CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
This is the eBook edition of the CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition.

Learn, prepare, and practice for CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam success with this CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This complete study package includes
* A test-preparation routine proven to help you pass the exams
* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
* Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Ensuring a secure network architecture
* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies


1141600108
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
This is the eBook edition of the CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition.

Learn, prepare, and practice for CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam success with this CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This complete study package includes
* A test-preparation routine proven to help you pass the exams
* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
* Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Ensuring a secure network architecture
* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies


43.49 In Stock
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

by Troy McMillan
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

by Troy McMillan

eBook

$43.49  $57.99 Save 25% Current price is $43.49, Original price is $57.99. You Save 25%.

Available on Compatible NOOK devices, the free NOOK App and in My Digital Library.
WANT A NOOK?  Explore Now

Related collections and offers


Overview

This is the eBook edition of the CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition.

Learn, prepare, and practice for CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam success with this CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This complete study package includes
* A test-preparation routine proven to help you pass the exams
* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
* Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Ensuring a secure network architecture
* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies



Product Details

ISBN-13: 9780137348701
Publisher: Pearson Education
Publication date: 07/07/2022
Series: Certification Guide
Sold by: Barnes & Noble
Format: eBook
Pages: 864
File size: 27 MB
Note: This product may take a few minutes to download.
Age Range: 18 Years

About the Author

Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes

* Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification)
* Author of CompTIA A+ Complete Review Guide (Sybex)
* Author of CompTIA Server + Study Guide (Sybex)
* Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)
* Prep test question writer for Network+ Study Guide (Sybex)
* Technical editor for Windows 7 Study Guide (Sybex)
* Contributing author for CCNA-Wireless Study Guide (Sybex)
* Technical editor for CCNA Study Guide, Revision 7 (Sybex)
* Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex)
* Author of Cisco Essentials (Sybex)
* Co-author of CISSP Cert Guide (Pearson IT Certification)
* Prep test question writer for CCNA Wireless 640-722 (Cisco Press)


He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.

He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.

