Home Page Icon
Home Page
Table of Contents for
Images
Close
Images
by Troy McMillan, Robin Abernathy
CompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide
About This eBook
Title Page
Copyright Page
Contents at a Glance
Table of Contents
About the Authors
Acknowledgments
About the Reviewers
Reader Services
CompTIA®
About the Book
Goals and Methods
Who Should Read This Book?
Strategies for Exam Preparation
CompTIA CASP Exam Topics
How This Book Is Organized
Pearson IT Certification Practice Test Engine and Questions on the Disc
Install the Software from the Disc
Activate and Download the Practice Exam
Activating Other Exams
Premium Edition
Introduction. The CASP Exam
The Goals of the CASP Certification
Sponsoring Bodies
Other Security Exams
Stated Goals
The Value of the CASP Certification
To the Security Professional
Department of Defense Directive 8570 (DoDD 8570)
To the Enterprise
CASP Exam Objectives
1.0 Enterprise Security
2.0 Risk Management and Incident Response
3.0 Research, Analysis and Assessment
4.0 Integration of Computing, Communications and Business Disciplines
5.0 Technical Integration of Enterprise Components
Steps to Becoming a CASP
Qualifying for the Exam
Signing up for the Exam
About the Exam
CompTIA Authorized Materials Use Policy
Part I: Enterprise Security
Chapter 1. Cryptographic Concepts and Techniques
Foundation Topics
Cryptographic Techniques
Cryptographic Concepts
Cryptographic Implementations
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 2. Enterprise Storage
Foundation Topics
Storage Types
Storage Protocols
Secure Storage Management
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 3. Network and Security Components, Concepts, and Architectures
Foundation Topics
Advanced Network Design (Wired/Wireless)
Security Devices
Networking Devices
Virtual Networking and Security Components
Complex Network Security Solutions for Data Flow
Secure Configuration and Baselining of Networking and Security Components
Software-Defined Networking
Cloud-Managed Networks
Network Management and Monitoring Tools
Advanced Configuration of Routers, Switches, and Other Network Devices
Security Zones
Network Access Control
Operational and Consumer Network-Enabled Devices
Critical Infrastructure/Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS)
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 4. Security Controls for Hosts
Foundation Topics
Trusted OS
Endpoint Security Software
Host Hardening
Security Advantages and Disadvantages of Virtualizing Servers
Cloud-Augmented Security Services
Boot Loader Protections
Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
Virtual Desktop Infrastructure (VDI)
Terminal Services/Application Delivery Services
Trusted Platform Module (TPM)
Virtual TPM (VTPM)
Hardware Security Module (HSM)
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 5. Application Vulnerabilities and Security Controls
Foundation Topics
Web Application Security Design Considerations
Specific Application Issues
Application Sandboxing
Application Security Frameworks
Secure Coding Standards
Software Development Methods
Database Activity Monitoring (DAM)
Web Application Firewalls (WAF)
Client-Side Processing Versus Server-Side Processing
Exam Preparation Tasks
Review All Key Topics
Review Questions
Part II: Risk Management and Incident Response
Chapter 6. Business Influences and Associated Security Risks
Foundation Topics
Risk Management of New Products, New Technologies, and User Behaviors
New or Changing Business Models/Strategies
Security Concerns of Integrating Diverse Industries
Ensuring That Third-Party Providers Have Requisite Levels of Information Security
Internal and External Influences
Impact of De-perimiterization
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 7. Risk Mitigation Planning, Strategies, and Controls
Foundation Topics
Classify Information Types into Levels of CIA Based on Organization/Industry
Incorporate Stakeholder Input into CIA Decisions
Implement Technical Controls Based on CIA Requirements and Policies of the Organization
Determine the Aggregate CIA Score
Extreme Scenario/Worst-Case Scenario Planning
Determine Minimum Required Security Controls Based on Aggregate Score
Conduct System-Specific Risk Analysis
Make Risk Determination
Recommend Which Strategy Should be Applied Based on Risk Appetite
Risk Management Processes
Enterprise Security Architecture Frameworks
Continuous Improvement/Monitoring
Business Continuity Planning
IT Governance
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 8. Security, Privacy Policies, and Procedures
Foundation Topics
Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
Use Common Business Documents to Support Security
Use General Privacy Principles for Sensitive Information (PII)
Support the Development of Various Policies
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 9. Incident Response and Recovery Procedures
Foundation Topics
E-Discovery
Data Breach
Design Systems to Facilitate Incident Response
Incident and Emergency Response
Exam Preparation Tasks
Review All Key Topics
Review Questions
Part III: Research, Analysis, and Assessment
Chapter 10. Industry Trends
Foundation Topics
