




































Studia grazie alle numerose risorse presenti su Docsity
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Prepara i tuoi esami
Studia grazie alle numerose risorse presenti su Docsity
Prepara i tuoi esami con i documenti condivisi da studenti come te su Docsity
Trova i documenti specifici per gli esami della tua università
Preparati con lezioni e prove svolte basate sui programmi universitari!
Rispondi a reali domande d’esame e scopri la tua preparazione
Riassumi i tuoi documenti, fagli domande, convertili in quiz e mappe concettuali
Studia con prove svolte, tesine e consigli utili
Togliti ogni dubbio leggendo le risposte alle domande fatte da altri studenti come te
Esplora i documenti più scaricati per gli argomenti di studio più popolari
Ottieni i punti per scaricare
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Corso su cyber security e tecniche informatiche
Tipologia: Schemi e mappe concettuali
1 / 44
Questa pagina non è visibile nell’anteprima
Non perderti parti importanti!





































✓ Phishing ✓ Smishing ✓ Vishing ✓ Spam ✓ Spam over instant messaging (SPIM) ✓ Spear phishing ✓ Dumpster diving ✓ Shoulder surfing ✓ Pharming ✓ Tailgating ✓ Eliciting information
✓ Whaling ✓ Prepending ✓ Identity fraud ✓ Invoice scams ✓ Credential harvesting ✓ Reconnaissance ✓ Hoax ✓ Impersonation ✓ Watering hole attack ✓ Typosquatting ✓ Pretexting ✓ Influence campaigns o Hybrid warfare o Social media ✓ Principles (reasons for effectiveness) o Authority o Intimidation o Consensus o Scarcity o Familiarity o Trust o Urgency MODULE 2 - GIVEN A SCENARIO, ANALYZE POTENTIAL INDICATORS TO DETERMINE THE TYPE OF ATTACK ✓ Malware o Ransomware o Trojans o Worms o Potentially unwanted programs (PUPs) o Fileless virus o Command and control o Bots o Cryptomalware o Logic bombs o Spyware o Keyloggers o Remote access Trojan (RAT) o Rootkit o Backdoor ✓ Password attacks o Spraying o Dictionary o Brute force ▪ Offline ▪ Online ▪ Rainbow table
✓ Wireless o Evil twin o Rogue access point o Bluesnarfing o Bluejacking o Disassociation o Jamming o Radio frequency identification (RFID) o Near-field communication (NFC) o Initialization vector (IV) ✓ On-path attack (conosciuto anche come man-in-the-middle attack/ man-in-the-browser attack) ✓ Layer 2 attacks o Address Resolution / Protocol (ARP) poisoning o Media access control (MAC) flooding o MAC cloning ✓ Domain name system (DNS) o Domain hijacking o DNS poisoning o Uniform Resource Locator (URL) redirection o Domain reputation ✓ Distributed denial-of-service (DDoS) o Network o Application o Operational technology (OT) ✓ Malicious code or script execution o PowerShell o Python o Bash o Macros o Visual Basic for Applications (VBA) MODULE 5 - EXPLAIN DIFFERENT THREAT ACTORS, VECTORS, AND INTELLIGENCE SOURCES ✓ Actors and threats o Advanced persistent threat (APT) o Insider threats o State actors o Hacktivists o Script kiddies o Criminal syndicates o Hackers ▪ Authorized ▪ Unauthorized ▪ Semi-authorized
o Shadow IT o Competitors ✓ Attributes of actors o Internal/external o Level of sophistication/capability o Resources/funding o Intent/motivation ✓ Vectors o Direct access o Wireless o Email o Supply chain o Social media o Removable media o Cloud ✓ Threat intelligence sources o Open-source intelligence (OSINT) o Closed/proprietary o Vulnerability databases o Public/private information-sharing centers o Dark web o Indicators of compromise o Automated Indicator Sharing (AIS) ▪ Structured Threat Information eXpression (STIX) / Trusted Automated eXchange of Intelligence Information (TAXII) o Predictive analysis o Threat maps o File/code repositories ✓ Research sources o Vendor websites o Vulnerability feeds o Conferences o Academic journals o Request for comments (RFC) o Local industry groups o Social media o Threat feeds o Adversary tactics, techniques, and procedures (TTP) MODULE 6 - EXPLAIN THE SECURITY CONCERNS ASSOCIATED WITH VARIOUS TYPES OF VULNERABILITIES ✓ Cloud-based vs. on-premises vulnerabilities ✓ Zero-day ✓ Weak configurations o Open permissions o Unsecure root accounts o Errors
