🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
GSEC
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
GSEC GIAC Certifications Coming Soon

GSEC

The GSEC course teaches networking and protocols, defense in depth, cryptography, identity and access management, and incident handling basics, enabling candidates to configure controls and analyze security events for real‑world protection.

300
Minutes
180
Questions
73/100
Passing Score
$979
Exam Cost

Who Should Take This

It is intended for security analysts, engineers, or administrators with two to three years of hands‑on experience who seek to validate their practical knowledge of core security concepts. These professionals aim to strengthen their ability to implement defenses, manage identities, and respond to incidents, advancing toward senior security roles.

What's Covered

1 Domain 1: Networking and Protocols
2 Domain 2: Defense in Depth
3 Domain 3: Cryptography
4 Domain 4: Identity and Access Management
5 Domain 5: Incident Handling Basics
6 Domain 6: Windows and Linux Security
7 Domain 7: Cloud Security Fundamentals
8 Domain 8: Wireless Security

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

64 learning goals
1 Domain 1: Networking and Protocols
3 topics

TCP/IP Protocol Suite

  • Describe the TCP/IP model layers and identify the protocols operating at each layer including Ethernet, IP, TCP, UDP, HTTP, DNS, DHCP, and SMTP.
  • Analyze TCP header fields including sequence numbers, acknowledgment numbers, flags, and window size to determine connection state and detect anomalous behavior.
  • Describe IPv4 subnetting including CIDR notation, subnet masks, network and broadcast addresses, and apply subnetting to segment networks for security isolation.
  • Identify IPv6 addressing types including unicast, multicast, and anycast and describe IPv6 security considerations including NDP spoofing and extension header abuse.

Network Services and Protocols

  • Describe DNS resolution processes including recursive and iterative queries, zone transfers, DNS record types, and security risks including cache poisoning and DNS tunneling.
  • Identify the security implications of common network services including DHCP, SNMP, NTP, TFTP, and FTP and describe mitigations for protocol-specific vulnerabilities.
  • Analyze network traffic captures using tools such as Wireshark and tcpdump to identify protocol behavior, extract artifacts, and detect suspicious communication patterns.

Network Architecture and Segmentation

  • Describe network architecture components including routers, switches, load balancers, and proxies and identify their security functions within a defense-in-depth design.
  • Apply network segmentation strategies using VLANs, subnets, DMZ architectures, and micro-segmentation to isolate sensitive assets and contain lateral movement.
  • Evaluate a network architecture diagram to identify segmentation weaknesses, single points of failure, and opportunities to improve defensive posture.
2 Domain 2: Defense in Depth
4 topics

Firewalls and Perimeter Security

  • Describe firewall types including packet filtering, stateful inspection, application-layer gateways, and next-generation firewalls and identify their respective inspection capabilities.
  • Configure firewall rule sets following the principle of least privilege including default deny policies, explicit allow rules, logging requirements, and rule ordering best practices.
  • Analyze firewall logs and rule sets to identify overly permissive rules, shadowed rules, and gaps in coverage that could allow unauthorized traffic.

Intrusion Detection and Prevention

  • Describe the differences between network-based and host-based intrusion detection and prevention systems and identify appropriate deployment locations for each type.
  • Configure IDS/IPS signature rules and anomaly detection thresholds using tools such as Snort or Suricata to detect common attack patterns while minimizing false positives.
  • Analyze IDS alerts to differentiate between true positives, false positives, true negatives, and false negatives and recommend tuning adjustments.

Vulnerability Management

  • Describe the vulnerability management lifecycle including asset inventory, vulnerability scanning, risk prioritization, remediation, and verification using tools such as Nessus or OpenVAS.
  • Identify the components of the Common Vulnerability Scoring System including base, temporal, and environmental metrics and apply CVSS scores to prioritize remediation efforts.
  • Evaluate vulnerability scan results to distinguish between actual vulnerabilities and false positives and recommend prioritized remediation actions based on risk context.

Security Information and Event Management

  • Describe SIEM architecture including log collection, normalization, correlation, alerting, and retention and identify the role of SIEM in security operations.
  • Configure log collection from multiple sources including Windows Event Logs, syslog, application logs, and network device logs for centralized analysis in a SIEM platform.
  • Analyze correlated SIEM events to identify potential security incidents including brute force attempts, lateral movement indicators, and data exfiltration patterns.
3 Domain 3: Cryptography
3 topics

Cryptographic Algorithms and Operations

  • Describe symmetric encryption algorithms including AES, 3DES, and ChaCha20 and identify appropriate key lengths, modes of operation, and performance characteristics for each.
  • Describe asymmetric encryption algorithms including RSA, Diffie-Hellman, and elliptic curve cryptography and explain their roles in key exchange and digital signatures.
  • Apply cryptographic hashing using SHA-256, SHA-3, and HMAC for data integrity verification, password storage, and message authentication in security operations.
  • Evaluate cryptographic implementations to identify weaknesses including insecure algorithms, insufficient key lengths, improper IV reuse, and weak random number generation.

PKI and Certificate Management

  • Describe public key infrastructure components including certificate authorities, registration authorities, certificate revocation lists, and OCSP responders.
  • Apply certificate lifecycle management procedures including CSR generation, certificate issuance, renewal, revocation, and key escrow using tools such as OpenSSL.
  • Analyze certificate chain validation failures to determine root causes including expired certificates, untrusted CAs, hostname mismatches, and revoked intermediate certificates.

Applied Cryptography and Protocols

  • Describe the TLS 1.2 and TLS 1.3 handshake processes including cipher suite negotiation, key exchange, certificate verification, and session establishment.
  • Configure IPsec VPN tunnels using IKE phase 1 and phase 2 negotiations and describe the differences between transport and tunnel modes for site-to-site and remote access.
  • Evaluate the security of encrypted communication channels to identify vulnerabilities including downgrade attacks, weak cipher suites, and certificate pinning bypasses.
4 Domain 4: Identity and Access Management
2 topics

Authentication and Authorization

  • Describe authentication protocols including Kerberos, NTLM, LDAP, RADIUS, and TACACS+ and identify their use cases, strengths, and known vulnerabilities.
  • Configure multi-factor authentication solutions using TOTP, FIDO2 hardware tokens, and certificate-based authentication for enterprise environments.
  • Describe OAuth 2.0 and OpenID Connect authorization flows including authorization code, client credentials, and implicit grants and identify security considerations for each.
  • Analyze authentication logs to detect credential-based attacks including pass-the-hash, Kerberoasting, golden ticket attacks, and credential stuffing patterns.

Access Control and Privilege Management

  • Apply role-based and attribute-based access control models to enforce least privilege principles across enterprise resources including file systems, applications, and databases.
  • Describe privileged access management solutions including password vaults, just-in-time access, session recording, and break-glass procedures for emergency access.
  • Evaluate access control configurations to identify privilege escalation paths, excessive permissions, and violations of separation of duties principles.
5 Domain 5: Incident Handling Basics
2 topics

Incident Response Process

  • Describe the NIST SP 800-61 incident response phases including preparation, detection and analysis, containment, eradication, recovery, and post-incident activity.
  • Apply incident classification and prioritization criteria based on impact, urgency, and affected asset criticality to triage security events effectively.
  • Describe containment strategies including network isolation, account lockout, system quarantine, and DNS sinkholing for different incident types.
  • Analyze a security incident timeline to determine the root cause, assess the scope of compromise, and recommend eradication and recovery actions.

Evidence Collection and Forensic Readiness

  • Describe digital evidence collection principles including order of volatility, chain of custody documentation, and integrity verification using cryptographic hashes.
  • Apply log preservation techniques including centralized log forwarding, write-once storage, and timestamp synchronization to maintain forensic readiness.
6 Domain 6: Windows and Linux Security
2 topics

Windows Security

  • Describe Windows security architecture including Security Account Manager, Local Security Authority, access tokens, security identifiers, and NTFS permissions.
  • Configure Active Directory Group Policy Objects to enforce security baselines including password policies, audit settings, user rights assignments, and software restriction policies.
  • Analyze Windows Event Log entries including security, system, and application logs to detect unauthorized access, privilege escalation, and service manipulation.
  • Describe Windows Defender features including real-time protection, controlled folder access, attack surface reduction rules, and credential guard for endpoint security.

