In this section, readers will learn how a single machine can be compromised and how to investigate it. In this section, which comprises 15% of the 210-255 exam, readers will learn how to categorize and communicate threats and vulnerabilities, understand how and why different vulnerabilities can affect different operating systems more or less severely, and explain the principles of computer forensics, evidence handling, and how to use that information.
This section builds heavily on prior knowledge, particularly from the 210-250 (SECFNDS) course, but will underpin the actions of cyber security operators as they carry out routine tasks, as well as responsive tasks. Evidence may be required from before the threat is identified.
The following chapters are included in this section: