1.0 Network Security 网络安全

网络设备和其他设备上实施安全配『置参数（Implement security configuration parameters on network devices and other technologies. ）

给定一个场●景，应用安全网络管理原则（given a scenario,use secure network a dministration principles. ）

解释网络设计的元↘素和组件。（Explaain network design elements and components. ）

给定一个场景，实施通用的协议和服务（Given a scenario, implement common protocols and services. ）

给定一个场景，对无线组网中的安全问题进行故障排（Given a scenario,troubleshoot security issues related to wireless networking. ）

2.0 Compliance and Operational Security 合规与运维安全

解释风险相关概念的重要性（Explain the importance of risk related concepts.）

总结与第三方集成系统与数据的安全含义（Summarize the security implications of integrating systems and data with third parties.）

给定一个场景，实施正确的风险降低策略（Given a scenario,implement appropriate risk mitigation strategies.）

给定一个场景，实施基本的取证程序（Given a scenario,implement basic forensic procedures.）

总结通用的事件响应程序（Summarize common incident response procedures.）

解释安全相关意识和培训的重要性（Explain the importance of security related awareness and training.）

总结风险管理的最佳实践（Summarize risk management best practices.）

给定一个场景，选择合适的控制来满足安全目标（Given a scenario,select the appropriate control to meet the goals of security.）

解释※各种恶意软件（Explain types of malware.）

总结不同类型的攻击（Summarize various types of attacks.）

总结社会工程攻击和相关每个攻击的有效性（Summarize social engineering attacks and the associated effectiveness with each attack. ）

解释无线攻击的类〓型（Explain types of wireless attacks.）

3.0 Threats and Vulnerabilities 威胁与漏洞

解释各种恶意软件（Explain types of malware.）

总结不同类型的攻击（Summarize various types of attacks.）

总结社会工程攻击和相关每个攻击的有效性（Summarize social engineering attacks and the associated effectiveness with each attack. ）

解释↘无线攻击的类型（Explain types of wireless attacks.）

解释应用攻击的类型（Explain types of application attacks.）

Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

Given a scenario,use appropriate tools and techniques to discover security threats and vulnerabilities.

（解释如何正确使用渗透测试与漏洞扫描）Explain the proper use of penetration testing versus vulnerability scanning.

4.0 Application,Data and Host Security 应用、数据和主机安全

解释应用安全控制盒技术的重要性（Explain the importance of application security controls and techniques.）

总结移动安全的概念与技术（Summarize mobile security concepts and technologies. .）

给定一个场景，选择合适的方案来建立主机安全（Given a scenario,select the appropriate solution to establish host security. ）

实施合适的控制来保障数据安全（Implement the appropriate controls to ensure data security.）

Compare and contrast alternative methods to mitigate secuity risks in static environments.

5.0 Access Control and Identity Management 访问控制与身份管理

比较和对比认证服务的功能和目标（Compare and contrast the function and purpose of authentication services. ）

Given a scenario,select the appropriate authentication,authorization or access control.

Install and configure security controls when pertorming account management,based on best practices.

6.0 Cryptgraphy 密码学

给定一个场景，使用通用密码学概念（Given a scenario,utilize general cryptography concepts.）

给定一个场景，使用合适的密码学方法（Given a scenario,use appropriate cryptographic methods. ）

Given a scenario,use appropriate PKI,certificate management and associated components.