Pass ISC SSCP Exam in First Attempt Easily

Preparing for (ISC) Certification Course

1. Course Introduction

Hello and welcome to section one of the course preparing for the ICS quire Certification Course. Now, in this section, we are going to take a look at various points. We are going to learn about the Introduction of course SSCP Exam Overview and set up of Lab. Let's start with the first video course Introduction. Now in this video, we are going to take a look at a couple of points. We are going to learn about the topics we are covering, and I'm going to explain the process. So guys, if we talk about the SSCP and the syllabus of the SSCP, the1z0-821n you can see on the screen that this is the IC Square official website, and it has divided the SSCP domain into seven parts. So domain one is access control. Domain two is security operations and administration. Third is risk identification, monitoring, and analysis. That's how you can identify risk and then analyse the risk inside your network. Then incident response and recovery Then cryptographies available here. network and communications. Security. And finally, systems and application security. These are the seven domains available in Sscpc levers. Now, what we have done in this course is basically divided these seven domains into 15 sections so that you can learn more about these topics and learn clearly about them, right? So we are covering all these domains in 15 sections. All right, so we are covering how you can secure your systems and your network, then about encryption or cryptography, then incident response, planning, or the recovery phase. Then, how can you identify risks, analyse or monitor risk within your network, and administer security operations within your network, as well as access controls? So these are all topics we are covering here in this course. In the next video, we are going to learn about the ICSIRE Exam Overview.

2. (ISC)2 Exam Overview

Hello and welcome to the IC Square Exam Overview. Now in this video, we are going to take a look at a couple of points. We are going to learn about the Icsquare SSCP exam, and I'm going to provide you some details. So guys, this is the opportunity to visit the website icsquare.org, which you can visit and read about the various certifications about ICC Square. So we're learning the premier security administrator certification and becoming an SSCP System Security Certified Practitioner with SSCP. So you can see here that earning a globally recognised advanced security administration and operation certification like the SSCP is a great way to grow your career. So if you want to grow your career, then you can use SSCP certification to better secure your organization's critical assets. Or if you want to secure your organisation or a network, then you could learn SSCP. Then you can learn the syllabus for SSCP. The SSCP certification demonstrates that you have the advanced technical skills and knowledge to implement, monitor, or administer IT infrastructure using security best practices, policies, and procedures. So it means that when you complete the certification, you will have the technical skills to secure your network. You will implement the best security practises in your networks to protect them from attackers. So this is a cybersecurity certification for how you can secure your systems and network, right? So this is the pathway for certification. First, ensure the CCP is right for you. Second, register and prepare for the exam. Third, get certified and become an Icsquare member so you can read more about it on the official website, icsquare.org, and you can check the other certifications also, right? So if you want to become a System Security Certified Practitioner or if you want to secure your network and learn the techniques, then you should complete the SSCP certification from ICSA. So this is all about SSCP. The labels are examined. In this section, we will learn how to install a virtual machine on your system.

3. Virtual Machine

Hello and welcome to the Virtual Machine. Now, in this video, we'll look at a couple of topics that we'll learn about, such as what a virtual machine is and how we can install one inside our main operating system, which I'll cover here. So what you can do here. So, open your main operating system's browser and let's download the virtual machine. I am inside my main operating system; this is a Windows 10 machine, and I'm going to show you how you can download and install VMware Workstation inside your machine. Now you can also try VirtualBox if you want, so what you can do is open the browser of your main operating system—here it is—and let me type in "download VMware Workstation" and hit Enter. So this is the official website vmware.com, and you can right-click and open it if you want; alternative software, VirtualBox, can be downloaded by typing "download VirtualBox" and pressing Enter. Now you can also try Oracle VM VirtualBox, so it depends on you I personally use VMware Workstation, but if you want, you can try VirtualBox. So this is VMware Workstation, and this is VirtualBox. So this is for Windows and OS X, which is basically the Apple OS, and Linux, so this is available for all three kinds of operating systems, and this is VMware Workstation. This is the latest version, VMware Workstation 15 Pro, and you can download the trial version of VMware Workstation. So this is for Windows, and this is for Linux. So as I already have a Windows 10 machine as my main operating system, I'm going to download Workstation 15 Pro for Windows, so you just need to click on "Download Now" and here it is. This is a five and a half MB file, and it is an exe file, so you can click Save File and download it inside your machine so guys.I'm assuming that you have downloaded VMware Workstation, so you can see here I already have the VMware Workstation 15 version, right? And now you just need to run it, and you can install it inside your main operating system, so you can double-click here It's going to start the installation procedure inside your machine, and here it is, so you can see here That now is preparing VMware Workstation for installation. You just need to follow the steps and you can use the trial version of VMware Workstation. If you want to purchase it, you can purchase it and provide the product key. Otherwise, you can skip this step and use the trial version for the next 30 days, right? So these are the simple ways to install the virtual machine inside your system I already have a virtual machine I'm just showing you how you guys can install it. Now you can see here that it is preparing for the installation, and you can see here that please wait while the setup wizard prepares to guide you through the installation's computing space requirements. So it's now processing and will give you the option to install VMware Workstation on your machine. So I'm assuming that you have successfully installed VMware Workstation. Now let me show you what it looks like because I already have that. So this is VMware Workstation Pro. Let me double-click here, and let me open it inside my machine. Here it is. So this is VMware Workstation because I already have machines inside it. However, if you are installing this for the first time on your machine, you will not see any machines on the left hand side. So you can create various virtual machines inside VMware Workstation. You can click on File, click Virtual Machine, and then you can create a new virtual machine like a Windows machine, a Linux machine, a Kali Linux machine, any server, et cetera. So this is all about the installation of a virtual machine inside your main operating system. In the next video, we are going to learn about how you can set up a lab inside your machine.

