Home Page Icon
Home Page
Table of Contents for
CompTIA CASP+ CAS-004 Certification Guide
Close
CompTIA CASP+ CAS-004 Certification Guide
by Mark Birch
CompTIA CASP+ CAS-004 Certification Guide
CompTIA CASP+ CAS-004 Certification Guide
Contributors
About the author
About the reviewers
Preface
Section 1: Security Architecture
Chapter 1: Designing a Secure Network Architecture
Chapter 2: Integrating Software Applications into the Enterprise
Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Chapter 4: Deploying Enterprise Authentication and Authorization Controls
Section 2: Security Operations
Chapter 5: Threat and Vulnerability Management
Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
Chapter 7: Risk Mitigation Controls
Chapter 8: Implementing Incident Response and Forensics Procedures
Section 3: Security Engineering and Cryptography
Chapter 9: Enterprise Mobility and Endpoint Security Controls
Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
Chapter 11: Implementing Cryptographic Protocols and Algorithms
Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Section 4: Governance, Risk, and Compliance
Chapter 13: Applying Appropriate Risk Strategies
Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Chapter 15: Business Continuity and Disaster Recovery Concepts
Chapter 16: Mock Exam 1
Chapter 17: Mock Exam 2
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
CompTIA CASP+ CAS-004 Certification Guide
Next
Next Chapter
Preface
Table of Contents
CompTIA CASP+ CAS-004 Certification Guide
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Section 1:
Security Architecture
Chapter 1
: Designing a Secure Network Architecture
Physical and virtual network and security devices
OSI model
Unified threat management
IDS/IPS
Network IDS versus NIPS
Wireless IPS
Inline encryptors
Network access control
SIEM
Switches
Firewalls
Routers
Proxy
Network address translation gateway
Load balancer
Hardware security module
Application- and protocol-aware technologies
DLP
WAF
Database activity monitoring
Spam filter
Advanced network design
Remote access
VPN
IPsec
SSH
Remote Desktop Protocol
Virtual Network Computing
Network authentication methods
Placement of hardware and applications
Network management and monitoring tools
Alert definitions and rule writing
Advanced configuration of network devices
Transport security
Port security
Route protection
Distributed DoS protection
Remotely triggered black hole
Security zones
DMZ
Summary
Questions
Case study
Answers
Case study answer
Chapter 2
: Integrating Software Applications into the Enterprise
Integrating security into the development life cycle
Systems development life cycle
Development approaches
Versioning
Software assurance
Sandboxing/development environment
Validating third-party libraries
SecDevOps
Defining the DevOps pipeline
Baseline and templates
Secure coding standards
Application vetting processes
Hypertext Transfer Protocol (HTTP) headers
Application Programming Interface (API) management
Considerations when integrating enterprise applications
Customer relationship management (CRM)
Enterprise resource planning (ERP)
Configuration Management Database (CMDB)
Content management systems
Integration enablers
Directory services
Domain name system
Service-oriented architecture
Enterprise service bus
Summary
Questions
Answers
Chapter 3
: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Implementing data loss prevention
Blocking the use of external media
Print blocking
Remote Desktop Protocol blocking
Implementing data loss detection
Watermarking
Digital rights management
Network traffic decryption/deep packet inspection
Network traffic analysis
Enabling data protection
Data classification
Metadata/attributes
Obfuscation
Anonymization
Encrypted versus unencrypted
Data life cycle
Data inventory and mapping
Data integrity management
Data storage, backup, and recovery
Redundant array of inexpensive disks
Implementing secure cloud and virtualization solutions
Virtualization strategies
Security considerations for virtualization
Investigating cloud deployment models
Deployment models and considerations
Private cloud
Public cloud
Hybrid cloud
Hosting models
Service models
Software as a service
Platform as a service
Infrastructure as a service
Cloud provider limitations
Extending appropriate on-premises controls
Micro-segmentation
Jump box
Examining cloud storage models
File-based storage
Database storage
Block storage
Blob storage
Key/value pairs
Summary
Questions
Answers
Chapter 4
: Deploying Enterprise Authentication and Authorization Controls
Credential management
Hardware key manager
Password policies
Identity federation
Access control
Authentication and authorization protocols
Multi-Factor Authentication (MFA)
Summary
Questions
Answers
Section 2:
Security Operations
Chapter 5
: Threat and Vulnerability Management
Intelligence types
Tactical intelligence