Perform Ongoing Research
Situational Awareness
Vulnerability Management Systems
Advanced Persistent Threats
Zero-Day Mitigating Controls and Remediation
Emergent Threats and Issues
Research Security Implications of New Business Tools
Global IA Industry/Community
Research Security Requirements for Contracts
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 11. Securing the Enterprise
Foundation Topics
Create Benchmarks and Compare to Baselines
Prototype and Test Multiple Solutions
Cost/Benefit Analysis
Metrics Collection and Analysis
Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
Review Effectiveness of Existing Security Controls
Reverse Engineer/Deconstruct Existing Solutions
Analyze Security Solution Attributes to Ensure They Meet Business Needs
Conduct a Lessons-Learned/After-Action Report
Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 12. Assessment Tools and Methods
Foundation Topics
Assessment Tool Types
Assessment Methods
Exam Preparation Tasks
Review All Key Topics
Review Questions
Part IV: Integration of Computing, Communications, and Business Disciplines
Chapter 13. Business Unit Collaboration
Foundation Topics
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
Provide Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls
Establish Effective Collaboration within Teams to Implement Secure Solutions
IT Governance
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 14. Secure Communication and Collaboration
Foundation Topics
Security of Unified Collaboration Tools
Remote Access
Mobile Device Management
Over-the-Air Technologies Concerns
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 15. Security Across the Technology Life Cycle
Foundation Topics
End-to-End Solution Ownership
Systems Development Life Cycle (SDLC)
Adapt Solutions to Address Emerging Threats and Security Trends
Asset Management (Inventory Control)
Exam Preparation Tasks
Review All Key Topics
Review Questions
Part V: Technical Integration of Enterprise Components
Chapter 16. Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture
Foundation Topics
Secure Data Flows to Meet Changing Business Needs
Standards
Interoperability Issues
Technical Deployment Models
Logical and Physical Deployment Diagrams of Relevant Devices
Secure Infrastructure Design
Storage Integration (Security Considerations)
Enterprise Application Integration Enablers
Exam Preparation Tasks
Review All Key Topics
Review Questions
Chapter 17. Authentication and Authorization Technologies
Foundation Topics
Authentication
Authorization
Attestation
Identity Propagation
Federation
Advanced Trust Models
Exam Preparation Tasks
Review All Key Topics
Review Questions
Part VI: Appendixes
Appendix A. Answers
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Appendix B. CASP CAS-002 Exam Updates
Always Get the Latest at the Companion Website
Technical Content
Glossary
Index
Appendix C. Memory Tables
Chapter 1
Chapter 7
Appendix D. Memory Tables Answer Key
Chapter 1
Chapter 7
Practice Exam 1
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 17: Secure Communication and Collaboration
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Practice Exam 2
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 17: Secure Communication and Collaboration
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Practice Exam 3
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 1: Cryptographic Concepts and Techniques
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 7: Risk Mitigation Planning, Strategies, and Controls
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 8: Security, Privacy Policies, and Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 9: Incident Response and Recovery Procedures
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 10: Industry Trends
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 11: Securing the Enterprise
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 13: Business Unit Collaboration
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 15: Security Across the Technology Life Cycle
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 16: Host, Storage, Network, and Application Integration Into a Secure Enterprise Architecture
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 2: Enterprise Storage
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 3: Network and Security Components, Concepts, and Architectures
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 4: Security Controls for Hosts
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 5: Application Vulnerabilities and Security Controls
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 6: Business Influences and Associated Security Risks
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 12: Assessment Tools and Methods
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 14: Secure Communication and Collaboration
Chapter 17: Secure Communication and Collaboration
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Chapter 17: Authentication and Authorization Technologies
Code Snippets
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Code Snippets
Next
Next Chapter
Images
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset