Casp+ Comptia Advanced Security Practitioner Study Guide - Exam Cas-004

Read more

Prepare to succeed in your new cybersecurity career with the challenging and sought-after CASP+ credential
 
In the newly updated Fourth Edition of CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004, risk management and compliance expert Jeff Parker walks you through critical security topics and hands-on labs designed to prepare you for the new CompTIA Advanced Security Professional exam and a career in cybersecurity implementation. Content and chapter structure of this Fourth edition was developed and restructured to represent the CAS-004 Exam Objectives.
 
From operations and architecture concepts, techniques and requirements to risk analysis, mobile and small-form factor device security, secure cloud integration, and cryptography, you'll learn the cybersecurity technical skills you'll need to succeed on the new CAS-004 exam, impress interviewers during your job search, and excel in your new career in cybersecurity implementation.
 
This comprehensive book offers:
* Efficient preparation for a challenging and rewarding career in implementing specific solutions within cybersecurity policies and frameworks
* A robust grounding in the technical skills you'll need to impress during cybersecurity interviews
* Content delivered through scenarios, a strong focus of the CAS-004 Exam
* Access to an interactive online test bank and study tools, including bonus practice exam questions, electronic flashcards, and a searchable glossary of key terms
 
Perfect for anyone preparing for the CASP+ (CAS-004) exam and a new career in cybersecurity, CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004 is also an ideal resource for current IT professionals wanting to promote their cybersecurity skills or prepare for a career transition into enterprise cybersecurity.

List of contents

Introduction xxv
 
Assessment Test xxxv
 
Chapter 1 Risk Management 1
 
Risk Terminology 4
 
The Risk Assessment Process 6
 
Asset Identification 6
 
Information Classification 8
 
Risk Assessment 9
 
Risk Assessment Options 14
 
Implementing Controls 16
 
Policies Used to Manage Employees 17
 
Pre-Employment Policies 18
 
Employment Policies 18
 
End of Employment and Termination Procedures 20
 
Cost-Benefit Analysis 21
 
Continuous Monitoring 22
 
Enterprise Security Architecture Frameworks and Governance 23
 
Training and Awareness for Users 24
 
Best Practices for Risk Assessments 25
 
Business Continuity Planning and Disaster Recovery 27
 
Reviewing the Effectiveness of Existing Security Controls 28
 
Conducting Lessons Learned and After-Action Reviews 30
 
Creation, Collection, and Analysis of Metrics 31
 
Metrics 31
 
Trend Data 32
 
Analyzing Security Solutions to Ensure They Meet Business Needs 32
 
Testing Plans 33
 
Internal and External Audits 34
 
Using Judgment to Solve Difficult Problems 35
 
Summary 35
 
Exam Essentials 36
 
Review Questions 38
 
Chapter 2 Configure and Implement Endpoint Security Controls 43
 
Hardening Techniques 45
 
Address Space Layout Randomization Use 47
 
Hardware Security Module and Trusted Platform Module 48
 
Trusted Operating Systems 52
 
Compensating Controls 55
 
Summary 57
 
Exam Essentials 58
 
Review Questions 59
 
Chapter 3 Security Operations Scenarios 63
 
Threat Management 66
 
Types of Intelligence 66
 
Threat Hunting 67
 
Threat Emulation 67
 
Actor Types 67
 
Intelligence Collection Methods 71
 
Open-Source
 
Intelligence 71
 
Human Intelligence and Social Engineering 73
 
Frameworks 74
 
MITRE Adversarial Tactics, Techniques and Common Knowledge 74
 
ATT&CK for Industrial Control Systems 75
 
Cyber Kill Chain 76
 
Diamond Model of Intrusion Analysis 76
 
Indicators of Compromise 77
 
Reading the Logs 77
 
Intrusion Detection and Prevention 78
 
Notifications and Responses to IoCs 79
 
Response 80
 
Summary 85
 
Exam Essentials 85
 
Review Questions 86
 
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
 
Terminology 97
 
Vulnerability Management 98
 
Security Content Automation Protocol 103
 
Self-Assessment vs. Third-Party Vendor Assessment 105
 
Patch Management 108
 
Information Sources 110
 
Tools 112
 
Assessments 124
 
Penetration Testing 129
 
Assessment Types 131
 
Vulnerabilities 134
 
Buffer Overflow 134
 
Integer Overflow 135
 
Memory Leaks 136
 
Race Conditions (TOC/TOU) 136
 
Resource Exhaustion 137
 
Data Remnants 138
 
Use of Third-Party Libraries 138
 
Code Reuse 138
 
Cryptographic Vulnerabilities 138
 
Broken Authentication 139
 
Security Misconfiguration 140
 
Inherently Vulnerable System/Application 140
 
Client-Side Processing vs. Server-Side Processing 141
 
Attacks 145
 
Proactive Detection 153
 
Incident Response 153
 
Countermeasures 153
 
Deceptive Technology 154
 
USB Key Drops 155
 
Simulation

About the author

ABOUT THE AUTHORS NADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit. JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff's infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.