Final Exam: Security Architect will test your knowledge and application of the topics presented throughout the Security Architect track of the Skillsoft Aspire Security Analyst to Security Architect Journey.
analyze DNS activity and describe security events to look for
analyze system log activity and describe security events to look for
compare ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
compare the relevance of security baselines, compliance reports, and regulatory compliance
configure an IPS to protect a system with an Ansible playbook
configure unattended upgrades with an Ansible playbook to keep a system up to date
describe approaches to detecting anomalies and handling them with security triage
describe automation techniques in security triage
describe best practices you should outline in the event that testing is successful or unsuccessful
describe common protocol anomalies that require triage
describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
describe common tips and rules of thumb for security triage
describe elements that should be included in a final report such as actions taken, problems, and findings
describe how proactive ethical hacking can build better overall security through vulnerability assessments
describe how SIEM allows for centralized security event monitoring
describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
describe of the benefits of having a easy reference checklist or templates prepared when defining RoE
describe PII and PHI
describe some of the challenges in implementing security playbooks
describe the concepts of security triage and strategies to implement triage
describe the importance of communication and stakeholder management in security triage
describe the important elements needed in a security playbook
describe the tools used in security triage
describe the transition to playbooks and services in the cloud
describe the use of automation to improve consistency for security practices
describe various approaches to security through playbooks
describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
discuss the Digital Privacy Act and breach response obligations and focus areas for the compliance plan
discuss the General Data Protection Regulation breach guidelines and stakeholder response obligations
discuss the Gramm Leach Bliley Act breach guidelines and stakeholder response obligations
discuss the HIPAA breach guidelines and stakeholder response obligations
execute a simple Ansible playbook
identify common types of security data breaches and how the notification process is different for each type
identify security solutions
identify security solutions that align with business objectives
identify stakeholders that need to be notified during a security breach incident and best practices for notifying them
identify the best practice for creating a data privacy breach plan and notifying stakeholders
identify the relevance of security baselines, compliance reports, and regulatory compliance
identify the sections of the data breach response plan and why it is important to have one
install Ansible and remotely execute commands on a managed host
list common ethical hacking tools such as Nmap, Wireshark, Metasploit, and Kali Linux
list different types of ethical hacking such as web application, system hacking, web server, wireless, and social engineering
list different types of real-world hackers such as white hat, black hat, and grey hat
list key logistical considerations such as testing tools, personnel, and test schedules
plan how security can be implemented with DevOps
plan security can be implemented with DevOps
plan security with DevOps in mind
provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
provide an overview of the importance of ethical hacking in today's world
recall how GDPR protects European Union citizen data
recall how GLBA applies to financial institutions
recall PCI security requirements
recognize best practices when testing uncovers exploits or vulnerabilities
recognize how HIPAA protects medical information
recognize how to determine the appropriate scope of engagement
recognize how to respond to and manage incidents
recognize ISO security standards
recognize NIST security standards
recognize the importance of using templates or checklists prior to and during a penetration test
recognize the need for proactive security incident planning