انتشار:
Jan 2025
آموزش ISC2 Systems Security Perfitionerer (SSCP) (2024) CERT PREP
مدرس
Mike Chapple
انتشار
2025/01/28
مدت زمان
18h 5m
سطح
مناسب همه
فایل تمرینی
دارد
آموزش ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep
این دوره یک اکتشاف عمیق از حوزه های امتحان معتبر Security Security ISC2 (SSCP) را ارائه می دهد و شما را به مهارت های امنیت سایبری مورد نیاز برای مقابله با امتحان رسمی مجهز می کند. مربی مایک چاپل هفت حوزه اصلی امتحان را پوشش می دهد: مفاهیم و شیوه های امنیتی. کنترل دسترسی ؛ شناسایی ، نظارت و تجزیه و تحلیل ریسک ؛ پاسخ و بازیابی حادثه ؛ رمزنگاری ؛ امنیت شبکه و ارتباطات ؛ و سیستم ها و امنیت برنامه. ایده آل برای امنیت سایبری و متخصصان محاسبات ابری که وظیفه مدیریت و کاهش خطرات امنیتی را دارند ، این دوره برای کمک به شما در آزمون SSCP طراحی شده است.
Introduction
Earning your SSCP
()
1. The SSCP Exam
The SSCP exam
()
Is the SSCP right for you?
()
Careers in information security
()
Value of certification
()
Study resources
()
2. Inside the SSCP Exam
Registering for the exam
()
Exam environment
()
Question types
()
Passing the SSCP exam
()
3. Preparing for the Exam
Exam tips
()
Meeting the experience requirement
()
Continuing education requirements
()
4. Domain 1: Security Concepts and Practices
Overview of the Security Concepts and Practices Domain
()
5. Security Concepts
The goals of information security
()
Confidentiality
()
Integrity
()
Availability
()
Accountability
()
Need to know and least privilege
()
Segregation of duties (SoD)
()
Privacy compliance
()
Employee privacy
()
Ethics
()
6. Resource Security
Physical asset management
()
Software licensing
()
Change and configuration management
()
7. Data Security
Understanding data security
()
Data security policies
()
Data security roles
()
Limiting data collection
()
The data lifecycle
()
8. Security Standards
Developing security baselines
()
Leveraging industry standards
()
Customizing security standards
()
9. Security Controls
Security control selection and implementation
()
Control and risk frameworks
()
Security policy framework
()
DevOps and DevSecOps
()
10. Assessing Security Controls
Collect security process data
()
Management review
()
Security metrics
()
Audits and assessments
()
Control management
()
11. Awareness and Training
Security awareness and training
()
Compliance training
()
User habits
()
Social engineering
()
Measuring compliance and security posture
()
12. Physical Security
Site and facility design
()
Data center environmental controls
()
Data center environmental protection
()
Physical access control
()
Visitor management
()
13. Domain 2: Access Controls
Overview of the Access Controls Domain
()
14. Identity and Access Management
Access controls
()
Identification, authentication, and authorization
()
15. Identification
Usernames and access cards
()
Biometrics
()
Registration and identity proofing
()
16. Authentication
Authentication factors
()
Multifactor authentication
()
Something you have
()
Password authentication protocols
()
SSO and federation
()
Internetwork trust architectures
()
Third-party connections
()
Zero-trust network architectures
()
SAML
()
OAuth and OpenID Connect
()
Device authentication
()
17. Identity Management Lifecycle
Understand account and privilege management
()
Account policies
()
Password policies
()
Manage roles
()
Monitoring, reporting, and maintenance
()
Provisioning and deprovisioning
()
18. Authorization
Understand authorization
()
Mandatory access controls
()
Discretionary access controls
()
Access control lists
()
Advanced authorization concepts
()
19. Domain 3: Risk Identification, Monitoring, and Analysis
Overview of the Risk Identification, Monitoring, and Analysis Domain
()
20. Risk Management
Risk assessment
()
Quantitative risk assessment
()
Risk management
()
Ongoing risk management
()
Risk management frameworks
()
Risk visibility and reporting
()
21. Threat Modeling
Threat intelligence
()
Managing threat indicators
()
Intelligence sharing
()
Identifying threats
()
Automating threat intelligence
()
Threat hunting
()
MITRE ATT&CK
()
22. Understanding Vulnerability Types
Vulnerability impacts
()
Supply chain vulnerabilities
()
Configuration vulnerabilities
()
Architectural vulnerabilities
()
23. Vulnerability Scanning
What is vulnerability management?
