Download CompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide PDF

TitleCompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide
Author
TagsComptia Security Comptia Network
LanguageEnglish
File Size15.4 MB
Total Pages1314
Table of Contents
                            About This eBook
Title Page
Copyright Page
Contents at a Glance
Table of Contents
About the Authors
Dedication
Acknowledgments
About the Reviewers
We Want to Hear from You!
Reader Services
CompTIA®
About the Book
	Goals and Methods
	Who Should Read This Book?
		Strategies for Exam Preparation
	CompTIA CASP Exam Topics
	How This Book Is Organized
	Pearson IT Certification Practice Test Engine and Questions on the Disc
		Install the Software from the Disc
		Activate and Download the Practice Exam
		Activating Other Exams
		Premium Edition
Introduction. The CASP Exam
	The Goals of the CASP Certification
		Sponsoring Bodies
		Other Security Exams
		Stated Goals
	The Value of the CASP Certification
		To the Security Professional
		Department of Defense Directive 8570 (DoDD 8570)
		To the Enterprise
	CASP Exam Objectives
		1.0 Enterprise Security
		2.0 Risk Management and Incident Response
		3.0 Research, Analysis and Assessment
		4.0 Integration of Computing, Communications and Business Disciplines
		5.0 Technical Integration of Enterprise Components
	Steps to Becoming a CASP
		Qualifying for the Exam
		Signing up for the Exam
		About the Exam
	CompTIA Authorized Materials Use Policy
Part I: Enterprise Security
	Chapter 1. Cryptographic Concepts and Techniques
		Foundation Topics
			Cryptographic Techniques
			Cryptographic Concepts
			Cryptographic Implementations
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 2. Enterprise Storage
		Foundation Topics
			Storage Types
			Storage Protocols
			Secure Storage Management
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 3. Network and Security Components, Concepts, and Architectures
		Foundation Topics
			Advanced Network Design (Wired/Wireless)
			Security Devices
			Networking Devices
			Virtual Networking and Security Components
			Complex Network Security Solutions for Data Flow
			Secure Configuration and Baselining of Networking and Security Components
			Software-Defined Networking
			Cloud-Managed Networks
			Network Management and Monitoring Tools
			Advanced Configuration of Routers, Switches, and Other Network Devices
			Security Zones
			Network Access Control
			Operational and Consumer Network-Enabled Devices
			Critical Infrastructure/Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 4. Security Controls for Hosts
		Foundation Topics
			Trusted OS
			Endpoint Security Software
			Host Hardening
			Security Advantages and Disadvantages of Virtualizing Servers
			Cloud-Augmented Security Services
			Boot Loader Protections
			Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
			Virtual Desktop Infrastructure (VDI)
			Terminal Services/Application Delivery Services
			Trusted Platform Module (TPM)
			Virtual TPM (VTPM)
			Hardware Security Module (HSM)
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 5. Application Vulnerabilities and Security Controls
		Foundation Topics
			Web Application Security Design Considerations
			Specific Application Issues
			Application Sandboxing
			Application Security Frameworks
			Secure Coding Standards
			Software Development Methods
			Database Activity Monitoring (DAM)
			Web Application Firewalls (WAF)
			Client-Side Processing Versus Server-Side Processing
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
Part II: Risk Management and Incident Response
	Chapter 6. Business Influences and Associated Security Risks
		Foundation Topics
			Risk Management of New Products, New Technologies, and User Behaviors
			New or Changing Business Models/Strategies
			Security Concerns of Integrating Diverse Industries
			Ensuring That Third-Party Providers Have Requisite Levels of Information Security
			Internal and External Influences
			Impact of De-perimiterization
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 7. Risk Mitigation Planning, Strategies, and Controls
		Foundation Topics
			Classify Information Types into Levels of CIA Based on Organization/Industry
			Incorporate Stakeholder Input into CIA Decisions
			Implement Technical Controls Based on CIA Requirements and Policies of the Organization
			Determine the Aggregate CIA Score
			Extreme Scenario/Worst-Case Scenario Planning
			Determine Minimum Required Security Controls Based on Aggregate Score
			Conduct System-Specific Risk Analysis
			Make Risk Determination
			Recommend Which Strategy Should be Applied Based on Risk Appetite
			Risk Management Processes
			Enterprise Security Architecture Frameworks
			Continuous Improvement/Monitoring
			Business Continuity Planning
			IT Governance
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 8. Security, Privacy Policies, and Procedures
		Foundation Topics
			Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
			Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
			Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
			Use Common Business Documents to Support Security
			Use General Privacy Principles for Sensitive Information (PII)
			Support the Development of Various Policies
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 9. Incident Response and Recovery Procedures
		Foundation Topics
			E-Discovery
			Data Breach
			Design Systems to Facilitate Incident Response
			Incident and Emergency Response
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
Part III: Research, Analysis, and Assessment
	Chapter 10. Industry Trends
		Foundation Topics
			Perform Ongoing Research
			Situational Awareness
			Vulnerability Management Systems
			Advanced Persistent Threats
			Zero-Day Mitigating Controls and Remediation
			Emergent Threats and Issues
			Research Security Implications of New Business Tools
			Global IA Industry/Community
			Research Security Requirements for Contracts
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 11. Securing the Enterprise
		Foundation Topics
			Create Benchmarks and Compare to Baselines
			Prototype and Test Multiple Solutions
			Cost/Benefit Analysis
			Metrics Collection and Analysis
			Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
			Review Effectiveness of Existing Security Controls
			Reverse Engineer/Deconstruct Existing Solutions
			Analyze Security Solution Attributes to Ensure They Meet Business Needs
			Conduct a Lessons-Learned/After-Action Report
			Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 12. Assessment Tools and Methods
		Foundation Topics
			Assessment Tool Types
			Assessment Methods
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
Part IV: Integration of Computing, Communications, and Business Disciplines
	Chapter 13. Business Unit Collaboration
		Foundation Topics
			Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
			Provide Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls
			Establish Effective Collaboration within Teams to Implement Secure Solutions
			IT Governance
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 14. Secure Communication and Collaboration
		Foundation Topics
			Security of Unified Collaboration Tools
			Remote Access
			Mobile Device Management
			Over-the-Air Technologies Concerns
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 15. Security Across the Technology Life Cycle
		Foundation Topics
			End-to-End Solution Ownership
			Systems Development Life Cycle (SDLC)
			Adapt Solutions to Address Emerging Threats and Security Trends
			Asset Management (Inventory Control)
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
Part V: Technical Integration of Enterprise Components
	Chapter 16. Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture
		Foundation Topics
			Secure Data Flows to Meet Changing Business Needs
			Standards
			Interoperability Issues
			Technical Deployment Models
			Logical and Physical Deployment Diagrams of Relevant Devices
			Secure Infrastructure Design
			Storage Integration (Security Considerations)
			Enterprise Application Integration Enablers
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
	Chapter 17. Authentication and Authorization Technologies
		Foundation Topics
			Authentication
			Authorization
			Attestation
			Identity Propagation
			Federation
			Advanced Trust Models
		Exam Preparation Tasks
			Review All Key Topics
		Review Questions
Part VI: Appendixes
	Appendix A. Answers
		Chapter 1
		Chapter 2
		Chapter 3
		Chapter 4
		Chapter 5
		Chapter 6
		Chapter 7
		Chapter 8
		Chapter 9
		Chapter 10
		Chapter 11
		Chapter 12
		Chapter 13
		Chapter 14
		Chapter 15
		Chapter 16
		Chapter 17
	Appendix B. CASP CAS-002 Exam Updates
		Always Get the Latest at the Companion Website
			Technical Content
Glossary
Index
Appendix C. Memory Tables
	Chapter 1
	Chapter 7
Appendix D. Memory Tables Answer Key
	Chapter 1
	Chapter 7
Practice Exam 1
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 17: Secure Communication and Collaboration
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
Practice Exam 2
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 17: Secure Communication and Collaboration
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
Practice Exam 3
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 1: Cryptographic Concepts and Techniques
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 7: Risk Mitigation Planning, Strategies, and Controls
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 8: Security, Privacy Policies, and Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 9: Incident Response and Recovery Procedures
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 10: Industry Trends
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 11: Securing the Enterprise
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 13: Business Unit Collaboration
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 15: Security Across the Technology Life Cycle
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 2: Enterprise Storage
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 3: Network and Security Components, Concepts, and Architectures
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 4: Security Controls for Hosts
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 5: Application Vulnerabilities and Security Controls
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 6: Business Influences and Associated Security Risks
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 12: Assessment Tools and Methods
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 14: Secure Communication and Collaboration
	Chapter 17: Secure Communication and Collaboration
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
	Chapter 17: Authentication and Authorization Technologies
Code Snippets
                        
Document Text Contents
Page 1







Page 2







Page 657







Page 658







Page 1313







Page 1314




Similer Documents