CIW Certification/Study Guides/Security Professional Exam

SKILLS MEASURED

A CIW Security Professional implements security policy, identifies security threats, and develops countermeasures using firewall systems and attack-recognition technologies. This individual is responsible for managing the deployment of e-business transaction and payment security solutions. Skills measured in the 1D0-470 exam include but are not limited to:

Network perimeter security and elements of an effective security policy.

edit

Encryption, including the three main encryption methods used in internetworking.

edit

Universal guidelines and principles for effective network security, as well as guidelines to create effective specific solutions.

edit

Security principles and security attack identification.

edit

Firewall types and common firewall terminology.

edit

Firewall system planning including levels of protection.

edit

Network firewall deployment.

edit

Network security including industry security evaluation criteria and guidelines used to determine three security levels.

edit

Mechanisms used to implement security systems, tools to evaluate key security parameters, techniques for security accounts, and threats to Windows 2000 and UNIX systems.

edit

Permissions identification, assignment and usage, system defaults, and security commands.

edit

System patches and fixes including application of system patches.

edit

Windows 2000 Registry modifications, including lockdown and removal of services for effective security in Windows 2000 and Linux.

edit

Security auditing principles, security auditor's chief duties and network risk factor assessment.

edit

Security auditing and discovery processes, audit plans, and network-based and host-based discovery software.

edit

Penetration strategies and methods, including identification of potential attacks.

edit

User activities baseline, log analysis, and auditing of various activities.

edit

Security policy compliance and assessment reports.

edit

Operating system add-ons, including personal firewalls and native auditing.

edit