Modify enterprise capabilities to enhance security

Firewalls (rules, ACLs, ports, protocols), IDS/IPS (trends, signatures), web filtering, OS security (GPO, SELinux, patching), secure protocols, DNS filtering, email security (DMARC, DKIM, SPF), file integrity monitoring, DLP, NAC, and EDR/XDR.

Exam approach: “Given a scenario” — expect to configure or tune enterprise security controls. Writing firewall rules, tuning IDS signatures to reduce false positives, configuring email authentication stack (SPF + DKIM + DMARC), and setting up DLP policies.

Offensive context: IDS signature tuning hits different when you understand JA3/JA4 TLS fingerprinting as a detection technique — and when you know how attackers reformulate payloads (re-encoding, chunking, case alternation) to bypass signatures. Writing resilient detection rules requires thinking like the attacker trying to break them. DLP makes more sense when you understand how data actually gets exfiltrated.