Book Image

CompTIA CASP+ CAS-004 Certification Guide

By : Mark Birch
Book Image

CompTIA CASP+ CAS-004 Certification Guide

By: Mark Birch

Overview of this book

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt. Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise. By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.

Related Content you might be interested in

Current Title:

Small book image
CompTIA CASP+ CAS-004 Certification Guide
Mark Birch
Mar, 2022 | 654 pages
Small book image
Security+® Practice Tests
Mike Chapple
Oct, 2019 | 390 pages
Small book image
CompTIA Security+: SY0-601 Certification Guide
John Neil
Dec, 2020 | 550 pages
Small book image
CompTIA Security+ Certification Guide
John Neil
Sep, 2018 | 532 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Security Architecture
Section 1: Security Architecture
Free Chapter
2
Chapter 1: Designing a Secure Network Architecture
Chapter 1: Designing a Secure Network Architecture
Physical and virtual network and security devices
Application- and protocol-aware technologies
Advanced network design
Network management and monitoring tools
Advanced configuration of network devices
Security zones
Summary
Questions
Case study
Answers
Case study answer
3
Chapter 2: Integrating Software Applications into the Enterprise
Chapter 2: Integrating Software Applications into the Enterprise
Integrating security into the development life cycle
Software assurance
Baseline and templates
Considerations when integrating enterprise applications
Integration enablers
Summary
Questions
Answers
4
Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Implementing data loss prevention
Implementing data loss detection
Enabling data protection
Implementing secure cloud and virtualization solutions
Investigating cloud deployment models
Extending appropriate on-premises controls
Examining cloud storage models
Summary
Questions
Answers
5
Chapter 4: Deploying Enterprise Authentication and Authorization Controls
Chapter 4: Deploying Enterprise Authentication and Authorization Controls
Credential management
Identity federation
Access control
Authentication and authorization protocols
Multi-Factor Authentication (MFA)
Summary
Questions
Answers
6
Section 2: Security Operations
Section 2: Security Operations
7
Chapter 5: Threat and Vulnerability Management
Chapter 5: Threat and Vulnerability Management
Intelligence types
Actor types
Threat actor properties
Intelligence collection methods
Frameworks
Indicators of compromise
Responses
Summary
Questions
Answers
8
Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
Vulnerability scans
Security Content Automation Protocol (SCAP)
Information sources
Testing methods
Penetration testing
Security tools
Summary
Questions
Answers
9
Chapter 7: Risk Mitigation Controls
Chapter 7: Risk Mitigation Controls
Understanding application vulnerabilities
Assessing inherently vulnerable systems and applications
Recognizing common attacks
Proactive and detective risk reduction
Hunts
Applying preventative risk reduction
Summary
Questions
Answers
10
Chapter 8: Implementing Incident Response and Forensics Procedures
Chapter 8: Implementing Incident Response and Forensics Procedures
Understanding incident response planning
Understanding the incident response process
Understanding forensic concepts
Using forensic analysis tools
Summary
Questions
Answers
11
Section 3: Security Engineering and Cryptography
Section 3: Security Engineering and Cryptography
12
Chapter 9: Enterprise Mobility and Endpoint Security Controls
Chapter 9: Enterprise Mobility and Endpoint Security Controls
Implementing enterprise mobility management
Security considerations for mobility management
Implementing endpoint security controls
Summary
Questions
Answers
13
Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
Identifying regulated business sectors
Understanding embedded systems
Understanding ICS/SCADA
Understanding OT protocols
Summary
Questions
Answers
14
Chapter 11: Implementing Cryptographic Protocols and Algorithms
Chapter 11: Implementing Cryptographic Protocols and Algorithms
Understanding hashing algorithms
Understanding symmetric encryption algorithms
Understanding asymmetric encryption algorithms
Understanding encryption protocols
Understanding emerging security technologies
Summary
Questions
Answers
15
Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Understanding the PKI hierarchy
Understanding certificate types
Understanding PKI security and interoperability
Troubleshooting issues with cryptographic implementations
Summary
Questions
Answers
16
Section 4: Governance, Risk, and Compliance
Section 4: Governance, Risk, and Compliance
17
Chapter 13: Applying Appropriate Risk Strategies
Chapter 13: Applying Appropriate Risk Strategies
Understanding risk assessments
Implementing risk-handling techniques
Understanding the risk management life cycle
Understanding risk tracking
Managing risk with policies and security practices
Explaining the importance of managing and mitigating vendor risk
Summary
Questions
Answers
18
Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Security concerns associated with integrating diverse industries
Understanding regulations, accreditations, and standards
Understanding legal considerations
Application of contract and agreement types
Summary
Questions
Answers
19
Chapter 15: Business Continuity and Disaster Recovery Concepts
Chapter 15: Business Continuity and Disaster Recovery Concepts
Conducting a business impact analysis
Planning for high availability and automation
Explaining how cloud technology aids enterprise resilience
Summary
Questions
Answers
20
Chapter 16: Mock Exam 1
Chapter 16: Mock Exam 1
Questions
Assessment test answers
21
Chapter 17: Mock Exam 2
Chapter 17: Mock Exam 2
Questions
Answers
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Application- and protocol-aware technologies

Some applications will benefit from dedicated security appliances/services operating on sole behalf of those applications. Imagine you wanted to protect your web application server from typical exploits, including cross-site scripting (XSS), cross-site request forgery (XSRF), and Structured Query Language (SQL) injection. In that case, you would not want to filter all traffic for these exploits using the network firewall; it would have a huge workload and would slow down traffic for the entire network. Application-aware security appliances process traffic only being forwarded to that service.

The types of security applications that inspect and apply rulesets to application layer traffic are said to be using DPI.

It is important to plan for the placement of these devices to ensure traffic can be inspected before entering or leaving the network and to also minimize latency or delay where inspection and filtering are not required.

In the following section, we will take a look at some examples of application- and protocol-aware security solutions.

DLP

We must ensure the enterprise does not breach legal or regulatory compliance by exfiltration of sensitive data, either knowingly or unknowingly. It is important that intellectual property and customer data are protected, even when compliance is not a factor. Physical restrictions and/or enforceable policy may be used to block data exfiltration to a removable storage medium. DLP can also be implemented on the edge of the network, or as part of a cloud solution. Microsoft is one of many providers offering DLP as part of the Cloud Access Security Broker (CASB) security suite. In the following screenshot, we are selecting built-in rules to block the exfiltration of financial data:

Figure 1.14 – Microsoft 365 DLP rule

Figure 1.14 – Microsoft 365 DLP rule

There are many built-in templates for regulated industries.

WAF

A WAF is defined as a security solution on the web application level. It allows for HyperText Transfer Protocol/HTTP Secure (HTTP/HTTPS) traffic to be inspected for anomalies without slowing down the rest of the network traffic. A WAF can be implemented as an appliance, plugin, or filter that applies a set of rules to an HTTP connection.

A WAF helps prevent attacks, such as the following:

  • SQL injection attacks
  • XSS attacks
  • Malicious file execution
  • CSRF attacks
  • Information leakage
  • Broken authentication
  • Insecure communications

A WAF can also provide URL encryption and site usage enforcement, as illustrated in the following diagram:

Figure 1.15 – WAF

Figure 1.15 – WAF

Advantages

A WAF has the following advantages:

  • Allows for the creation of custom rules
  • Monitors and blocks malicious traffic
  • Can prevent live attacks
  • Protects vulnerable web applications

Disadvantages

A WAF has the following disadvantages:

  • May slow web traffic
  • Could block legitimate traffic
  • Requires frequent tuning

Database activity monitoring

Database activity monitoring (DAM) tools monitor, capture, and record database activity in near real time and can generate alerts when rules are violated.

DAM can be accomplished by doing the following:

  • Network sniffing
  • Reading of database logs
  • Memory analysis

DAM tools can correlate data and provide the administrator with the tools to detect anomalous database activity and capture a log of events, should this be required for forensics.

As a database is often a critical line-of-business (LOB) solution, often hosting enterprise resource planning (ERP), customer relationship management (CRM), sales order processing, and so on, investing in this additional technology will be worth the cost.

Spam filter

A spam filter typically scans incoming emails to protect your employees from email-borne threats. It can also scan emails leaving the organization (although this is more likely taken care of by a DLP solution). It can be deployed on the demilitarized zone (DMZ) network, filtering incoming SMTP traffic, and will typically perform additional tasks such as querying Spamhaus Block List (SBL) providers, such as Spamhaus, to drop connections from verified blocked domain names or IP addresses.

Many organizations will deploy this service in a cloud deployment, especially if the ISP hosts the email servers.

The following section covers some of the additional considerations to allow for secure remote working and administration.

Previous Section
End of Section 3
Next Section