Atnaujinkite slapukų nuostatas

El. knyga: CASPplus CompTIA Advanced Security Practitioner Study Guide - Exam CAS-003, Third Edition: Exam CAS-003 3rd Edition [Wiley Online]

,
  • Formatas: 688 pages
  • Išleidimo metai: 26-Mar-2019
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 111957594X
  • ISBN-13: 9781119575948
Kitos knygos pagal šią temą:
  • Wiley Online
  • Kaina: 63,44 €*
  • * this price gives unlimited concurrent access for unlimited time
CASPplus CompTIA Advanced Security Practitioner Study Guide - Exam CAS-003, Third Edition: Exam CAS-003 3rd EditionDidesnis paveikslėlis
  • Formatas: 688 pages
  • Išleidimo metai: 26-Mar-2019
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 111957594X
  • ISBN-13: 9781119575948
Kitos knygos pagal šią temą:
Wiley Online E-booksMore info about Wiley Online
Partnerių interneto svetainė: https://onlinelibrary.wiley.com/doi/book/10.1002/9781119575948

Comprehensive coverage of the new CASP exam, with hands-on practice and interactive study tools

The CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, offers invaluable preparation for exam CAS-003. Covering 100 percent of the exam objectives, this book provides expert walk-through of essential security concepts and processes to help you tackle this challenging exam with full confidence. Practical examples and real-world insights illustrate critical topics and show what essential practices look like on the ground, while detailed explanations of technical and business concepts give you the background you need to apply identify and implement appropriate security solutions. End-of-chapter reviews help solidify your understanding of each objective, and cutting-edge exam prep software features electronic flashcards, hands-on lab exercises, and hundreds of practice questions to help you test your knowledge in advance of the exam.

The next few years will bring a 45-fold increase in digital data, and at least one third of that data will pass through the cloud. The level of risk to data everywhere is growing in parallel, and organizations are in need of qualified data security professionals; the CASP certification validates this in-demand skill set, and this book is your ideal resource for passing the exam.

  • Master cryptography, controls, vulnerability analysis, and network security
  • Identify risks and execute mitigation planning, strategies, and controls
  • Analyze security trends and their impact on your organization
  • Integrate business and technical components to achieve a secure enterprise architecture

CASP meets the ISO 17024 standard, and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is also compliant with government regulations under the Federal Information Security Management Act (FISMA). As such, this career-building credential makes you in demand in the marketplace and shows that you are qualified to address enterprise-level security concerns. The CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, is the preparation resource you need to take the next big step for your career and pass with flying colors.