Strategic intelligence
Operational intelligence
Commodity malware
Targeted attacks
Actor types
Advanced persistent threat – nation-state
Insider threat
Competitor
Hacktivist
Script kiddie
Organized crime
Threat actor properties
Resources
Time
Money
Supply chain access
Capabilities and sophistication
Identifying techniques
Intelligence collection methods
Intelligence feeds
Deep web
Proprietary intelligence
Open source intelligence
Human intelligence
Frameworks
MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
ATT&CK for industrial control systems
The Diamond model of intrusion analysis
Cyber Kill Chain
Threat hunting
Threat emulation
Indicators of compromise
Packet capture
Logs
Network logs
Vulnerability logs
Operating system logs
Access logs
NetFlow logs
Notifications
File integrity monitoring alerts
SIEM alerts
Data loss prevention alerts
Intrusion detection system and intrusion prevention system alerts
Antivirus alerts
Notification severity and priorities
Responses
Firewall rules
Intrusion prevention system and intrusion detection system rules
Access control list rules
Signature rules
Behavior rules
Data loss prevention rules
Scripts/regular expressions
Summary
Questions
Answers
Chapter 6
: Vulnerability Assessment and Penetration Testing Methods and Tools
Vulnerability scans
Credentialed versus non-credentialed scans
Agent-based/server-based
Criticality ranking
Active versus passive scans
Security Content Automation Protocol (SCAP)
Extensible Configuration Checklist Description Format (XCCDF)
Open Vulnerability and Assessment Language (OVAL)
Common Platform Enumeration (CPE)
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Common Configuration Enumeration (CCE)
Asset Reporting Format (ARF)
Self-assessment versus third-party vendor assessment
Patch management
Information sources
Advisories
Bulletins
Vendor websites
Information Sharing and Analysis Centers (ISACs)
News reports
Testing methods
Static analysis
Dynamic analysis
Side-channel analysis
Wireless vulnerability scan
Software Composition Analysis (SCA)
Fuzz testing
Penetration testing
Requirements
Box testing
Post-exploitation
Persistence
Pivoting
Rescanning for corrections/changes
Security tools
SCAP scanner
Network traffic analyzer
Vulnerability scanner
Protocol analyzer
Port scanner
HTTP interceptor
Exploit framework
Dependency management tools
Summary
Questions
Answers
Chapter 7
: Risk Mitigation Controls
Understanding application vulnerabilities
Race conditions
Buffer overflows
Broken authentication
Insecure references
Poor exception handling
Security misconfiguration
Information disclosure
Certificate errors
Use of unsafe functions
Third-party libraries
Dependencies
End-of-support and end-of-life
Regression issues
Assessing inherently vulnerable systems and applications
Client-side processing and server-side processing
JSON and representational state transfer
Browser extensions
Hypertext Markup Language 5 (HTML5)
Asynchronous JavaScript and XML (AJAX)
Simple Object Access Protocol (SOAP)
Recognizing common attacks
Directory traversal
Cross-site scripting
Cross-site request forgery
Injection attacks
Sandbox escape
VM hopping
VM escape
Border Gateway Protocol and route hijacking
Interception attacks
Denial of service and distributed denial of service
Social engineering
VLAN hopping
Proactive and detective risk reduction
Hunts
Developing countermeasures
Deceptive technologies
Security data analytics
Applying preventative risk reduction
Application control
Security automation
Physical security
Summary
Questions
Answers
Chapter 8
: Implementing Incident Response and Forensics Procedures
Understanding incident response planning
Event classifications
Triage event
Understanding the incident response process
Preparation
Detection
Analysis
Containment
Eradication and recovery
Lessons learned
Specific response playbooks/processes
Non-automated response methods
Automated response methods
Communication plan
Understanding forensic concepts
Forensic process
Chain of custody
Order of volatility
Memory snapshots
Images
Evidence preservation
Cryptanalysis
Steganalysis
Using forensic analysis tools
File carving tools
Binary analysis tools
Analysis tools
Imaging tools
Hashing utilities
Using live collection and post-mortem tools
Summary
Questions
Answers
Section 3:
Security Engineering and Cryptography
Chapter 9
: Enterprise Mobility and Endpoint Security Controls
Implementing enterprise mobility management
Managed configurations
Security considerations for mobility management
The unauthorized remote activation and deactivation of devices or features
Encrypted and unencrypted communication concerns
Physical reconnaissance
Personal data theft
Health privacy
The implications of wearable devices
The digital forensics of collected data
Unauthorized application stores
Containerization
Original equipment manufacturer (OEM) and carrier differences