4. Lab Setup

Hello and welcome to the final video of section one's lap setup. Now in this video, we are going to take a look at a couple of points. We are going to learn about the lab setupwe require and I'm going to install the operatingsystem systems inside VMware Workstation and I'm using WindowsTen machine as my main operating system. So let's fire up the browser. So guys, I'm inside my Windows Ten machine, and I've started the browser here. So we need two machines for the lab. One is a Windows-ten machine. Second is the Kali Linux machine. So Windows 10 will work as a victim machine and Kali Linux as an attacker machine. So first of all, let's download a Kali Linux machine. So you can type here "download Kali Linux" and hit Enter. And this is a download link from the official Kali.org website Kali.org.So you can click here and open it. And you can see that these are new Kali Linux images. now that we are using VMware workstations. So come down, and you can see here that this is for VMware images. So Kali Linux 64-bit VMware images Let me click on this download page and open it. Here it is; let me come down, and here you can see that these are VMware images and these are VirtualBox images. So if you are using VirtualBox, then you can try these. If you are using VMware Workstation, then you can try these. As you can see, Kali LinuxVMware 64 bit is approximately 2.5 GB in file 2019.1. You can click on torrent and youcan download this torrent file, right? So I already have this file, and with the help of applications like muteorrent, you can convert this torrent file into a zip file, right? So that's how you can download Kali Linux on your system, right? So I hope that you are going to download it. Next is how to download Windows 10 on a machine. So to download Windows 10 on your machine, you can type here, download Windows, and hit Enter. And you need to download the WindowsTen ISO file from the Microsoft website. So click here and open it here. There is no direct link to download Windows 10 ISO, so what you need to do here is basically there is no direct link. But what you need to do here is to download a tool from the Microsoft website. This is the tool you want to use, and you should download it to your computer. And with the help of this tool, you can download Windows Ten. What you need to do here, you need to downloadthis tool, then you need to run this tool insideyour Windows machine and this tool is going to provideyou options to download Windows Ten ISO. Right? I hope you have learned so guys,I hope you have learned the process. So you can download Windows 10 and Kali Linux inside your main operating system, and then you can install them inside VMware Workstation. So basically, if I show you, then you can see that this is a Windows 10 ISO file, right? And this is Kali Linux, so you can download the torrent file there, and with the help of the Mute Orient application you can convert it, right? After that, it will look like this: you can unzip it by right-clicking here, and then you can extract files so it will look like this: this is the folder of Kali Linux; you can double-click here, and these are the files available inside it, right? So what you need to do here to install it youjust need to run it There is no process of installation, so you can select the fourth file, which is VMware virtual machine configuration, and you just need to double-click here, and it will automatically open inside Kali Linux. So you can see here that this is a Kali Linux machine, right? And then you can resume it or power it on, so that's how you can run Kelly Linux. Now, for Windows, you simply need to click on File, then Virtual Machine, then Next, then select the Windows ISO file, so this is the Windows ISO file, and click Open. Click Next. Type the name of the machine here: Ten To open Virtual Desk as a single file, click Next Store. hit Next, and then you can click Finish, and then you just need to follow the instructions, and that's how you can install Windows 10 in Kali Linux. You don't need any installation; you just need to double-click on that configuration file, and it will open up inside your VMware Workstation. So that's how you download and install these operating systems inside VMware Workstation, and this is how our lab is configured. If we talk about the section summary, then in this section we have learned about the introduction of the course, the SSCP exam, and then we have installed VMware Workstation inside our main operating system. Finally, we have learned how to download and install the operating systems inside VMware Workstation. So this is all about the section summary. In the next section we are going to learn about access controls, part one.

