Interpret the components within a playbook

Determine the tools needed based on a playbook scenario

Apply the playbook for a common scenario such as unauthorized elevation of privilege,

DoS and DDoS, website defacement

Infer the industry for various compliance standards such as PCI, FISMA, FedRAMP, SOC,

SOX, PCI, GDPR, Data Privacy, and ISO 27101

Describe the purpose of cyber risk insurance

Analyze elements of a risk analysis (combination asset, vulnerability, and threat)

Apply the incident response workflow

Describe characteristics and areas of improvement using common incident response

metrics

Describe types of cloud environments

Compare security operations considerations of cloud platforms such as IaaS, PaaS

Recommend AI-powered data analytic techniques to meet specific needs or answer

specific questions

Describe the use of hardening machine images for deployment

Describe the process of evaluating the security posture of an asset

Evaluate the security controls of an environment, diagnose gaps, and recommend

improvement

Determine resources for industry standards and recommendations for hardening of

systems

Determine patching recommendations, given a scenario

Recommend services to disable, given a scenario

Apply segmentation to a network

Utilize network controls for network hardening

Determine DevSecOps recommendations (implications)

Describe use and concepts related to using a Threat Intelligence Platform (TIP) to

automate intelligence

Apply AI-driven threat intelligence using tools

Apply the concepts of data loss, data leakage, data in motion, data in use, and data at

rest based on common standards

Describe the different mechanisms to detect and enforce data loss prevention

techniques, Host, Network, Application, Cloud

Recommend tuning or adapting devices and software across rules, filters, and policies

Describe the concepts of security data management

Describe use and concepts of SIEM tools for security data analytics

Recommend procedural and SOAR workflows from the described issue through

escalation and the automation needed for resolution

Apply dashboard data to communicate with technical, leadership, or executive

stakeholders

Analyze anomalous user and entity behavior (UEBA) using SIEM data

Determine the next action based on user behavior alerts

Describe tools and their limitations for network analysis such as packet capture tools,

traffic analysis tools, network log analysis tools

Evaluate artifacts and streams in a packet capture file

Troubleshoot existing detection rules

Determine the tactics, techniques, and procedures (TTPs) from an attack

Analyze components in a threat model

Apply the concepts and sequence of steps in the malware analysis process:

Extract and identify samples for analysis such as packet capture or packet

analysis tools

Perform reverse engineering

Perform dynamic malware analysis using a sandbox environment

Identify the need for additional static malware analysis

Perform static malware analysis

Summarize and share results

Interpret the sequence of events during an attack based on predictive AI analysis of

traffic patterns

Determine the steps to investigate potential endpoint intrusion across a variety of

platform types such as desktop, laptop, IoT, mobile devices

Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs)

Determine IOCs in a sandbox environment (includes generating complex indicators)

Determine the steps to investigate potential data loss from a variety of vectors of

modality such as cloud, endpoint, server, databases, application

Recommend the general mitigation steps to address vulnerability issues

Recommend the next steps for vulnerability triage and risk analysis using industry

scoring systems such as CVSS and other techniques

Compare concepts, platforms, and mechanisms of SOAR

Interpret basic scripts such as Python

Modify a provided script to automate a security operations task

Recognize common data formats such as JSON, HTML, CSV, XML

Determine opportunities for automation, orchestration, and machine learning within a

SOAR platform

Determine the constraints when consuming APIs such as rate limited, timeouts, and

payload

Explain the common HTTP response codes associated with REST APIs

Evaluate the parts of an HTTP response (response code, headers, body)

Interpret API authentication mechanisms: basic, custom token, and API keys

Utilize Bash commands (file management, directory navigation, and environmental

variables)

Describe components of a CI/CD pipeline

Apply the principles of DevOps practices

Describe the principles of Infrastructure as Code