CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022)
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) provides real-world examples to reinforce your learning.
Mia Johnson
Contributor
4.8
42
about 2 months ago
Preview (31 of 878)
Sign in to access the full document!
Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Special Offer
Save 80% on Premium Edition eBook
and Practice Test
The CompTIA Advanced Security Practitioner (CASP+)
CAS-004 Premium Edition eBook and Practice Test provides
three eBook files (PDF, EPUB, and MOBI/Kindle) to read on
your preferred device and an enhanced edition of the Pearson
Test Prep practice test software. You also receive two additional
practice exams with links for every question mapped to the
PDF eBook.
See the card insert in the back of the book
for your Pearson Test Prep activation code
and special offers.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Save 80% on Premium Edition eBook
and Practice Test
The CompTIA Advanced Security Practitioner (CASP+)
CAS-004 Premium Edition eBook and Practice Test provides
three eBook files (PDF, EPUB, and MOBI/Kindle) to read on
your preferred device and an enhanced edition of the Pearson
Test Prep practice test software. You also receive two additional
practice exams with links for every question mapped to the
PDF eBook.
See the card insert in the back of the book
for your Pearson Test Prep activation code
and special offers.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
CompTIA® Advanced
Security Practitioner
(CASP+) CAS-004
Cert Guide
Troy McMillanHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Security Practitioner
(CASP+) CAS-004
Cert Guide
Troy McMillanHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 4...
CompTIA® Advanced Security Practitioner (CASP+)
CAS-004 Cert Guide
Copyright © 2023 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in
a retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from
the publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and author assume no respon-
sibility for errors or omissions. Nor is any liability assumed for damages
resulting from the use of the information contained herein.
ISBN-13: 978-0-13-734895-4
ISBN-10: 0-13-734895-9
Library of Congress Control Number: 2022933627
ScoutAutomatedPrintCode
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Pearson IT Certification cannot
attest to the accuracy of this information. Use of a term in this book should
not be regarded as affecting the validity of any trademark or service mark.
Microsoft and/or its respective suppliers make no representations about the
suitability of the information contained in the documents and related graph-
ics published as part of the services for any purpose. All such documents and
related graphics are provided “as is” without warranty of any kind. Microsoft
and/or its respective suppliers hereby disclaim all warranties and conditions
with regard to this information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness for a particular
purpose, title and non-infringement. In no event shall Microsoft and/or its
respective suppliers be liable for any special, indirect or consequential dam-
ages or any damages whatsoever resulting from loss of use, data or profits,
whether in an action of contract, negligence or other tortious action, arising
out of or in connection with the use or performance of information available
from the services.
The documents and related graphics contained herein could include
technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppli-
ers may make improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screenshots may be viewed
in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft
Corporation in the U.S.A. and other countries. Screenshots and icons
reprinted with permission from the Microsoft Corporation. This book is
not sponsored or endorsed by or affiliated with the Microsoft Corporation.
Editor-in-Chief
Mark Taub
Director, ITP Product
Management
Brett Bartow
Executive Editor
Nancy Davis
Development Editor
Ellie Bru
Managing Editor
Sandra Schroeder
Senior Project Editor
Tonya Simpson
Copy Editor
Kitty Wilson
Indexer
Tim Wright
Proofreader
Barbara Mack
Technical Editor
Chris Crayton
Publishing Coordinator
Cindy Teeters
Cover Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
CAS-004 Cert Guide
Copyright © 2023 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in
a retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from
the publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and author assume no respon-
sibility for errors or omissions. Nor is any liability assumed for damages
resulting from the use of the information contained herein.
ISBN-13: 978-0-13-734895-4
ISBN-10: 0-13-734895-9
Library of Congress Control Number: 2022933627
ScoutAutomatedPrintCode
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Pearson IT Certification cannot
attest to the accuracy of this information. Use of a term in this book should
not be regarded as affecting the validity of any trademark or service mark.
Microsoft and/or its respective suppliers make no representations about the
suitability of the information contained in the documents and related graph-
ics published as part of the services for any purpose. All such documents and
related graphics are provided “as is” without warranty of any kind. Microsoft
and/or its respective suppliers hereby disclaim all warranties and conditions
with regard to this information, including all warranties and conditions of
merchantability, whether express, implied or statutory, fitness for a particular
purpose, title and non-infringement. In no event shall Microsoft and/or its
respective suppliers be liable for any special, indirect or consequential dam-
ages or any damages whatsoever resulting from loss of use, data or profits,
whether in an action of contract, negligence or other tortious action, arising
out of or in connection with the use or performance of information available
from the services.
The documents and related graphics contained herein could include
technical inaccuracies or typographical errors. Changes are periodically
added to the information herein. Microsoft and/or its respective suppli-
ers may make improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screenshots may be viewed
in full within the software version specified.
Microsoft® and Windows® are registered trademarks of the Microsoft
Corporation in the U.S.A. and other countries. Screenshots and icons
reprinted with permission from the Microsoft Corporation. This book is
not sponsored or endorsed by or affiliated with the Microsoft Corporation.
Editor-in-Chief
Mark Taub
Director, ITP Product
Management
Brett Bartow
Executive Editor
Nancy Davis
Development Editor
Ellie Bru
Managing Editor
Sandra Schroeder
Senior Project Editor
Tonya Simpson
Copy Editor
Kitty Wilson
Indexer
Tim Wright
Proofreader
Barbara Mack
Technical Editor
Chris Crayton
Publishing Coordinator
Cindy Teeters
Cover Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 5...
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or
fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have
neither liability nor responsibility to any person or entity with respect to any loss or damages arising from
the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may in-
clude electronic versions; custom cover designs; and content particular to your business, training goals, mar-
keting focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.
com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or
fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have
neither liability nor responsibility to any person or entity with respect to any loss or damages arising from
the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may in-
clude electronic versions; custom cover designs; and content particular to your business, training goals, mar-
keting focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.
com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 6...
Pearson’s Commitment to Diversity, Equity, and
Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all
learners. We embrace the many dimensions of diversity, including but not limited
to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and
religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the poten-
tial to deliver opportunities that improve lives and enable economic mobility. As we
work with authors to create content for every product and service, we acknowledge
our responsibility to demonstrate inclusivity and incorporate diverse scholarship so
that everyone can achieve their potential through learning. As the world’s leading
learning company, we have a duty to help drive change and live up to our purpose to
help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
■■ Everyone has an equitable and lifelong opportunity to succeed through
learning
■■ Our educational products and services are inclusive and represent the rich
diversity of learners
■■ Our educational content accurately reflects the histories and experiences of the
learners we serve
■■ Our educational content prompts deeper discussions with learners and
motivates them to expand their own learning (and worldview)
While we work hard to present unbiased content, we want to hear from you about
any concerns or needs with this Pearson product so that we can investigate and
address them.
Please contact us with concerns about any potential bias at https://www.pearson.com/
report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all
learners. We embrace the many dimensions of diversity, including but not limited
to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and
religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the poten-
tial to deliver opportunities that improve lives and enable economic mobility. As we
work with authors to create content for every product and service, we acknowledge
our responsibility to demonstrate inclusivity and incorporate diverse scholarship so
that everyone can achieve their potential through learning. As the world’s leading
learning company, we have a duty to help drive change and live up to our purpose to
help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
■■ Everyone has an equitable and lifelong opportunity to succeed through
learning
■■ Our educational products and services are inclusive and represent the rich
diversity of learners
■■ Our educational content accurately reflects the histories and experiences of the
learners we serve
■■ Our educational content prompts deeper discussions with learners and
motivates them to expand their own learning (and worldview)
While we work hard to present unbiased content, we want to hear from you about
any concerns or needs with this Pearson product so that we can investigate and
address them.
