CASP+ CompTIA Advanced Security Practitioner Study Guide
-15%
portes grátis
CASP+ CompTIA Advanced Security Practitioner Study Guide
Exam CAS-004
Tanner, Nadean H.; Parker, Jeff T.
John Wiley & Sons Inc
11/2022
592
Mole
Inglês
9781119803164
15 a 20 dias
816
Descrição não disponível.
Introduction xxv
Assessment Test xxxv
Chapter 1 Risk Management 1
Risk Terminology 4
The Risk Assessment Process 6
Policies Used to Manage Employees 17
Cost-Benefit Analysis 21
Continuous Monitoring 22
Enterprise Security Architecture Frameworks and Governance 23
Training and Awareness for Users 24
Best Practices for Risk Assessments 25
Business Continuity Planning and Disaster Recovery 27
Reviewing the Effectiveness of Existing Security Controls 28
Conducting Lessons Learned and After-Action Reviews 30
Creation, Collection, and Analysis of Metrics 31
Analyzing Security Solutions to Ensure They Meet Business Needs 32
Testing Plans 33
Internal and External Audits 34
Using Judgment to Solve Difficult Problems 35
Summary 35
Exam Essentials 36
Review Questions 38
Chapter 2 Configure and Implement Endpoint Security Controls 43
Hardening Techniques 45
Trusted Operating Systems 52
Compensating Controls 55
Summary 57
Exam Essentials 58
Review Questions 59
Chapter 3 Security Operations Scenarios 63
Threat Management 66
Actor Types 67
Intelligence Collection Methods 71
Frameworks 74
Indicators of Compromise 77
Response 80
Summary 85
Exam Essentials 85
Review Questions 86
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
Terminology 97
Vulnerability Management 98
Vulnerabilities 134
Inherently Vulnerable System/Application 140
Proactive Detection 153
Summary 159
Exam Essentials 160
Review Questions 161
Chapter 5 Compliance and Vendor Risk 165
Shared Responsibility in Cloud Computing 168
Security Concerns of Integrating Diverse Industries 185
Regulations, Accreditations, and Standards 187
Contract and Agreement Types 198
Third-Party Attestation of Compliance 202
Legal Considerations 203
Summary 204
Exam Essentials 205
Review Questions 206
Chapter 6 Cryptography and PKI 211
The History of Cryptography 216
Cryptographic Goals and Requirements 217
Supporting Security Requirements 218
Risks with Data 221
Hashing 223
Symmetric Algorithms 227
Asymmetric Encryption 233
Public Key Infrastructure Hierarchy 239
Digital Certificates 241
Implementation of Cryptographic Solutions 247
Recognizing Cryptographic Attacks 254
Troubleshooting Cryptographic Implementations 256
Summary 259
Exam Essentials 259
Review Questions 261
Chapter 7 Incident Response and Forensics 265
The Incident Response Framework 268
Forensic Concepts 277
Forensic Analysis Tools 283
Summary 294
Exam Essentials 294
Review Questions 295
Chapter 8 Security Architecture 301
Security Requirements and Objectives for a Secure Network Architecture 310
Organizational Requirements for Infrastructure Security Design 358
Integrating Applications Securely into an Enterprise Architecture 362
Data Security Techniques for Securing Enterprise Architecture 384
Security Requirements and Objectives for Authentication and Authorization Controls 394
Summary 406
Exam Essentials 407
Review Questions 410
Chapter 9 Secure Cloud and Virtualization 415
Implement Secure Cloud and Virtualization Solutions 418
How Cloud Technology Adoption Impacts Organization Security 445
Summary 461
Exam Essentials 462
Review Questions 463
Chapter 10 Mobility and Emerging Technologies 467
Emerging Technologies and Their Impact on Enterprise Security and Privacy 471
Secure Enterprise Mobility Configurations 478
Security Considerations for Technologies, Protocols, and Sectors 495
Summary 500
Exam Essentials 500
Review Questions 501
Appendix Answers to Review Questions 505
Chapter 1: Risk Management 506
Chapter 2: Configure and Implement Endpoint Security Controls 507
Chapter 3: Security Operations Scenarios 509
Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511
Chapter 5: Compliance and Vendor Risk 513
Chapter 6: Cryptography and PKI 514
Chapter 7: Incident Response and Forensics 516
