CASP+ CompTIA Advanced Security Practitioner Study Guide – Exam CAS–004, Fourth Edition: Sybex Study Guide

ABOUT THE AUTHORS NADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit. JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff's infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.

Introduction xxv Assessment Test xxxv Chapter 1 Risk Management 1 Risk Terminology 4 The Risk Assessment Process 6 Asset Identification 6 Information Classification 8 Risk Assessment 9 Risk Assessment Options 14 Implementing Controls 16 Policies Used to Manage Employees 17 Pre-Employment Policies 18 Employment Policies 18 End of Employment and Termination Procedures 20 Cost-Benefit Analysis 21 Continuous Monitoring 22 Enterprise Security Architecture Frameworks and Governance 23 Training and Awareness for Users 24 Best Practices for Risk Assessments 25 Business Continuity Planning and Disaster Recovery 27 Reviewing the Effectiveness of Existing Security Controls 28 Conducting Lessons Learned and After-Action Reviews 30 Creation, Collection, and Analysis of Metrics 31 Metrics 31 Trend Data 32 Analyzing Security Solutions to Ensure They Meet Business Needs 32 Testing Plans 33 Internal and External Audits 34 Using Judgment to Solve Difficult Problems 35 Summary 35 Exam Essentials 36 Review Questions 38 Chapter 2 Configure and Implement Endpoint Security Controls 43 Hardening Techniques 45 Address Space Layout Randomization Use 47 Hardware Security Module and Trusted Platform Module 48 Trusted Operating Systems 52 Compensating Controls 55 Summary 57 Exam Essentials 58 Review Questions 59 Chapter 3 Security Operations Scenarios 63 Threat Management 66 Types of Intelligence 66 Threat Hunting 67 Threat Emulation 67 Actor Types 67 Intelligence Collection Methods 71 Open-Source Intelligence 71 Human Intelligence and Social Engineering 73 Frameworks 74 MITRE Adversarial Tactics, Techniques and Common Knowledge 74 ATT&CK for Industrial Control Systems 75 Cyber Kill Chain 76 Diamond Model of Intrusion Analysis 76 Indicators of Compromise 77 Reading the Logs 77 Intrusion Detection and Prevention 78 Notifications and Responses to IoCs 79 Response 80 Summary 85 Exam Essentials 85 Review Questions 86 Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91 Terminology 97 Vulnerability Management 98 Security Content Automation Protocol 103 Self-Assessment vs. Third-Party Vendor Assessment 105 Patch Management 108 Information Sources 110 Tools 112 Assessments 124 Penetration Testing 129 Assessment Types 131 Vulnerabilities 134 Buffer Overflow 134 Integer Overflow 135 Memory Leaks 136 Race Conditions (TOC/TOU) 136 Resource Exhaustion 137 Data Remnants 138 Use of Third-Party Libraries 138 Code Reuse 138 Cryptographic Vulnerabilities 138 Broken Authentication 139 Security Misconfiguration 140 Inherently Vulnerable System/Application 140 Client-Side Processing vs. Server-Side Processing 141 Attacks 145 Proactive Detection 153 Incident Response 153 Countermeasures 153 Deceptive Technology 154 USB Key Drops 155 Simulation 155 Security Data Analytics 155 Application Control 156 Allow and Block Lists 157 Security Automation 157 Physical Security 158 Summary 159 Exam Essentials 160 Review Questions 161 Chapter 5 Compliance and Vendor Risk 165 Shared Responsibility in Cloud Computing 168 Cloud Service/Infrastructure Models 169 Cloud Computing Providers and Hosting Options 169 Benefits of Cloud Computing 171 Security of On-Demand/Elastic Cloud Computing 174 Geographic Location 175 Infrastructure 175 Compute 175 Storage 175 Networking 176 Managing and Mitigating Risk 182 Security Concerns of Integrating Diverse Industries 185 Regulations, Accreditations, and Standards 187 PCI DSS 187 GDPR 190 ISO 192 CMMI 193 NIST 194 COPPA 195 CSA-STAR 196 HIPAA, SOX, and GLBA 197 Contract and Agreement Types 198 Third-Party Attestation of Compliance 202 Legal Considerations 203 Summary 204 Exam Essentials 205 Review Questions 206 Chapter 6 Cryptography and PKI 211 The History of Cryptography 216 Cryptographic Goals and Requirements 217 Supporting Security Requirements 218 Compliance and Policy Requirements 219 Privacy and Confidentiality Requirements 219 Integrity Requirements 220 Nonrepudiation 220 Risks with Data 221 Data at Rest 221 Data in Transit 222 Data in Process/Data in Use 222 Hashing 223 Message Digest 225 Secure Hash Algorithm 225 Message Authentication Code 226 Hashed Message Authentication Code 226 RACE Integrity Primitives Evaluation Message Digest 226 Poly1305 226 Symmetric Algorithms 227 Data Encryption Standard 230 Triple DES 231 Rijndael and the Advanced Encryption Standard 231 ChaCha 232 Salsa20 232 International Data Encryption Algorithm 232 Rivest Cipher Algorithms 233 Counter Mode 233 Asymmetric Encryption 233 Diffie-Hellman 235 RSA 236 Elliptic Curve Cryptography 237 ElGamal 238 Hybrid Encryption and Electronic Data Exchange (EDI) 238 Public Key Infrastructure Hierarchy 239 Certificate Authority 240 Registration Authority 241 Digital Certificates 241 Certificate Revocation List 243 Certificate Types 243 Certificate Distribution 244 The Client's Role in PKI 245 Implementation of Cryptographic Solutions 247 Application Layer Encryption 248 Transport Layer Encryption 249 Internet Layer Controls 250 Additional Authentication Protocols 251 Cryptocurrency 252 Digital Signatures 252 Recognizing Cryptographic Attacks 254 Troubleshooting Cryptographic Implementations 256 Summary 259 Exam Essentials 259 Review Questions 261 Chapter 7 Incident Response and Forensics 265 The Incident Response Framework 268 Event Classifications 268 Triage Events 269 Pre-Escalation Tasks 270 The Incident Response Process 270 Response Playbooks and Processes 273 Communication Plan and Stakeholder Management 274 Forensic Concepts 277 Principles, Standards, and Practices 278 The Forensic Process 279 Forensic Analysis Tools 283 File Carving Tools 284 Binary Analysis Tools 284 Analysis Tools 286 Imaging Tools 288 Hashing Utilities 289 Live Collection vs. Postmortem Tools 290 Summary 294 Exam Essentials 294 Review Questions 295 Chapter 8 Security Architecture 301 Security Requirements and Objectives for a Secure Network Architecture 310 Services 310 Segmentation 334 Deperimeterization/Zero Trust 344 Merging Networks from Various Organizations 352 Software-Defined Networking 357 Organizational Requirements for Infrastructure Security Design 358 Scalability 358 Resiliency 359 Automation 359 Containerization 360 Virtualization 361 Content Delivery Network 361 Integrating Applications Securely into an Enterprise Architecture 362 Baseline and Templates 362 Software Assurance 367 Considerations of Integrating Enterprise Applications 370 Integrating Security into the Development Life Cycle 373 Data Security Techniques for Securing Enterprise Architecture 384 Data Loss Prevention 384 Data Loss Detection 387 Data Classification, Labeling, and Tagging 388 Obfuscation 390 Anonymization 390 Encrypted vs. Unencrypted 390 Data Life Cycle 391 Data Inventory and Mapping 391 Data Integrity Management 391 Data Storage, Backup, and Recovery 392 Security Requirements and Objectives for Authentication and Authorization Controls 394 Credential Management 394 Password Policies 396 Federation 398 Access Control 399 Protocols 401 Multifactor Authentication 403 One-Time Passwords 404 Hardware Root of Trust 404 Single Sign-On 405 JavaScript Object Notation Web Token 405 Attestation and Identity Proofing 406 Summary 406 Exam Essentials 407 Review Questions 410 Chapter 9 Secure Cloud and Virtualization 415 Implement Secure Cloud and Virtualization Solutions 418 Virtualization Strategies 419 Deployment Models and Considerations 425 Service Models 429 Cloud Provider Limitations 433 Extending Appropriate On-Premises Controls 433 Storage Models 439 How Cloud Technology Adoption Impacts Organization Security 445 Automation and Orchestration 445 Encryption Configuration 445 Logs 446 Monitoring Configurations 447 Key Ownership and Location 448 Key Life-Cycle Management 448 Backup and Recovery Methods 449 Infrastructure vs. Serverless Computing 450 Software-Defined Networking 450 Misconfigurations 451 Collaboration Tools 451 Bit Splitting 461 Data Dispersion 461 Summary 461 Exam Essentials 462 Review Questions 463 Chapter 10 Mobility and Emerging Technologies 467 Emerging Technologies and Their Impact on Enterprise Security and Privacy 471 Artificial Intelligence 472 Machine Learning 472 Deep Learning 472 Quantum Computing 473 Blockchain 473 Homomorphic Encryption 474 Distributed Consensus 475 Big Data 475 Virtual/Augmented Reality 475 3D Printing 476 Passwordless Authentication 476 Nano Technology 477 Biometric Impersonation 477 Secure Enterprise Mobility Configurations 478 Managed Configurations 479 Deployment Scenarios 486 Mobile Device Security Considerations 487 Security Considerations for Technologies, Protocols, and Sectors 495 Embedded Technologies 495 ICS/Supervisory Control and Data Acquisition 496 Protocols 498 Sectors 499 Summary 500 Exam Essentials 500 Review Questions 501 Appendix Answers to Review Questions 505 Chapter 1: Risk Management 506 Chapter 2: Configure and Implement Endpoint Security Controls 507 Chapter 3: Security Operations Scenarios 509 Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511 Chapter 5: Compliance and Vendor Risk 513 Chapter 6: Cryptography and PKI 514 Chapter 7: Incident Response and Forensics 516 Chapter 8: Security Architecture 519 Chapter 9: Secure Cloud and Virtualization 522 Chapter 10: Mobility and Emerging Technologies 524 Index 529