Know What's on the Exam
Certification Exam Objectives
Master every domain. Comprehensive exam objectives for 50+ industry-leading IT certifications. Know exactly what to study.
50+
Certifications
15+
Vendors
250K+
Professionals Certified
ISC2 Certifications
5 Certifications-
1 Security and Risk Management 15%
- Understand, adhere to, and promote professional ethics
- Understand and apply security concepts
- Evaluate and apply security governance principles
- Understand legal, regulatory, and compliance issues
- Understand requirements for investigation types
- Develop, document, and implement security policies
- Identify, analyze, and prioritize Business Continuity requirements
- Contribute to and enforce personnel security policies
- Understand and apply risk management concepts
- Understand and apply threat modeling concepts and methodologies
- Apply Supply Chain Risk Management (SCRM) concepts
- Establish and maintain a security awareness, education, and training program
-
2 Asset Security 10%
- Identify and classify information and assets
- Establish information and asset handling requirements
- Provision resources securely
- Manage data lifecycle
- Ensure appropriate asset retention
- Determine data security controls and compliance requirements
-
3 Security Architecture and Engineering 13%
- Research, implement, and manage engineering processes using secure design principles
- Understand the fundamental concepts of security models
- Select controls based upon systems security requirements
- Understand security capabilities of Information Systems
- Assess and mitigate vulnerabilities in systems
- Assess and mitigate vulnerabilities in web-based systems
- Assess and mitigate vulnerabilities in mobile systems
- Assess and mitigate vulnerabilities in embedded devices
- Apply cryptography
- Apply security principles to site and facility design
- Design site and facility security controls
-
4 Communication and Network Security 13%
- Assess and implement secure design principles in network architectures
- Secure network components
- Implement secure communication channels according to design
-
5 Identity and Access Management (IAM) 13%
- Control physical and logical access to assets
- Design identification and authentication strategies
- Federated identity with third-party services
- Implement and manage authorization mechanisms
- Manage the identity and access provisioning lifecycle
- Implement authentication systems
-
6 Security Assessment and Testing 12%
- Design and validate assessment, test, and audit strategies
- Conduct security control testing
- Collect security process data
- Analyze test output and generate reports
- Conduct or facilitate security audits
-
7 Security Operations 13%
- Understand and comply with investigations
- Conduct logging and monitoring activities
- Perform configuration management
- Apply foundational security operations concepts
- Apply resource protection
- Conduct incident management
- Operate and maintain detective and preventative measures
- Implement and support patch and vulnerability management
- Understand and participate in change management processes
- Implement recovery strategies
- Implement Disaster Recovery processes
- Test Disaster Recovery Plans
- Participate in Business Continuity planning and exercises
- Implement and manage physical security
- Address personnel safety and security concerns
-
8 Software Development Security 11%
- Understand and integrate security in the Software Development Life Cycle
- Identify and apply security controls in software development ecosystems
- Assess the effectiveness of software security
- Assess security impact of acquired software
- Define and apply secure coding guidelines and standards
-
1 Cloud Concepts, Architecture and Design 17%
- Understand cloud computing concepts
- Describe cloud reference architecture
- Understand security concepts relevant to cloud computing
- Understand design principles of secure cloud computing
- Evaluate cloud service providers
-
2 Cloud Data Security 20%
- Describe cloud data concepts
- Design and implement cloud data storage architectures
- Design and apply data security technologies and strategies
- Implement data discovery
- Implement data classification
- Design and implement Information Rights Management (IRM)
- Plan and implement data retention, deletion, and archiving policies
- Design and implement auditability, traceability, and accountability of data events
-
3 Cloud Platform and Infrastructure Security 17%
- Comprehend cloud infrastructure and platform components
- Design a secure data center
- Analyze risks associated with cloud infrastructure and platforms
- Plan and implementation of security controls
- Plan business continuity (BC) and disaster recovery (DR)
-
4 Cloud Application Security 17%
- Advocate training and awareness for application security
- Describe the Secure Software Development Life Cycle (SDLC) process
- Apply the Secure Software Development Life Cycle (SDLC)
- Apply cloud software assurance and validation
- Use verified secure software
- Comprehend the specifics of cloud application architecture
- Design appropriate Identity and Access Management (IAM) solutions
-
5 Cloud Security Operations 16%
- Build and implement physical and logical infrastructure for cloud environment
- Operate and maintain physical and logical infrastructure for cloud environment
- Implement operational controls and standards
- Support digital forensics
- Manage communication with relevant parties
- Manage security operations
-
6 Legal, Risk and Compliance 13%
- Articulate legal requirements and unique risks within the cloud environment
- Understand privacy issues
- Understand audit process, methodologies, and required adaptations for a cloud environment
- Understand implications of cloud to enterprise risk management
- Understand outsourcing and cloud contract design
-
1 Security Principles 26%
- Understand the security concepts of information assurance
- Understand the risk management process
- Understand security controls
- Understand governance elements and processes
- Understand ISC2 Code of Ethics
-
2 Business Continuity, Disaster Recovery & Incident Response 10%
- Understand business continuity (BC)
- Understand disaster recovery (DR)
- Understand incident response
-
3 Access Controls Concepts 22%
- Understand physical access controls
- Understand logical access controls
-
4 Network Security 24%
- Understand computer networking
- Understand network threats and attacks
- Understand network security infrastructure
-
5 Security Operations 18%
- Understand data security
- Understand system hardening
- Understand best practice security policies
- Understand security awareness training
-
1 Security Operations and Administration 16%
- Comply with codes of ethics
