates and Certificate Authorities (PBQ)
  • kuis 06

Implementing Authentication Controls

  • Summarize Authentication Design Concepts
  • Identity and Access Management
  • Authentication Factors
  • Authentication Design
  • Multifactor Authentication
  • Authentication Attributes
  • Implement Knowledge-Based Authentication
  • Local, Network, and Remote Authentication
  • Kerberos Authentication
  • Kerberos Authorization
  • PAP, CHAP, and MS-CHAP Authentication
  • Password Attacks
  • Brute Force and Dictionary Attacks
  • Password Crackers
  • Authentication Management
  • Implement Authentication Technologies
  • Key Management Devices
  • Extensible Authentication Protocol/IEEE 802.1X
  • Remote Authentication Dial-in User Service
  • Terminal Access Controller Access-Control System
  • Token Keys and Static Codes
  • Open Authentication
  • 2-Step Verification
  • Summarize Biometrics Authentication Concepts
  • Fingerprint Recognition
  • Facial Recognition
  • Behavioral Technologies
  • Lab 7: Implement Knowledge-Based Authentication (PBQ)
  • kuis 07

Implementing Identity and Account Management Controls

  • Implement Identity and Account Types
  • Identity Management Controls
  • Background Check and Onboarding Policies
  • Personnel Policies for Privilege Management
  • Offboarding Policies
  • Security Account Types and Credential Management
  • Security Group-Based Privileges
  • Administrator/Root Accounts
  • Service Accounts
  • Shared/Generic/Device Accounts and Credentials
  • Secure Shell Keys and Third-party Credentials
  • Implement Account Policies
  • Account Attributes and Access Policies
  • Account Password Policy Settings
  • Account Restrictions
  • Account Audits
  • Account Permissions
  • Usage Audits
  • Account Lockout and Disablement
  • Implement Authorization Solutions
  • Discretionary and Role-Based Access Control
  • File System Permissions
  • Mandatory and Attribute-Based Access Control
  • Rule-Based Access Control
  • Directory Services
  • Federation and Attestation
  • Security Assertions Markup Language
  • OAuth and OpenID Connect
  • Explain the Importance of Personnel Policies
  • Conduct Policies
  • User and Role-based Training
  • Diversity of Training Techniques
  • Lab 8: Implement Identity and Account Types; Implement Account Policies (PBQ)
  • kuis 08

Implementing Secure Network Designs

  • Environment Lab Preparation [ID]
  • Implement Secure Network Designs
  • Business Workflows and Network Architecture
  • Network Appliances
  • Routing and Switching Protocols
  • Network Segmentation
  • Network Topology and Zones
  • Demilitarized Zones
  • Demilitarized Zone Topologies
  • Screened Hosts
  • Implications of IPv6
  • Other Secure Network Design Considerations
  • Implement Secure Switching and Routing
  • Man-in-the-Middle and Layer 2 Attacks
  • ARP Poisoning and MAC Flooding Attacks
  • Loop Prevention
  • Physical Port Security and MAC Filtering
  • Network Access Control
  • Route Security
  • Implement Secure Wireless Infrastructure
  • Wireless Network Installation Considerations
  • Controller and Access Point Security
  • Wi-Fi Protected Access
  • Wi-Fi Authentication Methods
  • Wi-Fi Protected Setup
  • Open Authentication and Captive Portals
  • Enterprise/IEEE 802.1X Authentication
  • Extensible Authentication Protocol
  • PEAP, EAP-TTLS, and EAP-FAST
  • RADIUS Federation
  • Rogue Access Points and Evil Twins
  • Disassociation and Replay Attacks
  • Jamming Attacks
  • Implement Load Balancers
  • Distributed Denial of Service Attacks
  • Amplification, Application, and OT Attacks
  • Distributed Denial of Service Attack Mitigation
  • Load Balancing
  • Clustering
  • Quality of Service (QoS)
  • Lab 9: Implement Secure Switching and Routing (PBQ)
  • Lab 9.1: Firewall NAT Rules
  • kuis 09

Implementing Network Security Appliances

  • Implement Firewalls and Proxy Servers
  • Packet Filtering Firewalls
  • Stateful Inspection Firewalls
  • iptables
  • Firewall Implementation
  • Proxies and Gateways
  • Access Control Lists
  • Network Address Translation
  • Virtual Firewalls
  • Open-source versus Proprietary Firewalls
  • Implement Network Security Monitoring
  • Network-Based Intrusion Detection Systems
  • TAPs and Port Mirrors
  • Network-Based Intrusion Prevention Systems
  • Signature-Based Detection
  • Behavior and Anomaly-Based Detection
  • Next-generation Firewalls and Content Filters
  • Host-Based Intrusion Detection Systems
  • Web Application Firewalls
  • Summarize the Use of SIEM
  • Monitoring Services
  • Security Information and Event Management
  • Analysis and Report Review
  • File Manipulation
  • Regular Expressions and grep
  • Lab 10: Implement Firewalls and Proxy Servers (PBQ)
  • Lab 10.1: Intrusion Detection/Prevention System [ID]
  • kuis 10

