Below are non-exhaustive lists of key questions you should be able to answer on the referenced test.
You should be able to apply the key functional concepts inherent in these questions.
It is thus important to study these with the aim of understanding the key concepts, as opposed to simply being able to regurgitate a memorized response.
If you have a good understanding of the core concepts inherent in the questions on this page, you should do fine.
Give examples of the various ways that the bad guys monetize data
Describe the scope of impact of cybersecurity events on society
Describe how the digitization of human activity creates new risks
Define what cybersecurity is
Explain what the CIA triad is and how it applies in the cybersecurity context
Explain what the people-process-technology paradigm is and how it relates to cybersecurity
Explain the various modalities of social engineering
Explain the cyber kill chain and its component steps
Explain what cybersecurity maturity is and how it is assessed
Identify the various disciplines within the cybersecurity domain and how they relate to each other
Explain the difference between black hat and white hat hackers
Explain what an APT is
Explain what NIST is
Explain what malware is
Explain the features and strategies of the various types of malware
Explain some key milestones in the evolution of malware, specifically phishing, ransomware, ransomware as a service (RaaS), and its use in espionage
Explain what ethical hacking is
Explain the kinds of data breaches we are seeing today, and their various causes
Explain where to go to get alerts and info regarding recent breaches and cyber events
Explain, in simple terms what backdoor and scripting attacks are
Explain how to identify the potential presence of malware on a computer system
Explain why no organization can ever be 100% safe from cyber threats
Explain the four steps in the continuous improvement cycle (PDCA) and how they relate to cybersecurity risk management
Identify several cybersecurity frameworks, and their respective focus
Identify the five core components of the NIST framework and their role, and be able to give examples of the implementation of each
Explain what cybersecurity governance is, and why it is important
Describe the various options to managing a risk, and be able to give a factual example
Define what a "control" is
Describe the four tiers of NIST implementation and their purpose
Describe what a Framework Profile is, and how it is useful
Describe the four elements of risk evaluation
Be able to conduct a rudimentary asset inventory and risk assessment, given a factual scenario (like Assignment 1)
Explain the roles of ethics in the work of a cybersecurity practitioner
Explain what social engineering is
Identify Cialdini's 7 principles of persuasion and be able to give examples for each
Explain Kahneman's "Dual Systems" of thinking and give examples for each
Explain what the "endowment effect" is
Explain what "loss aversion" is
What "pretexting" is and be able to give examples
Give examples of various approaches to phishing
Identify strategies available to deal with phishing threats
Explain what OSINT is and how it relates to social engineering based threats
Give examples of OSINT for a corporation and a person, and explain how this is useful
Explain what dumpster diving, tailgating, piggy backing strategies are
Explain what a spear phishing/whaling attack is
Explain why understanding social engineering helps in being a better cybersecurity practitioner
Give some examples of how AI is changing the social engineering landscape
Explain what typosquatting is
Explain the steps of reconnaisance, scanning and enumeration
Explain what nmap is and what it is used for
Identify protocols susceptible to sniffing
Explain the ARP protocol
Explain what an ARP table is and does
Explain what a MAC address is and how a CAM table works
Explain what privilege escalation is
Explain what Metasploit is and what it is useful for
Explain how a man-in-the-middle attack works
Explain what a threat vector is and be able to give some examples
Identify the two types of desired outcomes of phishing attacks
Explain why PDF and DOCX documents are susceptible to malware insertion
Explain what a rootkit and bootkit are
Explain what polymorphic malware is
Explain what a denial of service and distributed denial of service attack are, and what their desired outcomes are
Explain who OWASP is and what they do
Explain what a buffer overflow is
Explain what SQL injection is
Explain how a cross site scripting attack works
Explain what a cross site request forgery attack is
Explain what a zero day exploit is, and be able to give some famous examples
Explain what a firmware exploit is
Explain how a USB exploit works
Identify where to find exploit information online
Explain how IP addresses are put together and what function they perform
Distinguish between public and private IP addresses
Explain what a subnet is, and how subnet masking works
Define what a computer network is
Explain what a DMZ is
Identify different kinds of computer networks and their role and scope
Identify the 7 layers of the OSI model and be able to give examples for each layer
Upon being presented with a threat, identify which layers of the OSI model may be affected
Explain how IP packets are constructed in the course of effecting communications between computers on a network
Explain the 3-layered security model and how it is applicable to network security
Explain what Ethernet is and where it is used
Explain what an ethernet frame is
Be able to identify some of the data which can be found in a TCP/IP packet
Explain what the SYN/ACK sequence is and what it is used for
Identify the two basic types of network control approaches, and the security advantages/disadvantages of each
Explain how a distributed P2P network (like for example BitTorrent) works
Identify and explain the various modalities of managing network security
Explain what a firewall is
Be able to give examples of various kinds of servers and their purpose
Identify the key dimensions/approaches to managing server security
Describe some of the core functions of a sysadmin
Identify and explain the key requirements/steps in installing software on a server
Explain what the AAA paradigm of managing server access is
Explain how password hashing works, and what controls are in place to manage passwords server-side
Explain what hardening is, and give examples of hardening steps
Explain the various types of managing access control and their respective advantages/disadvantages
Explain what the Active Directory service is
Explain what Single Signon is
Explain the basics of access control in Linux and Windows systems
Explain what Intrusion Detection Systems are
Explain what vulnerability scanning is and why it is important
Explain the functions of the switch, router, gateway, and bridge devices on a network
Explain how Network Address Translation works
Explain what routing algorithms are
Identify the various key wireless protocols and their usage
Explain how DNS works, and what DNS poisoning is
Identify and explain the various types of network threats and attack vectors
Explain what a "control structure" is
Identify the 7 key outcomes of safeguarded information
Explain the control structure pyramid and its components
Explain the hallmarks of a successful control structure
Explain and give examples of the various types of goal-based and implementation-based controls
Explain how the use the NIST set of controls to build a cybersecurity framework tailored to a specific organization
Be able to offer a definition of the dark web
Be able to distinguish the dark web from the deep web
Identify the type of information one can find on the dark web
Explain the role of encryption in enabling the existence of the dark web
Describe the two general use cases for public-private key encryption
Describe the role of cryptocurrencies on the dark web
Explain what an onion site is
Explain what Crime as a Service is
Explain what a darknet market is
Describe good OPSEC for venturing out on the dark web
What MITRE is
What PASTA is
The key elements of an Incident Response Plan
The components of the breach lifecycle and their usual sequence
The four phases of incident response under SP 800-61
What the incident response team is
Why incident handler communication is important, and the key aspects of documenting it
What a communication decision tree is, and why one wants one
What aspects of an initial incident to document, and why
What incident qualification is and why it is important
Why it is important to analyze what tools you need for forensics
What a playbook and a SOP are, and why it is important to prepare them
Why a fine-grained analysis of investigative needs is valuable
Why communication planning is important
What a business continuity plan is, as distinguished from an IRP, and how they should interact
What is meant by "pre-emptive investigation" and why it is key to effective IRP
What an Indicator of Compromise is, and be able to give examples
Explain what in insider threat is, and be able to give examples of available controls
Explain what Indicators of Attack are, and how the interact with IOCs
The four dimensions of breach investigation
What Occam's Razor is
Be able to identify common sources of breach evidence
Why visualization is helpful in assessing breach scope and severity
Be able to distinguish between the 4 different types of incident priority
Explain what containment is, and why it is critical
Explain what dwell time is
What the usual first things to do in case of a breach are
What is meant by Eradication and Recovery
What is required to achieve effective eradication and recovery capacity
Explain the dimensions, approaches and corresponding effectiveness of the available malware removal options
Why testing the plan is important
Explain the different testing strategies ( paper-based/table top/simulation) and their limitations/efficacy/difficulty
What an MSSP is and their pros/cons
Explain the "third party" dimensions of IRP preparation
Explain what ransomware is, and why it presents unique IRP challenges
Explain what RaaS is
Explain the interplay between cyber insurance coverage and ransomware threats
Identify the specific approaches to managing ransomware risk
What a post-mortem / lessons learned exercise is
Explain each of the 10 dimensions of a proper post mortem exercise (I won't ask you to list them, but you should be able to explain them if they are identified for you)
What the inner perimeter is
Explain the key functions of a modern operating system
Be able to identify some common OSs
Identify the three OS paradigms
Identify the key functions of a file management system
Explain different file management approaches (again, I won't ask you to list them, but you should be able to explain them if they are identified for you)
The two dimensions of OS security control
Explain the three properties of permission control
Explain what the Reference Monitor is and does
The two general strategies for authentication
What Kerberos is, and how it generally works
The difference between session and token based authentication, and their respective security dimensions
Explain the subjects and objects paradigm for permission control
Explain what Lampson's Access Matrix is
Explain the four different approaches to object separation
Be able to identify common OS attack vectors
Be able to identify common OS threat mitigation strategies
Explain what Address Space Layout Randomization is, and why it is useful
Explain the benefits of encryption in OS cyber risk management
Explain what the TPM is
Explain what EFS is
Explain what Cloud Computing is
Explain what IaaS, PaaS, and SaaS are
Explain what a SLA is, and why it is important in cloud computing risk management
Explain what the shared responsibility model is, and how it applies to IaaS, PaaS, and SaaS, respectively
Explain what SOC2 is
Explain why asset management is particularly important in cloud computing
Identify why understanding the manner of your cloud implementation is important
Explain what a VM, a container, and Kubernetes are
Explain what FaaS is
Be able to identify the various potential storage assets to explore in cloud computing risk management
What AIOps are
What Cloud Identity Management is
Why identity life cycle management is important
Be able to give some examples of cloud based IAM and IDaaS
Explain what MFA is and be able to give some examples
Explain what Federated Identity Management is
Explain the difference between in motion, in use, and at rest, when referring to cloud data
Who is responsible for cloud vulnerability management
Identify the nuances of IRP for cloud computing
Describe the 5 key dimensions of effective cloud security
Describe what Zero Trust is
Define what Critical Infrastructure is
Describe the different perspectives on CI from various US government organizations
Be able to identify critical infrastructure sectors (i.e. to tell me if a sector is or is not CI)
Describe the risk interaction between these sectors, and be able to give an example
Explain why CI is at increasing risk
Explain the role of communication infrastructure in critical infrastructure sector interaction
Identify the key specific risk areas/dimensions for CI, and be able to give some examples
Explain the key goals of CI incidence response, and strategies to optimize achieving them
Explain how CI is different among the following dimensions:
Impact and consequences
Types of systems
Risk management
Threat landscape
Collaboration requirements
Explain what NIPP is
Explain what FAACT and CARVER are
Explain what Defence in Depth is
Explain what ethics is
Identify and explain the two general streams of ethics thinking
Identify and explain the three ethical frameworks
Why ethics matters in cybersecurity
Identify the four key ethical principles particularly important in cybersecurity
Know where to find a good code of ethics
Identify and explain the practical aspects of ethics in cybersecurity
Explain what privacy is
Identify and explain the four key rights and values associated with privacy
How privacy figures into control design
Explain the three general types of surveillance
Explain key considerations in conducting surveillance
Be able to explain the various OECD privacy principles
Explain the key features of Canada's current privacy laws
Explain what the GDPR is
Be able to identify the current Canadian guidance on privacy in the context of cybersecurity
Explain why email is of high import to cybersecurity risk management
Explain what SPF is and how it works
Explain what DKIM is and how it works
Explain what DMARC is and how it works
Explain what a SEG is and how it works
Explain TLS and how it works
Explain what S/MIME and PGP are
Explain what DLP is and why it is challenging
Explain how URL rewriting and Threat sandboxing work