- Understand security concepts
- Document, implement, and maintain functional security controls
- Participate in asset management
- Implement security controls and assess compliance
- Participate in change management
- Participate in security awareness and training
-
2 Access Controls 15%
- Implement and maintain authentication methods
- Support internetwork trust architectures
- Participate in the identity management lifecycle
- Implement access controls
-
3 Risk Identification, Monitoring, and Analysis 15%
- Understand the risk management process
- Perform security assessment activities
- Operate and maintain monitoring systems
- Analyze and report monitoring results
-
4 Incident Response and Recovery 14%
- Support the incident lifecycle
- Understand and support forensic investigations
- Understand and support Business Continuity Plan and Disaster Recovery Plan
-
5 Cryptography 9%
- Understand fundamental concepts of cryptography
- Understand reasons and requirements for cryptography
- Understand and support secure protocols
- Understand Public Key Infrastructure systems
-
6 Network and Communications Security 16%
- Understand and apply fundamental concepts of networking
- Understand network attacks and countermeasures
- Manage network access controls
- Manage network security
- Operate and configure network-based security devices
- Operate and configure wireless technologies
-
7 Systems and Application Security 15%
- Identify and analyze malicious code and activity
- Implement and operate endpoint device security
- Operate and configure cloud security
- Operate and secure virtual environments
-
1 Security and Risk Management 16%
- Understand security and risk management concepts
- Understand the Risk Management Framework (RMF)
- Understand regulatory and legal requirements
-
2 Scope of the Information System 11%
- Define the information system
- Determine categorization of the information system
-
3 Selection and Approval of Security and Privacy Controls 15%
- Identify and document baseline and inherited controls
- Select and tailor controls
- Develop a continuous control monitoring strategy
- Review and approve security and privacy plans
-
4 Implementation of Security and Privacy Controls 16%
- Implement selected controls
- Document control implementation
-
5 Assessment/Audit of Security and Privacy Controls 16%
- Prepare for assessment/audit
- Conduct assessment/audit
- Prepare the initial assessment report
- Review the assessment/audit report
- Perform initial remediation actions
- Develop final security and privacy assessment report
-
6 Authorization/Approval of Information System 10%
- Compile security and privacy authorization/approval documents
- Determine risk
- Obtain authorization/approval decision
-
7 Continuous Monitoring 16%
- Determine impact of changes to information system
- Perform ongoing assessments/audits based on organizational requirements
- Review supply chain risk management
- Actively participate in response planning and communication
- Conduct ongoing remediation actions based on findings
- Update documentation
- Report security and privacy posture
- Review the information system for ongoing authorization/approval
- Decommission information system
ISACA Certifications
4 Certifications-
1 Information Security Governance 17%
- Establish and maintain an information security strategy aligned with organizational goals
- Establish and maintain an information security governance framework
- Integrate information security governance into corporate governance
- Establish and maintain information security policies
- Develop business cases to support investments in information security
- Identify internal and external influences to the organization
- Gain ongoing commitment from senior leadership and stakeholders
- Define, communicate, and monitor information security responsibilities
-
2 Information Security Risk Management 20%
- Establish and maintain a process for information asset classification
- Identify legal, regulatory, and contractual requirements
- Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted
- Identify, recommend, or implement appropriate risk treatment options
- Determine whether information security controls are appropriate
- Facilitate the integration of information risk management into business processes
- Monitor for internal and external factors that may require reassessment of risk
- Report noncompliance and other changes in information risk
-
3 Information Security Program 33%
- Develop and maintain an information security program aligned with the information security strategy
- Align the information security program with the operational objectives
- Ensure the information security program is effectively executed
- Establish, communicate, and maintain organizational information security standards
- Ensure that secure engineering principles are applied
- Establish, communicate, and maintain information security awareness and training program
- Integrate information security requirements into organizational processes
- Integrate information security requirements into contracts and activities of third parties
- Establish, communicate, and maintain information security metrics
-
4 Incident Management 30%
- Establish and maintain an organizational definition of information security incidents
- Establish and maintain an incident response plan
- Develop and implement processes to ensure timely identification of incidents
- Establish and maintain processes to investigate and document incidents
- Establish and maintain incident escalation and notification processes
- Organize, train, and equip response teams
- Test, review, and refine the incident response plan periodically
- Establish and maintain communication plans and processes
- Conduct post-incident reviews
- Establish and maintain integration with the business continuity plan
-
1 Information Systems Auditing Process 21%
- Plan an audit to determine whether information systems are protected, controlled, and provide value
- Conduct an audit in accordance with IS audit standards and a risk-based IS audit strategy
- Communicate audit progress, findings, results, and recommendations to stakeholders
- Conduct audit follow-up to evaluate whether risk has been sufficiently addressed
- Evaluate IT management and monitoring of controls
-
2 Governance and Management of IT 17%
- Evaluate the IT strategy for alignment with organizational strategies and objectives
- Evaluate the effectiveness of IT governance structure and IT organizational structure
- Evaluate the organizations management of IT policies and practices
- Evaluate the organizations IT policies and practices for compliance
- Evaluate IT resource and portfolio management for alignment with organizational strategies
- Evaluate IT contract strategies and policies, and contract management practices
- Evaluate risk management practices
- Evaluate the organizations Business Continuity Plan
-
3 Information Systems Acquisition, Development and Implementation 12%
- Evaluate the business case for proposed investments
- Evaluate the project management framework and practices
- Conduct reviews to determine whether a project is progressing in accordance with project plans
- Evaluate controls for information systems during the requirements, acquisition, development phases
- Evaluate the readiness of information systems for implementation
- Conduct post-implementation review of systems to determine whether project deliverables are met
-
4 Information Systems Operations and Business Resilience 23%
- Evaluate the organizations ability to continue business operations
- Evaluate whether IT service management practices align with business requirements
- Conduct periodic review of information systems and enterprise architecture
- Evaluate IT operations to determine whether they are controlled effectively
- Evaluate IT maintenance practices to determine whether they are controlled effectively
- Evaluate database management practices
- Evaluate data governance policies and practices
- Evaluate problem and incident management policies and practices
- Evaluate change, configuration, release, and patch management policies and practices
- Evaluate end-user computing to determine whether the processes are effectively controlled
-
5 Protection of Information Assets 27%
- Evaluate the information security and privacy policies, standards, and procedures for completeness
- Evaluate the design, implementation, and monitoring of system and logical security controls
- Evaluate the design, implementation, and monitoring of data classification processes and procedures
- Evaluate the design, implementation, and monitoring of physical access and environmental controls
- Evaluate the processes and procedures used to store, retrieve, transport, and dispose of assets
-
1 IT Risk Identification 26%
- Collect and review information, including existing documentation
- Identify potential threats and vulnerabilities
- Develop IT risk scenarios based on available information
- Identify key stakeholders for IT risk scenarios
- Establish an IT risk register
- Gain leadership approval of the IT risk register
-
2 IT Risk Assessment 20%
- Analyze risk scenarios based on organizational criteria
- Determine the current state of existing controls
- Review the results of risk and control analysis
- Document risk assessment results
-
3 Risk Response and Reporting 32%
- Identify key indicators and thresholds based on risk criteria
- Determine appropriate risk response options to manage risk
- Review risk responses with relevant stakeholders
- Validate that risk responses have been implemented according to the risk action plans
- Determine the effectiveness of control activities
- Communicate the relevant risk and control information to stakeholders
-
4 Information Technology and Security 22%
- Align IT and security risk management with enterprise risk management
- Identify existing and potential vulnerabilities that could impact business objectives
- Evaluate and recommend information security controls
- Evaluate and recommend technologies to address information security requirements
- Evaluate current state and recommend improvements to IT operational processes
- Conduct or coordinate IT security testing
-
1 Privacy Governance 34%
- Privacy governance techniques
- Privacy policies and standards
- Privacy rights and consent management
- Privacy regulatory compliance
- Data flow management
-
2 Privacy Architecture 36%
- Infrastructure and network design for privacy
- Application design for privacy
- Privacy by design implementation
- Data lifecycle management
- Privacy enhancing technologies
-
3 Data Cycle 30%
- Data inventory and classification
- Data quality management
- Data loss prevention
- Data retention and destruction
- Cryptographic techniques for privacy
CompTIA Certifications
5 Certifications-
1 General Security Concepts 12%
- Compare and contrast various types of security controls
- Summarize fundamental security concepts
- Explain the importance of change management processes
- Explain the importance of using appropriate cryptographic solutions
-
2 Threats, Vulnerabilities, and Mitigations 22%
- Compare and contrast common threat actors and motivations
- Explain common threat vectors and attack surfaces
- Explain various types of vulnerabilities
- Given a scenario, analyze indicators of malicious activity
- Explain the purpose of mitigation techniques used to secure the enterprise
-
3 Security Architecture 18%
- Compare and contrast security implications of different architecture models
- Given a scenario, apply security principles to secure enterprise infrastructure
- Compare and contrast concepts and strategies to protect data
- Explain the importance of resilience and recovery in security architecture
-
4 Security Operations 28%
- Given a scenario, apply common security techniques to computing resources
- Explain the security implications of proper hardware, software, and data asset management
- Explain various activities associated with vulnerability management
- Explain security alerting and monitoring concepts and tools
- Given a scenario, modify enterprise capabilities to enhance security
- Given a scenario, implement and maintain identity and access management
- Explain the importance of automation and orchestration related to secure operations
- Explain appropriate incident response activities
- Given a scenario, use data sources to support an investigation
-
5 Security Program Management and Oversight 20%
- Summarize elements of effective security governance
- Explain elements of the risk management process
- Explain the processes associated with third-party risk assessment and management
- Summarize elements of effective security compliance
- Explain types and purposes of audits and assessments
- Given a scenario, implement security awareness practices
-
1 Networking Concepts 23%
- Explain concepts related to the Open Systems Interconnection (OSI) reference model
- Compare and contrast networking appliances, applications, and functions
- Summarize cloud concepts and connectivity options
- Explain common networking ports, protocols, services, and traffic types
-
2 Network Implementation 20%
- Compare and contrast various devices, their features, and their appropriate placement on the network
- Compare and contrast routing technologies and bandwidth management concepts
- Given a scenario, configure and deploy common Ethernet switching features
- Given a scenario, install and configure the appropriate wireless standards and technologies
-
3 Network Operations 19%
- Given a scenario, use the appropriate statistics and sensors to ensure network availability
- Explain the purpose of organizational documents and policies
- Explain high availability and disaster recovery concepts and summarize which is the best solution
-
4 Network Security 14%
- Explain common security concepts
- Compare and contrast common types of attacks
- Given a scenario, apply network hardening techniques
- Compare and contrast remote access methods and security implications
-
5 Network Troubleshooting 24%
- Explain the network troubleshooting methodology
- Given a scenario, troubleshoot common cable connectivity issues and select the appropriate tools
- Given a scenario, use the appropriate network software tools and commands
- Given a scenario, troubleshoot common wireless connectivity issues
- Given a scenario, troubleshoot general networking issues
-
1 Security Operations 33%
- Explain the importance of system and network architecture concepts in security operations
- Given a scenario, analyze indicators of potentially malicious activity
- Given a scenario, use appropriate tools or techniques to determine malicious activity
- Compare and contrast threat-intelligence and threat-hunting concepts
- Explain the importance of efficiency and process improvement in security operations
-
2 Vulnerability Management 30%
- Given a scenario, implement vulnerability scanning methods and concepts
- Given a scenario, analyze output from vulnerability assessment tools
- Given a scenario, analyze data to prioritize vulnerabilities
- Given a scenario, recommend controls to mitigate attacks and software vulnerabilities
- Explain concepts related to vulnerability response, handling, and management
-
3 Incident Response and Management 20%
- Explain concepts related to attack methodology frameworks
- Given a scenario, perform incident response activities
- Explain the preparation and post-incident activity phases of the incident management lifecycle
-
4 Reporting and Communication 17%
- Explain the importance of vulnerability management reporting and communication
- Explain the importance of incident response reporting and communication
-
1 Planning and Scoping 14%
- Compare and contrast governance, risk, and compliance concepts
- Explain the importance of scoping and organizational/customer requirements
- Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity
-
2 Information Gathering and Vulnerability Scanning 22%
- Given a scenario, perform passive reconnaissance
- Given a scenario, perform active reconnaissance
- Given a scenario, analyze the results of a reconnaissance exercise
- Given a scenario, perform vulnerability scanning
-
3 Attacks and Exploits 30%
- Given a scenario, research attack vectors and perform network attacks
- Given a scenario, research attack vectors and perform wireless attacks
- Given a scenario, research attack vectors and perform application-based attacks
- Given a scenario, research attack vectors and perform attacks on cloud technologies
- Explain common attacks and vulnerabilities against specialized systems
- Given a scenario, perform a social engineering or physical attack
- Given a scenario, perform post-exploitation techniques
-
4 Reporting and Communication 18%
- Compare and contrast important components of written reports
- Given a scenario, analyze the findings and recommend the appropriate remediation within a report
- Explain the importance of communication during the penetration testing process
- Explain post-report delivery activities
-
5 Tools and Code Analysis 16%
- Explain the basic concepts of scripting and software development
- Given a scenario, analyze a script or code sample for use in a penetration test
- Explain use cases of the following tools during the phases of a penetration test
-
1 Mobile Devices (Core 1) 15%
- Install and configure laptop hardware and components
- Compare and contrast the display components of mobile devices
- Set up and configure accessories and ports of mobile devices
- Configure basic mobile-device network connectivity and application support
-
2 Networking (Core 1) 20%
- Compare and contrast TCP and UDP ports, protocols, and their purposes
- Compare and contrast common networking hardware
- Compare and contrast protocols for wireless networking
- Summarize services provided by networked hosts
- Given a scenario, install and configure basic wired/wireless SOHO networks
- Compare and contrast common network configuration concepts
- Compare and contrast Internet connection types, network types, and their features
- Use networking tools
-
3 Hardware (Core 1) 25%
- Explain basic cable types and their connectors, features, and purposes
- Given a scenario, install the appropriate RAM
- Given a scenario, select and install storage devices
- Given a scenario, install and configure motherboards, CPUs, and add-on cards
- Given a scenario, install or replace the appropriate power supply
- Given a scenario, deploy and configure multifunction devices/printers
- Given a scenario, install and replace printer consumables
-
4 Virtualization and Cloud (Core 1) 11%
- Summarize cloud-computing concepts
- Summarize aspects of client-side virtualization
-
5 Hardware/Network Troubleshooting (Core 1) 29%
- Apply the best practice methodology to resolve problems
- Given a scenario, troubleshoot problems related to motherboards, RAM, CPU, and power
- Given a scenario, troubleshoot and diagnose problems with storage drives and RAID arrays
- Given a scenario, troubleshoot video, projector, and display issues
- Given a scenario, troubleshoot common issues with mobile devices
- Given a scenario, troubleshoot and resolve printer issues
- Given a scenario, troubleshoot problems with wired and wireless networks
-
6 Operating Systems (Core 2) 31%
- Identify basic features of Microsoft Windows editions
- Given a scenario, use the appropriate Microsoft command-line tool
- Given a scenario, use features and tools of the Microsoft Windows 10/11 operating system
- Given a scenario, use the appropriate Microsoft Windows 10 Control Panel utility
- Given a scenario, use the appropriate Windows settings
- Given a scenario, configure Microsoft Windows networking features on a client/desktop
- Given a scenario, apply application installation and configuration concepts
- Explain common OS types and their purposes
- Given a scenario, perform OS installations and upgrades
- Identify common features and tools of the macOS/desktop OS
- Identify common features and tools of the Linux client/desktop OS
-
7 Security (Core 2) 25%
- Summarize various security measures and their purposes
- Compare and contrast wireless security protocols and authentication methods
- Given a scenario, detect, remove, and prevent malware using the appropriate tools and methods
- Explain common social-engineering attacks, threats, and vulnerabilities
- Given a scenario, manage and configure basic security settings in Microsoft Windows OS
- Given a scenario, configure a workstation to meet best practices for security
- Explain common methods for securing mobile and embedded devices
- Given a scenario, use common data destruction and disposal methods
- Given a scenario, configure appropriate security settings on SOHO wireless and wired networks
- Given a scenario, install and configure browsers and relevant security settings
-
8 Software Troubleshooting (Core 2) 22%
- Given a scenario, troubleshoot common Windows OS problems
- Given a scenario, troubleshoot common personal computer (PC) security issues
- Given a scenario, use best practice procedures for malware removal
- Given a scenario, troubleshoot common mobile OS and application issues
- Given a scenario, troubleshoot common mobile OS and application security issues
-
9 Operational Procedures (Core 2) 22%
- Given a scenario, implement best practices associated with documentation and support systems information management
- Explain basic change-management best practices
- Given a scenario, implement workstation backup and recovery methods
- Given a scenario, use common safety procedures
- Summarize environmental impacts and local environmental controls
- Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts
- Given a scenario, use proper communication techniques and professionalism
- Identify the basics of scripting
- Given a scenario, use remote access technologies
EC-Council Certifications
3 Certifications-
1 Introduction to Ethical Hacking 6%
- Understand the elements of information security
- Understand the cyber kill chain methodology
- Understand hacking concepts, types, and phases
- Understand ethical hacking concepts and scope
- Understand information security controls
- Understand relevant laws and regulations
-
2 Foot Printing and Reconnaissance 6%
- Perform foot printing on the target network using search engines, web services, and social networking sites
- Perform website, email, WHOIS, DNS, and network foot printing
- Perform foot printing using various foot printing tools
-
3 Scanning Networks 5%
- Perform host discovery, port scanning, and service version detection
- Perform OS discovery and identify various scanning techniques
- Scan beyond IDS and Firewall
- Draw network diagrams using network discovery tools
-
4 Enumeration 5%
- Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, and RPC enumeration
- Perform enumeration on various targets
-
5 Vulnerability Analysis 5%
- Perform vulnerability assessment using various tools
- Analyze vulnerability scanning reports
-
6 System Hacking 7%
- Gain access to the system using password cracking and exploiting vulnerabilities
- Escalate privileges using various techniques
- Maintain remote access and clear logs to hide evidence of compromise
-
7 Malware Threats 5%
- Understand different types of malware and their components
- Analyze malware and perform static and dynamic malware analysis
- Understand fileless malware concepts and techniques
-
8 Sniffing 5%
- Understand network sniffing concepts
- Perform network sniffing using various sniffing tools
- Detect network sniffing and understand countermeasures
-
9 Social Engineering 5%
- Understand social engineering concepts and techniques
- Perform social engineering attacks and audit human-level security
- Understand identity theft and social engineering countermeasures
-
10 Denial-of-Service 4%
- Understand DoS/DDoS attack techniques and tools
- Detect DoS attacks and understand protection tools
-
11 Session Hijacking 5%
- Understand session hijacking concepts
- Perform application-level and network-level session hijacking
- Understand session hijacking countermeasures
-
12 Evading IDS, Firewalls, and Honeypots 4%
- Understand IDS, IPS, firewall, and honeypot concepts
- Understand various techniques to bypass IDS and firewall
- Detect and evade honeypots
-
13 Hacking Web Servers 5%
- Understand web server concepts and attacks
- Perform web server attack methodology
- Understand web server security tools and countermeasures
-
14 Hacking Web Applications 7%
- Understand web application concepts and threats
- Perform web application hacking methodology
- Understand web application security and penetration testing tools
-
15 SQL Injection 5%
- Understand SQL injection concepts and types
- Perform SQL injection attacks
- Understand SQL injection countermeasures and evasion techniques
-
16 Hacking Wireless Networks 5%
- Understand wireless network concepts and encryption
- Perform wireless network attacks
- Understand wireless network security tools and Bluetooth hacking
-
17 Hacking Mobile Platforms 4%
- Understand mobile platform attack vectors
- Hack Android and iOS operating systems
- Understand mobile device management and security guidelines
-
18 IoT and OT Hacking 4%
- Understand IoT and OT concepts and attack methodologies
- Perform IoT and OT hacking
- Understand IoT and OT security tools and countermeasures
-
19 Cloud Computing 4%
- Understand cloud computing concepts and threats
- Perform cloud computing attacks
- Understand cloud security and penetration testing
-
20 Cryptography 4%
- Understand cryptography concepts and encryption algorithms
- Understand cryptography tools and Public Key Infrastructure
- Perform cryptanalysis and understand countermeasures
-
1 Network Security Fundamentals 14%
- Understand network security fundamentals
- Implement network security controls, protocols, and devices
-
2 Network Security Threats 14%
- Understand various network security threats and vulnerabilities
- Implement countermeasures against network attacks
-
3 Network Security Controls 14%
- Implement access control policies
- Configure network perimeter security devices
-
4 Secure Network Design 14%
- Design secure network architecture
- Implement network segmentation and secure zones
-
5 Endpoint Security 14%
- Implement endpoint security solutions
- Secure various operating systems and applications
-
6 Network Traffic Monitoring 15%
- Monitor network traffic using IDS/IPS
- Analyze network logs and traffic patterns
-
7 Incident Response 15%
- Develop and implement incident response plans
- Conduct network forensics investigations
-
1 Introduction to Incident Handling 12%
- Understand incident handling and response fundamentals
- Learn incident management frameworks and standards
-
2 Incident Handling and Response Process 20%
- Prepare for incidents with policies and procedures
- Detect, analyze, contain, eradicate, and recover from incidents
-
3 Handling Malware Incidents 17%
- Handle various types of malware incidents
- Implement malware incident countermeasures
-
4 Handling Email Security Incidents 12%
- Handle phishing, spam, and email-borne attacks
- Implement email security best practices
-
5 Handling Network Security Incidents 13%
- Handle DoS, unauthorized access, and network intrusion incidents
- Implement network security countermeasures
-
6 Handling Web Application Incidents 13%
- Handle web application security incidents
- Respond to injection attacks and web defacement
-
7 Handling Insider Threats 13%
- Detect and respond to insider threat incidents
- Implement insider threat prevention measures
Cisco Certifications
3 Certifications-
1 Network Fundamentals 20%
- Explain the role and function of network components (routers, switches, firewalls, IDS/IPS, wireless APs)
- Describe characteristics of network topology architectures
- Compare physical interface and cabling types
- Identify interface and cable issues (collisions, errors, duplex, speed)
- Compare TCP to UDP
- Configure and verify IPv4 addressing and subnetting
- Describe the need for private IPv4 addressing
- Configure and verify IPv6 addressing and prefix
- Describe IPv6 address types
- Verify IP parameters for Client OS
- Describe wireless principles (nonoverlapping channels, SSID, RF, encryption)
- Explain virtualization fundamentals (server virtualization, containers, VRFs)
- Describe switching concepts (MAC learning, frame switching, MAC address table, flooding)
-
2 Network Access 20%
- Configure and verify VLANs (normal range) spanning multiple switches
- Configure and verify interswitch connectivity (trunk ports, 802.1Q, native VLAN)
- Configure and verify Layer 2 discovery protocols (CDP, LLDP)
- Configure and verify EtherChannel (LACP)
- Describe the need for and basic operations of Rapid PVST+ STP
- Compare Cisco Wireless Architectures and AP modes
- Describe physical infrastructure connections of WLAN components
- Describe AP and WLC management access connections
- Configure the components of a wireless LAN access (GUI only)
-
3 IP Connectivity 25%
- Interpret the components of routing table
- Determine how a router makes a forwarding decision by default
- Configure and verify IPv4 and IPv6 static routing
- Configure and verify single area OSPFv2
- Describe the purpose, functions, and concepts of first hop redundancy protocols
-
4 IP Services 10%
- Configure and verify inside source NAT using static and pools
- Configure and verify NTP operating in a client and server mode
- Explain the role of DHCP and DNS within the network
- Explain the function of SNMP in network operations
- Describe the use of syslog features including facilities and levels
- Configure and verify DHCP client and relay
- Explain the forwarding per-hop behavior (PHB) for QoS
- Configure network devices for remote access using SSH
- Describe the capabilities and function of TFTP/FTP in the network
-
5 Security Fundamentals 15%
- Define key security concepts (threats, vulnerabilities, exploits, mitigation techniques)
- Describe security program elements (user awareness, training, physical access control)
- Configure and verify device access control using local passwords
- Describe security password policies elements
- Describe IPsec remote access and site-to-site VPNs
- Configure and verify access control lists
- Configure Layer 2 security features (DHCP snooping, DAI, port security)
- Differentiate authentication, authorization, and accounting concepts
- Describe wireless security protocols (WPA, WPA2, WPA3)
- Configure WLAN using WPA2 PSK using the GUI
-
6 Automation and Programmability 10%
- Explain how automation impacts network management
- Compare traditional networks with controller-based networking
- Describe controller-based and software defined architectures
- Compare traditional campus device management with Cisco DNA Center enabled device management
- Describe characteristics of REST-based APIs
- Recognize the capabilities of configuration management mechanisms (Puppet, Chef, Ansible)
- Interpret JSON encoded data
-
1 Architecture (ENCOR) 15%
- Explain the different design principles used in an enterprise network
- Analyze design principles of a WLAN deployment
- Differentiate between on-premises and cloud infrastructure deployments
- Explain the working principles of the Cisco SD-WAN solution
- Explain the working principles of the Cisco SD-Access solution
- Describe concepts of wired and wireless QoS
- Differentiate hardware and software switching mechanisms
-
2 Virtualization (ENCOR) 10%
- Describe device virtualization technologies
- Configure and verify data path virtualization technologies
- Describe network virtualization concepts
-
3 Infrastructure (ENCOR) 30%
- Layer 2: Troubleshoot static and dynamic 802.1Q trunking protocols
- Layer 2: Troubleshoot static and dynamic EtherChannels
- Layer 2: Configure and verify common Spanning Tree Protocols
- Layer 3: Compare routing concepts of EIGRP and OSPF
- Layer 3: Configure simple OSPF and EIGRP environments
- Layer 3: Configure and verify eBGP between directly connected neighbors
- Wireless: Describe Layer 1 concepts (RF power, RSSI, SNR)
- Wireless: Describe AP modes and antenna types
- Wireless: Describe access point discovery and join process
- Wireless: Describe main principles and use cases for Layer 2 and Layer 3 roaming
- IP Services: Describe Network Time Protocol (NTP)
- IP Services: Configure and verify NAT/PAT
- IP Services: Configure first hop redundancy protocols (HSRP, VRRP)
- IP Services: Describe multicast protocols (IGMP, PIM)
-
4 Network Assurance (ENCOR) 10%
- Diagnose network problems using tools (debugs, conditional debugs, trace route, ping, SNMP, syslog)
- Configure and verify Flexible NetFlow
- Configure SPAN/RSPAN/ERSPAN
- Configure and verify IPSLA
- Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management
- Configure and verify NETCONF and RESTCONF
-
5 Security (ENCOR) 20%
- Configure and verify device access control (lines and password protection, AAA)
- Configure and verify infrastructure security features
- Describe REST API security
- Configure and verify wireless security features
- Describe the components of network security design
-
6 Automation (ENCOR) 15%
- Interpret basic Python components and scripts
- Construct valid JSON encoded file
- Describe the high-level principles and benefits of a data modeling language
- Describe APIs for Cisco DNA Center and vManage
- Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF
- Construct EEM applet to automate configuration, troubleshooting, or data collection
- Compare agent vs agentless orchestration tools
-
1 Security Concepts (SCOR) 25%
- Explain common threats against on-premises and cloud environments
- Compare common security vulnerabilities (software bugs, weak/hardcoded passwords, OWASP)
- Describe functions of cryptography components
- Compare site-to-site VPN and remote access VPN deployment types
- Describe security intelligence authoring, sharing, and consumption
- Explain the role of the endpoint in protecting humans from phishing, social engineering
- Explain North Bound and South Bound APIs in the SDN architecture
- Explain DNAC APIs for network provisioning, optimization, monitoring, troubleshooting
- Interpret basic Python scripts used to call Cisco Security appliances APIs
-
2 Network Security (SCOR) 20%
- Compare network security solutions that provide intrusion prevention and firewall capabilities
- Describe deployment models of network security solutions and architectures
- Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
- Configure and verify network infrastructure security methods
- Implement segmentation, access control policies, AVC, URL filtering, and malware protection
- Implement management options for network security solutions
- Configure AAA for device and network access
- Configure secure network management of perimeter security and infrastructure devices
- Configure and verify site-to-site VPN and remote access VPN
-
3 Securing the Cloud (SCOR) 15%
- Identify security solutions for cloud environments (public, private, hybrid, multi-cloud)
- Compare the customer vs. provider security responsibility for different cloud service models
- Describe the concept of DevSecOps
- Implement application and data security in cloud environments
- Identify security capabilities, deployment models, and policy management to secure the cloud
- Configure cloud logging and monitoring methodologies
- Describe application and workload security concepts
-
4 Content Security (SCOR) 15%
- Implement traffic redirection and capture methods
- Describe web proxy identity and authentication including transparent user identification
- Compare the components, capabilities, and benefits of local and cloud-based email and web solutions
- Configure and verify web and email security deployment methods to protect on-premises and remote users
- Configure and verify email security features
- Configure and verify secure internet gateway and web security features
- Describe the components, capabilities, and benefits of Cisco Umbrella
- Configure and verify web security controls on Cisco Umbrella
-
5 Endpoint Protection and Detection (SCOR) 10%
- Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
- Explain antimalware, retrospective security, Indication of Compromise (IOC)
- Configure and verify outbreak control and quarantines to limit infection
- Describe justifications for endpoint-based security
- Describe the value of endpoint device management and asset inventory
- Describe the uses and importance of a multifactor authentication (MFA) strategy
- Describe endpoint posture assessment solutions to ensure endpoint security
- Explain the importance of an endpoint patching strategy
-
6 Secure Network Access, Visibility, and Enforcement (SCOR) 15%
- Describe identity management and secure network access concepts (guest services, posturing, BYOD)
- Configure and verify network access device functionality
- Describe network access with CoA
- Describe the benefits of device compliance and application control
- Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP)
- Describe the benefits of network telemetry
- Describe the components, capabilities, and benefits of Cisco Stealthwatch
- Describe the components, capabilities, and benefits of Cisco pxGrid and its integrations
- Describe the components, capabilities, and benefits of Cisco Umbrella Investigate
- Explain the value of data normalization and data correlation
- Describe the concepts of network-based and endpoint-based detection
- Describe the capabilities of Cisco Secure Network Analytics (Stealthwatch)
AWS Certifications
3 Certifications-
1 Design Secure Architectures 30%
- Design secure access to AWS resources
- Design secure workloads and applications
- Determine appropriate data security controls
-
2 Design Resilient Architectures 26%
- Design scalable and loosely coupled architectures
- Design highly available and fault-tolerant architectures
-
3 Design High-Performing Architectures 24%
- Determine high-performing and scalable storage solutions
- Design high-performing and elastic compute solutions
- Determine high-performing database solutions
- Determine high-performing and scalable network architectures
- Determine high-performing data ingestion and transformation solutions
-
4 Design Cost-Optimized Architectures 20%
- Design cost-optimized storage solutions
- Design cost-optimized compute solutions
- Design cost-optimized database solutions
- Design cost-optimized network architectures
-
1 Threat Detection and Incident Response 14%
- Design and implement an incident response plan
- Detect security threats and anomalies by using AWS services
- Respond to compromised resources and workloads
-
2 Security Logging and Monitoring 18%
- Design and implement monitoring and alerting to address security events
- Troubleshoot security monitoring and alerting
- Design and implement a logging solution
- Troubleshoot logging solutions
- Design a log analysis solution
-
3 Infrastructure Security 20%
- Design and implement security controls for edge services
- Design and implement network security controls
- Design and implement compute workload security
-
4 Identity and Access Management 16%
- Design, implement, and troubleshoot authentication for AWS resources
- Design, implement, and troubleshoot authorization for AWS resources
-
5 Data Protection 18%
- Design and implement controls that provide confidentiality and integrity for data in transit
- Design and implement controls that provide confidentiality and integrity for data at rest
- Design and implement controls to manage the lifecycle of data at rest
- Design and implement controls to protect credentials, secrets, and cryptographic key materials
-
6 Management and Security Governance 14%
- Develop a strategy to centrally deploy and manage AWS accounts
- Implement a secure and consistent deployment strategy for cloud resources
- Evaluate the compliance of AWS resources
- Identify security gaps through architectural reviews and cost analysis
-
1 Cloud Concepts 24%
- Define the benefits of the AWS Cloud
- Identify design principles of the AWS Cloud
- Understand the benefits of and strategies for migration to the AWS Cloud
- Understand concepts of cloud economics
-
2 Security and Compliance 30%
- Understand the AWS shared responsibility model
- Understand AWS Cloud security, governance, and compliance concepts
- Identify AWS access management capabilities
- Identify components and resources for security
-
3 Cloud Technology and Services 34%
- Define methods of deploying and operating in the AWS Cloud
