Unit 5 Learning Objectives
UNIT 5: Securing Applications and Data
- Topic 5.1: Application and Data Vulnerabilities and Attacks
- 5.1.A: Explain how adversaries can exploit application and file vulnerabilities to cause loss, damage, disruption, or destruction.
- 5.1.B: Explain how application attacks exploit vulnerabilities.
- 5.1.C: Assess and document risks from application and data vulnerabilities.
- Topic 5.2: Protecting Applications and Data: Managerial Controls and Access Controls
- 5.2.A: Explain how the state or classification of data impacts the type and degree of security applied to that data.
- 5.2.B: Identify managerial controls related to application and data security.
- 5.2.C: Determine an appropriate access control model to protect applications and data.
- 5.2.D: Configure access control settings on a Linux-based system.
- Topic 5.3: Protecting Stored Data with Cryptography
- 5.3.A: Explain how encryption can be used to protect files.
- 5.3.B: Apply symmetric encryption algorithms to encrypt and decrypt data.
- Topic 5.4: Asymmetric Cryptography
- 5.4.A: Determine the appropriate asymmetric key to use when sending or receiving encrypted data.
- 5.4.B: Explain why the length of a key impacts the security of encrypted data.
- 5.4.C: Apply asymmetric encryption algorithms to encrypt and decrypt data.
- Topic 5.5: Protecting Applications
- 5.5.A: Identify the application security principles of secure by design and security by default.
- 5.5.B: Explain how user input sanitization protects applications.
- Topic 5.6: Detecting Attacks on Data and Applications
- 5.6.A: Explain how to detect attacks on data.
- 5.6.B: Determine controls for detecting attacks against applications or data.
- 5.6.C: Evaluate the impact of a method for detecting attacks against an application or data.
- 5.6.D: Identify whether a file has been altered by verifying its hash.
- 5.6.E: Apply detection techniques to identify and report indicators of application attacks by analyzing log files.