Table of Contents

Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
    Load Balancer 3
    Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3
    Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
    Web Application Firewall (WAF) 6
    Network Access Control (NAC) 8
    Virtual Private Network (VPN) 10
    Domain Name System Security Extensions (DNSSEC) 11
    Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
    Network Address Translation (NAT) Gateway 19
    Internet Gateway 21
    Forward/Transparent Proxy 21
    Reverse Proxy 22
    Distributed Denial-of-Service (DDoS) Protection 22
    Routers 22
    Mail Security 26
    Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30
    Traffic Mirroring 30
    Sensors 32
Segmentation 39
    Microsegmentation 40
    Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
    Jump Box 43
    Screened Subnet 44
    Data Zones 44
    Staging Environments 45
    Guest Environments 45
    VPC/Virtual Network (VNET) 45
    Availability Zone 46
    NAC Lists 47
    Policies/Security Groups 47
    Regions 49
    Access Control Lists (ACLs) 49
    Peer-to-Peer 49
    Air Gap 49
De-perimeterization/Zero Trust 49
    Cloud 50
    Remote Work 50
    Mobile 50
    Outsourcing and Contracting 52
    Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
    Peering 59
    Cloud to on Premises 59
    Data Sensitivity Levels 59
    Mergers and Acquisitions 60
    Cross-domain 61
    Federation 61
    Directory Services 61
Software-Defined Networking (SDN) 62
    Open SDN 63
    Hybrid SDN 64
    SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
    Vertically 73
    Horizontally 74
Resiliency 74
    High Availability/Redundancy 74
    Diversity/Heterogeneity 75
    Course of Action Orchestration 75
    Distributed Allocation 76
    Replication 76
    Clustering 76
Automation 76
    Autoscaling 76
    Security Orchestration, Automation, and Response (SOAR) 77
    Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
    Baselines 85
    Create Benchmarks and Compare to Baselines 85
    Templates 86
    Secure Design Patterns/Types of Web Technologies 87
    Container APIs 88
    Secure Coding Standards 89
    Application Vetting Processes 90
    API Management 91
    Middleware 91
Software Assurance 92
    Sandboxing/Development Environment 92
    Validating Third-Party Libraries 93
    Defined DevOps Pipeline 93
    Code Signing 94
    Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
    Customer Relationship Management (CRM) 100
    Enterprise Resource Planning (ERP) 100
    Configuration Management Database (CMDB) 101
    Content Management System (CMS) 101
    Integration Enablers 101
Integrating Security into Development Life Cycle 103
    Formal Methods 103
    Requirements 103
    Fielding 104
    Insertions and Upgrades 104
    Disposal and Reuse 104
    Testing 105
    Development Approaches 109
    Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125
Data Loss Prevention 125
    Blocking Use of External Media 125
    Print Blocking 126
    Remote Desktop Protocol (RDP) Blocking 126
    Clipboard Privacy Controls 127
    Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
    Data Classification Blocking 128
Data Loss Detection 129
    Watermarking 129
    Digital Rights Management (DRM) 129
    Network Traffic Decryption/Deep Packet Inspection 130
    Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
    Metadata/Attributes 130
Obfuscation 131
    Tokenization 131
    Scrubbing 131
    Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
    Create 132
    Use 133
    Share 133
    Store 133
    Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
    Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149
Credential Management 149
    Password Repository Application 149
    Hardware Key Manager 150
    Privileged Access Management 151
    Privilege Escalation 151
    Password Policies 151
    Complexity 153
    Length 153
    Character Classes 153
    History 154
    Maximum/Minimum Age 154
    Auditing 155
    Reversable Encryption 156
Federation 156
    Transitive Trust 156
    OpenID 156
    Security Assertion Markup Language (SAML) 157
    Shibboleth 158
Access Control 159
    Mandatory Access Control (MAC) 160
    Discretionary Access Control (DAC) 160
    Role-Based Access Control 161
    Rule-Based Access Control 161
    Attribute-Based Access Control 161
Protocols 162
    Remote Authentication Dial-in User Service (RADIUS) 162
    Terminal Access Controller Access Control System (TACACS) 163
    Diameter 164
    Lightweight Directory Access Protocol (LDAP) 164
    Kerberos 165
    OAuth 166
    802.1X 166
    Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
    Knowledge Factors 169
    Ownership Factors 169
    Characteristic Factors 170
    Physiological Characteristics 170
    Behavioral Characteristics 171
    Biometric Considerations 172
    2-Step Verification 173
    In-Band 174
    Out-of-Band 174
One-Time Password (OTP) 175
    HMAC-Based One-Time Password (HOTP) 175
    Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
    Type 1 vs. Type 2 Hypervisors 186
    Containers 187
    Emulation 188
    Application Virtualization 189
    VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
    Business Directives 191
    Cloud Deployment Models 192
Hosting Models 193
    Multitenant 193
    Single-Tenant 194
Service Models 194
    Software as a Service (SaaS) 194
    Platform as a Service (PaaS) 194
    Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
    Internet Protocol (IP) Address Scheme 196
    VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
    Object Storage/File-Based Storage 197
    Database Storage 197
    Block Storage 198
    Blob Storage 198
    Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
    Data at Rest 205
    Data in Transit 205
    Data in Process/Data in Use 205
    Protection of Web Services 206
    Embedded Systems 206
    Key Escrow/Management 207
    Mobile Security 209
    Secure Authentication 209
    Smart Card 209
Common PKI Use Cases 210
    Web Services 210
    Email 210
    Code Signing 211
    Federation 211
    Trust Models 212
    VPN 212
    Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
    Private Information Retrieval 221
    Secure Function Evaluation 221
    Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
    Natural Language Processing 225
    Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
    Tactical 231
    Strategic 232
    Operational 232
Actor Types 233
    Advanced Persistent Threat (APT)/Nation-State 233
    Insider Threat 234
    Competitor 234
    Hacktivist 234
    Script Kiddie 235
    Organized Crime 235
Threat Actor Properties 235
    Resource 235
    Supply Chain Access 235
    Create Vulnerabilities 236
    Capabilities/Sophistication 236
    Identifying Techniques 237
Intelligence Collection Methods 237
    Intelligence Feeds 237
    Deep Web 237
    Proprietary 238
    Open-Source Intelligence (OSINT) 238
    Human Intelligence (HUMINT) 243
Frameworks 243
    MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
    Diamond Model of Intrusion Analysis 245
    Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251
Indicators of Compromise 251
    Packet Capture (PCAP) 251
    Logs 252
    Notifications 256
    Notification Severity/Priorities 260
    Syslog 261
    Unusual Process Activity 263
Response 265
    Firewall Rules 265
    IPS/IDS Rules 267
    ACL Rules 267
    Signature Rules 267
    Behavior Rules 268
    DLP Rules 268
    Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
    Credentialed vs. Non-credentialed 275
    Agent-Based/Server-Based 276
    Criticality Ranking 277
    Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
    Extensible Configuration Checklist Description Format (XCCDF) 278
    Open Vulnerability and Assessment Language (OVAL) 279
    Common Platform Enumeration (CPE) 279
    Common Vulnerabilities and Exposures (CVE) 279
    Common Vulnerability Scoring System (CVSS) 279
    Common Configuration Enumeration (CCE) 282
    Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
    Manual Patch Management 284
    Automated Patch Management 284
Information Sources 284
    Advisories 285
    Bulletins 286
    Vendor Websites 287
    Information Sharing and Analysis Centers (ISACs) 287
    News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293
Methods 293
    Static Analysis/Dynamic Analysis 293
    Side-Channel Analysis 293
    Reverse Engineering 294
    Wireless Vulnerability Scan 295
    Rogue Access Points 295
    Software Composition Analysis 296
    Fuzz Testing 296
    Pivoting 297
    Post-exploitation 297
    Persistence 298
Tools 298
    SCAP Scanner 298
    Network Traffic Analyzer 299
    Vulnerability Scanner 300
    Protocol Analyzer 302
    Port Scanner 302
    HTTP Interceptor 304
    Exploit Framework 304
    Password Cracker 306
Dependency Management 307
Requirements 308
    Scope of Work 308
    Rules of Engagement 308
    Invasive vs. Non-invasive 308
    Asset Inventory 308
    Permissions and Access 309
    Corporate Policy Considerations 310
    Facility Considerations 310
    Physical Security Considerations 310
    Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
    Race Conditions 315
    Overflows 315
    Broken Authentication 318
