CIW Certification/Study Guides/Security Professional Exam

SKILLS MEASURED

A CIW Security Professional implements security policy, identifies security threats, and develops countermeasures using firewall systems and attack-recognition technologies. This individual is responsible for managing the deployment of e-business transaction and payment security solutions. Skills measured in the 1D0-470 exam include but are not limited to:

Network perimeter security and elements of an effective security policy.

Encryption, including the three main encryption methods used in internetworking.

Universal guidelines and principles for effective network security, as well as guidelines to create effective specific solutions.

Security principles and security attack identification.

Firewall types and common firewall terminology.

Firewall system planning including levels of protection.

Network firewall deployment.

Network security including industry security evaluation criteria and guidelines used to determine three security levels.

Mechanisms used to implement security systems, tools to evaluate key security parameters, techniques for security accounts, and threats to Windows 2000 and UNIX systems.

Permissions identification, assignment and usage, system defaults, and security commands.

System patches and fixes including application of system patches.

Windows 2000 Registry modifications, including lockdown and removal of services for effective security in Windows 2000 and Linux.

Security auditing principles, security auditor's chief duties and network risk factor assessment.

Security auditing and discovery processes, audit plans, and network-based and host-based discovery software.

Penetration strategies and methods, including identification of potential attacks.

User activities baseline, log analysis, and auditing of various activities.

Security policy compliance and assessment reports.

Operating system add-ons, including personal firewalls and native auditing.