Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Q/AAP - Qualified/ Access, Authentication and PKI Professional Certification Exam

A public way to work with encryption is essential to protecting PII ( personal identifiable information) information that we share across our networks and with external business partners.

A Public key infrastructure ( PKI ) is a critical component for ensuring CIA (confidentiality, integrity and authentication) in an enterprise that must minimize PII exposure and manage the threat of risk. This hands-on course provides essential data protection knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization.

Web and other forms of E-Commerce introduce a whole new group of information security challenges. Traditional password authentication, access controls and network perimeter security safeguards often fall short in a dynamic mobile business environment. Data traveling over untrusted networks must be protected by encryption methods that are highly dependent on flexible and robust key management schemes. In this comprehensive, five-day hands-on course, you'll learn how to plan, evaluate, develop, and implement a successful enterprise network security framework using Public Key Infrastructure (PKI), authentication, identity, and access authorization systems. 85% labs!

Upon completion of the class, you’ll have all the experience, confidence, and tools you need to plan Certificate Policy & Certificate Practice Statements and execute a fully integrated PKI, enterprise-wide encryption, authentication and identity plan.

eStudy is available for this class.

The Q/AAP Certification is also a stand-alone Q/IAP Certification Exam.

Key topics:
• PKI needs assessment
• Verify PKI Trust Concepts
• Is it Access & Identity or Encryption you really need?
• Understanding Encryption options
• Top 10 PKI obstacles
• Securing Mail with S/MIME
• Install multiple trusted certificate servers in hands-on labs
• Build Certificate Policies and Certificate Practice Statements
• Recovering a Private key from Microsoft CA
• Creating specific certificate OIDs
• Cross Certifying with a Bridge CA
• Configuring PKI Assurance Hierarchies
• Install HSPD -12 PIV, Smart Cards, Smart Tokens, and Biometrics
• Product comparisons and demonstrations
• Avoiding PKI pitfalls


Who should attend:

Information Security Officers and Managers, PKI designers, technical managers overseeing security, and those responsible for developing enterprise security policies, Information Systems Administrators and Auditors, Network Administrators, Information Assurance Consultants, Systems and Data- Security Analysts, Project Managers.

Course Fee: $2,995
Time: 7:45am - 5:00pm
Location: Click here to view the course schedule
Learning Level: Basic to Advanced
Prerequisites: Understanding of TCP/IP protocols
CPE Credits: 40
Instructor: Sondra Schneider/ David Spivey

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Here is what you Learn to do: with extensive hands-on experience planning, designing and building a PKI

Course agenda:
Introduction to Cryptography
PKI Cryptography Essentials Identifying approaches to cryptography
Symmetric and asymmetric ciphers
Generating hash collisions
Authenticating via zero knowledge proof
Improving with K-of-N authentication
Enforcing non-repudiation with digital signatures
From PGP (Pretty Good Privacy) to using digital signature certificates. You’ll learn what cryptography is, what it can and can’t do, and how and when you’ll want to use it.

Network Security Refresher
Network Defense and Countermeasure
Penetration Testing
Transmission Security
Security Roles and Responsibilities

Trust in a Digital World
Establishing trust through credentials
Verifying trust with a trusted third party

Securing the Private key
Selecting Cryptographic Service Providers
Protecting with Data Protection API
Securing with physical smart cards and Hardware Security Model (HSM)

Public Key Infrastructure
An in-depth look at all the elements and applications of PKI — including the top 10 PKI deployment issues and how to handle them in ways that work for your organization.

Establishing PKI Policies Creating a Certificate Policy (CP)
Identifying with an object identifier (OID)
Obtaining an OID
Selecting Microsoft Application Policies

Certification Practice Statements (CPS)
Upholding the CA policies
Standardizing provisions for CP/CPS
Contrasting CP vs. CPS

Authenticating with PKI Credentials Inside PKI X.509v3 Certificates
Interoperating with industry profiles
Setting certificate lifetimes
Controlling access with attribute certificates
Enrolling Cisco devices with SCEP

HSPD-12 tools– In an effort to better secure federal resources and reduce the potential for terrorist attacks, Homeland Security Presidential Directive 12 (HSPD-12) has set an October 2006 deadline for agencies to adopt identity and access management controls and procedures intended to establish the reliability of employees and contractors and prevent unauthorized access to government facilities and systems. The goal of HSPD-12 is to require federal agencies to adopt a standard, secure, and reliable identification card (the “PIV card”) for employees and contractors – and to ensure that it's only issued only to intended individuals.

Certificates and Signatures
When are certificates and signatures used? How do they differ? All questions and issues are answered here.
• Signatures vs. certificates
• Digital signatures — definitions, applications, and how they work
• Certificate structures
• Authentication
• Access control
• Integrity
• Non-repudiation

Certification Authorities and Directories
The ins and outs of CAs and directories, with special emphasis on the challenges inherent in managing multiple CA environments and the role of PKI.
• Roles and responsibilities of Certificate Authorities (CAs)
• Registration and certification process
• Directories defined
• Certificate management
• Certificate value
• Cross certification
• Key recovery

Leveraging certificates in applications

Registration Authority (RA)
Interfacing with PKCS & PKIX standards
Contrasting online RA vs. offline RA

Linking with PKI Repository
Identifying with distinguished names
Accessing the X.500 directory with LDAPv3
Choosing LDAP chaining or referrals X.509v2 Certificate Revocation List (CRL)
Timeliness and salability solutions
Selecting complete or delta CRL
Publishing CA certificates and CRLs
Validating certificates with OCSP Validating entity certificate
Forming a certificate chain
Locating the Trust Anchor
Matching CA Certificates
Validating via path processing

Building a hierarchical trust model
Distributing trust to subordinate CAs
Increasing security with offline root
Issuing CA vs intermediate CA
Defining CPS with a policy CA

Restricting with Qualified Subordination
Constraining trust to subordinates
Mapping policies with peer CAs
Path processing a Certificate Trust List chain

Product Comparisons and Demonstrations
The information and answers you need to choose the products that match both your strategic objectives and your existing infrastructure.
• Comparison matrix
• Middleware products
• Multiple product demos
• Outsourcing CA hosting

Overcoming Pitfalls in Public Key Encryption and Certificate Management
A look at where a PKI strategy or deployment could go wrong — and how to steer clear.
• Underestimating the complexity of a PKI rollout
• Challenges associated with encryption
• Key management

Case Studies
Putting all the learning to work with an examination of how PKI and CAs have been used in real organizations — what went right, and what went wrong.

Deploying a PKI
How to effectively translate well-conceived strategy into smooth-running PKI reality.
• The model
• Deployment success factors
• Technological challenges
• Non-technological challenges
• Deployment approach
• Typical PKI deployment team
• Deployment tools

Course Labs and Exercises
• Lab I — Encryption and Digital Signing
• Lab II — CA installation to network
• Lab III — MS installation to network -manual & auto key archival
• Lab IV — Entrust and other CA installations
• Lab V — Smart Cards and Biometrics
• Team Exercises — Creating a PKI framework, policies and OIDs
• Discussions — PKI enabling user applications and Risk Management

*Course fees are subject to change

View Class Schedule     

More Introduction Courses