This lesson covers what is necessary to know in order to pass the exam, some things needed are being able to recognize different types of technical attacks and motives of malicious users. Participants also need to know about different types of encryption. toggle_content title="Transcript" Alright, that gets us to the end of the module. So let's cov...
This lesson covers what is necessary to know in order to pass the exam, some things needed are being able to recognize different types of technical attacks and motives of malicious users. Participants also need to know about different types of encryption. [toggle_content title="Transcript"] Alright, that gets us to the end of the module. So let's cover our exam essentials for module 5. First thing we need to think about is being able to verify the effectiveness of our logical controls, or our technical controls. Then we talked about the various mechanisms that are used for the perimeter defense. We looked at different kinds of technical attacks. We talked a little bit about the motives of attackers and hackers and why they do what they do. We also covered some details about various forms of biometrics to provide enhanced authentication. We talked about the difference between the physical access controls and logical or technical controls versus management controls. They all have their roles to play and we need to understand where those different controls are appropriate to be used. Then we talked about public key and private key encryption. Remember, this is symmetric versus asymmetric encryption. Symmetric uses the same key to encrypt and decrypt. Whereas asymmetric has a public and private key pair. We know that management has to control the encryption, or the crypto system, managing the distribution of key pairs, managing the crypto keys, perhaps using a key escrow device, or a system. We also talked a little bit about VPNs and why that's important for having a secure method for remote access. If you remember, we had IPSec VPNS with transport mode and tunnel mode. Then lastly we spoke a little bit about IDS systems. These could be network-based, host-based, neural-based or statistical. Okay, the last task for the module, then, is to do all of your review questions. Good luck on the test. [/toggle_content]
In order to face the dynamic requirements of meeting enterprise vulnerability management challenges, CISA course covers the auditing process to ensure that you have the ability to analyze the state of your organization and make changes where needed.