Switch content of the page by the Role togglethe content would be changed according to the role
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide, 3rd edition
Published by Pearson IT Certification (July 26, 2022) © 2022
- Troy McMillan
£45.89
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
This complete study package includes
* A test-preparation routine proven to help you pass the exams* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
* Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Implementing secure cloud and virtualization solutions* Performing threat and vulnerability management activities
* Implementing appropriate incident response* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies
- This book will help IT Security students focus their knowledge so that they can obtain the certification to support their experience
- Includes test-taking strategies, tips, notes, and two full sample exams delivered by the advanced Pearson Test Prep practice test software with online and offline accessÂ
- The authors understand IT certification and have years of experience preparing students to take exams
Revised for the new CompTIA CASP Exam.
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
   Load Balancer 3
   Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3
   Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
   Web Application Firewall (WAF) 6
   Network Access Control (NAC) 8
   Virtual Private Network (VPN) 10
   Domain Name System Security Extensions (DNSSEC) 11
   Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
   Network Address Translation (NAT) Gateway 19
   Internet Gateway 21
   Forward/Transparent Proxy 21
   Reverse Proxy 22
   Distributed Denial-of-Service (DDoS) Protection 22
   Routers 22
   Mail Security 26
   Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30
   Traffic Mirroring 30
   Sensors 32
Segmentation 39
   Microsegmentation 40
   Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
   Jump Box 43
   Screened Subnet 44
   Data Zones 44
   Staging Environments 45
   Guest Environments 45
   VPC/Virtual Network (VNET) 45
   Availability Zone 46
   NAC Lists 47
   Policies/Security Groups 47
   Regions 49
   Access Control Lists (ACLs) 49
   Peer-to-Peer 49
   Air Gap 49
De-perimeterization/Zero Trust 49
   Cloud 50
   Remote Work 50
   Mobile 50
   Outsourcing and Contracting 52
   Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
   Peering 59
   Cloud to on Premises 59
   Data Sensitivity Levels 59
   Mergers and Acquisitions 60
   Cross-domain 61
   Federation 61
   Directory Services 61
Software-Defined Networking (SDN) 62
   Open SDN 63
   Hybrid SDN 64
   SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
   Vertically 73
   Horizontally 74
Resiliency 74
   High Availability/Redundancy 74
   Diversity/Heterogeneity 75
   Course of Action Orchestration 75
   Distributed Allocation 76
   Replication 76
   Clustering 76
Automation 76
   Autoscaling 76
   Security Orchestration, Automation, and Response (SOAR) 77
   Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
   Baselines 85
   Create Benchmarks and Compare to Baselines 85
   Templates 86
   Secure Design Patterns/Types of Web Technologies 87
   Container APIs 88
   Secure Coding Standards 89
   Application Vetting Processes 90
   API Management 91
   Middleware 91
Software Assurance 92
   Sandboxing/Development Environment 92
   Validating Third-Party Libraries 93
   Defined DevOps Pipeline 93
   Code Signing 94
   Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
   Customer Relationship Management (CRM) 100
   Enterprise Resource Planning (ERP) 100
   Configuration Management Database (CMDB) 101
   Content Management System (CMS) 101
   Integration Enablers 101
Integrating Security into Development Life Cycle 103
   Formal Methods 103
   Requirements 103
   Fielding 104
   Insertions and Upgrades 104
   Disposal and Reuse 104
   Testing 105
   Development Approaches 109
   Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125
Data Loss Prevention 125
   Blocking Use of External Media 125
   Print Blocking 126
   Remote Desktop Protocol (RDP) Blocking 126
   Clipboard Privacy Controls 127
   Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
   Data Classification Blocking 128
Data Loss Detection 129
   Watermarking 129
   Digital Rights Management (DRM) 129
   Network Traffic Decryption/Deep Packet Inspection 130
   Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
   Metadata/Attributes 130
Obfuscation 131
   Tokenization 131
   Scrubbing 131
   Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
   Create 132
   Use 133
   Share 133
   Store 133
   Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
   Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149
Credential Management 149
   Password Repository Application 149
   Hardware Key Manager 150
   Privileged Access Management 151
   Privilege Escalation 151
   Password Policies 151
   Complexity 153
   Length 153
   Character Classes 153
   History 154
   Maximum/Minimum Age 154
   Auditing 155
   Reversable Encryption 156
Federation 156
   Transitive Trust 156
   OpenID 156
   Security Assertion Markup Language (SAML) 157
   Shibboleth 158
Access Control 159
   Mandatory Access Control (MAC) 160
   Discretionary Access Control (DAC) 160
   Role-Based Access Control 161
   Rule-Based Access Control 161
   Attribute-Based Access Control 161
Protocols 162
   Remote Authentication Dial-in User Service (RADIUS) 162
   Terminal Access Controller Access Control System (TACACS) 163
   Diameter 164
   Lightweight Directory Access Protocol (LDAP) 164
   Kerberos 165
   OAuth 166
   802.1X 166
   Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
   Knowledge Factors 169
   Ownership Factors 169
   Characteristic Factors 170
   Physiological Characteristics 170
   Behavioral Characteristics 171
   Biometric Considerations 172
   2-Step Verification 173
   In-Band 174
   Out-of-Band 174
One-Time Password (OTP) 175
   HMAC-Based One-Time Password (HOTP) 175
   Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
   Type 1 vs. Type 2 Hypervisors 186
   Containers 187
   Emulation 188
   Application Virtualization 189
   VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
   Business Directives 191
   Cloud Deployment Models 192
Hosting Models 193
   Multitenant 193
   Single-Tenant 194
Service Models 194
   Software as a Service (SaaS) 194
   Platform as a Service (PaaS) 194
   Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
   Internet Protocol (IP) Address Scheme 196
   VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
   Object Storage/File-Based Storage 197
   Database Storage 197
   Block Storage 198
   Blob Storage 198
   Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
   Data at Rest 205
   Data in Transit 205
   Data in Process/Data in Use 205
   Protection of Web Services 206
   Embedded Systems 206
   Key Escrow/Management 207
   Mobile Security 209
   Secure Authentication 209
   Smart Card 209
Common PKI Use Cases 210
   Web Services 210
   Email 210
   Code Signing 211
   Federation 211
   Trust Models 212
   VPN 212
   Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
   Private Information Retrieval 221
   Secure Function Evaluation 221
   Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
   Natural Language Processing 225
   Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
   Tactical 231
   Strategic 232
   Operational 232
Actor Types 233
   Advanced Persistent Threat (APT)/Nation-State 233
   Insider Threat 234
   Competitor 234
   Hacktivist 234
   Script Kiddie 235
   Organized Crime 235
Threat Actor Properties 235
   Resource 235
   Supply Chain Access 235
   Create Vulnerabilities 236
   Capabilities/Sophistication 236
   Identifying Techniques 237
Intelligence Collection Methods 237
   Intelligence Feeds 237
   Deep Web 237
   Proprietary 238
   Open-Source Intelligence (OSINT) 238
   Human Intelligence (HUMINT) 243
Frameworks 243
   MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
   Diamond Model of Intrusion Analysis 245
   Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251
Indicators of Compromise 251
   Packet Capture (PCAP) 251
   Logs 252
   Notifications 256
   Notification Severity/Priorities 260
   Syslog 261
   Unusual Process Activity 263
Response 265
   Firewall Rules 265
   IPS/IDS Rules 267
   ACL Rules 267
   Signature Rules 267
   Behavior Rules 268
   DLP Rules 268
   Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
   Credentialed vs. Non-credentialed 275
   Agent-Based/Server-Based 276
   Criticality Ranking 277
   Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
   Extensible Configuration Checklist Description Format (XCCDF) 278
   Open Vulnerability and Assessment Language (OVAL) 279
   Common Platform Enumeration (CPE) 279
   Common Vulnerabilities and Exposures (CVE) 279
   Common Vulnerability Scoring System (CVSS) 279
   Common Configuration Enumeration (CCE) 282
   Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
   Manual Patch Management 284
   Automated Patch Management 284
Information Sources 284
   Advisories 285
   Bulletins 286
   Vendor Websites 287
   Information Sharing and Analysis Centers (ISACs) 287
   News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293
Methods 293
   Static Analysis/Dynamic Analysis 293
   Side-Channel Analysis 293
   Reverse Engineering 294
   Wireless Vulnerability Scan 295
   Rogue Access Points 295
   Software Composition Analysis 296
   Fuzz Testing 296
   Pivoting 297
   Post-exploitation 297
   Persistence 298
Tools 298
   SCAP Scanner 298
   Network Traffic Analyzer 299
   Vulnerability Scanner 300
   Protocol Analyzer 302
   Port Scanner 302
   HTTP Interceptor 304
   Exploit Framework 304
   Password Cracker 306
Dependency Management 307
Requirements 308
   Scope of Work 308
   Rules of Engagement 308
   Invasive vs. Non-invasive 308
   Asset Inventory 308
   Permissions and Access 309
   Corporate Policy Considerations 310
   Facility Considerations 310
   Physical Security Considerations 310
   Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
   Race Conditions 315
   Overflows 315
   Broken Authentication 318
   Unsecure References 319
   Poor Exception Handling 319
   Security Misconfiguration 319
   Improper Headers 320
   Information Disclosure 321
   Certificate Errors 321
   Weak Cryptography Implementations 321
   Weak Ciphers 322
   Weak Cipher Suite Implementations 322
   Software Composition Analysis 322
   Use of Vulnerable Frameworks and Software Modules 323
   Use of Unsafe Functions 323
   Third-Party Libraries 323
   Code Injections/Malicious Changes 324
   End of Support/End of Life 324
   Regression Issues 324
Inherently Vulnerable System/Application 325
   Client-Side Processing vs. Server-Side Processing 325
   JSON/Representational State Transfer (REST) 326
   Browser Extensions 326
   Hypertext Markup Language 5 (HTML5) 327
   Asynchronous JavaScript and XML (AJAX) 327
   Simple Object Access Protocol (SOAP) 329
   Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
   Directory Traversal 330
   Cross-site Scripting (XSS) 331
   Cross-site Request Forgery (CSRF) 331
   Injection 332
   Sandbox Escape 337
   Virtual Machine (VM) Hopping 337
   VM Escape 337
   Border Gateway Protocol (BGP) Route Hijacking 338
   Interception Attacks 339
   Denial-of-Service (DoS)/DDoS 339
   Authentication Bypass 340
   Social Engineering 340
   VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
   Hunts 347
   Developing Countermeasures 347
   Deceptive Technologies 347
Security Data Analytics 348
   Processing Pipelines 349
   Indexing and Search 350
   Log Collection and Curation 350
   Database Activity Monitoring 350
Preventive 351
   Antivirus 352
   Immutable Systems 352
   Hardening 352
   Sandbox Detonation 352
Application Control 353
   License Technologies 353
   Allow List vs. Block List 354
   Time of Check vs. Time of Use 354
   Atomic Execution 355
Security Automation 355
   Cron/Scheduled Tasks 355
   Bash 356
   PowerShell 357
   Python 357
Physical Security 358
   Review of Lighting 358
   Review of Visitor Logs 359
   Camera Reviews 359
   Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
   False Positive 367
   False Negative 367
   True Positive 367
   True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
   Preparation 369
   Training 369
   Testing 370
   Detection 370
   Analysis 371
   Containment 371
   Recovery 371
   Response 372
   Lessons Learned 372
Specific Response Playbooks/Processes 373
   Scenarios 373
   Non-automated Response Methods 374
   Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
   Legal 377
   Human Resources 377
   Public Relations 378
   Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
   Identification 385
   Evidence Collection 385
   Evidence Preservation 388
   Analysis 389
   Verification 391
   Presentation 391
Integrity Preservation 392
   Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
   Foremost 399
   Strings 400
Binary Analysis Tools 401
   Hex Dump 401
   Binwalk 401
   Ghidra 401
   GNU Project Debugger (GDB) 401
   OllyDbg 402
   readelf 402
   objdump 402
   strace 402
   ldd 402
   file 403
Analysis Tools 403
   ExifTool 403
   Nmap 403
   Aircrack-ng 403
   Volatility 404
   The Sleuth Kit 405
   Dynamically vs. Statically Linked 405
Imaging Tools 405
   Forensic Toolkit (FTK) Imager 405
   dd 406
Hashing Utilities 407
   sha256sum 407
   ssdeep 407
Live Collection vs. Post-mortem Tools 407
   netstat 407
   ps 409
   vmstat 409
   ldd 410
   lsof 410
   netcat 410
   tcpdump 411
   conntrack 411
   Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
   Application Control 419
   Password 419
   MFA Requirements 420
   Token-Based Access 421
   Patch Repository 422
   Firmware Over-the-Air 422
   Remote Wipe 422
   Wi-Fi 423
   Profiles 424
   Bluetooth 424
   Near-Field Communication (NFC) 424
   Peripherals 425
   Geofencing 425
   VPN Settings 425
   Geotagging 426
   Certificate Management 426
   Full Device Encryption 427
   Tethering 427
   Airplane Mode 427
   Location Services 427
   DNS over HTTPS (DoH) 428
   Custom DNS 428
Deployment Scenarios 429
   Bring Your Own Device (BYOD) 429
   Corporate-Owned 429
   Corporate-Owned, Personally Enabled (COPE) 429
   Choose Your Own Device (CYOD) 429
   Implications of Wearable Devices 429
   Digital Forensics on Collected Data 430
   Unauthorized Application Stores 431
   Jailbreaking/Rooting 431
   Side Loading 431
   Containerization 432
   Original Equipment Manufacturer (OEM) and Carrier Differences 432
   Supply Chain Issues 432
   eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
   Removing Unneeded Services 437
   Disabling Unused Accounts 438
   Images/Templates 438
   Removing End-of-Life Devices 438
   Removing End-of-Support Device 438
   Local Drive Encryption 439
   Enabling No-Execute (NX)/Execute Never (XN) Bit 439
   Disabling Central Processing Unit (CPU) Virtualization Support 439
   Secure Encrypted Enclaves 440
   Memory Encryption 440
   Shell Restrictions 441
   Address Space Layout Randomization (ASLR) 442
Processes 442
   Patching 442
   Logging 443
   Monitoring 443
Mandatory Access Control 444
   Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
   Kernel vs. Middleware 445
Trustworthy Computing 445
   Trusted Platform Module (TPM) 445
   Secure Boot 446
   Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447
   Attestation Services 448
   Hardware Security Module (HSM) 448
   Measured Boot 449
   Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
   Antivirus 450
   Application Controls 451
   Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451
   Host-Based Firewall 451
   Endpoint Detection and Response (EDR) 451
   Redundant Hardware 452
   Self-Healing Hardware 452
   User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459
Embedded 459
   Internet of Things (IoT) 459
   System on a Chip (SoC) 461
   Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
   Programmable Logic Controller (PLC) 463
   Historian 463
   Ladder Logic 463
   Safety Instrumented System 464
   Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
   Controller Area Network (CAN) Bus 465
   Modbus 466
   Distributed Network Protocol 3 (DNP3) 466
   Zigbee 467
   Common Industrial Protocol (CIP) 467
   Data Distribution Service 468
Sectors 468
   Energy 469
   Manufacturing 469
   Healthcare 470
   Public Utilities 470
   Public Services 470
   Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
   Availability 479
   Collection 479
   Monitoring 479
   Configuration 480
   Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
   Cloud as Business Continuity and Disaster Recovery (BCDR) 486
   Primary Provider BCDR 486
   Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
   Web Conferencing 488
   Video Conferencing 489
   Audio Conferencing 491
   Storage and Document Collaboration Tools 491
Storage Configurations 492
   Bit Splitting 493
   Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
   Registration Authority (RA) 499
   Certificate Authority (CA) 499
   Subordinate/Intermediate CA 500
Certificate Types 501
   Wildcard Certificate 501
   Extended Validation 502
   Multidomain 502
   General Purpose 503
Certificate Usages/Profiles/Templates 504
   Client Authentication 504
   Server Authentication 504
   Digital Signatures 504
   Code Signing 505
Extensions 505
   Common Name (CN) 505
   Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519
Hashing 519
   Secure Hashing Algorithm (SHA) 519
   Hash-Based Message Authentication Code (HMAC) 520
   Message Digest (MD) 521
   RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
   Poly1305 521
Symmetric Algorithms 522
   Modes of Operation 523
   Stream and Block 526
Asymmetric Algorithms 528
   Key Agreement 529
   Signing 530
   Known Flaws/Weaknesses 531
Protocols 532
   Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
   Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
   Internet Protocol Security (IPsec) 534
   Secure Shell (SSH) 534
   EAP 535
Elliptic-Curve Cryptography 535
   P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
   Password-Based Key Derivation Function 2 (PBKDF2) 537
   Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
   Revoked Certificates 543
   Incorrect Name 543
   Chain Issues 544
   Weak Signing Algorithm 545
   Weak Cipher Suite 545
   Incorrect Permissions 546
   Cipher Mismatches 546
   Downgrade 546
Keys 546
   Mismatched 547
   Improper Key Handling 547
   Embedded Keys 548
   Rekeying 548
   Exposed Private Keys 548
   Crypto Shredding 548
   Cryptographic Obfuscation 548
   Key Rotation 549
   Compromised Keys 549
Exam Preparation Tasks 549
Part IV: Governance, Risk, and Compliance
Chapter 25 Applying Appropriate Risk Strategies 555
Risk Assessment 555
   Likelihood 556
   Impact 556
   Qualitative vs. Quantitative 557
   Exposure Factor 558
   Asset Value 558
   Total Cost of Ownership (TCO) 559
   Return on Investment (ROI) 560
   Mean Time to Recovery (MTTR) 562
   Mean Time Between Failure (MTBF) 562
   Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE) 562
   Gap Analysis 564
Risk Handling Techniques 565
   Transfer 565
   Accept 565
   Avoid 566
   Mitigate 566
Risk Types 566
   Inherent 567
   Residual 567
   Exceptions 567
Risk Management Life Cycle 568
   Identify 569
   Assess 570
   Control 570
   Control Types 572
   Review 573
   Frameworks 573
Risk Tracking 590
   Risk Register 590
   Key Performance Indicators/Key Risk Indicators 591
Risk Appetite vs. Risk Tolerance 594
   Tradeoff Analysis 595
   Usability vs. Security Requirements 595
Policies and Security Practices 595
   Separation of Duties 595
   Job Rotation 596
   Mandatory Vacation 596
   Least Privilege 597
   Employment and Termination Procedures 598
   Training and Awareness for Users 599
   Auditing Requirements and Frequency 601
Exam Preparation Tasks 601
Chapter 26 Managing and Mitigating Vendor Risk 607
Shared Responsibility Model (Roles/Responsibilities) 607
   Cloud Service Provider (CSP) 607
   Client 609
Vendor Lock-in and Vendor Lock-out 610
Vendor Viability 610
   Financial Risk 610
   Merger or Acquisition Risk 610
Meeting Client Requirements 610
   Legal 610
   Change Management 611
   Staff Turnover 612
   Device and Technical Configurations 612
Support Availability 615
Geographical Consideration 615
Supply Chain Visibility 615
Incident Reporting Requirements 616
Source Code Escrows 616
Ongoing Vendor Assessment Tools 616
Third-Party Dependencies 616
   Code 617
   Hardware 617
   Modules 618
Technical Considerations 618
   Technical Testing 618
   Network Segmentation 618
   Transmission Control 618
   Shared Credentials 619
Exam Preparation Tasks 620
Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations 625
Security Concerns of Integrating Diverse Industries 625
   Rules 625
   Policies 626
   Regulations 626
Data Considerations 626
   Data Sovereignty 626
   Data Ownership 627
   Data Classifications 627
   Data Retention 629
   Data Types 629
   Data Removal, Destruction, and Sanitization 634
Geographic Considerations 635
   Location of Data 636
   Location of Data Subject 636
   Location of Cloud Provider 637
Third-Party Attestation of Compliance 637
Regulations, Accreditations, and Standards 637
   Open Standards 638
   Adherence to Standards 638
   Competing Standards 639
   Lack of Standards 639
   De Facto Standards 639
   Payment Card Industry Data Security Standard (PCI DSS) 639
   General Data Protection Regulation (GDPR) 640
   International Organization for Standardization (ISO) 641
   Capability Maturity Model Integration (CMMI) 643
   National Institute of Standards and Technology (NIST) 644
   Children's Online Privacy Protection Act (COPPA) 644
   Common Criteria 644
   Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) 646
Legal Considerations 646
   Due Diligence/Due Care 646
   Export Controls 647
   Legal Holds 648
   E-Discovery 648
Contract and Agreement Types 648
   Service-Level Agreement (SLA) 649
   Master Service Agreement (MSA) 649
   Non-disclosure Agreement (NDA) 650
   Memorandum of Understanding (MOU) 650
   Interconnection Security Agreement (ISA) 650
   Operational-Level Agreement 651
   Privacy-Level Agreement 651
Exam Preparation Tasks 651
Chapter 28 Business Continuity and Disaster Recovery Concepts 657
Develop Contingency Planning Policy 658
   Conduct the BIA 658
   Identify Critical Processes and Resources 659
   Recovery Time Objective 659
   Recovery Point Objective 659
   Recovery Service Level 659
   Mission Essential Functions 659
Privacy Impact Assessment 660
Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP) 660
   Personnel Components 661
   Project Scope 661
   Business Continuity Steps 662
   Recovery and Multiple Site Strategies 662
   Cold Site 663
   Warm Site 663
   Hot Site 663
   Mobile Site 664
Incident Response Plan 664
   Roles/Responsibilities 665
   After-Action Reports 666
Testing Plans 666
   Checklist 666
   Walk-through 666
   Tabletop Exercises 666
   Full Interruption Test 667
   Parallel Test/Simulation Test 667
Exam Preparation Tasks 667
Tools for Final Preparation 672
Pearson Test Prep Practice Test Software and Questions on the Website 672
Chapter 29 Final Preparation 673
Accessing the Pearson Test Prep Software Online 673
Accessing the Pearson Test Prep Practice Test Software Offline 673
Customizing Your Exams 674
Updating Your Exams 675
Premium Edition 676
Chapter-Ending Review Tools 676
Suggested Plan for Final Review/Study 676
Appendix A Answers to the Review Questions 679
Glossary 709
Online Elements
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
Glossary
9780137348954Â Â Â TOCÂ Â Â 5/26/2022
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
   Load Balancer 3
   Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3
   Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
   Web Application Firewall (WAF) 6
   Network Access Control (NAC) 8
   Virtual Private Network (VPN) 10
   Domain Name System Security Extensions (DNSSEC) 11
   Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
   Network Address Translation (NAT) Gateway 19
   Internet Gateway 21
   Forward/Transparent Proxy 21
   Reverse Proxy 22
   Distributed Denial-of-Service (DDoS) Protection 22
   Routers 22
   Mail Security 26
   Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30
   Traffic Mirroring 30
   Sensors 32
Segmentation 39
   Microsegmentation 40
   Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
   Jump Box 43
   Screened Subnet 44
   Data Zones 44
   Staging Environments 45
   Guest Environments 45
   VPC/Virtual Network (VNET) 45
   Availability Zone 46
   NAC Lists 47
   Policies/Security Groups 47
   Regions 49
   Access Control Lists (ACLs) 49
   Peer-to-Peer 49
   Air Gap 49
De-perimeterization/Zero Trust 49
   Cloud 50
   Remote Work 50
   Mobile 50
   Outsourcing and Contracting 52
   Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
   Peering 59
   Cloud to on Premises 59
   Data Sensitivity Levels 59
   Mergers and Acquisitions 60
   Cross-domain 61
   Federation 61
   Directory Services 61
Software-Defined Networking (SDN) 62
   Open SDN 63
   Hybrid SDN 64
   SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
   Vertically 73
   Horizontally 74
Resiliency 74
   High Availability/Redundancy 74
   Diversity/Heterogeneity 75
   Course of Action Orchestration 75
   Distributed Allocation 76
   Replication 76
   Clustering 76
Automation 76
   Autoscaling 76
   Security Orchestration, Automation, and Response (SOAR) 77
   Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
   Baselines 85
   Create Benchmarks and Compare to Baselines 85
   Templates 86
   Secure Design Patterns/Types of Web Technologies 87
   Container APIs 88
   Secure Coding Standards 89
   Application Vetting Processes 90
   API Management 91
   Middleware 91
Software Assurance 92
   Sandboxing/Development Environment 92
   Validating Third-Party Libraries 93
   Defined DevOps Pipeline 93
   Code Signing 94
   Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
   Customer Relationship Management (CRM) 100
   Enterprise Resource Planning (ERP) 100
   Configuration Management Database (CMDB) 101
   Content Management System (CMS) 101
   Integration Enablers 101
Integrating Security into Development Life Cycle 103
   Formal Methods 103
   Requirements 103
   Fielding 104
   Insertions and Upgrades 104
   Disposal and Reuse 104
   Testing 105
   Development Approaches 109
   Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125
Data Loss Prevention 125
   Blocking Use of External Media 125
   Print Blocking 126
   Remote Desktop Protocol (RDP) Blocking 126
   Clipboard Privacy Controls 127
   Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
   Data Classification Blocking 128
Data Loss Detection 129
   Watermarking 129
   Digital Rights Management (DRM) 129
   Network Traffic Decryption/Deep Packet Inspection 130
   Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
   Metadata/Attributes 130
Obfuscation 131
   Tokenization 131
   Scrubbing 131
   Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
   Create 132
   Use 133
   Share 133
   Store 133
   Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
   Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149
Credential Management 149
   Password Repository Application 149
   Hardware Key Manager 150
   Privileged Access Management 151
   Privilege Escalation 151
   Password Policies 151
   Complexity 153
   Length 153
   Character Classes 153
   History 154
   Maximum/Minimum Age 154
   Auditing 155
   Reversable Encryption 156
Federation 156
   Transitive Trust 156
   OpenID 156
   Security Assertion Markup Language (SAML) 157
   Shibboleth 158
Access Control 159
   Mandatory Access Control (MAC) 160
   Discretionary Access Control (DAC) 160
   Role-Based Access Control 161
   Rule-Based Access Control 161
   Attribute-Based Access Control 161
Protocols 162
   Remote Authentication Dial-in User Service (RADIUS) 162
   Terminal Access Controller Access Control System (TACACS) 163
   Diameter 164
   Lightweight Directory Access Protocol (LDAP) 164
   Kerberos 165
   OAuth 166
   802.1X 166
   Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
   Knowledge Factors 169
   Ownership Factors 169
   Characteristic Factors 170
   Physiological Characteristics 170
   Behavioral Characteristics 171
   Biometric Considerations 172
   2-Step Verification 173
   In-Band 174
   Out-of-Band 174
One-Time Password (OTP) 175
   HMAC-Based One-Time Password (HOTP) 175
   Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
   Type 1 vs. Type 2 Hypervisors 186
   Containers 187
   Emulation 188
   Application Virtualization 189
   VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
   Business Directives 191
   Cloud Deployment Models 192
Hosting Models 193
   Multitenant 193
   Single-Tenant 194
Service Models 194
   Software as a Service (SaaS) 194
   Platform as a Service (PaaS) 194
   Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
   Internet Protocol (IP) Address Scheme 196
   VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
   Object Storage/File-Based Storage 197
   Database Storage 197
   Block Storage 198
   Blob Storage 198
   Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
   Data at Rest 205
   Data in Transit 205
   Data in Process/Data in Use 205
