O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CASP+ CompTIA Advanced Security Practitioner Certification All-in-One Exam Guide, Second Edition (Exam CAS-003)

Book Description

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


Complete coverage of every topic on the CompTIA Advanced Security Practitioner certification exam

Get complete coverage of all objectives included on the CompTIA CASP+ exam CAS-003 from this comprehensive resource. Written by a team of leading information security experts, this authoritative guide fully addresses the skills required for securing a network and managing risk. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam domains, including:
•Threats, attacks, and vulnerabilities
•Technologies and tools
•Architecture and design
•Identity and access management
•Risk management
•Cryptography and PKI
Electronic content includes:
•200 practice exam questions

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Exam CAS-003 Objective Map
  11. Part I Risk Management
    1. Chapter 1 Security Influences and Risk
      1. Risk Management of New Products, New Technologies, and User Behaviors
      2. New or Changing Business Models and Strategies
        1. Partnerships
        2. Outsourcing
        3. Cloud
        4. Managed Security Services
        5. Acquisitions, Mergers, Divestitures, and Demergers
      3. Security Concerns of Interconnecting Diverse Industries
        1. Rules, Policies, and Regulations
        2. Export Controls and Legal Requirements
        3. Geography, Data Sovereignty, and Jurisdictions
      4. Internal and External Influences
        1. Competitors
        2. Audit Findings
        3. Regulatory Entities
        4. Client Requirements
        5. Top-Level Management
      5. Impact of Deperimeterization
        1. Telecommuting
        2. Cloud
        3. Mobile and Bring Your Own Device (BYOD)
        4. Outsourcing
        5. Ensuring Third-Party Providers Have Requisite Levels of Information Security
        6. Enterprise Standard Operating Environment
        7. Personally Managed Devices
        8. Merging SOE and Personal Device Networks
      6. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    2. Chapter 2 Security Policies and Procedures
      1. Policy and Process Life Cycle Management
        1. Policies
        2. Policy Types
        3. Standards
        4. Guidelines
        5. Processes
        6. Procedures
        7. Baselines
        8. New Business and Environmental Changes
      2. Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
      3. Understand Common Business Documents to Support Security
        1. Risk Assessment
        2. Business Impact Analysis (BIA)
        3. Interoperability Agreement (IA)
        4. Operating Level Agreement (OLA)
        5. Nondisclosure Agreement (NDA)
        6. Master Service Agreement (MSA)
      4. Research Security Requirements for Contracts
        1. Request for Proposal (RFP)
        2. Request for Quote (RFQ)
        3. Request for Information (RFI)
      5. Understand General Privacy Principles for Sensitive Information
      6. Support the Development of Policies Containing Standard Security Practices
        1. Separation of Duties
        2. Job Rotation
        3. Mandatory Vacation
        4. Least Privilege
        5. Incident Response
        6. Forensic Tasks
        7. Employment and Termination Procedures
        8. Continuous Monitoring
        9. Ongoing Security
        10. Training and Awareness for Users
        11. Auditing Requirements and Frequency
        12. Information Classification
      7. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    3. Chapter 3 Risk Mitigation, Strategies, and Controls
      1. Categorize Data Types by Impact Levels Based on CIA
        1. Confidentiality
        2. Integrity
        3. Availability
        4. CIA Tradeoffs
      2. Determine the Aggregate Score of CIA
        1. Nomenclature
      3. Incorporate Stakeholder Input into CIA Impact-Level Decisions
      4. Determine Minimum-Required Security Controls Based on Aggregate Score
      5. Select and Implement Controls Based on CIA Requirements and Organizational Policies
      6. Extreme Scenario Planning/Worst-Case Scenario
      7. Conduct System-Specific Risk Analysis
        1. Qualitative Risk Analysis
        2. Quantitative Risk Analysis
      8. Make Risk Determination Based on Known Metrics
        1. Magnitude of Impact Based on ALE and SLE
        2. Likelihood of Threat
        3. Return on Investment (ROI)
        4. Total Cost of Ownership (TCO)
      9. Translate Technical Risks in Business Terms
      10. Recommend Which Strategy Should Be Applied Based on Risk Appetite
        1. Avoid
        2. Transfer
        3. Mitigate
        4. Accept
      11. Risk Management Processes
        1. Exemptions
        2. Deterrence