o User behavior analysis o Sentiment analysis o Security monitoring o Log aggregation o Log collectors ✓ Security orchestration, automation, and response (SOAR) MODULE 8 - EXPLAIN THE TECHNIQUES USED IN PENETRATION TESTING ✓ Penetration testing o Known environment o Unknown environment o Partially known environment o Rules of engagement o Lateral movement o Privilege escalation o Persistence o Cleanup o Bug bounty o Pivoting ✓ Passive and active reconnaissance o Drones o War flying o War driving o Footprinting o OSINT ✓ Exercise types o Red-team o Blue-team o White-team o Purple-team UNIT 2 - ARCHITECTURE AND DESIGN MODULE 1 - EXPLAIN THE IMPORTANCE OF SECURITY CONCEPTS IN AN ENTERPRISE ENVIRONMENT ✓ Configuration management o Diagrams o Baseline configuration o Standard naming conventions o Internet protocol (IP) schema ✓ Data sovereignty ✓ Data protection o Data loss prevention (DLP) o Masking o Encryption
o At rest o In transit/motion o In processing o Tokenization o Rights management ✓ Geographical considerations ✓ Response and recovery controls ✓ Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection ✓ Hashing ✓ API considerations ✓ Site resiliency o Hot site o Cold site o Warm site ✓ Deception and disruption o Honeypots o Honeyfiles o Honeynets o Fake telemetry o DNS sinkhole MODULE 2 - SUMMARIZE VIRTUALIZATION AND CLOUD COMPUTING CONCEPTS ✓ Cloud models o Infrastructure as a service (IaaS) o Platform as a service (PaaS) o Software as a service (SaaS) o Anything as a service (XaaS) o Public o Community o Private o Hybrid ✓ Cloud service providers ✓ Managed service provider (MSP) / Managed Security Service Provider (MSSP) ✓ On-premises vs. off-premises ✓ Fog computing ✓ Edge computing ✓ Thin client ✓ Containers ✓ Microservices/API ✓ Infrastructure as code o Software-defined networking (SDN) o Software-defined visibility (SDV) ✓ Serverless architecture ✓ Services integration ✓ Resource policies
▪ Time-based one-time password (TOTP) ▪ HMAC-based one-time password (HOTP) ▪ Short message service (SMS) ▪ Token key ▪ Static codes ▪ Authentication applications ▪ Push notifications ▪ Phone call o Smart card authentication ✓ Biometrics o Fingerprint o Retina o Iris o Facial o Voice o Vein o Gait analysis o Efficacy rates o False acceptance o False rejection o Crossover error rate ✓ Multifactor authentication (MFA) factors and attributes o Factors ▪ Something you know ▪ Something you have ▪ Something you are o Attributes ▪ Somewhere you are ▪ Something you can do ▪ Something you exhibit ▪ Someone you know ✓ Authentication, authorization, and accounting (AAA) ✓ Cloud vs. on-premises requirements MODULE 5 - GIVEN A SCENARIO, IMPLEMENT CYBERSECURITY RESILIENCE ✓ Redundancy o Geographic dispersal o Disk ▪ Redundant array of inexpensive disks (RAID) levels ▪ Multipath ✓ Network o Load balancers o Network interface card (NIC) teaming ✓ Power o Uninterruptible power supply (UPS)
o Generator o Dual supply o Managed power distribution units (PDUs) ✓ Replication o Storage area network o VM ✓ On-premises vs. cloud ✓ Backup types o Full o Incremental o Snapshot o Differential o Tape o Disk o Copy o Network-attached storage (NAS) o Storage area network o Cloud o Image o Online vs. offline o Offsite storage ▪ Distance considerations ✓ Non-persistence o Revert to known state o Last known-good configuration o Live boot media ✓ High availability o Scalability ✓ Restoration order ✓ Diversity o Technologies o Vendors o Crypto o Controls MODULE 6 - EXPLAIN THE SECURITY IMPLICATIONS OF EMBEDDED AND SPECIALIZED SYSTEMS ✓ Embedded systems o Raspberry Pi o Field-programmable gate array (FPGA) o Arduino ✓ Supervisory control and data acquisition / (SCADA)/industrial control system (ICS) o Facilities o Industrial o Manufacturing o Energy o Logistics
✓ Personnel o Guards o Robot sentries o Reception o Two-person integrity/control ✓ Locks o Biometrics o Electronic o Physical o Cable locks ✓ USB data blocker ✓ Lighting ✓ Fencing ✓ Fire suppression ✓ Sensors o Motion detection o Noise detection o Proximity reader o Moisture detection o Cards o Temperature ✓ Drones ✓ Visitor logs ✓ Faraday cages ✓ Air gap ✓ Screened subnet (DMZ) ✓ Protected cable distribution ✓ Secure areas o Air gap o Vault o Safe o Hot aisle o Cold aisle ✓ Secure data destruction o Burning o Shredding o Pulping o Pulverizing o Degaussing o Third-party solutions MODULE 8 - SUMMARIZE THE BASICS OF CRYPTOGRAPHIC CONCEPTS ✓ Digital signatures ✓ Key length ✓ Key stretching ✓ Salting ✓ Hashing
✓ Key exchange ✓ Elliptic-curve cryptography ✓ Perfect forward secrecy ✓ Quantum o Communications o Computing ✓ Post-quantum ✓ Ephemeral ✓ Modes of operation o Authenticated o Unauthenticated o Counter ✓ Blockchain o Public ledgers ✓ Cipher suites o Stream o Block ✓ Symmetric vs. asymmetric ✓ Lightweight cryptography ✓ Steganography o Audio o Video o Image ✓ Homomorphic encryption ✓ Common use cases o Low power devices o Low latency o High resiliency o Supporting confidentiality o Supporting integrity o Supporting obfuscation o Supporting authentication o Supporting non-repudiation ✓ Limitations o Speed o Size o Weak keys o Time o Longevity o Predictability o Reuse o Entropy o Computational overheads o Resource vs. security constraints UNIT 3 - IMPLEMENTATION
