Launch offeryour first badge for €5 with code
Plume
← All skills
Active Directory Security
Cybersecurity & GDPR

Active Directory Security

Kerberos, GPO, tiering, ACLs, attacks (Kerberoasting, DCSync), hardening, auditing.

15 minutes€19.99

Before starting, we run a 1-minute tech check β€” microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.

How does it work? β†’

About the Active Directory Security badge

Prove you can lock down Kerberos, map attack paths in BloodHound and run a Tier 0 response β€” in a 15-minute AI oral that cuts through buzzword CVs.

The Plume Active Directory Security badge validates your real-world ability to harden, audit and defend a Windows domain. In a 15-minute AI oral (OpenAI Realtime), you are questioned on concrete scenarios: spotting DCSync traces on a domain controller, rolling out a Tier 0/1/2 model, countering Kerberoasting and AS-REP Roasting, and prioritizing attack paths surfaced by BloodHound or PingCastle. This is not a multiple-choice test. The AI follows your answers, drills into vague areas, and scores your actual technical depth.

Unlike a generic certification or a self-declared LinkedIn skill, this badge is built on a recorded oral session analyzed by Claude Opus, which produces a score from 0 to 100 and a level (Novice, Proficient, Advanced, Expert). The detailed report breaks down strengths and gaps across every dimension: Kerberos mastery, ACL management, SIEM and EDR integration, your stance on NTLM deprecation and recent CVEs. Recruiters and CISOs can access your badge via a public URL and listen to the recording if you allow it.

This badge is built for security engineers, IAM consultants, Active Directory administrators and pentesters working in on-premise or hybrid environments (AD plus Entra ID). Whether you are preparing for a large-scale enterprise engagement, a CISO interview, or simply want to benchmark your level before upskilling, the badge gives you a credible, timestamped and verifiable proof of your Active Directory security expertise.

What this badge evaluates

Here are the concrete dimensions the AI examines during the 15-minute oral.

How this badge is scored

Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.

How the oral exam unfolds

A Plume session takes about 20 minutes, from tech check to badge delivery.

  1. Step 1

    Tech check (1 min)

    Before starting, the AI checks that your microphone works, your connection is stable and you are in a quiet space. No tools, documentation or screens are allowed during the oral.

  2. Step 2

    Warm-up and context (2 min)

    The AI examiner asks you to introduce yourself and describe your most recent Active Directory security engagement: company type, domain size, scope of your involvement.

  3. Step 3

    In-depth questioning (10-12 min)

    The core of the exam: the AI works through the major themes (Kerberos, tiering, ACLs, incident detection, hybrid integration, recent changes). It adjusts the depth of its follow-up questions to your answers and drills into gaps.

  4. Step 4

    Big-picture question (1-2 min)

    The examiner asks you to step back: in what situations would you recommend migrating to Entra ID rather than continuing to harden an on-premise AD? What limits of AD hardening have you hit in practice?

  5. Step 5

    Score and badge delivery (under 10 min)

    Claude Opus analyzes the transcript, assigns a score from 0 to 100 and a level (Novice, Proficient, Advanced, Expert), and generates a detailed per-criterion report. Your badge is available immediately with a shareable URL.

The 4 proficiency levels

Your score out of 100 translates into a level a recruiter can grasp at a glance.

Novice

Score 0-39

You know the basics of Active Directory (users, groups, GPOs) but have not yet worked on AD security challenges in a professional context. You are not yet familiar with Kerberos internals, BloodHound or tiering models.

Proficient

Score 40-59

You have taken part in AD audits or hardening engagements, you understand the main attacks (Kerberoasting, DCSync) and you know how to run an initial scan with PingCastle or BloodHound. You can describe a tiering model even if you have not deployed one end-to-end.

Advanced

Score 60-79

You have designed and deployed secure AD architectures in production, including tiering, LAPS, Credential Guard and gMSA service accounts. You use BloodHound to prioritize attack paths and you know how to respond to a DCSync or Golden Ticket incident.

Expert

Score 80-100

You are the go-to AD security reference in your organization or for your clients. You drive long-term hardening strategy, integrate AD with Entra ID and a PAM solution, track Kerberos CVEs and the NTLM deprecation roadmap, and mentor other engineers on AD security.

Who this badge is for

No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.

Concrete use cases

Where and how your Active Directory Security badge will help you day to day.

Prerequisites

A few minutes to check you have everything you need.

What you take away

At the end of your session you don't just get a score β€” here's everything that awaits you.

Frequently asked questions about the Active Directory Security badge

The oral is calibrated for professionals with at least one year of hands-on AD experience in a real environment (administration, auditing or penetration testing). If you have never worked with BloodHound, tiering or Kerberos professionally, you are likely to score at the Novice level. The badge is not an introduction to AD security: it is a validation of operational skills.

Other Cybersecurity & GDPR badges

Discover related skills you can validate with Plume.

Ready to take the Active Directory Security badge?

A 15-min oral exam with an AI, a shareable badge for your recruiters.

Choose this badge Β· €19.99