        3. Inherent
        4. Residual
      12. Continuous Improvement/Monitoring
      13. Business Continuity Planning
      14. IT Governance
        1. Adherence to Risk Management Frameworks
      15. Enterprise Resilience
      16. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    4. Chapter 4 Risk Metrics
      1. Review Effectiveness of Existing Security Controls
        1. Gap Analysis
        2. Conduct a Lessons-Learned/After-Action Review
      2. Reverse-Engineer/Deconstruct Existing Solutions
      3. Creation, Collection, and Analysis of Metrics
        1. KPIs
        2. KRIs
      4. Prototype and Test Multiple Solutions
      5. Create Benchmarks and Compare to Baselines
      6. Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
      7. Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs
        1. Performance
        2. Latency
        3. Scalability
        4. Capability
        5. Usability
        6. Maintainability
        7. Availability
        8. Recoverability
        9. Cost Benefit Analysis (ROI, TCO)
      8. Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible
      9. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
  12. Part II Enterprise Security Architecture
    1. Chapter 5 Network Security Components, Concepts, and Architectures
      1. Physical and Virtual Network and Security Devices
        1. UTM
        2. NIDS/NIPS
        3. INE
        4. NAC
        5. SIEM
        6. Switch
        7. Firewall
        8. Wireless Controller
        9. Router
        10. Proxy
        11. Load Balancer
        12. HSM
        13. MicroSD HSM
      2. Application and Protocol-Aware Technologies
        1. WAF
        2. Firewall
        3. Passive Vulnerability Scanner
        4. DAM
      3. Advanced Network Design (Wired/Wireless)
        1. Remote Access
        2. VPN
        3. SSH
        4. RDP
        5. VNC
        6. VDI
        7. Reverse Proxy
        8. IPv4 and IPv6 Transitional Technologies
        9. Network Authentication Methods
        10. 802.1x
        11. Mesh Networks
        12. Placement of Hardware, Applications, and Fixed/Mobile Devices
      4. Complex Network Security Solutions for Data Flow
        1. DLP
        2. Deep Packet Inspection
        3. Data Flow Enforcement
        4. Network Flow
        5. Data Flow Diagram
      5. Secure Configuration and Baselining of Networking and Security Components
        1. Network Baselining
        2. Configuration Lockdown
        3. Change Monitoring
        4. Availability Controls
        5. Network ACLs
      6. Software-Defined Networking
      7. Network Management and Monitoring Tools
        1. Alerting
        2. Alert Fatigue
      8. Advanced Configuration of Routers, Switches, and Other Network Devices
        1. Transport Security
        2. Trunking Security
        3. Port Security
        4. Route Protection
        5. DDoS Protection
        6. Remotely Triggered Black Hole
      9. Security Zones
        1. DMZ
        2. Separation of Critical Assets
        3. Network Segmentation
      10. Network Access Control
        1. Quarantine/Remediation
        2. Persistent/Volatile and Nonpersistent Agents
        3. Agent vs. Agentless
      11. Network-Enabled Devices
        1. System on a Chip (SoC)
        2. Building/Home Automation Systems
        3. IP Video
        4. HVAC Controllers
        5. Sensors
        6. Physical Access Control Systems
        7. A/V Systems
        8. Scientific/Industrial Equipment
      12. Critical Infrastructure
      13. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    2. Chapter 6 Security Controls for Host Devices
      1. Trusted Operating System
        1. SELinux
        2. SEAndroid
        3. Trusted Solaris
        4. Least Functionality
      2. Endpoint Security Software
        1. Antimalware
        2. Antivirus
        3. Anti-Spyware
        4. Spam Filters
        5. Patch Management
        6. HIPS/HIDS
        7. Data Loss Prevention
        8. Host-Based Firewalls
        9. Log Monitoring
        10. Endpoint Detection and Response
      3. Host Hardening
        1. Standard Operating Environment/Configuration Baselining
        2. Security/Group Policy Implementation
        3. Command Shell Restrictions
        4. Patch Management
        5. Configuring Dedicated Interfaces
        6. External I/O Restrictions
        7. File and Disk Encryption
        8. Firmware Updates
      4. Boot Loader Protections
        1. Secure Boot
        2. Measured Launch
        3. Integrity Measurement Architecture
        4. BIOS/UEFI
        5. Attestation Services
        6. TPM
      5. Vulnerabilities Associated with Hardware
      6. Terminal Services/Application Delivery Services
      7. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    3. Chapter 7 Mobile Security Controls
