Section B.1 Prepare for TestOut CyberDefense Pro Certification

It is important to prepare for an exam by studying the course material, practicing skills, and committing new concepts to memory. You can use the instruction and tests in this course to help you prepare more efficiently.

We recommend that you take the following steps as you prepare for the TestOut CyberDefense Pro Certification exam:

Step	Description
Study the course material	The course materials include text lessons, demonstrations, video lessons, and hands-on labs. As you work through the course, follow these hints for effective study: Review the learning and exam objectives on each section page. The objectives outline the knowledge and skills you will need for the official certification exam. Watch the videos. Watch the demonstrations. Read all text lesson fact pages. Practice the tasks in the lab simulations until you feel comfortable with your ability to complete them. Avoid skipping any sections unless you can easily pass the Practice Questions at the end of each section. Even if you already know the material, a review can always be helpful when preparing for an exam.
Review the certification exam domains and objectives	Review the domains and objectives for the TestOut CyberDefense Pro Certification provided in this section.
Take the domain practice exams	The domain practice exams group the performance-based labs by domain and helps assess your understanding of a particular TestOut CyberDefense Pro Certification domain and the corresponding objectives.
Take the certification practice exam	After you are confident with your ability to complete the labs, take the certification practice exam to assess your preparedness to take the certification exam. This exam has roughly the same number of questions and time limit as the TestOut CyberDefense Pro Certification. Practice questions are designed to assess your knowledge as it relates to the exam objectives. Based on your practice exam results, review the course material for questions that you missed. Focus your time on understanding the topics covered in the objectives and not on memorizing answers, as the actual certification exam will have a different set of questions. When your practice exam scores are consistently over 95%, and you feel confident in your understanding of the exam objectives and topics, the next step is to take the certification exam.
Schedule and take the certification exam	The TestOut CyberDefense Pro Certification is scheduled through LabSim. If you are taking this course through an instructor, contact your instructor to schedule your exam.

B.1.1 Pro Exam Objectives

The CyberDefense Pro course and certification exam cover the following TestOut CyberDefense Pro objectives:

#	Domain	Module.Section
1.0	Monitoring and Log Analysis
1.1	Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets	3.3, 3.4 4.2 5.1, 5.2 6.1, 6.2, 6.5, 6.9 8.1, 8.3
1.2	Monitor software and systems 1.2.1 - Configure execution control and verify digital signatures 1.2.2 - Analyze executable processes 1.2.3 - Review web application security 1.2.4 - Monitor email for malware 1.2.5 - Analyze email headers and impersonation attempts	3.3 4.1 5.1, 5.4 6.3, 6.4, 6.6, 6.8 7.1, 7.2, 7.3, 7.5
1.3	Implement Logging 1.3.1 - Manage and perform analysis using Security Information and Event Management (SIEM) tools 1.3.2 - Review event logs 1.3.3 - Send log events to a remote syslog server 1.3.4 - Review firewall logs	3.3 4.5 6.1 8.1
2.0	Threat Analysis and Detection
2.1	Perform threat analysis 2.1.1 - Review firewall configuration 2.1.2 - Conduct a trend analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks	3.3 5.2, 5.3, 5.4, 5.6 6.1, 6.4, 6.6 7.3
2.2	Detect threats using analytics and intelligence 2.2.1 - Use an Intrusion Detection System (IDS) 2.2.2 - Use a protocol analyzer and packet analysis to determine threats 2.2.3 - Use endpoint protection tools 2.2.4 - Check for privilege escalation 2.2.5 - Perform digital forensics investigations	3.2, 3.3 5.2 6.1, 6.2 7.1, 7.2, 7.3 8.3 9.2, 9.3
3.0	Risk Analysis and Mitigation
3.1	Implement security controls to mitigate risk 3.1.1 - Detect unpatched systems 3.1.2 - Configure host firewall policies 3.1.3 - Implement anti-virus and endpoint security 3.1.4 - Implement Intrusion Prevention System (IPS) 3.1.5 - Implement cloud security 3.1.6 - Perform application and data protection tasks 3.1.7 - Implement and configure a security appliance	2.4, 2.5 3.4 4.2, 4.3 5.2, 5.6 6.7 7.2, 7.3 8.3
3.2	Implement system hardening 3.2.1 - Disable unnecessary services 3.2.2 - Check service configuration 3.2.3 - Disable unnecessary ports	2.4, 2.5 3.4 4.1 5.1, 5.2 6.1 7.1
3.3	Perform penetration tests 3.3.1 - Perform internal penetration testing 3.3.2 - Perform external penetration testing	3.3 5.1, 5.2, 5.3, 5.4
3.4	Implement defensive deception methods 3.4.1 - Deploy a honeypot 3.4.2 - Implement a black hole or sinkhole 3.4.3 - Configure a captive portal	2.4 3.4
4.0	Incident Response
4.1	Manage security incidents 4.1.1 - Resolve malware, ransomware, and phishing attacks 4.1.2 - Eradicate Advanced Persistent Threats (APT) 4.1.3 - Respond to Distributed Denial of Service (DDoS) attacks	3.1, 3.3, 3.4 5.1 6.9 7.3, 7.5 9.1, 9.2
4.2	Manage devices 4.2.1 - Secure smartphones, tablets, and laptops 4.2.2 - Implement data loss prevention 4.2.3 - Secure embedded devices 4.2.4 - Secure IOT devices 4.2.5 - Implement network access control (NAC)	2.4 4.4 5.1, 5.2 7.1, 7.3 9.2, 9.3
4.3	Analyze Indicators of compromise 4.3.1 - Examine applications for any signs of compromise 4.3.2 - Inspect systems for any signs of compromise 4.3.3 - Investigate networks for any signs of compromise 4.3.4 - Analyze indicators for false positives and false negatives	3.3, 3.4 4.1 5.1, 5.2, 5.4, 5.6 6.2, 6.5, 6.6 7.6, 7.7 8.3 9.2
5.0	Audit and Compliance
5.1	Implement Identity and Access Management (IAM) 5.1.1 - Administer user accounts 5.1.2 - Manage user-based and role-based access 5.1.3 - Manage certificates 5.1.4 - Configure account policies and account control	1.1, 2.5 4.3 6.6 7.2
5.2	Implement physical security controls 5.2.1 - Analyze physical security design to protect systems 5.2.2 - Analyze system security design to protect systems 5.2.3 - Implement drive encryption 5.2.4 - Implement physical access controls	2.3 7.1

B.1.2 Pro Exam Objectives by Course Section

The CyberDefense Pro course covers the following TestOut CyberDefense Pro exam objectives:

Section	Title	Objectives
1.0	Introduction
1.1	Introduction to TestOut CyberDefense Pro
2.0	Vulnerability Response, Handling, and Management
2.1	Regulations and Standards
2.2	Risk Management
2.3	Security Controls	5.2 Implement physical security controls 5.2.1 - Analyze physical security design to protect systems
2.4	Attack Surfaces	3.1 Implement security controls to mitigate risk 3.1.7 - Implement and configure a security appliance 3.2 Implement system hardening 3.2.1 - Disable unnecessary services 3.4 Implement defensive deception methods 3.4.3 - Configure a captive portal 4.2 Manage devices 4.2.1 - Secure smartphones, tablets, and laptops
2.5	Patch Management	3.1 Implement security controls to mitigate risk 3.1.1 - Detect unpatched systems 3.2 Implement system hardening 3.2.2 - Check service configuration 5.1 Implement Identity and Access Management (IAM) 5.1.3 - Manage certificates 5.1.4 - Configure account policies and account control
2.6	Security Testing
3.0	Threat Intelligence and Threat Hunting
3.1	Threat Actors	4.1 Manage security incidents 4.1.2 - Eradicate Advanced Persistent Threats (APT)
3.2	Threat Intelligence	2.2 Detect threats using analytics and intelligence 2.2.1 - Use an Intrusion Detection System (IDS)
3.3	Threat Hunting	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets 1.2 Monitor software and systems 1.2.2 - Analyze executable processes 1.2.4 - Monitor email for malware 1.3 Implement Logging 1.3.2 - Review event logs 1.3.4 - Review firewall logs 2.1 Perform threat analysis 2.1.1 - Review firewall configuration 2.1.3 - Determine the types of vulnerabilities associated with different attacks 2.2 Detect threats using analytics and intelligence 2.2.4 - Check for privilege escalation 2.2.5 - Perform digital forensics investigations 4.1 Manage security incidents 4.1.2 - Eradicate Advanced Persistent Threats (APT) 4.1.3 - Respond to Distributed Denial of Service (DDoS) attacks 4.3 Analyze Indicators of compromise 4.3.1 - Examine applications for any signs of compromise 4.3.2 - Inspect systems for any signs of compromise 4.3.3 - Investigate networks for any signs of compromise
3.4	Honeypots	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets 3.1 Implement security controls to mitigate risk 3.1.3 - Implement anti-virus and endpoint security 3.2 Implement system hardening 3.2.3 - Disable unnecessary ports 3.4 Implement defensive deception methods 3.4.1 - Deploy a honeypot 4.1 Manage security incidents 4.1.1 - Resolve malware, ransomware, and phishing attacks 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise
4.0	System and Network Architecture
4.1	Operating System Concepts	1.2 Monitor software and systems 1.2.2 - Analyze executable processes 3.2 Implement system hardening 3.2.1 - Disable unnecessary services 3.2.2 - Check service configuration 4.3 Analyze Indicators of compromise 4.3.2 - Inspect systems for any signs of compromise
4.2	Network Architecture	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets 3.1 Implement security controls to mitigate risk 3.1.5 - Implement cloud security
4.3	Identity and Access Management (IAM)	3.1 Implement security controls to mitigate risk 3.1.5 - Implement cloud security 5.1 Implement Identity and Access Management (IAM) 5.1.1 - Administer user accounts 5.1.2 - Manage user-based and role-based access 5.1.4 - Configure account policies and account control
4.4	Data Protection	4.2 Manage devices 4.2.2 - Implement data loss prevention
4.5	Logging	1.3 Implement Logging 1.3.2 - Review event logs 1.3.3 - Send log events to a remote syslog server 1.3.4 - Review firewall logs
5.0	Vulnerability Assessments
5.1	Reconnaissance	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets 1.2 Monitor software and systems 1.2.3 - Review web application security 3.2 Implement system hardening 3.2.2 - Check service configuration 3.2.3 - Disable unnecessary ports 3.3 Perform penetration tests 3.3.1 - Perform internal penetration testing 4.1 Manage security incidents 4.1.3 - Respond to Distributed Denial of Service (DDoS) attacks 4.2 Manage devices 4.2.4 - Secure IOT devices 4.3 Analyze Indicators of compromise 4.3.2 - Inspect systems for any signs of compromise 4.3.3 - Investigate networks for any signs of compromise
