Scribd
Upload
60 views58 pages

ISC2 CC Course (Certified in Cybersecurity) - Part 2

Uploaded by

ndssolanki4u_6405487
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
60 views58 pages

ISC2 CC Course (Certified in Cybersecurity) - Part 2

Uploaded by

ndssolanki4u_6405487
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2)


Instructor: Haris Chughtai (Linkedin)
[email protected]
Dated: 2024

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Introduction
● This is Part-2 of the ISC2 CC exam preparation course
○ You can review Part-1 here

● Instructor: Haris Chughtai


○ Offered this course for free course to help community to learn & grow
○ Designed the course for those who want to embark a career path in Cybersecurity by
writing ISC2 CC exam but not sure where to start and how to prepare.

https://www.linkedin.com/in/haris-chughtai-0054415/

[email protected]

Course developed & delivered by Haris Chughtai ([email protected]) 2


COURSE CONTENT
Study material to prepare for
exam?

Course developed & deliveredCourse


by Haris Chughtai
developed & delivered by Haris Chughtai ([email protected]) 3
CC Exam Domains

https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 4


ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2a Domain 1)


Security Principles

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Domain 1: Security Principles

Course developed & delivered by Haris Chughtai ([email protected]) 6


https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 7


Domain 1: Security Principles
○ CIA Triad - Confidentiality, Integrity, Availability

■ Confidentiality: We must protect the data that needs


protection and prevent access to unauthorized
individuals.

■ Integrity: We must ensure the data has not been


altered in an unauthorized manner

■ Availability: we must make sure data is accessible to


authorized users when and where it is needed, and in
the form and format that is required

Course developed & delivered by Haris Chughtai ([email protected]) 8


Domain 1: Security Principles
○ Authentication vs Authorization

■ Authentication - The act of identifying


or verifying the eligibility of a station,
originator, or individual to access specific
categories of information.

■ Authorization - The right or a


permission that is granted to a system
entity to access a system resource

Course developed & delivered by Haris Chughtai ([email protected]) 9


Domain 1: Security Principles
○ Non-repudiation - The inability to deny taking an action ○ Data Privacy - Defines how data is
such as creating information, approving information and collected, stored & distributed.
sending or receiving a message. In simple terms
non-repudiation in information security is the ability to ○ Data Security: Tools, processes & controls
prevent a denial in an electronic message or transaction. used to safeguard data

Course developed & delivered by Haris Chughtai ([email protected]) 10


Domain 1: Security Principles
● Information security risk reflects the potential adverse impacts that result from the possibility
of unauthorized access, use, disclosure, disruption, modification or destruction of information
and/or information systems.

● Risk Management - Identification, Assessment, Treatment etc. By applying risk management, we


were able to assess and prioritize the risks to an organization (e.g. asset vulnerabilities that can
be exploited by threats). An organization can decide whether to:

○ Accept the risk (ignoring the risks and continuing risky activities)

○ Avoid the risk (ceasing the risky activity to remove the likelihood that an event will occur)

○ Mitigate the risk (taking action to prevent

○ Reduce the impact of an event), or transfer the risk (passing risk to a third party)

Course developed & delivered by Haris Chughtai ([email protected]) 11


Domain 1: Security Principles

Course developed & delivered by Haris Chughtai ([email protected]) 12


Domain 1: Security Principles
● Security Controls act as safeguards or countermeasures
prescribed for an information system (or assets) to protect
the confidentiality, integrity and availability of the system
and its information. Implementation of security controls is
expected to reduce risk to an acceptable level

● Three types of security controls

○ Administrative controls (also known as managerial


controls) are directives, guidelines or advisories aimed at
the people within the organization.

○ Physical controls address process-based security needs


using physical hardware devices, such as a badge reader,
architectural features of buildings and facilities, and
specific security actions taken by people.

○ Technical controls (also called logical controls) are


security controls that computer systems and networks
directly implement through configuration.

Course developed & delivered by Haris Chughtai ([email protected]) 13


Domain 1: Security Principles
Security Governance & Processes - Policies, Standards,
Procedure, Regulations & Law

Policies and Procedures shape organizational management and drive


decision-making. Typically procedures are driven from policies, policies from
standards, standards from regulations

○ Regulations are commonly issued in the form of laws, usually from


government (not to be confused with governance) and typically carry
financial penalties for noncompliance

○ Standards are often used by governance teams to provide a


framework to introduce policies and procedures in support of
regulations.

