CASP+ CompTIA Advanced Security Practitioner Practice Tests - Nadean H. Tanner

Blick ins Buch

CASP+ CompTIA Advanced Security Practitioner Practice Tests (eBook)

Exam CAS-004

Nadean H. Tanner (Autor)

eBook Download: EPUB

2021 | 2. Auflage
400 Seiten
Wiley (Verlag)
978-1-119-81306-4 (ISBN)

Lese- und Medienproben

Ebook-Leseprobe (EPUB)

Prepare for success on the challenging CASP+ CAS-004 exam

In the newly updated Second Edition of CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004, accomplished cybersecurity expert Nadean Tanner delivers an extensive collection of CASP+ preparation materials, including hundreds of domain-by-domain test questions and two additional practice exams.

Prepare for the new CAS-004 exam, as well as a new career in advanced cybersecurity, with Sybex's proven approach to certification success. You'll get ready for the exam, to impress your next interviewer, and excel at your first cybersecurity job.

This book includes:

Comprehensive coverage of all exam CAS-004 objective domains, including security architecture, operations, engineering, cryptography, and governance, risk, and compliance
In-depth preparation for test success with 1000 practice exam questions
Access to the Sybex interactive learning environment and online test bank

Perfect for anyone studying for the CASP+ Exam CAS-004, CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004 is also an ideal resource for anyone with IT security experience who seeks to brush up on their skillset or seek a valuable new CASP+ certification.

ABOUT THE AUTHOR

Nadean H. Tanner, CASP+, CISSP, MCSA, ITILv3, has worked in technology for more than 20 years, learning about every aspect of the field as a marketer, trainer, web developer, and hardware technician. She has served as an IT director and technology instructor at the postgraduate level, and has been a cybersecurity trainer and consultant for Fortune 500 companies as well as for the U.S. Department of Defense.

Prepare for success on the challenging CASP+ CAS-004 exam In the newly updated Second Edition of CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004, accomplished cybersecurity expert Nadean Tanner delivers an extensive collection of CASP+ preparation materials, including hundreds of domain-by-domain test questions and two additional practice exams. Prepare for the new CAS-004 exam, as well as a new career in advanced cybersecurity, with Sybex s proven approach to certification success. You ll get ready for the exam, to impress your next interviewer, and excel at your first cybersecurity job. This book includes: Comprehensive coverage of all exam CAS-004 objective domains, including security architecture, operations, engineering, cryptography, and governance, risk, and compliance In-depth preparation for test success with 1000 practice exam questions Access to the Sybex interactive learning environment and online test bank Perfect for anyone studying for the CASP+ Exam CAS-004, CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004 is also an ideal resource for anyone with IT security experience who seeks to brush up on their skillset or seek a valuable new CASP+ certification.

Nadean H. Tanner, CASP+, CISSP, MCSA, ITILv3, has worked in technology for more than 20 years, learning about every aspect of the field as a marketer, trainer, web developer, and hardware technician. She has served as an IT director and technology instructor at the postgraduate level, and has been a cybersecurity trainer and consultant for Fortune 500 companies as well as for the U.S. Department of Defense.

Introduction xix

Chapter 1 Security Architecture 1

Chapter 2 Security Operations 61

Chapter 3 Security Engineering and Cryptography 123

Chapter 4 Governance, Risk, and Compliance 175

Chapter 5 Practice Test 1 207

Chapter 6 Practice Test 2 227

Appendix Answers to Review Questions 247

Chapter 1: Security Architecture 248

Chapter 2: Security Operations 278

Chapter 3: Security Engineering and Cryptography 308

Chapter 4: Governance, Risk, and Compliance 333

Chapter 5: Practice Test 1 346

Chapter 6: Practice Test 2 353

Index 363

Chapter 2
Security Operations

THE CASP+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

Domain 2: Security Operations
- 2.1 Given a scenario, perform threat management activities.
  - Intelligence types
    - Tactical
    - Commodity malware
    - Strategic
    - Targeted attacks
    - Operational
    - Threat hunting
    - Threat emulation
  - Actor types
    - Advanced persistent threat (APT)/nation-state
    - Insider threat
    - Competitor
    - Hacktivist
    - Script kiddie
    - Organized crime
  - Threat actor properties
    - Resource
    - Time
    - Money
    - Supply chain access
    - Create vulnerabilities
    - Capabilities/sophistication
    - Identifying techniques
  - Intelligence collection methods
    - Intelligence feeds
    - Deep web
    - Proprietary
    - Open-source intelligence (OSINT)
    - Human intelligence (HUMINT)
  - Frameworks
    - MITRE Adversarial Tactics, Techniques, & Common knowledge (ATT&CK)
    - ATT&CK for industrial control system (ICS)
    - Diamond Model of Intrusion Analysis
    - Cyber Kill Chain
- 2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
  - Indicators of compromise
    - Packet capture (PCAP)
    - Logs
    - Network logs
    - Vulnerability logs
    - Operating system logs
    - Access logs
    - NetFlow logs
    - Notifications
    - FIM alerts
    - SIEM alerts
    - DLP alerts
    - IDS/IPS alerts
    - Antivirus alerts
    - Notification severity/priorities
    - Unusual process activity
  - Response
    - Firewall rules
    - IPS/IDS rules
    - ACL rules
    - Signature rules
    - Behavior rules
    - DLP rules
    - Scripts/regular expressions
- 2.3 Given a scenario, perform vulnerability management activities.
  - Vulnerability scans
    - Credentialed vs. non-credentialed
    - Agent-based/server-based
    - Criticality ranking
    - Active vs. passive
  - Security Content Automation Protocol (SCAP)
    - Extensible Configuration Checklist Description Format (XCCDF)
    - Open Vulnerability and Assessment Language (OVAL)
    - Common Platform Enumeration (CPE)
    - Common Vulnerabilities and Exposures (CVE)
    - Common Vulnerability Scoring System (CVSS)
    - Common Configuration Enumeration (CCE)
    - Asset Reporting Format (ARF)
  - Self-assessment vs. third party vendor assessment
  - Patch management
  - Information sources
    - Advisories
    - Bulletins
    - Vendor websites
    - Information Sharing and Analysis Centers (ISACs)
    - News reports
- 2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
  - Methods
    - Static analysis
    - Dynamic analysis
    - Side-channel analysis
    - Reverse engineering
    - Software
    - Hardware
    - Wireless vulnerability scan
    - Software composition analysis
    - Fuzz testing
    - Pivoting
    - Post-exploitation
    - Persistence
  - Tools
    - SCAP scanner
    - Network traffic analyzer
    - Vulnerability scanner
    - Protocol analyzer
    - Port scanner
    - HTTP interceptor
    - Exploit framework
    - Password cracker
  - Dependency management
  - Requirements
    - Scope of work
    - Rules of engagement
    - Invasive vs. non-invasive
    - Asset inventory
    - Permissions and access
    - Corporate policy considerations
    - Facility considerations
    - Physical security considerations
    - Rescan for corrections/changes
- 2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations.
  - Vulnerabilities
    - Race conditions
    - Overflows
    - Buffer
    - Integer
    - Broken authentication
    - Unsecure references
    - Poor exception handling
    - Security misconfiguration
    - Improper headers
    - Information disclosure
    - Certificate errors
    - Weak cryptography implementations
    - Weak ciphers
    - Weak cipher suite implementations
    - Software composition analysis
    - Use of vulnerable frameworks and software modules
    - Use of unsafe functions
    - Third-party libraries
    - Dependencies
    - Code injections/malicious changes
    - End of support/end of life
    - Regression issues
  - Inherently vulnerable system/application
