Certification Overview
The GDSA certification proves that practitioners can design and implement an effective combination of network-centric and data-centric controls to balance prevention, detection, and response.
Exam Certification Objectives & Outcome Statements
- Cloud-based Security Architecture
The candidate will show an understanding of the concepts involving cloud security, securing on-premise hypervisors, network segmentation, surface reduction, delivery models, and container security.
- Data Discovery, Governance, and Mobility Management
The candidate will demonstrate an understanding of file classification, Data Loss Prevention (DLP), database governance, and Mobile Device Management (MDM).
- Data-Centric Security
The candidate will demonstrate an understanding of the concepts involving data-centric security. Specifically, have an understanding of reverse proxies, web application firewalls, database firewalls, and database activity monitoring.
- Fundamental Layer 3 Defense
The candidate will demonstrate an understanding of the concepts related to securing basic Layer 3 hardware, protocols and services and have an awareness of common attack vectors. In particular, demonstrate a knowledge of CIDR, Layer 3 routing attacks and mitigations, Layer 2/3 benchmark and auditing tools, securing SNMP and NTP protocols, and bogon filtering.
- Fundamental Security Architecture Concepts
The candidate will demonstrate a basic understanding of the concepts of perimeter-focused deficiencies, presumption of compromise, Zero Trust Model, Intrusion Kill Chain, Diamond Model, software-defined networking, micro-segmentation, threat vector analysis and attack surface analysis.
- IPv6
The candidate will demonstrate an understanding of the concepts of IPV6. Specifically, have an understanding of addressing, dual stack systems, tunneling; and IPv6 router advertisement attacks and mitigation.
- Layer 1/Layer 2 Defense
The candidate will demonstrate an understanding of the concepts related to securing Layer 1 and Layer 2 services, applications and protocols and be aware of common vectors for these attacks. Specifically, have an understanding of the structure and deployment of VLANs, CDP, MAC spoofing, ARP cache poisoning, DHCP starvation, VLAN hopping, 802.1X, and NAC.
- Network Defenses
The candidate will demonstrate an understanding of the concepts related to network defense. In particular, show a knowledge of NIDS, NIPS, network security monitoring, sandboxing, encryption, and DDOS protections.
- Network Encryption and Remote Access
The candidate will demonstrate an understanding of secure remote access, dual factor for all remote access VPNs and Jump Boxes.
- Network Proxies and Firewalls
The candidate will demonstrate an understanding of Web proxies, SMTP proxies, and next generation firewalls.
- Zero Trust Endpoints
The candidate will show an understanding of the concepts of securing Zero Trust Endpoints. In particular, demonstrate an understanding of patching via automation, end-user privilege reduction, host hardening, host IDS/IPS; endpoint firewalls, and scaling endpoint log collection.
- Zero Trust Fundamentals
The candidate will demonstrate an understanding of the concepts involving Zero Trust Architecture, credential rotation, and responding to pivoting adversaries and insider threats.
- Zero Trust Networking
The candidate will demonstrate a basic understanding of the concepts of Zero Trust Networking. Specifically, demonstrate an understanding of authenticating and encrypting endpoint traffic, Domain Isolation, Single Packet Authentication, red herring defenses, and proactive defenses to change attacker behaviors.
