book

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide, 3rd Edition

by Robin Abernathy, Troy McMillan

July 2022

Intermediate to advanced

864 pages

20h 31m

English

Pearson IT Certification

Read now

Unlock full access

Who Should Read This Book?Strategies for Exam PreparationHow This Book Is OrganizedCompanion WebsitePearson Test Prep Practice Test SoftwareAccessing the Pearson Test Prep Software OnlineAccessing the Pearson Test Prep Software OfflineCustomizing Your ExamsUpdating Your ExamsPremium Edition eBook and Practice Tests
ServicesSegmentationDe-perimeterization/Zero TrustMerging of Networks from Various OrganizationsSoftware-Defined Networking (SDN)Exam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
ScalabilityResiliencyAutomationPerformanceContainerizationVirtualizationContent Delivery NetworkCachingExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Baseline and TemplatesSoftware AssuranceConsiderations of Integrating Enterprise ApplicationsIntegrating Security into Development Life CycleExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Data Loss PreventionData Loss DetectionData Classification, Labeling, and TaggingObfuscationAnonymizationEncrypted vs. UnencryptedData Life CycleData Inventory and MappingData Integrity ManagementData Storage, Backup, and RecoveryExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Credential ManagementPassword PoliciesFederationAccess ControlProtocolsMultifactor Authentication (MFA)One-Time Password (OTP)Hardware Root of TrustSingle Sign-On (SSO)JavaScript Object Notation (JSON) Web Token (JWT)Attestation and Identity ProofingExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
Virtualization StrategiesProvisioning and DeprovisioningMiddlewareMetadata and TagsDeployment Models and ConsiderationsHosting ModelsService ModelsCloud Provider LimitationsExtending Appropriate On-premises ControlsStorage ModelsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Privacy and Confidentiality RequirementsIntegrity RequirementsNon-repudiationCompliance and Policy RequirementsCommon Cryptography Use CasesCommon PKI Use CasesExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Artificial IntelligenceMachine LearningQuantum ComputingBlockchainHomomorphic EncryptionSecure Multiparty ComputationDistributed ConsensusBig DataVirtual/Augmented Reality3-D PrintingPasswordless AuthenticationNano TechnologyDeep LearningBiometric ImpersonationExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Intelligence TypesActor TypesThreat Actor PropertiesIntelligence Collection MethodsFrameworksExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Indicators of CompromiseResponseExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Vulnerability ScansSecurity Content Automation Protocol (SCAP)Self-assessment vs. Third-Party Vendor AssessmentPatch ManagementInformation SourcesExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
MethodsToolsDependency ManagementRequirementsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
VulnerabilitiesInherently Vulnerable System/ApplicationAttacksExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Proactive and DetectionSecurity Data AnalyticsPreventiveApplication ControlSecurity AutomationPhysical SecurityExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Event ClassificationsTriage EventPreescalation TasksIncident Response ProcessSpecific Response Playbooks/ProcessesCommunication PlanStakeholder ManagementExam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
Legal vs. Internal Corporate PurposesForensic ProcessIntegrity PreservationCryptanalysisSteganalysisExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
File Carving ToolsBinary Analysis ToolsAnalysis ToolsImaging ToolsHashing UtilitiesLive Collection vs. Post-mortem ToolsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Managed ConfigurationsDeployment ScenariosExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Hardening TechniquesProcessesMandatory Access ControlTrustworthy ComputingCompensating ControlsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
EmbeddedICS/Supervisory Control and Data Acquisition (SCADA)ProtocolsSectorsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Automation and OrchestrationEncryption ConfigurationLogsMonitoring ConfigurationsKey Ownership and LocationKey Life-Cycle ManagementBackup and Recovery MethodsInfrastructure vs. Serverless ComputingApplication VirtualizationSoftware-Defined NetworkingMisconfigurationsCollaboration ToolsStorage ConfigurationsCloud Access Security Broker (CASB)Exam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
PKI HierarchyCertificate TypesCertificate Usages/Profiles/TemplatesExtensionsTrusted ProvidersTrust ModelCross-certificationConfigure ProfilesLife-Cycle ManagementPublic and Private KeysDigital SignatureCertificate PinningCertificate StaplingCertificate Signing Requests (CSRs)Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL)HTTP Strict Transport Security (HSTS)Exam Preparation TasksReview All Key TopicsDefine Key TermsReview Questions
HashingSymmetric AlgorithmsAsymmetric AlgorithmsProtocolsElliptic-Curve CryptographyForward SecrecyAuthenticated Encryption with Associated DataKey StretchingExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from Memory
Implementation and Configuration IssuesKeysExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Risk AssessmentRisk Handling TechniquesRisk TypesRisk Management Life CycleRisk TrackingRisk Appetite vs. Risk TolerancePolicies and Security PracticesExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Shared Responsibility Model (Roles/Responsibilities)Vendor Lock-in and Vendor Lock-outVendor ViabilityMeeting Client RequirementsSupport AvailabilityGeographical ConsiderationSupply Chain VisibilityIncident Reporting RequirementsSource Code EscrowsOngoing Vendor Assessment ToolsThird-Party DependenciesTechnical ConsiderationsExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from MemoryReview Questions
Security Concerns of Integrating Diverse IndustriesData ConsiderationsGeographic ConsiderationsThird-Party Attestation of ComplianceRegulations, Accreditations, and StandardsLegal ConsiderationsContract and Agreement TypesExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from Memory
Business Impact AnalysisPrivacy Impact AssessmentDisaster Recovery Plan (DRP)/Business Continuity Plan (BCP)Incident Response PlanTesting PlansExam Preparation TasksReview All Key TopicsDefine Key TermsComplete Tables and Lists from Memory
Tools for Final PreparationSuggested Plan for Final Review/StudySummary

Content preview from CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide, 3rd Edition

Chapter 10

Analyzing Indicators of Compromise and Formulating an Appropriate Response

This chapter covers the following topics:

Indicators of compromise: This section covers packet capture (PCAP), network logs, vulnerability logs, operating system logs, access logs, NetFlow logs, notifications (including FIM alerts, SIEM alerts, DLP alerts, IDS/IPS alerts, and antivirus alerts), notification severity/priorities, and unusual process activity.
Response: This section describes firewall rules, IPS/IDS rules, ACL rules, signature rules, behavior rules, DLP rules, and scripts/regular expressions.

This chapter covers CAS-004 Objective 2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.

Formulating an appropriate ...