○ Policies are put in place by organizational governance, such as


executive management, to provide guidance in all activities to ensure
the organization supports industry standards and regulations

○ Procedures are the detailed steps to complete a task that will


support departmental or organizational policies.
Course developed & delivered by Haris Chughtai ([email protected]) 14
ISC2 Code of Ethics
- We must act legally and ethically
in the field of cybersecurity.

- All members of (ISC)2 commit to


adhere to its code of ethics

Course developed & delivered by Haris Chughtai ([email protected]) 15


ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2b Domain 2)


BC, DR, IR

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Domain 2: BC, DR & IR

Maintaining business operations during or after an incident, event, breach,


intrusion, exploit or zero day is accomplished through the implementation of
Incident Response, Business Continuity (BC), and/or Disaster Recovery (DR)
plans.

Course developed & delivered by Haris Chughtai ([email protected]) 17


https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 18


Domain 2: Incident Response (IR)
● IR is an organizational process that enables timely & effective response to cyber attacks
○ Familiarize with terms: Incident, Breach, Event, Exploit, Intrusion, Threat, Vulnerability, Zero Day

● Incident Response Plan (IRP) responds to abnormal operating conditions to keep the business operating

● The four main components of Incident Response are:


○ Preparation
○ Detection and Analysis
○ Containment, Eradication and Recovery
○ Post-Incident Activity

● Incident Response teams are typically a cross-functional group of individuals who represent the
management, technical and functional areas of responsibility most directly impacted by a security
incident.

● Three models of Incident Response Team (IRT) - Leveraged, Dedicated, Hybrid

Course developed & delivered by Haris Chughtai ([email protected]) 19


Domain 2: Business Continuity Plan (BCP)
● The main focus of business continuity is to keep the
operations running during crisis

● Components of the Business Continuity Plan (BCP)


include details about how and when to enact the plan
and notification systems and call trees for alerting the
team members and organizational associates that the
plan has been enacted

● The plan provides the team with immediate response


procedures and checklists and guidance for
management

● Business Impact Assessment (BIA) - Identify and


prioritize the risks

Course developed & delivered by Haris Chughtai ([email protected]) 20


Components of BCP

Course developed & delivered by Haris Chughtai ([email protected]) 21


Domain 2: Disaster Recovery (DR)
● When both the Incident Response (IR) and Business Continuity (BC) plans fail, the Disaster
Recovery (DR) plan is activated to return operations to normal as quickly as possible

● The Disaster Recovery (DR) plan may include the following key components:
○ executive summary providing a high-level overview of the plan
○ department-specific plans
○ technical guides for IT personnel responsible for implementing and maintaining critical
backup systems
○ full copies of the plan for critical disaster recovery team members
○ checklists for certain individuals

Understand the terminologies: High Availability (HA), Fault Tolerance (FT), Single Point of Failure (SPOF)

Course developed & delivered by Haris Chughtai ([email protected]) 22


BCP & DR

Course developed & delivered by Haris Chughtai ([email protected]) 23


ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2c Domain 3)


Access Control

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Domain 3: Access Control

Course developed & delivered by Haris Chughtai ([email protected]) 25


https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 26


Domain 2: Access Control
● Access is based on three elements: ● Defence in Depth (DiD):
○ Subjects (who) ○ An information security strategy
○ Objects (what) integrating people, technology, and
○ Rules (how and when) operations capabilities to establish
variable barriers across multiple layers
● Trustworthiness and the need for access also and missions of the organization
determine access

Course developed & delivered by Haris Chughtai ([email protected]) 27


Domain 2: Access Control
Mainly two types of Access Controls enforcement i.e.
Physical & Logical/Technical

○ Physical Controls

■ Physical access controls include security


guards, fences, motion detectors, locked
doors/gates, sealed windows, environmental
design, lights, cable protection, laptop locks,
badges, swipe cards, guard dogs, cameras,
mantraps/turnstiles and alarms

■ Physical security controls (e.g., badge systems,


gate entry,fences, locked doors,
Mantrap/Transtiles, swipe cards, saled
windows, Motion detectors, lights, guard dogs,
laptop locks, security guards etc)

■ Monitoring (e.g. security guards, closed-circuit


television (CCTV), alarm systems, logs)

■ Authorized versus unauthorized personnel


Course developed & delivered by Haris Chughtai ([email protected]) 28
Domain 2: Access Control
Mainly two types of Access Controls enforcement
● Physical & Logical/Technical

● Logical or Technical Controls

○ Configuration or settings related controls - can be configuration


settings or parameters stored as data, managed through a software
graphical user interface (GUI), or they can be hardware settings done
with switches, jumper plugs or other means

○ Principle of least privilege

○ Segregation of duties, Segregation of duties, two-person integrity

○ Examples of logical access control


■ Configuration settings or parameters stored as data, managed
through a software
■ graphical user interface (GUI)
■ Hardware settings done with switches, jumper plugs or other means

Course developed & delivered by Haris Chughtai ([email protected]) 29


Domain 2: Access Control
Logical or Technical Controls - MAC, DAC, RBAC

● Mandatory Access Control (MAC):


○ Mandatory access control is the principle of restricting access to objects based on the sensitivity of the
information that the object contains and the authorization of the subject to access information with
that level of sensitivity. This type of access control is mandatory in the sense that subjects cannot
control or bypass it.