5.2	Scanning	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.1.2 - Monitor network ports and sockets 2.1 Perform threat analysis 2.1.1 - Review firewall configuration 2.1.3 - Determine the types of vulnerabilities associated with different attacks 2.2 Detect threats using analytics and intelligence 2.2.1 - Use an Intrusion Detection System (IDS) 2.2.2 - Use a protocol analyzer and packet analysis to determine threats 3.1 Implement security controls to mitigate risk 3.1.1 - Detect unpatched systems 3.1.2 - Configure host firewall policies 3.1.4 - Implement Intrusion Prevention System (IPS) 3.2 Implement system hardening 3.2.3 - Disable unnecessary ports 3.3 Perform penetration tests 3.3.1 - Perform internal penetration testing 3.3.2 - Perform external penetration testing 4.2 Manage devices 4.2.4 - Secure IOT devices 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise
5.3	Enumeration	2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks 3.3 Perform penetration tests 3.3.1 - Perform internal penetration testing
5.4	Vulnerability Assessments	1.2 Monitor software and systems 1.2.3 - Review web application security 2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks 3.3 Perform penetration tests 3.3.2 - Perform external penetration testing 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise
5.5	Vulnerability Scoring Systems
5.6	Classifying Vulnerability Information	2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks 3.1 Implement security controls to mitigate risk 3.1.6 - Perform application and data protection tasks 4.3 Analyze Indicators of compromise 4.3.4 - Analyze indicators for false positives and false negatives
6.0	Network Security
6.1	Security Monitoring	1.1 Monitor networks 1.1.2 - Monitor network ports and sockets 1.3 Implement Logging 1.3.1 - Manage and perform analysis using Security Information and Event Management (SIEM) tools 2.1 Perform threat analysis 2.1.1 - Review firewall configuration 2.2 Detect threats using analytics and intelligence 2.2.1 - Use an Intrusion Detection System (IDS) 2.2.3 - Use endpoint protection tools 3.2 Implement system hardening 3.2.2 - Check service configuration
6.2	Wireless Security	1.1 Monitor networks 1.1.2 - Monitor network ports and sockets 2.2 Detect threats using analytics and intelligence 2.2.2 - Use a protocol analyzer and packet analysis to determine threats 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise
6.3	Web Server Security	1.2 Monitor software and systems 1.2.2 - Analyze executable processes 1.2.3 - Review web application security
6.4	SQL Injection	1.2 Monitor software and systems 1.2.3 - Review web application security 2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks
6.5	Sniffing	1.1 Monitor networks 1.1.1 - Monitor network traffic 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise
6.6	Authentication Attacks	1.2 Monitor software and systems 1.2.3 - Review web application security 2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks 4.3 Analyze Indicators of compromise 4.3.3 - Investigate networks for any signs of compromise 5.1 Implement Identity and Access Management (IAM) 5.1.1 - Administer user accounts
6.7	Cloud Security	3.1 Implement security controls to mitigate risk 3.1.5 - Implement cloud security
6.8	Email Security	1.2 Monitor software and systems 1.2.4 - Monitor email for malware 1.2.5 - Analyze email headers and impersonation attempts
6.9	Denial-of-Service Attacks	1.1 Monitor networks 1.1.1 - Monitor network traffic 4.1 Manage security incidents 4.1.3 - Respond to Distributed Denial of Service (DDoS) attacks
6.10	Industrial Computer Systems
7.0	Host-Based Attacks
7.1	Device Security	1.2 Monitor software and systems 1.2.1 - Configure execution control and verify digital signatures 2.2 Detect threats using analytics and intelligence 2.2.5 - Perform digital forensics investigations 3.2 Implement system hardening 3.2.1 - Disable unnecessary services 4.2 Manage devices 4.2.5 - Implement network access control (NAC) 5.2 Implement physical security controls 5.2.3 - Implement drive encryption
7.2	Unauthorized Changes	1.2 Monitor software and systems 1.2.2 - Analyze executable processes 2.2 Detect threats using analytics and intelligence 2.2.4 - Check for privilege escalation 3.1 Implement security controls to mitigate risk 3.1.6 - Perform application and data protection tasks 5.1 Implement Identity and Access Management (IAM) 5.1.4 - Configure account policies and account control
7.3	Malware	1.2 Monitor software and systems 1.2.1 - Configure execution control and verify digital signatures 2.1 Perform threat analysis 2.1.3 - Determine the types of vulnerabilities associated with different attacks 2.2 Detect threats using analytics and intelligence 2.2.3 - Use endpoint protection tools 3.1 Implement security controls to mitigate risk 3.1.3 - Implement anti-virus and endpoint security 4.1 Manage security incidents 4.1.1 - Resolve malware, ransomware, and phishing attacks 4.2 Manage devices 4.2.1 - Secure smartphones, tablets, and laptops
7.4	Command and Control
7.5	Social Engineering	1.2 Monitor software and systems 1.2.4 - Monitor email for malware 4.1 Manage security incidents 4.1.1 - Resolve malware, ransomware, and phishing attacks
7.6	Scripting and Programming	4.3 Analyze Indicators of compromise 4.3.1 - Examine applications for any signs of compromise
7.7	Application Vulnerabilities	4.3 Analyze Indicators of compromise 4.3.1 - Examine applications for any signs of compromise
8.0	Security Management
8.1	Security Information and Event Management (SIEM)	1.1 Monitor networks 1.1.1 - Monitor network traffic 1.3 Implement Logging 1.3.1 - Manage and perform analysis using Security Information and Event Management (SIEM) tools
8.2	Security Orchestration, Automation, and Response (SOAR)
8.3	Exploring Abnormal Activity	1.1 Monitor networks 1.1.2 - Monitor network ports and sockets 2.2 Detect threats using analytics and intelligence 2.2.3 - Use endpoint protection tools 3.1 Implement security controls to mitigate risk 3.1.3 - Implement anti-virus and endpoint security 3.1.6 - Perform application and data protection tasks 4.3 Analyze Indicators of compromise 4.3.1 - Examine applications for any signs of compromise
9.0	Post-Attack
9.1	Containment	4.1 Manage security incidents 4.1.2 - Eradicate Advanced Persistent Threats (APT)
9.2	Incident Response	2.2 Detect threats using analytics and intelligence 2.2.3 - Use endpoint protection tools 4.1 Manage security incidents 4.1.1 - Resolve malware, ransomware, and phishing attacks 4.1.3 - Respond to Distributed Denial of Service (DDoS) attacks 4.2 Manage devices 4.2.2 - Implement data loss prevention 4.3 Analyze Indicators of compromise 4.3.2 - Inspect systems for any signs of compromise
9.3	Post-Incident Activities	2.2 Detect threats using analytics and intelligence 2.2.5 - Perform digital forensics investigations 4.2 Manage devices 4.2.2 - Implement data loss prevention
A.0	CompTIA CySA+ CS0-003 - Practice Exams
A.1	Prepare for CompTIA CySA+ Certification
A.2	CompTIA CySA+ CS0-003 Domain Review (20 Questions)
A.3	CompTIA CySA+ CS0-003 Practice Exams (All Questions)
B.0	TestOut CyberDefense Pro - Practice Exams
B.1	Prepare for TestOut CyberDefense Pro Certification
B.2	TestOut CyberDefense Pro Exam Domain Review

B.1.3 How to take the Pro Exam

To take the TestOut CyberDefense Pro Certification exam, it must first be scheduled by an instructor or an administrator.

You are encouraged to budget your time and keep moving through the exam so you can complete it within the time limit. Begin an exam at the scheduled exam time. Students should follow these steps to start the exam:

1. You must be logged in to LabSim.
2. Select the Certifications tab from the top navigation menu.
3. Navigate to the certification.
4. Select Start Exam and read the instructions.
5. When you are ready to begin the exam, select Start Exam.

Exam Notes

• When you purchase a TestOut course, the Pro Certification exam is included. The course must have an active license to take the exam.
• Unlike the practice exams, the TestOut Pro certification exams are assessment exams that do not allow students to check their answers or get instant feedback.
• The exam may be attempted only once per exam voucher.
• If you do not pass the exam, you may purchase a retake exam voucher online.
• Do not click Start Exam until you are ready to complete the certification exam. Starting the exam and exiting will use the exam voucher.

B.1.4 Pro Exam FAQs

TestOut Pro Certification Frequently Asked Questions (FAQs)

For the most up-to-date TestOut Pro Certification FAQs, visit TestOut Pro Certification at http://www.testout.com/certification/pro-exams/Resources/FAQs .