www.giac.org

The GIAC Security Essentials Certification (GSEC) was created to provide assurance that a certified individual holds the appropriate level of knowledge and skill necessary for anyone with hands on technical responsibilities in the key or essential areas of information security.

All GIAC certifications expire in a period of 4 years. Candidates must review the information and retake the exams in order to remain certified. Although there are other entry level certifications available, GIAC is the only information security certification family including advanced technical subject areas.

The practice tests are taken on-line and are designed to simulate the format of the actual GIAC exams with the same number of tests, multiple-choice questions and time-limits. The practice test questions, which are selected from our Online Training quiz bins, are written by the same authors who write the GIAC exams. During the practice tests, each time you choose a wrong answer, you will receive the correct answer and an explanation that will help to reinforce the subject matter presented in the question. The practice tests also include a counter that shows the current number of questions that you answered correctly, wrong and how many questions are left in the test. You will only have one attempt at each practice test, if you need more attempts you will need to purchase another set. If you purchase a new practice test set, the on-line system will quiz you again on the questions that were originally answered incorrectly while asking new questions.

The topic areas for each exam part follow:

Exam Certification ObjectivesCertification Objective Outcome Statement

802.11

The candidate will be able to identify the different 802.11x protocols, and understand key characteristics.

Access Control Theory

The candidate will understand the fundamental theory of access control.

Alternate Network Mapping Techniques

The candidate will be introduced to network mapping techniques an attacker might use to examine wireless networks, and public switched telephony networks, along with identifying the basic penetration techniques at a high level.

Best Practice Approach to Risk Management

The candidate will understand the overall best practice approach to Risk Management from a high level.

Bluetooth

The candidate will have a basic understanding of how the Bluetooth and Zigbee protocols work and the security issues that surround them.

Common Types of Attacks

The candidate will be able to identify the most common attack methods and understand the basic strategies used to mitigate those threats.

Contigency Planning

The candidate will understand the critical aspect of contingency planning with a Business Continuity Plan (BCP) and Disaster Recover Plan (DRP).

Crypto Attacks

The candidate will be able to identify common attacks used to subvert cryptographic defenses.

Crypto Concepts

The candidate will have a high level understanding of the mathematical concepts which contribute to modern cryptography.

Crypto Fundamentals

The candidate will have a basic understanding of the fundamental concepts of cryptography.

Defense-in-Depth

The candidate will be introduced to the terminology and concepts of Risk and Defense-in-Depth including threats and vulnerabilities.

DNS

The candidate will have a high-level understanding of the Domain Name System architecture.

Firewall Subversion

The candidate will have a high level understanding of how IPS systems operate.

Firewalls

The candidate will understand basic firewalling technologies and techniques.

General Types of Cryptosystems

The candidate will have a high level understanding of the three general types of cryptosystems.

General Types of Stego

The candidate will be able to identify different methods of steganography, as well as some of the common tools used to hide data with steganography.

HIDS Examples

The candidate will be able to identify common Windows and Unix tools which provide HIDS functionality and the techniques utilized.

HIDS Overview

The candidate will have a general understanding of the techniques used by Host Based Intrusion Detection Systems.

HIPS Overview

The candidate will understand the technologies and techniques behind HIPS how and it can be applied.

Honeypots

The candidate will understand basic honeypot techniques and common tools used to set up honeypots.

ICMP

The candidate will understand the structure and purpose of ICMP, as well as the fields in a ICMP datagram header.

IDS Overview

The candidate will understand the overall concepts of Intrusion Detection.

Incident Handling Fundamentals

The candidate will understand the concepts of incident handling and the six-step incident handling process.

Information Warfare Examples

The candidate will be introduced to real-life examples of information warfare.

Information Warfare Theory

The candidate will be introduced to the theory of information warfare.

Introduction to OPSEC

The candidate will understand what OPSEC is and the threats and techniques used for protection in Operational Security.

IP Packets

The candidate will have a fundamental understanding of how the IP protocol works.

IPS Examples

The candidate will be able to identify common IPS technology products available on the market today.

IPS Overview

The candidate will have a high level understanding of how IPS systems operate.

IPv6

The candidate will have a high level understanding of the IPv6 protocol.

Legal Aspects of Incident Handling

The candidate will be introduced to the basic legal issues in incident and evidence handling.

Mitnick Attack Defensive Strategies

The candidate will understand the strategies that would have prevented the Mitnick attack.

Mitnick-Shimomura

The candidate will understand the details of the famous Mitnick-Shimomura attack, as well as what we can learn from this attack to appropriately protect our networks today against these vulnerabilities.

Network Addressing

The candidate will understand the essentials of IP addressing, subnets, CIDR and netmasks.

Network Design

The candidate will be able to design basic network architectures using best practices.

Network Hardware

The candidate will understand network hardware components, as well as how standard and cross-over network cabling is wired.

Network Mapping Tools

The candidate will be able to identify common tools attackers use to scan systems and the techniques these scanners use.

Network Plumbing

The candidate will understand and be able to identify the different types of networks, topologies, and the most common network technologies in use today.

Network Protocol

The candidate will understand the properties and functions of network protocols and the network protocol stacks.

Network Scanning

The candidate will learn how to compile a network map, using techniques known as network mapping and port scanning.

NIDS Overview

The candidate will understand techniques NIDS use to operate and understand their strengths and weaknesses.

NIPS Overview

The candidate will understand the technologies and techniques behind NIPS and how it can be applied.

Password Management

The candidate will understand the role of passwords in controlling access to systems.

