GIAC Defensible Security Architect Certification (GDSA)

Exam Certification Objectives & Outcome Statements

• Cloud-based Security ArchitectureThe candidate will show an understanding of the concepts involving cloud security, securing on-premise hypervisors, network segmentation, surface reduction, delivery models, and container security.
• Data Discovery, Governance, and Mobility ManagementThe candidate will demonstrate an understanding of file classification, Data Loss Prevention (DLP), database governance, and Mobile Device Management (MDM).
• Data-Centric SecurityThe candidate will demonstrate an understanding of the concepts involving data-centric security. Specifically, have an understanding of reverse proxies, web application firewalls, database firewalls, and database activity monitoring.
• Fundamental Layer 3 DefenseThe candidate will demonstrate an understanding of the concepts related to securing basic Layer 3 hardware, protocols and services and have an awareness of common attack vectors. In particular, demonstrate a knowledge of CIDR, Layer 3 routing attacks and mitigations, Layer 2/3 benchmark and auditing tools, securing SNMP and NTP protocols, and bogon filtering.
• Fundamental Security Architecture ConceptsThe candidate will demonstrate a basic understanding of the concepts of perimeter-focused deficiencies, presumption of compromise, Zero Trust Model, Intrusion Kill Chain, Diamond Model, software-defined networking, micro-segmentation, threat vector analysis and attack surface analysis.
• IPv6The candidate will demonstrate an understanding of the concepts of IPV6. Specifically,have an understanding of addressing, dual stack systems, tunneling; and IPv6 router advertisement attacks and mitigation.
• Layer 1/Layer 2 DefenseThe candidate will demonstrate an understanding of the concepts related to securing Layer 1 and Layer 2 services, applications and protocols and be aware of common vectors for these attacks. Specifically,have an understanding of the structure and deployment of VLANs, CDP, MAC spoofing, ARP cache poisoning, DHCP starvation, VLAN hopping, 802.1X, and NAC.
• Network DefensesThe candidate will demonstrate an understanding of the concepts related to network defense. In particular, show a knowledge of NIDS, NIPS, network security monitoring, sandboxing, encryption, and DDOS protections.
• Network Encryption and Remote AccessThe candidate will demonstrate an understanding of secure remote access, dual factor for all remote access VPNs and Jump Boxes.
• Network Proxies and FirewallsThe candidate will demonstrate an understanding of Web proxies,SMTP proxies, and next generation firewalls.
• Zero Trust EndpointsThe candidate will show an understanding of the concepts of securing Zero Trust Endpoints. In particular, demonstrate an understanding of patching via automation, end-user privilege reduction, host hardening, host IDS/IPS; endpoint firewalls, and scaling endpoint log collection.
• Zero Trust FundamentalsThe candidate will demonstrate an understanding of the concepts involving Zero Trust Architecture, credential rotation, and responding to pivoting adversaries and insider threats.
• Zero Trust NetworkingThe candidate will demonstrate a basic understanding of the concepts of Zero Trust Networking. Specifically, demonstrate an understanding of authenticating and encrypting endpoint traffic, Domain Isolation, Single Packet Authentication, red herring defenses, and proactive defenses to change attacker behaviors.