Security+ Certification/Assessments & Audits

From Wikibooks, open books for an open world
Jump to navigation Jump to search

4.1 Conduct risk assessments and implement risk mitigation[edit | edit source]

4.2 Carry out vulnerability assessment using common tools[edit | edit source]

  • Port scanners
  • Vulnerability scanners
  • Protocol analyzers

  • OVAL
  • Password crackers
  • Network mappers

4.3 Explain the proper use of penetration testing versus vulnerability scanning[edit | edit source]

4.4 Use monitoring tools on systems and networks and detect security-related anomalies[edit | edit source]

  • Performance monitor
  • Systems monitor
  • Performance baseline
  • Protocol analyzers

4.5 Compare and contrast various types of monitoring methodologies[edit | edit source]

  • Behavior-based
  • Signature-based
  • Anomaly-based

4.6 Execute proper logging procedures and evaluate the results[edit | edit source]

  • Security application
  • DNS
  • System
  • Performance

  • Access
  • Firewall
  • Antivirus

4.7 Conduct periodic audits of system security settings[edit | edit source]

  • User access and rights review
  • Storage and retention policies
  • Group policies