NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

Baseline

A known-good snapshot of system state: running services, listening ports, user accounts, configuration files, file hashes. Later deviations from the baseline are candidate evidence of compromise.

How this shows up at NCAE

The first 2 minutes of competition: capture a baseline (`ss -tlnp`, `ps auxf`, `systemctl list-units`, `md5sum /etc/passwd`). Every subsequent diff is meaningful. Without a baseline you're flying blind.