    Unsecure References 319
    Poor Exception Handling 319
    Security Misconfiguration 319
    Improper Headers 320
    Information Disclosure 321
    Certificate Errors 321
    Weak Cryptography Implementations 321
    Weak Ciphers 322
    Weak Cipher Suite Implementations 322
    Software Composition Analysis 322
    Use of Vulnerable Frameworks and Software Modules 323
    Use of Unsafe Functions 323
    Third-Party Libraries 323
    Code Injections/Malicious Changes 324
    End of Support/End of Life 324
    Regression Issues 324
Inherently Vulnerable System/Application 325
    Client-Side Processing vs. Server-Side Processing 325
    JSON/Representational State Transfer (REST) 326
    Browser Extensions 326
    Hypertext Markup Language 5 (HTML5) 327
    Asynchronous JavaScript and XML (AJAX) 327
    Simple Object Access Protocol (SOAP) 329
    Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
    Directory Traversal 330
    Cross-site Scripting (XSS) 331
    Cross-site Request Forgery (CSRF) 331
    Injection 332
    Sandbox Escape 337
    Virtual Machine (VM) Hopping 337
    VM Escape 337
    Border Gateway Protocol (BGP) Route Hijacking 338
    Interception Attacks 339
    Denial-of-Service (DoS)/DDoS 339
    Authentication Bypass 340
    Social Engineering 340
    VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
    Hunts 347
    Developing Countermeasures 347
    Deceptive Technologies 347
Security Data Analytics 348
    Processing Pipelines 349
    Indexing and Search 350
    Log Collection and Curation 350
    Database Activity Monitoring 350
Preventive 351
    Antivirus 352
    Immutable Systems 352
    Hardening 352
    Sandbox Detonation 352
Application Control 353
    License Technologies 353
    Allow List vs. Block List 354
    Time of Check vs. Time of Use 354
    Atomic Execution 355
Security Automation 355
    Cron/Scheduled Tasks 355
    Bash 356
    PowerShell 357
    Python 357
Physical Security 358
    Review of Lighting 358
    Review of Visitor Logs 359
    Camera Reviews 359
    Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
    False Positive 367
    False Negative 367
    True Positive 367
    True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
    Preparation 369
    Training 369
    Testing 370
    Detection 370
    Analysis 371
    Containment 371
    Recovery 371
    Response 372
    Lessons Learned 372
Specific Response Playbooks/Processes 373
    Scenarios 373
    Non-automated Response Methods 374
    Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
    Legal 377
    Human Resources 377
    Public Relations 378
    Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
    Identification 385
    Evidence Collection 385
    Evidence Preservation 388
    Analysis 389
    Verification 391
    Presentation 391
Integrity Preservation 392
    Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
    Foremost 399
    Strings 400
Binary Analysis Tools 401
    Hex Dump 401
    Binwalk 401
    Ghidra 401
    GNU Project Debugger (GDB) 401
    OllyDbg 402
    readelf 402
    objdump 402
    strace 402
    ldd 402
    file 403
Analysis Tools 403
    ExifTool 403
    Nmap 403
    Aircrack-ng 403
    Volatility 404
    The Sleuth Kit 405
    Dynamically vs. Statically Linked 405
Imaging Tools 405
    Forensic Toolkit (FTK) Imager 405
    dd 406
Hashing Utilities 407
    sha256sum 407
    ssdeep 407
Live Collection vs. Post-mortem Tools 407
    netstat 407
    ps 409
    vmstat 409
    ldd 410
    lsof 410
    netcat 410
    tcpdump 411
    conntrack 411
    Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
    Application Control 419
    Password 419
    MFA Requirements 420
    Token-Based Access 421
    Patch Repository 422
    Firmware Over-the-Air 422
    Remote Wipe 422
    Wi-Fi 423
    Profiles 424
    Bluetooth 424
    Near-Field Communication (NFC) 424
    Peripherals 425
    Geofencing 425
    VPN Settings 425
    Geotagging 426
    Certificate Management 426
    Full Device Encryption 427
    Tethering 427
    Airplane Mode 427
    Location Services 427
    DNS over HTTPS (DoH) 428
    Custom DNS 428
Deployment Scenarios 429
    Bring Your Own Device (BYOD) 429
    Corporate-Owned 429
    Corporate-Owned, Personally Enabled (COPE) 429
    Choose Your Own Device (CYOD) 429
    Implications of Wearable Devices 429
    Digital Forensics on Collected Data 430
    Unauthorized Application Stores 431
    Jailbreaking/Rooting 431
    Side Loading 431
    Containerization 432
    Original Equipment Manufacturer (OEM) and Carrier Differences 432
    Supply Chain Issues 432
    eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
