Muutke küpsiste eelistusi

CASPplus CompTIA Advanced Security Practitioner Study Guide: Exam CAS-004 4th edition [Pehme köide]

3.64/5 (12 hinnangut Goodreads-ist)
,
  • Formaat: Paperback / softback, 592 pages, kõrgus x laius x paksus: 231x185x31 mm, kaal: 816 g
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 17-Nov-2022
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119803160
  • ISBN-13: 9781119803164
Teised raamatud teemal:
  • Pehme köide
  • Hind: 59,75 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 70,30 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
CASPplus CompTIA Advanced Security Practitioner Study Guide: Exam CAS-004 4th editionSuurem pilt
  • Formaat: Paperback / softback, 592 pages, kõrgus x laius x paksus: 231x185x31 mm, kaal: 816 g
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 17-Nov-2022
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119803160
  • ISBN-13: 9781119803164
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119803164.html
Märksõnad:

Prepare to succeed in your new cybersecurity career with the challenging and sought-after CASP+ credential 

In the newly updated Fourth Edition of CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004, risk management and compliance expert Jeff Parker walks you through critical security topics and hands-on labs designed to prepare you for the new CompTIA Advanced Security Professional exam and a career in cybersecurity implementation. Content and chapter structure of this Fourth edition was developed and restructured to represent the CAS-004 Exam Objectives.  

From operations and architecture concepts, techniques and requirements to risk analysis, mobile and small-form factor device security, secure cloud integration, and cryptography, you’ll learn the cybersecurity technical skills you’ll need to succeed on the new CAS-004 exam, impress interviewers during your job search, and excel in your new career in cybersecurity implementation. 

This comprehensive book offers: 

  • Efficient preparation for a challenging and rewarding career in implementing specific solutions within cybersecurity policies and frameworks 
  • A robust grounding in the technical skills you’ll need to impress during cybersecurity interviews 
  • Content delivered through scenarios, a strong focus of the CAS-004 Exam 
  • Access to an interactive online test bank and study tools, including bonus practice exam questions, electronic flashcards, and a searchable glossary of key terms 

Perfect for anyone preparing for the CASP+ (CAS-004) exam and a new career in cybersecurity, CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004 is also an ideal resource for current IT professionals wanting to promote their cybersecurity skills or prepare for a career transition into enterprise cybersecurity. 

Introduction xxv
Assessment Test xxxv
Chapter 1 Risk Management
1(42)
Risk Terminology
4(2)
The Risk Assessment Process
6(1)
Asset Identification
6(2)
Information Classification
8(1)
Risk Assessment
9(5)
Risk Assessment Options
14(2)
Implementing Controls
16(1)
Policies Used to Manage Employees
17(1)
Pre-Employment Policies
18(1)
Employment Policies
18(2)
End of Employment and Termination Procedures
20(1)
Cost-Benefit Analysis
21(1)
Continuous Monitoring
22(1)
Enterprise Security Architecture Frameworks and Governance
23(1)
Training and Awareness for Users
24(1)
Best Practices for Risk Assessments
25(2)
Business Continuity Planning and Disaster Recovery
27(1)
Reviewing the Effectiveness of Existing Security Controls
28(2)
Conducting Lessons Learned and After-Action Reviews
30(1)
Creation, Collection, and Analysis of Metrics
31(1)
Metrics
31(1)
Trend Data
32(1)
Analyzing Security Solutions to Ensure They Meet Business Needs
32(1)
Testing Plans
33(1)
Internal and External Audits
34(1)
Using Judgment to Solve Difficult Problems
35(1)
Summary
35(1)
Exam Essentials
36(2)
Review Questions
38(5)
Chapter 2 Configure and Implement Endpoint Security Controls
43(20)
Hardening Techniques
45(2)
Address Space Layout Randomization Use
47(1)
Hardware Security Module and Trusted Platform Module
48(4)
Trusted Operating Systems
52(3)
Compensating Controls
55(2)
Summary
57(1)
Exam Essentials
58(1)
Review Questions
59(4)
Chapter 3 Security Operations Scenarios
63(28)
Threat Management
66(1)
Types of Intelligence
66(1)
Threat Hunting
67(1)
Threat Emulation
67(1)
Actor Types
67(4)
Intelligence Collection Methods
71(1)
Open-Source Intelligence
71(2)
Human Intelligence and Social Engineering
73(1)
Frameworks
74(1)
MITRE Adversarial Tactics, Techniques and Common Knowledge
74(1)
ATT&CK for Industrial Control Systems
75(1)
Cyber Kill Chain
76(1)
Diamond Model of Intrusion Analysis
76(1)
Indicators of Compromise
77(1)
Reading the Logs
77(1)
Intrusion Detection and Prevention
78(1)
Notifications and Responses to IoCs
79(1)
Response
80(5)
Summary
85(1)
Exam Essentials
85(1)
Review Questions
86(5)
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk
91(74)
Terminology
97(1)
Vulnerability Management
98(5)
Security Content Automation Protocol
103(2)
Self-Assessment vs. Third-Party Vendor Assessment
105(3)
Patch Management
108(2)
Information Sources
110(2)
Tools
112(12)
Assessments
124(5)
Penetration Testing
129(2)
Assessment Types
131(3)
Vulnerabilities
134(1)
Buffer Overflow
134(1)
Integer Overflow
135(1)
Memory Leaks
136(1)
Race Conditions (TOC/TOU)
136(1)
Resource Exhaustion
137(1)
Data Remnants
138(1)
Use of Third-Party Libraries
138(1)
Code Reuse
138(1)
Cryptographic Vulnerabilities
138(1)
Broken Authentication
139(1)
Security Misconfiguration
140(1)
Inherently Vulnerable System/Application
140(1)
Client-Side Processing vs. Server-Side Processing
141(4)
Attacks
145(8)
Proactive Detection
153(1)
Incident Response
153(1)
Countermeasures
153(1)
Deceptive Technology
154(1)
USB Key Drops
155(1)
Simulation
155(1)
Security Data Analytics
155(1)
Application Control
156(1)
Allow and Block Lists
157(1)
Security Automation
157(1)
Physical Security
158(1)
Summary
159(1)
Exam Essentials
160(1)
Review Questions
161(4)
Chapter 5 Compliance and Vendor Risk
165(46)
Shared Responsibility in Cloud Computing
168(1)
Cloud Service/Infrastructure Models
169(1)
Cloud Computing Providers and Hosting Options
169(2)
Benefits of Cloud Computing
171(3)
Security of On-Demand/Elastic Cloud Computing
174(1)
Geographic Location
175(1)
Infrastructure
175(1)
Compute
175(1)
Storage
175(1)
Networking
176(6)
Managing and Mitigating Risk
182(3)
Security Concerns of Integrating Diverse Industries
185(2)
Regulations, Accreditations, and Standards
187(1)
PCIDSS
187(3)
GDPR
190(2)
ISO
192(1)
CMMI
193(1)
NIST
194(1)
COPPA
195(1)
CSA-STAR
196(1)
HIPAA, SOX, and GLBA
197(1)
Contract and Agreement Types
198(4)
Third-Party Attestation of Compliance
202(1)
Legal Considerations
203(1)
Summary
204(1)
Exam Essentials
205(1)
Review Questions
206(5)
Chapter 6 Cryptography and PKI
211(54)
The History of Cryptography
216(1)
Cryptographic Goals and Requirements
217(1)
Supporting Security Requirements
218(1)
Compliance and Policy Requirements
219(1)
Privacy and Confidentiality Requirements
219(1)
Integrity Requirements
220(1)
Nonrepudiation
220(1)
Risks with Data
221(1)
Data at Rest
221(1)
Data in Transit
222(1)
Data in Process/Data in Use
222(1)
Hashing
223(2)
Message Digest
225(1)
Secure Hash Algorithm
225(1)
Message Authentication Code
226(1)
Hashed Message Authentication Code
226(1)
RACE Integrity Primitives Evaluation Message Digest
226(1)
Poly 1305
226(1)
Symmetric Algorithms
227(3)
Data Encryption Standard
230(1)
Triple DES
231(1)
Rijndael and the Advanced Encryption Standard
231(1)
ChaCha
232(1)
Salsa20
232(1)
International Data Encryption Algorithm
232(1)
Rivest Cipher Algorithms
233(1)
Counter Mode
233(1)
Asymmetric Encryption
233(2)
Diffie-Hellman
235(1)
RSA
236(1)
Elliptic Curve Cryptography
237(1)
ElGamal
238(1)
Hybrid Encryption and Electronic Data Exchange (EDI)
238(1)
Public Key Infrastructure Hierarchy
239(1)
Certificate Authority
240(1)
Registration Authority
241(1)
Digital Certificates
241(2)
Certificate Revocation List
243(1)
Certificate Types
243(1)
Certificate Distribution
244(1)
The Client's Role in PKI
245(2)
Implementation of Cryptographic Solutions
247(1)
Application Layer Encryption
248(1)
Transport Layer Encryption
249(1)
Internet Layer Controls
250(1)
Additional Authentication Protocols
251(1)
Cryptocurrency
252(1)
Digital Signatures
252(2)
Recognizing Cryptographic Attacks
254(2)
Troubleshooting Cryptographic Implementations
256(3)
Summary
259(1)
Exam Essentials
259(2)
Review Questions
261(4)
Chapter 7 Incident Response and Forensics
265(36)
The Incident Response Framework
268(1)
Event Classifications
268(1)
Triage Events
269(1)
Pre-Escalation Tasks
270(1)
The Incident Response Process
270(3)
Response Playbooks and Processes
273(1)
Communication Plan and Stakeholder Management
274(3)
Forensic Concepts
277(1)
Principles, Standards, and Practices
278(1)
The Forensic Process
279(4)
Forensic Analysis Tools
283(1)
File Carving Tools
284(1)
Binary Analysis Tools
284(2)
Analysis Tools
286(2)
Imaging Tools
288(1)
Hashing Utilities
289(1)
Live Collection vs. Postmortem Tools
290(4)
Summary
294(1)
Exam Essentials
294(1)
Review Questions
295(6)
Chapter 8 Security Architecture
301(114)
Security Requirements and Objectives for a Secure Network Architecture
310(1)
Services
310(24)
Segmentation
334(10)
Deperimeterization/Zero Trust
344(8)
Merging Networks from Various Organizations
352(5)
Software-Defined Networking
357(1)
Organizational Requirements for Infrastructure Security Design
358(1)
Scalability
358(1)
Resiliency
359(1)
Automation
359(1)
Containerization
360(1)
Virtualization
361(1)
Content Delivery Network
361(1)
Integrating Applications Securely into an Enterprise Architecture
362(1)
Baseline and Templates
362(5)
Software Assurance
367(3)
Considerations of Integrating Enterprise Applications
370(3)
Integrating Security into the Development Life Cycle
373(11)
Data Security Techniques for Securing Enterprise Architecture
384(1)
Data Loss Prevention
384(3)
Data Loss Detection
387(1)
Data Classification, Labeling, and Tagging
388(2)
Obfuscation
390(1)
Anonymization
390(1)
Encrypted vs. Unencrypted
390(1)
Data Life Cycle
391(1)
Data Inventory and Mapping
391(1)
Data Integrity Management
391(1)
Data Storage, Backup, and Recovery
392(2)
Security Requirements and Objectives for Authentication and Authorization Controls
394(1)
Credential Management
394(2)
Password Policies
396(2)
Federation
398(1)
Access Control
399(2)
Protocols
401(2)
Multifactor Authentication
403(1)
One-Time Passwords
404(1)
Hardware Root of Trust
404(1)
Single Sign-On
405(1)
JavaScript Object Notation Web Token
405(1)
Attestation and Identity Proofing
406(1)
Summary
406(1)
Exam Essentials
407(3)
Review Questions
410(5)
Chapter 9 Secure Cloud and Virtualization
415(52)
Implement Secure Cloud and Virtualization Solutions
418(1)
Virtualization Strategies
419(6)
Deployment Models and Considerations
425(4)
Service Models
429(4)
Cloud Provider Limitations
433(1)
Extending Appropriate On-Premises Controls
433(6)
Storage Models
439(6)
How Cloud Technology Adoption Impacts Organization Security
445(1)
Automation and Orchestration
445(1)
Encryption Configuration
445(1)
Logs
446(1)
Monitoring Configurations
447(1)
Key Ownership and Location
448(1)
Key Life-Cycle Management
448(1)
Backup and Recovery Methods
449(1)
Infrastructure vs. Serverless Computing
450(1)
Software-Defined Networking
450(1)
Misconfigurations
451(1)
Collaboration Tools
451(10)
Bit Splitting
461(1)
Data Dispersion
461(1)
Summary
461(1)
Exam Essentials
462(1)
Review Questions
463(4)
Chapter 10 Mobility and Emerging Technologies
467(62)
Emerging Technologies and Their Impact on Enterprise Security and Privacy
471(1)
Artificial Intelligence
472(1)
Machine Learning
472(1)
Deep Learning
472(1)
Quantum Computing
473(1)
Blockchain
473(1)
Homomorphic Encryption
474(1)
Distributed Consensus
475(1)
Big Data
475(1)
Virtual/Augmented Reality
475(1)
3D Printing
476(1)
Passwordless Authentication
476(1)
Nano Technology
477(1)
Biometric Impersonation
477(1)
Secure Enterprise Mobility Configurations
478(1)
Managed Configurations
479(7)
Deployment Scenarios
486(1)
Mobile Device Security Considerations
487(8)
Security Considerations for Technologies, Protocols, and Sectors
495(1)
Embedded Technologies
495(1)
ICS/Supervisory Control and Data Acquisition
496(2)
Protocols
498(1)
Sectors
499(1)
Summary
500(1)
Exam Essentials
500(1)
Review Questions
501(4)
Appendix Answers to Review Questions
505(1)
Chapter 1 Risk Management
506(1)
Chapter 2 Configure and Implement Endpoint Security Controls
507(2)
Chapter 3 Security Operations Scenarios
509(2)
Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk
511(2)
Chapter 5 Compliance and Vendor Risk
513(1)
Chapter 6 Cryptography and PKI
514(2)
Chapter 7 Incident Response and Forensics
516(3)
Chapter 8 Security Architecture
519(3)
Chapter 9 Secure Cloud and Virtualization
522(2)
Chapter 10 Mobility and Emerging Technologies
524
Index 529
ABOUT THE AUTHORS

NADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit.

JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeffs infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.