CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
- Length: 654 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-03-03
- ISBN-10: 1801816778
- ISBN-13: 9781801816779
- Sales Rank: #117921 (See Top 100 Books)
Architect, engineer, integrate, and implement security across increasingly complex, hybrid enterprise networks
Key Features
- Learn how to apply industry best practices and earn the CASP+ certification
- Explore over 400 CASP+ questions to test your understanding of key concepts and help you prepare for the exam
- Discover over 300 illustrations and diagrams that will assist you in understanding advanced CASP+ concepts
Book Description
CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt.
Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You’ll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you’ll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you’ll understand the impact of governance, risk, and compliance requirements throughout the enterprise.
By the end of this CASP study guide, you’ll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.
What you will learn
- Understand Cloud Security Alliance (CSA) and the FedRAMP programs
- Respond to Advanced Persistent Threats (APT) by deploying hunt teams
- Understand the Cyber Kill Chain framework as well as MITRE ATT&CK and Diamond Models
- Deploy advanced cryptographic solutions using the latest FIPS standards
- Understand compliance requirements for GDPR, PCI, DSS, and COPPA
- Secure Internet of Things (IoT), Industrial control systems (ICS), and SCADA
- Plan for incident response and digital forensics using advanced tools
Who this book is for
This CompTIA book is for CASP+ CAS-004 exam candidates who want to achieve CASP+ certification to advance their career. Security architects, senior security engineers, SOC managers, security analysts, IT cybersecurity specialists/INFOSEC specialists, and cyber risk analysts will benefit from this book. Experience in an IT technical role or CompTIA Security+ certification or equivalent is assumed.
CompTIA CASP+ CAS-004 Certification Guide Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Security Architecture Chapter 1: Designing a Secure Network Architecture Physical and virtual network and security devices OSI model Unified threat management IDS/IPS Network IDS versus NIPS Wireless IPS Inline encryptors Network access control SIEM Switches Firewalls Routers Proxy Network address translation gateway Load balancer Hardware security module Application- and protocol-aware technologies DLP WAF Database activity monitoring Spam filter Advanced network design Remote access VPN IPsec SSH Remote Desktop Protocol Virtual Network Computing Network authentication methods Placement of hardware and applications Network management and monitoring tools Alert definitions and rule writing Advanced configuration of network devices Transport security Port security Route protection Distributed DoS protection Remotely triggered black hole Security zones DMZ Summary Questions Case study Answers Case study answer Chapter 2: Integrating Software Applications into the Enterprise Integrating security into the development life cycle Systems development life cycle Development approaches Versioning Software assurance Sandboxing/development environment Validating third-party libraries SecDevOps Defining the DevOps pipeline Baseline and templates Secure coding standards Application vetting processes Hypertext Transfer Protocol (HTTP) headers Application Programming Interface (API) management Considerations when integrating enterprise applications Customer relationship management (CRM) Enterprise resource planning (ERP) Configuration Management Database (CMDB) Content management systems Integration enablers Directory services Domain name system Service-oriented architecture Enterprise service bus Summary Questions Answers Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions Implementing data loss prevention Blocking the use of external media Print blocking Remote Desktop Protocol blocking Implementing data loss detection Watermarking Digital rights management Network traffic decryption/deep packet inspection Network traffic analysis Enabling data protection Data classification Metadata/attributes Obfuscation Anonymization Encrypted versus unencrypted Data life cycle Data inventory and mapping Data integrity management Data storage, backup, and recovery Redundant array of inexpensive disks Implementing secure cloud and virtualization solutions Virtualization strategies Security considerations for virtualization Investigating cloud deployment models Deployment models and considerations Private cloud Public cloud Hybrid cloud Hosting models Service models Software as a service Platform as a service Infrastructure as a service Cloud provider limitations Extending appropriate on-premises controls Micro-segmentation Jump box Examining cloud storage models File-based storage Database storage Block storage Blob storage Key/value pairs Summary Questions Answers Chapter 4: Deploying Enterprise Authentication and Authorization Controls Credential management Hardware key manager Password policies Identity federation Access control Authentication and authorization protocols Multi-Factor Authentication (MFA) Summary Questions Answers Section 2: Security Operations Chapter 5: Threat and Vulnerability Management Intelligence types Tactical intelligence Strategic intelligence Operational intelligence Commodity malware Targeted attacks Actor types Advanced persistent threat – nation-state Insider threat Competitor Hacktivist Script kiddie Organized crime Threat actor properties Resources Time Money Supply chain access Capabilities and sophistication Identifying techniques Intelligence collection methods Intelligence feeds Deep web Proprietary intelligence Open source intelligence Human intelligence Frameworks MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) ATT&CK for industrial control systems The Diamond model of intrusion analysis Cyber Kill Chain Threat hunting Threat emulation Indicators of compromise Packet capture Logs Network logs Vulnerability logs Operating system logs Access logs NetFlow logs Notifications File integrity monitoring alerts SIEM alerts Data loss prevention alerts Intrusion detection system and intrusion prevention system alerts Antivirus alerts Notification severity and priorities Responses Firewall rules Intrusion prevention system and intrusion detection system rules Access control list rules Signature rules Behavior rules Data loss prevention rules Scripts/regular expressions Summary Questions Answers Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools Vulnerability scans Credentialed versus non-credentialed scans Agent-based/server-based Criticality ranking Active versus passive scans Security Content Automation Protocol (SCAP) Extensible Configuration Checklist Description Format (XCCDF) Open Vulnerability and Assessment Language (OVAL) Common Platform Enumeration (CPE) Common Vulnerabilities and Exposures (CVE) Common Vulnerability Scoring System (CVSS) Common Configuration Enumeration (CCE) Asset Reporting Format (ARF) Self-assessment versus third-party vendor assessment Patch management Information sources Advisories Bulletins Vendor websites Information Sharing and Analysis Centers (ISACs) News reports Testing methods Static analysis Dynamic analysis Side-channel analysis Wireless vulnerability scan Software Composition Analysis (SCA) Fuzz testing Penetration testing Requirements Box testing Post-exploitation Persistence Pivoting Rescanning for corrections/changes Security tools SCAP scanner Network traffic analyzer Vulnerability scanner Protocol analyzer Port scanner HTTP interceptor Exploit framework Dependency management tools Summary Questions Answers Chapter 7: Risk Mitigation Controls Understanding application vulnerabilities Race conditions Buffer overflows Broken authentication Insecure references Poor exception handling Security misconfiguration Information disclosure Certificate errors Use of unsafe functions Third-party libraries Dependencies End-of-support and end-of-life Regression issues Assessing inherently vulnerable systems and applications Client-side processing and server-side processing JSON and representational state transfer Browser extensions Hypertext Markup Language 5 (HTML5) Asynchronous JavaScript and XML (AJAX) Simple Object Access Protocol (SOAP) Recognizing common attacks Directory traversal Cross-site scripting Cross-site request forgery Injection attacks Sandbox escape VM hopping VM escape Border Gateway Protocol and route hijacking Interception attacks Denial of service and distributed denial of service Social engineering VLAN hopping Proactive and detective risk reduction Hunts Developing countermeasures Deceptive technologies Security data analytics Applying preventative risk reduction Application control Security automation Physical security Summary Questions Answers Chapter 8: Implementing Incident Response and Forensics Procedures Understanding incident response planning Event classifications Triage event Understanding the incident response process Preparation Detection Analysis Containment Eradication and recovery Lessons learned Specific response playbooks/processes Non-automated response methods Automated response methods Communication plan Understanding forensic concepts Forensic process Chain of custody Order of volatility Memory snapshots Images Evidence preservation Cryptanalysis Steganalysis Using forensic analysis tools File carving tools Binary analysis tools Analysis tools Imaging tools Hashing utilities Using live collection and post-mortem tools Summary Questions Answers Section 3: Security Engineering and Cryptography Chapter 9: Enterprise Mobility and Endpoint Security Controls Implementing enterprise mobility management Managed configurations Security considerations for mobility management The unauthorized remote activation and deactivation of devices or features Encrypted and unencrypted communication concerns Physical reconnaissance Personal data theft Health privacy The implications of wearable devices The digital forensics of collected data Unauthorized application stores Containerization Original equipment manufacturer (OEM) and carrier differences Supply chain issues The use of an eFuse Implementing endpoint security controls Hardening techniques Compensating controls Summary Questions Answers Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies Identifying regulated business sectors Energy sector Manufacturing Healthcare Public utilities Public services Facility services Understanding embedded systems Internet of things System on a chip Application-specific integrated circuits Field-programmable gate array Understanding ICS/SCADA PLCs Historian Ladder logic Safety instrumented system Heating, ventilation, and air conditioning Understanding OT protocols Controller area network bus Modbus Distributed Network Protocol 3 Zigbee Common Industrial Protocol Data Distribution Service Summary Questions Answers Chapter 11: Implementing Cryptographic Protocols and Algorithms Understanding hashing algorithms Secure Hashing Algorithm (SHA) Hash-Based Message Authentication Code (HMAC) Message Digest (MD) RACE integrity primitives evaluation message digest (RIPEMD) Understanding symmetric encryption algorithms Block ciphers Stream ciphers Understanding asymmetric encryption algorithms Rivest, Shamir, and Adleman (RSA) Digital Signature Algorithm (DSA) Elliptic-curve Digital Signature Algorithm (ECDSA) Diffie-Hellman (DH) Elliptic-curve Cryptography (ECC) Elliptic-curve Diffie-Hellman (ECDH) Understanding encryption protocols Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Secure/Multipurpose Internet Mail Extensions (S/MIME) Internet Protocol Security (IPSec) Secure Shell (SSH) Key stretching Password salting Password-based key derivation function 2 (PBKDF2) Understanding emerging security technologies Quantum computing Blockchain Homomorphic encryption Biometric impersonation 3D printing Summary Questions Answers Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs Understanding the PKI hierarchy Certificate authority Registration authority Certificate revocation list Online Certificate Status Protocol Understanding certificate types Wildcard certificate Extended validation Multi-domain General-purpose Certificate usages/templates Understanding PKI security and interoperability Trusted certificate providers Trust models Cross-certification certificate Life cycle management Certificate pinning Certificate stapling CSRs Common PKI use cases Key escrow Troubleshooting issues with cryptographic implementations Key rotation Mismatched keys Improper key handling Embedded keys Exposed private keys Crypto shredding Cryptographic obfuscation Compromised keys Summary Questions Answers Section 4: Governance, Risk, and Compliance Chapter 13: Applying Appropriate Risk Strategies Understanding risk assessments Qualitative risk assessments Quantitative risk assessments Implementing risk-handling techniques Transfer Accept Avoid Mitigate Risk types Understanding the risk management life cycle Department of Defense Risk Management Framework NIST Cybersecurity Framework (CSF) Understanding risk controls Understanding risk tracking Key performance indicators Key risk indicators Risk appetite Risk tolerance Trade-off analysis Managing risk with policies and security practices Separation of duties (SoD) Job rotation Mandatory vacation Least privilege Employment and termination procedures Training and awareness for users Auditing requirements and frequency Explaining the importance of managing and mitigating vendor risk Vendor lock-in Vendor viability Merger or acquisition risk Meeting client requirements Ongoing vendor assessment tools Summary Questions Answers Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact Security concerns associated with integrating diverse industries Data considerations Understanding geographic considerations Third-party attestation of compliance Understanding regulations, accreditations, and standards Understanding legal considerations Application of contract and agreement types Summary Questions Answers Chapter 15: Business Continuity and Disaster Recovery Concepts Conducting a business impact analysis Maximum Tolerable Downtime (MTD) Recovery Time Objective (RTO) Recovery Point Objective (RPO) Recovery service level Mission-essential functions Privacy Impact Assessment (PIA) Preparing a Disaster Recovery Plan/Business Continuity Plan Backup and recovery methods Planning for high availability and automation Scalability Resiliency Automation Content Delivery Network (CDN) Testing plans Explaining how cloud technology aids enterprise resilience Using cloud solutions for business continuity and disaster recovery (BCDR) Infrastructure versus serverless computing Collaboration tools Storage configurations Cloud Access Security Broker (CASB) Summary Questions Answers Chapter 16: Mock Exam 1 Questions Assessment test answers Chapter 17: Mock Exam 2 Questions Answers Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.