CompTIA CASP+ CAS-004 Certification Guide

CompTIA CASP+ CAS-004 Certification Guide

by Mark Birch
Released March 2022
Publisher(s): Packt Publishing
ISBN: 9781801816779

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Master architecting and implementing advanced security strategies across complex enterprise networks with this hands-on guide

Key Features

  • Learn how to apply industry best practices and earn the CASP+ certification
  • Explore over 400 CASP+ questions to test your understanding of key concepts and help you prepare for the exam
  • Discover over 300 illustrations and diagrams that will assist you in understanding advanced CASP+ concepts

Book Description

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt.

Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise.

By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.

What you will learn

  • Understand Cloud Security Alliance (CSA) and the FedRAMP programs
  • Respond to Advanced Persistent Threats (APT) by deploying hunt teams
  • Understand the Cyber Kill Chain framework as well as MITRE ATT&CK and Diamond Models
  • Deploy advanced cryptographic solutions using the latest FIPS standards
  • Understand compliance requirements for GDPR, PCI, DSS, and COPPA
  • Secure Internet of Things (IoT), Industrial control systems (ICS), and SCADA
  • Plan for incident response and digital forensics using advanced tools

Who this book is for

This CompTIA book is for CASP+ CAS-004 exam candidates who want to achieve CASP+ certification to advance their career. Security architects, senior security engineers, SOC managers, security analysts, IT cybersecurity specialists/INFOSEC specialists, and cyber risk analysts will benefit from this book. Experience in an IT technical role or CompTIA Security+ certification or equivalent is assumed.

