Aspire Journeys

541 Vulnerability Assessment Analyst Intermediate KSAT Journey

30 Courses | 34h 24m 52s

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-indepth architecture against known vulnerabilities.

541 Vulnerability Assessment Analyst

Performs assessments of systems and networks within the network environment or
enclave and identifies where those systems/networks deviate from acceptable
configurations, enclave policy, or local policy. Measures effectiveness of defense-indepth architecture against known vulnerabilities.

30 Courses | 34h 24m 52s

COURSES INCLUDED

Network & Host Analysis: Network Observations

Knowing what goes on over a network requires a high-level picture of it. The ability to conceptualize your network's structure, capabilities, and events is essential to protecting it. In this course, you'll explore the concepts and tools required to identify and visualize your network components. You'll work mostly with the open source network protocol analyzer, Wireshark. You'll start by displaying protocol hierarchies and identifying network endpoints. You'll then describe considerations for visualizing networks and create a network diagram using Visio. Next, you'll outline network security assessment methods, recognize the use of baselines for network management, and carry out baseline activity monitoring. You'll also look at ways of capturing network data. Lastly, you'll explore how Wireshark combines with other tools such as Nmap, SSH, and firewalls.

13 videos | 59m Assessment Badge

Cloud Security Management: Operations Security

Operations is one of the most crucial steps in the administration process. Handled properly, they ensure loop holes get closed and provide evidence details that can be used in issue tracking. In this course, you'll learn about different types of operations, how to execute them, and why they are important in the dynamic nature of the cloud. You'll also learn about communicating with stakeholders, digital evidence, and business continuity planning.

12 videos | 1h 24m Assessment Badge

Cloud Security Management: Legal & Compliance

It is important to understand the different cloud compliance procedures that should be followed by service providers and data owners. It's also vital to be familiar with the various cloud-specific legal compliance guidelines. In this course, you'll learn about international legislation conflicts, cloud-specific risks, legal controls, e-Discovery processes, and requirements for forensic analysis.

9 videos | 47m Assessment Badge

SSCP 2021: Endpoint Protection & Mobile Device Management

The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 33m Assessment Badge

CompTIA Security+: Security Policies, Regulations, Standards, & Frameworks

Whether you're an employee or contractor, this CompTIA Security+ SY0-601 course will have something you can use to improve the organizational security at your workplace. You'll start by examining security topics related to the hiring to release process, such as background checks and investigations, non-disclosure agreements, acceptable use policy, and onboarding and offboarding. You'll move on to explore further personnel policies, including job rotation, mandatory vacations, separation of duties, clean desk space, and social media usage. You'll then recognize some useful security awareness practices, such as phishing simulations, computer-based training, role-based training, and diversity training techniques. Finally, you'll identify various business agreements, account types, regulations, and governance, such as GDPR, PCI DSS, CIS, NIST, and ISO. This course is part of a series that prepares the learner for the CompTIA Security+ (SY0-601) exam.

10 videos | 45m Assessment Badge

CEH v11: Cyber Kill Chain, TTPs, Behaviors & Threat Hunting

If you know how most threat actors and groups attack their targets, you'll be better equipped to defend against those attacks. In this course, you'll explore the seven phases of the Cyber Kill Chain, which aims to guide defenders in their understanding of commonly used attack strategies. Next, you'll learn how tactics, techniques, and procedures can help you better understand the threats your organization faces. You'll move on to examine behavioral patterns typical with today's threat actors and Advanced Persistent Threats. The average time it takes to detect a breach is around 200 days, which is why threat hunting has become a standard security practice. To complete this course, you'll explore threat hunting and its usefulness, as well as the concept of Indicators of compromise. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

4 videos | 1h 5m Assessment Badge

Cyber Security Audits

In this 14-video course, learners will explore cybersecurity auditing concepts and the NIST Cybersecurity Framework, how they can improve infrastructure security, and how to perform cybersecurity assessments. Examine web application auditing and approaches for securing web applications. Key concepts covered here include cybersecurity auditing concepts and how they are used to improve infrastructure security; steps used in performing cybersecurity assessments; and how to examine audit review, analysis, and reporting. Next, learn how to use the Wireshark network security auditing tool; how to use the Nmap perimeter security tool; how to perform web application auditing and secure web application and websites; and how to monitor and audit Windows by using audit policies and Event Viewer. Then learn how to monitor the Linux system by reviewing system logs; learn how to use Tiger security audit and intrusion detection tool; and examine guidelines and standards for defining cybersecurity audit strategies. Finally, learn about available security audit tools and their features and benefits; and learn to use Nessus audit tool to run Nessus security system scans.

