| Exam Objective | Chapters |
| 2.1 Given a scenario, configure identity and access management.Identification and authorizationPrivileged access managementLogical access managementAccount life-cycle managementProvision and deprovision accountsAccess controlsRole-basedDiscretionaryNon-discretionaryMandatoryDirectory servicesLightweight directory access protocol (LDAP)FederationCertificate managementMultifactor authentication (MFA)Single sign-on (SSO)Security assertion markup language (SAML)Public key infrastructure (PKI)Secret managementKey management | 2, 3, 4 |
| 2.2 Given a scenario, secure a network in a cloud environmentNetwork segmentationVirtual LAN (VLAN)/Virtual extensible LAN (VXLAN)/Generic network virtualization encapsulation (GENEVE)Micro-segmentationTieringProtocolsDomain name service (DNS)DNS over HTTPS (DoH)DNS over TLS (DoT)DNS security (DNSSEC)Network time protocol (NTP)Network time security (NTS)EncryptionIPSecTransport layer security (TLS)Hypertext transfer protocol secure (HTTPS)TunnelingSecure Shell (SSH)Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)Generic routing encapsulation (GRE)Network servicesFirewallsStatefulStatelessWeb application firewall (WAF)Application delivery controller (ADC)Intrusion protection system (IPS)/Intrusion detection system (IDS)Data loss prevention (DLP)Network access control (NAC)Packet brokersLog and event monitoringNetwork flowsHardening and configuration changesDisabling unnecessary ports and servicesDisabling weak protocols and ciphersFirmware upgradesControl ingress and egress trafficWhitelisting or blacklistingProxy serversDistributed denial of service (DDoS) protection | 2, 3 |
| 2.3 Given a scenario, apply the appropriate OS and application security controls.PoliciesPassword complexityAccount lockoutApplication whitelistingSoftware featureUser/groupUser permissionsAntivirus/anti-malware/endpoint detection and response (EDR)Host-based IDS (HIDS)/Host-based IPS (HIPS)Hardened baselinesSingle functionFile integrityLog and event monitoringConfiguration managementBuildsStableLong-term support (LTS)BetaCanaryOperating system (OS) upgradesEncryptionApplication programming interface (API) endpointApplicationOSStorageFilesystemMandatory access controlSoftware firewall | 2, 3, 4, 5, 7 |
| 2.4 Given a scenario, apply data security and compliance controls in cloud environments.EncryptionIntegrityHashing algorithmsDigital signaturesFile integrity monitoring (FIM)ClassificationSegmentationAccess controlImpact of laws and regulationsLegal holdRecords managementVersioningRetentionDestructionWrite once read manyData loss prevention (DLP)Cloud access security broker (CASB) | 3, 4, 5 |
| 2.5 Given a scenario, implement measures to meet security requirements.ToolsVulnerability scannersPort scannersVulnerability assessmentDefault and common credential scansCredentialed scansNetwork-based scansAgent-based scansService availabilitiesSecurity patchesHot fixesScheduled updatesVirtual patchesSignature updatesRollupsRisk registerPrioritization of patch applicationDeactivate default accountsImpacts of security tools on systems and servicesEffects of cloud service models on security implementation | 3 |
| 2.6 Explain the importance of incident response procedures.PreparationDocumentationCall treesTrainingTabletopsDocumented incident types/categoriesRoles and responsibilitiesIncident response proceduresIdentificationScopeInvestigationContainment, eradication, and recoveryIsolationEvidence acquisitionChain of custodyPost-incident and lessons learnedRoot cause analysis | 9 |