Table of contents

  1. CompTIA CASP+ CAS-004 Certification Guide
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
  6. Section 1: Security Architecture
  7. Chapter 1: Designing a Secure Network Architecture
    1. Physical and virtual network and security devices
      1. OSI model
      2. Unified threat management
      3. IDS/IPS
      4. Network IDS versus NIPS
      5. Wireless IPS
      6. Inline encryptors
      7. Network access control
      8. SIEM
      9. Switches
      10. Firewalls
      11. Routers
      12. Proxy
      13. Network address translation gateway
      14. Load balancer
      15. Hardware security module
    2. Application- and protocol-aware technologies
      1. DLP
      2. WAF
      3. Database activity monitoring
      4. Spam filter
    3. Advanced network design
      1. Remote access
      2. VPN
      3. IPsec
      4. SSH
      5. Remote Desktop Protocol
      6. Virtual Network Computing
      7. Network authentication methods
      8. Placement of hardware and applications
    4. Network management and monitoring tools
      1. Alert definitions and rule writing
    5. Advanced configuration of network devices
      1. Transport security
      2. Port security
      3. Route protection
      4. Distributed DoS protection
      5. Remotely triggered black hole
    6. Security zones
      1. DMZ
    7. Summary
    8. Questions
    9. Case study
    10. Answers
    11. Case study answer
  8. Chapter 2: Integrating Software Applications into the Enterprise
    1. Integrating security into the development life cycle
      1. Systems development life cycle
      2. Development approaches
      3. Versioning
    2. Software assurance
      1. Sandboxing/development environment
      2. Validating third-party libraries
      3. SecDevOps
      4. Defining the DevOps pipeline
    3. Baseline and templates
      1. Secure coding standards
      2. Application vetting processes
      3. Hypertext Transfer Protocol (HTTP) headers
      4. Application Programming Interface (API) management
    4. Considerations when integrating enterprise applications
      1. Customer relationship management (CRM)
      2. Enterprise resource planning (ERP)
      3. Configuration Management Database (CMDB)
      4. Content management systems
    5. Integration enablers
      1. Directory services
      2. Domain name system
      3. Service-oriented architecture
      4. Enterprise service bus
    6. Summary
    7. Questions
    8. Answers
  9. Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
    1. Implementing data loss prevention
      1. Blocking the use of external media
      2. Print blocking
      3. Remote Desktop Protocol blocking
    2. Implementing data loss detection
      1. Watermarking
      2. Digital rights management
      3. Network traffic decryption/deep packet inspection
      4. Network traffic analysis
    3. Enabling data protection
      1. Data classification
      2. Metadata/attributes
      3. Obfuscation
      4. Anonymization
      5. Encrypted versus unencrypted
      6. Data life cycle
      7. Data inventory and mapping
      8. Data integrity management
      9. Data storage, backup, and recovery
      10. Redundant array of inexpensive disks
    4. Implementing secure cloud and virtualization solutions
      1. Virtualization strategies
      2. Security considerations for virtualization
    5. Investigating cloud deployment models
      1. Deployment models and considerations
      2. Private cloud
      3. Public cloud
      4. Hybrid cloud
      5. Hosting models
      6. Service models
      7. Software as a service
      8. Platform as a service
      9. Infrastructure as a service
      10. Cloud provider limitations
    6. Extending appropriate on-premises controls
      1. Micro-segmentation
      2. Jump box
    7. Examining cloud storage models
      1. File-based storage
      2. Database storage
      3. Block storage
      4. Blob storage
      5. Key/value pairs
    8. Summary
    9. Questions
    10. Answers
  10. Chapter 4: Deploying Enterprise Authentication and Authorization Controls
    1. Credential management
      1. Hardware key manager
      2. Password policies
    2. Identity federation
    3. Access control
    4. Authentication and authorization protocols
    5. Multi-Factor Authentication (MFA)
    6. Summary
    7. Questions
    8. Answers
  11. Section 2: Security Operations
  12. Chapter 5: Threat and Vulnerability Management
    1. Intelligence types
      1. Tactical intelligence
      2. Strategic intelligence
      3. Operational intelligence
      4. Commodity malware
      5. Targeted attacks
    2. Actor types
      1. Advanced persistent threat – nation-state
      2. Insider threat
      3. Competitor
      4. Hacktivist
      5. Script kiddie
      6. Organized crime
    3. Threat actor properties
      1. Resources
      2. Time
      3. Money
      4. Supply chain access
      5. Capabilities and sophistication
      6. Identifying techniques
    4. Intelligence collection methods
      1. Intelligence feeds
      2. Deep web
      3. Proprietary intelligence
      4. Open source intelligence
      5. Human intelligence
    5. Frameworks
      1. MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
      2. ATT&CK for industrial control systems
      3. The Diamond model of intrusion analysis
      4. Cyber Kill Chain
      5. Threat hunting
      6. Threat emulation
    6. Indicators of compromise
      1. Packet capture
      2. Logs
      3. Network logs
      4. Vulnerability logs
      5. Operating system logs
      6. Access logs
      7. NetFlow logs
      8. Notifications
      9. File integrity monitoring alerts
      10. SIEM alerts
      11. Data loss prevention alerts
      12. Intrusion detection system and intrusion prevention system alerts
      13. Antivirus alerts