   Protection of Web Services 206
   Embedded Systems 206
   Key Escrow/Management 207
   Mobile Security 209
   Secure Authentication 209
   Smart Card 209
Common PKI Use Cases 210
   Web Services 210
   Email 210
   Code Signing 211
   Federation 211
   Trust Models 212
   VPN 212
   Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
   Private Information Retrieval 221
   Secure Function Evaluation 221
   Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
   Natural Language Processing 225
   Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
   Tactical 231
   Strategic 232
   Operational 232
Actor Types 233
   Advanced Persistent Threat (APT)/Nation-State 233
   Insider Threat 234
   Competitor 234
   Hacktivist 234
   Script Kiddie 235
   Organized Crime 235
Threat Actor Properties 235
   Resource 235
   Supply Chain Access 235
   Create Vulnerabilities 236
   Capabilities/Sophistication 236
   Identifying Techniques 237
Intelligence Collection Methods 237
   Intelligence Feeds 237
   Deep Web 237
   Proprietary 238
   Open-Source Intelligence (OSINT) 238
   Human Intelligence (HUMINT) 243
Frameworks 243
   MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
   Diamond Model of Intrusion Analysis 245
   Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251
Indicators of Compromise 251
   Packet Capture (PCAP) 251
   Logs 252
   Notifications 256
   Notification Severity/Priorities 260
   Syslog 261
   Unusual Process Activity 263
Response 265
   Firewall Rules 265
   IPS/IDS Rules 267
   ACL Rules 267
   Signature Rules 267
   Behavior Rules 268
   DLP Rules 268
   Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
   Credentialed vs. Non-credentialed 275
   Agent-Based/Server-Based 276
   Criticality Ranking 277
   Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
   Extensible Configuration Checklist Description Format (XCCDF) 278
   Open Vulnerability and Assessment Language (OVAL) 279
   Common Platform Enumeration (CPE) 279
   Common Vulnerabilities and Exposures (CVE) 279
   Common Vulnerability Scoring System (CVSS) 279
   Common Configuration Enumeration (CCE) 282
   Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
   Manual Patch Management 284
   Automated Patch Management 284
Information Sources 284
   Advisories 285
   Bulletins 286
   Vendor Websites 287
   Information Sharing and Analysis Centers (ISACs) 287
   News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293
Methods 293
   Static Analysis/Dynamic Analysis 293
   Side-Channel Analysis 293
   Reverse Engineering 294
   Wireless Vulnerability Scan 295
   Rogue Access Points 295
   Software Composition Analysis 296
   Fuzz Testing 296
   Pivoting 297
   Post-exploitation 297
   Persistence 298
Tools 298
   SCAP Scanner 298
   Network Traffic Analyzer 299
   Vulnerability Scanner 300
   Protocol Analyzer 302
   Port Scanner 302
   HTTP Interceptor 304
   Exploit Framework 304
   Password Cracker 306
Dependency Management 307
Requirements 308
   Scope of Work 308
   Rules of Engagement 308
   Invasive vs. Non-invasive 308
   Asset Inventory 308
   Permissions and Access 309
   Corporate Policy Considerations 310
   Facility Considerations 310
   Physical Security Considerations 310
   Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
   Race Conditions 315
   Overflows 315
   Broken Authentication 318
   Unsecure References 319
   Poor Exception Handling 319
   Security Misconfiguration 319
   Improper Headers 320
   Information Disclosure 321
   Certificate Errors 321
   Weak Cryptography Implementations 321
   Weak Ciphers 322
   Weak Cipher Suite Implementations 322
   Software Composition Analysis 322
   Use of Vulnerable Frameworks and Software Modules 323
   Use of Unsafe Functions 323
   Third-Party Libraries 323
   Code Injections/Malicious Changes 324
   End of Support/End of Life 324
   Regression Issues 324
Inherently Vulnerable System/Application 325
   Client-Side Processing vs. Server-Side Processing 325
   JSON/Representational State Transfer (REST) 326
   Browser Extensions 326
   Hypertext Markup Language 5 (HTML5) 327
   Asynchronous JavaScript and XML (AJAX) 327
   Simple Object Access Protocol (SOAP) 329
   Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
   Directory Traversal 330
   Cross-site Scripting (XSS) 331
   Cross-site Request Forgery (CSRF) 331
   Injection 332
   Sandbox Escape 337
   Virtual Machine (VM) Hopping 337
   VM Escape 337
   Border Gateway Protocol (BGP) Route Hijacking 338
   Interception Attacks 339
   Denial-of-Service (DoS)/DDoS 339
   Authentication Bypass 340
   Social Engineering 340
   VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
   Hunts 347
   Developing Countermeasures 347
   Deceptive Technologies 347
Security Data Analytics 348
   Processing Pipelines 349
   Indexing and Search 350
   Log Collection and Curation 350
   Database Activity Monitoring 350
Preventive 351
   Antivirus 352
   Immutable Systems 352
   Hardening 352
   Sandbox Detonation 352
Application Control 353
   License Technologies 353
   Allow List vs. Block List 354
   Time of Check vs. Time of Use 354
   Atomic Execution 355
Security Automation 355
   Cron/Scheduled Tasks 355
   Bash 356
   PowerShell 357
   Python 357
Physical Security 358
   Review of Lighting 358
   Review of Visitor Logs 359
   Camera Reviews 359
   Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
   False Positive 367
   False Negative 367
   True Positive 367
   True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
   Preparation 369
   Training 369
   Testing 370
   Detection 370
   Analysis 371
   Containment 371
   Recovery 371
   Response 372
   Lessons Learned 372
Specific Response Playbooks/Processes 373
   Scenarios 373
   Non-automated Response Methods 374
   Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
   Legal 377
   Human Resources 377
   Public Relations 378
   Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
   Identification 385
   Evidence Collection 385
   Evidence Preservation 388
   Analysis 389
   Verification 391
   Presentation 391
Integrity Preservation 392
   Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
   Foremost 399
   Strings 400
Binary Analysis Tools 401
   Hex Dump 401
   Binwalk 401
   Ghidra 401
   GNU Project Debugger (GDB) 401
   OllyDbg 402
   readelf 402
   objdump 402
   strace 402
   ldd 402
   file 403
Analysis Tools 403
   ExifTool 403
   Nmap 403
   Aircrack-ng 403
   Volatility 404
   The Sleuth Kit 405
   Dynamically vs. Statically Linked 405
Imaging Tools 405
   Forensic Toolkit (FTK) Imager 405
   dd 406
Hashing Utilities 407
   sha256sum 407
   ssdeep 407
Live Collection vs. Post-mortem Tools 407
   netstat 407
   ps 409
   vmstat 409
   ldd 410
   lsof 410
   netcat 410
   tcpdump 411
   conntrack 411
   Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
   Application Control 419
   Password 419
   MFA Requirements 420
   Token-Based Access 421
   Patch Repository 422
   Firmware Over-the-Air 422
   Remote Wipe 422
   Wi-Fi 423
   Profiles 424
   Bluetooth 424
   Near-Field Communication (NFC) 424
   Peripherals 425
   Geofencing 425
   VPN Settings 425
   Geotagging 426
   Certificate Management 426
   Full Device Encryption 427
   Tethering 427
   Airplane Mode 427
   Location Services 427
   DNS over HTTPS (DoH) 428
   Custom DNS 428
Deployment Scenarios 429
   Bring Your Own Device (BYOD) 429
   Corporate-Owned 429
   Corporate-Owned, Personally Enabled (COPE) 429
   Choose Your Own Device (CYOD) 429
   Implications of Wearable Devices 429
   Digital Forensics on Collected Data 430
   Unauthorized Application Stores 431
   Jailbreaking/Rooting 431
   Side Loading 431
   Containerization 432
   Original Equipment Manufacturer (OEM) and Carrier Differences 432
   Supply Chain Issues 432
   eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
   Removing Unneeded Services 437
   Disabling Unused Accounts 438
   Images/Templates 438
   Removing End-of-Life Devices 438
   Removing End-of-Support Device 438
   Local Drive Encryption 439
   Enabling No-Execute (NX)/Execute Never (XN) Bit 439
   Disabling Central Processing Unit (CPU) Virtualization Support 439
   Secure Encrypted Enclaves 440
   Memory Encryption 440
   Shell Restrictions 441
   Address Space Layout Randomization (ASLR) 442
Processes 442
   Patching 442
   Logging 443
   Monitoring 443
Mandatory Access Control 444
   Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
   Kernel vs. Middleware 445
Trustworthy Computing 445
   Trusted Platform Module (TPM) 445
   Secure Boot 446
   Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447
   Attestation Services 448
   Hardware Security Module (HSM) 448
   Measured Boot 449
   Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
   Antivirus 450
   Application Controls 451
   Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451
   Host-Based Firewall 451
   Endpoint Detection and Response (EDR) 451
   Redundant Hardware 452
   Self-Healing Hardware 452
   User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459
Embedded 459
   Internet of Things (IoT) 459
   System on a Chip (SoC) 461
   Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
   Programmable Logic Controller (PLC) 463
   Historian 463
   Ladder Logic 463
   Safety Instrumented System 464
   Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
   Controller Area Network (CAN) Bus 465
   Modbus 466
   Distributed Network Protocol 3 (DNP3) 466
   Zigbee 467
   Common Industrial Protocol (CIP) 467
   Data Distribution Service 468
Sectors 468
   Energy 469
   Manufacturing 469
   Healthcare 470
   Public Utilities 470
   Public Services 470
   Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
   Availability 479
   Collection 479
   Monitoring 479
   Configuration 480
   Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
   Cloud as Business Continuity and Disaster Recovery (BCDR) 486
   Primary Provider BCDR 486
   Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
   Web Conferencing 488
   Video Conferencing 489
   Audio Conferencing 491
   Storage and Document Collaboration Tools 491
Storage Configurations 492
   Bit Splitting 493
   Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
   Registration Authority (RA) 499
   Certificate Authority (CA) 499
   Subordinate/Intermediate CA 500
Certificate Types 501
   Wildcard Certificate 501
   Extended Validation 502
   Multidomain 502
   General Purpose 503
Certificate Usages/Profiles/Templates 504
   Client Authentication 504
   Server Authentication 504
   Digital Signatures 504
   Code Signing 505
Extensions 505
   Common Name (CN) 505
   Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519
Hashing 519
   Secure Hashing Algorithm (SHA) 519
   Hash-Based Message Authentication Code (HMAC) 520
   Message Digest (MD) 521
   RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
   Poly1305 521
Symmetric Algorithms 522
   Modes of Operation 523
   Stream and Block 526
Asymmetric Algorithms 528
   Key Agreement 529
   Signing 530
   Known Flaws/Weaknesses 531
Protocols 532
   Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
   Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
   Internet Protocol Security (IPsec) 534
   Secure Shell (SSH) 534
   EAP 535
Elliptic-Curve Cryptography 535
   P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
   Password-Based Key Derivation Function 2 (PBKDF2) 537
   Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
   Revoked Certificates 543
   Incorrect Name 543
   Chain Issues 544
   Weak Signing Algorithm 545
   Weak Cipher Suite 545
   Incorrect Permissions 546
   Cipher Mismatches 546
   Downgrade 546
Keys 546
   Mismatched 547
   Improper Key Handling 547
   Embedded Keys 548
   Rekeying 548
   Exposed Private Keys 548
   Crypto Shredding 548
