Casp+ Comptia Advanced Security Practitioner Study Guide: Exam Cas-004 (Paperback, 4)

Introduction xxv

Assessment Test xxxv

Chapter 1 Risk Management 1

Risk Terminology 4

The Risk Assessment Process 6

Asset Identification 6

Information Classification 8

Risk Assessment 9

Risk Assessment Options 14

Implementing Controls 16

Policies Used to Manage Employees 17

Pre-Employment Policies 18

Employment Policies 18

End of Employment and Termination Procedures 20

Cost-Benefit Analysis 21

Continuous Monitoring 22

Enterprise Security Architecture Frameworks and Governance 23

Training and Awareness for Users 24

Best Practices for Risk Assessments 25

Business Continuity Planning and Disaster Recovery 27

Reviewing the Effectiveness of Existing Security Controls 28

Conducting Lessons Learned and After-Action Reviews 30

Creation, Collection, and Analysis of Metrics 31

Metrics 31

Trend Data 32

Analyzing Security Solutions to Ensure They Meet Business Needs 32

Testing Plans 33

Internal and External Audits 34

Using Judgment to Solve Difficult Problems 35

Summary 35

Exam Essentials 36

Review Questions 38

Chapter 2 Configure and Implement Endpoint Security Controls 43

Hardening Techniques 45

Address Space Layout Randomization Use 47

Hardware Security Module and Trusted Platform Module 48

Trusted Operating Systems 52

Compensating Controls 55

Summary 57

Exam Essentials 58

Review Questions 59

Chapter 3 Security Operations Scenarios 63

Threat Management 66

Types of Intelligence 66

Threat Hunting 67

Threat Emulation 67

Actor Types 67

Intelligence Collection Methods 71

Open-Source

Intelligence 71

Human Intelligence and Social Engineering 73

Frameworks 74

MITRE Adversarial Tactics, Techniques and Common Knowledge 74

ATT&CK for Industrial Control Systems 75

Cyber Kill Chain 76

Diamond Model of Intrusion Analysis 76

Indicators of Compromise 77

Reading the Logs 77

Intrusion Detection and Prevention 78

Notifications and Responses to IoCs 79

Response 80

Summary 85

Exam Essentials 85

Review Questions 86

Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91

Terminology 97

Vulnerability Management 98

Security Content Automation Protocol 103

Self-Assessment vs. Third-Party Vendor Assessment 105

Patch Management 108

Information Sources 110

Tools 112

Assessments 124

Penetration Testing 129

Assessment Types 131

Vulnerabilities 134

Buffer Overflow 134

Integer Overflow 135

Memory Leaks 136

Race Conditions (TOC/TOU) 136

Resource Exhaustion 137

Data Remnants 138

Use of Third-Party Libraries 138

Code Reuse 138

Cryptographic Vulnerabilities 138

Broken Authentication 139

Security Misconfiguration 140

Inherently Vulnerable System/Application 140

Client-Side Processing vs. Server-Side Processing 141

Attacks 145

Proactive Detection 153

Incident Response 153

Countermeasures 153

Deceptive Technology 154

USB Key Drops 155

Simulation 155

Security Data Analytics 155

Application Control 156

Allow and Block Lists 157

Security Automation 157

Physical Security 158

Summary 159

Exam Essentials 160

Review Questions 161

Chapter 5 Compliance and Vendor Risk 165

Shared Responsibility in Cloud Computing 168

Cloud Service/Infrastructure Models 169

Cloud Computing Providers and Hosting Options 169

Benefits of Cloud Computing 171

Security of On-Demand/Elastic Cloud Computing 174

Geographic Location 175

Infrastructure 175

Compute 175

Storage 175

Networking 176

Managing and Mitigating Risk 182

Security Concerns of Integrating Diverse Industries 185

Regulations, Accreditations, and Standards 187

PCI DSS 187

GDPR 190

ISO 192

CMMI 193

NIST 194

COPPA 195

CSA-STAR 196

HIPAA, SOX, and GLBA 197

Contract and Agreement Types 198

Third-Party Attestation of Compliance 202

Legal Considerations 203

Summary 204

Exam Essentials 205

Review Questions 206

Chapter 6 Cryptography and PKI 211

The History of Cryptography 216

Cryptographic Goals and Requirements 217

Supporting Security Requirements 218

Compliance and Policy Requirements 219

Privacy and Confidentiality Requirements 219

Integrity Requirements 220

Nonrepudiation 220

Risks with Data 221

Data at Rest 221

Data in Transit 222

Data in Process/Data in Use 222

Hashing 223

Message Digest 225

Secure Hash Algorithm 225

Message Authentication Code 226

Hashed Message Authentication Code 226

RACE Integrity Primitives Evaluation Message Digest 226

Poly1305 226

Symmetric Algorithms 227

Data Encryption Standard 230

Triple DES 231

Rijndael and the Advanced Encryption Standard 231

ChaCha 232

Salsa20 232

International Data Encryption Algorithm 232

Rivest Cipher Algorithms 233

Counter Mode 233

Asymmetric Encryption 233

Diffie–Hellman 235

RSA 236

Elliptic Curve Cryptography 237

ElGamal 238

Hybrid Encryption and Electronic Data Exchange (EDI) 238

Public Key Infrastructure Hierarchy 239

Certificate Authority 240

Registration Authority 241

Digital Certificates 241

Certificate Revocation List 243

Certificate Types 243

Certificate Distribution 244

The Client’s Role in PKI 245

Implementation of Cryptographic Solutions 247

Application Layer Encryption 248

Transport Layer Encryption 249

Internet Layer Controls 250

Additional Authentication Protocols 251

Cryptocurrency 252

Digital Signatures 252

Recognizing Cryptographic Attacks 254

Troubleshooting Cryptographic Implementations 256

Summary 259

Exam Essentials 259

Review Questions 261

Chapter 7 Incident Response and Forensics 265

The Incident Response Framework 268

Event Classifications 268

Triage Events 269

Pre-Escalation Tasks 270

The Incident Response Process 270

Response Playbooks and Processes 273

Communication Plan and Stakeholder Management 274

Forensic Concepts 277

Principles, Standards, and Practices 278

The Forensic Process 279

Forensic Analysis Tools 283

File Carving Tools 284

Binary Analysis Tools 284

Analysis Tools 286

Imaging Tools 288

Hashing Utilities 289

Live Collection vs. Postmortem Tools 290

Summary 294

Exam Essentials 294

Review Questions 295

Chapter 8 Security Architecture 301

Security Requirements and Objectives for a Secure Network Architecture 310

Services 310

Segmentation 334

Deperimeterization/Zero Trust 344

Merging Networks from Various Organizations 352

Software-Defined Networking 357

Organizational Requirements for Infrastructure Security Design 358

Scalability 358

Resiliency 359

Automation 359

Containerization 360

Virtualization 361

Content Delivery Network 361

Integrating Applications Securely into an Enterprise Architecture 362

Baseline and Templates 362

Software Assurance 367

Considerations of Integrating Enterprise Applications 370

Integrating Security into the Development Life Cycle 373

Data Security Techniques for Securing Enterprise Architecture 384

Data Loss Prevention 384

Data Loss Detection 387

Data Classification, Labeling, and Tagging 388

Obfuscation 390

Anonymization 390

Encrypted vs. Unencrypted 390

Data Life Cycle 391

Data Inventory and Mapping 391

Data Integrity Management 391

Data Storage, Backup, and Recovery 392

Security Requirements and Objectives for Authentication and Authorization Controls 394

Credential Management 394

Password Policies 396

Federation 398

Access Control 399

Protocols 401

Multifactor Authentication 403

One-Time Passwords 404

Hardware Root of Trust 404

Single Sign-On 405

JavaScript Object Notation Web Token 405

Attestation and Identity Proofing 406

Summary 406

Exam Essentials 407

Review Questions 410

Chapter 9 Secure Cloud and Virtualization 415

Implement Secure Cloud and Virtualization Solutions 418

Virtualization Strategies 419

Deployment Models and Considerations 425

Service Models 429

Cloud Provider Limitations 433

Extending Appropriate On-Premises Controls 433

Storage Models 439

How Cloud Technology Adoption Impacts Organization Security 445

Automation and Orchestration 445

Encryption Configuration 445

Logs 446

Monitoring Configurations 447

Key Ownership and Location 448

Key Life-Cycle Management 448

Backup and Recovery Methods 449

Infrastructure vs. Serverless Computing 450

Software-Defined Networking 450

Misconfigurations 451

Collaboration Tools 451

Bit Splitting 461

Data Dispersion 461

Summary 461

Exam Essentials 462

Review Questions 463

Chapter 10 Mobility and Emerging Technologies 467

Emerging Technologies and Their Impact on Enterprise Security and Privacy 471

Artificial Intelligence 472

Machine Learning 472

Deep Learning 472

Quantum Computing 473

Blockchain 473

Homomorphic Encryption 474

Distributed Consensus 475

Big Data 475

Virtual/Augmented Reality 475

3D Printing 476

Passwordless Authentication 476

Nano Technology 477

Biometric Impersonation 477

Secure Enterprise Mobility Configurations 478

Managed Configurations 479

Deployment Scenarios 486

Mobile Device Security Considerations 487

Security Considerations for Technologies, Protocols, and Sectors 495

Embedded Technologies 495

ICS/Supervisory Control and Data Acquisition 496

Protocols 498

Sectors 499

Summary 500

Exam Essentials 500

Review Questions 501

Appendix Answers to Review Questions 505

Chapter 1: Risk Management 506

Chapter 2: Configure and Implement Endpoint Security Controls 507

Chapter 3: Security Operations Scenarios 509

Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511

Chapter 5: Compliance and Vendor Risk 513

Chapter 6: Cryptography and PKI 514

Chapter 7: Incident Response and Forensics 516

Chapter 8: Security Architecture 519

Chapter 9: Secure Cloud and Virtualization 522

Chapter 10: Mobility and Emerging Technologies 524

Index 529