14 videos | 1h 39m Assessment Badge

CEH v11: Vulnerability Assessment Types, Models, Tools & Reports

Performing a vulnerability assessment allows you to locate potential weaknesses in systems, networks, and channels of communication. This is a vital step in defending systems against attacks. In this course, you'll learn about the different types of vulnerability assessments. You'll move on to explore various vulnerability assessment models and tools. Finally, you examine important information that should be included in your vulnerability assessment reports. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

3 videos | 56m Assessment Badge

Policy & Governance: Incident Response

Learners can explore the creation, adoption, and use of an IRP (Incident Response Plan) in this 14-video course, which examines the purpose and objectives of an IPR, and how it incorporates the objectives of an organization. You will learn how to draft an IRP, and examine the six stages of incident response: preparation, identification, containment, eradication, recovery, and lessons learned. Next, you will examine several tools that are available for incident response strategies, including Sleuth Kit, Metasploit, Websense, and FireEye Security Orchestrator. You will explore the different types of CSIRTs (Computer Security Incident Response Teams), team roles, their purpose, and the benefits of an outsourced team. This course demonstrates an incident team response with two hypothetical scenarios. You will learn about compliance and regulatory requirements, and will examine the international standard, ISO 27001. You will examine governance policy to direct and control IT security. Finally, you will learn to use governance polices to create incident response policies, and you will learn the elements and best practices for creating a plan.

14 videos | 1h 9m Assessment Badge

CCSP 2022: Cloud Audits, Methodologies, & Contracts

In this final Certified Cloud Security Professional (CCSP) course, the legal, risk and compliance objectives of Domain 6 continue to be explored. Through this course, gain a better understanding of cloud audits, methodologies, and contracts. Begin by exploring audit controls, reports, and their impact. Next, examine the topic of gap analysis and internal information security management systems. Finally, learn about other key concepts, including policies and stakeholder involvement, specialized compliance requirements, the impact of distributed IT, business agreement requirements, vendor management, contract management, and supply-chain management. This is one of a collection of courses that fully prepares the learner for the ISC2 Certified Cloud Security Professional (CCSP) 2022 exam.

10 videos | 26m Assessment Badge

CEH v12: Vulnerability Assessment, Management, and Classification

One of the main job duties of many ethical hackers is performing vulnerability assessments. In this course, you'll explore the basic concepts of vulnerability assessments, as well as tools and resources commonly used when performing one. You'll examine the vulnerability management life cycle and its common activities. Finally, you'll learn about the various vulnerability types you may discover during an assessment. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v12 (312-50) exam.

3 videos | 1h 8m Assessment Badge

CEH v12: Vulnerability Assessment Types, Models, Tools, and Reports

3 videos | 1h 6m Assessment Badge

Pen Testing for Software Development: The Penetration Testing Process

Penetration testing can identify both known and unknown vulnerabilities and help avoid security breaches. In this course, you'll learn the importance of penetration testing, what system hardening is, and the requirements of penetration testing. You'll then examine the differences between penetration testing and vulnerability assessments, as well as the various types, stages, and methods of penetration testing. Next, you'll learn about white box, black box, and gray box penetration testing, and the differences in penetration testing methodologies. You'll see the available tools for performing penetration testing, as well as the types of outputs resulting from penetration testing. Lastly, you'll learn about penetration testing best practices and how to perform a penetration test.

16 videos | 1h 26m Assessment Badge

Pen Testing for Software Development: Penetration Testing SDLC, Team Structure, & Web Services

Penetration testing in the Software Development Life Cycle helps create a safe and secure end product and minimizes financial and legal risk. In this course, you'll learn where penetration testing fits in the SDLC, the differences between pen testing and developer, and the importance of developer contributions to pen testing. You'll then examine the pen testing team structure and the tasks of the pen testing blue, red, and purple teams. Next, you'll explore the importance of pen testing web services and APIs, what is involved in API pen testing, and the available tools for pen testing APIs. Lastly, you'll learn how to perform a pen test on a REST API, as well as how to perform a pen test using Burp Suite.

14 videos | 1h 13m Assessment Badge

CompTIA CASP+: Assessing & Managing Risk

Recognizing threats and managing risk are key to hardening an organization's security posture. In this course, you'll explore how to apply risk management frameworks to assess and mitigate risk, as well as how to identify threat actors and physical risks. Next, you'll learn how to mitigate risks related to human resources and social engineering techniques. You'll then move on to examine how to work with qualitative and quantitative risk analysis. Lastly, you'll learn about insider threats, supply chain dependencies, and sources of threat intelligence. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

15 videos | 1h 25m Assessment Badge

Mitigating Security Risks: Handling Natural Threats

Natural disasters pose serious security threats. Effective planning and management are required to minimize the damage and loss they could cause. In this course, you'll explore various types of natural threats, their impact on assets and data, and what you can do about them. You'll examine what the procedure is for preparing for natural disasters as well as dealing with the aftermath. You'll also learn how to do this with human-made disasters, such as terrorism. You'll finish the course by diving deeper into how to create an effective emergency action plan for natural disaster risk mitigation.

7 videos | 34m Assessment Badge

CompTIA Cybersecurity Analyst+: Data Privacy

Data privacy regulations are at the forefront of protecting PII and PHI on-premises and in the cloud. In this course, you'll examine the meaning of common data privacy standards, including PII, PHI, HIPAA, GDPR, and PCI DSS. Then you'll move on to learn about server and cloud-based data classification and data loss prevention. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) certification exam CS0-002.

12 videos | 45m Assessment Badge

Ethics & Privacy: Digital Forensics

This 12-video course examines the concept of ethics as it relates to digital forensics, including reasonable expectation of privacy, legal authorization, and the primary function of attorney-client privilege and confidentiality. The legalities surrounding digital forensics investigative techniques and standards for analyzing digital evidence are also covered. Begin with a look at the definition of what is considered a reasonable expectation of privacy. You will then learn to differentiate between legal authorization forms such as consent forms and warrants. Next, explore the primary function of attorney-client privilege and confidentiality, and recognize the legalities surrounding digital forensics investigative techniques. Delve into the need for ethics in digital forensics, and the best practices for ethics and forensics. Discover steps for regulating ethical behavior; recognize possible conflicts of interest and how to avoid them; and examine the importance of ongoing training for both investigators and management on the importance of ethics. The final tutorial in this course looks at different standards for analyzing digital evidence.

12 videos | 34m Assessment Badge

SSCP 2021: Fundamental Networking Concepts

Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 50m Assessment Badge

CompTIA Network+: Well-known Ports & Protocols

In terms of computer networks, protocols are used to provide a required set of rules that enable computers to exchange information. Well-known Internet protocols include Transmission Control Protocol/Internet Protocol, User Datagram Protocol/Internet Protocol, File Transfer Protocol, and Hypertext Transfer Protocol. Ports, by comparison, are used to identify a type of network or specific process. Port numbers, ranging from 0 to 65535, are typically divided into three categories - well-known ports, dynamic ports, and registered ports. In this course, you'll learn about the most commonly-known ports in use on a computer network today. These include File Transfer Protocol, Simple Mail Transfer Protocol, Domain Name System, and Hypertext Transfer Protocol. You'll examine how HTTP uses the reserved port 80 and enables computers to send and receive Web client-based communication and messages from a Web server, including web site pages and data. Next, you'll explore other key ports including, port 25, reserved for Simple Mail Transfer Protocol and how SMTP allows e-mail clients and services to send out e-mails. You'll learn how port 100, reserved for Post Office Protocol v3 and port 143, reserved for Internet Message Access Protocol, allow for e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection. Lastly, you'll learn about Secure Sockets Layer and how it can be incorporated into POP3 and IMAP implementations to enable more secure encrypted e-mail communications

23 videos | 2h 39m Assessment Badge

CompTIA Cybersecurity Analyst+: Network Security Concepts

Cybersecurity policies often require detailed network configuration changes and additions. Technicians must be proficient with the configuration and management of various TCP/IP protocols. In this course, I will start by discussing the Open Systems Interconnection (OSI) model, network switching, and network access control. Next, I'll discuss the TCP/IP protocol suite as well as IPv4 and IPv6 addressing. I will then discuss network routing, dynamic host configuration protocol (DHCP), domain name system (DNS) and Wi-Fi authentication methods. Lastly, I will cover virtual private networks (VPNs), IP Security (IPsec) and network time synchronization. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

14 videos | 1h 29m Assessment Badge

CEH v12: Web Application Attacks and Vulnerabilities

Web applications are typically the face of most organizations today. It's how customers interact with an organization's services, which makes for an inviting target for attackers. In this course, you'll examine the details of web applications, including their commonly used technologies, associated risks, and defenses. Next, you'll explore the OWASP Top 10 Web Application Attacks document, one of the best resources for understanding web application security vulnerabilities, and learn how to use common attacks as ethical hackers and protect against them as defenders. Finally, you'll learn about unvalidated redirects and forwards and how they can be used to access protected data. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v12 (312-50) exam.

3 videos | 1h 8m Assessment Badge

CEH v12: IoT Threats, Vulnerabilities, Attack Tools, and Countermeasures

Internet of Things (IoT) devices make our lives convenient and that makes them more prevalent every day. In this course, you'll learn about IoT and its main components, as well as IoT architecture, deployment areas, protocols, communication models, and security challenges. The best way to effectively attack IoT devices is to be familiar with the common threats and vulnerabilities, so next you'll explore these areas. Finally, you'll examine common attacks and hacking tools that you can use to gain access to IoT devices, as well as defensive countermeasures you can employ to protect against those attacks and tools. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v12 (312-50) exam.

3 videos | 1h Assessment Badge

CompTIA Network+: Common Network Attack Types

Network security encompasses best practices and policies that are put in place to help monitor and prevent malicious attacks against both internal and external threats. In this course, learn about various types of attacks and their impact on the network, beginning with denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, VLAN hopping attacks, MAC flooding attacks, and ARP poisoning attacks. Next, explore ARP and DNS spoofing attacks and the characteristics and purposes of DNS poisoning attacks. Finally, discover the threats posed by rogue devices and services, evil twin attacks, on-path attacks, social engineering attacks, and malware attacks. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

1h 8m Assessment Badge

CISM 2022: Network Attack Mitigation

To effectively defend against common network attacks, organizations must truly understand how they are executed. Thereafter, information security managers can implement and manage security controls to address network security control objectives. In this course, explore firewall types, configure the built-in Windows Defender Firewall, and adjust firewall rules on a Linux host. Next, learn how to manage Azure cloud network security groups to control virtual network subnet and interface traffic and how forward and reverse proxy servers can enable inbound and outbound network security. Finally, examine the relevance of intrusion detection placement and prevention configurations and configure the open-source Snort IDS tool to detect suspicious traffic. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 1h 2m Assessment Badge

CompTIA PenTest+: Vulnerability Scanning

Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

14 videos | 1h 30m Assessment Badge

CompTIA Cybersecurity Analyst+: Network Scanning & Traffic Analysis

Discover how vulnerability scanning can detect weaknesses while pen testing exploits weaknesses. Explore these activities along with how intrusion detection and prevention help secure networks, hosts, apps and data for organizations. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002.

13 videos | 1h Assessment Badge

CompTIA PenTest+: Penetration Testing Tools

A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

16 videos | 1h 36m Assessment Badge

CompTIA Network+: Network Troubleshooting Methodologies & Tools

If an incident or outage occurs, network administrators must be able to respond effectively and resolve network problems in a timely fashion. In this course, you'll learn about best practices for identifying a problem, establishing a theory of probable cause, testing theories, formulating a plan of action to resolve a problem, implementing a solution, or escalating the issue. You'll explore how to verify full system functionality and document findings, actions, outcomes, and lessons learned. You'll examine how to troubleshoot common cable connectivity issues and explore network specifications and limitations, cable considerations, and common issues such as attenuation, interference, bad ports, and duplexing issues. Lastly, you'll learn about common cable connectivity tools including cable crimpers, punchdown tools, tone generators, loopback adapters, and cable testers. This course is one of a collection of courses that prepares learners for the N10-008: CompTIA Network+ certification exam.

20 videos | 1h 59m Assessment Badge

Network Survey & Extraction: Network Analysis

Knowing what devices and services are running on a network is an essential part of computer security. Being able to effectively scan a network is the first step in securing it. In this course, you'll learn how to discover and analyze networks through scanning. First, you'll explore common network scanning tools, how to identify network vulnerabilities, and how to perform reverse IP lookup. You'll then move on to learn how to identify services and operating systems, and about scanning techniques such as UDP, stealth, connect, zombie, and ARP scanning.

14 videos | 57m Assessment Badge

FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Journey 541 Vulnerability Assessment Analyst Advanced KSAT Journey

(1)

Journey 672 AI Test & Evaluation Specialist Beginner KSAT Journey

Journey 621 Software Developer KSAT Intermediate NCWF Journey

(1)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills and Salary Report

ESG Impact Report

541 Vulnerability Assessment Analyst Intermediate KSAT Journey

541 Vulnerability Assessment Analyst

COURSES INCLUDED

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

YOU MIGHT ALSO LIKE