■ Attacks/threats
■ Denial of service
■ Distributed DoS
■ Botnet
■ Traffic spike
■ Coordinated attack
■ Reflective / Amplified
■ DNS
■ NTP
■ Smurfing
■ Friendly / Unintentional DoS
■ Physical attack
■ Permanent DoS
■ ARP cache poisoning
■ Packet/protocol abuse
■ Spoofing
■ Wireless
■ Evil twin
■ Rogue AP
■ War driving
■ War chalking
■ Bluejacking
■ Bluesnarfing
■ WPA/WEP/WPS attacks
■ Brute force
■ Session hijacking
■ Social engineering
■ Man-in-the-middle
■ VLAN hopping
■ Compromised system
■ Effect of malware on the network
■ Insider threat/malicious employee
■ Zero day attacks
■ Vulnerabilities
■ Unnecessary running services
■ Open ports
■ Unpatched/Legacy Systems
■ Clear text credentials
■ Unsecure protocols
■ Telnet
■ HTTP
■ SLIP
■ FTP
■ TFTP
■ SNMPv1 and SNMPv2
■ TEMPEST/RF emanation
✓ 3.3 Given a scenario, implement network hardening techniques
■ Anti-malware software
■ Host-based
■ Cloud/server-based
■ Network/based
■ Switch port security
■ DHCP snooping
■ ARP inspection
■ MAC address filtering
■ VLAN assignments
■ Network segmentation
■ Security policies
■ Disable unneeded network services
■ Use secure protocols
■ SSH
■ SNMPv3
■ TLS/SSL
■ SFTP
■ HTTPS
■ IPsec
■ Access lists
■ Web/content filtering
■ Port filtering
■ IP filtering
■ Implicit deny
■ Wireless security
■ WEP
■ WPA/WPA2
■ Enterprise
■ Personal
■ TKIP/AES
■ 802.1x
■ TLS/TTLS
■ MAC filtering
■ User authentication
■ CHAP/MSCHAP
■ PAP
■ EAP
■ Kerberos
■ Multifactor authentication
■ Two-factor authentication
■ Single sign-on
■ Hashes
■ MD5
■ SHA
✓ 3.4 Compare and contrast physical security controls
■ Mantraps
■ Network closets
■ Video monitoring
■ IP cameras/CCTVs
■ Door access controls
■ Proximity readers/key fob
■ Biometrics
■ Keypad/cypher locks
■ Security guard
✓ 3.5 Given a scenario, install and configure a basic firewall
■ Types of firewalls
■ Host-based
■ Network-based
■ Software vs. Hardware
■ Application aware/context aware
■ Small office/Home office firewall
■ Stateful vs. stateless inspection
■ UTM
■ Settings/techniques
■ ACL
■ Virtual wire vs. routed
■ DMZ
■ Implicit deny
■ Block/allow
■ Outbound traffic
■ Inbound traffic
■ Firewall placement
■ Internal/external
✓ 3.6 Explain the purpose of various network access control methods
■ 802.1x
■ Posture assessment
■ Guest network
■ Persistent vs. non-persistent agents
■ Quarantine network
■ Edge vs. Access control
✓ 3.7 Summarize basic forensic concepts
■ First responder
■ Secure the area
■ Escalate when necessary
■ Document the scene
■ eDiscovery
■ Evidence/Data Collection
■ Chain of custody
■ Data transport
■ Forensics report
■ Legal hold
Chapter 4: Domain 4 Troubleshooting
✓ 4.1 Given a scenario, implement the following network troubleshooting methodology:
■ Identify the problem
■ Gather information
■ Duplicate the problem
■ Question Users
■ Identify symptoms
■ Determine if anything has changed
■