Description
Book SynopsisPrepare to succeed in your new cybersecurity career with the challenging and sought-after CASP+ credential In the newly updated Fourth Edition ofCASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004,risk management and compliance expert Jeff Parker walks you through critical security topicsand hands-on labsdesigned to prepare you for thenew CompTIA Advanced Security Professional exam and a career in cybersecurityimplementation.Contentand chapter structure ofthisFourtheditionwasdeveloped and restructuredtorepresenttheCAS-004ExamObjectives. From operations and architecture concepts, techniques and requirements torisk analysis, mobile and small-form factor device security, secure cloud integration, and cryptography,you'lllearn the cybersecurity technical skills you'll need tosucceed on the new CAS-004 exam, impress interviewers during your job search, and excel in your new career in cybersecurity implementation. This comprehensive book offers: Efficient preparation for a challengingand rewarding career in implementing specific solutions within cybersecurity policies and frameworksA robust grounding in thetechnicalskills you'll need toimpress duringcybersecurityinterviewsContent delivered through scenarios,a strongfocusof theCAS-004ExamAccess to an interactive online test bank and study tools, including bonus practice exam questions, electronic flashcards, and a searchable glossary of keyterms Perfect for anyonepreparing for the CASP+ (CAS-004) exam and a new career in cybersecurity,CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004is also an ideal resource for current IT professionalswantingtopromotetheir cybersecurity skills or prepare for acareer transition into enterprise cybersecurity.
Table of ContentsIntroduction xxv
Assessment Test xxxv
Chapter 1 Risk Management 1
Risk Terminology 4
The Risk Assessment Process 6
Asset Identification 6
Information Classification 8
Risk Assessment 9
Risk Assessment Options 14
Implementing Controls 16
Policies Used to Manage Employees 17
Pre-Employment Policies 18
Employment Policies 18
End of Employment and Termination Procedures 20
Cost-Benefit Analysis 21
Continuous Monitoring 22
Enterprise Security Architecture Frameworks and Governance 23
Training and Awareness for Users 24
Best Practices for Risk Assessments 25
Business Continuity Planning and Disaster Recovery 27
Reviewing the Effectiveness of Existing Security Controls 28
Conducting Lessons Learned and After-Action Reviews 30
Creation, Collection, and Analysis of Metrics 31
Metrics 31
Trend Data 32
Analyzing Security Solutions to Ensure They Meet Business Needs 32
Testing Plans 33
Internal and External Audits 34
Using Judgment to Solve Difficult Problems 35
Summary 35
Exam Essentials 36
Review Questions 38
Chapter 2 Configure and Implement Endpoint Security Controls 43
Hardening Techniques 45
Address Space Layout Randomization Use 47
Hardware Security Module and Trusted Platform Module 48
Trusted Operating Systems 52
Compensating Controls 55
Summary 57
Exam Essentials 58
Review Questions 59
Chapter 3 Security Operations Scenarios 63
Threat Management 66
Types of Intelligence 66
Threat Hunting 67
Threat Emulation 67
Actor Types 67
Intelligence Collection Methods 71
Open-Source
Intelligence 71
Human Intelligence and Social Engineering 73
Frameworks 74
MITRE Adversarial Tactics, Techniques and Common Knowledge 74
ATT&CK for Industrial Control Systems 75
Cyber Kill Chain 76
Diamond Model of Intrusion Analysis 76
Indicators of Compromise 77
Reading the Logs 77
Intrusion Detection and Prevention 78
Notifications and Responses to IoCs 79
Response 80
Summary 85
Exam Essentials 85
Review Questions 86
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
Terminology 97
Vulnerability Management 98
Security Content Automation Protocol 103
Self-Assessment vs. Third-Party Vendor Assessment 105
Patch Management 108
Information Sources 110
Tools 112
Assessments 124
Penetration Testing 129
Assessment Types 131
Vulnerabilities 134
Buffer Overflow 134
Integer Overflow 135
Memory Leaks 136
Race Conditions (TOC/TOU) 136
Resource Exhaustion 137
Data Remnants 138
Use of Third-Party Libraries 138
Code Reuse 138
Cryptographic Vulnerabilities 138
Broken Authentication 139
Security Misconfiguration 140
Inherently Vulnerable System/Application 140
Client-Side Processing vs. Server-Side Processing 141
Attacks 145
Proactive Detection 153
Incident Response 153
Countermeasures 153
Deceptive Technology 154
USB Key Drops 155
Simulation 155
Security Data Analytics 155
Application Control 156
Allow and Block Lists 157
Security Automation 157
Physical Security 158
Summary 159
Exam Essentials 160
Review Questions 161
Chapter 5 Compliance and Vendor Risk 165
Shared Responsibility in Cloud Computing 168
Cloud Service/Infrastructure Models 169
Cloud Computing Providers and Hosting Options 169
Benefits of Cloud Computing 171
Security of On-Demand/Elastic Cloud Computing 174
Geographic Location 175
Infrastructure 175
Compute 175
Storage 175
Networking 176
Managing and Mitigating Risk 182
Security Concerns of Integrating Diverse Industries 185
Regulations, Accreditations, and Standards 187
PCI DSS 187
GDPR 190
ISO 192
CMMI 193
NIST 194
COPPA 195
CSA-STAR 196
HIPAA, SOX, and GLBA 197
Contract and Agreement Types 198
Third-Party Attestation of Compliance 202
Legal Considerations 203
Summary 204
Exam Essentials 205
Review Questions 206
Chapter 6 Cryptography and PKI 211
The History of Cryptography 216
Cryptographic Goals and Requirements 217
Supporting Security Requirements 218
Compliance and Policy Requirements 219
Privacy and Confidentiality Requirements 219
Integrity Requirements 220
Nonrepudiation 220
Risks with Data 221
Data at Rest 221
Data in Transit 222
Data in Process/Data in Use 222
Hashing 223
Message Digest 225
Secure Hash Algorithm 225
Message Authentication Code 226
Hashed Message Authentication Code 226
RACE Integrity Primitives Evaluation Message Digest 226
Poly1305 226
Symmetric Algorithms 227
Data Encryption Standard 230
Triple DES 231
Rijndael and the Advanced Encryption Standard 231
ChaCha 232
Salsa20 232
International Data Encryption Algorithm 232
Rivest Cipher Algorithms 233
Counter Mode 233
Asymmetric Encryption 233
Diffie–Hellman 235
RSA 236
Elliptic Curve Cryptography 237
ElGamal 238
Hybrid Encryption and Electronic Data Exchange (EDI) 238
Public Key Infrastructure Hierarchy 239
Certificate Authority 240
Registration Authority 241
Digital Certificates 241
Certificate Revocation List 243
Certificate Types 243
Certificate Distribution 244
The Client’s Role in PKI 245
Implementation of Cryptographic Solutions 247
Application Layer Encryption 248
Transport Layer Encryption 249
Internet Layer Controls 250
Additional Authentication Protocols 251
Cryptocurrency 252
Digital Signatures 252
Recognizing Cryptographic Attacks 254
Troubleshooting Cryptographic Implementations 256
Summary 259
Exam Essentials 259
Review Questions 261
Chapter 7 Incident Response and Forensics 265
The Incident Response Framework 268
Event Classifications 268
Triage Events 269
Pre-Escalation Tasks 270
The Incident Response Process 270
Response Playbooks and Processes 273
Communication Plan and Stakeholder Management 274
Forensic Concepts 277
Principles, Standards, and Practices 278
The Forensic Process 279
Forensic Analysis Tools 283
File Carving Tools 284
Binary Analysis Tools 284
Analysis Tools 286
Imaging Tools 288
Hashing Utilities 289
Live Collection vs. Postmortem Tools 290
Summary 294
Exam Essentials 294
Review Questions 295
Chapter 8 Security Architecture 301
Security Requirements and Objectives for a Secure Network Architecture 310
Services 310
Segmentation 334
Deperimeterization/Zero Trust 344
Merging Networks from Various Organizations 352
Software-Defined Networking 357
Organizational Requirements for Infrastructure Security Design 358
Scalability 358
Resiliency 359
Automation 359
Containerization 360
Virtualization 361
Content Delivery Network 361
Integrating Applications Securely into an Enterprise Architecture 362
Baseline and Templates 362
Software Assurance 367
Considerations of Integrating Enterprise Applications 370
Integrating Security into the Development Life Cycle 373
Data Security Techniques for Securing Enterprise Architecture 384
Data Loss Prevention 384
Data Loss Detection 387
Data Classification, Labeling, and Tagging 388
Obfuscation 390
Anonymization 390
Encrypted vs. Unencrypted 390
Data Life Cycle 391
Data Inventory and Mapping 391
Data Integrity Management 391
Data Storage, Backup, and Recovery 392
Security Requirements and Objectives for Authentication and Authorization Controls 394
Credential Management 394
Password Policies 396
Federation 398
Access Control 399
Protocols 401
Multifactor Authentication 403
One-Time Passwords 404
Hardware Root of Trust 404
Single Sign-On 405
JavaScript Object Notation Web Token 405
Attestation and Identity Proofing 406
Summary 406
Exam Essentials 407
Review Questions 410
Chapter 9 Secure Cloud and Virtualization 415
Implement Secure Cloud and Virtualization Solutions 418
Virtualization Strategies 419
Deployment Models and Considerations 425
Service Models 429
Cloud Provider Limitations 433
Extending Appropriate On-Premises Controls 433
Storage Models 439
How Cloud Technology Adoption Impacts Organization Security 445
Automation and Orchestration 445
Encryption Configuration 445
Logs 446
Monitoring Configurations 447
Key Ownership and Location 448
Key Life-Cycle Management 448
Backup and Recovery Methods 449
Infrastructure vs. Serverless Computing 450
Software-Defined Networking 450
Misconfigurations 451
Collaboration Tools 451
Bit Splitting 461
Data Dispersion 461
Summary 461
Exam Essentials 462
Review Questions 463
Chapter 10 Mobility and Emerging Technologies 467
Emerging Technologies and Their Impact on Enterprise Security and Privacy 471
Artificial Intelligence 472
Machine Learning 472
Deep Learning 472
Quantum Computing 473
Blockchain 473
Homomorphic Encryption 474
Distributed Consensus 475
Big Data 475
Virtual/Augmented Reality 475
3D Printing 476
Passwordless Authentication 476
Nano Technology 477
Biometric Impersonation 477
Secure Enterprise Mobility Configurations 478
Managed Configurations 479
Deployment Scenarios 486
Mobile Device Security Considerations 487
Security Considerations for Technologies, Protocols, and Sectors 495
Embedded Technologies 495
ICS/Supervisory Control and Data Acquisition 496
Protocols 498
Sectors 499
Summary 500
Exam Essentials 500
Review Questions 501
Appendix Answers to Review Questions 505
Chapter 1: Risk Management 506
Chapter 2: Configure and Implement Endpoint Security Controls 507
Chapter 3: Security Operations Scenarios 509
Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511
Chapter 5: Compliance and Vendor Risk 513
Chapter 6: Cryptography and PKI 514
Chapter 7: Incident Response and Forensics 516
Chapter 8: Security Architecture 519
Chapter 9: Secure Cloud and Virtualization 522
Chapter 10: Mobility and Emerging Technologies 524
Index 529
