book

CompTIA® SecurityX® CAS-005 Certification Guide - Second Edition

Name: CompTIA® SecurityX® CAS-005 Certification Guide - Second Edition
Author: Mark Birch
ISBN: 9781836640974

by Mark Birch

July 2025

Intermediate to advanced

698 pages

17h 57m

English

Packt Publishing

Read now

Unlock full access

Foreword 1
Foreword 2
Preface
Who this book is forWhat this book coversTo get the most out of this bookOnline practice resourcesGet in touchShare your thoughts
Governance, Risk, and Compliance
Given a Set of Organizational Security Requirements, Implement the Appropriate Governance Components
PoliciesProceduresStandardsGuidelinesSecurity program management Awareness and trainingCommunicationReportingManagement commitmentThe RACI matrixGovernance frameworksCOBITITILChange/configuration managementAsset management life cycleCMDBInventoryGRC toolsData governance in staging environmentsProductionDevelopmentTestingQAData life cycle managementSummary
Given a Set of Organizational Security Requirements, Perform Risk Management Activities
Impact analysisExtreme but plausible scenariosRisk assessment and managementQuantitative risk analysisQualitative risk analysisRisk assessment frameworksAppetite/toleranceRisk prioritizationSeverity impactRemediationValidationThird-party risk managementSupply chain riskVendor riskSubprocessor riskAvailability risk considerationsBusiness Continuity and Disaster Recovery (BC/DR)BC/DR testingTabletop exercisesSimulation of disaster scenariosFull-scale operational testsData backupsConnected backupsDisconnected backupsBest practices for backup strategiesConfidentiality risk considerationsData leak responseSensitive/privileged data breachIncident response testingReportingEncryptionIntegrity risk considerationsRemote journalingHashingInterferencePrivacy risk considerationsData subject rightsData sovereigntyBiometricsCrisis managementBreach responseSummary
Explain How Compliance Affects Information Security Strategies
Awareness of industry-specific compliance in cybersecurityHealthcareFinancialGovernmentIndustry standardsPayment Card Industry Data Security Standard (PCI DSS)International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 seriesDigital Markets Act (DMA)Security and reporting frameworksBenchmarksCenter for Internet Security (CIS)Foundational best practicesSecurity Organization Control Type 2 (SOC 2)National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)Cloud Security Alliance (CSA)Audits versus assessments versus certificationsAuditsAssessmentsCertificationsExternal versus internalPrivacy regulationsGeneral Data Protection Regulation (GDPR)California Consumer Privacy Act (CCPA)General Data Protection Law (LGPD)Children’s Online Privacy Protection Act (COPPA)Awareness of cross-jurisdictional compliance requirementsE-discoveryLegal holdsDue diligenceDue careExport controlsContractual obligationsSummary
Given a Scenario, Performing Threat Modeling Activities
Threat actor characteristicsMotivationResourcesCapabilitiesAttack patternsFrameworksMITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)Common Attack Pattern Enumeration and Classification (CAPEC)Cyber Kill ChainThe Diamond Model of Intrusion AnalysisSTRIDEOpen Web Application Security Project (OWASP)Attack surface determinationArchitecture reviewsData flowsTrust boundariesCode reviewsUser factorsOrganizational changeMergersAcquisitionsDivestituresStaffing changesEnumeration/discoveryInternal and external facing assetsThird-party connectionsUnsanctioned assets/accountsCloud service discoveryPublic digital presenceMethods for identifying threatsAbuse casesAntipatternsAttack treesAttack graphsModeling the applicability of threats to the organization/environmentWith an existing system in placeWithout an existing system in placeSummary
Summarize the Information Security Challenges Associated with AI Adoption
Legal and privacy implicationsPotential misuseExplainable versus non-explainable modelsOrganizational policies on the use of AIEthical governanceThreats to the modelPrompt injectionUnsecured output handlingTraining data poisoningModel denial of serviceSupply chain vulnerabilitiesModel theftModel inversionAI-enabled attacksUnsecured plugin designDeepfakeDeepfake exploits in digital mediaDeepfake exploits in interactivityAI pipeline injectionSocial engineeringAutomated exploit generationRisks of AI usageOverreliance on AISensitive information disclosure to the modelSensitive information disclosure from the modelExcessive agency of the AIAI-enabled assistants/digital workersAccess/permissionsGuardrailsData loss preventionDisclosure of AI usageSummary
Security Architecture
Given a Scenario, Analyze Requirements to Design Resilient Systems
Component placement and configurationFirewallsFirewall capabilityIDSs/IPSsNetwork IDS versus NIPSWireless IPSVulnerability scannerVirtual private network (VPN)IPsecNetwork access control (NAC)802.1XWeb application firewall (WAF)ProxyForward proxyReverse proxySecure web gateway (SWG)API gatewayNetwork TAPsData collectorsContent delivery network (CDN)Availability and integrity design considerationsLoad balancingRecoverabilityInteroperabilityGeographical considerationsVertical versus horizontal scalingPersistence versus non-persistenceSummary

