Book Image

CompTIA CASP+ CAS-004 Certification Guide

By : Mark Birch
Book Image

CompTIA CASP+ CAS-004 Certification Guide

By: Mark Birch

Overview of this book

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt. Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise. By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.

Related Content you might be interested in

Current Title:

Small book image
CompTIA CASP+ CAS-004 Certification Guide
Mark Birch
Mar, 2022 | 654 pages
Small book image
Security+® Practice Tests
Mike Chapple
Oct, 2019 | 390 pages
Small book image
CompTIA Security+: SY0-601 Certification Guide
John Neil
Dec, 2020 | 550 pages
Small book image
CompTIA Security+ Certification Guide
John Neil
Sep, 2018 | 532 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Security Architecture
Section 1: Security Architecture
Free Chapter
2
Chapter 1: Designing a Secure Network Architecture
Chapter 1: Designing a Secure Network Architecture
Physical and virtual network and security devices
Application- and protocol-aware technologies
Advanced network design
Network management and monitoring tools
Advanced configuration of network devices
Security zones
Summary
Questions
Case study
Answers
Case study answer
3
Chapter 2: Integrating Software Applications into the Enterprise
Chapter 2: Integrating Software Applications into the Enterprise
Integrating security into the development life cycle
Software assurance
Baseline and templates
Considerations when integrating enterprise applications
Integration enablers
Summary
Questions
Answers
4
Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Implementing data loss prevention
Implementing data loss detection
Enabling data protection
Implementing secure cloud and virtualization solutions
Investigating cloud deployment models
Extending appropriate on-premises controls
Examining cloud storage models
Summary
Questions
Answers
5
Chapter 4: Deploying Enterprise Authentication and Authorization Controls
Chapter 4: Deploying Enterprise Authentication and Authorization Controls
Credential management
Identity federation
Access control
Authentication and authorization protocols
Multi-Factor Authentication (MFA)
Summary
Questions
Answers
6
Section 2: Security Operations
Section 2: Security Operations
7
Chapter 5: Threat and Vulnerability Management
Chapter 5: Threat and Vulnerability Management
Intelligence types
Actor types
Threat actor properties
Intelligence collection methods
Frameworks
Indicators of compromise
Responses
Summary
Questions
Answers
8
Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools
Vulnerability scans
Security Content Automation Protocol (SCAP)
Information sources
Testing methods
Penetration testing
Security tools
Summary
Questions
Answers
9
Chapter 7: Risk Mitigation Controls
Chapter 7: Risk Mitigation Controls
Understanding application vulnerabilities
Assessing inherently vulnerable systems and applications
Recognizing common attacks
Proactive and detective risk reduction
Hunts
Applying preventative risk reduction
Summary
Questions
Answers
10
Chapter 8: Implementing Incident Response and Forensics Procedures
Chapter 8: Implementing Incident Response and Forensics Procedures
Understanding incident response planning
Understanding the incident response process
Understanding forensic concepts
Using forensic analysis tools
Summary
Questions
Answers
11
Section 3: Security Engineering and Cryptography
Section 3: Security Engineering and Cryptography
12
Chapter 9: Enterprise Mobility and Endpoint Security Controls
Chapter 9: Enterprise Mobility and Endpoint Security Controls
Implementing enterprise mobility management
Security considerations for mobility management
Implementing endpoint security controls
Summary
Questions
Answers
13
Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies
Identifying regulated business sectors
Understanding embedded systems
Understanding ICS/SCADA
Understanding OT protocols
Summary
Questions
Answers
14
Chapter 11: Implementing Cryptographic Protocols and Algorithms
Chapter 11: Implementing Cryptographic Protocols and Algorithms
Understanding hashing algorithms
Understanding symmetric encryption algorithms
Understanding asymmetric encryption algorithms
Understanding encryption protocols
Understanding emerging security technologies
Summary
Questions
Answers
15
Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Understanding the PKI hierarchy
Understanding certificate types
Understanding PKI security and interoperability
Troubleshooting issues with cryptographic implementations
Summary
Questions
Answers
16
Section 4: Governance, Risk, and Compliance
Section 4: Governance, Risk, and Compliance
17
Chapter 13: Applying Appropriate Risk Strategies
Chapter 13: Applying Appropriate Risk Strategies
Understanding risk assessments
Implementing risk-handling techniques
Understanding the risk management life cycle
Understanding risk tracking
Managing risk with policies and security practices
Explaining the importance of managing and mitigating vendor risk
Summary
Questions
Answers
18
Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
Security concerns associated with integrating diverse industries
Understanding regulations, accreditations, and standards
Understanding legal considerations
Application of contract and agreement types
Summary
Questions
Answers
19
Chapter 15: Business Continuity and Disaster Recovery Concepts
Chapter 15: Business Continuity and Disaster Recovery Concepts
Conducting a business impact analysis
Planning for high availability and automation
Explaining how cloud technology aids enterprise resilience
Summary
Questions
Answers
20
Chapter 16: Mock Exam 1
Chapter 16: Mock Exam 1
Questions
Assessment test answers
21
Chapter 17: Mock Exam 2
Chapter 17: Mock Exam 2
Questions
Answers
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Advanced configuration of network devices

It is important to consider all the current threat actors and future threat actors when designing an enterprise network. Networks are complex and need thorough planning to properly mitigate against known threats and future unknown threats. Advanced tools to detect and mitigate these threats are covered in Chapter 2, Integrating Software Applications into the Enterprise, of the book. Baseline configuration guides (government/DoD networks use STIGs,) are essential, along with a configuration policy. Routers, switches, and other core network components should be compliant before being placed into a production/live environment.

Transport security

It is important when remotely configuring services and hardware over the network that all connections are encrypted and authenticated. Many organizations use the Zero Trust model, ensuring all network connections and actions must be validated.

SSH is recommended for accessing network appliances and services across the network.

Tip

When using SNMP for monitoring and management, it is important to ensure support for version 3 (v3), with full support for encryption and authentication.

Port security

Port security means restricting access to network ports using a combination of disabling unused network ports and deploying ACLs on network appliances.

On a layer 2 device, such as a Wi-Fi AP or switches, we can restrict access based on MAC addresses, and we can enable port security on a per-port basis.

There are two different approaches to restricting access to ports, as outlined here:

  • Dynamic locking: You can specify the maximum number of MAC addresses that can be associated with a port. After the limit is reached, additional MAC addresses are not added to the CAM table; only the frames with allowable-source MAC addresses are forwarded.

Cisco refers to these dynamic addresses as sticky secure MAC addresses.

  • Static locking: You can manually specify a list of MAC addresses for a port.

Figure 1.30 shows a MAC filter on a wireless AP:

Figure 1.30 – Wireless ACL

Figure 1.30 – Wireless ACL

Restrictions can be implemented using either the whitelisting or blacklisting of MAC addresses.

Route protection

It is important to ensure network traffic flow is protected. Routers will send neighbors route updates using common dynamic routing protocols. If these routes are poisoned or tampered with, this could allow an attacker to route all traffic through an MITM exploit, sniffing all network traffic. Data could be sent through an endless series of loops, causing a DoS exploit. To prevent these types of attacks, we should ensure we adopt the following practices:

  • Network devices are configured using an approved baseline.
  • Routing updates should only be accepted after a secure authentication handshake.
  • We should avoid the use of less secure routing protocols (such as RIP).
  • Disable unnecessary management interfaces.

Distributed DoS protection

Distributed DoS (DDoS) attacks can cause major availability issues for an enterprise, often resulting in costly outages and disaffected customers. Recent attacks have seen traffic volumes of over 2.5 terabytes per second (Tbps) directed at a target organization. In 2017, Google was targeted in an attack that resulted in spoofed Domain Name System (DNS) requests being sent to 180,000 DNS servers. The resulting traffic was directed at Google infrastructure services. The following screenshot shows high levels of ingress traffic:

Figure 1.31 – DDoS attack traffic

Figure 1.31 – DDoS attack traffic

DDoS mitigation is used to describe the process of guarding applications or networks against a DDoS attack. We can configure rules on our edge routers or work with our ISP to deliver this mitigation.

ISPs will incorporate these services into the services that their customers are using, or this may be an additional chargeable service.

Remotely triggered black hole

Remotely triggered black hole (RTBH) is a technique documented in IETF RFCs 5635 and 3882. RTBH filtering is a popular and effective technique for the mitigation of DoS attacks.

Often, a DDoS attack will overwhelm security devices on the enterprise perimeter. To thwart this type of attack, the customer will have an arrangement with their ISP. When a threshold is reached, a rule is triggered that sends an authorized route update to the ISP routers. The rule will automatically drop all traffic intended for the customer's internet-facing service. The ISP can then begin to identify the attack and look to block the malicious traffic. When this is done, the normal routing will be put back in place. The process is illustrated in the following diagram:

Figure 1.32 – RTBH

Figure 1.32 – RTBH

Blackhole used for DDOS mititigation can also be referred to as sinkholes.

Previous Section
End of Section 6
Next Section