Browse the Full Catalog

This practice test from CyberVista will help you prepare for the Certified Cloud Security Professional (CCSP) exam by demonstrating your knowledge and hands-on experience with cloud security architecture, design, operations and service orchestration.

In this challenge you will gain understanding of OWASP Zed Attack Proxy by performing basic scans against a vulnerable web server. OWASP ZAP is an open-source web application security scanner, and is used by those new to application security as well as seasoned professional penetration testers.

Gain hands-on experience configuring an AWS Config rule to ensure that public access to Amazon S3 buckets is automatically disabled. Lab activities include: creating an Amazon Identity and Access Management role for automation, creating an S3 bucket that is noncompliant, and creating an AWS Config rule to remediate any noncompliant S3 buckets.

Gain hands-on experience enabling security for Azure Data Lake. Lab activities include: deploying a storage account that uses Azure Data Lake Storage, creating a container for blob data, designing access control list (ACL) and role-based access control (RBAC) security for the data lake, and enabling ACL and RBAC security for the data lake.

In this lab, students will created an S3 bucket to host company assets. Students will then create a user account and a group Identity and Access Management (IAM) policy.

Azure Monitor (AM) helps you understand how applications are performing and proactively identify issues affecting them. This lab gives hands-on experience configuring the available options and reviewing the activity logs and alerts collected by AM.

This "Configure Security Recommendations for Virtual Machines" IT Pro Challenges virtual lab teaches learners how to configure security recommendations for a virtual machine by enabling security recommendations and Azure Disk Encryption. Skills learned in this lab are crucial for the job roles of System Administrators and Azure Administrators.

This IT Pro Challenge virtual lab teaches how to encrypt a virtual machine’s disk using Azure’s Cloud Shell commands. Hands-on experience — creating and deploying a virtual machine and a data disk, and using a command-line interface — advances System Administrators, Cybersecurity Specialists, and Microsoft Azure Cloud Engineers career paths.

The Azure platform provides cloud-based tools for businesses to deploy their web services. This IT Pro Challenge virtual lab will give you an Azure application security groups' overview. Application security groups allow system administrators to control access to Azure virtual machines. In this lab, you will deploy an application security group.

In this lab, you assume the role of an Azure® administrator. First, you will create an Azure virtual network by using the Azure portal. Next, you will create an Azure virtual network by using Azure Cloud Shell. Finally, you will configure virtual network peering connections for secure bidirectional communication.

In this IT Pro Challenge provided by Learn on Demand Systems, you will implement an Azure API Management Instance to then publish and secure your API using a product and subscription.

In this CCSP: Domain 6 - Legal, Risk and Compliance course you will learn about legal frameworks and forensics, privacy in the cloud, and enterprise risk management.

In this CCSP: Domain 5 - Cloud Security Operations course you will learn about secure network configurations and controls, forensics, evidence collection and preservation, and logging, incident management, and vulnerability assessments.

In this CCSP: Domain 4 - Cloud Application Security course you will learn about cloud development basics, common pitfalls, and vulnerabilities, cloud specific risks, and cryptography, sandboxing, virtualization, and orchestration.

In this CCSP: Domain 3 - Cloud Platform and Infrastructure Security course you will learn about how to design a secure data center, about identification, authentication, and authorization in the cloud, as well as business continuity and disaster recovery planning and testing.

In this CCSP: Domain 2 - Cloud Data Security course you will learn about storage types, encryption and key management, and hashing, data obfuscation, and tokenization.

In this CCSP: Domain 1 - Cloud Concepts, Architecture and Design course you will learn about cloud computing definitions, roles, and responsibilities, the impact of related technologies, and virtualization security.

Showcase your audit experience and demonstrate that you are skilled at assessing vulnerabilities, reporting on compliance, and instituting controls within the enterprise by obtaining your ISACA CISA certification. Completion of the practice test means you understand the five domains within the formal ISACA exam.

In this CISA: Information Asset Security and Control course, you will learn about the OSI and TCP reference models, cryptography, indicators of attacks and network-based attacks.

In this CISA: Information Systems Operations and Business Resilience course, you will learn about cloud deployment, redundancy, and business continuity.

In this CISA: Information Systems Acquisition, Development and Implementation course, you will learn about project management, control identification and design, and testing.

In this CISA: Governance and Management of IT course, you will learn about enterprise risk management, IT frameworks, evaluation criteria, and information security strategy.

In this CISA: Information Systems Auditing Process course, you will get an introduction to IS audit, learn about types of controls and sampling.

Prepare yourself to enter the cybersecurity field or validate your knowledge by earning the Security+ certification. This practice test for CompTIA Security+ (SY0-701) will help you identify domain areas to study more so you know when you're exam ready. Be sure to set yourself up for exam success. Start this practice test today.

In this CompTIA Security+ SYO-701: Security Program Management and Oversight course, you will learn about frameworks and standards, organizational policies, and the risk management lifecycle.

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

In this hands-on challenge, you will practice researching network observables.

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!

Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!

Magic Hound (APT35) is an Iranian state-sponsored threat group that primarily targets organizations across various industries and geographic regions through cyber espionage. Launch this campaign to start detecting the sophisticated techniques leveraged by this threat group.

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.

Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.

Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.