• 1.0 Threats, Attacks and Vulnerabilities
• 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware
• 1.2 Compare and contrast types of attacks
• 1.3 Explain threat actor types and attributes
• 1.4 Explain penetration testing concepts
• 1.5 Explain vulnerability scanning concepts
• 1.6 Explain the impact associated with types of vulnerabilities

• 2.0 Install and configure network components, both hardwareand software-based, to support organizational security
• 2.1 Install and configure network components, both hardware and software-based, to support organizational security
• 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization
• 2.3 Given a scenario, troubleshoot common security issues
• 2.4 Given a scenario, analyze and interpret output from security technologies
• 2.5 Given a scenario, deploy mobile devices securely
• 2.6 Given a scenario, implement secure protocols

• 3.0 Architecture and Design
• 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides
• 3.2 Given a scenario, implement secure network architecture concepts
• 3.3 Given a scenario, implement secure systems design
• 3.4 Explain the importance of secure staging deployment concepts
• 3.5 Explain the security implications of embedded systems
• 3.6 Summarize secure application development and deployment concepts
• 3.7 Summarize cloud and virtualization concepts
• 3.8 Explain how resiliency and automation strategies reduce risk
• 3.9 Explain the importance of physical security controls

• 4.0 Identity and Access Management
• 4.1 Compare and contrast identity and access management concepts
• 4.2 Given a scenario, install and configure identity and access services
• 4.3 Given a scenario, implement identity and access management controls
• 4.4 Given a scenario, differentiate common account management practices

• 5.0 Risk Management
• 5.1 Explain the importance of policies, plans and procedures related to organizational security.
• 5.2 Summarize business impact analysis concepts
• 5.3 Explain risk management processes and concepts
• 5.4 Given a scenario, follow incident response procedures
• 5.5 Summarize basic concepts of forensics
• 5.6 Explain disaster recovery and continuity of operation concepts
• 5.7 Compare and contrast various types of controls
• 5.8 Given a scenario, carry out data security and privacy practices

• 6.0 Cryptography and PKI
• 6.1 Compare and contrast basic concepts of cryptography
• 6.2 Explain cryptography algorithms and their basic characteristics
• 6.3 Given a scenario, install and configure wireless security settings
• 6.4 Given a scenario, implement public key infrastructure

A vulnerability is a weakness which can be exploited by a threat actor to perform unauthorized actions within a computer system. A vulnerability assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability scanning is a part of the vulnerability assessment. It uses tools, called vulnerability scanners, to look for vulnerabilities into the hosts of a network.

Passively test security controls

A vulnerability scanner passively tests security controls in the sense that it identifies weaknesses and misconfigurations in the target system but it does not launch attacks to see whether these weaknesses are actually exploitable.

Identify vulnerability

In order to identify vulnerabilities, vulnerability scanners use databases of publicly known vulnerabilities. For instance, the vulnerability scanner may identify a given version of a SQL Server on a server. It can then look for such version on the vulnerability database to discover whether that partcular version is affected by some known vulnerability. Example: the MITRE corporation maintains the CVE , which is a list of entries for publicly known cybersecurity vulnerabilities. The NIST instead maintains the National Vulnerability Database (NVD).

Identify lack of security controls

Vulnerability scanners are able to identify the lack of security controls, like the lack of antivirus software.

Identify common misconfigurations

Vulnerability scanners are able o identify common misconfigurations like open ports (ports should be open to allow incoming connections to legitimate and managed services, like an https server, but should be otherwse closed), weak passwords and default configurations (like the Admin/Admin credentials to access the router administration page).

Intrusive vs. non-intrusive

An intrusive scan is one that can damage the target system, for istance my making it unavailable. A non-intrusive scan is one that is harmless to the target system. Example: penestration testing is an intrusive test because the actual exploitation of vulnerabilities can compromise the working of the target system. Vulnerability scanning is non-intrusive because it does not attempt to exploit vulerabilities: in just generates network traffic and thus may cause alerts in IDS/IPS.

Credentialed vs. non-credentialed

A credentialed vulnerability scan is one run with account credential. This way, it may gather much more information on the target system, finding more vulnerabilities in lesser time. A non-credentialed vulnerability scan instead is run without account credentials. It tipically gains less information on the target systems and to balance this fact may be forced to generate much more traffic. Example: a scan using SNMP credentials may gather lots of informations regarding the target devices, digging much more deeper in finding vulnerabilities

False positive

A false positive in the context of vulnerability scanning is a result of the scanning that reports that a vulnerability is present in the target system while in reality such vulnerability does not exist.