Chapter 8: Security Architecture 519
Chapter 9: Secure Cloud and Virtualization 522
Chapter 10: Mobility and Emerging Technologies 524
Index 529
Assessment Test xxxv
Chapter 1 Risk Management 1
Risk Terminology 4
The Risk Assessment Process 6
Policies Used to Manage Employees 17
Cost-Benefit Analysis 21
Continuous Monitoring 22
Enterprise Security Architecture Frameworks and Governance 23
Training and Awareness for Users 24
Best Practices for Risk Assessments 25
Business Continuity Planning and Disaster Recovery 27
Reviewing the Effectiveness of Existing Security Controls 28
Conducting Lessons Learned and After-Action Reviews 30
Creation, Collection, and Analysis of Metrics 31
Analyzing Security Solutions to Ensure They Meet Business Needs 32
Testing Plans 33
Internal and External Audits 34
Using Judgment to Solve Difficult Problems 35
Summary 35
Exam Essentials 36
Review Questions 38
Chapter 2 Configure and Implement Endpoint Security Controls 43
Hardening Techniques 45
Trusted Operating Systems 52
Compensating Controls 55
Summary 57
Exam Essentials 58
Review Questions 59
Chapter 3 Security Operations Scenarios 63
Threat Management 66
Actor Types 67
Intelligence Collection Methods 71
Frameworks 74
Indicators of Compromise 77
Response 80
Summary 85
Exam Essentials 85
Review Questions 86
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
Terminology 97
Vulnerability Management 98
Vulnerabilities 134
Inherently Vulnerable System/Application 140
Proactive Detection 153
Summary 159
Exam Essentials 160
Review Questions 161
Chapter 5 Compliance and Vendor Risk 165
Shared Responsibility in Cloud Computing 168
Security Concerns of Integrating Diverse Industries 185
Regulations, Accreditations, and Standards 187
Contract and Agreement Types 198
Third-Party Attestation of Compliance 202
Legal Considerations 203
Summary 204
Exam Essentials 205
Review Questions 206
Chapter 6 Cryptography and PKI 211
The History of Cryptography 216
Cryptographic Goals and Requirements 217
Supporting Security Requirements 218
Risks with Data 221
Hashing 223
Symmetric Algorithms 227
Asymmetric Encryption 233
Public Key Infrastructure Hierarchy 239
Digital Certificates 241
Implementation of Cryptographic Solutions 247
Recognizing Cryptographic Attacks 254
Troubleshooting Cryptographic Implementations 256
Summary 259
Exam Essentials 259
Review Questions 261
Chapter 7 Incident Response and Forensics 265
The Incident Response Framework 268
Forensic Concepts 277
Forensic Analysis Tools 283
Summary 294
Exam Essentials 294
Review Questions 295
Chapter 8 Security Architecture 301
Security Requirements and Objectives for a Secure Network Architecture 310
Organizational Requirements for Infrastructure Security Design 358
Integrating Applications Securely into an Enterprise Architecture 362
Data Security Techniques for Securing Enterprise Architecture 384
Security Requirements and Objectives for Authentication and Authorization Controls 394
Summary 406
Exam Essentials 407
Review Questions 410
Chapter 9 Secure Cloud and Virtualization 415
Implement Secure Cloud and Virtualization Solutions 418
How Cloud Technology Adoption Impacts Organization Security 445
Summary 461
Exam Essentials 462
Review Questions 463
Chapter 10 Mobility and Emerging Technologies 467
Emerging Technologies and Their Impact on Enterprise Security and Privacy 471
Secure Enterprise Mobility Configurations 478
Security Considerations for Technologies, Protocols, and Sectors 495
Summary 500
Exam Essentials 500
Review Questions 501
Appendix Answers to Review Questions 505
Chapter 1: Risk Management 506
Chapter 2: Configure and Implement Endpoint Security Controls 507
Chapter 3: Security Operations Scenarios 509
Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511
Chapter 5: Compliance and Vendor Risk 513
Chapter 6: Cryptography and PKI 514
Chapter 7: Incident Response and Forensics 516
Chapter 8: Security Architecture 519
Chapter 9: Secure Cloud and Virtualization 522
Chapter 10: Mobility and Emerging Technologies 524
Index 529
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
casp+; casp+ cas-004; cas-004; casp+ prep; casp+ test prep; casp+ exam; casp+ exam prep; cybersecurity credential; cybersecurity career; cybersecurity training; cybersecurity textbook; cas-004 prep; cas-004 test prep; enterprise security career
Introduction xxv
Assessment Test xxxv
Chapter 1 Risk Management 1
Risk Terminology 4
The Risk Assessment Process 6
Policies Used to Manage Employees 17
Cost-Benefit Analysis 21
Continuous Monitoring 22
Enterprise Security Architecture Frameworks and Governance 23
Training and Awareness for Users 24
Best Practices for Risk Assessments 25
Business Continuity Planning and Disaster Recovery 27
Reviewing the Effectiveness of Existing Security Controls 28
Conducting Lessons Learned and After-Action Reviews 30
Creation, Collection, and Analysis of Metrics 31
Analyzing Security Solutions to Ensure They Meet Business Needs 32
Testing Plans 33
Internal and External Audits 34
Using Judgment to Solve Difficult Problems 35
Summary 35
Exam Essentials 36
Review Questions 38
Chapter 2 Configure and Implement Endpoint Security Controls 43
Hardening Techniques 45
Trusted Operating Systems 52
Compensating Controls 55
Summary 57
Exam Essentials 58
Review Questions 59
Chapter 3 Security Operations Scenarios 63
Threat Management 66
Actor Types 67
Intelligence Collection Methods 71
Frameworks 74
Indicators of Compromise 77
Response 80
Summary 85
Exam Essentials 85
Review Questions 86
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
Terminology 97
Vulnerability Management 98
Vulnerabilities 134
Inherently Vulnerable System/Application 140
Proactive Detection 153
Summary 159
Exam Essentials 160
Review Questions 161
Chapter 5 Compliance and Vendor Risk 165
Shared Responsibility in Cloud Computing 168
Security Concerns of Integrating Diverse Industries 185
Regulations, Accreditations, and Standards 187
Contract and Agreement Types 198
Third-Party Attestation of Compliance 202
Legal Considerations 203
Summary 204
Exam Essentials 205
Review Questions 206
Chapter 6 Cryptography and PKI 211
The History of Cryptography 216
Cryptographic Goals and Requirements 217
Supporting Security Requirements 218
Risks with Data 221
Hashing 223
Symmetric Algorithms 227
Asymmetric Encryption 233
Public Key Infrastructure Hierarchy 239
Digital Certificates 241
Implementation of Cryptographic Solutions 247
Recognizing Cryptographic Attacks 254
Troubleshooting Cryptographic Implementations 256
Summary 259
Exam Essentials 259
Review Questions 261
Chapter 7 Incident Response and Forensics 265
The Incident Response Framework 268
Forensic Concepts 277
Forensic Analysis Tools 283
Summary 294
Exam Essentials 294
Review Questions 295
Chapter 8 Security Architecture 301
Security Requirements and Objectives for a Secure Network Architecture 310
Organizational Requirements for Infrastructure Security Design 358
Integrating Applications Securely into an Enterprise Architecture 362
Data Security Techniques for Securing Enterprise Architecture 384
Security Requirements and Objectives for Authentication and Authorization Controls 394
Summary 406
Exam Essentials 407
Review Questions 410
Chapter 9 Secure Cloud and Virtualization 415
Implement Secure Cloud and Virtualization Solutions 418
How Cloud Technology Adoption Impacts Organization Security 445
Summary 461
Exam Essentials 462
Review Questions 463
Chapter 10 Mobility and Emerging Technologies 467
Emerging Technologies and Their Impact on Enterprise Security and Privacy 471
Secure Enterprise Mobility Configurations 478
Security Considerations for Technologies, Protocols, and Sectors 495
Summary 500
Exam Essentials 500
Review Questions 501
Appendix Answers to Review Questions 505
Chapter 1: Risk Management 506
Chapter 2: Configure and Implement Endpoint Security Controls 507
Chapter 3: Security Operations Scenarios 509
Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511
Chapter 5: Compliance and Vendor Risk 513
Chapter 6: Cryptography and PKI 514
Chapter 7: Incident Response and Forensics 516
Chapter 8: Security Architecture 519