○ MAC model gives only the owner and custodian management of the access controls. This means the
subjects/end-user has no control over any settings that provide any privileges to anyone

○ MAC is the highest access control (most restrictive)

Course developed & delivered by Haris Chughtai ([email protected]) 30


Domain 2: Access Control
Logical or Technical Controls - MAC, DAC, RBAC

● Discretionary Access Control (DAC):

○ DAC allows an individual complete control over any objects they own along with the programs
associated with those objects.

○ Discretionary access control is the principle of restricting access to objects based on the identity of the
subject (the user or the group to which the user belongs)

○ DAC is the least restrictive access control compared to MAC model

Course developed & delivered by Haris Chughtai ([email protected]) 31


Domain 2: Access Control
Logical or Technical Controls - MAC, DAC, RBAC

● Role-Based Access Control (RBAC):


○ An access control, as the name suggests, sets up user permissions based on roles.

○ RBAC model provides access control based on the position an individual fills in an organization

○ Understand that there is a difference between Regular User Account and a Privileged User Account

■ Privileged Access Management and how it relates to risk and the CIA Triad: it reduces risk by
allowing admin privileges to be used only when needed, provides confidentiality by limiting the
need for administrative access that is used during routine business, ensures integrity by only
allowing authorized administrative access during approved activities, and confirms availability
by providing administrative access when needed

Course developed & delivered by Haris Chughtai ([email protected]) 32


Domain 2: Access Control
Logical or Technical Controls

● User Management (Identity Governance)

○ New employee – account created


■ “Onboarding” – creating an account (or cloning a baseline account) for a new employee

○ Changed position – account modified

○ Temporary leave of absence – account disabled

○ Separation of employment – account deleted


■ “Offboarding” – deleting an account (or disabling then deleting an account) for a terminated
employee

Course developed & delivered by Haris Chughtai ([email protected]) 33


ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2d Domain 4)


Network Security

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Domain 4: Network Security

Course developed & delivered by Haris Chughtai ([email protected]) 35


https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 36


Domain 4: Network Security
Remember 7-layer OSI & 4-layer TCP/IP reference Model

● OSI - 7 Layer Model


○ The open systems interconnection (OSI) model is a
conceptual framework used to describe the flow
of information from one computing device to
another operating in a networking environment. It
is protocol independent.

● TCP/IP - 4 Layer Model


○ Simplified version of OSI model.
○ Provides a communication protocols suite using
which network devices can be connected to the
Internet. It relies on standardized protocols

What's the difference between two models?


TCP/IP is a practical model that addresses specific communication challenges and relies on standardized protocols. In contrast, OSI serves as a
conceptual comprehensive, protocol-independent framework designed to encompass various network communication methods.
TCP/IP model can be thought as the practical interpretation of the conceptual OSI model

Course developed & delivered by Haris Chughtai ([email protected]) 37


Domain 4: Network Security
Types of Networks Network Devices Network Attack Types Network Threat Types
• LAN – Local Area Network • Switches • DoS/DDoS • Spoofing
• WLAN – Wireless Local Area Network • Access Points • Fragment • DoS/DDoS
• WAN – Wide Area Network • Routers • Oversized Packet • Virus
• VPN – Virtual Private Network • Firewalls • Spoofing • Worm
• EPN – Enterprise Private Network • Endpoints • Privilege Escalation • Trojan
• PAN – Personal Area Network • Servers • Insider Threat • On-Path (Man-in-the-Middle)
• CAN – Campus Area Network • Hubs • Man-in-the-Middle • Side-channel
• MAN – Metropolitan Area Network • Printers • Code/SQL Injection • Phishing
• SAN – Storage Area Network • Fax Machines • XSS (Cross Site Scripting) • Rootkit
• POLAN – Passive Optical Local Area Network • Gateways • Adware/Spyware
• Repeaters • Malware
• Bridges
• Modems Technologies used to Technologies used to
Identify Threats Prevent Threats
• IDS • Antivirus/Antimalware
• NIDS • Scans
• HIDS • Firewalls
• SIEM • IPS
• NIPS
• HIPS

Course developed & delivered by Haris Chughtai ([email protected]) 38


Domain 4: Network Security
Requirements of a Data Center Cloud Service Models Network Design Terminology
• Power • SaaS • Virtual Local Area Network (VLAN)
• HVAC • IaaS • Virtual Private Network (VPN)
• Fire Suppression • PaaS • Network Access Control
• Redundancy • Defense in Depth
• MOU/MOA Cloud Deployment Models • Zero Trust
• Public • Network Segmentation, e.g., microsegmentation and
• Private demilitarized zone (DMZ)
• Community
• Hybrid

Course developed & delivered by Haris Chughtai ([email protected]) 39


Domain 4: Network Security
● The MAC address - Media Access Control address is a unique identifier assigned to a NIC (Network interface controller/Card). MAC
Address is also known as the Physical Address of a network device. MAC address is a unique identifier assigned to a NIC (Network
interface controller/Card). MAC Address is also known as the Physical Address of a network device

● An IP address is a unique logical address that identifies a device on the network. IP Addresses are of two types IPv4 & IPv6. IPv4 vs IPv6:
IPv4 is commonly used however IPv6 is a modernization of IPv4:is advanced which bring many new advantages including following:
○ A much larger address field (support more devices)
○ Improved security
○ Improved quality of service (QoS)

● The primary distinction between MAC and IP addresses is that MAC addresses are used to verify the computer's physical address. It
uniquely identifies the network's devices. While IP addresses are logical & used to uniquely identify a device's network connection.

Course developed & delivered by Haris Chughtai ([email protected]) 40


Domain 4: Network Security
● Common network
applications & protocols
in each layer of TCP/IP
model

ARP

Course developed & delivered by Haris Chughtai ([email protected]) 41


Domain 4: Network Security
● Remember these commonly used applications port numbers

Course developed & delivered by Haris Chughtai ([email protected]) 42


ISC2 CC - Certified in Cybersecurity

Exam Preparation Guide (Part-2e Domain 5)


Security Operations (SOC)

PART-2: KEY CONCEPTS OF ISC2 CC DOMAINS, REFERENCE STUDY

Course developed & delivered by Haris Chughtai ([email protected])


Domain 5: Security Operations

Course developed & delivered by Haris Chughtai ([email protected]) 44


https://www.isc2.org/certifications/cc/cc-certification-exam-outline

Course developed & delivered by Haris Chughtai ([email protected]) 45


Domain 5: Security Operations
Data Handling Lifecycle
Data Sensitivity Levels

● Highly restricted: Compromise of data with this sensitivity label


could possibly put the organization’s future existence at risk.
Compromise could lead to substantial loss of life, injury or
property damage, and the litigation and claims that would follow.

● Moderately restricted: Compromise of data with this sensitivity


label could lead to loss of temporary competitive advantage, loss
of revenue, or disruption of planned investments or activities.

● Low sensitivity (sometimes called “internal use only”):


Compromise of data with this sensitivity label could cause minor
disruptions, delays or impacts.

● Unrestricted public data: As this data is already published, no


harm can come from further dissemination or disclosure.

Course developed & delivered by Haris Chughtai ([email protected]) 46


Domain 5: Security Operations
● Data privacy is a guideline for how data should be collected ● Data protection signifies the strategic and
or handled, based on its sensitivity and importance. Data procedural steps undertaken to safeguard the
privacy is typically applied to personal health information
(PHI) and personally identifiable information (PII). This privacy, availability, and integrity of sensitive data,
includes financial information, medical records, social and is often interchangeably used with the term
security or ID numbers, names, birthdates, and contact ‘data security.’
information.

● Example of data privacy regulations/laws are GDPR/EU,


PIPEDA/Canada

Course developed & delivered by Haris Chughtai ([email protected]) 47


Domain 5: Security Operations
● Cryptography/Encryption is a data security mechanism to conceal information by altering it so that it appears
to be random data.
● There are two encryption mechanisms - Symmetric & Asymmetric
● Five functions of cryptographic hash - Useful, Nonreversible, Content integrity assurance, Unique, Deterministic

Symmetric - only one key used by sender & Asymmetric - different keys (Public & Private)
receiver for both encryption and decryption are used for encryption and decryption.