Implementing Secure Network Protocols

  • Implement Secure Network Operations Protocols
  • DOMAIN NAME RESOLUTION
  • DNS POISONING
  • DNS SECURITY
  • SECURE DIRECTORY SERVICES
  • TIME SYNCHRONIZATION
  • Implement Secure Application Protocols
  • TRANSPORT LAYER SECURITY
  • API CONSIDERATIONS
  • FILE TRANSFER SERVICES
  • EMAIL SERVICES
  • SECURE/MULTIPURPOSE INTERNET MAIL EXTENSIONS
  • VOICE AND VIDEO SERVICES
  • Implement Secure Remote Access Protocols
  • TRANSPORT LAYER SECURITY VPN
  • INTERNET PROTOCOL SECURITY
  • IPSEC TRANSPORT AND TUNNEL MODES
  • INTERNET KEY EXCHANGE
  • LAYER 2 TUNNELING PROTOCOL AND IKE V2
  • VPN CLIENT CONFIGURATION
  • REMOTE DESKTOP
  • OUT-OF-BAND MANAGEMENT AND JUMP SERVERS
  • SECURE SHELL
  • Lab 11: Implement Secure Remote Access Protocols (PBQ)
  • kuis 11

Implementing Host Security Solutions

  • Implement Secure Firmware
  • HARDWARE ROOT OF TRUST
  • BOOT INTEGRITY
  • DISK ENCRYPTION
  • USB AND FLASH DRIVE SECURITY
  • THIRD-PARTY RISK MANAGEMENT
  • END OF LIFE SYSTEMS
  • Implement Endpoint Security
  • BASELINE CONFIGURATION AND REGISTRY SETTINGS
  • PATCH MANAGEMENT
  • ENDPOINT PROTECTION
  • NEXT-GENERATION ENDPOINT PROTECTION
  • ANTIVIRUS RESPONSE
  • Explain Embedded System Security Implications
  • LOGIC CONTROLLERS FOR EMBEDDED SYSTEMS
  • EMBEDDED SYSTEMS COMMUNICATIONS CONSIDERATIONS
  • INDUSTRIAL CONTROL SYSTEMS
  • INTERNET OF THINGS
  • SPECIALIZED SYSTEMS FOR FACILITY AUTOMATION
  • SPECIALIZED SYSTEMS IN IT
  • SPECIALIZED SYSTEMS FOR VEHICLES AND DRONES
  • SECURITY FOR EMBEDDED SYSTEMS
  • kuis 12

Implementing Secure Mobile Solutions

  • Implement Mobile Device Management
  • ENTERPRISE MOBILITY MANAGEMENT
  • IOS IN THE ENTERPRISE
  • ANDROID IN THE ENTERPRISE
  • MOBILE ACCESS CONTROL SYSTEMS
  • REMOTE WIPE
  • LOCATION SERVICES
  • APPLICATION MANAGEMENT
  • CONTENT MANAGEMENT
  • Implement Secure Mobile Device Connections
  • CELLULAR AND GPS CONNECTION METHODS
  • WI-FI AND TETHERING CONNECTION METHODS
  • BLUETOOTH CONNECTION METHODS
  • INFRARED AND RFID CONNECTION METHODS
  • NEAR FIELD COMMUNICATIONS AND MOBILE PAYMENT SERVICES
  • USB CONNECTION METHODS
  • FIRMWARE OVER-THE-AIR UPDATES
  • Lab 13: Implement Mobile Device Management (PBQ)
  • kuis 13

Summarizing Secure Application Concepts

  • Analyze Indicators of Application Attacks
  • APPLICATION ATTACKS
  • OVERFLOW VULNERABILITIES
  • NULL POINTER DEREFERENCING AND RACE CONDITIONS
  • MEMORY LEAKS AND RESOURCE EXHAUSTION
  • DLL INJECTION AND DRIVER MANIPULATION
  • PASS THE HASH ATTACK
  • Analyze Indicators of Web Application Attacks
  • UNIFORM RESOURCE LOCATOR ANALYSIS
  • APPLICATION PROGRAMMING INTERFACE ATTACKS
  • REPLAY ATTACKS
  • SESSION HIJACKING AND CROSS-SITE REQUEST FORGERY
  • CROSS-SITE SCRIPTING
  • STRUCTURED QUERY LANGUAGE INJECTION ATTACKS
  • XML AND LDAP INJECTION ATTACKS
  • DIRECTORY TRAVERSAL AND COMMAND INJECTION ATTACKS
  • SERVER-SIDE REQUEST FORGERY
  • Summarize Secure Coding Practices
  • SECURE CODING TECHNIQUES
  • SERVER-SIDE VERSUS CLIENT-SIDE VALIDATION
  • DATA EXPOSURE AND MEMORY MANAGEMENT
  • SECURE CODE USAGE
  • STATIC CODE ANALYSIS
  • Implement Secure Script Environments
  • SCRIPTING
  • PYTHON SCRIPT ENVIRONMENT
  • POWERSHELL SCRIPT ENVIRONMENT
  • EXECUTION CONTROL
  • MALICIOUS CODE INDICATORS
  • POWERSHELL MALICIOUS INDICATORS
  • BASH AND PYTHON MALICIOUS INDICATORS
  • MACROS AND VISUAL BASIC FOR APPLICATIONS (VBA)
  • MAN-IN-THE-BROWSER ATTACK
  • Summarize Deployment and Automation Concepts
  • SECURE APPLICATION DEVELOPMENT ENVIRONMENTS
  • PROVISIONING, DEPROVISIONING, AND VERSION CONTROL
  • AUTOMATION/SCRIPTING RELEASE PARADIGMS
  • SOFTWARE DIVERSITY
  • Lab 14: Implement Secure Script Environments (PBQ)
  • Lab 14.1: Enkripsi Disk dengan Linux Unified Key Setup (LUKS)
  • kuis 14

Implementing Secure Cloud Solutions

  • Summarize Secure Cloud and Virtualization Services
  • CLOUD DEPLOYMENT MODELS
  • CLOUD SERVICE MODELS
  • ANYTHING AS A SERVICE
  • SECURITY AS A SERVICE
  • VIRTUALIZATION TECHNOLOGIES AND HYPERVISOR TYPES
  • VIRTUAL DESKTOP INFRASTRUCTURE AND THIN CLIENTS
  • APPLICATION VIRTUALIZATION AND CONTAINER VIRTUALIZATION
  • VM ESCAPE PROTECTION
  • VM SPRAWL AVOIDANCE
  • Apply Cloud Security Solutions
  • CLOUD SECURITY INTEGRATION AND AUDITING
  • CLOUD SECURITY CONTROLS
  • CLOUD COMPUTE SECURITY
  • CLOUD STORAGE SECURITY
  • HIGH AVAILABILITY
  • CLOUD NETWORKING SECURITY
  • VPCS AND TRANSIT GATEWAYS
  • VPC ENDPOINTS
  • CLOUD FIREWALL SECURITY
  • SECURITY GROUPS
  • CLOUD ACCESS SECURITY BROKERS
  • Summarize Infrastructure as Code Concepts
  • SERVICES INTEGRATION AND MICROSERVICES
  • APPLICATION PROGRAMMING INTERFACES
  • SERVERLESS ARCHITECTURE
  • INFRASTRUCTURE AS CODE
  • SOFTWARE-DEFINED NETWORKING
  • SOFTWARE-DEFINED VISIBILITY
  • FOG AND EDGE COMPUTING
  • Lab 15: Apply Cloud Security Solutions (PBQ)
  • Lab 15.1: Linux Security Assessment Dengan OpenSCAP
  • kuis 15

Explaining Data Privacy and Protection Concepts

  • Explain Privacy and Data Sensitivity Concepts
  • PRIVACY AND SENSITIVE DATA CONCEPTS
  • DATA ROLES AND RESPONSIBILITIES
  • DATA CLASSIFICATIONS
  • DATA TYPES
  • PRIVACY NOTICES AND DATA RETENTION
  • DATA SOVEREIGNTY AND GEOGRAPHICAL CONSIDERATIONS
  • PRIVACY BREACHES AND DATA BREACHES
  • DATA SHARING AND PRIVACY TERMS OF AGREEMENT
  • Explain Privacy and Data Protection Controls
  • DATA PROTECTION
  • DATA EXFILTRATION
  • DATA LOSS PREVENTION
  • RIGHTS MANAGEMENT SERVICES
  • PRIVACY ENHANCING TECHNOLOGIES
  • DATABASE DEIDENTIFICATION METHODS
  • Lab 16: Explain Privacy and Data Sensitivity Concepts (PBQ)
  • kuis 16

