Table of Contents

CompTIA CASP+ CAS-004 Certification Guide

Contributors

About the author

About the reviewers

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Share Your Thoughts

Section 1: Security Architecture

Chapter 1: Designing a Secure Network Architecture

Physical and virtual network and security devices

OSI model

Unified threat management

IDS/IPS

Network IDS versus NIPS

Wireless IPS

Inline encryptors

Network access control

SIEM

Switches

Firewalls

Routers

Proxy

Network address translation gateway

Load balancer

Hardware security module

Application- and protocol-aware technologies

DLP

WAF

Database activity monitoring

Spam filter

Advanced network design

Remote access

VPN

IPsec

SSH

Remote Desktop Protocol

Virtual Network Computing

Network authentication methods

Placement of hardware and applications

Network management and monitoring tools

Alert definitions and rule writing

Advanced configuration of network devices

Transport security

Port security

Route protection

Distributed DoS protection

Remotely triggered black hole

Security zones

DMZ

Summary

Questions

Case study

Answers

Case study answer

Chapter 2: Integrating Software Applications into the Enterprise

Integrating security into the development life cycle

Systems development life cycle

Development approaches

Versioning

Software assurance

Sandboxing/development environment

Validating third-party libraries

SecDevOps

Defining the DevOps pipeline

Baseline and templates

Secure coding standards

Application vetting processes

Hypertext Transfer Protocol (HTTP) headers

Application Programming Interface (API) management

Considerations when integrating enterprise applications

Customer relationship management (CRM)

Enterprise resource planning (ERP)

Configuration Management Database (CMDB)

Content management systems

Integration enablers

Directory services

Domain name system

Service-oriented architecture

Enterprise service bus

Summary

Questions

Answers

Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions

Implementing data loss prevention

Blocking the use of external media

Print blocking

Remote Desktop Protocol blocking

Implementing data loss detection

Watermarking

Digital rights management

Network traffic decryption/deep packet inspection

Network traffic analysis

Enabling data protection

Data classification

Metadata/attributes

Obfuscation

Anonymization

Encrypted versus unencrypted

Data life cycle

Data inventory and mapping

Data integrity management

Data storage, backup, and recovery

Redundant array of inexpensive disks

Implementing secure cloud and virtualization solutions

Virtualization strategies

Security considerations for virtualization

Investigating cloud deployment models

Deployment models and considerations

Private cloud

Public cloud

Hybrid cloud

Hosting models

Service models

Software as a service

Platform as a service

Infrastructure as a service

Cloud provider limitations

Extending appropriate on-premises controls

Micro-segmentation

Jump box

Examining cloud storage models

File-based storage

Database storage

Block storage

Blob storage

Key/value pairs

Summary

Questions

Answers

Chapter 4: Deploying Enterprise Authentication and Authorization Controls

Credential management

Hardware key manager

Password policies

Identity federation

Access control

Authentication and authorization protocols

Multi-Factor Authentication (MFA)

Summary

Questions

Answers

Section 2: Security Operations

Chapter 5: Threat and Vulnerability Management

Intelligence types

Tactical intelligence

Strategic intelligence

Operational intelligence

Commodity malware

Targeted attacks

Actor types

Advanced persistent threat – nation-state

Insider threat

Competitor

Hacktivist

Script kiddie

Organized crime

Threat actor properties

Resources

Time

Money

Supply chain access

Capabilities and sophistication

Identifying techniques

Intelligence collection methods

Intelligence feeds

Deep web

Proprietary intelligence

Open source intelligence

Human intelligence

Frameworks

MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)

ATT&CK for industrial control systems

The Diamond model of intrusion analysis

Cyber Kill Chain

Threat hunting

Threat emulation

Indicators of compromise

Packet capture

Logs

Network logs

Vulnerability logs

Operating system logs

Access logs

NetFlow logs

Notifications

File integrity monitoring alerts

SIEM alerts

Data loss prevention alerts

Intrusion detection system and intrusion prevention system alerts

Antivirus alerts

Notification severity and priorities

Responses

Firewall rules

Intrusion prevention system and intrusion detection system rules

Access control list rules

Signature rules

Behavior rules

Data loss prevention rules

Scripts/regular expressions

Summary

Questions

Answers

Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools

Vulnerability scans

Credentialed versus non-credentialed scans

Agent-based/server-based

Criticality ranking

Active versus passive scans

Security Content Automation Protocol (SCAP)