Please contact us with concerns about any potential bias at https://www.pearson.com/
report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 7...
v
Contents at a Glance
Introduction I
Part I: Security Architecture
CHAPTER 1 Ensuring a Secure Network Architecture 3
CHAPTER 2 Determining the Proper Infrastructure Security Design 73
CHAPTER 3 Securely Integrating Software Applications 85
CHAPTER 4 Securing the Enterprise Architecture by Implementing Data Security
Techniques 125
CHAPTER 5 Providing the Appropriate Authentication and Authorization
Controls 149
CHAPTER 6 Implementing Secure Cloud and Virtualization Solutions 185
CHAPTER 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
CHAPTER 8 Managing the Impact of Emerging Technologies on Enterprise Security
and Privacy 219
Part II: Security Operations
CHAPTER 9 Performing Threat Management Activities 231
CHAPTER 10 Analyzing Indicators of Compromise and Formulating an Appropriate
Response 251
CHAPTER 11 Performing Vulnerability Management Activities 275
CHAPTER 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
CHAPTER 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
CHAPTER 14 Using Processes to Reduce Risk 347
CHAPTER 15 Implementing the Appropriate Incident Response 367
CHAPTER 16 Forensic Concepts 385
CHAPTER 17 Forensic Analysis Tools 399Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Contents at a Glance
Introduction I
Part I: Security Architecture
CHAPTER 1 Ensuring a Secure Network Architecture 3
CHAPTER 2 Determining the Proper Infrastructure Security Design 73
CHAPTER 3 Securely Integrating Software Applications 85
CHAPTER 4 Securing the Enterprise Architecture by Implementing Data Security
Techniques 125
CHAPTER 5 Providing the Appropriate Authentication and Authorization
Controls 149
CHAPTER 6 Implementing Secure Cloud and Virtualization Solutions 185
CHAPTER 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
CHAPTER 8 Managing the Impact of Emerging Technologies on Enterprise Security
and Privacy 219
Part II: Security Operations
CHAPTER 9 Performing Threat Management Activities 231
CHAPTER 10 Analyzing Indicators of Compromise and Formulating an Appropriate
Response 251
CHAPTER 11 Performing Vulnerability Management Activities 275
CHAPTER 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
CHAPTER 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
CHAPTER 14 Using Processes to Reduce Risk 347
CHAPTER 15 Implementing the Appropriate Incident Response 367
CHAPTER 16 Forensic Concepts 385
CHAPTER 17 Forensic Analysis Tools 399Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 8...
viCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Part III: Security Engineering and Cryptography
CHAPTER 18 Applying Secure Configurations to Enterprise Mobility 419
CHAPTER 19 Configuring and Implementing Endpoint Security Controls 437
CHAPTER 20 Security Considerations Impacting Specific Sectors and Operational
Technologies 459
CHAPTER 21 Cloud Technology’s Impact on Organizational Security 477
CHAPTER 22 Implementing the Appropriate PKI Solution 499
CHAPTER 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
CHAPTER 24 Troubleshooting Issues with Cryptographic Implementations 543
Part IV: Governance, Risk, and Compliance
CHAPTER 25 Applying Appropriate Risk Strategies 555
CHAPTER 26 Managing and Mitigating Vendor Risk 607
CHAPTER 27 The Organizational Impact of Compliance Frameworks and Legal
Considerations 625
CHAPTER 28 Business Continuity and Disaster Recovery Concepts 657
CHAPTER 29 Final Preparation 673
APPENDIX A Answers to the Review Questions 679
Glossary 709
Index 761
Online Elements
APPENDIX B Memory Tables
APPENDIX C Memory Tables Answer Key
APPENDIX D Study Planner
GlossaryHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Part III: Security Engineering and Cryptography
CHAPTER 18 Applying Secure Configurations to Enterprise Mobility 419
CHAPTER 19 Configuring and Implementing Endpoint Security Controls 437
CHAPTER 20 Security Considerations Impacting Specific Sectors and Operational
Technologies 459
CHAPTER 21 Cloud Technology’s Impact on Organizational Security 477
CHAPTER 22 Implementing the Appropriate PKI Solution 499
CHAPTER 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
CHAPTER 24 Troubleshooting Issues with Cryptographic Implementations 543
Part IV: Governance, Risk, and Compliance
CHAPTER 25 Applying Appropriate Risk Strategies 555
CHAPTER 26 Managing and Mitigating Vendor Risk 607
CHAPTER 27 The Organizational Impact of Compliance Frameworks and Legal
Considerations 625
CHAPTER 28 Business Continuity and Disaster Recovery Concepts 657
CHAPTER 29 Final Preparation 673
APPENDIX A Answers to the Review Questions 679
Glossary 709
Index 761
Online Elements
APPENDIX B Memory Tables
APPENDIX C Memory Tables Answer Key
APPENDIX D Study Planner
GlossaryHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 9...
Contentsvii
Table of Contents
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention
System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Quarantine/Remediation 9
Persistent/Volatile or Non-persistent Agent 9
Agent vs. Agentless 9
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall
(NGFW) 11
Types of Firewalls 12
Next-Generation Firewalls (NGFWs) 14
Firewall Placement 15
Deep Packet Inspection 19
Network Address Translation (NAT) Gateway 19
Stateful NAT 20
Static vs. Dynamic NAT 21
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Routing Tables 23Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Table of Contents
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention
System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Quarantine/Remediation 9
Persistent/Volatile or Non-persistent Agent 9
Agent vs. Agentless 9
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall
(NGFW) 11
Types of Firewalls 12
Next-Generation Firewalls (NGFWs) 14
Firewall Placement 15
Deep Packet Inspection 19
Network Address Translation (NAT) Gateway 19
Stateful NAT 20
Static vs. Dynamic NAT 21
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Routing Tables 23Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 10...
viiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Additional Route Protection 25
Mail Security 26
IMAP 26
POP 27
SMTP 27
Email Spoofing 27
Spear Phishing 28
Whaling 28
Spam 28
Captured Messages 29
Disclosure of Information 30
Malware 30
Application Programming Interface (API) Gateway/Extensible Markup
Language (XML) Gateway 30
Traffic Mirroring 30
Switched Port Analyzer (SPAN) Ports 31
Port Mirroring 31
Virtual Private Cloud (VPC) 32
Network Tap 32
Sensors 32
Security Information and Event Management (SIEM) 33
File Integrity Monitoring (FIM) 35
Simple Network Management Protocol (SNMP) Traps 36
NetFlow 36
Data Loss Prevention (DLP) 37
Antivirus 39
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Additional Route Protection 25
Mail Security 26
IMAP 26
POP 27
SMTP 27
Email Spoofing 27
Spear Phishing 28
Whaling 28
Spam 28
Captured Messages 29
Disclosure of Information 30
Malware 30
Application Programming Interface (API) Gateway/Extensible Markup
Language (XML) Gateway 30
Traffic Mirroring 30
Switched Port Analyzer (SPAN) Ports 31
Port Mirroring 31
Virtual Private Cloud (VPC) 32
Network Tap 32
Sensors 32
Security Information and Event Management (SIEM) 33
File Integrity Monitoring (FIM) 35
Simple Network Management Protocol (SNMP) Traps 36
NetFlow 36
Data Loss Prevention (DLP) 37
Antivirus 39
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 11...
Contentsix
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
WLAN-802.11 53
WLAN Standards 54
WLAN Security 56
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Review All Key Topics 66
Define Key Terms 68
Complete Tables and Lists from Memory 69
Review Questions 69Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
WLAN-802.11 53
WLAN Standards 54
WLAN Security 56
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Review All Key Topics 66
Define Key Terms 68
Complete Tables and Lists from Memory 69
Review Questions 69Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 12...
xCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Review All Key Topics 81
Define Key Terms 81
Complete Tables and Lists from Memory 81
Review Questions 82
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Storage Design Patterns 87
Container APIs 88Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Review All Key Topics 81
Define Key Terms 81
Complete Tables and Lists from Memory 81
Review Questions 82
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Storage Design Patterns 87
Container APIs 88Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 13...