Given a Scenario, Implement Security in the Early Stages of the Systems Life Cycle and Throughout Subsequent Stages
Systems development life cycleSecurity requirements definitionFunctional requirementsNon-functional requirementsSecurity versus usability trade-offSoftware assuranceStatic application security testing (SAST)Dynamic application security testingInteractive application security testing (IAST)Runtime application self-protection (RASP)Comparison of different software assurance testing techniquesVulnerability analysisSoftware composition analysisSoftware bill of materials (SBoM)Formal methodsCI/CDCoding standards and lintingBranch protectionContinuous improvementTesting activitiesCanary testingRegression testingIntegration testingAutomated testing and retestingUnit testingChallenges and best practicesSupply chain risk managementSoftware supply chainHardware supply chainHardware assuranceCertification and validation processEOL considerationsSummary
Given a Scenario, Integrate Appropriate Controls in the Design of a Secure Architecture
Attack surface management and reductionVulnerability managementHardeningDefense-in-depthLegacy components within an architectureDetection and threat-hunting enablersCentralized loggingContinuous monitoringAlertingSensor placementInformation and data security designClassification modelsData labelingTagging strategiesData loss preventionData at restData in transitData in useData discoveryHybrid infrastructuresThird-party integrationsControl effectivenessAssessmentsScanningMetricsSummary
Given a Scenario, Apply Security Concepts to the Design of Access, Authentication, and Authorization Systems
Provisioning/deprovisioningProvisioningCredential issuanceSelf-provisioningDeprovisioningBest practices for provisioning and deprovisioningFederationOpenID ConnectOAuthSecurity Assertion Markup Language (SAML)Single sign-onKerberosConditional AccessIdentity providerService providerAttestationsPolicy decision and enforcement pointsAccess control modelsRole-based access controlRule-based access controlAttribute-based access controlMandatory access controlDiscretionary access controlLogging and auditingPublic key infrastructure architectureCertificate extensionsCertificate typesWildcard certificatesSAN certificatesSmart card certificatesEV certificatesDV certificatesOV certificatesCode signing certificatesClient certificatesOnline Certificate Status Protocol staplingCertificate authority/registration authorityTemplatesDeployment/integration approachAccess control systemsPhysical access control systemsLogical access control systemsSummary
Given a Scenario, Securely Implement Cloud Capabilities in an Enterprise Environment
Cloud Access Security Broker (CASB)API-based CASBsProxy-based CASBShadow IT detectionShared responsibility modelCI/CD pipelineTerraformAnsiblePackage monitoringContainer securityContainer orchestrationServerlessServerless workloadsServerless functionsServerless resourcesAPI securityAuthorizationRate limitingThrottlingLogging and auditingCloud versus customer-managed securityEncryption keysLicensesCloud data security considerations Data exposureData leakageData remanenceInsecure storage resourcesCloud control strategiesProactive controlsDetective controlsPreventative controlsCustomer-to-cloud connectivityCloud service integrationCloud service adoptionSummary
Given a Scenario, Integrate Zero-Trust Concepts into System Architecture Design
Continuous authorizationContext-based reauthenticationNetwork architectureSegmentationMicrosegmentationVPN and always-on VPNAPI integration and validationAsset identification, management, and attestationSecurity boundariesData perimetersSecure zoneSystem componentsDeperimeterizationSecure access service edge (SASE)Software-defined networking (SDN)Software-defined wide area network (SD-WAN)Defining subject-object relationshipsSummary
Security Engineering
Given a Scenario, Troubleshoot Common Issues with Identity and Access Management (IAM) Components in an Enterprise Environment
Subject access controlUser access control issuesProcess access control issuesDevice access control issuesService access control issuesBiometrics access control issuesSecret managementTokensCertificatesPasswordsKeysRotationDeletionConditional accessUser-to-device bindingGeographic locationTime-based access controlConfigurationAttestationCloud IAM access and trust policiesLogging and monitoringPrivilege identity management (PIM)Authentication and authorizationSecurity Assertion Markup Language (SAML)OpenID Connect (OIDC)Multifactor authentication (MFA)Single sign-on (SSO)KerberosSimultaneous Authentication of Equals (SAE)Privileged access management (PAM)Open Authorization (OAuth)Extensible Authentication Protocol (EAP)Identity proofingInstitute for Electrical and Electronics Engineers (IEEE) 802.1XFederationSummary
Given a Scenario, Analyze Requirements to Enhance the Security of Endpoint and Servers
Application controlEndpoint detection and responseEDR best practicesEvent logging and monitoringEndpoint privilege managementAttack surface monitoring and reductionHost-based intrusion protection systems/host-based detection systemsAnti-malwareCombining detection methodsSELinuxHost-based firewallBrowser isolationConfiguration managementMobile device management technologiesThreat actor tactics, techniques, and procedures (TTPs)Injection attacksPrivilege escalationCredential dumpingUnauthorized executionLateral movementCredential-based lateral movementCompromised accounts and mediaFile- and share-based propagationLeveraging legitimate protocols and servicesDefensive evasionObfuscated files or informationMasqueradingUninstalling or disabling security softwareCode signingTimestompingProcess injectionImpairing defensesUsing rootkitsLiving off the landSummary
Given a Scenario, Troubleshoot Complex Network Infrastructure Security Issues
Network misconfigurationsConfiguration driftRouting errorsSwitching errorsInsecure routingVPN/tunnel errorsWeak or outdated encryptionImproper authentication settingsKey management issuesSplit tunneling misconfigurationsIncorrect tunnel mode configurationIPS/IDS issuesRule misconfigurationsLack of rulesFalse positives/false negativesPlacement of IPSs/IDSsObservabilityDomain Name System (DNS) securityDomain Name System Security Extensions (DNSSEC)DNS poisoning (cache poisoning)SinkholingZone transfersEmail securityDomainKeys Identified Mail (DKIM)Sender Policy Framework (SPF)Domain-based message authentication, reporting, and conformance (DMARC)Secure/Multipurpose Internet Mail Extensions (S/MIME)Troubleshooting Transport Layer Security (TLS) errorsTLS certificate errorsCipher mismatchesTLS versioning issuesPublic key infrastructure (PKI) issuesCertificate expirationRevoked certificatesMismatched or incorrect key usageWeak key length or algorithm choicesIntermediate CA configuration issuesCryptographic implementationsImproper key managementWeak cryptographic algorithmsVulnerabilities in cryptographic librariesMisimplementation of encryption protocolsDoS/Distributed Denial of Service (DDoS)Resource exhaustionNetwork access control list (ACL) issuesSummary
Given a Scenario, Implement Hardware Security Technologies and Techniques
Roots of trustTrusted platform moduleHardware security moduleVirtual trusted platform moduleSecurity coprocessorsCPU security extensionsSecure enclaveVirtual hardwareHost-based encryptionSelf-encrypting driveSecure BootMeasured BootHow Measured Boot worksSelf-healing hardwareTamper detection and countermeasuresThreat actor TTPsFirmware tamperingShimmingUSB-based attacksBIOS/UEFI attacksMemory-based attacksElectromagnetic interferenceElectromagnetic pulseSummary
