Book Image

CompTIA CASP+ CAS-004 Certification Guide

By : Mark Birch
Book Image

CompTIA CASP+ CAS-004 Certification Guide

By: Mark Birch

Overview of this book

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt. Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise. By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.
Table of Contents (23 chapters)
Section 1: Security Architecture
Section 2: Security Operations
Section 3: Security Engineering and Cryptography
Section 4: Governance, Risk, and Compliance

Chapter 1: Designing a Secure Network Architecture

Security professionals need to analyze security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network and to provide the appropriate authentication and authorization controls.

Designing a modern enterprise network has many practical and security challenges. De-perimeterization means that access to information systems may be made from devices outside of the enterprise network. The types of devices can range from a handheld smartphone used to access a customer record to an Internet of Things (IoT) device transmitting telemetry data to a critical monitoring dashboard.

Regulatory or industry compliance may require strict network segmentation between processes and business units (BUs).

It is important to consider all the threat actors when you plan your network—think Defense in Depth (DiD).

This first chapter is an essential building block for the following chapters. It is the information systems on our networks that provide the data and services for an enterprise.

In this chapter, we will cover the following topics:

  • Physical and virtual network and security devices
  • Application- and protocol-aware technologies
  • Advanced network design
  • Network management and monitoring tools
  • Advanced configuration of network devices
  • Security zones