CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022)

Preview (31 of 878 Pages)

100%

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 1 preview image

Loading page ...

Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 2 preview image

Loading page ...

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 3 preview image

Loading page ...

Special OfferSave 80% on Premium Edition eBookand Practice TestTheCompTIA Advanced Security Practitioner (CASP+)CAS-004 Premium Edition eBook and Practice Testprovidesthree eBook files (PDF, EPUB, and MOBI/Kindle) to read onyour preferred device and an enhanced edition of the PearsonTest Prep practice test software. You also receive two additionalpractice exams with links for every question mapped to thePDF eBook.See the card insert in the back of the bookfor your Pearson Test Prep activation codeand special offers.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 4 preview image

Loading page ...

CompTIA®AdvancedSecurity Practitioner(CASP+) CAS-004Cert GuideTroy McMillanHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 5 preview image

Loading page ...

CompTIA®Advanced Security Practitioner (CASP+)CAS-004 Cert GuideCopyright © 2023 by Pearson Education, Inc.All rights reserved. No part of this book shall be reproduced, stored ina retrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission fromthe publisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume no respon-sibility for errors or omissions. Nor is any liability assumed for damagesresulting from the use of the information contained herein.ISBN-13: 978-0-13-734895-4ISBN-10: 0-13-734895-9Library of Congress Control Number: 2022933627ScoutAutomatedPrintCodeTrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Pearson IT Certification cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Microsoft and/or its respective suppliers make no representations about thesuitability of the information contained in the documents and related graph-ics published as part of the services for any purpose. All such documents andrelated graphics are provided “as is” without warranty of any kind. Microsoftand/or its respective suppliers hereby disclaim all warranties and conditionswith regard to this information, including all warranties and conditions ofmerchantability, whether express, implied or statutory, fitness for a particularpurpose, title and non-infringement. In no event shall Microsoft and/or itsrespective suppliers be liable for any special, indirect or consequential dam-ages or any damages whatsoever resulting from loss of use, data or profits,whether in an action of contract, negligence or other tortious action, arisingout of or in connection with the use or performance of information availablefrom the services.The documents and related graphics contained herein could includetechnical inaccuracies or typographical errors. Changes are periodicallyadded to the information herein. Microsoft and/or its respective suppli-ers may make improvements and/or changes in the product(s) and/or theprogram(s) described herein at any time. Partial screenshots may be viewedin full within the software version specified.Microsoft®and Windows®are registered trademarks of the MicrosoftCorporation in the U.S.A. and other countries. Screenshots and iconsreprinted with permission from the Microsoft Corporation. This book isnot sponsored or endorsed by or affiliated with the Microsoft Corporation.Editor-in-ChiefMark TaubDirector, ITP ProductManagementBrett BartowExecutive EditorNancy DavisDevelopment EditorEllie BruManaging EditorSandra SchroederSenior Project EditorTonya SimpsonCopy EditorKitty WilsonIndexerTim WrightProofreaderBarbara MackTechnical EditorChris CraytonPublishing CoordinatorCindy TeetersCover DesignerChuti PrasertsithCompositorcodeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 6 preview image

Loading page ...

Warning and DisclaimerEvery effort has been made to make this book as complete and as accurate as possible, but no warranty orfitness is implied. The information provided is on an “as is” basis. The author and the publisher shall haveneither liability nor responsibility to any person or entity with respect to any loss or damages arising fromthe information contained in this book.Special SalesFor information about buying this title in bulk quantities, or for special sales opportunities (which may in-clude electronic versions; custom cover designs; and content particular to your business, training goals, mar-keting focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 7 preview image

Loading page ...

Pearson’s Commitment to Diversity, Equity, andInclusionPearson is dedicated to creating bias-free content that reflects the diversity of alllearners. We embrace the many dimensions of diversity, including but not limitedto race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, andreligious or political beliefs.Education is a powerful force for equity and change in our world. It has the poten-tial to deliver opportunities that improve lives and enable economic mobility. As wework with authors to create content for every product and service, we acknowledgeour responsibility to demonstrate inclusivity and incorporate diverse scholarship sothat everyone can achieve their potential through learning. As the world’s leadinglearning company, we have a duty to help drive change and live up to our purpose tohelp more people create a better life for themselves and to create a better world.Our ambition is to purposefully contribute to a world where■■Everyone has an equitable and lifelong opportunity to succeed throughlearning■■Our educational products and services are inclusive and represent the richdiversity of learners■■Our educational content accurately reflects the histories and experiences of thelearners we serve■■Our educational content prompts deeper discussions with learners andmotivates them to expand their own learning (and worldview)While we work hard to present unbiased content, we want to hear from you aboutany concerns or needs with this Pearson product so that we can investigate andaddress them.Please contact us with concerns about any potential bias at https://www.pearson.com/report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 8 preview image

Loading page ...

vContents at a GlanceIntroductionIPart I: Security ArchitectureCHAPTER 1Ensuring a Secure Network Architecture3CHAPTER 2Determining the Proper Infrastructure Security Design73CHAPTER 3Securely Integrating Software Applications85CHAPTER 4Securing the Enterprise Architecture by Implementing Data SecurityTechniques125CHAPTER 5Providing the Appropriate Authentication and AuthorizationControls149CHAPTER 6Implementing Secure Cloud and Virtualization Solutions185CHAPTER 7Supporting Security Objectives and Requirements with Cryptographyand Public Key Infrastructure (PKI)203CHAPTER 8Managing the Impact of Emerging Technologies on Enterprise Securityand Privacy219Part II: Security OperationsCHAPTER 9Performing Threat Management Activities231CHAPTER 10Analyzing Indicators of Compromise and Formulating an AppropriateResponse251CHAPTER 11Performing Vulnerability Management Activities275CHAPTER 12Using the Appropriate Vulnerability Assessment and PenetrationTesting Methods and Tools293CHAPTER 13Analyzing Vulnerabilities and Recommending Risk Mitigations315CHAPTER 14Using Processes to Reduce Risk347CHAPTER 15Implementing the Appropriate Incident Response367CHAPTER 16Forensic Concepts385CHAPTER 17Forensic Analysis Tools399Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 9 preview image

Loading page ...

viCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuidePart III: Security Engineering and CryptographyCHAPTER 18Applying Secure Configurations to Enterprise Mobility419CHAPTER 19Configuring and Implementing Endpoint Security Controls437CHAPTER 20Security Considerations Impacting Specific Sectors and OperationalTechnologies459CHAPTER 21Cloud Technology’s Impact on Organizational Security477CHAPTER 22Implementing the Appropriate PKI Solution499CHAPTER 23Implementing the Appropriate Cryptographic Protocols andAlgorithms519CHAPTER 24Troubleshooting Issues with Cryptographic Implementations543Part IV: Governance, Risk, and ComplianceCHAPTER 25Applying Appropriate Risk Strategies555CHAPTER 26Managing and Mitigating Vendor Risk607CHAPTER 27The Organizational Impact of Compliance Frameworks and LegalConsiderations625CHAPTER 28Business Continuity and Disaster Recovery Concepts657CHAPTER 29Final Preparation673APPENDIX AAnswers to the Review Questions679Glossary709Index761Online ElementsAPPENDIX BMemory TablesAPPENDIX CMemory Tables Answer KeyAPPENDIX DStudy PlannerGlossaryHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 10 preview image

Loading page ...

