WOLF//SEC
← Dashboard
DOMAIN 4.0 28% of exam

Security Operations

The heaviest domain — nearly a third of the exam. Nine objectives spanning system hardening and secure baselines, hardware/software/data asset management, vulnerability management lifecycle, security monitoring and alerting (SIEM, SOAR, EDR/XDR), identity and access management (federation, MFA, access control models, PAM), enterprise security enhancement (firewalls, IDS/IPS, email security, DLP, NAC), automation and orchestration, incident response (preparation through lessons learned), and forensic data sources.

Four of the nine objectives are “Given a scenario” (PBQ-likely): 4.1 (security techniques), 4.5 (IAM), 4.6 (enterprise capabilities), and 4.9 (investigation data sources). This is where the most study time goes and where the most labs are built.

Touches every offensive discipline: hardening as friction multiplication, packet analysis and TLS fingerprinting for monitoring, incident response under an assume-breach model, understanding attacker automation to build better detection, and purple team feedback loops between offense and defense.

OBJECTIVES

4.1 Apply common security techniques to computing resources
PBQ
4.2 Explain the security implications of proper hardware, software, and data asset management
explain
4.3 Explain various activities associated with vulnerability management
explain
4.4 Explain security alerting and monitoring concepts and tools
explain
4.5 Implement and maintain identity and access management
PBQ
4.6 Modify enterprise capabilities to enhance security
PBQ
4.7 Explain the importance of automation and orchestration related to secure operations
explain
4.8 Explain appropriate incident response activities
explain
4.9 Use data sources to support an investigation
PBQ

LABS

LAB 4.1-A T2: Worker-Backed

System Hardening Checklist

Obj 4.1 · intermediate · ~20min PLANNED
LAB 4.9-B T2: Worker-Backed

Packet Capture Forensics

Obj 4.9 · intermediate · ~20min PLANNED