Performing Incident Response

  • Summarize Incident Response Procedures
  • INCIDENT RESPONSE PROCESS
  • CYBER INCIDENT RESPONSE TEAM
  • COMMUNICATION PLAN AND STAKEHOLDER MANAGEMENT
  • INCIDENT RESPONSE PLAN
  • CYBER KILL CHAIN ATTACK FRAMEWORK
  • OTHER ATTACK FRAMEWORKS
  • INCIDENT RESPONSE EXERCISES
  • INCIDENT RESPONSE, DISASTER RECOVERY, AND RETENTION POLICY
  • Utilize Appropriate Data Sources for Incident Response
  • INCIDENT IDENTIFICATION
  • SECURITY AND INFORMATION EVENT MANAGEMENT
  • SIEM DASHBOARDS
  • TREND ANALYSIS
  • LOGGING PLATFORMS
  • NETWORK, OS, AND SECURITY LOG FILES
  • APPLICATION LOG FILES
  • METADATA
  • NETWORK DATA SOURCES
  • Apply Mitigation Controls
  • INCIDENT CONTAINMENT
  • INCIDENT ERADICATION AND RECOVERY
  • FIREWALL CONFIGURATION CHANGES
  • CONTENT FILTER CONFIGURATION CHANGES
  • ENDPOINT CONFIGURATION CHANGES
  • SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE
  • ADVERSARIAL ARTIFICIAL INTELLIGENCE
  • Lab 17: Summarize Incident Response Procedures (PBQ)
  • kuis 17

Explaining Digital Forensics

  • Explain Key Aspects of Digital Forensics Documentation
  • KEY ASPECTS OF DIGITAL FORENSICS
  • DIGITAL FORENSICS REPORTS AND E-DISCOVERY
  • VIDEO AND WITNESS INTERVIEWS
  • TIMELINES
  • EVENT LOGS AND NETWORK TRAFFIC
  • STRATEGIC INTELLIGENCE AND COUNTERINTELLIGENCE
  • Explain Key Aspects of Digital Forensics Evidence Acquisition
  • DATA ACQUISITION AND ORDER OF VOLATILITY
  • DIGITAL FORENSICS SOFTWARE
  • SYSTEM MEMORY ACQUISITION
  • DISK IMAGE ACQUISITION
  • PRESERVATION AND INTEGRITY OF EVIDENCE
  • ACQUISITION OF OTHER DATA
  • DIGITAL FORENSICS FOR CLOUD
  • kuis 18

Summarizing Risk Management Concepts

  • Explain Risk Management Processes and Concepts
  • RISK MANAGEMENT PROCESSES
  • RISK TYPES
  • QUANTITATIVE RISK ASSESSMENT
  • QUALITATIVE RISK ASSESSMENT
  • RISK MANAGEMENT STRATEGIES
  • RISK AVOIDANCE AND RISK TRANSFERENCE
  • RISK ACCEPTANCE AND RISK APPETITE
  • RISK AWARENESS
  • Explain Business Impact Analysis Concepts
  • MISSION ESSENTIAL FUNCTIONS
  • IDENTIFICATION OF CRITICAL SYSTEMS
  • SINGLE POINTS OF FAILURE
  • DISASTERS
  • DISASTER RECOVERY PLANS And FUNCTIONAL RECOVERY PLANS
  • kuis 19

Implementing Cybersecurity Resilience

  • Implement Redundancy Strategies
  • HIGH AVAILABILITY
  • POWER REDUNDANCY
  • NETWORK REDUNDANCY
  • DISK REDUNDANCY
  • GEOGRAPHICAL REDUNDANCY AND REPLICATION
  • Implement Backup Strategies
  • BACKUPS AND RETENTION POLICY
  • BACKUP TYPES
  • SNAPSHOTS AND IMAGES
  • BACKUP STORAGE ISSUES
  • BACKUP MEDIA TYPES
  • RESTORATION ORDER And NONPERSISTENCE
  • Implement Cybersecurity Resiliency Strategies
  • CONFIGURATION MANAGEMENT
  • ASSET MANAGEMENT
  • CHANGE CONTROL AND CHANGE MANAGEMENT
  • SITE RESILIENCY
  • DIVERSITY AND DEFENSE IN DEPTH
  • DECEPTION AND DISRUPTION STRATEGIES
  • Lab 20: Implement Redundancy Strategies (PBQ)
  • kuis 20

Explaining Physical Security

  • Explain the Importance of Physical Site Security Controls
  • SITE LAYOUT, FENCING, AND LIGHTING
  • GATEWAYS AND LOCKS
  • PHYSICAL ATTACKS AGAINST SMART CARDS AND USB
  • ALARM SYSTEMS AND SENSORS
  • SECURITY GUARDS AND CAMERAS
  • RECEPTION PERSONNEL AND ID BADGES
  • Explain the Importance of Physical Host Security Controls
  • SECURE AREAS
  • PROTECTED DISTRIBUTION AND FARADAY CAGES
  • HEATING, VENTILATION, AIR CONDITIONING
  • HOT AND COLD AISLES
  • FIRE DETECTION AND SUPPRESSION
  • SECURE DATA DESTRUCTION
  • DATA SANITIZATION TOOLS
  • kuis 21

Reviews (86)