ContentsviiTable of ContentsIntroductionIPart I: Security ArchitectureChapter 1Ensuring a Secure Network Architecture3Services3Load Balancer3Intrusion Detection System (IDS)/Network Intrusion Detection System(NIDS)/Wireless Intrusion Detection System (WIDS)3Intrusion Prevention System (IPS)/Network Intrusion PreventionSystem (NIPS)/Wireless Intrusion Prevention System (WIPS)6Web Application Firewall (WAF)6Network Access Control (NAC)8Quarantine/Remediation9Persistent/Volatile or Non-persistent Agent9Agent vs. Agentless9Virtual Private Network (VPN)10Domain Name System Security Extensions (DNSSEC)11Firewall/Unified Threat Management (UTM)/Next-Generation Firewall(NGFW)11Types of Firewalls12Next-Generation Firewalls (NGFWs)14Firewall Placement15Deep Packet Inspection19Network Address Translation (NAT) Gateway19Stateful NAT20Static vs. Dynamic NAT21Internet Gateway21Forward/Transparent Proxy21Reverse Proxy22Distributed Denial-of-Service (DDoS) Protection22Routers22Routing Tables23Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 11 preview image

Loading page ...

viiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideAdditional Route Protection25Mail Security26IMAP26POP27SMTP27Email Spoofing27Spear Phishing28Whaling28Spam28Captured Messages29Disclosure of Information30Malware30Application Programming Interface (API) Gateway/Extensible MarkupLanguage (XML) Gateway30Traffic Mirroring30Switched Port Analyzer (SPAN) Ports31Port Mirroring31Virtual Private Cloud (VPC)32Network Tap32Sensors32Security Information and Event Management (SIEM)33File Integrity Monitoring (FIM)35Simple Network Management Protocol (SNMP) Traps36NetFlow36Data Loss Prevention (DLP)37Antivirus39Segmentation39Microsegmentation40Local Area Network (LAN)/Virtual Local Area Network (VLAN)40Jump Box43Screened Subnet44Data Zones44Staging Environments45Guest Environments45VPC/Virtual Network (VNET)45Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 12 preview image

Loading page ...

ContentsixAvailability Zone46NAC Lists47Policies/Security Groups47Regions49Access Control Lists (ACLs)49Peer-to-Peer49Air Gap49De-perimeterization/Zero Trust49Cloud50Remote Work50Mobile50Outsourcing and Contracting52Wireless/Radio Frequency (RF) Networks53WLAN-802.1153WLAN Standards54WLAN Security56Merging of Networks from Various Organizations58Peering59Cloud to on Premises59Data Sensitivity Levels59Mergers and Acquisitions60Cross-domain61Federation61Directory Services61Software-Defined Networking (SDN)62Open SDN63Hybrid SDN64SDN Overlay64Exam Preparation Tasks66Review All Key Topics66Define Key Terms68Complete Tables and Lists from Memory69Review Questions69Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 13 preview image

Loading page ...

xCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideChapter 2Determining the Proper Infrastructure Security Design73Scalability73Vertically73Horizontally74Resiliency74High Availability/Redundancy74Diversity/Heterogeneity75Course of Action Orchestration75Distributed Allocation76Replication76Clustering76Automation76Autoscaling76Security Orchestration, Automation, and Response (SOAR)77Bootstrapping77Performance77Containerization78Virtualization79Content Delivery Network79Caching80Exam Preparation Tasks81Review All Key Topics81Define Key Terms81Complete Tables and Lists from Memory81Review Questions82Chapter 3Securely Integrating Software Applications85Baseline and Templates85Baselines85Create Benchmarks and Compare to Baselines85Templates86Secure Design Patterns/Types of Web Technologies87Storage Design Patterns87Container APIs88Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 14 preview image

Loading page ...