()
Identifying scan targets
()
Scan configuration
()
Scan perspective
()
SCAP
()
CVSS
()
Interpreting CVSS scores
()
Analyzing scan reports
()
Correlating scan results
()
24. Legal and Regulatory Concerns
Legal and compliance risks
()
Legal definitions
()
Data privacy
()
Data breaches
()
25. Security Monitoring
Monitoring log files
()
Security information and event management
()
Continuous security monitoring
()
Visualization and reporting
()
Compliance monitoring
()
Legal and ethical issues in monitoring
()
26. Domain 4: Incident Response and Recovery
Overview of the Incident Response and Recovery Domain
()
27. Incident Management
Build an incident response program
()
Creating an incident response team
()
Incident communications plan
()
Incident detection
()
Escalation and notification
()
Mitigation
()
Containment techniques
()
Incident eradication and recovery
()
Validation
()
Post-incident activities
()
Incident response exercises
()
28. Investigations and Forensics
Conducting investigations
()
Evidence types
()
Introduction to forensics
()
System and file forensics
()
Network forensics
()
Software forensics
()
Mobile device forensics
()
Embedded device forensics
()
Chain of custody
()
Reporting and documenting incidents
()
Electronic discovery (ediscovery)
()
29. Business Continuity
Business continuity planning
()
Business continuity controls
()
High availability and fault tolerance
()
30. Disaster Recovery
Disaster recovery planning
()
Backups
()
Restoring backups
()
Disaster recovery sites
()
Testing BC/DR plans
()
After action reports
()
31. Emergency Response
Building an emergency response plan
()
32. Domain 5: Cryptography
Overview of the Cryptography Domain
()
33. Encryption
Understanding encryption
()
Symmetric and asymmetric cryptography
()
Goals of cryptography
()
Codes and ciphers
()
Choosing encryption algorithms
()
The perfect encryption algorithm
()
The cryptographic lifecycle
()
34. Symmetric Cryptography
Data encryption standard
()
3DES
()
AES, Blowfish, and Twofish
()
RC4
()
Steganography
()
35. Asymmetric Cryptography
Rivest-Shamir-Adleman (RSA)
()
PGP and GnuPG
()
Elliptic curve and quantum cryptography
()
36. Key Management
Cryptographic key security
()
Key exchange
()
Diffie-Hellman
()
Key escrow
()
Key stretching
()
37. Public Key Infrastructure
Trust models
()
PKI and digital certificates
()
Hash functions
()
Digital signatures
()
Create a digital certificate
()
Revoke a digital certificate
()
Certificate stapling
()
Certificate authorities
()
Certificate subjects
()
Certificate types
()
Certificate formats
()
38. Transport Encryption
TLS and SSL
()
IPSec
()
Securing common protocols
()
DKIM
()
Tor and perfect forward secrecy
()
Blockchain
()
39. Cryptanalytic Attacks
Brute-force attacks
()
Knowledge-based attacks
()
Limitations of encryption algorithms
()
40. Domain 6: Network and Communications Security
Overview of the Network and Communications Security Domain
()
41. TCP/IP Networking
Introducing TCP/IP
()
IP addressing and DHCP
()
Domain Name System (DNS)
()
Network ports
()
ICMP
()
Network topologies
()
Network relationships
()
42. Network Security Devices
Routers, switches, and bridges
()
Firewalls
()
Proxy servers
()
Load balancers
()
VPNs and VPN concentrators
()
Network intrusion detection and prevention
()
Protocol analyzers
()
Content distribution networks
()
Traffic shaping and WAN optimization
()
Unified threat management
()
43. Secure Network Design
Public and private addressing
()
Subnetting
()
Security zones
()
VLANs and network segmentation
()
Security device placement
()
Software-defined networking (SDN)
()
Transmission media
()
44. Network Security Technologies
Restricting network access
()
Network access control
()
RADIUS and TACACS
()
Firewall rule management
()
Router configuration security
()
Switch configuration security
()
Maintaining network availability
()
Network monitoring
()
SNMP
()
Isolating sensitive systems
()
45. Remote Network Access
Remote network access
()
Desktop and application virtualization
()
46. Wireless Networking
Understanding wireless networking
()
Wireless encryption
()
Wireless authentication
()
Wireless signal propagation
()
Wireless networking equipment
()
47. Network Attacks
Denial of service attacks
()
Eavesdropping attacks
()
DNS attacks
()
Layer 2 attacks
()
Network address spoofing
()
Wireless attacks
()
Propagation attacks
()
Preventing rogues and evil twins
()
Disassociation attacks
()
Understanding Bluetooth and NFC attacks
()
48. Domain 7: Systems and Application Security
Overview of the Systems and Application Security Domain
()
49. Malware
Comparing viruses, worms, and trojans
()
Malware payloads
()
Understanding backdoors and logic bombs
()
Looking at advanced malware
()
Understanding botnets
()
Code signing
()
50. Understanding Attackers
Cybersecurity adversaries
()
Preventing insider threats
()
Attack vectors
()
Zero-days and the Advanced Persistent Threat
()
51. Social Engineering Attacks
Social engineering
()
Impersonation attacks
()
Identity fraud and pretexting
()
Watering hole attacks
()
Physical social engineering
()
52. Web Application Attacks
OWASP Top Ten
()
Application security
()
Preventing SQL injection
()
Understanding cross-site scripting
()
Request forgery
()
Defending against directory traversal
()
Overflow attacks
()
Explaining cookies and attachments
()
Session hijacking
()
Code execution attacks
()
53. Host Security
Operating system security
()
Malware prevention
()
Application management
()
Host-based network security controls
()
File integrity monitoring
()
Data loss prevention
()
Endpoint monitoring
()
54. Hardware Security
Hardware encryption
()
Hardware and firmware security
()
Peripheral security
()
55. Mobile Device Security
Mobile connection methods
()
Mobile device security
()
Mobile device management
()
Mobile device tracking
()
Mobile application management
()
Mobile security enforcement
()
Bring Your Own Device (BYOD)
()
Mobile deployment models
()
56. Embedded Systems Security
Industrial control systems
()
Internet of Things
()
Securing smart devices
()
Secure networking for smart devices
()
57. Cloud Computing
What is the cloud?
()
Cloud activities and the Cloud Reference Architecture
()
Cloud deployment models
()
Cloud service categories
()
Virtualization
()
Cloud compute resources
()
Cloud storage
()
Containers
()
58. Cloud Issues
Security and privacy concerns in the cloud
()
Data sovereignty
()
Cloud access security brokers
()
Operational concerns in the cloud
()
Conclusion
Preparing for the exam
()
Ex_Files_ISC2_Systems_Security.zip
(674 KB)
دانلود فایل فشرده
با توجه به امکانات آموزش و همچنین امکانات بسته انتخاب شده لینک دانلود فایل فشرده آماده خواهد شد. با در نظر داشتن این شرایط لطفا بسته مورد نظر خود را انتخاب کرده و روی دکمه درخواست لینک دانلود کلیک کنید
در حال به روزرسانی اطلاعات
درخواست لینک دانلود
در حال به روزرسانی اطلاعات
لطفا قبل از فعالسازی لینک دانلود به موارد زیر توجه کنید:
- پسورد فایلهای فشرده است.
- لینکهای آماده شده تا 8 روز پس از فعالسازی منقضی خواهند شد.
- حجم فایلها تخمینی هستند.
- در صورتی که لینک دانلود تا 15دقیقه پس از درخواست آماده نشد، از بخش پشتیبانی پیگیری نمایید.
محتواها
306 محتوای ویدئویی
زیرنویس
English و فارسی-ماشین
کیفیت ویدئوها
1080p و 720p
فایل تمرینی
دارد
آزمون
ندارد