Domain 7: Security Operations
7.1 Understand and comply with investigations:
- Evidence collection and handling
- Reporting and documentation
- Investigative techniques
- Digital forensics tools, tactics, and procedures
- Artifacts (for example, a computer, network, or mobile device)
7.2 Conduct logging and monitoring activities:
- Intrusion detection and prevention
- Security Information and Event Management (SIEM)
- Continuous monitoring
- Egress monitoring
- Log management
- Threat intelligence (for example, threat feeds or threat hunting)
- User and Entity Behavior Analytics (UEBA)
7.3 Perform Configuration Management (CM) (for example, provisioning, baselining, or automation)
7.4 Apply foundational security operations concepts:
- Need-to-know/least privilege
- Separation of Duties (SoD) and responsibilities
- Privileged account management
- Job rotation
- Service Level Agreements (SLAs)
7.5 Apply resource protection...