Contentsxi
Secure Coding Standards 89
CVE 90
DISA STIG 90
PA-DSS 90
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing
(SAST) 95
Interactive Application Security Testing (IAST) 95
Static Application Security Testing (SAST) 95
Dynamic Application Security Testing (DAST) 95
Code Analyzers 95
Fuzzer 95
Static 98
Dynamic 98
Misuse Case Testing 99
Test Coverage Analysis 99
Interface Testing 100
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Directory Services 101
Domain Name System (DNS) 101
Service-Oriented Architecture (SOA) 102
Enterprise Service Bus (ESB) 103Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Secure Coding Standards 89
CVE 90
DISA STIG 90
PA-DSS 90
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing
(SAST) 95
Interactive Application Security Testing (IAST) 95
Static Application Security Testing (SAST) 95
Dynamic Application Security Testing (DAST) 95
Code Analyzers 95
Fuzzer 95
Static 98
Dynamic 98
Misuse Case Testing 99
Test Coverage Analysis 99
Interface Testing 100
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Directory Services 101
Domain Name System (DNS) 101
Service-Oriented Architecture (SOA) 102
Enterprise Service Bus (ESB) 103Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 14...
xiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Validation and Acceptance Testing 107
Regression 107
Unit Testing 107
Development Approaches 109
SecDevOps 109
Agile 109
Spiral 111
Security Implications of Agile Software Development 112
Security Implications of the Waterfall Model 113
Security Implications of the Spiral Model 114
Versioning 114
Continuous Integration/Continuous Delivery (CI/CD) Pipelines 116
Best Practices 117
Open Web Application Security Project (OWASP) 117
Proper Hypertext Transfer Protocol (HTTP) Headers 117
Exam Preparation Tasks 119
Review All Key Topics 119
Define Key Terms 120
Complete Tables and Lists from Memory 121
Review Questions 121
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security
Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Validation and Acceptance Testing 107
Regression 107
Unit Testing 107
Development Approaches 109
SecDevOps 109
Agile 109
Spiral 111
Security Implications of Agile Software Development 112
Security Implications of the Waterfall Model 113
Security Implications of the Spiral Model 114
Versioning 114
Continuous Integration/Continuous Delivery (CI/CD) Pipelines 116
Best Practices 117
Open Web Application Security Project (OWASP) 117
Proper Hypertext Transfer Protocol (HTTP) Headers 117
Exam Preparation Tasks 119
Review All Key Topics 119
Define Key Terms 120
Complete Tables and Lists from Memory 121
Review Questions 121
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security
Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 15...
Contentsxiii
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
XACML 130
LDAP 131
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Review All Key Topics 143
Define Key Terms 144
Complete Tables and Lists from Memory 144
Review Questions 144Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
XACML 130
LDAP 131
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Review All Key Topics 143
Define Key Terms 144
Complete Tables and Lists from Memory 144
Review Questions 144Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 16...
xivCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
End-User Password Storage 149
On Premises vs. Cloud Repository 150
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
End-User Password Storage 149
On Premises vs. Cloud Repository 150
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 17...
Contentsxv
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Review All Key Topics 180
Define Key Terms 181
Review Questions 181
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Type 1 Hypervisor 186
Type 2 Hypervisor 187
Containers 187
Emulation 188
Application Virtualization 189
VDI 189Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Review All Key Topics 180
Define Key Terms 181
Review Questions 181
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Type 1 Hypervisor 186
Type 2 Hypervisor 187
Containers 187
Emulation 188
Application Virtualization 189
VDI 189Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 18...
xviCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cost 191
Scalability 191
Resources 191
Location 191
Data Protection 192
Cloud Deployment Models 192
Private 193
Public 193
Hybrid 193
Community 193
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cost 191
Scalability 191
Resources 191
Location 191
Data Protection 192
Cloud Deployment Models 192
Private 193
Public 193
Hybrid 193
Community 193
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 19...
Contentsxvii
Exam Preparation Tasks 199
Review All Key Topics 199
Define Key Terms 199
Complete Tables and Lists from Memory 200
Review Questions 200
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Elliptic Curve Cryptography 209
P256 vs. P384 vs. P512 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
GNU Privacy Guard (GPG) 211
Code Signing 211
Federation 211
Trust Models 212
VPN 212
SSL/TLS 212
Other Tunneling Protocols 213
Enterprise and Security Automation/Orchestration 213Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Exam Preparation Tasks 199
Review All Key Topics 199
Define Key Terms 199
Complete Tables and Lists from Memory 200
Review Questions 200
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Elliptic Curve Cryptography 209
P256 vs. P384 vs. P512 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
GNU Privacy Guard (GPG) 211
Code Signing 211
Federation 211
Trust Models 212
VPN 212
SSL/TLS 212
Other Tunneling Protocols 213
Enterprise and Security Automation/Orchestration 213Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 20...
xviiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Exam Preparation Tasks 214
Review All Key Topics 214
Define Key Terms 214
Complete Tables and Lists from Memory 214
Review Questions 215
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Review All Key Topics 227
Define Key Terms 227
Complete Tables and Lists from Memory 227
Review Questions 228Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Exam Preparation Tasks 214
Review All Key Topics 214
Define Key Terms 214
Complete Tables and Lists from Memory 214
Review Questions 215
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Review All Key Topics 227
Define Key Terms 227
Complete Tables and Lists from Memory 227
Review Questions 228Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 21...
Contentsxix
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Commodity Malware 231
Strategic 232
Targeted Attacks 232
Operational 232
Threat Hunting 232
Threat Emulation 233
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Time 235
Money 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Social Media 238
Intelligence Collection Methods 239
Routing Tables 239
DNS Records 239Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Commodity Malware 231
Strategic 232
Targeted Attacks 232
Operational 232
Threat Hunting 232
Threat Emulation 233
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Time 235
Money 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Social Media 238
Intelligence Collection Methods 239
Routing Tables 239
DNS Records 239Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 22...
xxCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Search Engines 242
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge
(ATT&CK) 243
ATT&CK for Industrial Control System (ICS) 245
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Review All Key Topics 246
Define Key Terms 247
Complete Tables and Lists from Memory 247
Review Questions 248
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate
Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Protocol Analyzers 252
tshark 252
Logs 252
Network Logs 253
Vulnerability Logs 254
Operating System Logs 254
Access Logs 255
NetFlow Logs 256
Notifications 256
FIM Alerts 257
SIEM Alerts 257
DLP Alerts 257
IDS/IPS Alerts 258
Antivirus Alerts 259
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Search Engines 242
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge
(ATT&CK) 243
ATT&CK for Industrial Control System (ICS) 245
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Review All Key Topics 246
Define Key Terms 247
Complete Tables and Lists from Memory 247
Review Questions 248
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate
Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Protocol Analyzers 252
tshark 252
Logs 252
Network Logs 253
Vulnerability Logs 254
Operating System Logs 254
Access Logs 255
NetFlow Logs 256
Notifications 256
FIM Alerts 257
SIEM Alerts 257
DLP Alerts 257
IDS/IPS Alerts 258
Antivirus Alerts 259
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 23...
Contentsxxi
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Review All Key Topics 269
Define Key Terms 269
Complete Tables and Lists from Memory 270
Review Questions 270
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Review All Key Topics 269
Define Key Terms 269
Complete Tables and Lists from Memory 270
Review Questions 270
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 24...
xxiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Review All Key Topics 287
Define Key Terms 288
Complete Tables and Lists from Memory 288
Review Questions 288
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Software 294
Hardware 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Review All Key Topics 287
Define Key Terms 288
Complete Tables and Lists from Memory 288
Review Questions 288
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Software 294
Hardware 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 25...
