Introduce core information security concepts, including the CIA triad—confidentiality, integrity, availability—and the spectrum of security controls such as firewalls and anti-malware, plus security roles and responsibilities in cyber security.

Outline the CIA triad—confidentiality, integrity, availability—and how authentication, authorization, and accounting protect data with encryption and MFA. Discuss the DAD triad—disclosure, alteration, deniability—and introduce privacy and non-repudiation as objectives.

Identify risks and vulnerabilities, assess threats, and recommend security controls per the NIST framework. Protect assets, implement measures, monitor, respond to threats, and recover to restore systems and data.

Explore how controls and countermeasures reduce risk through defense in depth and control objectives, emphasizing independence, diversity, baselines, scoping, tailoring, compensating and supplementing.

Define security control and its CIA properties. Divide controls into technical (firewalls, anti-malware, access control), operational (guards, training), and managerial (policies, risk tools).

Explore the six security control functional types—preventive, detective, corrective, physical, deterrent, and compensating—with ACLs, anti-malware, and SOPs. Understand how logs, backups, alarms, cameras, and signs illustrate controls in practice.

Think through security exam questions by analyzing confidentiality, integrity, availability, privacy, and non-repudiation. In a defaced website scenario, integrity best reflects tampered content.

Explore information security roles and responsibilities, risk assessment, incident response, and policy enforcement, plus devops and shift left approaches that integrate security into design, operations, and training.

Compare threat actor types, their attributes and motivations; explain threat vectors and attack surfaces; and explore social engineering techniques used to gain access to sensitive information.

Define vulnerabilities as weaknesses threats exploit. Note threats can exist without vulnerabilities; risk depends on probability and impact, and threat and risk assessments consider attacker intentions and capabilities.

Identify threat actors by attributes such as location, intent, motivation, and capability, distinguishing external threats from insiders and structured from unstructured attacks, including zero day exploits.

Explore the spectrum of threat actors, from script kiddies to state actors and insider threats, detailing black hats, white hats, gray hats, hacktivists, and advanced persistent threats.

Reduce the attack surface by restricting endpoints and services; recognize vectors including direct access, removable media, email, remote wireless, supply chain, web and social media, cloud, and multi-stage campaigns.

Explore how vulnerable software and network vectors expand the attack surface, and apply compensating controls like isolation for unsupported systems and consistent patching across cloud, wireless, and wired networks.

Explore lure-based and message-based vectors in cybersecurity, from drop attacks with USB drives and trojan apps to phishing emails, malicious attachments, image and document exploits, and zero-click threats.

Understand that you can't transfer all risk to vendors, manage third-party risk with vendor management, system integration, and outsourced code, and implement data protections, monitoring, and compliance checks.

Discover how social engineering exploits human emotions to extract information, using impersonation, authority, trust, and urgency during reconnaissance and real-world intrusions.

Explore social engineering techniques from phishing via email to phone and text scams, covering spear phishing, angler phishing, whaling, invoice scams, and baiting with infected USB drives.

Discover social engineering techniques like lunch time attacks, piggybacking, tailgating, shoulder surfing, and dumpster diving, and learn prevention by observant employees who question access and shred sensitive files.

Explore the final batch of social engineering techniques, including impersonation, man-in-the-middle, credential harvesting, pharming, watering hole, typosquatting, and influence campaigns used in hybrid warfare.

Explore cryptographic solutions, including symmetric and asymmetric encryption, hashing, and key exchange, and learn about PKI, digital certificates, and certificate management—creation, revocation, and updates.

Explore cryptography as a secure communication method, define plain text, cipher, and cryptanalysis, and compare hashing, symmetric, and asymmetric algorithms, including hash values, collision concepts, and downgrade and birthday attacks.

Explore hashing and encryption, including symmetric and asymmetric keys, substitution and transposition ciphers, AES, RSA, elliptic curve cryptography, and concepts like key length and key space.

Explore modes of operation for encryption, including hybrid encryption with digital envelopes, public key cryptography, hashing, and digital signatures for authentication and integrity.

Learn to calculate file hash values with PowerShell, using sha-256 by default and md5 when needed, to verify file integrity.

Explore how public key infrastructure uses certificates and csrs to secure confidential messages and authenticate identities, and manage certificate authorities, trust lifecycles, and chain of trust.

Define digital certificates as wrappers for a subject's public key, detailing x.509 structure, issuer, validity, and extensions like the subject alternative name for domain names, domain validation and extended validation.

Describe the key life cycle, from generation and certificate creation to storage, revocation, and renewal. Explain centralized versus decentralized control, m-of-n access, key splitting, backups, and escrow for secure recovery.

Master certificate management concepts, including key renewal and re-keying, expiration policies, CRLs, revoked versus suspended status, OCSP status, and certificate pinning with certificate transparency.

Identify certificate formats and OpenSSL encoding such as pem, pkcs12, and p7b. Generate key pairs with OpenSSL, create x509 certificates and csrs, and export keys for java or windows.

