CASP+ CompTIA Advanced Security Practitioner Study Guide

ABOUT THE AUTHORS NADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit. JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff’s infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.

Introduction xxv

Assessment Test xxxv

Chapter 1 Risk Management 1

Risk Terminology 4

The Risk Assessment Process 6

Policies Used to Manage Employees 17

Cost-Benefit Analysis 21

Continuous Monitoring 22

Enterprise Security Architecture Frameworks and Governance 23

Training and Awareness for Users 24

Best Practices for Risk Assessments 25

Business Continuity Planning and Disaster Recovery 27

Reviewing the Effectiveness of Existing Security Controls 28

Conducting Lessons Learned and After-Action Reviews 30

Creation, Collection, and Analysis of Metrics 31

Analyzing Security Solutions to Ensure They Meet Business Needs 32

Testing Plans 33

Internal and External Audits 34

Using Judgment to Solve Difficult Problems 35

Summary 35

Exam Essentials 36

Review Questions 38

Chapter 2 Configure and Implement Endpoint Security Controls 43

Hardening Techniques 45

Trusted Operating Systems 52

Compensating Controls 55

Summary 57

Exam Essentials 58

Review Questions 59

Chapter 3 Security Operations Scenarios 63

Threat Management 66

Actor Types 67

Intelligence Collection Methods 71

Frameworks 74

Indicators of Compromise 77

Response 80

Summary 85

Exam Essentials 85

Review Questions 86

Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91

Terminology 97

Vulnerability Management 98

Vulnerabilities 134

Inherently Vulnerable System/Application 140

Proactive Detection 153

Summary 159

Exam Essentials 160

Review Questions 161

Chapter 5 Compliance and Vendor Risk 165

Shared Responsibility in Cloud Computing 168

Security Concerns of Integrating Diverse Industries 185

Regulations, Accreditations, and Standards 187

Contract and Agreement Types 198

Third-Party Attestation of Compliance 202

Legal Considerations 203

Summary 204

Exam Essentials 205

Review Questions 206

Chapter 6 Cryptography and PKI 211

The History of Cryptography 216

Cryptographic Goals and Requirements 217

Supporting Security Requirements 218

Risks with Data 221

Hashing 223

Symmetric Algorithms 227

Asymmetric Encryption 233

Public Key Infrastructure Hierarchy 239

Digital Certificates 241

Implementation of Cryptographic Solutions 247

Recognizing Cryptographic Attacks 254

Troubleshooting Cryptographic Implementations 256

Summary 259

Exam Essentials 259

Review Questions 261

Chapter 7 Incident Response and Forensics 265

The Incident Response Framework 268

Forensic Concepts 277

Forensic Analysis Tools 283

Summary 294

Exam Essentials 294

Review Questions 295

Chapter 8 Security Architecture 301

Security Requirements and Objectives for a Secure Network Architecture 310

Organizational Requirements for Infrastructure Security Design 358

Integrating Applications Securely into an Enterprise Architecture 362

Data Security Techniques for Securing Enterprise Architecture 384

Security Requirements and Objectives for Authentication and Authorization Controls 394

Summary 406

Exam Essentials 407

Review Questions 410

Chapter 9 Secure Cloud and Virtualization 415

Implement Secure Cloud and Virtualization Solutions 418

How Cloud Technology Adoption Impacts Organization Security 445

Summary 461

Exam Essentials 462

Review Questions 463

Chapter 10 Mobility and Emerging Technologies 467

Emerging Technologies and Their Impact on Enterprise Security and Privacy 471

Secure Enterprise Mobility Configurations 478

Security Considerations for Technologies, Protocols, and Sectors 495

Summary 500

Exam Essentials 500

Review Questions 501

Appendix Answers to Review Questions 505

Chapter 1: Risk Management 506

Chapter 2: Configure and Implement Endpoint Security Controls 507

Chapter 3: Security Operations Scenarios 509

Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511

Chapter 5: Compliance and Vendor Risk 513

Chapter 6: Cryptography and PKI 514

Chapter 7: Incident Response and Forensics 516

Chapter 8: Security Architecture 519

Chapter 9: Secure Cloud and Virtualization 522

Chapter 10: Mobility and Emerging Technologies 524

Index 529