Threat and Vulnerability Management Competency

Topics covered:

  • discuss true positives and negatives as well as false positives and negatives

  • manage threat indicators

  • identify and prioritize risk mitigation techniques

  • explore CVSS severity levels

  • identify commonalities shared amongst bug bounties

  • recall how overflow attacks work

  • list different types of cross-site scripting attacks

  • use the BeEF tool to hack a web browser

  • describe how the use of insecure XML components can lead to web application compromise

  • list common web application vulnerabilities

  • use the OWASP ZAP tool to test web application security

  • use the slowhttptest command to run a DoS attack against an HTTP web site

  • describe ARP poisoning attacks

  • use Kali Linux to execute an ARP poisoning MiTM attack

  • recognize how malicious users use a variety of password attacks to compromise user accounts

  • use the hydra tool to brute force a Windows RDP connection

  • use John the Ripper to crack user passwords

  • recognize how SEDs provide protection for data at rest

  • recognize how HSMs are used for encryption offloading and the storage of cryptographic secrets

  • provide examples of PaaS

  • provide examples of SaaS

  • deploy cloud resources using a JSON template

  • identify how ITIL influences efficient service delivery, including change management implementation

  • recognize the benefits of VDI

  • configure an Amazon Workspaces VDI environment

  • connect a client device to an Amazon Workspace VDI

  • list how different types of firewalls protect digital assets

  • configure a Windows host firewall

  • configure an Amazon Web Services Network Security Group

  • describe the role NAC plays in securing a network environment

PreviousQuizNextQuestions

Last updated