The Complete Certified in Cybersecurity course 2026 UPDATED!

Welcome to Domain 1: Security Principles. As this domain makes up 26% of the questions on the exam, it is the largest and most important foundation that everything else builds on top of. In this section, Thor will discuss the differences between Information Security, IT Security and Cybersecurity. We will also look at the CIA triad: Confidentiality, Integrity and Availability, the IAAA model, privacy, risk management, the different access control types and categories, the ethics of your organization and (ISC)2, and the differences between governance and management. Additionally, we will examine laws and international treaties, and finally, we will delve into information security governance. Let's get started on Domain 1.

What we cover: The scope differences between information security, IT security, and cybersecurity and their relationship to the CIA triad.

Why it matters: Correct scoping drives appropriate control selection across physical, technical, and administrative categories.

Exam relevance: Tested as terminology and scope distinctions and as choosing CIA priorities and control types in prompts.

What we cover: The CIA triad as the core security model for confidentiality, integrity, and availability requirements.

Why it matters: It guides selecting administrative and technical controls to protect data access, correctness, and uptime.

Exam relevance: Tested as choosing which CIA element is impacted or prioritized and mapping controls like MFA and segmentation.

What we cover: The three data states and matching protection focus for confidentiality controls.

Why it matters: Correctly aligning encryption, access control, and user policy reduces exposure across storage, transit, and handling.

Exam relevance: Tested as selecting appropriate controls per data state and distinguishing need-to-know versus least privilege access models.

What we cover: Integrity in the CIA triad and how it differs from confidentiality.

Why it matters: Integrity controls ensure data remains accurate and unaltered despite unauthorized modification attempts.

Exam relevance: Tested through selecting integrity-focused controls like hashes and checksums versus confidentiality controls in scenario questions.

What we cover: Availability as the CIA triad principle, ensuring authorized access to systems and data when needed.

Why it matters: Availability controls reduce downtime risk from attacks, failures, and misconfigurations through resilient design and maintenance.

Exam relevance: Tested by choosing availability-focused controls and distinguishing DoS impacts, patch management, and redundancy approaches in scenarios.

What we cover: CIA triad objectives and their opposites as DAD: disclosure, alteration, and destruction.

Why it matters: It enables the correct selection of security controls to prevent unauthorized access, modification, or loss of access.

Exam relevance: Tested as keyword-driven conceptual distinctions and scenario-based mapping of controls to confidentiality, integrity, or availability.

What we cover: The IAAA access control model and Type 1 authentication.

Why it matters: It clarifies how identities are verified, permissions are granted, and actions are traceable. And starts with the first type of authentication.

Exam relevance: Tested as conceptual distinctions and control selection, including MFA factors and password policy versus brute-force mitigations.

What we cover: Type 2 authentication as possession factors, including hardware or software tokens and one-time passwords.

Why it matters: Possession factors strengthen authentication by requiring control of a trusted issued or generated authenticator.

Exam relevance: Identify possession factors and distinguish HOTP versus TOTP behavior and time synchronization requirements in MFA questions.

What we cover: Type 3 authentication as something you are using biometric factors and matching thresholds.

Why it matters: Biometrics increase assurance but introduce accuracy tradeoffs, privacy exposure, and non-revocability after compromise.

Exam relevance: Identify Type 3 synonyms and choose it when prompts emphasize the strongest authentication, highest cost, or FAR versus FRR tuning.

What we cover: IAAA and access control models including authentication factors and DAC, MAC, RBAC, ABAC distinctions.

Why it matters: Correct identity assurance and authorization boundaries enforce least privilege, need-to-know, and traceable accountability.

Exam relevance: Tested via scenario selection of authentication factors, access control model choice, and auditing versus non-repudiation distinctions.

What we cover: The IAAA access control model separating identification, authentication, authorization, and accountability.

Why it matters: It clarifies how identities are verified, permissions are granted, and actions are traceable.

Exam relevance: Tested as conceptual distinctions and control selection, including MFA factors and password policy versus brute-force mitigations.

What we cover: Privacy principles and the definition of personally identifiable information as regulated sensitive data.

Why it matters: Privacy controls limit collection, retention, and use of identifying data to meet legal and ethical requirements.

Exam relevance: Tested through identifying PII in prompts and selecting compliant handling based on jurisdictional privacy obligations.

What we cover: Risk calculation terms including threat, vulnerability, likelihood, impact, total risk, and residual risk after countermeasures.

Why it matters: These distinctions drive consistent risk evaluation and control selection as environments and threats change iteratively.

Exam relevance: Tested through scenario questions requiring correct term identification, equation interpretation, and choosing the next risk management action.

What we cover: The risk management cycle and the distinction between due diligence and due care.

Why it matters: It supports defensible control selection and sustained risk treatment through monitoring and accountability.

Exam relevance: Tested as qualitative versus quantitative assessment choices and due diligence versus due care versus negligence responsibility distinctions.

What we cover: Risk appetite and residual risk drive selection of mitigation, transference, acceptance, or avoidance strategies.

Why it matters: Correct risk response aligns controls to acceptable exposure while meeting due care and due diligence expectations.

Exam relevance: Tested as choosing the correct risk treatment and distinguishing acceptance from negligence or improper rejection.

What we cover: Qualitative versus quantitative risk analysis and how residual and secondary risk are identified and tracked.

Why it matters: Risk analysis supports selecting and justifying controls based on likelihood, impact, and measurable loss.

Exam relevance: Tested as choosing qualitative versus quantitative methods, interpreting risk register terms, and selecting risk responses.

What we cover: The distinction between KGI, KPI, and KRI within risk management measurement and reporting.

Why it matters: These metrics validate goal attainment, control performance, and risk exposure against defined risk appetite.

Exam relevance: Identify which indicator type fits a prompt and map it to risk response, monitoring, and reporting decisions.

What we cover: Risk management fundamentals including threat, vulnerability, impact, and qualitative versus quantitative risk analysis.

Why it matters: Accurate risk evaluation drives appropriate control selection and governance-aligned risk treatment decisions.

Exam relevance: Tested through selecting correct risk response types and interpreting basic risk formulas and analysis outputs.

What we cover: Access control categories as administrative, physical, and technical controls within layered defense.

Why it matters: Correct control categorization ensures policies, physical barriers, and technical enforcement work together to reduce risk.

Exam relevance: Tested through distinguishing control types and selecting appropriate controls in access control and defense-in-depth questions.

What we cover: Access control types as control functions: preventive, detective, corrective, recovery, deterrent, and compensating.

Why it matters: Correctly classifying control function guides selecting controls that stop, find, fix, restore, discourage, or substitute.

Exam relevance: Tested through scenario-based control selection and distinguishing overlapping functions, especially corrective versus preventive and compensating use.

What we cover: Professional ethics principles and the four core canons in a formal code of ethics.

Why it matters: Ethics guides security conduct and accountability when legal requirements or policies are unclear.

Exam relevance: Tested as recall of the preamble and canons and as choosing the most ethical action in judgment questions.

What we cover: Governance versus management roles in security oversight and policy lifecycle ownership.

Why it matters: Clear role separation ensures accountable direction-setting, risk appetite approval, and effective control implementation.

Exam relevance: Tested through scenario questions selecting who approves policies, sets risk appetite, and where security leadership should report.

What we cover: Key distinctions among criminal, civil, administrative, and private regulatory requirements affecting cybersecurity and privacy.

Why it matters: Correctly classifying legal and regulatory obligations guides compliant control selection and data-handling requirements.

Exam relevance: Tested through scenario-based identification of law type, burden of proof, and which privacy rule or standard applies.

What we cover: GDPR scope and core privacy obligations for personal data processing in the EU and EEA.

Why it matters: It drives lawful processing, data minimization, breach notification, and accountability roles for privacy controls.

Exam relevance: Tested as regulatory identification and selecting correct compliance actions for consent, data subject rights, and 72-hour notification.

What we cover: Governance hierarchy linking values and vision and mission to policies, standards, and procedures using NIST CSF and CIS Controls.

Why it matters: Clear separation of governance intent from implementation detail enables consistent security control selection and enforcement.

Exam relevance: Tested as distinguishing policy types and policy versus standard versus procedure and recognizing NIST CSF versus CIS Controls roles.

In this lesson, we will discuss the concepts covered in Domain 1 Security Principles, which makes up 26% of the exam and serves as the foundation of everything we do in the field of cybersecurity. We will look at the differences between Information, IT, and Cybersecurity and delve into the CIA triad, the IAAA model, Privacy, Risk Management, Access Control Categories and Types, the Ethics standards we must follow, and the Governance vs. Management concept. We will also cover some of the US and European laws that are important to know for the exam and conclude with a discussion on Information Security Governance. Thank you for being here and join us in the next domain, Domain 2.

In this lesson, we will talk about what you will learn in Domain 2. 10% of the questions in the exam will come from Domain 2. This domain is focused on what to do when all the protections in place fail and everything else goes wrong. The main areas of focus in Domain 2 are Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and Incident Management. BCP is an overarching plan that includes several subplans, with the Disaster Recovery Plan focusing specifically on IT. Incident Management covers how to prepare, detect, respond, mitigate, report on, and recover from incidents. Get ready to delve into Domain 2 and gain a better understanding of these important concepts.

What we cover: How governance, risk management, and compliance integrate as a single GRC control and oversight model.

Why it matters: Alignment between policy direction, risk appetite, and mandatory obligations drives consistent security control selection.

Exam relevance: Tested as role and responsibility distinctions and scenario-based selection of governance, risk response, or compliance actions.

What we cover: Business continuity planning as an overarching administrative control set that includes disaster recovery as an IT-focused subplan.

Why it matters: It defines organizational priorities and governance to sustain essential functions and protect personnel during disruptions.

Exam relevance: Tested as plan-scope differentiation and correct plan selection when given continuity, recovery, communications, or safety requirements.

What we cover: BCP subplans and related standards, including BRP, IT contingency planning, and crisis management responsibilities.

Why it matters: Clear plan boundaries align recovery actions, IT availability, and personnel safety with risk management priorities.

Exam relevance: Tested as selecting the correct plan type or standard and prioritizing life safety over asset protection.

What we cover: Business continuity planning lifecycle with business impact analysis, downtime tiers, disaster categories, and plan maintenance triggers.

Why it matters: It aligns preventive controls and recovery strategies to prioritized assets and defined downtime tolerance.

Exam relevance: Tested through selecting BIA outputs, distinguishing natural versus human versus environmental events, and identifying when plans require updates.

What we cover: Disaster recovery planning as a business continuity subplan with defined objectives, roles, and escalation authority.

Why it matters: Clear declaration authority and communication paths enable coordinated technical recovery actions during disruptions.

Exam relevance: Tested as selecting DRP lifecycle phases and identifying who declares disasters and triggers notifications.

What we cover: Business impact analysis metrics for disaster recovery planning including RTO, RPO, MTD, WRT, MTBF, MTTR, and MOR.

Why it matters: These metrics define acceptable downtime and data loss to prioritize systems and select appropriate resilience controls.

Exam relevance: Tested as terminology differentiation and choosing correct recovery objectives and availability requirements from brief outage and backup descriptions.

What we cover: Disaster recovery site types and their readiness differences as availability controls.

Why it matters: Site selection determines achievable recovery time and data currency during outages.

Exam relevance: Tested as choosing the correct site type based on RTO and data replication expectations.

What we cover: Disaster recovery planning lifecycle and governance, including lessons learned and plan maintenance controls.

Why it matters: Clear ownership, scope, and current documentation enable consistent recovery actions when preventive controls fail.

Exam relevance: Tested as selecting appropriate DR/BCP elements, identifying plan failure causes, and distinguishing recovery site readiness levels.

What we cover: Incident management terminology and severity classification for events, alerts, incidents, problems, non-disasters, emergencies, disasters, and catastrophes.

Why it matters: Consistent classification drives appropriate administrative response selection and root-cause focus during security operations.

Exam relevance: Tested as conceptual distinctions and scenario-based classification decisions that determine the correct response plan or recovery approach.

What we cover: Incident response lifecycle phases and core CIRT role responsibilities.

Why it matters: Clear phase sequencing and role ownership enables coordinated containment, recovery, and durable remediation.

Exam relevance: Tested as selecting the correct lifecycle phase or team function and distinguishing detection versus prevention tooling.

What we cover: Incident response phases covering containment, eradication, recovery, and continuous reporting with technical and nontechnical tracks.

Why it matters: Correct containment and evidence preservation limit spread while enabling effective remediation and coordinated organizational response.

Exam relevance: Tested as phase identification and best-action selection, including volatile memory handling and required notification and reporting escalation.

What we cover: Incident response recovery, remediation, and lessons learned with root-cause analysis as lifecycle phases.

Why it matters: These phases restore operations safely and prevent recurrence by closing systemic weaknesses and improving controls.

Exam relevance: Tested as phase identification and correct action selection, especially recovery monitoring versus remediation scope and RCA purpose.

What we cover: Incident management terms and the incident response lifecycle as defined in NIST 800-61.

Why it matters: Clear classification and lifecycle alignment drives correct response coordination and consistent containment and recovery actions.

Exam relevance: Tested as distinguishing event, alert, incident, problem, emergency, disaster, catastrophe, and mapping phases to response decisions.

In this lecture, we completed Domain 2 which focused on our last line of defense in protecting our systems and information. We discussed Business Continuity, Disaster Recovery, and Incident Response and learned how to effectively and efficiently recover from disasters. The Business Continuity was the main concept and Disaster Recovery was one of the key subplans. We are now finished with Domain 2 and will move on to Domain 3: Access Control Concepts in the next lecture.

Welcome to Domain 3: Access Control Concepts, where you will learn about the two major topics of Physical and Logical Security. These two topics make up 23% of the exam questions, and are crucial to understanding how to protect assets and control access. Physical Security is our first line of defense, including walls, doors, guards, and locks, while Logical or Technical Access Control covers all the technical aspects such as access lists, firewalls, and Intrusion Detection and Prevention Systems. By the end of this domain, you will have a comprehensive understanding of how to protect assets through both physical and logical means. Let's get started!

What we cover: Physical security controls for perimeter defense and surveillance within defense-in-depth.

Why it matters: Correct control categorization supports layered protection and reduces predictable weaknesses in facility protection.

Exam relevance: Tested as selecting physical controls by type and distinguishing deterrent, preventive, and detective functions in scenarios.

What we cover: Physical access controls using locks, combination locks, smart cards, and magnetic stripe cards.

Why it matters: Control strength depends on resistance to bypass and on credential handling discipline.

Exam relevance: Tested as selecting appropriate physical controls and distinguishing weaknesses like key copying, brute force, shoulder surfing, RFID skimming, and magstripe cloning.

What we cover: Physical access threats and controls including tailgating and barriers that enforce single-person entry.

Why it matters: Correct physical and administrative controls reduce unauthorized entry and improve access discipline.

Exam relevance: Tested as selecting appropriate physical controls and classifying them as preventive, detective, or deterrent.

What we cover: Physical security as layered perimeter defense using sensors, hardened openings, and controlled interior boundaries.

Why it matters: Balanced barriers and trained personnel reduce bypass paths while maintaining safe egress and controlled access.

Exam relevance: Tested through selecting appropriate physical controls and classifying guards as deterrent, preventive, detective, or compensating.

What we cover: Physical security controls and their classification as deterrent, preventive, detective, or compensating.

Why it matters: Correct control categorization drives layered defense design and appropriate risk-based selection for facilities.

Exam relevance: Tested through scenario questions requiring the best physical control choice and correct control-type identification.

What we cover: Logical controls in IAM provisioning, including entity versus identity versus attributes and federated identity versus SSO.

Why it matters: Correct IAM design enforces least privilege while preserving accountability through controlled provisioning and deprovisioning.

Exam relevance: Tested by distinguishing control categories and selecting federated identity or SSO tradeoffs and compensating controls.

What we cover: Centralized, decentralized, and hybrid access control architectures and how they enforce access using access control lists.

Why it matters: Architecture choice balances manageability and consistency against latency, availability, and single-point-of-failure risk.

Exam relevance: Tested as selecting the appropriate access control model and identifying tradeoffs, including just-in-time provisioning for third parties.

What we cover: Logical access control models and security models for authorization decisions across confidentiality, integrity, and availability priorities.

Why it matters: Correct model selection enforces least privilege and prevents unauthorized disclosure or modification under defined policy constraints.

Exam relevance: Tested as conceptual distinctions and scenario-based selection among DAC, MAC, RBAC, ABAC, context/content controls, and Bell-LaPadula versus Biba.

What we cover: Administrative access controls for logical access governance including separation of duties, job rotation, mandatory vacations, and personnel agreements.

Why it matters: These controls reduce insider abuse by limiting privilege accumulation and increasing independent oversight and accountability.

Exam relevance: Identify which administrative control best mitigates fraud or insider risk and distinguish it from technical access enforcement.

What we cover: Data classification levels and mandatory access control clearance versus label for subjects and objects.

Why it matters: Correct classification drives appropriate confidentiality controls and consistent access decisions across systems.

Exam relevance: Tested by mapping damage keywords to classification levels and choosing the correct access control model.

In this lesson, we will discuss Domain 3 Access Control Concepts, which is a medium-sized domain on the exam (22%) but a small domain as far as curriculum. We will look at the two parts of this domain, Physical Security and Logical Security. Physical security includes all the tangible components such as bollards, doors, walls, and guards, while Logical Security covers the technical components that complement Physical and Administrative Security, such as firewalls and access rules. We will conclude this domain and move on to the next lecture where we will begin discussing Domain 4, Network Security.

In Domain 4, we will discuss Network Security, which is the second largest domain on the exam, accounting for 24%. This domain is also the largest curriculum-wise as it covers everything related to Networking including the basics of computer networking, the OSI model, the TCP/IP model, IP addresses, ethernet, WiFi and any other connection types. We will also look at different types of Networking Devices and Protocols, Cloud Computing, Data Center, Redundancy, and Resiliency. Additionally, we will delve into the topic of Attackers and Attacks, and explore ways to protect against them.

What we cover: Core networking distinctions for data flow, signaling, network scope, switching methods, QoS, and transport behavior.

Why it matters: Correctly matching communication characteristics to network design supports secure, reliable traffic handling.

Exam relevance: Tested as conceptual differentiation and scenario-based selection between duplex types, baseband versus broadband, intranet versus extranet, circuit versus packet switching, QoS use, and TCP versus UDP.

What we cover: Network scope categories and VPN tunneling as a logical overlay network.

Why it matters: Correct scope identification guides appropriate security controls and trust boundaries.

Exam relevance: Tested as terminology differentiation and selecting the correct network type or VPN use in short scenarios.

What we cover: OSI model layers with focus on Layer 1 physical media and Layer 2 data link addressing.

Why it matters: Correct layer identification guides appropriate security controls for transmission risks and local network trust boundaries.

Exam relevance: Tested as mapping terms to layers and selecting mitigations for cable security, MAC spoofing, flooding, and ARP behavior.

What we cover: OSI Layers 3 through 7 functions and their key protocol and attack associations.

Why it matters: Layer mapping enables correct control placement and accurate identification of where traffic is addressed, transported, and interpreted.

Exam relevance: Tested as OSI-layer identification and selecting likely protocols or attacks such as IP spoofing, SYN floods, and application-layer threats.

What we cover: OSI model layer functions and where common protocols and attacks map across layers.

Why it matters: Accurate layer mapping guides correct control placement and troubleshooting boundaries between media, network, transport, and application.

Exam relevance: Tested as protocol-to-layer and attack-to-layer classification plus TCP versus UDP and common port identification.

What we cover: TCP/IP four-layer model mapping to OSI layers and where IP addressing, ports, and encapsulation occur.

Why it matters: Accurate layer identification supports correct protocol selection and consistent communication about network behavior.

Exam relevance: Tested as model comparison and layer-based troubleshooting decisions involving IP routing, TCP versus UDP, and port usage.

What we cover: IP addressing basics and port ranges including well-known, registered, and ephemeral ports.

Why it matters: Correctly distinguishing addressing layers and port usage enables accurate traffic control and protocol hardening.

Exam relevance: Tested through protocol-to-port mapping and choosing correct port ranges and secure alternatives in scenarios.

What we cover: IPv4 and IPv6 addressing types including public, private, loopback, link-local, and broadcast.

Why it matters: Correct address classification supports routing boundaries and secure network troubleshooting decisions.

Exam relevance: Tested as identifying address ranges and IPv6 traits like 128-bit hexadecimal and built-in IPsec.

What we cover: MAC addressing versus IP addressing and port numbering across IPv4 and IPv6.

Why it matters: Correctly distinguishing identifiers and routability supports secure network design and traffic control.

Exam relevance: Tested via protocol and port identification, private versus public addressing decisions, and IPv4 versus IPv6 feature comparisons.

What we cover: ARP resolution and poisoning risk, ICMP messaging for reachability and path discovery, and HTTP versus HTTPS transport security.

Why it matters: These protocols affect trust at Layer 2, network visibility, and confidentiality of web traffic.

Exam relevance: Identify ARP poisoning indicators and mitigations, interpret ping and traceroute ICMP behavior, and choose HTTP versus HTTPS by port and encryption.

What we cover: DHCP address assignment using dynamic leases versus static IPs with excluded ranges.

Why it matters: Correct IP management prevents address conflicts and ensures critical systems remain consistently reachable.

