The cheat sheet is a condensed format of the main facts that you need to know before taking the exam. We must learn the exam concepts and not just the answers to a bank of questions.
Frameworks and Guides
- Regulatory: Legally enforceable
- Non-regulatory: Not legally enforceable
- Industry-specific: Ensures compliance for that industry
- Vendor guides: How to set up devices/software
Defense in Depth
- Multiple controls: If one control fails, the next control prevents attacks.
- Vendor diversity: When you have the same product from two vendors, if one fails, you are still up and running.
- Control diversity: Use of more than one control, for example, administrative and technical controls working together.
Secure Network
- DMZ: Boundary layer
- Extranet: Web server residing in DMZ that can be accessed via username and password
- Air gaps: Isolating a system from the network
- NAT: Hides the internal network
- Honeypot: Finds attack methods so that they can be mitigated
- Guest Wi-Fi: Used by guests...