      1. Enterprise Mobility Management
        1. Containerization
        2. Configuration Profiles and Payloads
        3. Personally Owned, Corporate-Enabled (POCE)
        4. Application Wrapping
        5. Remote Assistance Access
        6. Application, Content, and Data Management
        7. Over-the-Air Updates (Software/Firmware)
        8. Remote Wiping
        9. SCEP
        10. BYOD
        11. COPE
        12. CYOD
        13. VPN
        14. Application Permissions
        15. Side Loading
        16. Unsigned Apps/System Apps
        17. Context-Aware Management
      2. Security Implications/Privacy Concerns
        1. Data Storage
        2. Device Loss/Theft
        3. Hardware Anti-Tampering
        4. TPM
        5. Rooting and Jailbreaking
        6. Push Notification Services
        7. Geotagging
        8. Encrypted Instant Messaging Apps
        9. Tokenization
        10. OEM/Carrier Android Fragmentation
        11. Mobile Payment
        12. Tethering
        13. Authentication
        14. Malware
        15. Unauthorized Domain Bridging
        16. Baseband Radio/SoC
        17. Augmented Reality
        18. SMS/MMS/Messaging
      3. Wearable Technology
        1. Cameras
        2. Watches
        3. Fitness Devices
        4. Glasses
        5. Medical Sensors/Devices
        6. Headsets
        7. Security Implications
      4. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    4. Chapter 8 Software Vulnerabilities and Security Controls
      1. Application Security Design Considerations
        1. Secure by Design
        2. Secure by Default
        3. Secure by Deployment
      2. Specific Application Issues
        1. Insecure Direct Object References
        2. Cross-Site Scripting (XSS)
        3. Cross-Site Request Forgery (CSRF)
        4. Clickjacking
        5. Session Management
        6. Input Validation
        7. SQL Injection
        8. Improper Error and Exception Handling
        9. Privilege Escalation
        10. Improper Storage of Sensitive Data
        11. Fuzzing/Fault Injection
        12. Secure Cookie Storage and Transmission
        13. Buffer Overflow
        14. Memory Leaks
        15. Integer Overflows
        16. Race Conditions
        17. Resource Exhaustion
        18. Geotagging
        19. Data Remnants
        20. Use of Third-Party Libraries
        21. Code Reuse
      3. Application Sandboxing
      4. Secure Encrypted Enclaves
      5. Database Activity Monitors and Web Application Firewalls
      6. Client-Side Processing vs. Server-Side Processing
        1. JSON/REST
        2. Browser Extensions
        3. HTML5
        4. AJAX
        5. SOAP
        6. State Management
        7. JavaScript
      7. Operating System Vulnerabilities
      8. Firmware Vulnerabilities
      9. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
  13. Part III Enterprise Security Operations
    1. Chapter 9 Security Assessments
      1. Security Assessment Methods
        1. Malware Sandboxing
        2. Memory Dumping
        3. Runtime Debugging
        4. Reconnaissance
        5. Fingerprinting
        6. Code Review
        7. Social Engineering
        8. Pivoting
        9. Open Source Intelligence
      2. Security Assessment Types
        1. Penetration Testing
        2. Vulnerability Assessment
        3. Self-Assessment
        4. Internal and External Audits
        5. Color-Team Exercises
      3. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    2. Chapter 10 Security Assessment Tools
      1. Network Tool Types
        1. Port Scanners
        2. Vulnerability Scanners
        3. Protocol Analyzers
        4. SCAP Scanners
        5. Network Enumerators
        6. Fuzzers
        7. HTTP Interceptors
        8. Exploitation Tools/Frameworks
        9. Visualization Tools
        10. Log Reduction and Analysis Tools
      2. Host Tool Types
        1. Password Crackers
        2. Vulnerability Scanners
        3. Command-Line Tools
        4. Local Exploitation Tools/Frameworks
        5. SCAP Tools
        6. File Integrity Monitoring
        7. Log Analysis Tools
        8. Antivirus
        9. Reverse Engineering Tools
      3. Physical Security Tools
        1. Lock Picks
        2. RFID Tools
        3. IR Cameras
      4. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    3. Chapter 11 Incident Response and Recovery Procedures
      1. E-Discovery
        1. Electronic Inventory and Asset Control
        2. Data Retention Policies
        3. Data Recovery and Storage
        4. Data Ownership and Handling
        5. Legal Holds
      2. Data Breach
        1. Detection and Collection
        2. Mitigation and Response
        3. Recovery/Reconstitution
        4. Disclosure
      3. Facilitate Incident Detection and Response
        1. Internal and External
        2. Criminal Actions