Extensible Configuration Checklist Description Format (XCCDF)

Open Vulnerability and Assessment Language (OVAL)

Common Platform Enumeration (CPE)

Common Vulnerabilities and Exposures (CVE)

Common Vulnerability Scoring System (CVSS)

Common Configuration Enumeration (CCE)

Asset Reporting Format (ARF)

Self-assessment versus third-party vendor assessment

Patch management

Information sources

Advisories

Bulletins

Vendor websites

Information Sharing and Analysis Centers (ISACs)

News reports

Testing methods

Static analysis

Dynamic analysis

Side-channel analysis

Wireless vulnerability scan

Software Composition Analysis (SCA)

Fuzz testing

Penetration testing

Requirements

Box testing

Post-exploitation

Persistence

Pivoting

Rescanning for corrections/changes

Security tools

SCAP scanner

Network traffic analyzer

Vulnerability scanner

Protocol analyzer

Port scanner

HTTP interceptor

Exploit framework

Dependency management tools

Summary

Questions

Answers

Chapter 7: Risk Mitigation Controls

Understanding application vulnerabilities

Race conditions

Buffer overflows

Broken authentication

Insecure references

Poor exception handling

Security misconfiguration

Information disclosure

Certificate errors

Use of unsafe functions

Third-party libraries

Dependencies

End-of-support and end-of-life

Regression issues

Assessing inherently vulnerable systems and applications

Client-side processing and server-side processing

JSON and representational state transfer

Browser extensions

Hypertext Markup Language 5 (HTML5)

Asynchronous JavaScript and XML (AJAX)

Simple Object Access Protocol (SOAP)

Recognizing common attacks

Directory traversal

Cross-site scripting

Cross-site request forgery

Injection attacks

Sandbox escape

VM hopping

VM escape

Border Gateway Protocol and route hijacking

Interception attacks

Denial of service and distributed denial of service

Social engineering

VLAN hopping

Proactive and detective risk reduction

Hunts

Developing countermeasures

Deceptive technologies

Security data analytics

Applying preventative risk reduction

Application control

Security automation

Physical security

Summary

Questions

Answers

Chapter 8: Implementing Incident Response and Forensics Procedures

Understanding incident response planning

Event classifications

Triage event

Understanding the incident response process

Preparation

Detection

Analysis

Containment

Eradication and recovery

Lessons learned

Specific response playbooks/processes

Non-automated response methods

Automated response methods

Communication plan

Understanding forensic concepts

Forensic process

Chain of custody

Order of volatility

Memory snapshots

Images

Evidence preservation

Cryptanalysis

Steganalysis

Using forensic analysis tools

File carving tools

Binary analysis tools

Analysis tools

Imaging tools

Hashing utilities

Using live collection and post-mortem tools

Summary

Questions

Answers

Section 3: Security Engineering and Cryptography

Chapter 9: Enterprise Mobility and Endpoint Security Controls

Implementing enterprise mobility management

Managed configurations

Security considerations for mobility management

The unauthorized remote activation and deactivation of devices or features

Encrypted and unencrypted communication concerns

Physical reconnaissance

Personal data theft

Health privacy

The implications of wearable devices

The digital forensics of collected data

Unauthorized application stores

Containerization

Original equipment manufacturer (OEM) and carrier differences

Supply chain issues

The use of an eFuse

Implementing endpoint security controls

Hardening techniques

Compensating controls

Summary

Questions

Answers

Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies

Identifying regulated business sectors

Energy sector

Manufacturing

Healthcare

Public utilities

Public services

Facility services

Understanding embedded systems

Internet of things

System on a chip

Application-specific integrated circuits

Field-programmable gate array

Understanding ICS/SCADA

PLCs

Historian

Ladder logic

Safety instrumented system

Heating, ventilation, and air conditioning

Understanding OT protocols

Controller area network bus

Modbus

Distributed Network Protocol 3

Zigbee

Common Industrial Protocol

Data Distribution Service

Summary

Questions

Answers

Chapter 11: Implementing Cryptographic Protocols and Algorithms

Understanding hashing algorithms

Secure Hashing Algorithm (SHA)