   Cryptographic Obfuscation 548
   Key Rotation 549
   Compromised Keys 549
Exam Preparation Tasks 549
Part IV: Governance, Risk, and Compliance
Chapter 25 Applying Appropriate Risk Strategies 555
Risk Assessment 555
   Likelihood 556
   Impact 556
   Qualitative vs. Quantitative 557
   Exposure Factor 558
   Asset Value 558
   Total Cost of Ownership (TCO) 559
   Return on Investment (ROI) 560
   Mean Time to Recovery (MTTR) 562
   Mean Time Between Failure (MTBF) 562
   Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE) 562
   Gap Analysis 564
Risk Handling Techniques 565
   Transfer 565
   Accept 565
   Avoid 566
   Mitigate 566
Risk Types 566
   Inherent 567
   Residual 567
   Exceptions 567
Risk Management Life Cycle 568
   Identify 569
   Assess 570
   Control 570
   Control Types 572
   Review 573
   Frameworks 573
Risk Tracking 590
   Risk Register 590
   Key Performance Indicators/Key Risk Indicators 591
Risk Appetite vs. Risk Tolerance 594
   Tradeoff Analysis 595
   Usability vs. Security Requirements 595
Policies and Security Practices 595
   Separation of Duties 595
   Job Rotation 596
   Mandatory Vacation 596
   Least Privilege 597
   Employment and Termination Procedures 598
   Training and Awareness for Users 599
   Auditing Requirements and Frequency 601
Exam Preparation Tasks 601
Chapter 26 Managing and Mitigating Vendor Risk 607
Shared Responsibility Model (Roles/Responsibilities) 607
   Cloud Service Provider (CSP) 607
   Client 609
Vendor Lock-in and Vendor Lock-out 610
Vendor Viability 610
   Financial Risk 610
   Merger or Acquisition Risk 610
Meeting Client Requirements 610
   Legal 610
   Change Management 611
   Staff Turnover 612
   Device and Technical Configurations 612
Support Availability 615
Geographical Consideration 615
Supply Chain Visibility 615
Incident Reporting Requirements 616
Source Code Escrows 616
Ongoing Vendor Assessment Tools 616
Third-Party Dependencies 616
   Code 617
   Hardware 617
   Modules 618
Technical Considerations 618
   Technical Testing 618
   Network Segmentation 618
   Transmission Control 618
   Shared Credentials 619
Exam Preparation Tasks 620
Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations 625
Security Concerns of Integrating Diverse Industries 625
   Rules 625
   Policies 626
   Regulations 626
Data Considerations 626
   Data Sovereignty 626
   Data Ownership 627
   Data Classifications 627
   Data Retention 629
   Data Types 629
   Data Removal, Destruction, and Sanitization 634
Geographic Considerations 635
   Location of Data 636
   Location of Data Subject 636
   Location of Cloud Provider 637
Third-Party Attestation of Compliance 637
Regulations, Accreditations, and Standards 637
   Open Standards 638
   Adherence to Standards 638
   Competing Standards 639
   Lack of Standards 639
   De Facto Standards 639
   Payment Card Industry Data Security Standard (PCI DSS) 639
   General Data Protection Regulation (GDPR) 640
   International Organization for Standardization (ISO) 641
   Capability Maturity Model Integration (CMMI) 643
   National Institute of Standards and Technology (NIST) 644
   Children's Online Privacy Protection Act (COPPA) 644
   Common Criteria 644
   Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) 646
Legal Considerations 646
   Due Diligence/Due Care 646
   Export Controls 647
   Legal Holds 648
   E-Discovery 648
Contract and Agreement Types 648
   Service-Level Agreement (SLA) 649
   Master Service Agreement (MSA) 649
   Non-disclosure Agreement (NDA) 650
   Memorandum of Understanding (MOU) 650
   Interconnection Security Agreement (ISA) 650
   Operational-Level Agreement 651
   Privacy-Level Agreement 651
Exam Preparation Tasks 651
Chapter 28 Business Continuity and Disaster Recovery Concepts 657
Develop Contingency Planning Policy 658
   Conduct the BIA 658
   Identify Critical Processes and Resources 659
   Recovery Time Objective 659
   Recovery Point Objective 659
   Recovery Service Level 659
   Mission Essential Functions 659
Privacy Impact Assessment 660
Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP) 660
   Personnel Components 661
   Project Scope 661
   Business Continuity Steps 662
   Recovery and Multiple Site Strategies 662
   Cold Site 663
   Warm Site 663
   Hot Site 663
   Mobile Site 664
Incident Response Plan 664
   Roles/Responsibilities 665
   After-Action Reports 666
Testing Plans 666
   Checklist 666
   Walk-through 666
   Tabletop Exercises 666
   Full Interruption Test 667
   Parallel Test/Simulation Test 667
Exam Preparation Tasks 667
Tools for Final Preparation 672
Pearson Test Prep Practice Test Software and Questions on the Website 672
Chapter 29 Final Preparation 673
Accessing the Pearson Test Prep Software Online 673
Accessing the Pearson Test Prep Practice Test Software Offline 673
Customizing Your Exams 674
Updating Your Exams 675
Premium Edition 676
Chapter-Ending Review Tools 676
Suggested Plan for Final Review/Study 676
Appendix A Answers to the Review Questions 679
Glossary 709
Online Elements
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
Glossary
9780137348954Â Â Â TOCÂ Â Â 5/26/2022
Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes
* Author of CompTIA A+ Complete Review Guide (Sybex)* Author of CompTIA Server + Study Guide (Sybex)
* Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)* Prep test question writer for Network+ Study Guide (Sybex)
* Technical editor for Windows 7 Study Guide (Sybex)* Contributing author for CCNA-Wireless Study Guide (Sybex)
* Technical editor for CCNA Study Guide, Revision 7 (Sybex)* Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex)
* Author of Cisco Essentials (Sybex)* Co-author of CISSP Cert Guide (Pearson IT Certification)
* Prep test question writer for CCNA Wireless 640-722 (Cisco Press)
He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.
Need help? Get in touch
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.