        3. Hunt Teaming
        4. Behavioral Analytics
        5. Heuristic Analytics
        6. Establish and Review System, Audit, and Security Logs
      4. Incident and Emergency Response
        1. Chain of Custody
        2. Digital Forensics
        3. Digital Forensics Process
        4. Privacy Policy Violations
        5. Continuity of Operations
        6. Disaster Recovery
        7. Incident Response Team
        8. Order of Volatility
      5. Incident Response Support Tools
        1. dd
        2. tcpdump
        3. nbtstat
        4. netstat
        5. nc (Netcat)
        6. memdump
        7. tshark
        8. Foremost
      6. Severity of Incident or Breach
        1. Scope
        2. Impact
        3. Cost
        4. Downtime
        5. Legal Ramifications
      7. Post-Incident Response
        1. Root-Cause Analysis
        2. Lessons Learned
        3. After-Action Report
      8. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
  14. Part IV Technical Integration of Enterprise Security
    1. Chapter 12 Hosts, Storage, Networks, and Applications
      1. Adapt Data Flow Security to Meet Changing Business Needs
      2. Adhere to Standards (Popular, Open, De Facto)
        1. Open Standards
        2. Adherence to Standards
        3. Competing Standards
        4. Lack of Standards
        5. De Facto Standards
      3. Interoperability Issues
        1. Legacy Systems and Software/Current Systems
        2. Application Requirements
        3. Software Types
        4. Standard Data Formats
        5. Protocols and APIs
      4. Resilience Issues
        1. Use of Heterogeneous Components
        2. Course of Action Automation/Orchestration
        3. Distribution of Critical Assets
        4. Persistence and Nonpersistence of Data
        5. Redundancy/High Availability
        6. Assumed Likelihood of Attack
      5. Data Security Considerations
        1. Data Remnants
        2. Data Aggregation
        3. Data Isolation
        4. Data Ownership
        5. Data Sovereignty
        6. Data Volume
      6. Resources Provisioning and Deprovisioning
        1. Users
        2. Servers
        3. Virtual Devices
        4. Applications
        5. Data Remnants
      7. Design Considerations During Mergers, Acquisitions, and Demergers/Divestitures
      8. Network Secure Segmentation and Delegation
      9. Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
      10. Security and Privacy Considerations of Storage Integration
      11. Security Implications of Integrating Enterprise Applications
        1. CRM
        2. ERP
        3. CMDB
        4. CMS
        5. Integration Enablers
      12. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    2. Chapter 13 Cloud and Virtualization
      1. Cloud Computing Basics
        1. Advantages Associated with Cloud Computing
        2. Issues Associated with Cloud Computing
      2. Virtualization Basics
      3. Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership)
        1. Cloud and Virtualization Considerations and Hosting Options
        2. On-premises vs. Hosted
        3. Cloud Service Models
      4. Security Advantages and Disadvantages of Virtualization
        1. Advantages of Virtualizing
        2. Disadvantages of Virtualizing
        3. Type 1 vs. Type 2 Hypervisors
        4. Containers
        5. vTPM
        6. Hyper-Converged Infrastructure (HCI)
        7. Virtual Desktop Infrastructure (VDI)
        8. Terminal Services
        9. Secure Enclaves and Volumes
      5. Cloud-Augmented Security Services
        1. Antimalware
        2. Vulnerability Scanning
        3. Sandboxing
        4. Content Filtering
        5. Cloud Security Broker
        6. Security as a Service (SECaaS)
      6. Vulnerabilities Associated with the Commingling of Hosts with Different Security Requirements
      7. Data Security Considerations
        1. Vulnerabilities Associated with a Single Server Hosting Multiple Data Types
        2. Vulnerabilities Associated with a Single Platform Hosting Multiple Companies’ Virtual Machines
      8. Resources Provisioning and Deprovisioning
        1. Virtual Devices
        2. Data Remnants
      9. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    3. Chapter 14 Authentication and Authorization
      1. Authentication
        1. Authentication Factors
        2. Certificate-Based Authentication
        3. SSL/TLS Certificate-Based Authentication
        4. Single Sign-On
        5. 802.1x
        6. Context-Aware Authentication
        7. Push-Based Authentication
      2. Authorization
        1. OAuth
        2. XACML
        3. SPML
      3. Attestation
      4. Identity Proofing
      5. Identity Propagation
      6. Federation
        1. SAML
        2. OpenID
        3. Shibboleth
        4. WAYF
      7. Trust Models
        1. Hierarchical Trust Model
        2. Peer-to-Peer Trust Model
        3. RADIUS Configurations
        4. LDAP
        5. AD
      8. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    4. Chapter 15 Cryptographic Techniques
      1. Cryptography Fundamentals
        1. Goals of Cryptography
      2. Cryptographic Techniques
        1. Symmetric Key Encryption Methods
        2. Asymmetric or Public Key Encryption Methods
      3. Cryptography Techniques
        1. Key Stretching
        2. Hashing
        3. Hashing Algorithms
        4. Digital Signatures
        5. Message Authentication
        6. Code Signing
        7. Pseudorandom Number Generation
        8. Perfect Forward Secrecy
        9. Data-in-Transit Encryption
        10. Data-in-Memory/Processing Encryption
        11. Data-at-Rest Encryption
        12. Steganography
      4. Cryptographic Implementations
        1. Cryptographic Modules
        2. Cryptoprocessors
        3. Cryptographic Service Providers
        4. Digital Rights Management (DRM)
        5. Watermarking
        6. GNU Privacy Guard (GPG)
        7. SSL/TLS
        8. Secure Shell (SSH)
        9. S/MIME
        10. Cryptographic Applications and Proper/Improper Implementations
        11. Stream vs. Block
        12. PKI
        13. Systems
        14. Cryptocurrency/Blockchain
        15. Mobile Device Encryption Considerations
        16. Elliptic Curve Cryptography
      5. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    5. Chapter 16 Securing Communications and Collaboration
      1. Remote Access
        1. Dial-Up
        2. VPN
        3. DirectAccess
        4. Resource and Services
        5. Desktop and Application Sharing
        6. Remote Assistance
      2. Unified Collaboration Tools
        1. Conferencing
        2. Storage and Document Collaboration Tools
        3. Unified Communications
        4. Instant Messaging
        5. Presence
        6. E-mail
        7. Telephony and VoIP Integration
        8. Collaboration Sites
      3. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
  15. Part V Research, Development, and Collaboration
    1. Chapter 17 Research Methods and Industry Trends
      1. Performing Ongoing Research
        1. Best Practices
        2. New Technologies, Security Systems, and Services
        3. Technology Evolution
      2. Threat Intelligence
        1. Latest Attacks, Vulnerabilities, and Threats
        2. Zero-Day Mitigation Controls and Remediation
        3. Threat Model
      3. Researching Security Implications of Emerging Business Tools
        1. Evolving Social Media Platforms
        2. Integration Within the Business
        3. Big Data
        4. AI/Machine Learning
      4. Global IA Industry/Community
        1. Computer Emergency Response Team (CERT)
        2. Conventions/Conferences
        3. Research Consultants/Vendors
        4. Threat Actor Activities
        5. Emerging Threat Sources
      5. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    2. Chapter 18 Technology Life Cycles and Security Activities
      1. Systems Development Life Cycle
        1. Requirements
        2. Acquisition
        3. Test and Evaluation
        4. Commissioning/Decommissioning
        5. Operational Activities
        6. Asset Disposal
        7. Asset/Object Reuse
      2. Software Development Life Cycle
        1. Requirements Gathering Phase
        2. Design Phase
        3. Development Phase
        4. Testing Phase
        5. Operations and Maintenance Phase
        6. Application Security Frameworks
        7. Software Assurance
        8. Development Approaches
        9. Secure Coding Standards
        10. Documentation
        11. Validation of the System Design
      3. Adapting Solutions
        1. Emerging Threats and Security Trends
        2. Disruptive Technologies
      4. Asset Management (Inventory Control)
      5. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
    3. Chapter 19 Business Unit Interactions
      1. Security Requirements Across Various Roles
        1. Sales Staff
        2. Programmers
        3. Database Administrators
        4. Network Administrators
        5. Management/Executive Management
        6. Financial
        7. Human Resources
        8. Emergency Response Team
        9. Facilities Manager
        10. Physical Security Manager
        11. Legal Counsel
      2. Security Processes and Controls for Senior Management
      3. Secure Collaboration Within Teams
      4. Governance, Risk, and Compliance Committee
      5. Chapter Review
        1. Quick Tips
        2. Questions
        3. Answers
  16. Appendix About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
      1. Pre-Assessment Test
    5. Other Book Resources
      1. Performance-Based Questions
      2. Downloadable Content
    6. Technical Support
  17. Glossary
  18. Index