Security Pro Objectives

TestOut Security Pro Exam Objectives

Access Control and Identity Management

Create, modify, and delete user profiles
- Manage Windows Local and Domain Users and Groups
- Manage Linux Users and Groups
- Restrict use of common access accounts
Harden Authentication
- Configure Domain GPO Account Policy to enforce a robust password policy
- Configure the Domain GPO to control local administrator group membership and Administrator password
- Disable or rename default accounts such as Guest and Administrator
- Configure the Domain GPO to enforce User Account Control
- Configure a GPO for Smart Card authentication for sensitive resources
- Configure secure Remote Access
- Implement centralized authentication
Manage Certificates
- Approve, deny, and revoke certificate requests
- Configure Domain GPO Kerberos Settings

Promote Information Security Awareness
- Traveling with Personal Mobile Devices
- Exchanging content between Home and Work
- Storing of Personal Information on the Internet
- Using Social Networking Sites
- Using SSL Encryption
- Utilizing E-mail best practices
- Password Management
- Photo/GPS Integration
- Information Security
- Auto-lock and Passcode Lock
Evaluate Information Risk
- Perform Risk calculation
- Risk avoidance, transference, acceptance, mitigation, and deterrence
Maintain Hardware and Software Inventory

Harden Data Center Physical Access
- Implement Access Rosters
- Utiliza Visitor Identification and control
- Protect Doors and Windows
- Implement Physical Intrusion Detection Systems
Harden mobile devices (iPad)
- Apply updates
- Set Autolock
- Enable passcodes
- Configure network security settings
Harden mobile devices (Laptop)
- Set a BIOS Password
- Set a Login Password
- Implement full disk encryption

Harden the Network Perimeter (using a Cisco Network Security Appliance)
- Change the Default Username and Password
- Configure a Firewall
- Create a DMZ
- Configure NAT
- Configure VPN
- Implement Web Threat Protection
Secure Wireless Devices and Clients
- Change the Default Username, Password, and Administration limits
- Implement WPA2
- Configure Enhanced Security
- Disable Network Discovery

Harden Network Devices (using a Cisco Small Business Switch)
- Change the Default Username and Password on network devices
- Use secure passwords
- Shut down unneeded services and ports
- Implement Port Security
- Remove unsecure protocols (FTP, telnet, rlogin, rsh)
- Implement access lists, deny everything else
- Run latest iOS version
- Turn on logging with timestamps
- Segment Traffic using VLANs
Implement Intrusion Detection/Prevention (using a Cisco Network Security Appliance)
- Enable IPS protection for a LAN and DMZ
- Apply IPS Signature Updates
- Configure IPS Policy

Harden Computer Systems Against Attack
- Configure a GPO to enforce Workstation/Server security settings
- Configure Domain GPO to enforce use of Windows Firewall
- Configure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing)
- Protect against spyware and unwanted software using Windows Defender
- Configure NTFS Permissions for Secure file sharing
Implement Patch Management/System Updates
- Configure Windows Update
- Apply the latest Apple Software Updates
Perform System Backups and Recovery

Protect and maintain the integrity of data files
- Implement encryption technologies
- Perform data backups and recovery
- Implement redundancy and failover mechanisms
Protect Data Transmissions across open, public networks
- Encrypt Data Communications
- Implement secure protocols
- Remove unsecure protocols

Implement Logging and Auditing
- Configure Domain GPO Audit Policy
- Configure Domain GPO for Event Logging
Review security logs and violation reports, implement remediation
Review audit reports, implement remediation
Review vulnerability reports, implement remediation

Explore TestOut Pro Certifications