Areas Covered
- Using network-centric and data-centric security strategies to architect a layered defense
- Assessing existing technology implementations to improve prevention, detection, and response
- Understanding and applying Zero Trust principles
Who is GDSA for?
- Security Architects
- Network Engineers
- Network Architects
- Security Analysts
- Senior Security Engineers
- System Administrators
- Technical Security Managers
- CND Analysts
- Security Monitoring Specialists
- Cyber Threat Investigators
Exam Format
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 63%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Cloud-based Security Architecture The candidate will show an understanding of the concepts involving cloud security, securing on-premise hypervisors, network segmentation, surface reduction, delivery models, and container security.
- Data Discovery, Governance, and Mobility Management The candidate will demonstrate an understanding of file classification, Data Loss Prevention (DLP), database governance, and Mobile Device Management (MDM).
- Data-Centric Security The candidate will demonstrate an understanding of the concepts involving data-centric security. Specifically, have an understanding of reverse proxies, web application firewalls, database firewalls, and database activity monitoring.
- Fundamental Layer 3 Defense The candidate will demonstrate an understanding of the concepts related to securing basic Layer 3 hardware, protocols and services and have an awareness of common attack vectors. In particular, demonstrate a knowledge of CIDR, Layer 3 routing attacks and mitigations, Layer 2/3 benchmark and auditing tools, securing SNMP and NTP protocols, and bogon filtering.
- Fundamental Security Architecture Concepts The candidate will demonstrate a basic understanding of the concepts of perimeter-focused deficiencies, presumption of compromise, Zero Trust Model, Intrusion Kill Chain, Diamond Model, software-defined networking, micro-segmentation, threat vector analysis and attack surface analysis.
- IPv6 The candidate will demonstrate an understanding of the concepts of IPV6. Specifically,have an understanding of addressing, dual stack systems, tunneling; and IPv6 router advertisement attacks and mitigation.
- Layer 1/Layer 2 Defense The candidate will demonstrate an understanding of the concepts related to securing Layer 1 and Layer 2 services, applications and protocols and be aware of common vectors for these attacks. Specifically,have an understanding of the structure and deployment of VLANs, CDP, MAC spoofing, ARP cache poisoning, DHCP starvation, VLAN hopping, 802.1X, and NAC.
- Network Defenses The candidate will demonstrate an understanding of the concepts related to network defense. In particular, show a knowledge of NIDS, NIPS, network security monitoring, sandboxing, encryption, and DDOS protections.
- Network Encryption and Remote Access The candidate will demonstrate an understanding of secure remote access, dual factor for all remote access VPNs and Jump Boxes.
- Network Proxies and Firewalls The candidate will demonstrate an understanding of Web proxies,SMTP proxies, and next generation firewalls.
- Zero Trust Endpoints The candidate will show an understanding of the concepts of securing Zero Trust Endpoints. In particular, demonstrate an understanding of patching via automation, end-user privilege reduction, host hardening, host IDS/IPS; endpoint firewalls, and scaling endpoint log collection.
- Zero Trust Fundamentals The candidate will demonstrate an understanding of the concepts involving Zero Trust Architecture, credential rotation, and responding to pivoting adversaries and insider threats.
- Zero Trust Networking The candidate will demonstrate a basic understanding of the concepts of Zero Trust Networking. Specifically, demonstrate an understanding of authenticating and encrypting endpoint traffic, Domain Isolation, Single Packet Authentication, red herring defenses, and proactive defenses to change attacker behaviors.
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.
Practice Tests
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- Purchase a GDSA practice test here.
- GIAC recommends leveraging additional study methods for test preparation.