      14. Notification severity and priorities
    7. Responses
      1. Firewall rules
      2. Intrusion prevention system and intrusion detection system rules
      3. Access control list rules
      4. Signature rules
      5. Behavior rules
      6. Data loss prevention rules
      7. Scripts/regular expressions
    8. Summary
    9. Questions
    10. Answers
  13. Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
    1. Vulnerability scans
      1. Credentialed versus non-credentialed scans
      2. Agent-based/server-based
      3. Criticality ranking
      4. Active versus passive scans
    2. Security Content Automation Protocol (SCAP)
      1. Extensible Configuration Checklist Description Format (XCCDF)
      2. Open Vulnerability and Assessment Language (OVAL)
      3. Common Platform Enumeration (CPE)
      4. Common Vulnerabilities and Exposures (CVE)
      5. Common Vulnerability Scoring System (CVSS)
      6. Common Configuration Enumeration (CCE)
      7. Asset Reporting Format (ARF)
      8. Self-assessment versus third-party vendor assessment
      9. Patch management
    3. Information sources
      1. Advisories
      2. Bulletins
      3. Vendor websites
      4. Information Sharing and Analysis Centers (ISACs)
      5. News reports
    4. Testing methods
      1. Static analysis
      2. Dynamic analysis
      3. Side-channel analysis
      4. Wireless vulnerability scan
      5. Software Composition Analysis (SCA)
      6. Fuzz testing
    5. Penetration testing
      1. Requirements
      2. Box testing
      3. Post-exploitation
      4. Persistence
      5. Pivoting
      6. Rescanning for corrections/changes
    6. Security tools
      1. SCAP scanner
      2. Network traffic analyzer
      3. Vulnerability scanner
      4. Protocol analyzer
      5. Port scanner
      6. HTTP interceptor
      7. Exploit framework
      8. Dependency management tools
    7. Summary
    8. Questions
    9. Answers
  14. Chapter 7: Risk Mitigation Controls
    1. Understanding application vulnerabilities
      1. Race conditions
      2. Buffer overflows
      3. Broken authentication
      4. Insecure references
      5. Poor exception handling
      6. Security misconfiguration
      7. Information disclosure
      8. Certificate errors
      9. Use of unsafe functions
      10. Third-party libraries
      11. Dependencies
      12. End-of-support and end-of-life
      13. Regression issues
    2. Assessing inherently vulnerable systems and applications
      1. Client-side processing and server-side processing
      2. JSON and representational state transfer
      3. Browser extensions
      4. Hypertext Markup Language 5 (HTML5)
      5. Asynchronous JavaScript and XML (AJAX)
      6. Simple Object Access Protocol (SOAP)
    3. Recognizing common attacks
      1. Directory traversal
      2. Cross-site scripting
      3. Cross-site request forgery
      4. Injection attacks
      5. Sandbox escape
      6. VM hopping
      7. VM escape
      8. Border Gateway Protocol and route hijacking
      9. Interception attacks
      10. Denial of service and distributed denial of service
      11. Social engineering
      12. VLAN hopping
    4. Proactive and detective risk reduction
    5. Hunts
      1. Developing countermeasures
      2. Deceptive technologies
      3. Security data analytics
    6. Applying preventative risk reduction
      1. Application control
      2. Security automation
      3. Physical security
    7. Summary
    8. Questions
    9. Answers
  15. Chapter 8: Implementing Incident Response and Forensics Procedures
    1. Understanding incident response planning
      1. Event classifications
      2. Triage event
    2. Understanding the incident response process
      1. Preparation
      2. Detection
      3. Analysis
      4. Containment
      5. Eradication and recovery
      6. Lessons learned
      7. Specific response playbooks/processes
      8. Non-automated response methods
      9. Automated response methods
      10. Communication plan
    3. Understanding forensic concepts
      1. Forensic process
      2. Chain of custody
      3. Order of volatility
      4. Memory snapshots
      5. Images
      6. Evidence preservation
      7. Cryptanalysis
      8. Steganalysis
    4. Using forensic analysis tools
      1. File carving tools
      2. Binary analysis tools
      3. Analysis tools
      4. Imaging tools
      5. Hashing utilities
      6. Using live collection and post-mortem tools
    5. Summary
    6. Questions
    7. Answers
  16. Section 3: Security Engineering and Cryptography
  17. Chapter 9: Enterprise Mobility and Endpoint Security Controls
    1. Implementing enterprise mobility management
      1. Managed configurations
    2. Security considerations for mobility management
      1. The unauthorized remote activation and deactivation of devices or features
      2. Encrypted and unencrypted communication concerns
      3. Physical reconnaissance
      4. Personal data theft
      5. Health privacy
      6. The implications of wearable devices
      7. The digital forensics of collected data
      8. Unauthorized application stores
      9. Containerization
      10. Original equipment manufacturer (OEM) and carrier differences
      11. Supply chain issues
      12. The use of an eFuse
    3. Implementing endpoint security controls
      1. Hardening techniques
      2. Compensating controls
    4. Summary
    5. Questions
    6. Answers
  18. Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
    1. Identifying regulated business sectors
      1. Energy sector
      2. Manufacturing
      3. Healthcare
      4. Public utilities
      5. Public services
      6. Facility services
    2. Understanding embedded systems
      1. Internet of things
      2. System on a chip
      3. Application-specific integrated circuits
      4. Field-programmable gate array
    3. Understanding ICS/SCADA
      1. PLCs
      2. Historian
      3. Ladder logic
      4. Safety instrumented system
      5. Heating, ventilation, and air conditioning
    4. Understanding OT protocols
      1. Controller area network bus
      2. Modbus
      3. Distributed Network Protocol 3
      4. Zigbee
      5. Common Industrial Protocol
      6. Data Distribution Service
    5. Summary
    6. Questions
    7. Answers
  19. Chapter 11: Implementing Cryptographic Protocols and Algorithms
    1. Understanding hashing algorithms
      1. Secure Hashing Algorithm (SHA)
      2. Hash-Based Message Authentication Code (HMAC)
      3. Message Digest (MD)
      4. RACE integrity primitives evaluation message digest (RIPEMD)
    2. Understanding symmetric encryption algorithms
      1. Block ciphers
      2. Stream ciphers
    3. Understanding asymmetric encryption algorithms
      1. Rivest, Shamir, and Adleman (RSA)
      2. Digital Signature Algorithm (DSA)
      3. Elliptic-curve Digital Signature Algorithm (ECDSA)
      4. Diffie-Hellman (DH)
      5. Elliptic-curve Cryptography (ECC)
      6. Elliptic-curve Diffie-Hellman (ECDH)
    4. Understanding encryption protocols
      1. Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
      2. Secure/Multipurpose Internet Mail Extensions (S/MIME)
      3. Internet Protocol Security (IPSec)
      4. Secure Shell (SSH)
      5. Key stretching
      6. Password salting
      7. Password-based key derivation function 2 (PBKDF2)
    5. Understanding emerging security technologies
      1. Quantum computing
      2. Blockchain
      3. Homomorphic encryption
      4. Biometric impersonation
      5. 3D printing
    6. Summary
    7. Questions
    8. Answers
  20. Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
    1. Understanding the PKI hierarchy
      1. Certificate authority
      2. Registration authority
      3. Certificate revocation list
      4. Online Certificate Status Protocol
    2. Understanding certificate types
      1. Wildcard certificate
      2. Extended validation
      3. Multi-domain
      4. General-purpose
      5. Certificate usages/templates
    3. Understanding PKI security and interoperability
      1. Trusted certificate providers
      2. Trust models
      3. Cross-certification certificate
      4. Life cycle management
      5. Certificate pinning
      6. Certificate stapling
      7. CSRs
      8. Common PKI use cases
      9. Key escrow
    4. Troubleshooting issues with cryptographic implementations
      1. Key rotation
      2. Mismatched keys
      3. Improper key handling
      4. Embedded keys
      5. Exposed private keys
      6. Crypto shredding
      7. Cryptographic obfuscation
      8. Compromised keys
    5. Summary
    6. Questions
    7. Answers
  21. Section 4: Governance, Risk, and Compliance
  22. Chapter 13: Applying Appropriate Risk Strategies
    1. Understanding risk assessments
      1. Qualitative risk assessments
      2. Quantitative risk assessments
    2. Implementing risk-handling techniques
      1. Transfer
      2. Accept
      3. Avoid
      4. Mitigate
      5. Risk types
    3. Understanding the risk management life cycle
      1. Department of Defense Risk Management Framework
      2. NIST Cybersecurity Framework (CSF)
      3. Understanding risk controls
    4. Understanding risk tracking
      1. Key performance indicators
      2. Key risk indicators
      3. Risk appetite
      4. Risk tolerance
      5. Trade-off analysis
    5. Managing risk with policies and security practices
      1. Separation of duties (SoD)
      2. Job rotation
      3. Mandatory vacation
      4. Least privilege
      5. Employment and termination procedures
      6. Training and awareness for users
      7. Auditing requirements and frequency
    6. Explaining the importance of managing and mitigating vendor risk
      1. Vendor lock-in
      2. Vendor viability
      3. Merger or acquisition risk
      4. Meeting client requirements
      5. Ongoing vendor assessment tools
    7. Summary
    8. Questions
    9. Answers
  23. Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
    1. Security concerns associated with integrating diverse industries
      1. Data considerations
      2. Understanding geographic considerations
      3. Third-party attestation of compliance
    2. Understanding regulations, accreditations, and standards
    3. Understanding legal considerations
    4. Application of contract and agreement types
    5. Summary
    6. Questions
    7. Answers
  24. Chapter 15: Business Continuity and Disaster Recovery Concepts
    1. Conducting a business impact analysis
      1. Maximum Tolerable Downtime (MTD)
      2. Recovery Time Objective (RTO)
      3. Recovery Point Objective (RPO)
      4. Recovery service level
      5. Mission-essential functions
      6. Privacy Impact Assessment (PIA)
      7. Preparing a Disaster Recovery Plan/Business Continuity Plan
      8. Backup and recovery methods
    2. Planning for high availability and automation
      1. Scalability
      2. Resiliency
      3. Automation
      4. Content Delivery Network (CDN)
      5. Testing plans
    3. Explaining how cloud technology aids enterprise resilience
      1. Using cloud solutions for business continuity and disaster recovery (BCDR)
      2. Infrastructure versus serverless computing
      3. Collaboration tools
      4. Storage configurations
      5. Cloud Access Security Broker (CASB)
    4. Summary
    5. Questions
    6. Answers
  25. Chapter 16: Mock Exam 1
    1. Questions
    2. Assessment test answers
  26. Chapter 17: Mock Exam 2
    1. Questions
    2. Answers
    3. Why subscribe?
  27. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: CompTIA CASP+ CAS-004 Certification Guide
  • Author(s): Mark Birch
  • Release date: March 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801816779