Exam relevance: Tested as protocol identification and configuration judgment, including lease behavior and avoiding dynamic pool overlap.

What we cover: Differences between UTP, STP, and fiber cabling and their susceptibility to EMI, crosstalk, and attenuation.

Why it matters: Cable type selection reduces signal interference and data exposure while maintaining reliable network transmission.

Exam relevance: Tested through choosing the correct cable or connector type and identifying EMI, crosstalk, attenuation, RJ45, and RJ11.

What we cover: Differences between copper and fiber cabling, including single-mode versus multi-mode fiber characteristics.

Why it matters: Cable type selection affects resistance to interception and electromagnetic interference exposure in physical networks.

Exam relevance: Tested as choosing the most secure medium and distinguishing fiber from copper using susceptibility and signal properties.

What we cover: LAN topology types and their fault tolerance characteristics across bus, tree, ring, star, and mesh designs.

Why it matters: Topology choice determines resilience, redundancy, and traffic behavior during link or node failures.

Exam relevance: Identify topologies from diagrams and select designs based on redundancy needs and single points of failure.

What we cover: Wireless LAN basics and key WiFi threats including rogue access points, evil twins, and interference or jamming.

Why it matters: Wireless expands the attack surface and requires controls to preserve confidentiality, integrity, and availability.

Exam relevance: Identify WLAN terminology and choose the correct threat type and mitigation in scenario-based wireless security questions.

What we cover: Key distinctions between Bluetooth, LiFi, and Zigbee wireless technologies and their network scope categories.

Why it matters: Correctly matching wireless technology to range, medium, and exposure constraints supports appropriate security control selection.

Exam relevance: Tested as conceptual differentiation and scenario-based selection of the appropriate wireless technology and associated risks.

What we cover: Key characteristics of non-WiFi wireless networks including satellite links, cellular networks, and Bluetooth-based PAN threats.

Why it matters: Wireless technology differences drive appropriate connectivity choices and risk reduction through correct interface and exposure management.

Exam relevance: Tests conceptual differentiation of wireless types and identification of Bluetooth attack terms and basic cellular coverage tradeoffs.

What we cover: VLAN segmentation and VXLAN overlay extension as network isolation controls.

Why it matters: Proper segmentation limits Layer 2 broadcast scope and reduces unauthorized lateral movement.

Exam relevance: Identify VLAN tagging, trunking, and QoS for voice, and distinguish VXLAN for large-scale cloud segmentation.

What we cover: Router Layer 3 forwarding and routing table population using static, default, and dynamic routes.

Why it matters: Correct routing decisions control network reachability boundaries between internal private addressing and external public networks.

Exam relevance: Tested as device role differentiation and route type selection based on connectivity requirements and routing behavior.

What we cover: VPN encrypted tunneling, third-party connectivity governance, and NAC as a technical control enforcing access policy compliance.

Why it matters: These controls reduce exposure from remote access, vendor integration, and unmanaged endpoints through enforced trust boundaries.

Exam relevance: Tested via selecting VPN versus NAC, and identifying vendor agreement purposes for third-party access risk control.

What we cover: Software-defined networking concepts including SDN control-plane separation and SD-WAN as a WAN overlay model.

Why it matters: Centralized software control changes how segmentation, routing decisions, and security enforcement are applied across networks.

Exam relevance: Tests distinguishing SDN versus SD-WAN and selecting appropriate security controls for software-managed network architectures.

What we cover: IoT and ICS components and the core security posture differences between enterprise and industrial environments.

Why it matters: Weakly managed connected devices expand attack surface and require hardening, patching, and network segmentation.

Exam relevance: Tested as conceptual distinctions and scenario-based control selection for IoT isolation and ICS terms like SCADA, PLC, DCS, RTU, DNP3.

What we cover: Attacker classifications by intent and authorization, including hat types and insider versus outsider threats.

Why it matters: Correctly categorizing adversaries guides appropriate preventive, detective, and corrective control selection.

Exam relevance: Tested through scenario-based identification of attacker type, team role, and likely threat source for control decisions.

What we cover: Hacktivist versus state-sponsored threats and botnet command-and-control and common virus subtypes.

Why it matters: Accurate threat classification drives appropriate defensive controls and detection expectations.

Exam relevance: Tested through terminology distinctions and selecting the correct threat type from brief behavioral indicators.

What we cover: Malware distinctions between worms, trojans, and remote access trojans plus signature-based versus heuristic detection.

Why it matters: Correctly classifying malware and detection methods drives appropriate preventive and detective control selection.

Exam relevance: Tested through scenario-based identification of malware type and choosing signature or behavioral detection limits.

What we cover: IDS versus IPS roles and network-based versus host-based placement for intrusion monitoring controls.

Why it matters: Correct control selection balances visibility, response capability, and false-positive risk across network and endpoint layers.

Exam relevance: Tested through scenario decisions choosing IDS or IPS, NIDS or HIDS, and signature versus heuristic detection tradeoffs.

What we cover: IDS/IPS types and detection engines plus alert outcomes using true or false positive or negative.

Why it matters: Correctly interpreting detections supports appropriate control tuning and reduces missed attacks or unnecessary blocking.

Exam relevance: Tested as conceptual distinctions and scenario-based selection between NIDS or HIDS, signature or behavioral, and alert classification.

What we cover: SIEM versus SOAR capabilities for centralized log and event monitoring and response automation.

Why it matters: Correctly configured monitoring controls improve detection fidelity and enable faster incident response while protecting high-privilege telemetry systems.

Exam relevance: Distinguish which tool fits a requirement for correlation and alerting versus orchestration and automated response in scenarios.

What we cover: The distinction between honeypots and honeynets as deceptive monitoring controls for attacker observation.

Why it matters: They enable attack intelligence collection while requiring strict segmentation and governance to limit liability.

Exam relevance: Identify honeypot versus honeynet and choose proper placement, isolation, and authorization in scenario questions.

What we cover: Packet filtering versus stateful inspection firewalls and their OSI layer scope.

Why it matters: Correct firewall type selection determines traffic control granularity and default-deny enforcement at network boundaries.

Exam relevance: Tested as conceptual comparisons and scenario-based choices, including implicit deny behavior and fail-secure versus fail-safe distinctions.

What we cover: Proxy servers, application-layer firewalls, next-generation firewalls, and DMZ design as perimeter security controls.

Why it matters: These controls determine how traffic is inspected, segmented, and blocked to reduce exposure to untrusted networks.

Exam relevance: Tested as choosing the correct firewall type, inspection depth, DMZ placement, and fail-closed behavior in network scenarios.

What we cover: The distinction between zero-day vulnerability, zero-day exploit, and zero-day attack.

Why it matters: Unknown flaws bypass signature-based controls, requiring layered defenses and rapid patch management.

Exam relevance: Tested through terminology precision and selecting appropriate detective and preventive controls when signatures are unavailable.

What we cover: Tactical versus strategic cyber threat intelligence and core threat frameworks for modeling attacker behavior.

Why it matters: These concepts guide detection prioritization and control placement using shared intelligence and structured attack understanding.

Exam relevance: Tested as terminology distinctions and framework identification, including STIX versus TAXII and ATT&CK versus Kill Chain versus Diamond Model.

What we cover: Vulnerability scanning tools that identify known weaknesses on defined targets after hardening.