Contentsxxiii
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Review All Key Topics 310
Define Key Terms 311
Complete Tables and Lists from Memory 312
Review Questions 312
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Buffer 316
Integer 318
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Review All Key Topics 310
Define Key Terms 311
Complete Tables and Lists from Memory 312
Review Questions 312
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Buffer 316
Integer 318
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 26...
xxivCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Dependencies 324
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Flash 327
ActiveX 327
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
XML 332
LDAP 335
Structured Query Language (SQL) 335
Command 337
Process 337
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
SYN Flood 339
Teardrop Attack 340
Authentication Bypass 340Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Dependencies 324
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Flash 327
ActiveX 327
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
XML 332
LDAP 335
Structured Query Language (SQL) 335
Command 337
Process 337
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
SYN Flood 339
Teardrop Attack 340
Authentication Bypass 340Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 27...
Contentsxxv
Social Engineering 340
Phishing/Pharming 340
Shoulder Surfing 341
Identity Theft 341
Dumpster Diving 341
VLAN Hopping 341
Exam Preparation Tasks 341
Review All Key Topics 341
Define Key Terms 342
Complete Tables and Lists from Memory 343
Review Questions 343
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Honeynet/Honeypot 348
Decoy Files 348
Simulators 348
Dynamic Network Configurations 348
Security Data Analytics 348
Processing Pipelines 349
Data 349
Stream 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Social Engineering 340
Phishing/Pharming 340
Shoulder Surfing 341
Identity Theft 341
Dumpster Diving 341
VLAN Hopping 341
Exam Preparation Tasks 341
Review All Key Topics 341
Define Key Terms 342
Complete Tables and Lists from Memory 343
Review Questions 343
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Honeynet/Honeypot 348
Decoy Files 348
Simulators 348
Dynamic Network Configurations 348
Security Data Analytics 348
Processing Pipelines 349
Data 349
Stream 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 28...
xxviCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Types of Lighting Systems 358
Types of Lighting 359
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Natural Access Control 361
Natural Surveillance 361
Natural Territorial Reinforcement 361
Exam Preparation Tasks 362
Review All Key Topics 362
Define Key Terms 362
Complete Tables and Lists from Memory 363
Review Questions 363
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Types of Lighting Systems 358
Types of Lighting 359
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Natural Access Control 361
Natural Surveillance 361
Natural Territorial Reinforcement 361
Exam Preparation Tasks 362
Review All Key Topics 362
Define Key Terms 362
Complete Tables and Lists from Memory 363
Review Questions 363
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 29...
Contentsxxvii
Detection 370
Analysis 371
Containment 371
Minimize 371
Isolate 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Ransomware 373
Data Exfiltration 373
Social Engineering 374
Non-automated Response Methods 374
Automated Response Methods 374
Runbooks 374
SOAR 375
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Law Enforcement 378
Senior Leadership 379
Regulatory Bodies 379
Exam Preparation Tasks 379
Review All Key Topics 379
Define Key Terms 380
Review Questions 380
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Detection 370
Analysis 371
Containment 371
Minimize 371
Isolate 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Ransomware 373
Data Exfiltration 373
Social Engineering 374
Non-automated Response Methods 374
Automated Response Methods 374
Runbooks 374
SOAR 375
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Law Enforcement 378
Senior Leadership 379
Regulatory Bodies 379
Exam Preparation Tasks 379
Review All Key Topics 379
Define Key Terms 380
Review Questions 380
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 30...
xxviiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Chain of Custody 385
Order of Volatility 386
Memory Snapshots 387
Images 388
Cloning 388
Evidence Preservation 388
Secure Storage 389
Backups 389
Analysis 389
Media Analysis 389
Software Analysis 390
Network Analysis 390
Hardware/Embedded Device Analysis 391
Forensics Tools 391
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Review All Key Topics 394
Define Key Terms 395
Complete Tables and Lists from Memory 395
Review Questions 395
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Chain of Custody 385
Order of Volatility 386
Memory Snapshots 387
Images 388
Cloning 388
Evidence Preservation 388
Secure Storage 389
Backups 389
Analysis 389
Media Analysis 389
Software Analysis 390
Network Analysis 390
Hardware/Embedded Device Analysis 391
Forensics Tools 391
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Review All Key Topics 394
Define Key Terms 395
Complete Tables and Lists from Memory 395
Review Questions 395
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 31...
30 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
AI Assistant
Document Details
Subject
CompTIA Certifications