    - Client-side processing vs. server-side processing
    - JSON/representational state transfer (REST)
    - Browser extensions
    - Flash
    - ActiveX
    - Hypertext Markup Language 5 (HTML5)
    - Asynchronous JavaScript and XML (AJAX)
    - Simple Object Access Protocol (SOAP)
    - Machine code vs. bytecode or interpreted vs. emulated
  - Attacks
    - Directory traversal
    - Cross-site scripting (XSS)
    - Cross-site request forgery (CSRF)
    - Injection
    - XML
    - LDAP
    - Structured Query Language (SQL)
    - Command
    - Process
    - Sandbox escape
    - Virtual machine (VM) hopping
    - VM escape
    - Border Gateway Protocol (BGP)/route hijacking
    - Interception attacks
    - Denial-of-service (DoS)/DDoS
    - Authentication bypass
    - Social engineering
    - VLAN hopping
- 2.6 Given a scenario, use processes to reduce risk.
  - Proactive and detection
    - Hunts
    - Developing countermeasures
    - Deceptive technologies
    - Honeynet
    - Honeypot
    - Decoy files
    - Simulators
    - Dynamic network configurations
  - Security data analytics
    - Processing pipelines
    - Data
    - Stream
    - Indexing and search
    - Log collection and curation
    - Database activity monitoring
  - Preventive
    - Antivirus
    - Immutable systems
    - Hardening
    - Sandbox detonation
  - Application control
    - License technologies
    - Allow list vs. block list
    - Time of check vs. time of use
    - Atomic execution
  - Security automation
    - Cron/scheduled tasks
    - Bash
    - PowerShell
    - Python
  - Physical security
    - Review of lighting
    - Review of visitor logs
    - Camera reviews
    - Open spaces vs. confined spaces
- 2.7 Given an incident, implement the appropriate response.
  - Event classifications
    - False positive
    - False negative
    - True positive
    - True negative
  - Triage event
  - Preescalation tasks
  - Incident response process
    - Preparation
    - Detection
    - Analysis
    - Containment
    - Recovery
    - Lessons learned
  - Specific response playbooks/processes
    - Scenarios
    - Ransomware
    - Data exfiltration
    - Social engineering
    - Non-automated response methods
    - Automated response methods
    - Runbooks
    - SOAR
  - Communication plan
  - Stakeholder management
- 2.8 Explain the importance of forensic concepts.
  - Legal vs. internal corporate purposes
  - Forensic process
    - Identification
    - Evidence collection
    - Chain of custody
    - Order of volatility
    - Memory snapshots
    - Images
    - Cloning
    - Evidence preservation
    - Secure storage
    - Backups
    - Analysis
    - Forensics tools
    - Verification
    - Presentation
  - Integrity preservation
    - Hashing
  - Cryptanalysis
  - Steganalysis
- 2.9 Given a scenario, use forensic analysis tools.
  - File carving tools
    - Foremost
    - Strings
  - Binary analysis tools
    - Hex dump
    - Binwalk
    - Ghidra
    - GNU Project debugger (GDB)
    - OllyDbg
    - readelf
    - objdump
    - strace
    - ldd
    - file
  - Analysis tools
    - ExifTool
    - Nmap
    - Aircrack-ng
    - Volatility
    - The Sleuth Kit
    - Dynamically vs. statically linked
  - Imaging tools
    - Forensic Toolkit (FTK) Imager
    - dd
  - Hashing utilities
    - sha256sum
    - ssdeep
  - Live collection vs. post-mortem tools
    - netstat
    - ps
    - vmstat
    - ldd
    - lsof
    - netcat
    - tcpdump
    - conntrack
    - Wireshark

As a senior security architect, you know that one of the most important principles of enterprise security is the rapid detection of a data breach. Many organizations that experience a breach will not learn about it for weeks or even months because they have invested heavily in the perimeter of the organization and are not actively threat hunting. Which of these will not help detect an actual breach before it causes widespread harm to your organization?
1. Modern breach detection tools
2. Periodic...

Erscheint lt. Verlag	4.8.2021
Sprache	englisch
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
	Informatik ► Theorie / Studium ► Kryptologie
	Sozialwissenschaften ► Pädagogik
Schlagworte	Certification (MSCE, Novell, etc.) • Computer Science • Computer Security & Cryptography • Computersicherheit u. Kryptographie • Informatik • Networking / Security • Netzwerke / Sicherheit • Prüfungsvorbereitung • Test Prep • Zertifizierung • Zertifizierung f. MSCE u. Novell
ISBN-10	1-119-81306-9 / 1119813069
ISBN-13	978-1-119-81306-4 / 9781119813064

Haben Sie eine Frage zum Produkt?

EPUB (Adobe DRM)
Größe: 948 KB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.