Why it matters: Targeted, approved scanning supports secure configuration validation while limiting disruption and false attack signals.

Exam relevance: Tests selecting vulnerability scanning versus other assessments, interpreting severity ratings, and applying scope and change control constraints.

What we cover: Virtualization fundamentals and how it differs from distributed computing in resource use and architecture.

Why it matters: These models change security posture through shared infrastructure, shifting trust boundaries, and configuration-driven exposure.

Exam relevance: Tested as conceptual differentiation and selecting appropriate controls for virtualized and cloud-hosted environments.

What we cover: Hypervisor types and virtualization security design controls for segmentation and host hardening.

Why it matters: Virtualization concentrates risk, so isolation and hardened control planes protect confidentiality, integrity, and availability.

Exam relevance: Identify Type 1 versus Type 2 hypervisors and choose controls for VM escape risk and resource oversubscription.

What we cover: Cloud deployment models and core cloud characteristics with shared responsibility boundaries. 

Why it matters: Correctly assigning ownership of infrastructure and data controls prevents security gaps in outsourced environments. 

Exam relevance: Tested as conceptual distinctions and scenario-based selection of deployment model, cloud traits, and responsibility ownership.

What we cover: Public cloud service models and shared responsibility boundaries across IaaS, PaaS, and SaaS.

Why it matters: Correctly assigning security ownership drives proper control placement and accountability in cloud deployments.

Exam relevance: Tested as choosing the right service model and identifying provider versus customer responsibilities in scenarios.

What we cover: Differences between high-performance computing clusters and edge computing placement of compute and data.

Why it matters: Architecture choices affect latency, bandwidth use, and concentration of resources that require appropriate security controls.

Exam relevance: Tested as conceptual distinctions and scenario-based selection between centralized HPC and distributed edge or CDN deployments.

What we cover: Asset and software inventory tracking with lifecycle status, plus baseline hardware hardening as a technical control. 

Why it matters: Accurate inventories and hardened configurations reduce unmanaged exposure and enable timely patching and compensating controls. 

Exam relevance: Tests EOL versus EOS distinctions and choosing inventory, hardening, patching, or compensating controls in scenarios.

What we cover: Data center power continuity controls using UPS, PDU, transfer switch, and generator with redundancy.

Why it matters: Stable voltage and uninterrupted power preserve availability and prevent hardware damage and data corruption.

Exam relevance: Tested as selecting appropriate physical resilience controls and distinguishing power events like blackout, brownout, sag, surge, and spike.

What we cover: Backup types and retention policies as recovery controls distinct from fault tolerance and redundancy.

Why it matters: Correct backup selection and verified restores ensure recoverability without reintroducing compromised system components.

Exam relevance: Tested through choosing full, incremental, differential, or copy backups and aligning retention with recovery requirements.

What we cover: Backup types and archive bit behavior across full, incremental, differential, and copy backups.

Why it matters: Backup selection balances storage and backup time against restore speed and recovery reliability.

Exam relevance: Tested as choosing the correct backup type and restore set based on archive bit clearing and recovery requirements.

What we cover: RAID as a redundancy and fault-tolerance storage control using mirroring, striping, and parity.

Why it matters: Correct RAID selection reduces single points of failure and supports resiliency during component outages.

Exam relevance: Tested as conceptual differentiation of RAID 0, 1, and 5 capabilities and fault-tolerance tradeoffs.

What we cover: High availability redundancy across power, networking, and servers using hot-swappable components and clustering models.

Why it matters: Redundancy reduces single points of failure and maintains service continuity during component or site outages.

Exam relevance: Tested as selecting appropriate availability controls and distinguishing active-active versus active-passive failover and site redundancy.

What we cover: Fault tolerance and redundancy methods including RAID levels, high availability pairs, and near real-time backup approaches.

Why it matters: These controls maintain availability and recoverability by reducing single points of failure and limiting data loss.

Exam relevance: Tested as selecting the correct availability or backup option and distinguishing RAID 0, 1, and 5 behaviors.

What we cover: Fire suppression principles using the fire triangle and data center suppression control categories.

Why it matters: Correct suppression selection reduces fire spread while protecting personnel and sensitive equipment.

Exam relevance: Identify fire classes and choose appropriate suppression methods for electrical versus ordinary combustible environments.

What we cover: Fire suppression controls for IT environments including sprinkler activation, wet versus dry pipe, and extinguisher classes.

Why it matters: Correct suppression selection reduces safety risk and prevents avoidable equipment damage during fire response.

Exam relevance: Tested as conceptual matching of fire classes and choosing appropriate suppression methods for data center scenarios.

What we cover: Secure design principles for access control, layered defense, secure defaults, failure modes, and simplicity.

Why it matters: These principles reduce attack surface and limit damage by enforcing controlled access and predictable secure behavior.

Exam relevance: Tested as conceptual distinctions and best-control selection, especially least privilege, separation of duties versus dual control, and fail-open versus fail-closed.

What we cover: Zero Trust verification, Privacy by Design principles, and cloud shared responsibility across service models.

Why it matters: These guide secure architecture choices by enforcing continuous validation, default privacy, and clear control ownership.

Exam relevance: Tested through scenario selection of Zero Trust controls, privacy-by-default design principles, and IaaS/PaaS/SaaS responsibility boundaries.

With that we are done with Domain 4: Network Security. We will talk about computer networking, including the OSI or TCP/IP model, IP addresses and ports, Ethernet, WiFi, and any other connection that we can use. We will also cover Networking Devices, the Protocols, and the programs we use on them. Additionally, we will discuss Cloud Computing, Data Centers, Redundancy, and Resiliency. We will finish out Domain 4 by discussing Attacks and Attackers. Domain 4 is 24% of the exam questions. Thank you for being here, and we will move on to Domain 5: Security Operations in the next lecture.

In Domain 5: Security Operations, we will discuss the day-to-day actions we take to ensure our security. This domain makes up 18% of the exam questions and will cover topics such as Configuration, Patch, and Change Management, Cryptography, Hashing, and attacks against encryption. We will also look at Data Storage, Data Handling, and Data Retention, as well as Administrative Controls. Additionally, we will talk about Training and Awareness and Social Engineering. Join us as we dive into Domain 5 to further understand how to keep our daily work lives secure.

What we cover: Configuration management as a preventive control using hardened baselines, approved tailoring, and continuous configuration monitoring.

Why it matters: It enforces least-privilege configurations and prevents undocumented drift that weakens security posture over a system lifecycle.

Exam relevance: Tests selecting baseline hardening versus tailoring and identifying when change control and configuration monitoring are required.

What we cover: Patch management as a corrective control with testing, change control, and timely deployment across all asset types.

Why it matters: It reduces known-vulnerability exposure by ensuring fixes are validated and consistently applied.

Exam relevance: Assessed through control-type classification and selecting appropriate patching and change-management actions in scenarios.

What we cover: Change management versus change control within formal change governance and the PDCA-aligned lifecycle.

Why it matters: Structured approval, testing, documentation, and monitoring reduce unintended security exposure and manage residual risk.

Exam relevance: Tested as selecting the correct governance process element and distinguishing management scope from control execution.

What we cover: Core cryptography terms and symmetric encryption fundamentals including plaintext, ciphertext, and cipher.