    Removing Unneeded Services 437
    Disabling Unused Accounts 438
    Images/Templates 438
    Removing End-of-Life Devices 438
    Removing End-of-Support Device 438
    Local Drive Encryption 439
    Enabling No-Execute (NX)/Execute Never (XN) Bit 439
    Disabling Central Processing Unit (CPU) Virtualization Support 439
    Secure Encrypted Enclaves 440
    Memory Encryption 440
    Shell Restrictions 441
    Address Space Layout Randomization (ASLR) 442
Processes 442
    Patching 442
    Logging 443
    Monitoring 443
Mandatory Access Control 444
    Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
    Kernel vs. Middleware 445
Trustworthy Computing 445
    Trusted Platform Module (TPM) 445
    Secure Boot 446
    Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447
    Attestation Services 448
    Hardware Security Module (HSM) 448
    Measured Boot 449
    Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
    Antivirus 450
    Application Controls 451
    Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451
    Host-Based Firewall 451
    Endpoint Detection and Response (EDR) 451
    Redundant Hardware 452
    Self-Healing Hardware 452
    User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459
Embedded 459
    Internet of Things (IoT) 459
    System on a Chip (SoC) 461
    Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
    Programmable Logic Controller (PLC) 463
    Historian 463
    Ladder Logic 463
    Safety Instrumented System 464
    Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
    Controller Area Network (CAN) Bus 465
    Modbus 466
    Distributed Network Protocol 3 (DNP3) 466
    Zigbee 467
    Common Industrial Protocol (CIP) 467
    Data Distribution Service 468
Sectors 468
    Energy 469
    Manufacturing 469
    Healthcare 470
    Public Utilities 470
    Public Services 470
    Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
    Availability 479
    Collection 479
    Monitoring 479
    Configuration 480
    Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
    Cloud as Business Continuity and Disaster Recovery (BCDR) 486
    Primary Provider BCDR 486
    Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
    Web Conferencing 488
    Video Conferencing 489
    Audio Conferencing 491
    Storage and Document Collaboration Tools 491
Storage Configurations 492
    Bit Splitting 493
    Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
    Registration Authority (RA) 499
    Certificate Authority (CA) 499
    Subordinate/Intermediate CA 500
Certificate Types 501
    Wildcard Certificate 501
    Extended Validation 502
    Multidomain 502
    General Purpose 503
Certificate Usages/Profiles/Templates 504
    Client Authentication 504
    Server Authentication 504
    Digital Signatures 504
    Code Signing 505
Extensions 505
    Common Name (CN) 505
    Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519
Hashing 519
    Secure Hashing Algorithm (SHA) 519
    Hash-Based Message Authentication Code (HMAC) 520
    Message Digest (MD) 521
    RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
    Poly1305 521
Symmetric Algorithms 522
    Modes of Operation 523
    Stream and Block 526
Asymmetric Algorithms 528
    Key Agreement 529
    Signing 530
    Known Flaws/Weaknesses 531
Protocols 532
    Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
    Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
    Internet Protocol Security (IPsec) 534
    Secure Shell (SSH) 534
    EAP 535
Elliptic-Curve Cryptography 535
    P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
    Password-Based Key Derivation Function 2 (PBKDF2) 537
    Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
    Revoked Certificates 543
    Incorrect Name 543
    Chain Issues 544
    Weak Signing Algorithm 545
    Weak Cipher Suite 545
    Incorrect Permissions 546
    Cipher Mismatches 546
    Downgrade 546
Keys 546
    Mismatched 547
    Improper Key Handling 547
    Embedded Keys 548
    Rekeying 548
    Exposed Private Keys 548
    Crypto Shredding 548
    Cryptographic Obfuscation 548
    Key Rotation 549
    Compromised Keys 549
Exam Preparation Tasks 549
Part IV: Governance, Risk, and Compliance
Chapter 25 Applying Appropriate Risk Strategies 555
Risk Assessment 555
    Likelihood 556
    Impact 556
    Qualitative vs. Quantitative 557
    Exposure Factor 558
    Asset Value 558
    Total Cost of Ownership (TCO) 559
    Return on Investment (ROI) 560
    Mean Time to Recovery (MTTR) 562
    Mean Time Between Failure (MTBF) 562
    Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE) 562
    Gap Analysis 564
Risk Handling Techniques 565