Introduction xxvii
Assessment Test xi
Chapter 1 Cryptographic Tools and Techniques
1(46)
The History of Cryptography
3(1)
Cryptographic Services
4(6)
Cryptographic Goals
4(2)
Cryptographic Terms
6(3)
Cipher Types and Methods
9(1)
Symmetric Encryption
10(6)
Data Encryption Standard
12(2)
Triple DES
14(1)
Rijndael
14(1)
Advanced Encryption Standard
14(1)
International Data Encryption Algorithm
15(1)
Rivest Cipher Algorithms
15(1)
Asymmetric Encryption
16(3)
Diffie-Hellman
17(1)
RSA
18(1)
Elliptic Curve Cryptography
18(1)
ElGamal
18(1)
Hybrid Encryption
19(1)
Hashing
20(3)
Hashing and Message Digests
20(3)
Digital Signatures
23(2)
Public Key Infrastructure
25(7)
Certificate Authority
26(1)
Registration Authority
26(1)
Certificate Revocation List
27(1)
Digital Certificates
27(2)
Certificate Distribution
29(2)
The Client's Role in PKI
31(1)
Implementation of Cryptographic Solutions
32(7)
Application Layer Encryption
33(1)
Transport Layer Encryption
34(1)
Internet Layer Controls
35(1)
Physical Layer Controls
36(1)
Cryptocurrency
37(1)
Blockchain
37(1)
Steganography
38(1)
Cryptographic Attacks
39(1)
Summary
40(1)
Exam Essentials
41(2)
Review Questions
43(4)
Chapter 2 Comprehensive Security Solutions
47(50)
Advanced Network Design
50(11)
Network Authentication Methods
50(1)
Placement of Fixed/Mobile Devices
50(1)
Placement of Hardware and Application
51(1)
802.1x
51(1)
Mesh Networks
51(1)
Remote Access
52(2)
Virtual Networking and Placement of Security Components
54(4)
SCADA
58(1)
VoIP
59(2)
TCP/IP
61(14)
Network Interface Layer
62(2)
Internet Layer
64(6)
Transport Layer
70(2)
Application Layer
72(3)
Secure Communication Solutions
75(8)
Network Data Flow
75(1)
SSL Inspection
76(1)
Domain Name Service
76(1)
Securing Zone Transfers
77(1)
Start of Authority
78(1)
Secure DNS
79(1)
Transaction Signature
80(1)
Fast Flux DNS
80(1)
Lightweight Directory Access Protocol
81(1)
Secure Directory Services
81(1)
Active Directory
82(1)
Security Information and Event Management
82(1)
Database Activity Monitoring
82(1)
Federated ID
82(1)
Single Sign-On
83(1)
Kerberos
83(1)
Secure Facility Solutions
83(2)
Building Layouts
84(1)
Facilities Manager
85(1)
Secure Network Infrastructure Design
85(5)
Router Configuration
87(2)
Enterprise Service Bus
89(1)
Web Services Security
89(1)
Summary
90(1)
Exam Essentials
90(3)
Review Questions
93(4)
Chapter 3 Securing Virtualized, Distributed, and Shared Computing
97(46)
Enterprise Security
100(4)
Software-Defined Networking
102(2)
Cloud Computing
104(15)
Cloud Service Models
104(1)
Cloud Computing Providers and Hosting Options
105(1)
Benefits of Cloud Computing
106(3)
Security of On-Demand/Elastic Cloud Computing
109(4)
Data Sovereignty
113(1)
Cloud Computing Vulnerabilities
114(2)
Cloud Storage
116(1)
Cloud-Augmented Security Services
117(2)
Virtualization
119(7)
Virtual Desktop Infrastructure
119(1)
Virtualized Servers
120(6)
Virtual LANs
126(1)
Virtual Networking and Security Components
127(2)
Enterprise Storage
129(7)
Summary
136(1)
Exam Essentials
136(2)
Review Questions
138(5)
Chapter 4 Host Security
143(52)
Firewalls and Network Access Control
147(5)
Host-Based Firewalls
152(3)
Persistent Agent
155(1)
Non-Persistent Agent
155(1)
Agent-Based Technology
156(1)
Agentless-Based Technology
156(1)
Trusted Operating Systems
156(4)
Endpoint Security Solutions
160(4)
Common Threats to Endpoint Security
162(2)
Anti-Malware
164(7)
Antivirus
165(2)
Hunt Teaming
167(1)
Anti-Spyware
168(1)
Spam Filters
169(2)
Host Hardening
171(5)
Asset Management
176(1)
Data Exfiltration
177(3)
External I/O Restrictions on Hardware
179(1)
Intrusion Detection and Prevention
180(5)
Network Management, Monitoring, and Security Tools
185(3)
Security Devices
186(1)
Operational and Consumer Network-Enabled Devices
186(2)
Summary
188(1)
Exam Essentials
188(2)
Review Questions
190(5)
Chapter 5 Application Security and Penetration Testing
195(70)
Application Security Design Considerations
201(3)
Specific Application Issues
204(6)
Cross-Site Scripting (XSS)
205(1)
Cross-Site Request Forgery
205(1)
Improper Error Handling
206(1)
Geotagging
206(1)
Clickjacking
207(1)
Session Management
207(1)
Input Validation
208(1)
SQL Injection
209(1)
Application Sandboxing
210(1)
Application Security Frameworks
211(1)
Software Assurance
212(2)
Standard Libraries
212(1)
NX/XN Bit Use
213(1)
ASLR Use
213(1)
Code Quality
214(1)
Code Analyzers
214(1)
Development Approaches
214(2)
DevOps
215(1)
Waterfall Approach
215(1)
Incremental Approach
215(1)
Spiral Approach
215(1)
Continuous Integration
216(1)
Versioning
216(1)
Secure Coding Standards
216(1)
Documentation
217(2)
Requirements Definition
218(1)
Security Requirements Traceability Matrix (SRTM)
218(1)
System Design Document
218(1)
Test Plans
218(1)
Validation and Acceptance Testing
219(1)
Regression
219(1)
User Acceptance Testing
219(1)
Unit Testing
219(1)
Integration Testing
219(1)
Peer Review
220(1)
Application Exploits
220(1)
Privilege Escalation
221(1)
Improper Storage of Sensitive Data
222(1)
Secure Cookie Storage and Transmission
222(2)
Context-Aware Management
224(1)
Geolocation/Geofencing
224(1)
User Behavior
224(1)
Time-based Restrictions
225(1)
Security Restrictions
225(1)
Malware Sandboxing
225(1)
Pivoting
226(1)
Open-Source Intelligence
226(1)
Social Media
227(1)
WHOIS
227(1)
Routing Tables
227(1)
DNS Records
227(1)
Memory Dumping
227(1)
Client-Side Processing vs. Server-Side Processing
228(8)
JSON/REST
229(1)
Browser Extensions
229(1)
Ajax
229(1)
JavaScript/Applets
229(1)
Flash
230(1)
HTML5
231(1)
SOAP
231(1)
Web Services Security
231(1)
Buffer Overflow
232(1)
Memory Leaks
233(1)
Integer Overflow
233(1)
Race Conditions (TOC/TOU)
234(1)
Resource Exhaustion
235(1)
Data Remnants
235(1)
Use of Third-Party Libraries
236(1)
Code Reuse
236(1)
Security Assessments and Penetration Testing
236(4)
Test Methods
236(1)
Penetration Testing Steps
237(1)
Assessment Types
238(2)
Red, Blue, and White Teaming
240(1)
Red Team: The Bad Guys
240(1)
Blue Team: The Good Guys
241(1)
White Team: The Judge and Jury
241(1)
Vulnerability Assessment Areas
241(2)
Security Assessment and Penetration Test Tools
243(15)
Footprinting Tools
244(2)
Port Scanning Tools
246(2)
Fingerprinting Tools
248(1)
Vulnerability Scanners
249(1)
Protocol Analyzer Tools
250(2)
Passive Vulnerability Scanners
252(1)
SCAP Scanners
253(1)
Network Enumeration Tools
253(1)
Visualization Tools
254(1)
File Integrity Monitoring Tools
254(1)
Log Analysis Tools
254(1)
Password-Cracking Tools
254(2)
Fuzzing and False Injection Tools
256(1)
Wireless Tools
256(1)
HTTP Interceptors
257(1)
Local Exploitation Tools/Frameworks
257(1)
Antivirus
257(1)
Reverse Engineering Tools
257(1)
Physical Security Tools
258(1)
Summary
258(1)
Exam Essentials
259(1)
Review Questions
260(5)
Chapter 6 Risk Management
265(48)
Risk Terminology
268(2)
Identifying Vulnerabilities
270(2)
Operational Risks
272(19)
Risk in Business Models
273(7)
Risk in External and Internal Influences
280(4)
Adherence to Risk Management Frameworks
284(1)
Enterprise Resilience
284(1)
Risks with Data
285(6)
The Risk Assessment Process
291(13)
Asset Identification
291(2)
Information Classification
293(1)
Risk Assessment
294(5)
Risk Analysis Options
299(2)
Implementing Controls
301(1)
Continuous Monitoring
302(1)
Business Continuity Planning
303(1)
Enterprise Security Architecture Frameworks and Governance
304(1)
Best Practices for Risk Assessments
304(2)
Summary
306(1)
Exam Essentials
306(1)
Resources
307(2)
Review Questions
309(4)
Chapter 7 Policies, Procedures, and Incident Response
313(44)
A High-Level View of Documentation
316(7)
The Policy Development Process
317(1)
Policies and Procedures
318(5)
Business Documents Used to Support Security
323(3)
Documents and Controls Used for Sensitive Information
326(9)
Why Security?
326(1)
Personally Identifiable Information Controls
327(2)
Data Breaches
329(2)
Policies Used to Manage Employees
331(4)
Training and Awareness for Users
335(1)
Auditing Requirements and Frequency
336(1)
The Incident Response Framework
337(3)
Incident and Emergency Response
340(10)
Facilitate Incident Detection and Response
342(1)
Vulnerabilities Yet to Discover
342(1)
Incident Response Support Tools
342(4)
Severity of Incidents and Breaches
346(1)
Digital Forensics Tasks
346(4)
Summary
350(1)
Exam Essentials
351(2)
Review Questions
353(4)
Chapter 8 Security Research and Analysis
357(56)
Applying Research Methods to Determine Industry Trends and Impact on the Enterprise
361(36)
Performing Ongoing Research
361(5)
Best Practices
366(3)
New Technologies
369(9)
Situational Awareness
378(1)
Client-Side Attacks
379(3)
Knowledge of Current Vulnerabilities and Threats
382(5)
Research Security Implications of Emerging Business Tools
387(4)
Global IA Industry Community
391(5)
Research Security Requirements for Contracts
396(1)
Analyze Scenarios to Secure the Enterprise
397(9)
Benchmarking and Baselining
398(1)
Prototyping and Testing Multiple Solutions
398(1)
Cost-Benefit Analysis
398(1)
Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
399(1)
Reviewing the Effectiveness of Existing Security Controls
400(2)
Conducting Lessons Learned and After-Action Reviews
402(1)
Reverse Engineering or Deconstructing Existing Solutions
403(1)
Creation, Collection, and Analysis of Metrics
403(1)
Analyzing Security Solutions to Ensure They Meet Business Needs
404(1)
Using Judgment to Solve Difficult Problems
405(1)
Summary
406(1)
Exam Essentials
406(2)
Review Questions
408(5)
Chapter 9 Enterprise Security Integration
413(46)
Integrate Enterprise Disciplines to Achieve Secure Solutions
417(16)
Governance, Risk, and Compliance
419(2)
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
421(4)
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls
425(2)
Establish Effective Collaboration within Teams to Implement Secure Solutions
427(3)
Disciplines
430(3)
Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture
433(15)
Adapt Data Flow Security to Meet Changing Business Needs
436(2)
Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
438(1)
Secure Infrastructure Design
438(1)
Standards
439(1)
Design Considerations during Mergers, Acquisitions, and Demergers/Divestitures
439(1)
Technical Deployment Models (Outsourcing, Insourcing, Managed Services, Partnership)
440(2)
Implementing Cryptographic Techniques
442(1)
Security and Privacy Considerations of Storage Integration
442(1)
In-House Developed vs. Commercial vs. Commercial Customized
443(2)
Interoperability Issues
445(2)
Security Implications of Integrating Enterprise Applications
447(1)
Integrate Mobility Management
448(4)
Containerization
448(1)
Mobile Management Techniques
449(1)
Signature and Application Concerns
450(1)
Whose Device Is It Anyway?
451(1)
Summary
452(1)
Exam Essentials
453(1)
Review Questions
454(5)
Chapter 10 Security Controls for Communication and Collaboration
459(60)
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions
464(24)
Security of Unified Collaboration
464(9)
VoIP
473(2)
VoIP Implementation
475(1)
Trust Models and Remote Access
476(2)
Mobile Device Management
478(1)
Tethering
478(1)
Secure External Communications
479(2)
Secure Implementation of Collaboration Sites and Platforms
481(2)
Prioritizing Traffic with QoS
483(1)
Mobile Devices
484(4)
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives
488(9)
Authentication
489(1)
Federation and SAML
490(1)
Identity Proofing
491(1)
Identity Propagation
491(1)
Authorization
492(1)
SOAP
493(1)
Single Sign-On
494(1)
Attestation
495(1)
Certificate-Based Authentication
495(2)
Implement Security Activities across the Technology Life Cycle
497(14)
Systems Development Life Cycle
497(7)
Adapt Solutions to Address Emerging Threats and Security Trends
504(3)
Validating System Designs
507(1)
Integrate Security Controls for Mobile and Small Form Factor Devices
508(3)
Physical Security Tools for Security Assessment
511(1)
Summary
512(1)
Exam Essentials
512(2)
Review Questions
514(5)
Appendix A Answers to Review Questions
519(14)
Chapter 1 Cryptographic Tools and Techniques
520(1)
Chapter 2 Comprehensive Security Solutions
521(1)
Chapter 3 Securing Virtualized, Distributed and Shared Computing
522(1)
Chapter 4 Host Security
523(1)
Chapter 5 Application Security and Penetration Testing
524(2)
Chapter 6 Risk Management
526(1)
Chapter 7 Policies, Procedures, and Incident Response
527(1)
Chapter 8 Security Research and Analysis
528(1)
Chapter 9 Enterprise Security Integration
529(2)
Chapter 10 Security Controls for Communication and Collaboration
531(2)
Appendix B CASP+ Lab Manual
533(58)
What You'll Need
534(3)
Lab A1 Verifying a Baseline Security Configuration
537(3)
Lab A2 Introduction to a Protocol Analyzer
540(3)
Lab A3 Performing a Wireless Site Survey
543(1)
Lab A4 Using Windows Remote Access
544(1)
Connecting to the Remote Desktop PC
545(2)
Lab A5 Configuring a VPN Client
547(2)
Lab A6 Using the Windows Command-Line Interface (CLI)
549(1)
Lab A7 Cisco IOS Command-Line Basics
550(2)
Lab A8 Shopping for Wi-Fi Antennas
552(2)
Lab A9 Cloud Provisioning
554(1)
Lab A10 Introduction to Windows Command-Line Forensic Tools
555(6)
Lab A11 Introduction to Hashing Using a GUI
561(2)
Lab A12 Hashing from the Command Line
563(1)
Verifying File Integrity from a Command Line
563(1)
Verifying File Integrity on a Downloaded File
564(1)
Lab A13 Cracking Encrypted Passwords
565(3)
Lab A14 Threat Modeling
568(1)
Lab A15 Social Engineering
569(3)
Lab A16 Downloading, Verifying, and Installing a Virtual Environment
572(2)
Lab A17 Exploring Your Virtual Network
574(5)
Lab A18 Port Scanning
579(4)
Lab A19 Introduction to the Metasploit Framework
583(2)
Lab A20 Sniffing NET in VM Traffic with Wireshark
585(4)
Suggestions for Further Exploration of Security Topics
589(2)
Index 591
JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff's infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.

MICHAEL GREGG, CISSP, CISA, A+, Network+, is the COO of Superior Solutions, a Houston- based IT security consulting firm. His organization performs security assessments and penetration testing for Fortune 1000 firms. He has more than 20 years'
Pastovi nuoroda: https://www.kriso.lt/db/9781119575948_pe.html