Linux Security

  • Describe Linux security fundamentals including user and group management, file permission models using chmod and chown, and special permission bits including SUID and SGID.
  • Configure Linux hardening measures including iptables or nftables firewall rules, SSH key-based authentication, sudo privilege delegation, and SELinux or AppArmor policies.
  • Analyze Linux log files including auth.log, syslog, and secure to identify unauthorized login attempts, privilege escalation events, and suspicious process execution.
  • Apply package management security practices including repository verification, GPG signature validation, and automated security patch deployment using tools such as yum or apt.
7 Domain 7: Cloud Security Fundamentals
2 topics

Cloud Security Architecture

  • Describe cloud service models including IaaS, PaaS, and SaaS and identify the shared responsibility boundaries for security controls in each model.
  • Apply cloud identity and access management controls including IAM policies, service accounts, role assumptions, and conditional access for securing cloud workloads.
  • Describe cloud network security controls including security groups, network ACLs, VPC peering, private endpoints, and cloud-native firewalls.
  • Evaluate cloud security configurations to identify misconfigurations including publicly exposed storage buckets, overly permissive security groups, and unencrypted data stores.

Cloud Monitoring and Compliance

  • Configure cloud logging and monitoring services including CloudTrail, Azure Monitor, and GCP Cloud Audit Logs to capture security-relevant events and API activity.
  • Analyze cloud audit logs to detect suspicious activity including unauthorized API calls, privilege escalation attempts, and resource modifications outside change windows.
8 Domain 8: Wireless Security
2 topics

Wireless Protocol Security

  • Describe wireless security standards including WPA2-Personal, WPA2-Enterprise, WPA3-SAE, and 802.1X authentication and identify the encryption and authentication mechanisms of each.
  • Configure enterprise wireless security using WPA2-Enterprise with RADIUS authentication, certificate-based EAP-TLS, and PEAP-MSCHAPv2 for credential protection.
  • Analyze wireless traffic captures to identify rogue access points, deauthentication attacks, evil twin setups, and WPA handshake capture attempts.

Wireless Security Operations

  • Deploy wireless intrusion detection and prevention systems to monitor for unauthorized access points and anomalous wireless activity on enterprise networks.
  • Describe Bluetooth security risks including bluejacking, bluesnarfing, and BLE relay attacks and identify mitigation strategies for wireless peripheral security.

Scope

Included Topics

  • All domains in the GIAC Security Essentials (GSEC) certification aligned to SANS SEC401: Networking and Protocols, Defense in Depth, Cryptography, Identity and Access Management, Incident Handling Basics, Windows and Linux Security, Cloud Security Fundamentals, and Wireless Security.
  • Intermediate security knowledge including TCP/IP protocol analysis, network defense architecture, firewall rule configuration, IDS/IPS tuning, VPN deployment, PKI operations, Active Directory security, Linux privilege management, log analysis, vulnerability scanning, and incident detection and response procedures.
  • Applied cryptography including symmetric and asymmetric algorithms, key management lifecycle, TLS/SSL handshake mechanics, digital signatures, certificate validation, and common cryptographic attacks and weaknesses.
  • Cloud security principles including shared responsibility models, identity federation, cloud logging and monitoring, and securing IaaS, PaaS, and SaaS environments across major providers.
  • Practical security operations including endpoint hardening, security information and event management concepts, vulnerability management lifecycle, and security architecture design principles.

Not Covered

  • Advanced exploit development, reverse engineering, and malware analysis beyond the scope of SEC401.
  • Digital forensics acquisition techniques, evidence preservation chains, and forensic tool operation at the examiner level.
  • Advanced cloud-native security architectures including Kubernetes security, service mesh configurations, and serverless security patterns.
  • SCADA/ICS security, operational technology protocols, and industrial control system defense.
  • Advanced threat intelligence platform operations, threat hunting methodologies, and adversary emulation frameworks.

Official Exam Page

Learn more at GIAC Certifications

Visit

GSEC is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

GIAC® is a registered trademark of Global Information Assurance Certification (a subsidiary of the SANS Institute). GIAC does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.