Physical Security

The candidate will understand the purpose restricted areas and their protection mechanisms.

Policy Framework

The candidate will understand the purpose and components of policy.

Pretty Good Privacy PGP

The candidate will understand the functionality of the PGP cryptosystem and how they operate.

Public Key Infrastructure PKI

The candidate will have a high level understanding of how PKI cryptosystems are used for secure communications.

Reading Packets

The candidate will develop the skill to decode a packet from hexadecimal output.

Real-World Crypto Implementations

The candidate will have a basic understanding of PGP, SSL, and Kerberos.

Risk Management Overview

The candidate will understand the terminology and basic approaches to Risk Management.

Routing Fundamentals

The candidate will become familiar with common routing concepts and protocols.

Safety Threats

The candidate will be able to identify and understand the most common threats to safety and why they are important to address.

Snort as a NIDS

The candidate will have a high level of understanding in Network Intrusion Detection concepts and techniques and how Snort performs Network Intrusion Detection.

Steganography Overview

The candidate will understand what steganography is and how it differs from cryptography.

Symmetric & Asymmetric Cryptosystems

The candidate will have a basic understanding of commonly used symmetric & asymmetric cryptosystems.

TCP

The candidate will understand the structure and purpose of TCP, as well as the fields in a TCP datagram header.

TCP Concepts

The candidate will understand TCP connection establishment and teardown, and how this is communicated with tcpdump/windump.

tcpdump/windump

The candidate will be able to use the tcpdump or windump utility to read packets from a network interface and understand the output.

Threat Assessment, Analysis & Report to Management

The candidate will be able to identify each step in the Threat Assessment & Analysis process and how to report findings to management.

Traceroute

The candidate will be able to use the traceroute utility for network troubleshooting and discovery.

UDP

The candidate will understand the structure and purpose of UDP, as well as the fields in a UDP datagram header.

Unix Backups & Archiving

The candidate will understand how to archive or copy data from a single system and later restore and manipulate that data to assist in a computer crime investigation.

Unix Command Line and OS Tools

The candidate will understand how the command line works, key commands and how to use them to manage a Unix system

Unix Cron Security and Process Scheduling

The candidate will understand how to configure the Unix Cron system and schedule processes.

Unix Landscape

The candidate will be familiar with the different variants of Unix/Linux and understand Unix File systems.

Unix Logging and Monitoring

The candidate will understand the various logging facilities common to Unix operating systems and log monitoring techniques that will help improve security and provide more information in the event of a system compromise.

Unix OS Security

The candidate will understand the best practices required to properly secure Linux including parameters, file permissions, and warning banners.

Unix Password System and Root Access

The candidate will understand Unix accounts, the significance of the root account, and how to manage accounts.

Unix Patch Management and Maintenance

The candidate will understand how to manage patches and security updates on Unix hosts.

Unix Processes and Minimizing System Services

The candidate will understand how Unix processes and services are configured and which services should be disabled on Unix hosts.

Unix Security Tools

The candidate will know how to use the key security tools that are available under Unix.

Virtual Machines

The candidate will understand what virtual machines are and how to use them to create a virtual lab

Virtual Private Networks VPNs

The candidate will have a high level understanding of Virtual Private Networks ( VPNs) and be able to identify IPSec and non-IPSec protocols used for VPN communications.

Viruses and Mailicious Code

The candidate will understand and be able to articulate what malicious code is, how it propagates and why it is such an expensive problem. The candidate will also be familiar with and understand the attack vectors leveraged by recent malicious code attacks.

VoIP Functionality & Architecture

The candidate will become familiar with the functionality and architecture of VoIP.

Vulnerability Management Overview

The candidate will understand the concepts and relationships behind reconnaissance and resource protection, and threats and vectors.

Vulnerability Scanning

The candidate will learn how data generated from a port scanner like nmap and vulnerability assessment tools like nessus can be used to examine systems, ports and applications in more depth to secure an environment.

Web Application Security

The candidate will be introduced to web application securing including CGI, cookies, SSL and active content.

Web State

The candidate will be introduced to session tracking mechanisms.

Windows Active Directory & Group Policy

The candidate will be able to identify the features of Active Directories and Group Policies, and understand how they are applied to a Windows host.

Windows Automation and Auditing

The candidate will be introduced to the techniques and technologies used to audit Windows hosts.

Windows Backup & Restore

The candidate will understand best practices to manage Windows backups and to restore a Windows host from backup data.

Windows Family of Products

The candidate will be able to identify the different types of Windows operating systems and the differences between them.

Windows IIS Security

The candidate will be able to apply best practices in securing a Windows IIS server.

Windows Network Security Overview

The candidate will know how take basic measures in securing a Windows host.

Windows Patches & Hotfixes

The candidate will understand how to manage Windows Service Packs and Hotfixes for a network of Windows hosts.

Windows Permissions & User Rights

The candidate will understand how permissions are applied in the Windows NT File System, Shared Folder, Encrypting File System, Printer, Registry Key, Active Directory and how User Rights are applied.

Windows Security Templates & Group Policy

The candidate will have a high level understanding of the features and functionality of Group Policy and working with GP Templates.

Windows Workgroups & Accounts

The candidate will understand how Windows manages workgroups and accounts locally on a Windows host.

Wireless Overview

The candidate will have a basic understanding of wireless technologies.

Wireless Security

The candidate will have a basic understanding of the misconceptions and risks of wireless networks and how to secure them.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/grievance.php.

Number of certified professionals: 24,180
SANS 2009