    Transfer 565
    Accept 565
    Avoid 566
    Mitigate 566
Risk Types 566
    Inherent 567
    Residual 567
    Exceptions 567
Risk Management Life Cycle 568
    Identify 569
    Assess 570
    Control 570
    Control Types 572
    Review 573
    Frameworks 573
Risk Tracking 590
    Risk Register 590
    Key Performance Indicators/Key Risk Indicators 591
Risk Appetite vs. Risk Tolerance 594
    Tradeoff Analysis 595
    Usability vs. Security Requirements 595
Policies and Security Practices 595
    Separation of Duties 595
    Job Rotation 596
    Mandatory Vacation 596
    Least Privilege 597
    Employment and Termination Procedures 598
    Training and Awareness for Users 599
    Auditing Requirements and Frequency 601
Exam Preparation Tasks 601
Chapter 26 Managing and Mitigating Vendor Risk 607
Shared Responsibility Model (Roles/Responsibilities) 607
    Cloud Service Provider (CSP) 607
    Client 609
Vendor Lock-in and Vendor Lock-out 610
Vendor Viability 610
    Financial Risk 610
    Merger or Acquisition Risk 610
Meeting Client Requirements 610
    Legal 610
    Change Management 611
    Staff Turnover 612
    Device and Technical Configurations 612
Support Availability 615
Geographical Consideration 615
Supply Chain Visibility 615
Incident Reporting Requirements 616
Source Code Escrows 616
Ongoing Vendor Assessment Tools 616
Third-Party Dependencies 616
    Code 617
    Hardware 617
    Modules 618
Technical Considerations 618
    Technical Testing 618
    Network Segmentation 618
    Transmission Control 618
    Shared Credentials 619
Exam Preparation Tasks 620
Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations 625
Security Concerns of Integrating Diverse Industries 625
    Rules 625
    Policies 626
    Regulations 626
Data Considerations 626
    Data Sovereignty 626
    Data Ownership 627
    Data Classifications 627
    Data Retention 629
    Data Types 629
    Data Removal, Destruction, and Sanitization 634
Geographic Considerations 635
    Location of Data 636
    Location of Data Subject 636
    Location of Cloud Provider 637
Third-Party Attestation of Compliance 637
Regulations, Accreditations, and Standards 637
    Open Standards 638
    Adherence to Standards 638
    Competing Standards 639
    Lack of Standards 639
    De Facto Standards 639
    Payment Card Industry Data Security Standard (PCI DSS) 639
    General Data Protection Regulation (GDPR) 640
    International Organization for Standardization (ISO) 641
    Capability Maturity Model Integration (CMMI) 643
    National Institute of Standards and Technology (NIST) 644
    Children's Online Privacy Protection Act (COPPA) 644
    Common Criteria 644
    Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) 646
Legal Considerations 646
    Due Diligence/Due Care 646
    Export Controls 647
    Legal Holds 648
    E-Discovery 648
Contract and Agreement Types 648
    Service-Level Agreement (SLA) 649
    Master Service Agreement (MSA) 649
    Non-disclosure Agreement (NDA) 650
    Memorandum of Understanding (MOU) 650
    Interconnection Security Agreement (ISA) 650
    Operational-Level Agreement 651
    Privacy-Level Agreement 651
Exam Preparation Tasks 651
Chapter 28 Business Continuity and Disaster Recovery Concepts 657
Develop Contingency Planning Policy 658
    Conduct the BIA 658
    Identify Critical Processes and Resources 659
    Recovery Time Objective 659
    Recovery Point Objective 659
    Recovery Service Level 659
    Mission Essential Functions 659
Privacy Impact Assessment 660
Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP) 660
    Personnel Components 661
    Project Scope 661
    Business Continuity Steps 662
    Recovery and Multiple Site Strategies 662
    Cold Site 663
    Warm Site 663
    Hot Site 663
    Mobile Site 664
Incident Response Plan 664
    Roles/Responsibilities 665
    After-Action Reports 666
Testing Plans 666
    Checklist 666
    Walk-through 666
    Tabletop Exercises 666
    Full Interruption Test 667
    Parallel Test/Simulation Test 667
Exam Preparation Tasks 667
Tools for Final Preparation 672
Pearson Test Prep Practice Test Software and Questions on the Website 672
Chapter 29 Final Preparation 673
Accessing the Pearson Test Prep Software Online 673
Accessing the Pearson Test Prep Practice Test Software Offline 673
Customizing Your Exams 674
Updating Your Exams 675
Premium Edition 676
Chapter-Ending Review Tools 676
Suggested Plan for Final Review/Study 676
Appendix A Answers to the Review Questions 679
Glossary 709

Online Elements
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
Glossary


9780137348954    TOC    5/26/2022

From the B&N Reads Blog

Customer Reviews