The Security Best Practices for Mac OS X v10.4 Exam (9L0-612)

Exam Objectives and Sub-Objectives:

Following are the objectives of this exam

1. Mac OS X Security Overview

This topic has 4 items, drawn randomly from the following objectives:

• Describe the Apple authorization philosophy.
• Identify the components of the security process.
• Describe the function of each component of the Mac OS X security architecture.
• Describe an IT security policy document and how it is developed.

2. Securing the Local System

• This topic has 7 items, drawn randomly from the following objectives:
• Identify the four layers of the Mac OS X local security model.
• Describe how to set Open Firmware restrictions.
• Identify elements of a secure Mac OS X installation, including hard disk formats,passwords, and user-account based access controls.
• Describe the role of Disk Utility in creating a secure local system.
• Describe security options and vulnerabilities related to Mac OS 9 (Classic).
• Describe how the Mac OS X firewall functions.
• Describe how FileVault secures users’ documents.

3. Mobility Security Concerns

• This topic has 7 items, drawn randomly from the following objectives:
• Identify the features and security risks of Bluetooth and 802.11 WLANs.
• Describe how to configure Mac OS X Bluetooth for security.
• Identify similarities and differences between the features and level of securityprovided by WEP, 802.1X/WEP, WPA Enterprise, and WPA Personal.
• Describe how to configure Mac OS X for WEP, 802.1X/WEP, WPA Enterprise, and WPAPersonal.

4. Secure Network Connections

• This topic has 6 items, drawn randomly from the following objectives:
• Describe open ports.
• Describe how to implement SSH, SCP, and SFTP.
• Describe how to set up a VPN client.

5. Secure Authentication

• This topic has 10 items, drawn randomly from the following objectives:
• Recognize the concepts behind authentication.
• Outline how to use Mac OS X Server to provide SASL-based encryption.
• Recognize the role Kerberos plays in Mac OS X and Mac OS X Server.

6. Secure Network Configuration

• This topic has 1 item, drawn randomly from the following objectives:
• Recognize network security design principles.
• Identify methods for implementing a secure network design, including NAT, VPNs,and firewalls.
• Describe how to use the Mac OS X Gateway Setup Assistant to enable andconfigure routing, NAT, and VPN services.
• Describe how to use the Mac OS X Server Admin application to configure thefirewall service.
• Describe how to create firewall rules to lock down traffic to and through aMac OS X server, including remote administration traffic, Web and e-mail traffic,DNS zone transfers, pings, and ping replies.
• Describe how to configure Mac OS X firewall service for stealth mode.
• Outline how to analyze firewall rules with the UNIX ipfw show command.
• Identify how to monitor network security with logging.

7. Mail Security

• This topic has 9 items, drawn randomly from the following objectives:
• Identify methods to reduce spam and virus email.
• Describe methods to secure email.
• Recognize ways to protect email servers.
• Describe how to bring up a chat server.
• Outline how to maintain physical security.

8. Web Security

• This topic has 5 items, drawn randomly from the following objectives:
• Describe how to configure security features in Safari.
• Outline how to establish a secure website using SSL.
• Identify how to redirect from an HTTP site to an HTTPS site.
• Describe how to set up WebMail securely with SSL.
• Describe how to set up WebDAV securely with SSL.
• Describe how to set up a proxy server to block selected sites.

9. Maintenance, Intrusion Detection, and Auditing

• This topic has 10 items, drawn randomly from the following objectives:
• Recognize which files to watch for unauthorized modification.
• Describe methods to detect malicious software.
• Describe varieties of malicious software, including Trojan Horses, Viruses, Worms,and Spyware.
• Describe how to use virus protection software.
• Describe how to use rootkit safely.

Exam Detail: