Use this quick start guide to collect all the information about CIW Web Security Associate (1D0-671) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 1D0-671 CIW Web Security Associate exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual CIW Web Security Associate certification exam.
The CIW Web Security Associate certification is mainly targeted to those candidates who want to build their career in Web Security domain. The CIW Web Security Associate exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CIW Web Security Associate.
CIW Web Security Associate Exam Summary:
| Exam Name | CIW Web Security Associate |
| Exam Code | 1D0-671 |
| Exam Price | $175 (USD) |
| Duration | 90 mins |
| Number of Questions | 55 |
| Passing Score | 69.09% |
| Schedule Exam | |
| Sample Questions | CIW Web Security Associate Sample Questions |
| Practice Exam | CIW 1D0-671 Certification Practice Exam |
CIW 1D0-671 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Web Security Associate |
|
| Define the significance of network security, and identify various elements of an effective security policy, including risk factors, security-related organizations, key resources to secure, general security threat types, access control. |
- Define security. - Identify the importance of network security, including the CIA triad (Confidentiality, Integrity, and Availability). - Identify the three types of data, at rest, in transit, and in use. - Identify potential risk factors for data security, including improper authentication. - Define Risk management, mitigation, and incident response. - Identify security-related organizations, warning services, and certifications. - Identify key resources that need specialized security measures. - Identify the general types of security threat/attacker. - Identify the tradeoffs made when choosing to increase security posture, decrease cost, or improve performance. - Define the significance of a security policy and necessary sub-policies including AUP, NDA, BYOD policies. - Identify and develop basic components of an effective security policy. - Identify the key user authentication methods. - Define the significance of access control methods. - Define the functions of access control lists (ACLs) and execution control lists (ECLs). - Identify the benefits and proper implementation of a Defense in Depth strategy. - Define the security objectives of Confidentiality, Integrity, and Availability. - Define Operating System and network device hardening. |
| Define encryption and the encryption methods used in internetworking. |
- Identify the three main encryption methods used in internetworking. - Define symmetric (private-key) encryption. - Define asymmetric (public-key) encryption, including distribution schemes, Public Key Infrastructure (PKI). - Define one-way hash encryption. - Identify the importance of auditing. - Select security equipment and software based on ease of use. - Identify security factors related to transmission of unencrypted data across the network. - Identify the function of parallel processing in relation to cryptography. - Identify the significance of encryption in enterprise networks. - Identify the impact of encryption protocols and procedures on system performance. - Create a trust relationship using public-key cryptography. - Identify specific forms of symmetric, asymmetric and hash encryption, including Advanced Encryption Standard (AES). - Define a certification authority (CA) and its role related to trust between systems. - Identify certification authorities that offer certificates at no cost to domain owners. |
|
Use universal guidelines and principles of effective network security to create effective specific solutions.
|
- Identify the universal guidelines and principles of effective network security. - Define amortization and chargeback issues related to network security architectures. - Use universal guidelines to create effective specific solutions. - Identify potential threats at different layers of the TCP/IP stack. - Consistently apply security principles. - Identify ways to protect operating systems, routers and equipment against physical attacks. - Secure TCP/IP services, including HTTP, HTTPS, FTP, SFTP, DNS, DHCP, SNMP, LDAP, Kerberos. - Identify the significance of testing and evaluating systems and services, in conjunction with change management. - Identify network security management applications, including network scanners, operating system, add-ons, log analysis tools. - Define the nine types of security assessments and identify the strengths and weaknesses of each. - Use of Full/Whole Disk Encryption along with data retention and destruction policies. - Identify Trusted Platform Modules and Microsoft BitLocker. - Demonstrate data and drive sanitizing. - Identify virtualization and cloud computing fundamental concepts, implementation, and security strategies. |
| Apply security principles and identify security attacks. |
- Deploy Pretty Good Privacy (PGP)/Gnu Privacy Guard (GPG) in Windows and Linux/UNIX systems. - Define IPSec concepts. - Identify specific types of security attacks. - Identify Password attacks including Dictionary, Brute Force, Rainbow Tables, Pass the Hash, and Birthday Attacks. - Implementing password storage techniques to include PBKDF2, Bcrypt, salting, and key stretching. - Identify routing issues and security. - Determine the causes and results of a denial-of-service (DOS) attack and Distributed Denial of Service (DDoS). - Recognize attack incidents. - Distinguish between illicit servers and trojans. - Deploy a web server configured to use TLS encryption. |
|
Identify firewall types and define common firewall terminology.
|
- Define the purpose and function of various firewall types. - Define the role a firewall plays in a company’s security policy. - Define common firewall terms. - Identify packet filters and their features. - Identify circuit-level gateways and their features. - Identify application-level gateways and their features. - Identify features of a packet-filtering firewall, including rules, stateful multi-layer inspection. - Identify fundamental features of a proxy-based firewall (e.g.; service redirection, service passing, gateway daemons), and implement proxy-level firewall security. - Define the importance of proxy caching related to performance. - Identify how firewall practices apply to Virtual LANs (VLANs). |
|
Plan a firewall system that incorporates multiple levels of protection, including firewall system design, proactive detection, setting traps, security breach response, security alerting organizations.
|
- Implement a packet-filtering firewall. - Customize your network to manage cyber-attacks activity. - Implement proactive detection. - Distract Cyber-attackers and contain their activity. - Deploy tripwires and other traps on a network host. - Respond appropriately to a security breach. - Identify security organizations that can help in case of system attack. - Subscribe to respected security alerting organizations. - Identify appropriate authorities to contact regarding data theft and other attacks. |
To ensure success in CIW Web Security Associate certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for CIW Web Security Associate (1D0-671) exam.