Why it matters: Correct terminology and key-sharing models drive appropriate control selection for confidentiality, integrity, authentication, and non-repudiation.

Exam relevance: Tested as definition-level distinctions and scenario-based choices between symmetric encryption concepts and cryptography versus cryptanalysis.

What we cover: Asymmetric cryptography key pairs for confidentiality, digital signatures, and hybrid encryption, plus quantum impact on algorithms.

Why it matters: Correct key usage enables secure key exchange, authenticity, and non-repudiation while limiting exposure from private key compromise.

Exam relevance: Tested as public versus private key direction, signature versus encryption purpose, hybrid selection, and quantum-resistant planning distinctions.

What we cover: Core cryptography concepts, including symmetric versus asymmetric use and hybrid encryption purpose.

Why it matters: Correct cryptographic selection enables confidentiality, integrity, authentication, and non-repudiation with appropriate key management.

Exam relevance: Tested through scenario-based choices of encryption type, key usage direction, and quantum impact on asymmetric algorithms.

What we cover: Hashing as a one-way cryptographic integrity control producing fixed-length digests from variable-length input.

Why it matters: Hashes detect any data alteration without enabling recovery of the original content.

Exam relevance: Identify hashing versus encryption and signatures, recognize collision risk, and select MD5 versus SHA-2/SHA-3 in questions.

What we cover: Core cryptographic attack types and their primary targets in key management and communications security.

Why it matters: Correctly identifying attack vectors drives appropriate control selection for key protection and secure authentication.

Exam relevance: Tested as conceptual distinctions and scenario-based choices between key theft, brute force, MITM, side channels, and quantum risk.

What we cover: SOC security operations and event triage prioritization using asset criticality, data sensitivity, and blast radius.

Why it matters: Triage and correlation reduce noise, so limited analyst time targets true incidents.

Exam relevance: Tested as SOC versus NOC role distinction and scenario-based alert prioritization, escalation flow, correlation, and alert fatigue tuning.

What we cover: Data handling, storage, and retention as administrative controls governing access, backup media protection, and disposal timing.

Why it matters: These controls enforce need-to-know, preserve confidentiality across media, and align retention with legal and privacy requirements.

Exam relevance: Tested as control-category identification and best-choice selection for access logging, offsite backup storage, and retention versus destruction decisions.

What we cover: Data masking types and data disposal methods across media as data protection controls. 

Why it matters: Proper masking and sanitization limit exposure during use and prevent recoverable remnants after retention ends. 

Exam relevance: Tested as choosing masking versus tokenization and selecting deletion, clearing, sanitization, purging, degaussing, or destruction by media type.

What we cover: Data masking versus tokenization and administrative data handling with storage, retention, and secure media disposal.

Why it matters: These controls reduce unnecessary exposure of sensitive data across its lifecycle and limit recovery after disposal.

Exam relevance: Tested as control selection and terminology distinctions for data-in-use protection, need-to-know enforcement, backup storage requirements, and sanitization methods.

What we cover: Administrative controls and control functions, plus policy types and data states with appropriate protection.

Why it matters: Clear policies and procedures drive consistent security behavior and guide selection of technical and physical controls.

Exam relevance: Tested as control-category and control-function classification, policy-type differentiation, and choosing protections for data at rest, motion, and use.

What we cover: Security training and awareness as an administrative or directive control that drives user behavior change.

Why it matters: Effective awareness programs reduce human-caused security risk by reinforcing secure habits and consistent reporting.

Exam relevance: Tested as control-type classification and selecting awareness training as the appropriate administrative control in scenarios.

What we cover: Social engineering as a low-tech attack that exploits users to bypass security controls.

Why it matters: It drives selection of administrative controls like awareness training and strict access control enforcement.

Exam relevance: Tested through identifying influence tactics and choosing appropriate mitigations in scenario-based questions.

What we cover: Social engineering phishing variants and their targeting scope across email and voice channels.

Why it matters: Correctly classifying the attack type drives appropriate user-awareness and layered defensive control selection.

Exam relevance: Tested as terminology differentiation and scenario-based identification of phishing, spear phishing, whaling, and vishing.

What we cover: Cybersecurity effectiveness measurement using metrics tracked over time and the KPI versus KRI distinction.

Why it matters: Metrics support control evaluation and risk monitoring by showing performance and emerging risk trends.

Exam relevance: Tested as selecting KPI or KRI in prompts and interpreting trend-based metrics for security posture judgments.

What we cover: Application security testing distinctions across SAST, DAST, and threat modeling using STRIDE. 

Why it matters: Matching testing methods to lifecycle stage improves control selection and reduces missed vulnerability classes. 

Exam relevance: Tested as choosing SAST versus DAST versus threat modeling and recognizing STRIDE threat categories.

In this lesson, we will discuss Domain 5: Security Operations, which is both a medium-sized topic on the exam and as far as curriculum. We will focus on the day to day work necessary to ensure our security, including Configuration, Patch, and Change Management, Cryptography, Hashing, and various Attacks Against Encryption. We will also talk about Data Handling, Storage, and Retention, as well as Administrative Controls, such as policies, procedures, training, and awareness, and how they are used to build Technical and Logical Controls. Finally, we will look at Social Engineering and conclude our discussion on Domain 5, but encourage you to continue the course for further information. Domain 5 is 18% of the exam questions.

In this video, we will be reviewing all of the topics covered in Domain 1. This includes the importance of Confidentiality, Integrity, and Availability in protecting information from unauthorized disclosure and ensuring that data is accurate and complete. We will also discuss the importance of IAAA (Identification, Authentication, Authorization, and Accountability) in verifying a user's identity and granting access to resources. Additionally, we will discuss different types of access control including Least Privilege, Need-to-Know, Discretionary Access Control, and Role-Based Access Control. This video will serve as a helpful review for practice questions and the day before the exam.

We discussed the concept of Key Goal Indicator (KGI), Key Performance Indicator (KPI), and Key Risk Indicator (KRI) in the context of Risk Management. KGI is the overarching goal, KPI is the specific goal, and KRI is used to demonstrate a risk to the organization. We also covered the process of Risk Assessment, Risk Response and Mitigation, and Risk Monitoring and Reporting. We discussed the different types of controls such as Administrative or Directive Controls, Technical or Logical Controls, Physical Controls, and Access Control Types. We also discussed the differences between Governance and Management and the different roles in an organization such as the CEO, Vice Presidents, CIO, CTO, CISO, and CSO. It is important to note that the security function should ideally be under the CEO to ensure fairness and impartiality in decision-making.

In this video, we will be recapping all of the topics covered in Domain 2 Business Continuity Planning. We will review the concept of the BCP, or business continuity planning, and how it relates to maintaining the functionality of an organization during and after a disaster. We will also discuss sub-plans under the BCP, including the DRP (Disaster Recovery Plan) and continuity of operations plan, crisis communication plan, cyber response plan, and occupant emergency plan. We will touch on the relationship between DRP and risk management and the difference between projects and operations. We will also go over the business impact analysis, disaster categories, and how to update a BCP in case of changes to infrastructure or senior management. Finally, we will delve into disaster recovery planning and how to answer key questions, communicate effectively during a disruption, and recover to full production.

In this video, we will be recapping all the topics covered in Domain 3 of Physical Security. We will review concepts such as fences, gates, bollards, lights, cameras, locks, smart cards, tailgating and piggybacking, mantraps, turnstiles, and contraband checks. We will go over the different types of fences and gates, and how they can be used as Deterrence or Preventative measures. We will also discuss the importance of bollards in preventing unauthorized vehicle access, and the different types of lights and cameras used for security. We will delve into the different types of locks, including combination locks and smart cards, and the risks associated with their use. We will also discuss techniques for preventing tailgating and piggybacking, such as mantraps and turnstiles. Finally, we will touch on the importance of contraband checks and motion sensors in physical security.

We then discussed the concept of Identity and Access Provisioning, where an entity can have multiple identities with different attributes and rights assigned to them. We also discussed the Identity and Access Provisioning Lifecycle, which is an automated tool that can make the workflow for Identity and Access Management more efficient. We also covered Federated Identity, Single Sign On, and Access Control Systems, including Centralized and Decentralized options. We also discussed different types of access control such as Mandatory Access Control, Discretionary Access Control, Role-Based Access Control, and Attribute-Based Access Control, and how to use them in combination. Additionally, we talked about Context and Content-Based Access Control, and the principles of Least Privilege, Need to Know, and Separation of Duties.

In this video, we will be reviewing all the topics covered in Domain 4. This video can be used as a summary of notes when preparing for practice questions or the exam. We will be recapping the concepts of what a Network is and how it is a set of computers that share resources or data. We will also be reviewing the different types of communication such as Simplex, Half-duplex, and Full-duplex. Additionally, we will discuss the concepts of Baseband and Broadband, the different types of networks such as PAN, LAN, MAN, WAN, and GAN, and the use of VPNs and Quality of Service.

This lesson covers the seven layers of the OSI model, starting with the Physical Layer and ending with the Application Layer. The Physical Layer includes all the physical components of networking, such as wires, fiber, radio waves, and hubs. The Data Link Layer includes error detection and MAC addresses, and is used for sending data between two nodes on the same network. Layer 3, the Network Layer, is where we move from a local network to the Internet and everything is IP based. Layer 4, the Transportation Layer, includes SSL and TLS, as well as UDP and TCP. Threats and attacks are also discussed for each layer, including data emanations, theft, eavesdropping, spoofing, and more. We then covered the Session Layer (Layer 5) of the OSI model. This layer establishes the connection between two applications, and is responsible for the Setup, Maintenance, and Teardown of the connection. We also covered the Presentation Layer (Layer 6), which is the only layer without protocols, but handles formatting, compression, and encryption of the data. Lastly, we discussed the Application Layer (Layer 7) where the data is presented to the user using their applications and various protocols such as HTTP, HTTPS, FTP, SNMP, IMAP, and POP are used. We also discussed the potential threats to these layers such as viruses, worms, trojans, buffer overflows, and vulnerabilities that can exploit our applications or operating system. It is important to note that understanding the OSI model takes time and effort, but is crucial in understanding the foundation of all networking.

We talked about MAC addresses and their role as unique identifiers for networking cards. We learned that the initial MAC addresses were 48 bits, with the first 24 bits being the manufacturer identifier and the last 24 bits identifying the host. With newer systems and IPv6, we now use 64-bit addresses, with the first 24 bits being the manufacturer identifier and the last 40 bits being the unique host identifier. However, we also learned that MAC addresses are easily spoofed. We also discussed IP addresses and their history, starting with their deployment on ARPANet in 1983 and their inherent lack of security due to being built for closed networks. We discussed the switch from IPv4 to IPv6, which is necessary due to the limited number of IPv4 addresses available and the increasing number of devices online. We also talked about how IP addresses and ports work together, with the IP address being like an apartment building address and the port being like an apartment number, allowing websites to know which tab to load data in. Lastly, we discussed different types of ports including Well-known ports, registered ports, and private, dynamic, or ephemeral ports.

We looked at the various ports that are commonly used in networking, such as FTP (Port 20 and 21), SSH (Port 22), Telnet (Port 23), email protocols (Ports 25, 110, and 143), websites (Ports 80 and 443), NetBIOS (Ports 137 and 138), and the Microsoft Terminal server RDP (Port 3389). We also discussed the importance of not using unencrypted plaintext and the difference between Public and Private addresses, with Public addresses being internet routable and Private addresses being used on internal networks. We then looked at IPv4 and IPv6, with IPv4 being a 32-bit system and IPv6 being a 128-bit system that uses hexadecimal. We also discussed the Address Resolution Protocol (ARP) and how it is used to map MAC addresses to IP addresses, and the potential security risks of ARP Poisoning. We also touched on Reverse ARP and how it is used by diskless workstations to obtain an IP address.

We covered various networking protocols and technologies. We covered ICMP, which is used for pings to check if a system is up, and Traceroutes to identify every router on the path to a destination. We also discussed HTTP and HTTPS, which are the transport protocols used to transfer HTML data, with HTTPS being more secure. We also covered DHCP, which assigns IP addresses that can be either dynamic or static. We discussed Copper Ethernet cables, which are the most commonly used networking cables, but also discussed issues such as EMI, Crosstalk, and Attenuation that can occur with Copper Ethernet. We also covered Fiber cables, which can be Single-Mode or Multi-Mode and have no Attenuation or Crosstalk but are more expensive and difficult to use. Lastly, we discussed Cat 5, 6, and 7 for Copper Ethernet, OM3 and 4 for Multi-Mode Fiber, and the speeds of internet connections measured in Kilobits, Megabits, Gigabits, Terabits, and Petabits.

We covered LAN technologies including Ethernet and WiFi. We covered the different LAN topologies such as the Bus, Tree, Ring, Star, and Mesh (Partial and Full Mesh) and discussed the pros and cons of each. We also discussed the potential threats to WiFi networks such as Rogue Access Points, Interference, and Jamming, and Evil Twins. We also briefly touched on Bluetooth and its potential security risks such as Bluejacking, Bluesnarfing, and Bluebugging, and discussed countermeasures to prevent these attacks. Lastly, we introduced LiFi and Zigbee as alternative wireless technologies with specific advantages. Overall, the lesson aimed to provide an overview of the different LAN technologies and the potential risks associated with them.

We finished Domain 4 by talking about various types of internet connections, starting with satellites. We discussed how satellites used to be slow, expensive, and have high latency, but with Starlink, you can now get fast speeds, low latency, and a reasonable price. We also talked about how satellites can be useful in situations where the power grid is out, as they are not reliant on any infrastructure. Next, we discussed cell networks, which are the regular backbone internet connection that goes all the way up to the tower from the cellphone tower to your device, wirelessly. Cell networks are made up of little cells, which overlap, so the end user never notices when they go from one antenna to the next. We also briefly discussed 3G, 4G, and 5G bands, with 3G and 4G having huge coverage areas and 5G having higher speeds but smaller coverage areas. We then moved on to discussing VLANs, which are logically segmented LANs on our switches, allowing us to have logical separation without needing different hardware devices for each segment on our network. Finally, we talked about routers, which have a different function than switches, their task is to route traffic between different locations, while switches are for internal networks and connecting devices. We also discussed the different components of a router and how they forward traffic based on source and destination ports and IPs.

