CIW Certification/Study Guides/Security Professional Exam

From Wikibooks, open books for an open world
Jump to navigation Jump to search

SKILLS MEASURED

A CIW Security Professional implements security policy, identifies security threats, and develops countermeasures using firewall systems and attack-recognition technologies. This individual is responsible for managing the deployment of e-business transaction and payment security solutions. Skills measured in the 1D0-470 exam include but are not limited to:

Network perimeter security and elements of an effective security policy.[edit | edit source]

Encryption, including the three main encryption methods used in internetworking.[edit | edit source]

Universal guidelines and principles for effective network security, as well as guidelines to create effective specific solutions.[edit | edit source]

Security principles and security attack identification.[edit | edit source]

Firewall types and common firewall terminology.[edit | edit source]

Firewall system planning including levels of protection.[edit | edit source]

Network firewall deployment.[edit | edit source]

Network security including industry security evaluation criteria and guidelines used to determine three security levels.[edit | edit source]

Mechanisms used to implement security systems, tools to evaluate key security parameters, techniques for security accounts, and threats to Windows 2000 and UNIX systems.[edit | edit source]

Permissions identification, assignment and usage, system defaults, and security commands.[edit | edit source]

System patches and fixes including application of system patches.[edit | edit source]

Windows 2000 Registry modifications, including lockdown and removal of services for effective security in Windows 2000 and Linux.[edit | edit source]

Security auditing principles, security auditor's chief duties and network risk factor assessment.[edit | edit source]

Security auditing and discovery processes, audit plans, and network-based and host-based discovery software.[edit | edit source]

Penetration strategies and methods, including identification of potential attacks.[edit | edit source]

User activities baseline, log analysis, and auditing of various activities.[edit | edit source]

Security policy compliance and assessment reports.[edit | edit source]

Operating system add-ons, including personal firewalls and native auditing.[edit | edit source]