Hide

Access Controls: Part 1

1. Section Objectives

Hello and welcome to Section 2 of the Access Controls Part 1 course. Now in this section, we are going to take a look at various moments. We are going to learn about what access control is and the basics of access control. Let's start with the first video's objectives. Now in this video, we are going to take a look at a couple of points. We are going to learn about the objectives of this section, and I'm going to explain the points. So now let's talk about the objectives of this section, or what we are going to learn here in this section. So first of all, we will learn about the authentication factors available inside organizations. We will also learn about the trust relationships between organisations and their users. Then we will learn about subject-based and object-based access control. We will also learn about Mac and DAC, then role-based and attribute-based access control, and finally the access control management lifecycle. So these are the objectives of this section. In the next video, we are going to learn about AAA and authentication factors.

2. AAA and Authentication Factors

Hello and welcome to AAA and authentication factors. In this video, we are going to take a look at a couple of points we are going to learn about. First of all, what is triple AA? I'm going to explain the process. So first of all, let's talk about what AAA is. So if we talk about AAA, the full form of AAA is authentication, authorization, and accounting. So how is a user going to authenticate if he wants to access any application? So that is a Triple-A process. It is a term for the framework, which controls access to network resources. So it is a term, it is a process, and it controls the access to network resources. Network resources mean basically any processor, any application, and any server. So if a user wants to access that server, then Triple A controls the access and checks if the user is able to access those resources or not, correct? So how it looks like for example, this is auser and user wants to access an application inside network. And so this is the first level of authentication that the user has to provide, which is the username and password, which is the identity of the user, and based on that identity, AAA is going to provide the access, right? So first of all, the user has to type the username, then he has to type the password, and after the proper authentication, Triple A is going to provide access to resources. So this is the overall work of AAA's inside network. In the next video, we are going to learn about trust relations and architecture. Bye.

3. Trust Relations and Architecture

Hello and welcome to the Trust Relations and Architecture page. Now in this video we are going totake a look at a couple of points. First of all, we will learn about "trust relations" in architecture, and I'm going to explain the process. So let's talk about trust relations and architecture. So what is trust and why is it useful? First, trust is based on previous transactions. It is true. So if you have connected with a user or are communicating with the user, trust is a very important thing, and it is based on your previous experience. It is based on yourprevious transactions with that user. If users are unknown, assign a default value. So if you are communicating with a new user,so you have no idea about the trust value. So you can assign a default trust value. Right? What is the process of architecture? So this is a basic process. That's how you are going to provide permissions to those users. So, first and foremost, we have users, a user list, trust levels of those users based on previous transactions or experiences, and then we assign them roles, correct? And then, based on the trust levels and roles, you can provide them permission to access the resources and network. All right? So this is completely based on your previous experience or transactions with those users. You need to create trust levels for different users, then assign them the rules, and then you can provide them permissions to access your applications or your network. That's why it is very important to develop trust. And this is all about trust relationships and architecture. In the next video, we are going to learn about subject-based versus object-based.

4. Subject-Based versus Object-Based

Hello and welcome to subject-based vs. object-based. Now in this video, we are going to take a look at a couple of points. First, we are going to learn what subject-based access is, and then we will learn about object-based access. So first of all, let's talk about what subject-based access is. So the first point is that it is based on authorization policy. It means it is based on system policy or company policy. It is based on subjects associated with that user. So if user wants to access any resourceinside network so it depends on the subjectsor the roles associated with that user. So it looks like this. So if a user wants to access any resource, first of all, it depends on the subjects that are associated with the user and then the policy of the system. So if policy accepts then heis able to access the resources. If policy prohibits access, that person will be unable to use those resources. So it totally depends on the policy of the system. Now let's talk about object-based access. So what is it? It is a method by which an entity is granted or denied access, right? So basically, it totally depends on the permissions. It does not depend on any policy. That's why it is object-based access. What are the entities? Entities are like user application systems: what system the user is trying to access, what application users are trying to access, and which user is accessing those resources So it totally depends on these entities. So it totally depends on the permissions. If the user has permissions, then he will be able to access those resources. If user doesn't have any permission hewon't be able to access those resources. So there is no policy like subject-based access. So this is the basic difference between subject-based access and object-based access. In the next video, we are going to learn about Mac versus Deck.

5. MAC versus DAC

Hello and welcome to Mac versus TAC. Now, in this video, we are going to take a look at a couple of points. First of all, we will learn about what is Mac, and then we will learn about what is TAC. So first of all, let's talk about Mac. So this is mandatory access control. This is a full form of Mac. Now, how does it work? It works as follows: Basically, if you see a user on the left side and that user wants to connect to a server in the middle, However, there is a security label in Mac. So it categorised the users into different groups. Different groups are provided security labels. And based on those security labels, users can access those resources. For example, if there is a finance department, the finance department can only access information about finance on the server, right? So a security label is there for various departments and organizations, and they can access according to their label. This is Mac-mandatory access control. Now, if we talk about DAC, DAC is discretionary access control. Now, what is the difference between Mac and DAC? It's very easy. So again, if a user wants to access any server, there is an ACL list that, according to that list, the user can access; the user has permissions, and it is not divided into various groups. It has not provided any security labels. So this is about individual users. If user has permissions, userwill access the resources. Users cannot gain access if they do not have the necessary permissions. All right, so this is the basic difference between Mac and DAC: Mac has security labels, but DAC has a list of users, which is based on various permissions. So this is Mac and DAC. In the next video, we are going to learn about role-based and attribute-based access.

6. Role–Based and Attribute–Based

Hello and welcome to role-based and attribute-based. Now in this video, we are going to take a look at a couple of points. First of all, we will learn about what role-based access is, and we will also learn about attribute-based access. So first of all, let's talk about role-based access control, which is RBAC. So it is based on employee roles. In organizations, it depends on the role of the employee. So it depends on the various departments. Every employee is assigned a role, and every role has permissions. That's true. For example, if a person is in the finance department and another person is in the IT department, they have different roles, and according to their roles, they have different permissions to access the resources. So that is RBAC, role-based access control. It looks like this is basically a user who has its own rules and, based on those roles, can access the resources. All right? So for example, IT guys can access more resources than finance guys. So it totally depends on the roles of the user or employee. That is RBAC. role-based access control. Now there is another one, which is attribute-based access control ABAC is the set of attributes for any element in an organization. So, for any element in an organization, they have a set of attributes. Policy defines the combination of user and attribute. So now there is a policy. In rule-based systems, there is no policy; it totally depends on the roles of the users. But in the attribute base there is a policy, and based on that policy, users can access the resources. So it looks like this: The user has its attributes, and the user wants to access any resources. So the policy of the organisation is going to decide if that person or user can access the resources or not. All right, so it totally depends on the policy. But in role-based access, there is no policy; it totally depends on the roles of the users. So this is both role-based access control and attribute-based access control. Now in the next video we are going tolearn about management lifecycle of access Control you.

7. Management Lifecycle

Hello, and welcome to the management lifecycle. In this video, we are going to take a look at a couple of points. We are going to learn about the management lifecycle of access control, and I'm going to explain the components of the life cycle. So first of all, let's talk about the management lifecycle of access control and what it is. So it is a process to provide the right resources for individuals. That's true. So it is a complete process. And what is the fruit of this process? The work is to provide the right resources to assist individuals. What is the meaning of this line? The meaning is very simple: if I'm from the IT department of my organization, I will get information about the IT resources. If I'm from the finance department, I will get information about finance rights. So righteous individuals will get the right resources. Now what is the process, or what is the management lifecycle of access control? So it looks like this: these are the five steps or five components in the management lifecycle: provision, enforce, report, audit, review, certify, and reconcile. These are the five steps. So first of all, it starts with provision. Provision means to connect with new accounts, start new accounts, and start new mail inside your organization. So that is a provision. The second is enforcement. As a result, enforce the rules and policies in the organization. Third is reporting an audit. You need to audit your policies. You need to audit whether users are able to access the resources or not. So you need to audit your network properly, review, and certify. So you have to review the policies or permissions inside your system or organisation that are under review, processed, and finally reconciled. So if there is any problem, then you need to connect the users with the right permissions. So these are the five steps. And after the five steps, if policy allows users to access the resources, the user will request it and the organisation will approve it. So that's how user will be able toaccess the right resources in your organization. So this is the management lifecycle of access control. So let's talk first about all the topics that we have covered in this section or what we have learned in this section. First of all, we have learned about AAA, which is authentication, authorization, and accounting. We have seen how users can authenticate and how they can access resources and organizations. We have also learned about the trust relations and architecture of organizations. Then access control methods: what are the various access control methods available, like object-based access control, subject-based access control, role-based access control, and attribute-based access control? We have already covered it. And finally management lifecycle of access control. So these topics we have covered in this section, if I talk about the overall summary of this section, then in this section we have learned about the various methods of access control and resource allocation to users. So this is all about sections. In the next section, we are going to learn about access controls. Part two.

Hide