Symmetric Encryption Asymmetric Encryption


(same Key) (different Keys)

Course developed & delivered by Haris Chughtai ([email protected]) 48


Domain 5: Security Operations
Logging & Monitoring System Hardening

INGRESS
• Firewalls
• Gateways
• Remote authentication servers
• IDS/IPS tools
• SIEM solutions
• Anti-malware solutions

EGRESS
• Email (content and attachments)
• Copy to portable media
• File Transfer Protocol (FTP) Elements of configuration management
• Posting to web pages/websites • Inventory
• Applications/application programming • Baseline
interfaces (APIs) • Updates
• Patches

Course developed & delivered by Haris Chughtai ([email protected]) 49


Domain 5: Security Operations
Threat Actors & their motivations Common types of Cybersecurity Attacks
● Eavesdropping, IP-Spoofing, MiTM (Man in the Middle )
● Phishing, Whale-phishing, Spear-Phishing, Drive-by
Download, Trojan Horse, Botnets
● Denial of Service (DoS)
● Brute force, Password/Dictionary
● URL interpretation, DNS-Spoofing
● SQL Injection, Cross-Site-Scripting/XSS
● Trojan Horse, Cryptojacking, Ransomware

Common types of Social engineering techniques


• Baiting
• Phone phishing or vishing
• Pretexting
• Quid pro quo
• Tailgating
• False flag or false front operations

Course developed & delivered by Haris Chughtai ([email protected]) 50


Domain 5: Security Operations
Threat Actors & Risks
● Threat Actors: APT, Botnet/Zombies, Malware/Virus, Social
Engineering (Phishing, Vishing, Smishing), Ransomware, DDoS etc

● Cyber Risk: Cyber risk is based on the probability of a bad event


happening to your business's information systems, leading to the
loss of confidentiality, integrity, and availability of information

Course developed & delivered by Haris Chughtai ([email protected]) 51


Domain 5: Security Operations
● Best practices Security Policies: Password, Acceptable Use Policy (AUP), Bring your Own
Device (BYOD), Privacy policy etc

● Security Awareness Trainings

Course developed & delivered by Haris Chughtai ([email protected]) 52


Reference study to
prepare for the exam

Course developed & deliveredCourse


by Haris Chughtai
developed & delivered by Haris Chughtai ([email protected]) 53
Reference Study
Following first four should be sufficient to pass the exam but Mike Chapple course provides additional
valuable knowledge.
1. ISC2 - Certified in Cybersecurity Official Study Material
https://learn.isc2.org/d2l/home/9541

2. Fundamentals of Networking & Cybersecurity course by Haris Chughtai


3. Prabh Nair Example Test Questions on YouTube

4. FlashCard Quiz of ISC2 CC domains

5. Mike Chapple Linkedin Learning of ISC2 CC

6. Register as “Public” on Fortinet Training site & complete following two self paced trainings
i. Fortinet Cybersecurity Fundamentals (FCF)
ii. Fortinet Cybersecurity Associate (FCA)

Do your own Google/Youtube research to get exam input from those who recently passed!
Course developed & delivered by Haris Chughtai ([email protected]) 54
Practice Tests
Practice these exam and attempt to complete in 60 min
● https://customcareer.miami.edu/classes/practice-exam-2-for-isc2-certified-in-cybersecurity-cc/

● https://www.linkedin.com/learning/courses/practice-exam-1-for-isc2-certified-in-cybersecurity-cc/practice-exams/urn:li:la_assessmentV2:54624080?u=2093516

Course developed & delivered by Haris Chughtai ([email protected]) 55


On the day of your exam
1. Reach to the VUE Pearson test center 30 min before your scheduled exam time.
a. Give yourself enough time to overcome traffic and transportation issues
b. Make sure you have two photo IDs with you, at least one of them must be government issued
c. Your name on the government ID should match your name registered to ISC2

2. Keep an eye on the watch - You must attempt all the questions so time it well !
a. Keep in mind It is not an easy exam!! - Time flies when stuck !
b. Not having time to attempt all questions is the worst time management!
c. Not all questions are straight forward, some will require more time
d. Many questions will appear unfamiliar - Don’t panic it normal for any professional exam
e. If stuck on a question, read it twice, use common sense & method of elimination to select
what appears to be the best answer.

Not all the questions will be from ISC2 study material, you will need to use your logic
and your base technology understanding to answer many question.

Course developed & delivered by Haris Chughtai ([email protected]) 56


Train your brain to be
a growth mindset!
Keep learning, keep
growing

Course developed & deliveredCourse


by Haris Chughtai
developed & delivered by Haris Chughtai ([email protected]) 57
Course developed & delivered by Haris Chughtai ([email protected])

You might also like