SecProve
Pillar A: CybersecurityA24

Exposure Management & Attack Surface

External attack-surface management (EASM), cyber asset attack-surface management (CAASM), continuous threat exposure management (CTEM), attack-path analysis, validation, and remediation orchestration.

Practice A24 (40 questions)
Part of Pillar A: Cybersecurity · Cybersecurity groups the disciplines that share methods, tools, and threat models with Exposure Management & Attack Surface.
Layer 4

Detect, Test & Respond

Watch, hunt, attack ethically, analyse, and respond — classical and AI.

Other domains in this layer

A7Incident Response & ForensicsA8Threat IntelligenceA9Penetration Testing & Red TeamingA10Security OperationsA11Detection Engineering & Threat HuntingA19Cyber Deception & Active DefenseA21Malware Analysis & Reverse EngineeringC5AI Red TeamingA23Recovery, Resilience & Cyber Recovery
See how this layer connects to the rest of the domain map →

Certifications that signal this domain

Credentials whose blueprint meaningfully covers this domain. Core means centrally covered; also touched means present in the blueprint but not the primary focus.

Also touched

CEHAssociate·EC-CouncilOfficial page →

Certified Ethical Hacker

Offensive-concepts breadth; light on hands-on rigor compared to OSCP.

CySA+Associate·CompTIAOfficial page →

CompTIA Cybersecurity Analyst+

SOC analyst skills: triage, log analysis, vulnerability management basics.

OSCPProfessional·OffSecOfficial page →

Offensive Security Certified Professional

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

OSWEExpert·OffSecOfficial page →

Offensive Security Web Expert

Advanced web application exploitation — whitebox review, vulnerability chain construction.

Browse all certifications → — pick a cert on the interactive map to highlight every domain it covers.

Curated resources

Authoritative sources we ground Exposure Management & Attack Surface questions in — frameworks, research, guides, and tools.

Gartnerresearch

Gartner — Continuous Threat Exposure Management (CTEM)

Originating Gartner article that defined CTEM as a five-stage program: scoping, discovery, prioritization, validation, mobilization. The reference for the CTEM acronym and process model.

NISTframework

NIST SP 800-115 — Technical Guide to Information Security Testing

Federal methodology for security assessments: target identification, vulnerability analysis, validation. Underpins both penetration testing and exposure management programs.

Shodantool

Shodan — The Search Engine for Internet-Connected Devices

Industry-standard tool for external attack surface discovery. Scans the public internet, exposes service banners, supports queries for specific exposures. The reference for EASM tooling questions.

OWASPtool

OWASP Attack Surface Analysis Cheat Sheet

Practical methodology for identifying and reducing attack surface in applications. Covers entry points, data flows, and trust boundaries. The application-layer complement to network EASM.

FIRSTtool

FIRST CVSS — Common Vulnerability Scoring System

The standardized vulnerability severity scoring system referenced by virtually every vuln management program. v3.1 widely deployed; v4.0 introduces threat and environmental refinements.

View all resources for A24

More in Cybersecurity

A1

Governance, Risk & Compliance

A2

Network Security

A3

Zero Trust Architecture

A4

Application Security

A5

Cloud Security

A6

Identity & Access Management

Test what you know about Exposure Management & Attack Surface

40 questions available. Beginner to expert questions, scored against the global leaderboard.

Start a QuizSign Up Free