ContentsxiSecure Coding Standards89CVE90DISA STIG90PA-DSS90Application Vetting Processes90API Management91Middleware91Software Assurance92Sandboxing/Development Environment92Validating Third-Party Libraries93Defined DevOps Pipeline93Code Signing94Interactive Application Security Testing (IAST) vs. Dynamic ApplicationSecurity Testing (DAST) vs. Static Application Security Testing(SAST)95Interactive Application Security Testing (IAST)95Static Application Security Testing (SAST)95Dynamic Application Security Testing (DAST)95Code Analyzers95Fuzzer95Static98Dynamic98Misuse Case Testing99Test Coverage Analysis99Interface Testing100Considerations of Integrating Enterprise Applications100Customer Relationship Management (CRM)100Enterprise Resource Planning (ERP)100Configuration Management Database (CMDB)101Content Management System (CMS)101Integration Enablers101Directory Services101Domain Name System (DNS)101Service-Oriented Architecture (SOA)102Enterprise Service Bus (ESB)103Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 15 preview image

Loading page ...

xiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideIntegrating Security into Development Life Cycle103Formal Methods103Requirements103Fielding104Insertions and Upgrades104Disposal and Reuse104Testing105Validation and Acceptance Testing107Regression107Unit Testing107Development Approaches109SecDevOps109Agile109Spiral111Security Implications of Agile Software Development112Security Implications of the Waterfall Model113Security Implications of the Spiral Model114Versioning114Continuous Integration/Continuous Delivery (CI/CD) Pipelines116Best Practices117Open Web Application Security Project (OWASP)117Proper Hypertext Transfer Protocol (HTTP) Headers117Exam Preparation Tasks119Review All Key Topics119Define Key Terms120Complete Tables and Lists from Memory121Review Questions121Chapter 4Securing the Enterprise Architecture by Implementing Data SecurityTechniques125Data Loss Prevention125Blocking Use of External Media125Print Blocking126Remote Desktop Protocol (RDP) Blocking126Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 16 preview image

Loading page ...

ContentsxiiiClipboard Privacy Controls127Restricted Virtual Desktop Infrastructure (VDI) Implementation128Data Classification Blocking128Data Loss Detection129Watermarking129Digital Rights Management (DRM)129Network Traffic Decryption/Deep Packet Inspection130Network Traffic Analysis130Data Classification, Labeling, and Tagging130Metadata/Attributes130XACML130LDAP131Obfuscation131Tokenization131Scrubbing131Masking132Anonymization132Encrypted vs. Unencrypted132Data Life Cycle132Create132Use133Share133Store133Archive or Destroy133Data Inventory and Mapping133Data Integrity Management134Data Storage, Backup, and Recovery134Redundant Array of Inexpensive Disks (RAID)138Exam Preparation Tasks143Review All Key Topics143Define Key Terms144Complete Tables and Lists from Memory144Review Questions144Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 17 preview image

Loading page ...

xivCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideChapter 5Providing the Appropriate Authentication and AuthorizationControls149Credential Management149Password Repository Application149End-User Password Storage149On Premises vs. Cloud Repository150Hardware Key Manager150Privileged Access Management151Privilege Escalation151Password Policies151Complexity153Length153Character Classes153History154Maximum/Minimum Age154Auditing155Reversable Encryption156Federation156Transitive Trust156OpenID156Security Assertion Markup Language (SAML)157Shibboleth158Access Control159Mandatory Access Control (MAC)160Discretionary Access Control (DAC)160Role-Based Access Control161Rule-Based Access Control161Attribute-Based Access Control161Protocols162Remote Authentication Dial-in User Service (RADIUS)162Terminal Access Controller Access Control System (TACACS)163Diameter164Lightweight Directory Access Protocol (LDAP)164Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 18 preview image

Loading page ...

