It is a popular certification within the IT field. It shows how important security is within the IT field.
3 steps to take an exam.
Review the objectives. End of Chapter, You should read carefully exam topic and find more docs at Internet.
Learn the material related to the objectives.
Take practice questions again and again.
free online resources: http://gcgparemium.com/501-extras/
About the exam:
Number of questions : max 90 questions
Duration : 90mins
Passing score : 750
Grading criteria : 100to 900 (83%)
Question types : Multiple choice and performance-based
Exam format : can move back and forth to view previous questions
Chapter 1 : Mastering Security Basics
Understanding core security goals ( CIA trid, steganography)
Introducing Basic Risk ( vulnerability)
Understanding Control Types ( technical,administrative,physical)
Implementing Virtualization
Using Command-Line Tools
Chapter 2 : Understanding Identity and Access Management
Exploring Authentication Concepts
Comparing Authentication Services ( Kerberos, LDAP, SSO)
Managing Accounts
Comparing Access Control Models (role-BAC)
Chapter 3 : Exploring Network Technologies and Tools
Reviewing Basic Networking Concepts (RTP, FTP, SMTP, HTTP, NTP, DNS, DHCP)
Understanding Basic Network Devices (switch,router,firewall)
Implementing a Secure Network (DMZ,Proxy,Mail Gateway)
Summarizing Routing and Switching Use Cases (Vlan,ACL,SNMP)
Chapter 4 : Securing Your Network
Exploring Advanced Security Devices (IDS/IPS, Honeypots0
Securing Wireless Networks
Understanding Wireless Attacks ( rogue access point, jamming attack)
Using VPNs for Remote Access
Chapter 5 : Securing Hosts and Data
Implementing Secure Systems (Patch management,FDE,TPM)
Summarizing Cloud Concepts (SaaS,IaaS,Paas,CASB)
Deploying Mobile Devices Securely ( BOYD,CYOD,NFC,MDM)
Exploring Embedded Systems (SCADA)
Protecting Data (Encryption,DLP)
Chapter 6 : Comparing Threats,Vulnerabilities, and Common Attacks
Understanding Threat Actors (Hacktivist,Insiders,APT)
Determining Malware Types (Viruses,worms,ransomware,rootkits)
Recognizing Common Attacks (social-engineering attack)
Blocking Malware and Other Attacks (anti-virus,DEP,anti-spam)
Chapter 7 : Protecting Against Advanced Attacks
Comparing Common Attacks (DDOS,Spoofing,ARP poisoning,DNS poisoning,Clickjacking,Replay attack)
Summarizing Secure Coding Concepts
Identifying Application Attacks (SQL injection,XSS,XSRF)
Understanding Frameworks and Guides (PCI DSS)
Chapter 8 : Using Risk Management Tools
Understanding Risk Management
Comparing Scanning and Testing Tools
Using Security Tools (Wireshark,Tcpdump,Nmap,SIEM)
Chapter 9 : Implementing Controls to Protect Assets
Implementing Defense in Depth
Comparing Physical Security Controls
Adding Redundancy and Fault Tolerance (RAID,Load balancers)
Protecting Data with Backups
Comparing Business Continuity Elements (BIA,RTO,ROP,MTBF)
Chapter 10 : Understanding Cryptography and PKI
Introducing Cryptography Concepts
(Symmetric & Asymmetric encryption,Digital Signature)
Providing Integrity with Hashing (SHA,MD5,HMAC)
Providing Confidentiality with Encryption (AES,CBC,GCM,DES,RSA,ECC,ECDHE)
Using Cryptographic Protocols
Exploring PKI Components
Chapter 11 : Implementing Policies to Mitigate Risks
Exploring Security Policies
Protecting Data
Responding to Incidents
Providing Training
Hope this guide helpful to you.
Thanks you :D.