Given a Set of Requirements, Secure Specialized and Legacy Systems Against Threats
OTSupervisory Control and Data Acquisition (SCADA)PLCsOperational historianLadder logicHeating, ventilation, and air conditioning (HVAC)IoTSoCUnderstanding embedded systemsField-programmable gate arrays (FPGAs)Wireless technologies/radio frequency (RF)Wi-Fi (802.11 standards)Zigbee (the IEEE 802.15.4 standard)Bluetooth and Bluetooth Low Energy (BLE)LoRaCellular (4G/LTE/5G)RFIDWirelessHARTISA100.11aSecurity and privacy considerationsSegmentationMonitoringAggregationHardeningData analyticsEnvironmental considerationsRegulatory complianceSafety considerationsSafety instrumented system (SIS)Industry-specific challengesUtilitiesTransportationHealthcareManufacturingFinancial servicesGovernment/defenseCharacteristics of specialized/legacy systemsUnable to secureObsoleteUnsupportedHighly constrainedSummary
Given a Scenario, Use Automation to Secure the Enterprise
ScriptingPowerShellBashPythonCron/scheduled tasksEvent-based triggersInfrastructure as code (IaC)Configuration filesYet Another Markup Language (YAML)Extensible Markup Language (XML)JavaScript Object Notation (JSON)Tom’s Obvious, Minimal Language (TOML)Cloud APIs/software development kits (SDKs)Amazon Web Services (AWS) SDKs and APIs for automated resource managementGoogle Cloud Platform (GCP) Cloud Functions API for serverless automationWebhooksGenerative AICode assistDocumentation ContainerizationAutomated patchingAuto-containmentSecurity orchestration, automation, and response (SOAR) Vulnerability scansCredentialed versus non-credentialed scansAgent-based/server-basedCriticality ranking Active versus passive scansSecurity Content Automation Protocol (SCAP)Extensible Configuration Checklist Description Format (XCCDF)Open Vulnerability and Assessment Language (OVAL)Common Platform Enumeration (CPE) Common Vulnerabilities and Exposures (CVEs)Common Vulnerability Scoring System (CVSS)Workflow automationSummary
Explain the Importance of Advanced Cryptographic Concepts
Post-quantum cryptographyPost-quantum vs. Diffie-Hellman and elliptic curve cryptographyResistance to quantum computing decryption attackEmerging implementationsKey stretchingKey splittingHomomorphic encryptionForward secrecyHardware accelerationEnvelope encryptionPerformance versus securitySecure multiparty computation (SMPC or MPC)Authenticated encryption with associated dataMutual authenticationSummary
Given a Scenario, Apply the Appropriate Cryptographic Use Case and/or Technique
Use cases for cryptographyData at restData in transitData in use/processingSecure emailImmutable databases/blockchainNon-repudiationPrivacy applicationsLegal and regulatory considerationsResource considerationsData sanitizationData anonymizationCertificate-based authenticationPasswordless authenticationSoftware provenanceSoftware/code integrityCentralized versus decentralized key managementTechniques used in cryptographyTokenizationCode signingCryptographic erase/obfuscationDigital signaturesObfuscationSerializationHashingOne-time padSymmetric cryptographyAsymmetric cryptographyLightweight cryptographySummary
Security Operations
Given a Scenario, Analyze Data to Enable Monitoring and Response Activities
Security information and event management (SIEM)Event parsingEvent duplicationNon-reporting devicesRetentionEvent false positives/false negativesAggregate data analysisCorrelationAudit log reductionPrioritizationTrendsBehavior baselines and analyticsNetwork behavior baselinesSystem behavior baselinesUser behavior baselinesApplication and service behavior baselinesIncorporating diverse data sourcesThird-party reports and logsThreat intelligence feedsVulnerability scansCVE detailsBounty programsData loss prevention (DLP) dataEndpoint logsInfrastructure device logsApplication logsCloud security posture management (CSPM) dataAlertingFalse positives and false negatives in alertingAlert failures and their impactPrioritization factors for alertsMalware detection and alertingVulnerability alertingReporting and metricsVisualizationDashboardsSummary
Given a Scenario, Analyze Vulnerabilities and Attacks and Recommended Solutions to Reduce the Attack Surface
Vulnerabilities and attacksInjectionCross-site scripting (XSS)Unsafe memory utilizationRace conditionsCross-Site Request Forgery (CSRF)Server-Side Request Forgery (SSRF)Insecure configurationEmbedded secretsOutdated/unpatched software and librariesEnd-of-Life (EOL) softwarePoisoningDirectory service misconfigurationOverflowsDeprecated functionsVulnerable third partiesOutdated or unpatched librariesInsecure APIs or integrationsWeak vendor security postureTime of Check, Time of Use (TOCTOU)DeserializationWeak ciphersConfused deputyImplantsMitigationsInput validationOutput encodingSafe functionsSecurity design patternsUpdating/patchingLeast privilegeFail secure/fail safeSecrets managementLeast function/functionalityDefense-in-depthDependency managementCode signingEncryptionIndexingAllow listingSummary
Given a Scenario, Apply Threat-Hunting and Threat Intelligence Concepts
Internal intelligence sourcesAdversary emulation engagementsInternal reconnaissanceHypothesis-based searchesHoneypotsHoneynetsUser behavior analyticsExternal intelligence sourcesOpen source intelligenceDark web monitoringInformation sharing and analysis centers (ISACs)Reliability factorsCounterintelligence and operational securityThreat intelligence platformsThird-party vendorsIoC sharingSTIXTAXIIRule-based languagesSigmaYet Another Recursive Acronym (YARA)Real Intelligence Threat Analytics (RITA)SnortIndicators of attackTactics, techniques, and proceduresSummary
Given a Scenario, Analyze Data and Artifacts in Support of Incident Response Activities
Malware analysisDetonationIoC extractionSandboxingCode stylometryVariant matchingCode similarityMalware attributionReverse engineeringDisassembly and decompilationBinaryByte codeNetwork analysisHost analysisMetadata analysisEmail headerImagesAudio/videoFiles/filesystemHardware analysisJoint Test Action GroupData recovery and extractionThreat responsePreparedness exercisesTimeline reconstructionRoot cause analysisCloud workload protection platformInsider threatSummary
Accessing the Online Practice Resources
How to Access These MaterialsPurchased from Packt Store (packtpub.com)Packt+ SubscriptionPurchased from Amazon and Other SourcesSTEP 1STEP 2STEP 3STEP 4STEP 5Troubleshooting TipsShare FeedbackBack to the Book
Other Books You May Enjoy
Share your thoughts
Index
Coupon Code for CompTIA SecurityX Exam VouchersCoupon Code for 12% Off on CompTIA SecurityX Exam Vouchers

Content preview from CompTIA® SecurityX® CAS-005 Certification Guide - Second Edition

Domain 4

Security Operations

The final part of the book focuses on the tools, techniques, and processes used to maintain the security posture of an enterprise in day-to-day operations. This domain covers threat detection, log analysis, incident response, vulnerability management, and the use of SIEM, SOAR, and TIP platforms. It also includes applying threat intelligence, conducting forensic investigations, and coordinating with business continuity and disaster recovery plans. The domain emphasizes real-time monitoring, automation, and proactive defense measures across hybrid environments to ensure enterprise resilience and operational continuity.

This part of the book includes the following chapters:

Chapter 20, Given a Scenario, Analyze Data ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781836640974

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

CompTIA® SecurityX® CAS-005 Certification Guide - Second Edition

by Mark Birch

Domain 4

Security Operations

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.