- Define the AWS global infrastructure
- Identify AWS compute services
- Identify AWS database services
- Identify AWS network services
- Identify AWS storage services
- Identify AWS AI, ML, and analytics services
- Identify services from other in-scope AWS service categories
-
4 Billing, Pricing, and Support 12%
- Compare AWS pricing models
- Understand resources for billing, budget, and cost management
- Identify AWS technical resources and AWS Support options
Microsoft Certifications
3 Certifications-
1 Manage Azure Identities and Governance 20-25%
- Manage Microsoft Entra users and groups
- Manage access to Azure resources
- Manage Azure subscriptions and governance
-
2 Implement and Manage Storage 15-20%
- Configure access to storage
- Configure and manage storage accounts
- Configure Azure Files and Azure Blob Storage
-
3 Deploy and Manage Azure Compute Resources 20-25%
- Automate deployment of resources by using Azure Resource Manager templates or Bicep files
- Create and configure virtual machines
- Provision and manage containers in Azure
- Create and configure Azure App Service
-
4 Implement and Manage Virtual Networking 15-20%
- Configure and manage virtual networks in Azure
- Configure secure access to virtual networks
- Configure load balancing
- Monitor virtual networking
-
5 Monitor and Maintain Azure Resources 10-15%
- Monitor resources by using Azure Monitor
- Implement backup and recovery
-
1 Describe Cloud Concepts 25-30%
- Describe cloud computing
- Describe the benefits of using cloud services
- Describe cloud service types (IaaS, PaaS, SaaS)
-
2 Describe Azure Architecture and Services 35-40%
- Describe the core architectural components of Azure
- Describe Azure compute and networking services
- Describe Azure storage services
- Describe Azure identity, access, and security
-
3 Describe Azure Management and Governance 30-35%
- Describe cost management in Azure
- Describe features and tools for governance and compliance
- Describe features and tools for managing and deploying Azure resources
- Describe monitoring tools in Azure
-
1 Artificial Intelligence Workloads 20-25%
- Identify features of common AI workloads
- Identify guiding principles for responsible AI
-
2 Machine Learning on Azure 25-30%
- Identify common machine learning techniques
- Describe core machine learning concepts
- Describe Azure Machine Learning capabilities
-
3 Computer Vision Workloads 15-20%
- Identify common types of computer vision solution
- Identify Azure tools and services for computer vision tasks
-
4 Natural Language Processing 15-20%
- Identify features of common NLP workload scenarios
- Identify Azure tools and services for NLP workloads
-
5 Generative AI Workloads 15-20%
- Identify features of generative AI solutions
- Identify capabilities of Azure OpenAI Service
PMI Certifications
2 Certifications-
1 People 42%
- Manage conflict
- Lead a team
- Support team performance
- Empower team members and stakeholders
- Ensure team members/stakeholders are adequately trained
- Build a team
- Address and remove impediments, obstacles, and blockers for the team
- Negotiate project agreements
- Collaborate with stakeholders
- Build shared understanding
- Engage and support virtual teams
- Define team ground rules
- Mentor relevant stakeholders
- Promote team performance through the application of emotional intelligence
-
2 Process 50%
- Execute project with the urgency required to deliver business value
- Manage communications
- Assess and manage risks
- Engage stakeholders
- Plan and manage budget and resources
- Plan and manage schedule
- Plan and manage quality of products/deliverables
- Plan and manage scope
- Integrate project planning activities
- Manage project changes
- Plan and manage procurement
- Manage project artifacts
- Determine appropriate project methodology/methods and practices
- Establish project governance structure
- Manage project issues
- Ensure knowledge transfer for project continuity
- Plan and manage project/phase closure or transitions
-
3 Business Environment 8%
- Plan and manage project compliance
- Evaluate and deliver project benefits and value
- Evaluate and address external business environment changes for impact on scope
- Support organizational change
-
1 Project Management Fundamentals and Core Concepts 36%
- Demonstrate an understanding of the various project life cycles and processes
- Demonstrate an understanding of project management planning
- Demonstrate an understanding of project roles and responsibilities
- Determine how to follow and execute planned strategies or frameworks
- Demonstrate an understanding of common problem-solving tools and techniques
-
2 Predictive, Plan-Based Methodologies 17%
- Explain when to use a predictive, plan-based approach
- Demonstrate an understanding of a project management plan schedule
- Determine how to document project controls of predictive, plan-based projects
-
3 Agile Frameworks/Methodologies 20%
- Explain when to use an adaptive approach
- Determine how to plan project iterations
- Determine how to document project controls for an adaptive project
- Explain the components of an adaptive plan
- Determine how to prepare and execute task management steps
-
4 Business Analysis Frameworks 27%
- Demonstrate an understanding of business analysis role
- Determine how to conduct stakeholder communication
- Determine how to gather requirements
- Demonstrate an understanding of product roadmaps
- Determine how project methodologies influence business analysis processes
- Validate requirements through product delivery
ITIL Certifications
1 Certifications-
1 Key Concepts of Service Management 10%
- Recall the definition of service, utility, warranty, customer, user, sponsor, and service management
- Describe the key concepts of creating value with services
- Describe the key concepts of service relationships
-
2 The Four Dimensions of Service Management 10%
- Describe the four dimensions of service management: organizations and people, information and technology, partners and suppliers, value streams and processes
-
3 The ITIL Service Value System 20%
- Describe the ITIL service value system
- Describe the interconnected nature of the service value chain and how this supports value streams
- Describe the purpose of each value chain activity
- Describe the nature, use, and interaction of guiding principles
- Explain the use of the guiding principles
-
4 ITIL Management Practices 60%
- Recall the purpose and key terms of 15 ITIL practices
- Understand 7 ITIL practices in detail: continual improvement, change enablement, incident management, problem management, service request management, service desk, service level management
- Know the purpose and practice success factors for all practices