Hash-Based Message Authentication Code (HMAC)

Message Digest (MD)

RACE integrity primitives evaluation message digest (RIPEMD)

Understanding symmetric encryption algorithms

Block ciphers

Stream ciphers

Understanding asymmetric encryption algorithms

Rivest, Shamir, and Adleman (RSA)

Digital Signature Algorithm (DSA)

Elliptic-curve Digital Signature Algorithm (ECDSA)

Diffie-Hellman (DH)

Elliptic-curve Cryptography (ECC)

Elliptic-curve Diffie-Hellman (ECDH)

Understanding encryption protocols

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Internet Protocol Security (IPSec)

Secure Shell (SSH)

Key stretching

Password salting

Password-based key derivation function 2 (PBKDF2)

Understanding emerging security technologies

Quantum computing

Blockchain

Homomorphic encryption

Biometric impersonation

3D printing

Summary

Questions

Answers

Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs

Understanding the PKI hierarchy

Certificate authority

Registration authority

Certificate revocation list

Online Certificate Status Protocol

Understanding certificate types

Wildcard certificate

Extended validation

Multi-domain

General-purpose

Certificate usages/templates

Understanding PKI security and interoperability

Trusted certificate providers

Trust models

Cross-certification certificate

Life cycle management

Certificate pinning

Certificate stapling

CSRs

Common PKI use cases

Key escrow

Troubleshooting issues with cryptographic implementations

Key rotation

Mismatched keys

Improper key handling

Embedded keys

Exposed private keys

Crypto shredding

Cryptographic obfuscation

Compromised keys

Summary

Questions

Answers

Section 4: Governance, Risk, and Compliance

Chapter 13: Applying Appropriate Risk Strategies

Understanding risk assessments

Qualitative risk assessments

Quantitative risk assessments

Implementing risk-handling techniques

Transfer

Accept

Avoid

Mitigate

Risk types

Understanding the risk management life cycle

Department of Defense Risk Management Framework

NIST Cybersecurity Framework (CSF)

Understanding risk controls

Understanding risk tracking

Key performance indicators

Key risk indicators

Risk appetite

Risk tolerance

Trade-off analysis

Managing risk with policies and security practices

Separation of duties (SoD)

Job rotation

Mandatory vacation

Least privilege

Employment and termination procedures

Training and awareness for users

Auditing requirements and frequency

Explaining the importance of managing and mitigating vendor risk

Vendor lock-in

Vendor viability

Merger or acquisition risk

Meeting client requirements

Ongoing vendor assessment tools

Summary

Questions

Answers

Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact

Security concerns associated with integrating diverse industries

Data considerations

Understanding geographic considerations

Third-party attestation of compliance

Understanding regulations, accreditations, and standards

Understanding legal considerations

Application of contract and agreement types

Summary

Questions

Answers

Chapter 15: Business Continuity and Disaster Recovery Concepts

Conducting a business impact analysis

Maximum Tolerable Downtime (MTD)

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Recovery service level

Mission-essential functions

Privacy Impact Assessment (PIA)

Preparing a Disaster Recovery Plan/Business Continuity Plan

Backup and recovery methods

Planning for high availability and automation

Scalability

Resiliency

Automation

Content Delivery Network (CDN)

Testing plans

Explaining how cloud technology aids enterprise resilience

Using cloud solutions for business continuity and disaster recovery (BCDR)

Infrastructure versus serverless computing

Collaboration tools

Storage configurations

Cloud Access Security Broker (CASB)

Summary

Questions

Answers

Chapter 16: Mock Exam 1

Questions

Assessment test answers

Chapter 17: Mock Exam 2

Questions

Answers

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts