Where can buy Comptia® advanced security practitioner (casp+) cas-004 cert guide 3rd edition troy mc

Visit to download the full and correct content document: https://ebookmass.com/product/comptia-advanced-security-practitioner-casp-cas-004 -cert-guide-3rd-edition-troy-mcmillan/

More products digital (pdf, epub, mobi) instant download maybe you interests ...

CompTIA Project+ PK0-005 Cert Guide, 2nd Edition Robin Abernathy & Ann Lang

https://ebookmass.com/product/comptia-project-pk0-005-certguide-2nd-edition-robin-abernathy-ann-lang/

Comptia Security+ Guide to Network Security Fundamentals 7th Edition Mark Ciampa

https://ebookmass.com/product/comptia-security-guide-to-networksecurity-fundamentals-7th-edition-mark-ciampa/

CompTIA® A+ Core 1 (220-1101) and Core 2 (220-1102)

Cert Guide Rick Mcdonald

https://ebookmass.com/product/comptia-a-core-1-220-1101-andcore-2-220-1102-cert-guide-rick-mcdonald/

CompTIA® A+ Core 1 (220-1101) and Core 2 (220-1102)

Cert Guide Rick Mcdonald

https://ebookmass.com/product/comptia-a-core-1-220-1101-andcore-2-220-1102-cert-guide-rick-mcdonald-2/

CompTIA Security+ Certification Study Guide (Exam SY0-601) Glen E. Clarke

https://ebookmass.com/product/comptia-security-certificationstudy-guide-exam-sy0-601-glen-e-clarke/

Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501) Mike Meyers

https://ebookmass.com/product/mike-meyers-comptia-securitycertification-guide-second-edition-exam-sy0-501-mike-meyers/

Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Mike Meyers

https://ebookmass.com/product/mike-meyers-comptia-securitycertification-guide-third-edition-exam-sy0-601-mike-meyers/

CISSP Cert Guide (Certification Guide) 4th Edition

Robin Abernathy

https://ebookmass.com/product/cissp-cert-guide-certificationguide-4th-edition-robin-abernathy/

CompTIA Security+ Get Certified Get Ahead: SY0 501 Study Guide (Ebook PDF)

https://ebookmass.com/product/comptia-security-get-certified-getahead-sy0-501-study-guide-ebook-pdf/

About This eBook

ePUB is an open, industry-standard format for eBooks. However, support of ePUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site.

Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the eBook in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.

CompTIA® Advanced Security Practitioner

(CASP+) CAS-004 Cert Guide

Copyright © 2023 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-13: 978-0-13-734895-4

ISBN-10: 0-13-734895-9

Library of Congress Control Number: 2022933627

Trademarks

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published as part of the services for any purpose. All such documents and related graphics are provided “as is” without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to

this information, including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from the services.

The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time. Partial screenshots may be viewed in full within the software version specified.

Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. Screenshots and icons reprinted with permission from the Microsoft Corporation. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.

Special Sales

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions;

custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419.

For government sales inquiries, please contact governmentsales@pearsoned.com.

For questions about sales outside the U.S., please contact intlcs@pearson.com.

Editor-in-Chief

Mark Taub

Director, ITP Product Management

Brett Bartow

Executive Editor

Nancy Davis

Development Editor

Ellie Bru

Managing Editor

Sandra Schroeder

Senior Project Editor

Tonya Simpson

Copy Editor

Kitty Wilson

Indexer

Tim Wright

Proofreader

Barbara Mack

Technical Editor

Chris Crayton

Publishing Coordinator

Cindy Teeters

Cover Designer

Chuti Prasertsith

Compositor

codeMantra

Pearson’s Commitment to Diversity, Equity, and Inclusion

Pearson is dedicated to creating bias-free content that reflects the diversity of all learners. We embrace the many dimensions of diversity, including but not limited to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and religious or political beliefs.

Education is a powerful force for equity and change in our world. It has the potential to deliver opportunities that improve lives and enable economic mobility. As we work with authors to create content for every product and service, we acknowledge our responsibility to demonstrate inclusivity and incorporate diverse scholarship so that everyone can achieve their potential through learning. As the world’s leading learning company, we have a duty to help drive change and live up to our purpose to help more people create a better life for themselves and to create a better world. Our ambition is to purposefully contribute to a world where

Everyone has an equitable and lifelong opportunity to succeed through learning

Our educational products and services are inclusive and represent the rich diversity of learners

Our educational content accurately reflects the histories and experiences of the learners we serve

Our educational content prompts deeper discussions with learners and motivates them to expand their own learning (and worldview)

While we work hard to present unbiased content, we want to hear from you about any concerns or needs with this Pearson product so

that we can investigate and address them.

Please contact us with concerns about any potential bias at https://www.pearson.com/report-bias.xhtml.

Contents at a Glance

Introduction

Part I: Security Architecture

CHAPTER 1 Ensuring a Secure Network Architecture

CHAPTER 2 Determining the Proper Infrastructure Security Design

CHAPTER 3 Securely Integrating Software Applications

CHAPTER 4 Securing the Enterprise Architecture by Implementing Data Security Techniques

CHAPTER 5 Providing the Appropriate Authentication and Authorization Controls

CHAPTER 6 Implementing Secure Cloud and Virtualization Solutions

CHAPTER 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI)

CHAPTER 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy

Part II: Security Operations

CHAPTER 9 Performing Threat Management Activities

CHAPTER 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response

CHAPTER 11 Performing Vulnerability Management Activities

CHAPTER 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools

CHAPTER 13 Analyzing Vulnerabilities and Recommending Risk Mitigations

CHAPTER 14 Using Processes to Reduce Risk

CHAPTER 15 Implementing the Appropriate Incident Response

CHAPTER 16 Forensic Concepts

CHAPTER 17 Forensic Analysis Tools

Part III: Security Engineering and Cryptography

CHAPTER 18 Applying Secure Configurations to Enterprise Mobility

CHAPTER 19 Configuring and Implementing Endpoint Security Controls

CHAPTER 20 Security Considerations Impacting Specific Sectors and Operational Technologies

CHAPTER 21 Cloud Technology’s Impact on Organizational Security

CHAPTER 22 Implementing the Appropriate PKI Solution

CHAPTER 23 Implementing the Appropriate Cryptographic Protocols and Algorithms

CHAPTER 24 Troubleshooting Issues with Cryptographic Implementations

Part IV: Governance, Risk, and Compliance

CHAPTER 25 Applying Appropriate Risk Strategies

CHAPTER 26 Managing and Mitigating Vendor Risk

CHAPTER 27 The Organizational Impact of Compliance Frameworks and Legal Considerations

CHAPTER 28 Business Continuity and Disaster Recovery Concepts

CHAPTER 29 Final Preparation

APPENDIX A Answers to the Review Questions

Glossary Index

Online Elements

APPENDIX B Memory Tables

APPENDIX C Memory Tables Answer Key

APPENDIX D Study Planner

Glossary

Table of Contents

Introduction

Part I: Security Architecture

Chapter 1 Ensuring a Secure Network Architecture Services

Load Balancer

Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS)

Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS)

Web Application Firewall (WAF)

Network Access Control (NAC)

Quarantine/Remediation

Persistent/VolatileorNon-persistentAgent Agentvs.Agentless

Virtual Private Network (VPN)

Domain Name System Security Extensions (DNSSEC)

Firewall/Unified Threat Management (UTM)/NextGeneration Firewall (NGFW)

TypesofFirewalls

Next-GenerationFirewalls(NGFWs)

FirewallPlacement

DeepPacketInspection

Network Address Translation (NAT) Gateway

StatefulNAT

Staticvs.DynamicNAT

Internet Gateway

Forward/Transparent Proxy

Reverse Proxy

Distributed Denial-of-Service (DDoS) Protection

Routers

RoutingTables

AdditionalRouteProtection

Mail Security

IMAP

POP

SMTP

EmailSpoofing

SpearPhishing

Whaling

Spam

CapturedMessages

DisclosureofInformation

Malware

Application Programming Interface (API)

Gateway/Extensible Markup Language (XML)

Gateway

Traffic Mirroring

SwitchedPortAnalyzer(SPAN)Ports

PortMirroring

VirtualPrivateCloud(VPC)

NetworkTap

Sensors

SecurityInformationandEventManagement(SIEM)

FileIntegrityMonitoring(FIM)

SimpleNetworkManagementProtocol(SNMP)Traps

NetFlow

DataLossPrevention(DLP)

Antivirus

Segmentation

Microsegmentation

Local Area Network (LAN)/Virtual Local Area Network (VLAN)

Jump Box

Screened Subnet

Data Zones

Staging Environments

Guest Environments

VPC/Virtual Network (VNET)

Availability Zone

NAC Lists

Policies/Security Groups

Regions

Access Control Lists (ACLs)

Peer-to-Peer

Air Gap

De-perimeterization/Zero Trust

Cloud

Remote Work

Mobile

Outsourcing and Contracting

Wireless/Radio Frequency (RF) Networks

WLAN-802.11

WLANStandards

WLANSecurity

Merging of Networks from Various Organizations

Peering

Cloud to on Premises

Data Sensitivity Levels

Mergers and Acquisitions

Cross-domain

Federation

Directory Services

Software-Defined Networking (SDN)

Open SDN

Hybrid SDN

SDN Overlay

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 2 Determining the Proper Infrastructure Security

Design

Scalability

Vertically

Horizontally

Resiliency

High Availability/Redundancy

Diversity/Heterogeneity

Course of Action Orchestration

Distributed Allocation

Replication

Clustering

Automation

Autoscaling

Security Orchestration, Automation, and Response (SOAR)

Bootstrapping

Performance

Containerization

Virtualization

Content Delivery Network

Caching

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 3 Securely Integrating Software Applications

Baseline and Templates

Baselines

Create Benchmarks and Compare to Baselines

Templates

Secure Design Patterns/Types of Web Technologies

StorageDesignPatterns

Container APIs

Secure Coding Standards

CVE

DISASTIG

PA-DSS

Application Vetting Processes

API Management

Middleware

Software Assurance

Sandboxing/Development Environment

Validating Third-Party Libraries

Defined DevOps Pipeline

Code Signing

Interactive Application Security Testing (IAST) vs.

Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST)

InteractiveApplicationSecurityTesting(IAST)

StaticApplicationSecurityTesting(SAST)

DynamicApplicationSecurityTesting(DAST)

CodeAnalyzers

Fuzzer

Static

Dynamic

MisuseCaseTesting

TestCoverageAnalysis

InterfaceTesting

Considerations of Integrating Enterprise Applications

Customer Relationship Management (CRM)

Enterprise Resource Planning (ERP)

Configuration Management Database (CMDB)

Content Management System (CMS)

Integration Enablers

DirectoryServices

DomainNameSystem(DNS)

Service-OrientedArchitecture(SOA)

EnterpriseServiceBus(ESB)

Integrating Security into Development Life Cycle

Formal Methods

Requirements

Fielding

Insertions and Upgrades

Disposal and Reuse

Testing

ValidationandAcceptanceTesting

Regression

UnitTesting

Development Approaches

SecDevOps

Agile

Spiral

SecurityImplicationsofAgileSoftwareDevelopment

SecurityImplicationsoftheWaterfallModel

SecurityImplicationsoftheSpiralModel

Versioning

ContinuousIntegration/ContinuousDelivery(CI/CD) Pipelines

Best Practices

OpenWebApplicationSecurityProject(OWASP)

ProperHypertextTransferProtocol(HTTP)Headers

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques

Data Loss Prevention

Blocking Use of External Media

Print Blocking

Remote Desktop Protocol (RDP) Blocking

Clipboard Privacy Controls

Restricted Virtual Desktop Infrastructure (VDI) Implementation

Data Classification Blocking

Data Loss Detection

Watermarking

Digital Rights Management (DRM)

Network Traffic Decryption/Deep Packet Inspection

Network Traffic Analysis

Data Classification, Labeling, and Tagging

Metadata/Attributes

XACML

LDAP

Obfuscation

Tokenization

Scrubbing

Masking

Anonymization

Encrypted vs. Unencrypted

Data Life Cycle

Create Use

Share

Store

Archive or Destroy

Data Inventory and Mapping

Data Integrity Management

Data Storage, Backup, and Recovery

Redundant Array of Inexpensive Disks (RAID)

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 5 Providing the Appropriate Authentication and Authorization Controls

Credential Management

Password Repository Application

End-UserPasswordStorage

OnPremisesvs.CloudRepository

Hardware Key Manager

Privileged Access Management

Privilege Escalation

Password Policies

Complexity

Length

Character Classes

History

Maximum/Minimum Age

Auditing

Reversable Encryption

Federation

Transitive Trust

OpenID

Security Assertion Markup Language (SAML)

Shibboleth

Access Control

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control

Rule-Based Access Control

Attribute-Based Access Control

Protocols

Remote Authentication Dial-in User Service (RADIUS)

Terminal Access Controller Access Control System (TACACS)

Diameter

Lightweight Directory Access Protocol (LDAP)

Kerberos

OAuth

802.1X

Extensible Authentication Protocol (EAP)

Multifactor Authentication (MFA)

Knowledge Factors

Ownership Factors

Characteristic Factors

Physiological Characteristics

Behavioral Characteristics

Biometric Considerations

2-Step Verification

In-Band

Out-of-Band

One-Time Password (OTP)

HMAC-Based One-Time Password (HOTP)

Time-Based One-Time Password (TOTP)

Hardware Root of Trust

Single Sign-On (SSO)

JavaScript Object Notation (JSON) Web Token (JWT)

Attestation and Identity Proofing

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Review Questions

Chapter 6 Implementing Secure Cloud and Virtualization Solutions

Virtualization Strategies

Type 1 vs. Type 2 Hypervisors

Type1Hypervisor

Type2Hypervisor

Containers

Emulation

Application Virtualization

VDI

Provisioning and Deprovisioning

Middleware

Metadata and Tags

Deployment Models and Considerations

Business Directives

Cost

Scalability

Resources

Location

DataProtection

Cloud Deployment Models

Private

Public

Hybrid

Community

Hosting Models

Multitenant

Single-Tenant

Service Models

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Cloud Provider Limitations

Internet Protocol (IP) Address Scheme

VPC Peering

Extending Appropriate On-premises Controls

Storage Models

Object Storage/File-Based Storage

Database Storage

Block Storage

Blob Storage

Key-Value Pairs

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI)

Privacy and Confidentiality Requirements

Integrity Requirements

Non-repudiation

Compliance and Policy Requirements

Common Cryptography Use Cases

Data at Rest

Data in Transit

Data in Process/Data in Use

Protection of Web Services

Embedded Systems

Key Escrow/Management

Mobile Security

EllipticCurveCryptography

P256vs.P384vs.P512

Secure Authentication

Smart Card

Common PKI Use Cases

Web Services

Email

GNUPrivacyGuard(GPG)

Code Signing

Federation

Trust Models

VPN

SSL/TLS

OtherTunnelingProtocols

Enterprise and Security Automation/Orchestration

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy

Artificial Intelligence

Machine Learning

Quantum Computing

Blockchain

Homomorphic Encryption

Secure Multiparty Computation

Private Information Retrieval

Secure Function Evaluation

Private Function Evaluation

Distributed Consensus

Big Data

Virtual/Augmented Reality

3-D Printing

Passwordless Authentication

Nano Technology

Deep Learning

Natural Language Processing

Deep Fakes

Biometric Impersonation

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Part II: Security Operations

Chapter 9 Performing Threat Management Activities

Intelligence Types

Tactical

CommodityMalware

Strategic

TargetedAttacks

Operational

ThreatHunting

ThreatEmulation

Actor Types

Advanced Persistent Threat (APT)/Nation-State

Insider Threat

Competitor

Hacktivist

Script Kiddie

Organized Crime

Threat Actor Properties

Resource

Time

Money

Supply Chain Access

Create Vulnerabilities

Capabilities/Sophistication

Identifying Techniques

Intelligence Collection Methods

Intelligence Feeds

Deep Web

Proprietary

Open-Source Intelligence (OSINT)

SocialMedia

IntelligenceCollectionMethods

RoutingTables

DNSRecords

SearchEngines

Human Intelligence (HUMINT)

Frameworks

MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK)

ATT&CKforIndustrialControlSystem(ICS)

Diamond Model of Intrusion Analysis

Cyber Kill Chain

Exam Preparation Tasks

Review All Key Topics

Define Key Terms

Complete Tables and Lists from Memory

Review Questions

Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response

Indicators of Compromise

Packet Capture (PCAP)

ProtocolAnalyzers

tshark

Logs