ContentsxvKerberos165OAuth166802.1X166Extensible Authentication Protocol (EAP)167Multifactor Authentication (MFA)168Knowledge Factors169Ownership Factors169Characteristic Factors170Physiological Characteristics170Behavioral Characteristics171Biometric Considerations1722-Step Verification173In-Band174Out-of-Band174One-Time Password (OTP)175HMAC-Based One-Time Password (HOTP)175Time-Based One-Time Password (TOTP)175Hardware Root of Trust176Single Sign-On (SSO)177JavaScript Object Notation (JSON) Web Token (JWT)178Attestation and Identity Proofing179Exam Preparation Tasks180Review All Key Topics180Define Key Terms181Review Questions181Chapter 6Implementing Secure Cloud and Virtualization Solutions185Virtualization Strategies185Type 1 vs. Type 2 Hypervisors186Type 1 Hypervisor186Type 2 Hypervisor187Containers187Emulation188Application Virtualization189VDI189Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 19 preview image

Loading page ...

xviCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideProvisioning and Deprovisioning189Middleware190Metadata and Tags190Deployment Models and Considerations190Business Directives191Cost191Scalability191Resources191Location191Data Protection192Cloud Deployment Models192Private193Public193Hybrid193Community193Hosting Models193Multitenant193Single-Tenant194Service Models194Software as a Service (SaaS)194Platform as a Service (PaaS)194Infrastructure as a Service (IaaS)195Cloud Provider Limitations196Internet Protocol (IP) Address Scheme196VPC Peering196Extending Appropriate On-premises Controls196Storage Models196Object Storage/File-Based Storage197Database Storage197Block Storage198Blob Storage198Key-Value Pairs198Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 20 preview image

Loading page ...

ContentsxviiExam Preparation Tasks199Review All Key Topics199Define Key Terms199Complete Tables and Lists from Memory200Review Questions200Chapter 7Supporting Security Objectives and Requirements with Cryptographyand Public Key Infrastructure (PKI)203Privacy and Confidentiality Requirements203Integrity Requirements204Non-repudiation204Compliance and Policy Requirements204Common Cryptography Use Cases205Data at Rest205Data in Transit205Data in Process/Data in Use205Protection of Web Services206Embedded Systems206Key Escrow/Management207Mobile Security209Elliptic Curve Cryptography209P256 vs. P384 vs. P512209Secure Authentication209Smart Card209Common PKI Use Cases210Web Services210Email210GNU Privacy Guard (GPG)211Code Signing211Federation211Trust Models212VPN212SSL/TLS212Other Tunneling Protocols213Enterprise and Security Automation/Orchestration213Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 21 preview image

Loading page ...

xviiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideExam Preparation Tasks214Review All Key Topics214Define Key Terms214Complete Tables and Lists from Memory214Review Questions215Chapter 8Managing the Impact of Emerging Technologies on EnterpriseSecurity and Privacy219Artificial Intelligence219Machine Learning220Quantum Computing220Blockchain220Homomorphic Encryption221Secure Multiparty Computation221Private Information Retrieval221Secure Function Evaluation221Private Function Evaluation221Distributed Consensus221Big Data222Virtual/Augmented Reality2233-D Printing224Passwordless Authentication224Nano Technology225Deep Learning225Natural Language Processing225Deep Fakes226Biometric Impersonation226Exam Preparation Tasks227Review All Key Topics227Define Key Terms227Complete Tables and Lists from Memory227Review Questions228Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 22 preview image

Loading page ...

ContentsxixPart II: Security OperationsChapter 9Performing Threat Management Activities231Intelligence Types231Tactical231Commodity Malware231Strategic232Targeted Attacks232Operational232Threat Hunting232Threat Emulation233Actor Types233Advanced Persistent Threat (APT)/Nation-State233Insider Threat234Competitor234Hacktivist234Script Kiddie235Organized Crime235Threat Actor Properties235Resource235Time235Money235Supply Chain Access235Create Vulnerabilities236Capabilities/Sophistication236Identifying Techniques237Intelligence Collection Methods237Intelligence Feeds237Deep Web237Proprietary238Open-Source Intelligence (OSINT)238Social Media238Intelligence Collection Methods239Routing Tables239DNS Records239Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 23 preview image

Loading page ...

xxCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideSearch Engines242Human Intelligence (HUMINT)243Frameworks243MITRE Adversarial Tactics, Techniques, & Common Knowledge(ATT&CK)243ATT&CK for Industrial Control System (ICS)245Diamond Model of Intrusion Analysis245Cyber Kill Chain246Exam Preparation Tasks246Review All Key Topics246Define Key Terms247Complete Tables and Lists from Memory247Review Questions248Chapter 10Analyzing Indicators of Compromise and Formulating an AppropriateResponse251Indicators of Compromise251Packet Capture (PCAP)251Protocol Analyzers252tshark252Logs252Network Logs253Vulnerability Logs254Operating System Logs254Access Logs255NetFlow Logs256Notifications256FIM Alerts257SIEM Alerts257DLP Alerts257IDS/IPS Alerts258Antivirus Alerts259Notification Severity/Priorities260Syslog261Unusual Process Activity263Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 24 preview image

Loading page ...

ContentsxxiResponse265Firewall Rules265IPS/IDS Rules267ACL Rules267Signature Rules267Behavior Rules268DLP Rules268Scripts/Regular Expressions268Exam Preparation Tasks268Review All Key Topics269Define Key Terms269Complete Tables and Lists from Memory270Review Questions270Chapter 11Performing Vulnerability Management Activities275Vulnerability Scans275Credentialed vs. Non-credentialed275Agent-Based/Server-Based276Criticality Ranking277Active vs. Passive278Security Content Automation Protocol (SCAP)278Extensible Configuration Checklist Description Format (XCCDF)278Open Vulnerability and Assessment Language (OVAL)279Common Platform Enumeration (CPE)279Common Vulnerabilities and Exposures (CVE)279Common Vulnerability Scoring System (CVSS)279Common Configuration Enumeration (CCE)282Asset Reporting Format (ARF)282Self-assessment vs. Third-Party Vendor Assessment283Patch Management283Manual Patch Management284Automated Patch Management284Information Sources284Advisories285Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 25 preview image

Loading page ...

xxiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideBulletins286Vendor Websites287Information Sharing and Analysis Centers (ISACs)287News Reports287Exam Preparation Tasks287Review All Key Topics287Define Key Terms288Complete Tables and Lists from Memory288Review Questions288Chapter 12Using the Appropriate Vulnerability Assessment and PenetrationTesting Methods and Tools293Methods293Static Analysis/Dynamic Analysis293Side-Channel Analysis293Reverse Engineering294Software294Hardware294Wireless Vulnerability Scan295Rogue Access Points295Software Composition Analysis296Fuzz Testing296Pivoting297Post-exploitation297Persistence298Tools298SCAP Scanner298Network Traffic Analyzer299Vulnerability Scanner300Protocol Analyzer302Port Scanner302HTTP Interceptor304Exploit Framework304Password Cracker306Dependency Management307Requirements308Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 26 preview image

Loading page ...

ContentsxxiiiScope of Work308Rules of Engagement308Invasive vs. Non-invasive308Asset Inventory308Permissions and Access309Corporate Policy Considerations310Facility Considerations310Physical Security Considerations310Rescan for Corrections/Changes310Exam Preparation Tasks310Review All Key Topics310Define Key Terms311Complete Tables and Lists from Memory312Review Questions312Chapter 13Analyzing Vulnerabilities and Recommending Risk Mitigations315Vulnerabilities315Race Conditions315Overflows315Buffer316Integer318Broken Authentication318Unsecure References319Poor Exception Handling319Security Misconfiguration319Improper Headers320Information Disclosure321Certificate Errors321Weak Cryptography Implementations321Weak Ciphers322Weak Cipher Suite Implementations322Software Composition Analysis322Use of Vulnerable Frameworks and Software Modules323Use of Unsafe Functions323Third-Party Libraries323Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 27 preview image

Loading page ...

xxivCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideDependencies324Code Injections/Malicious Changes324End of Support/End of Life324Regression Issues324Inherently Vulnerable System/Application325Client-Side Processing vs. Server-Side Processing325JSON/Representational State Transfer (REST)326Browser Extensions326Flash327ActiveX327Hypertext Markup Language 5 (HTML5)327Asynchronous JavaScript and XML (AJAX)327Simple Object Access Protocol (SOAP)329Machine Code vs. Bytecode or Interpreted vs. Emulated329Attacks329Directory Traversal330Cross-site Scripting (XSS)331Cross-site Request Forgery (CSRF)331Injection332XML332LDAP335Structured Query Language (SQL)335Command337Process337Sandbox Escape337Virtual Machine (VM) Hopping337VM Escape337Border Gateway Protocol (BGP) Route Hijacking338Interception Attacks339Denial-of-Service (DoS)/DDoS339SYN Flood339Teardrop Attack340Authentication Bypass340Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 28 preview image

Loading page ...

ContentsxxvSocial Engineering340Phishing/Pharming340Shoulder Surfing341Identity Theft341Dumpster Diving341VLAN Hopping341Exam Preparation Tasks341Review All Key Topics341Define Key Terms342Complete Tables and Lists from Memory343Review Questions343Chapter 14Using Processes to Reduce Risk347Proactive and Detection347Hunts347Developing Countermeasures347Deceptive Technologies347Honeynet/Honeypot348Decoy Files348Simulators348Dynamic Network Configurations348Security Data Analytics348Processing Pipelines349Data349Stream349Indexing and Search350Log Collection and Curation350Database Activity Monitoring350Preventive351Antivirus352Immutable Systems352Hardening352Sandbox Detonation352Application Control353License Technologies353Allow List vs. Block List354Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 29 preview image

Loading page ...

xxviCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideTime of Check vs. Time of Use354Atomic Execution355Security Automation355Cron/Scheduled Tasks355Bash356PowerShell357Python357Physical Security358Review of Lighting358Types of Lighting Systems358Types of Lighting359Review of Visitor Logs359Camera Reviews359Open Spaces vs. Confined Spaces361Natural Access Control361Natural Surveillance361Natural Territorial Reinforcement361Exam Preparation Tasks362Review All Key Topics362Define Key Terms362Complete Tables and Lists from Memory363Review Questions363Chapter 15Implementing the Appropriate Incident Response367Event Classifications367False Positive367False Negative367True Positive367True Negative367Triage Event367Preescalation Tasks368Incident Response Process368Preparation369Training369Testing370Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 30 preview image

Loading page ...

ContentsxxviiDetection370Analysis371Containment371Minimize371Isolate371Recovery371Response372Lessons Learned372Specific Response Playbooks/Processes373Scenarios373Ransomware373Data Exfiltration373Social Engineering374Non-automated Response Methods374Automated Response Methods374Runbooks374SOAR375Communication Plan375Stakeholder Management377Legal377Human Resources377Public Relations378Internal and External378Law Enforcement378Senior Leadership379Regulatory Bodies379Exam Preparation Tasks379Review All Key Topics379Define Key Terms380Review Questions380Chapter 16Forensic Concepts385Legal vs. Internal Corporate Purposes385Forensic Process385Identification385Evidence Collection385Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide (2022) - Page 31 preview image

Loading page ...

xxviiiCompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideChain of Custody385Order of Volatility386Memory Snapshots387Images388Cloning388Evidence Preservation388Secure Storage389Backups389Analysis389Media Analysis389Software Analysis390Network Analysis390Hardware/Embedded Device Analysis391Forensics Tools391Verification391Presentation391Integrity Preservation392Hashing392Cryptanalysis394Steganalysis394Exam Preparation Tasks394Review All Key Topics394Define Key Terms395Complete Tables and Lists from Memory395Review Questions395Chapter 17Forensic Analysis Tools399File Carving Tools399Foremost399Strings400Binary Analysis Tools401Hex Dump401Binwalk401Ghidra401GNU Project Debugger (GDB)401Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Preview Mode

This document has 878 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

Company

Explore

Study Tools