Chapter 9: Secure Cloud and Virtualization 522
Chapter 10: Mobility and Emerging Technologies 524
Index 529
Assessment Test xxxv
Chapter 1 Risk Management 1
Risk Terminology 4
The Risk Assessment Process 6
Policies Used to Manage Employees 17
Cost-Benefit Analysis 21
Continuous Monitoring 22
Enterprise Security Architecture Frameworks and Governance 23
Training and Awareness for Users 24
Best Practices for Risk Assessments 25
Business Continuity Planning and Disaster Recovery 27
Reviewing the Effectiveness of Existing Security Controls 28
Conducting Lessons Learned and After-Action Reviews 30
Creation, Collection, and Analysis of Metrics 31
Analyzing Security Solutions to Ensure They Meet Business Needs 32
Testing Plans 33
Internal and External Audits 34
Using Judgment to Solve Difficult Problems 35
Summary 35
Exam Essentials 36
Review Questions 38
Chapter 2 Configure and Implement Endpoint Security Controls 43
Hardening Techniques 45
Trusted Operating Systems 52
Compensating Controls 55
Summary 57
Exam Essentials 58
Review Questions 59
Chapter 3 Security Operations Scenarios 63
Threat Management 66
Actor Types 67
Intelligence Collection Methods 71
Frameworks 74
Indicators of Compromise 77
Response 80
Summary 85
Exam Essentials 85
Review Questions 86
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91
Terminology 97
Vulnerability Management 98
Vulnerabilities 134
Inherently Vulnerable System/Application 140
Proactive Detection 153
Summary 159
Exam Essentials 160
Review Questions 161
Chapter 5 Compliance and Vendor Risk 165
Shared Responsibility in Cloud Computing 168
Security Concerns of Integrating Diverse Industries 185
Regulations, Accreditations, and Standards 187
Contract and Agreement Types 198
Third-Party Attestation of Compliance 202
Legal Considerations 203
Summary 204
Exam Essentials 205
Review Questions 206
Chapter 6 Cryptography and PKI 211
The History of Cryptography 216
Cryptographic Goals and Requirements 217
Supporting Security Requirements 218
Risks with Data 221
Hashing 223
Symmetric Algorithms 227
Asymmetric Encryption 233
Public Key Infrastructure Hierarchy 239
Digital Certificates 241
Implementation of Cryptographic Solutions 247
Recognizing Cryptographic Attacks 254
Troubleshooting Cryptographic Implementations 256
Summary 259
Exam Essentials 259
Review Questions 261
Chapter 7 Incident Response and Forensics 265
The Incident Response Framework 268
Forensic Concepts 277
Forensic Analysis Tools 283
Summary 294
Exam Essentials 294
Review Questions 295
Chapter 8 Security Architecture 301
Security Requirements and Objectives for a Secure Network Architecture 310
Organizational Requirements for Infrastructure Security Design 358
Integrating Applications Securely into an Enterprise Architecture 362
Data Security Techniques for Securing Enterprise Architecture 384
Security Requirements and Objectives for Authentication and Authorization Controls 394
Summary 406
Exam Essentials 407
Review Questions 410
Chapter 9 Secure Cloud and Virtualization 415
Implement Secure Cloud and Virtualization Solutions 418
How Cloud Technology Adoption Impacts Organization Security 445
Summary 461
Exam Essentials 462
Review Questions 463
Chapter 10 Mobility and Emerging Technologies 467
Emerging Technologies and Their Impact on Enterprise Security and Privacy 471
Secure Enterprise Mobility Configurations 478
Security Considerations for Technologies, Protocols, and Sectors 495
Summary 500
Exam Essentials 500
Review Questions 501
Appendix Answers to Review Questions 505
Chapter 1: Risk Management 506
Chapter 2: Configure and Implement Endpoint Security Controls 507
Chapter 3: Security Operations Scenarios 509
Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511
Chapter 5: Compliance and Vendor Risk 513
Chapter 6: Cryptography and PKI 514
Chapter 7: Incident Response and Forensics 516
Chapter 8: Security Architecture 519
Chapter 9: Secure Cloud and Virtualization 522
Chapter 10: Mobility and Emerging Technologies 524
Index 529
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
