Systems Security Professional Essentials Labs

Level: Foundation

Learn the security techniques used by the Internet’s most skilled professionals. This Systems Security Essentials lab bundle, which includes 32 distinct, hands-on labs, will prepare you with the essential principles of risk management, network security, identity and access management, security operations and more.

This lab bundle is designed to align to the learning objectives found in the (ISC)2 Certified Information Systems Security Professional certification — Course 2058, Official (ISC)2® CISSP Training and Certification Prep (with Exam Voucher).

Key Features of this Training:

  • 6-month access to CYBRScore Systems Security Professional Essentials Labs
  • Content aligned to (ISC)2 Certified Information Systems Security Professional certification

You Will Learn How To:

  • Practice the objectives presented in the (ISC)2 Certified Information Systems Security Professional certification
  • Understand the principles of risk management, network security, identity and access management, security operations and more
  • Identify whether high-risk systems were affected in an attack
  • Analyze, update, and perform a gap analysis on a sample BCP/BIA/DRP/CIRP

Choose the Training Solution That Best Fits Your Individual Needs or Organizational Goals


On Demand

6-Month Access to:

  • Pre-configured labs with lab guides
  • Gain hands-on skills in topic areas aligned to (ISC)2 Certified Information Systems Security Professional certification
View Course Details

Standard $149

Government $149



Save More On Training with FlexVouchers – A Unique Training Savings Account

Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.

On Demand

Important Course Information

  • CYBRScore Labs Description

    Practice your skills in a virtual network environment. Learn by doing wherever you are on your own time at your own pace. CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience. CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

Systems Security Professional Lab Content

  • Analyze and Update a Company BCP/BIA/DRP/CIRP

    Students will become familiar with the Business Continuity Plan (BCP), Business Impact Assessment (BIA), Disaster Recovery Plan (DRP) and Computer Incident Response Plan (CIRP). Each of these documents are used to address different, but related, aspects of continuing or recovering business functionality during/after an incident. During the course of the lab, students will perform a gap analysis using the provided BCP, BIAs and DRP, and make the necessary fixes to the DRP.

  • Analyze SQL Injection Attack

    Students will Identify the use of an SQL Injection through the use of Wireshark. The students will also isolate the different aspects of the SQL Injection and execute the selected code.

  • Analyze Structured Exception Handler Buffer Overflow Exploit

    Students will identify the use of a Buffer Overflow exploit through the use of Wireshark and by analyzing items found in the captured traffic. The students will also find the exploit code and isolate the different aspects of a Buffer Overflow exploit.

  • Applying Filters to TCPDump and Wireshark

    This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

  • Baseline Systems in Accordance with Policy Documentation

    Students are provided a whitelist of applications allowed for installation on a system. Students will compare the list against multiple hosts and remove the installed applications which are not on the list.

  • Creating a Baseline Using the Windows Forensic Toolchest (WFT)

    Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

  • Creating a List of Installed Programs, Services and User Accounts from a WIN2K12 Server

    Students will create a list of installed programs, services, and accounts in a Windows 2012 server environment using various tools and methods.

  • Creating a Secondary Baseline and Conducting Comparison

    Students will create a second baseline using the Window Forensic Toolchest (WFT) and compare it against a previously created baseline using KDiff3.

  • Creation of Standard Operating Procedures for Recovery

    Students will have access to the results of a vulnerability scan run again a sample Windows 2008 Server. They will perform any necessary remediations to the server by applying a variety of patches, systems/firewall tweaks in order to further harden it. Next, they will run a follow-up scan to ensure that the previously discovered weaknesses have been mitigated down to a reasonable level of risk. After the verification scan has been completed, they will then author a Standard Operating Procedure to help others walk through the same mitigation process they went through - enabling others to perform the same actions on other Windows 2008 servers.

  • Data Backup and Recovery

    In this lab we will simulate the recovery phase where we must perform a backup in a server environment.

  • Firewall Setup and Configuration

    In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).

  • Identify Access to a LINUX Firewall Through SYSLOG Service

    Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

  • Identify Whether High-Risk Systems Were Affected

    The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

  • Identifying System Vulnerabilities with OpenVAS

    Students will scan a system in OpenVAS (Open Vulnerability Assessment) to discover and identify systems on the network that have vulnerabilities.

  • IDS Setup

    Network and host based Intrusion Detection Systems (IDS) analyze traffic and provide log and alert data for detected events and activity. Security Onion provides multiple IDS options including Host IDS and Network IDS. In this lab you will setup Security Onion to function as a network based IDS and Snorby, the GUI web interface for Snort.

  • Implementing Least-Privilege on Windows

    Least-privilege is an important concept across many domains (e.g., Windows server/workstation management, networking, Linux management, etc.) and requires great discipline to implement properly. This lab walks students through implementing least privilege in both an Active Directory setup and a normal Windows-based workstation.

  • Linux Users and Groups

    In this lab students will use command line tools to create, modify, and manage users and groups within the Linux operating environment.

  • Log Correlation & Analysis to Identify Potential IOC

    When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior. In this lab, students will work with Splunk to help correlate server logs, system logs, and application logs in order to determine if an attacker was successful, and if so what happened and how they got in.

  • Manual Vulnerability Assessments

    Students will learn how to conduct manual scanning against systems using command line tools such as Netcat then they will login to a discovered system and enable object access verify that auditing to the object is enabled.

  • Manually Analyze Malicious PDF Documents

    Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

  • Manually Analyze Malicious PDF Documents 2

    Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

  • Microsoft Baseline Security Analyzer

    In this lab you will use Microsoft Baseline Security Analyzer (MBSA) to perform scans of individual host computers and of groups of computers. You will also learn how to perform the most common scans using command line tools. Once completed, you will have learned how to use MBSA to perform a comprehensive security analysis of your network environment.

  • Monitoring and Verifying Management Systems

    Students will analyze a MBSA Baseline report and compare it to current system configurations. Students will then make necessary system changes to machines and validate baseline using MBSA. Students will finally compare hash values to determine if any changes have been made to a system.

  • Monitoring Network Traffic for Potential IOA/IOC

    In this lab we will replicate potentially malicious scans from the Internet against a corporate asset. Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

  • Network Segmentation (FW/DMZ/WAN/LAN)

    In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE - LAN which will be the internal Local Area Network. ZONE - DMZwhich will be the demilitarized zone. ZONE - WAN - which will be the Wide area network. We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ to WAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackers who if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We'll also show trainees how a contractor would likely VPN into a retail network and how to appropriately restrict their access.

  • Parse Files Out of Network Traffic

    This lab teach students how to extract various files from network traffic using Network Miner and Wireshark.

  • Patch Installation and Validation Testing

    Students will identify if a vulnerability is present on two Windows systems and then move to remediate the vulnerability, if necessary.

  • Performing Incident Response in a Windows Environment

    This next lab walks students through identifying a security incident, as well as handling and then responding to the incident.

  • Scanning and Mapping Networks

    Students will use Zenmap to scan a network segment in order to create an updated network map and detail findings on the systems discovered. They will use the material they generated to help them discover if there have been any changes to the network after they compare it to a previously generated network map/scan.

  • Securing Linux for System Administrators

    Linux environments are ubiquitous in many different sectors, and securing these environments is as important as securing Windows environments. This lab walks you through implementing least-privilege and strong security practices in a Linux environment. Specifically, you will walk through ways to secure your Linux box, look at and fix common areas of privilege issues/abuses, and get introduced to SELinux and how it helps when implementing least-privilege.

  • Use pfTop to Analyze Network Traffic

    Students will use pfTop, a network traffic monitoring/statistics plugin used in pfSense, to analyze and monitor network traffic. They will walk through the steps of performing a detailed investigation to determine what type of traffic is occurring across the exercise network. Finally, with the use of visualization tools they will be able to further analyze network traffic statistics and learn how visuals can quickly aid in the incident response process.

  • Vulnerability Identification and Remediation

    Learners will use Nmap and OpenVAS/Greenbone Vulnerability Scanner to confirm old vulnerable systems and to also discover new ones. They will perform a risk analysis of the findings and determine steps to be taken to mitigate the issues discovered. Finally, armed with a previously completed audit report as an example, they will fill out the necessary audit documentation to provide details on their findings and to add any suggested mitigations.


  • What does it mean that this offering aligns to a course?

  • What is a CYBRScore Lab Bundle?

    • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
  • How long will each lab take to complete?

    • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.
  • Are there any system requirements?

    • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.
  • How long do I have access to the labs for?

    • CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
  • How do I access my purchased labs?

    • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Questions about which training is right for you?

call 888-843-8733
chat Live Chat

100% Satisfaction Guaranteed

Your Training Comes with a 100% Satisfaction Guarantee!*

*Partner-delivered courses may have different terms that apply. Ask for details.

Preferred method of contact:
Chat Now

Please Choose a Language

Canada - English

Canada - Français