Use this quick start guide to collect all the information about GIAC Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Cloud Penetration Tester (GIAC) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Cloud Penetration Tester (GCPN) certification exam.
The GIAC certification is mainly targeted to those candidates who want to build their career in Offensive Operations domain. The GIAC Cloud Penetration Tester (GCPN) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC.
GIAC Exam Summary:
| Exam Name | GIAC Cloud Penetration Tester (GCPN) |
| Exam Code | GIAC |
| Exam Price | $999 (USD) |
| Duration | 120 mins |
| Number of Questions | 75 |
| Passing Score | 70% |
| Books / Training | SEC588: Cloud Penetration Testing |
| Schedule Exam | GIAC |
| Sample Questions | GIAC Sample Questions |
| Practice Exam | GIAC Certification Practice Exam |
GIAC Exam Syllabus Topics:
| Topic | Details |
|---|---|
| AWS Authentication and Cloud Services | The Candidate will demonstrate understanding of the AWS authentication methods including the structure, policies, and identities used through IAM including Privilege Escalation in the AWS environment. The candidate will demonstrate understanding of the Amazon KMS and Lambda functions and fundamental use of exploitation tools for AWS. |
| Azure Functions and Windows Containers | The Candidate will demonstrate understanding of the Azure Functions capability and the differences between it and AWS Lambda functions, code execution in the Azure environment including Windows Containers, and the Microsoft Graph tool. |
| Cloud CLI and Application Mapping | The candidate will demonstrate understanding of AWS and Azure CLI structure and application mapping through APIs and HTTP requests. |
| Cloud Native Applications and CI/CD Pipelines | The Candidate will demonstrate understanding of examples of cloud native applications and CI/CD pipelines and finding vulnerabilities in them. |
| Cloud Penetration Testing Fundamentals | The candidate will demonstrate understanding of the fundamentals of penetration testing applied to cloud applications including recon, assessment, discovery and restrictions of cloud environments. The candidate will demonstrate understanding of the structure and configurations of public cloud infrastructures. |
| Containers and Kubernetes Structure | The Candidate will demonstrate understanding of application deployment in containers as well as the structure and configuration of Kubernetes and service meshes. |
| Discovering Cloud Services and Data | The Candidate will be able to discover and identify sources of exposure in cloud environments, including exposed ports, services, databases, secrets, and developer tools and repositories. |
| Microsoft Azure Cloud Services and Attacks | The Candidate will show understanding of Microsoft Azure cloud services, web identity management and authentication standards, and attacks against Azure users and services. |
| Password Attacks on Cloud Environments | The Candidate will demonstrate an understanding of username harvesting and password attack methodologies and tools. |
| Red Team Penetration Testing of Cloud Environments | The Candidate will demonstrate understanding of Red Team penetration testing processes including exploitation and payload development and the tools associated with these concepts. |
|
Redirection and Attack Obfuscation
|
The Candidate will demonstrate understanding of the process of obfuscation of commands and attack structure through domain fronting and other tools, and pivoting using the proxies, and other methods. |
| Web Application Attacks | The Candidate will demonstrate understanding of common web application attacks and how they impact cloud native applications and serverless functions. |
To ensure success in GIAC certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Cloud Penetration Tester (GIAC) exam.