(ISC)²

SSCP Certification Prep Path

(SSCP.AE1) / ISBN : 978-1-64459-184-0
Lessons
Lab
TestPrep
48 Reviews
Get A Free Trial

Skills You’ll Get

The (ISC)² SSCP certification exam is an entry-level security exam sponsored by the International Information Systems Security Certification Consortium, Inc., or (ISC)². The (ISC)² SSCP exam objectives cover access controls, security operations, and administration, risk identification, monitoring, and analysis, incident response and recovery, cryptography, network, and communications security, and systems and application security.
Download Course Outline

1

Introduction

  • About This Course
  • What Is an SSCP?
  • Using This Course
  • Objective Map
  • Earning Your Certification
2

The Business Case for Decision Assurance and Information Security

  • Information: The Lifeblood of Business
  • Policy, Procedure, and Process: How Business Gets Business Done
  • Who Runs the Business?
  • Summary
3

Information Security Fundamentals

  • The Common Needs for Privacy, Confidentiality, Integrity, and Availability
  • Training and Educating Everybody
  • SSCPs and Professional Ethics
  • Summary
  • Exam Essentials
4

Integrated Risk Management and Mitigation

  • It’s a Dangerous World
  • The Four Faces of Risk
  • Getting Integrated and Proactive with Information Defense
  • Risk Management: Concepts and Frameworks
  • Risk Assessment
  • Four Choices for Limiting or Containing Damage
  • Summary
  • Exam Essentials
5

Operationalizing Risk Mitigation

  • From Tactical Planning to Information Security Operations
  • Operationalizing Risk Mitigation: Step by Step
  • The Ongoing Job of Keeping Your Baseline Secure
  • Ongoing, Continuous Monitoring
  • Reporting to and Engaging with Management
  • Summary
  • Exam Essentials
6

Communications and Network Security

  • Trusting Our Communications in a Converged World
  • Internet Systems Concepts
  • Two Protocol Stacks, One Internet
  • IP Addresses, DHCP, and Subnets
  • IPv4 vs. IPv6: Key Differences and Options
  • CIANA Layer by Layer
  • Securing Networks as Systems
  • Summary
  • Exam Essentials
7

Identity and Access Control

  • Identity and Access: Two Sides of the Same CIANA Coin
  • Identity Management Concepts
  • Access Control Concepts
  • Network Access Control
  • Implementing and Scaling IAM
  • Zero Trust Architectures
  • Summary
  • Exam Essentials
8

Cryptography

  • Cryptography: What and Why
  • Building Blocks of Digital Cryptographic Systems
  • Keys and Key Management
  • Modern Cryptography: Beyond the “Secret Decoder Ring”
  • “Why Isn’t All of This Stuff Secret?”
  • Cryptography and CIANA
  • Public Key Infrastructures
  • Other Protocols: Applying Cryptography to Meet Different Needs
  • Measures of Merit for Cryptographic Solutions
  • Attacks and Countermeasures
  • On the Near Horizon
  • Summary
  • Exam Essentials
9

Hardware and Systems Security

  • Infrastructure Security Is Baseline Management
  • Infrastructures 101 and Threat Modeling
  • Malware: Exploiting the Infrastructure’s Vulnerabilities
  • Privacy and Secure Browsing
  • “The Sin of Aggregation”
  • Updating the Threat Model
  • Managing Your Systems’ Security
  • Summary
  • Exam Essentials
10

Applications, Data, and Cloud Security

  • It’s a Data-Driven World…At the Endpoint
  • Software as Appliances
  • Applications Lifecycles and Security
  • CIANA and Applications Software Requirements
  • Application Vulnerabilities
  • “Shadow IT:” The Dilemma of the User as Builder
  • Information Quality and Information Assurance
  • Protecting Data in Motion, in Use, and at Rest
  • Into the Clouds: Endpoint App and Data Security Considerations
  • Legal and Regulatory Issues
  • Countermeasures: Keeping Your Apps and Data Safe and Secure
  • Summary
  • Exam Essentials
11

Incident Response and Recovery

  • Defeating the Kill Chain One Skirmish at a Time
  • Incident Response Framework
  • Preparation
  • Detection and Analysis
  • Containment and Eradication
  • Recovery: Getting Back to Business
  • Post-Incident Activities
  • Summary
  • Exam Essentials
12

Business Continuity via Information Security and People Power

  • A Spectrum of Disruption
  • Surviving to Operate: Plan for It!
  • Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
  • CIANA at Layer 8 and Above
  • Summary
  • Exam Essentials
13

Risks, Issues, and Opportunities, Starting Tomorrow

  • On Our Way to the Future
  • CIA, CIANA, or CIANAPS?
  • Enduring Lessons
  • Your Next Steps
  • At the Close

1

Information Security Fundamentals

  • Encrypting Files with EFS
2

Integrated Risk Management and Mitigation

  • Conducting Vulnerability Scanning Using Nessus
  • Installing Antivirus Software
  • Using Social Engineering Techniques to Plan an Attack
  • Configuring a VPN
3

Communications and Network Security

  • Performing ARP Spoofing
  • Obtaining Hardware Information of a Network Adapter
  • Obtaining the ARP Cache
  • Obtaining Information about Different IP versions
  • Obtaining the IP Version of a Network Adapter
  • Getting the TCP Settings
  • Getting Information about the Current Connection Statistics of TCP
  • Getting the UDP Settings
  • Getting Information about the Current Connection Statistics of UDP
  • Getting Information about DNS
  • Finding the Host Name of a Machine
  • Finding the Physical Address of a LAN Adapter
  • Finding the Logical Address of a LAN Adapter
  • Tracing Route Using Tracert
  • Intercepting Packets
  • Configuring a Router
  • Configuring SSH in a Router
  • Configuring Static Routing
  • Configuring Default Routing
  • Configuring VLANs
  • Configuring Network Address Translation
  • Assigning Different Classes of IP Addresses
  • Adding an IPv6 Address
  • Spoofing MAC Address
  • Performing Session Hijacking Using Burp Suite
  • Attacking a Website Using XSS Injection
  • Exploiting a Website Using SQL Injection
  • Performing a Man-in-the-Middle Attack
  • Using nmap for Scanning
  • Performing a DoS Attack with the SYN Flood
4

Identity and Access Control

  • Creating ACL in a Router
5

Cryptography

  • Observing an MD5-Generated Hash Value
  • Observe an SHA-Generated Hash Value
  • Applying Symmetric Key Encryption
  • Using OpenSSL to Create a Public/Private Key Pair
6

Hardware and Systems Security

  • Creating a Virtual Machine

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

To qualify for this cybersecurity certification, you must pass the exam and have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK).

USD 249

Pearson VUE

Multiple choice questions

The exam contains 125 questions.

180 minutes

700

Here are the retake policies:

  • If you don’t pass the exam the first time, you can retest after 30 days.
  • If you don’t pass a second time, you can retest after an additional 90 days.
  • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt.

Three years

Know more about the SSCP