In this video, we will be recapping all of the topics covered in Domain 5. This will include information on server and device hardening, vulnerability scanning, monitoring systems, patch management, and automating processes to minimize human error. We will also discuss the importance of implementing patches within a reasonable time frame, and how to properly test and deploy patches in a test environment before applying them to production systems. Additionally, we will explore the importance of patching all systems, including servers, storage arrays, networking equipment, and even IoT devices and phones. Overall, this video will provide a comprehensive overview of the essential steps and best practices for maintaining the security of your systems throughout their lifecycle.

We talk about the process of patch management and change management in IT. We use tools like SCCM or WSUS to ensure that patches are pushed out to all systems, avoiding any missed segments. Patches are typically applied in the early morning hours to allow for backup and troubleshooting time before staff arrive. We also evaluate the patches and only apply those that are relevant to our environment and go through a proper change control process, including testing, communication to users, and approval from a change control board. We also use a change management framework that is appropriate for our organization's needs and monitor the change post-implementation to report on successes and areas for improvement. We also note that test and production environments may not be identical, leading to potential differences in results.

We explored the world of Cryptography, starting with a brief history of how it has been used throughout time. We discussed the Spartan Scytale, where a stick was used as a secret key to wrap a message written on cloth, and the Caesar Cipher, which uses a substitution method to shift letters in the alphabet. We also discussed the importance of Cryptography in not only keeping secrets but also providing integrity, authentication, and non-repudiation. We defined key terms such as Cryptology, Cryptography, Cryptanalysis, Cipher, Plaintext, and Ciphertext, as well as different types of ciphers such as Book and Running-Key. We also discussed the differences between symmetric and asymmetric encryption and how they are used for confidentiality and digital signatures.

We discussed the concept of symmetric encryption and how it has been used for thousands of years. With symmetric encryption, a key pair is needed for every person or entity that needs to communicate. The larger the number of people, the more key pairs are required. For example, if ten people need to talk, 45 keys are needed, and if 500 people need to talk, 124,750 keys are needed. Asymmetric encryption, on the other hand, only requires two keys, the private key and the public key. The public key is shared with the public while the private key is kept secure. The purpose of using asymmetric encryption is for confidentiality, authenticity, and non-repudiation. We also discussed the concept of hybrid encryption, which uses both symmetric and asymmetric encryption for added security and speed. The symmetric encryption is used for faster communication once the shared key has been exchanged over an unsecured medium using the asymmetric encryption.

We covered Hash Functions, which are one-way functions that are used for integrity. We explained that a hash function takes a variable-length plaintext and converts it into a fixed-length hash. The length of the hash can be chosen by the user. We also discussed the concept of collisions, which occur when two different plaintexts produce the same hash. This is unlikely to happen unless there is a flaw in the algorithm. To demonstrate the concept, we used the example of the first chapter of Charles Dickens' Great Expectations. We showed how a small change in the text, such as deleting a comma or adding a period, resulted in a completely different hash. We discussed how hashes can be used in digital forensics and online software downloads to ensure the originality of the content. Finally, we mentioned the commonly used hashing algorithms such as MD5 and SHA 2 or 3.

We discussed various types of Cryptographic Attacks. We began by discussing the concept of "Steal the Key," which is when an attacker steals the encryption key instead of attempting to break the encryption itself. We also discussed Brute Force attacks, which involve trying every possible key combination, but noted that these can take a very long time and can often be mitigated through measures such as account locking or Key Stretching. We also talked about Man-in-the-Middle attacks, in which a third party intercepts and alters communication between two parties, and Side Channel Attacks, in which an attacker learns information they shouldn't have access to through misconfigurations or unauthorized access. While there are many other types of attacks not covered in this lesson, these are the ones that will be most relevant for the exam.

We discussed the importance of Data Handling, Data Storage, and Data Retention in order to protect sensitive information. We focused on the concept of Administrative Control, which means only allowing individuals with a "need to know" to access and handle data. We also discussed implementing clear policies on who can access the data, why, when, where, and how. Additionally, we touched on the importance of auditing and logging to ensure proper access, as well as the importance of storing backup tapes in a secure, climate controlled, and geographically distant location in case of a disaster. We also discussed the use of storage tapes, specifically LTO tapes, as well as the importance of proper storage and retention requirements for data in any form, including paper and audio. We also emphasized the need for proper disposal of data, as it can be a significant threat if not disposed of properly.

We finished Domain 5 with talking about the importance of providing the right training to raise users' awareness and change their behavior in terms of cybersecurity. We emphasized the need for engaging and interactive training methods, such as gamification, where users can participate in a game-like setting and earn rewards for their participation and performance. We also discussed various types of Social Engineering attacks, including Authority, Intimidation, Consensus, Scarcity, Urgency, Familiarity, Phishing, Spear Phishing, and Whale Phishing. Additionally, we covered Vishing (Voice Phishing), which can also take on various forms such as automated phone calls targeting a large number of people. Overall, the lesson aimed to educate employees on how to become the first line of defense against cyber threats and build a culture of proper cyber hygiene within the organization.

What we cover: Certification value as a career signal for entry-level cybersecurity roles.

Why it matters: Credentials help align hiring expectations with validated baseline security knowledge.

Exam relevance: Not directly tested; no security controls, frameworks, or scenario-based decision points map to the exam.

What we cover: A method for using practice questions to improve weak areas and answer precisely under time limits.

Why it matters: It builds accurate concept recall and disciplined decision-making instead of memorizing question patterns.

Exam relevance: It supports scenario-based selection by isolating keywords, choosing the best answer, eliminating distractors, and pacing time.

What we cover: Exam logistics and policies, including registration, test center delivery, scoring model, and unscored pretest items.

Why it matters: Understanding administrative constraints prevents compliance violations and supports proper planning for credential maintenance.

Exam relevance: Tested as policy awareness and ethics recognition, including unscored items, scaled scoring, and candidate agreement requirements.

What we cover: Computerized adaptive testing mechanics, including variable question difficulty, weighted scoring, fixed time, and no answer review.

Why it matters: Understanding adaptive scoring constraints improves time management and reduces errors from second-guessing.

Exam relevance: Appears as test-taking format knowledge requiring correct decisions about pacing, breaks, and committing answers without review.

What we cover: Testing center check-in and exam session rules for identity verification, timing, breaks, and prohibited items.

Why it matters: Following proctoring and identification controls preserves exam integrity and prevents administrative disqualification.

Exam relevance: Appears as policy-compliance knowledge where candidates must choose correct actions under exam-day constraints.

What we cover: Certification lifecycle requirements including endorsement, maintenance fees, and continuing education credits.

Why it matters: Ongoing professional ethics and continuing education sustain competence and credential validity.

Exam relevance: Tested as governance and compliance knowledge, focusing on renewal requirements and continuing education terminology distinctions.

What we cover: Post-failure retake strategy using domain proficiency feedback and disciplined question deconstruction.

Why it matters: Rapid, targeted remediation improves knowledge retention and reduces repeated errors under pressure.

Exam relevance: Tested indirectly through scenario judgment, selecting best answers, and mapping weak domains to focused review.

What we cover: Mapping a cybersecurity career goal to required skills and certifications using job postings and role pathways.

Why it matters: Clear role targets drive appropriate capability development and prevent mismatched training investments.

Exam relevance: Appears as role-based judgment of responsibilities and which security knowledge areas align to common job functions.