| General Security Concepts |
12% |
Control categories and types, the CIA triad, zero trust, cryptography basics, PKI, change management |
| Threats, Vulnerabilities, and Mitigations |
22% |
Threat actors, malware types, social engineering, common vulnerabilities, indicators of malicious activity, mitigation techniques |
| Security Architecture |
18% |
Cloud and on-prem architecture, network appliances, secure protocols, data protection, resilience and recovery |
| Security Operations |
28% |
Hardening, identity and access management, monitoring tools, incident response, digital forensics, automation |
| Security Program Management and Oversight |
20% |
Governance, risk management, third-party risk, compliance and audits, security awareness training |