WOLF//SEC
← Dashboard
DOMAIN 4.0 28% of exam

Security Operations

The heaviest domain — nearly a third of the exam. Nine objectives spanning system hardening and secure baselines, hardware/software/data asset management, vulnerability management lifecycle, security monitoring and alerting (SIEMSecurity Information and Event Management — Centralized log collection, correlation, and alerting, SOARSecurity Orchestration, Automation, and Response — Automates security operations workflows, EDREndpoint Detection and Response — Monitors endpoints for threats and enables response/XDRExtended Detection and Response — EDR extended across network, cloud, email, identity), identity and access management (federation, MFAMulti-Factor Authentication — Requiring multiple authentication factors, access control models, PAMPrivileged Access Management — Securing and monitoring privileged accounts), enterprise security enhancement (firewalls, IDSIntrusion Detection System — Monitors and alerts on suspicious activity (passive)/IPSIntrusion Prevention System — Detects and blocks suspicious activity (inline), email security, DLPData Loss Prevention — Prevents unauthorized data exfiltration, NACNetwork Access Control — Enforces security policy on devices connecting to network), automation and orchestration, incident response (preparation through lessons learned), and forensic data sources.

Four of the nine objectives are “Given a scenario” (PBQ-likely): 4.1 (security techniques), 4.5 (IAMIdentity and Access Management — Framework for managing digital identities and permissions), 4.6 (enterprise capabilities), and 4.9 (investigation data sources). This is where the most study time goes and where the most labs are built.

Touches every offensive discipline: hardening as friction multiplication, packet analysis and TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit fingerprinting for monitoring, incident response under an assume-breach model, understanding attacker automation to build better detection, and purple team feedback loops between offense and defense.

OBJECTIVES

4.1 Apply common security techniques to computing resources
PBQ
4.2 Explain the security implications of proper hardware, software, and data asset management
explain
4.3 Explain various activities associated with vulnerability management
explain
4.4 Explain security alerting and monitoring concepts and tools
explain
4.5 Implement and maintain identity and access management
PBQ
4.6 Modify enterprise capabilities to enhance security
PBQ
4.7 Explain the importance of automation and orchestration related to secure operations
explain
4.8 Explain appropriate incident response activities
explain
4.9 Use data sources to support an investigation
PBQ

LABS

LAB 4.1-B T1: In-Browser

Wireless Security Configuration

Obj 4.1 · intermediate · ~12min READY
LAB 4.1-A T2: Worker-Backed

System Hardening Checklist

Obj 4.1 · intermediate · ~20min PLANNED
LAB 4.1-C T1: In-Browser

Mobile Device Policy Builder

Obj 4.1 · intermediate · ~15min READY
LAB 4.4-B T1: In-Browser

SCAP & Benchmark Auditor

Obj 4.4 · intermediate · ~15min READY
LAB 4.5-A T1: In-Browser

Access Control Model Simulator

Obj 4.5 · intermediate · ~20min READY
LAB 4.6-C T1: In-Browser

DLP Policy Configuration

Obj 4.6 · intermediate · ~15min READY
LAB 4.9-B T2: Worker-Backed

Packet Capture Forensics

Obj 4.9 · intermediate · ~20min PLANNED
LAB 4.9-C T1: In-Browser

Vulnerability Scan Analysis

Obj 4.9 · intermediate · ~12min READY
LAB 4.8-B T1: In-Browser

Chain of Custody & Evidence Handling

Obj 4.8 · intermediate · ~15min READY
LAB 4.5-D T1: In-Browser

ABAC Policy Evaluator

Obj 4.5 · intermediate · ~15min READY