SCAP & Benchmark Auditor
Audit real-world system configurations against CIS Benchmarks. You’ll review configuration dumps from Linux and Windows servers, flag non-compliant settings, and select the correct remediation for each finding. The lab also covers core SCAP components — XCCDF, OVAL, and CCE — that the exam expects you to recognize.
What You’ll Practice
- Identifying non-compliant system configurations against CIS Benchmark standards
- Mapping configuration findings to specific CIS control IDs
- Selecting correct remediation commands for hardening Linux and Windows systems
- Recognizing SCAP framework components (XCCDF, OVAL, CCE) and their roles
How the Exam Tests This
Objective 4.4 (Security Alerting and Monitoring) covers tools and frameworks used to assess and maintain security posture. The exam expects you to understand how SCAP automates compliance checks, what CIS Benchmarks prescribe for common OS configurations, and the difference between XCCDF (checklist structure), OVAL (system test definitions), and CCE (configuration enumeration). Questions may present a system configuration and ask whether it meets a hardening standard, or ask you to identify which SCAP component handles a specific function.
Scoring
- Compliance Detection — accuracy of flagging settings as compliant vs. non-compliant
- Remediation Selection — correct remediation chosen for each non-compliant finding
- SCAP Concepts — accuracy on XCCDF, OVAL, and CCE knowledge questions
- Final score is a weighted composite of all three categories
You'll audit system configurations from two servers — one Linux, one Windows — against CIS Benchmark standards. For each setting, determine if it's compliant or non-compliant. For non-compliant settings, select the correct remediation.
After the audit, answer questions about the SCAP framework components that make automated benchmarking possible.