K0277 |
Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features). |
K0059 |
Knowledge of new and emerging information technology (IT) and cybersecurity technologies. |
K0235 |
Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. |
K0009 |
Knowledge of application vulnerabilities. |
K00013 |
Knowledge of cyber defense and vulnerability assessment tools and their capabilities. |
K0105 |
Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language). |
K0070 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
K0089 |
Knowledge of systems diagnostic tools and fault identification techniques. |
K0161 |
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
K0019 |
Knowledge of cryptography and cryptographic key management concepts |
K0308 |
Knowledge of cryptology. |
K0044 |
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
K0004 |
Knowledge of cybersecurity and privacy principles. |
K0143 |
Knowledge of front-end collection systems, including traffic collection, filtering, and selection. |
K0106 |
Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities. |
K0119 |
Knowledge of hacking methodologies. |
K0342 |
Knowledge of penetration testing principles, tools, and techniques. |
K0177 |
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
K0206 |
Knowledge of ethical hacking principles and techniques. |
K0604 |
Knowledge of threat and/or target systems. |
K0430 |
Knowledge of evasion strategies and techniques. |
K0268 |
Knowledge of forensic footprint identification. |
K0310 |
Knowledge of hacking methodologies. |
K0572 |
Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
K0167 |
Knowledge of system administration, network, and operating system hardening techniques. |
K0122 |
Knowledge of investigative implications of hardware, Operating Systems, and network technologies. |
K0224 |
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
K0301 |
Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
K0332 |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
K0039 |
Knowledge of cybersecurity and privacy principles and methods that apply to software development. |
K0178 |
Knowledge of secure software deployment methodologies, tools, and practices. |
K0344 |
Knowledge of an organization??s threat environment. |
K0081 |
Knowledge of software development models (e.g., Waterfall Model, Spiral Model). |
K0153 |
Knowledge of software quality assurance process. |
K0154 |
Knowledge of supply chain risk management standards, processes, and practices. |
K0160 |
Knowledge of the common attack vectors on the network layer. |
K0048 |
Knowledge of Risk Management Framework (RMF) requirements. |
K0002 |
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
K0343 |
Knowledge of root cause analysis techniques. |