Explore how Google and Apple use digital certificates, examining SSL status, wildcard domains, and the certificate chain, including elliptic curve keys versus RSA PKCS#1 keys.

Explore longevity, salting, and key stretching to improve cryptography. See how salt slows brute-force and dictionary attacks on password hashes, and how pbkdf2 implements key stretching.

Explore homomorphic encryption, blockchain with hashed blocks secured by a decentralized public ledger and peer-to-peer network, and steganography, including cover text and security by obscurity in hiding messages.

Explore implementing identity and access management, including password-based and multi-factor authentication, account policies and authorization solutions, plus single sign-on and federated identity concepts.

Explore the four main processes of identity and access management—identification, authentication, authorization, and accounting—and how they govern end-user access to networks, servers, and databases.

Explain the three authentication factors: something you know, something you have, and something you are or do, and how they enable multi-factor authentication while meeting CIA requirements.

Describe enrollment and template storage for biometric authentication, then compare scans to templates to grant access, while noting false rejection, false acceptance, CR, and continuous authentication.

Explore password concepts and credential management, including system enforced policies, password length and complexity, change intervals, blocking common passwords, and password managers with impersonation risks.

Demonstrates configuring local account policies in Windows 11 via local security policy, focusing on password policy and account lockout policy with enforce password history, minimum length eight, complexity, and thresholds.

Explore authorization solutions by comparing discretionary access control and RBAC, explain file system ACLs and Linux permissions, and introduce MAC, ABC, rule-based, conditional access, and PAM.

Examine directory services and LDAP in x.500 directories, including distinguished names and attributes, and explore federation, identity providers, SAML, REST, OAuth, and OIDC for cloud and on-premises authorization.

Understand how accounts are defined by a seed and identity attributes, with permissions via group policies. Explore password policies, geo fencing, time-based access, and audit and lockout controls.

Explore local, network, and remote authentication across Windows and Linux, detailing LSA-based sign-in, Kerberos/NTLM network validation, VPN or web portal access, and single sign-on via Kerberos.

Explain how Kerberos enables single sign-on on Windows networks using a KDC to issue a TGT. Obtain service tickets for application servers and enable mutual authentication, authorization, and data transfer.

Explore securing the enterprise network architecture by comparing on premises models, applying security principles, and selecting controls like firewalls and access control lists to meet exam objectives 3.1 and 3.23.

Identify weaknesses like single points of failure and prioritizing availability over confidentiality and integrity. Describe how switches, routers, firewalls, DNS, and load balancers enable secure network designs across OSI layers.

Explore network segmentation and topology, using VLANs and firewalls to create secure zones (intranet, extranet, internet guest), implement DMZs and zero trust topology with micro-segmentation for east-west and north-south traffic.

Examine layer 2 and 3 forwarding, mac to ip mapping, ip addressing and subnets, and routing protocols including border gateway protocol, open shortest path first, enhanced interior gateway routing protocol.

Learn secure switching and routing by defending layer two with ARP poisoning prevention, MAC flooding countermeasures, and STP; and safeguard routers with DHCP snooping, 802.1x NAC, and route security.

Compare packet filtering and stateful inspection firewalls, detailing ACL-driven filtering and session-tracking with a state table. Explain IP tables, chains, and application-layer inspection, including port verification and SSL TLS inspection.

Examine firewall implementations, including appliances, router firewalls, application-based options, host-based and server firewalls, and proxies (forward and reverse) at the network edge.

Explore how the Windows 10 firewall uses inbound and outbound rules across domain, private, and public profiles, and learn to enable logging and monitor traffic, including default inbound blocking.

Block chrome internet access with a Windows 10 outbound rule, specify the program path and profiles, then test and manage port and policy options.

Explore next-generation firewalls (ngfw) and host-based intrusion detection systems (hbids), including utmb, content url filters, secure web gateways, wafs, and fim to prevent code injection and denial-of-service attacks.

Learn how remote access relies on VPNs to create secure, encrypted tunnels, covering client and site-to-site deployments, TLS/SSL VPNs, and IPsec with AH and ESP.

Examine remote access architecture, IKE v2 and IPsec with L2TP, mutual authentication, and security associations, plus VPN client setup, always-on and split or full tunnel concepts.

Explore secure cloud network architecture, covering deployment models such as software as a service and infrastructure as a service, infrastructure as code, IoT, and zero trust.

Explore cloud deployment models—public, hosted private, private, community, and hybrid—and service models like IaaS, PaaS, SaaS, and SecaaS, with examples such as Amazon EC2, Oracle Cloud, and Microsoft Azure.

Integrate cloud services into standard security policies, audit compliance, and manage risk transfer; emphasize liability, cross-border considerations, separation of duties, m of n controls, encryption, and high availability.

Explore cloud networking security: VPCs with private and public subnets, cross-account routing, VPC endpoints with PrivateLink for AWS services, and CASB protections.

Explore infrastructure as code concepts, automation and orchestration, and how service oriented architecture and microservices map to workflows, with soap and rest apis, serverless, fog and edge computing.

Adopt zero trust, a security framework requiring authentication, authorization, and continuous validation, with policy decision and enforcement to minimize blast radius and automate responses.

Explore embedded systems as specialized, static environments built from SoC, FPGA, and RTOS, with constraints like power, memory, authentication, and cryptographic identification used in remotes and water treatment networks.

Explore industrial control systems and the internet of things, emphasizing the icy triad and prioritizing availability and integrity over confidentiality, and examine plc, hmi, data historians, and scada in infrastructure.

Explore data backup concepts, asset management practices, and physical security concepts to enhance network resiliency against cyber attacks, including prioritizing assets and implementing robust backups.

Explore backup strategies and retention policies, balancing short- and long-term data retention with recovery point objectives, and compare full, incremental, differential, snapshot, and image backups.

Explore backup storage concepts, including CIA requirements for backups, offsite distance considerations, online versus offline backups, the 321 rule, and media types, plus restoration and non-persistence techniques.

Explore configuration management, ITIL and CMS tools, covering baselines, configuration items, and diagrams, plus asset management, naming conventions, RFCs, rollback plans, and site resiliency with hot, warm, and cold sites.

Explore redundancy strategies that boost high availability and fault tolerance. Implement power, network, and disk redundancy with NIC teaming, RAID, multipath, and geographic replication, including synchronous and asynchronous options.

Learn defense in depth and security through diversity, blending technology diversity, control diversity, and vendor diversity with training, endpoint security, and decoy defenses like honeypots and DNS sinkholes.

Explore physical access controls for buildings, data centers, and zones, using authentication, authorization, and accounting; design secure layouts with fencing, lighting, turnstiles, and biometric or electronic locks.

Explore physical security controls, including smart card cloning and skimming risks, juice jacking mitigations with USB data blockers, alarms, CCTV, and challenge-based access policies.

Apply physical host security controls in secure areas and server cabinets, using co-location cages, air gaps, DMZs, and Faraday cages to protect critical assets.

Explore vulnerability management by examining its importance, vulnerability scanning techniques, and vulnerability analysis concepts to assess risks across applications, workstations, and networks, aligned with exam objectives 2.3 and 4.3.

Master vulnerability discovery, from zero-day exploits and bug bounty programs to full and responsible disclosure, and leverage CVE, Cvss, and Nvd for prioritizing remediation.

Identify weak host and network configurations, including default settings, default passwords, unsecured root accounts, open permissions, and enforce least-privileged management while assessing risks from ports, http, weak encryption, and errors.

Analyze the evaluation scope to assess a target product, system, or application for vulnerabilities via vulnerability assessments, penetration testing, documentation review, secure code and cryptographic analysis, and compliance verification.

Explore common application attacks, including buffer overflows, integer overflows, null pointer dereferences, race conditions, memory leaks, resource exhaustion, DLL injection, and pass-the-hash threats.

Explore cross-site scripting (xss) attacks that target the victim’s browser via javascript, hijacking cookies and enabling session access. Learn how to inject malicious scripts and how input filtering prevents xss.

Learn how SQL injection attacks exploit databases, cause errors, and expose data; explore defense through parameterized statements, input escaping, and input sanitizing.

Explore mobile vulnerabilities from sideloading, rooting, and jailbreaking, and learn how excessive app permissions and non-store installations raise data privacy risks; discover how MDM and strict policies protect regulated industries.

Explore threat research sources as security researchers uncover malware, phishing attempts, and adversary TTPs by analyzing data from customer networks, deep web, and dark web via Tor.

Explore how threat intelligence providers convert research into behavioral, reputational, and threat data, and how CTI feeds integrate with SIEM via four models, including OSINT.

Explore threat data feeds and ai in a cti platform, using Stix for iocs and relationships, taxi for data transport, threat maps, and cves.

Analyze vulnerability scans with dynamic application security testing tools (dast) and CVE databases, interpret results as true/false positives/negatives, and prioritize patches by severity and eight major types.

Explore securing and hardening devices and networks by establishing secure baselines, applying patching and rolling updates, and implementing wireless design and security settings.

Explore benchmarks and secure configuration guides from the Center for Internet Security, including CIS Critical Security Controls and benchmarks for PCI DSS and ISO 27000.

Explore Wi-Fi authentication methods, including open, personal (PSK and SRP), and enterprise (802.1x with EAP), and learn how PMK and the four-way handshake, Dragonfly handshake, and EAP-TLS secure sessions.

Explore wifi authentication methods such as PEAP, EAP-TLS, and EAP-FAST, including PACs and Radius federation, and examine rogue APs, evil twins, and replay attacks with MFP.

Network security monitoring analyzes traffic and logs in real time, alerting to threats. Learn about intrusion detection systems, sensors, taps, signature and anomaly detection, and intrusion prevention systems.

Web filtering blocks access to malicious and inappropriate sites to protect networks from malware and phishing. It uses agent-based and proxy approaches with URL scanning, content categorization, and reputation-based filtering.