o Hashing ✓ Application security o Input validations o Secure cookies o Hypertext Transfer Protocol (HTTP) headers o Code signing o Allow list o Block list/deny list o Secure coding practices o Static code analysis ▪ Manual code review o Dynamic code analysis o Fuzzing ✓ Hardening o Open ports and services o Registry o Disk encryption o OS o Patch management ▪ Third-party updates ▪ Auto-update ✓ Self-encrypting drive (SED)/full-disk encryption (FDE) o Opal ✓ Hardware root of trust ✓ Trusted Platform Module (TPM) ✓ Sandboxing MODULE 3 - GIVEN A SCENARIO, IMPLEMENT SECURE NETWORK DESIGNS ✓ Load balancing o Active/active o Active/passive o Scheduling o Virtual IP o Persistence ✓ Network segmentation o Virtual local area network (VLAN) o Screened subnet (previously known as demilitarized zone) o East-west traffic o Extranet o Intranet o Zero Trust ✓ Virtual private network (VPN) o Always-on o Split tunnel vs. full tunnel o Remote access vs. site-to-site o IPSec o SSL/TLS
o HTML o Layer 2 tunneling protocol (L2TP) ✓ DNS ✓ Network access control (NAC) o Agent and agentless ✓ Out-of-band management ✓ Port security o Broadcast storm prevention o Bridge Protocol Data Unit (BPDU) guard o Loop prevention o Dynamic Host Configuration Protocol (DHCP) snooping o Media access control (MAC) filtering ✓ Network appliances o Jump servers o Proxy servers ▪ Forward ▪ Reverse o Network-based intrusion detection system (NIDS)/network-based intrusion prevention system (NIPS) ▪ Signature-based ▪ Heuristic/behavior ▪ Anomaly ▪ Inline vs. passive o HSM o Sensors o Collectors o Aggregators o Firewalls ▪ Web application firewall (WAF) ▪ NGFW ▪ Stateful ▪ Stateless ▪ Unified threat management (UTM) ▪ Network address translation (NAT) gateway ▪ Content/URL filter ▪ Open-source vs. proprietary ▪ Hardware vs. software ▪ Appliance vs. host-based vs. virtual o Access control list (ACL) o Route security o Quality of service (QoS) o Implications of IPv o Port spanning/port mirroring/Port taps o Monitoring services o File integrity monitors MODULE 4 - GIVEN A SCENARIO, INSTALL AND CONFIGURE WIRELESS SECURITY SETTINGS
o Context-aware authentication o Containerization o Storage segmentation o Full device encryption ✓ Mobile devices o MicroSD hardware security module (HSM) o MDM/Unified Endpoint Management (UEM) o Mobile application management (MAM) o SEAndroid ✓ Enforcement and monitoring of: o Third-party application stores o Rooting/jailbreaking o Sideloading o Custom firmware o Carrier unlocking o Firmware over-the-air (OTA) updates o Camera use o SMS/Multimedia Messaging Service (MMS)/Rich Communication Services (RCS) o External media o USB On-The-Go (USB OTG) o Recording microphone o GPS tagging o WiFi direct/ad hoc o Tethering o Hotspot o Payment methods ✓ Deployment models o Bring your own device (BYOD) o Corporate-owned personally enabled (COPE) o Choose your own device (CYOD) o Corporate-owned o Virtual desktop infrastructure (VDI) MODULE 6 - GIVEN A SCENARIO, APPLY CYBERSECURITY SOLUTIONS TO THE CLOUD. ✓ Cloud security controls o High availability across zones o Resource policies o Secrets management o Integration and auditing o Storage ▪ Permissions ▪ Encryption ▪ Replication ▪ High availability o Network ▪ Virtual networks ▪ Public and private subnets
▪ Segmentation ▪ API inspection and integration o Compute ▪ Security groups ▪ Dynamic resource allocation ▪ Instance awareness ▪ Virtual private cloud (VPC) endpoint ▪ Container security ✓ Solutions o CASB o Application security o Next-generation secure web gateway (SWG) o Firewall considerations in a cloud environment ▪ Cost ▪ Need for segmentation ▪ Open Systems Interconnection (OSI) layers ✓ Cloud native controls vs. third-party solutions MODULE 7 - GIVEN A SCENARIO, IMPLEMENT IDENTITY AND ACCOUNT MANAGEMENT CONTROLS ✓ Identity o Identity provider (IdP) o Attributes o Certificates o Tokens o SSH keys o Smart cards ✓ Account types o User account o Shared and generic accounts/credentials o Guest accounts o Service accounts ✓ Account policies o Password complexity o Password history o Password reuse o Network location o Geofencing o Geotagging o Geolocation o Time-based logins o Access policies o Account permissions o Account audits o Impossible travel time/risky login o Lockout o Disablement