Python Institute Entry-Level Security Specialist with Python (PCES-30-01) Exam Syllabus

• Evaluate trade-offs between strong Security and system Usability in real-world scenarios.
• Explain how Authenticity and Accountability extend the CIA model.
• Explain the concepts of Authenticity and Accountability.
• Provide examples of accountability measures and authenticity in action.

• Define threat and risk in the context of IT security
• Differentiate between malware types (viruses, worms, trojans, ransomware, spyware), phishing/social engineering techniques, and DoS/DDoS attacks.
• Explain the typical motivations behind threat actors (financial gain, disruption, espionage).

- Describe basic protection measures against malicious software and attacks

• Explain the importance of encryption for stored and transmitted data.
• Relate specific protections to corresponding threats (e.g., antivirus to malware, MFA to phishing).
• Explain the role of regular backups in minimizing damage.
• Describe how layered defenses improve resilience against attacks.

• Define critical information in different contexts (e.g., medical records, customer databases, business contracts).
• Describe financial losses from lost data, such as direct revenue loss, legal costs, and recovery expenses.
• Explain operational impacts, including downtime, service disruption, and reduced productivity.
• Provide examples from healthcare (patient safety risks, incorrect treatments, compliance fines under HIPAA/GDPR), finance (unauthorized transactions, fraud, regulatory sanctions), and personal data contexts (identity theft, fraud, emotional distress).

- Describe the security and reputational consequences of data theft

• Explain how stolen intellectual property can benefit competitors or criminals.
• Describe risks from the exposure of personally identifiable information (PII).
• Discuss reputational harm, including loss of customer confidence and media scrutiny.

- Describe the consequences of manipulated or altered data

• Define data manipulation and distinguish between intentional (malicious) and accidental causes.
• Explain operational consequences, such as incorrect decision-making based on false data.
• Identify safety risks in critical systems (e.g., incorrect GPS coordinates in aviation, wrong dosage in pharmacy systems).
• Discuss the reputational impacts that occur when customers discover incorrect information was used.
• Provide examples from industries such as logistics, manufacturing, and emergency services.

• Explain lost sales and revenue during outages, especially in peak sales periods.
• Describe indirect impacts such as abandoned shopping carts, reduced future purchases, and missed opportunities.
• Discuss costs of emergency fixes, service credits, and refunds to customers.
• Explain delays in critical services (e.g., patient care in healthcare) and the potential for life-threatening situations.
• Describe risks to data availability during emergencies, including medical records and transaction histories.
• Identify compliance and regulatory issues when systems cannot provide timely access to required data.
• Explain how service outages can reduce customer trust and damage brand reputation

• Identify common data protection laws and regulations (e.g., GDPR, CCPA, HIPAA) and their scope.
• Describe reporting obligations and timelines following a data breach or unauthorized disclosure.
• Outline potential fines, sanctions, and loss of operating licenses for non-compliance.
• Explain possible civil liabilities, such as lawsuits from affected individuals or organizations.
• Discuss criminal penalties for severe or intentional violations.
• Define trade secrets and distinguish them from other forms of confidential information.
• Explain the role of non-disclosure agreements (NDAs) and contractual clauses in protecting sensitive information.
• Describe how accidental disclosure may occur (e.g., misdirected emails, unprotected files, public presentations).

• Describe how clear reporting of security issues reduces response times.
• Explain the difference between communicating with technical and non-technical audiences.
• Provide examples of poor communication leading to delayed responses or misunderstandings.
• Explain the need for timely and accurate reporting.

- Collaborate effectively in basic security processes

• Document incidents using simple, structured formats (e.g., incident report templates).
• Follow escalation chains when reporting a threat or suspected breach.
• Recognize the role of teamwork between IT staff, management, and end users.
• Describe the roles and responsibilities in an incident response team (IRT).
• Explain the importance of security drills and awareness programs in preparing for incidents.

• Describe the evolving nature of security threats.
• Explain how continuous monitoring and updating reduces risk.
• Provide examples of threats emerging from unpatched systems or outdated policies.

- Implement technical safeguards to protect systems and networks

• Describe the purpose and function of firewalls in blocking unauthorized access.
• Explain how intrusion detection systems (IDS) monitor and alert on suspicious activity.
• Explain how intrusion prevention systems (IPS) can actively block threats.
• Describe the role of virtual private networks (VPNs) in securing remote communications.

- Apply organizational safeguards to protect assets and data

• Apply core practices for protecting sensitive and protected information.
• Manage user access rights and permissions in accordance with the principle of least privilege.
• Apply device restrictions (use only approved devices).
• Apply limited trust models to reduce insider threat potential.
• Explain anonymization methods for data before internet use.
• Conduct regular IT security training to raise employee awareness.
• Explain the need to isolate production from testing environments (different data, systems, and access).

- Apply secure development practices

• Conduct peer reviews to identify potential security issues in code.
• Integrate security requirements early in software specifications.
• Apply anonymization techniques to sensitive log data.
• Discuss the need for anonymizing data before it is logged.

• Explain when and how often system hardening should be performed.
• Identify and describe the sequential stages of system hardening (removing unnecessary services, applying updates, and configuring secure settings).

• Provide examples of common ports and protocols (e.g., HTTP, HTTPS, SSH, FTP).
• Explain how open ports can present vulnerabilities.

- Configure basic network security settings to reduce exposure to threats

• Describe how to disable unused services and ports.
• Explain the role of network segmentation and isolation.

• Define authentication as verifying identity.
• Define authorization as granting permissions.
• Provide examples (login vs. file access rights).

- Configure secure password-based authentication

• Describe characteristics of secure passwords.
• Explain password policy settings (expiry, history, complexity).

- Describe the components and benefits of multi-factor authentication (MFA)

• Explain common MFA methods (SMS, authenticator apps, hardware tokens).
• Discuss how MFA mitigates stolen password risks.

• Explain risks such as misconfigured storage buckets and unauthorized access.
• Describe shared responsibility models for cloud security.

- Apply best practices for securing SaaS applications and remote access tools

• Explain VPN use for secure remote connections.
• Describe device hardening for remote workers.

• Explain the purpose of offensive security testing for identifying vulnerabilities before attackers can exploit them.
• Define the concept of authorized testing and the importance of obtaining written permission before scanning.
• Conduct network port scans using Python’s socket library or python-nmap.
• Identify active services and open ports on authorized target systems.

- Perform basic vulnerability checks with Python

• Write scripts to identify outdated software versions.
• Check for weak or default passwords in test environments.

- Gather information using Python in a legal and ethical way

• Extract domain registration information using WHOIS queries.
• Perform banner grabbing to identify software versions on open ports.

• Check SSL/TLS certificate validity and expiration dates with Python’s ssl and socket libraries.
• Generate alerts for certificates near expiry.

- Monitor OS processes for suspicious activity

• Use the psutil library to list running processes and resource usage.
• Identify unusual CPU, memory, or network usage patterns.

- Automate system security checks and responses

• Verify that firewall services are running.
• Check for pending system updates and patches.
• Notify administrators with email or messaging API.
• Restart services automatically if stopped.

- Execute OS-level commands for security tasks

• Use Python’s subprocess module to run antivirus scans.
• Automate log archiving and cleanup tasks.

• Combine firewall, server, and authentication logs.
• Identify patterns such as failed logins and correlated alerts.

• Export security findings to CSV, JSON, or PDF formats.
• Include timestamps, IP addresses, and threat types in reports.
• Create visual summaries.

- Document and report test results

• Provide actionable recommendations from automated testing outputs.

• Automate Python scripts with cron (Linux) or Task Scheduler (Windows).
• Use APScheduler for dynamic scheduling in Python.

- Automate backups and verify them

• Use Python to check backup completion.
• Validate file integrity and recovery from backup.

- Chain security tasks

• Perform checks, backups, cleanups, and reporting in sequence.

• Use pylint and flake8 to find insecure or inefficient code.

- Validate and sanitize user input

• Prevent SQL injection by using parameterized queries.
• Test for SQL injection vulnerabilities.
• Block cross-site scripting (XSS) by escaping HTML output.

- Apply output encoding and escaping

• Encode special characters to prevent injection in HTML, XML, or JSON output.

- Implement secure file and exception handling practices

• Sanitize file paths to prevent directory traversal attacks.
• Hide tracebacks and sensitive system paths from end users.

- Manage sensitive configuration data securely

• Store passwords and API keys in environment variables.
• Avoid committing secrets to version control.

• Generate secure keys using Fernet.
• Encrypt and decrypt text or files.

- Use paramiko for secure communications

• Establish SSH connections to remote systems.
• Transfer files securely with SFTP.

- Handle documents and files securely with Python libraries

• Apply password protection and encryption to PDF files using PyPDF2.
• Extract text securely from PDFs for scanning or review.
• Use python-docx to inspect and sanitize Word documents (e.g., remove metadata, hidden comments).
• Use openpyxl to inspect and sanitize Excel files (e.g., remove hidden sheets, sensitive formulas).
• Validate that documents and spreadsheets do not contain embedded malicious macros or scripts.
• Explain best practices for sharing protected files, including use of strong passwords and secure transmission methods.

• Apply SHA-256 or stronger hashing algorithms to detect unauthorized file changes.
• Explain why older algorithms such as MD4 and MD5 are considered insecure due to collision vulnerabilities.
• Compare the reliability of weak and strong hash functions for ensuring data integrity.

- Validate downloaded files with checksums

• Compare computed checksums with published values.