Supply chain issues
The use of an eFuse
Implementing endpoint security controls
Hardening techniques
Compensating controls
Summary
Questions
Answers
Chapter 10
: Security Considerations Impacting Specific Sectors and Operational Technologies
Identifying regulated business sectors
Energy sector
Manufacturing
Healthcare
Public utilities
Public services
Facility services
Understanding embedded systems
Internet of things
System on a chip
Application-specific integrated circuits
Field-programmable gate array
Understanding ICS/SCADA
PLCs
Historian
Ladder logic
Safety instrumented system
Heating, ventilation, and air conditioning
Understanding OT protocols
Controller area network bus
Modbus
Distributed Network Protocol 3
Zigbee
Common Industrial Protocol
Data Distribution Service
Summary
Questions
Answers
Chapter 11
: Implementing Cryptographic Protocols and Algorithms
Understanding hashing algorithms
Secure Hashing Algorithm (SHA)
Hash-Based Message Authentication Code (HMAC)
Message Digest (MD)
RACE integrity primitives evaluation message digest (RIPEMD)
Understanding symmetric encryption algorithms
Block ciphers
Stream ciphers
Understanding asymmetric encryption algorithms
Rivest, Shamir, and Adleman (RSA)
Digital Signature Algorithm (DSA)
Elliptic-curve Digital Signature Algorithm (ECDSA)
Diffie-Hellman (DH)
Elliptic-curve Cryptography (ECC)
Elliptic-curve Diffie-Hellman (ECDH)
Understanding encryption protocols
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Internet Protocol Security (IPSec)
Secure Shell (SSH)
Key stretching
Password salting
Password-based key derivation function 2 (PBKDF2)
Understanding emerging security technologies
Quantum computing
Blockchain
Homomorphic encryption
Biometric impersonation
3D printing
Summary
Questions
Answers
Chapter 12
: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Understanding the PKI hierarchy
Certificate authority
Registration authority
Certificate revocation list
Online Certificate Status Protocol
Understanding certificate types
Wildcard certificate
Extended validation
Multi-domain
General-purpose
Certificate usages/templates
Understanding PKI security and interoperability
Trusted certificate providers
Trust models
Cross-certification certificate
Life cycle management
Certificate pinning
Certificate stapling
CSRs
Common PKI use cases
Key escrow
Troubleshooting issues with cryptographic implementations
Key rotation
Mismatched keys
Improper key handling
Embedded keys
Exposed private keys
Crypto shredding
Cryptographic obfuscation
Compromised keys
Summary
Questions
Answers
Section 4:
Governance, Risk, and Compliance
Chapter 13
: Applying Appropriate Risk Strategies
Understanding risk assessments
Qualitative risk assessments
Quantitative risk assessments
Implementing risk-handling techniques
Transfer
Accept
Avoid
Mitigate
Risk types
Understanding the risk management life cycle
Department of Defense Risk Management Framework
NIST Cybersecurity Framework (CSF)
Understanding risk controls
Understanding risk tracking
Key performance indicators
Key risk indicators
Risk appetite
Risk tolerance
Trade-off analysis
Managing risk with policies and security practices
Separation of duties (SoD)
Job rotation
Mandatory vacation
Least privilege
Employment and termination procedures
Training and awareness for users
Auditing requirements and frequency
Explaining the importance of managing and mitigating vendor risk
Vendor lock-in
Vendor viability
Merger or acquisition risk
Meeting client requirements
Ongoing vendor assessment tools
Summary
Questions
Answers
Chapter 14
: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Security concerns associated with integrating diverse industries
Data considerations
Understanding geographic considerations
Third-party attestation of compliance
Understanding regulations, accreditations, and standards
Understanding legal considerations
Application of contract and agreement types
Summary
Questions
Answers
Chapter 15
: Business Continuity and Disaster Recovery Concepts
Conducting a business impact analysis
Maximum Tolerable Downtime (MTD)
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Recovery service level
Mission-essential functions
Privacy Impact Assessment (PIA)
Preparing a Disaster Recovery Plan/Business Continuity Plan
Backup and recovery methods
Planning for high availability and automation
Scalability
Resiliency
Automation
Content Delivery Network (CDN)
Testing plans
Explaining how cloud technology aids enterprise resilience
Using cloud solutions for business continuity and disaster recovery (BCDR)
Infrastructure versus serverless computing
Collaboration tools
Storage configurations
Cloud Access Security Broker (CASB)
Summary
Questions
Answers
Chapter 16
: Mock Exam 1
Questions
Assessment test answers
Chapter 17
: Mock Exam 2
Questions
Answers
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset