Here are some technical areas that I have been asked to explain in detail.
- Understand what Defense-in-depth is.
- Be prepared to design a network that contains the must haves to adequately protect a corporate network.
- Understand what attacks can occur at each TCP/IP layer; and how to mitigate.
- Know what the most common IP ports are and the common attacks associated with them; and how to mitigate.
- Understand all the types of encryption available to protect data in transit and at rest.
- Understand how to protect Desktops and Servers from unauthorized access and attacks.
- Understand how security roles and permissions operate in a Windows domain, and how security flows from domain controllers to desktops.
- Understand the aspects of providing Physical Security to protect against unauthorized access and harm for People, Processes, Technology and Administratively.
- Understand what IDS, Firewalls, IPS, and router access control lists are.
- Be prepared to explain how you stay abreast of emerging threats to Internet and network security.
- Become familiar with the security guidelines and publications on www.nist.org