Atnaujinkite slapukų nuostatas

El. knyga: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

  • Formatas: 864 pages
  • Serija: Certification Guide
  • Išleidimo metai: 07-Jul-2022
  • Leidėjas: Pearson IT Certification
  • Kalba: eng
  • ISBN-13: 9780137348909
Kitos knygos pagal šią temą:
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert GuideDidesnis paveikslėlis
  • Formatas: 864 pages
  • Serija: Certification Guide
  • Išleidimo metai: 07-Jul-2022
  • Leidėjas: Pearson IT Certification
  • Kalba: eng
  • ISBN-13: 9780137348909
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Learn, prepare, and practice for CompTIA Advanced Security Practitioner (CASP) CAS-004 exam success with this CompTIA Approved Cert Guide from Pearson IT Certification, a leader in IT Certification learning and a CompTIA Authorized Platinum Partner.

  • Master CompTIA Advanced Security Practitioner (CASP) CAS-004 exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with unique sets of exam-realistic practice questions

CompTIA Advanced Security Practitioner (CASP) CAS-004 Cert Guide is a leading exam study guide. Leading security certification training experts Robin Abernathy and Troy McMillan share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. This online assessment engine enables you to access the practice tests via the Internet on any desktop, laptop, tablet, or smartphone device with internet connectivity. The web-based version also allows you to download the software to your desktop, so you can use the practice test even when you don't have an internet connection. The desktop version syncs with your online version when an internet connection is established, to update and track your progress. This integrated learning package offers these additional benefits:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Presents unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time, including:

  • Enterprise security
  • Risk management and incident response
  • Research, analysis, and assessment
  • Integration of computing, communications, and business disciplines
  • Technical integration of enterprise components

Companion Website

The website contains two free, complete practice exams.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Introduction 1(2)
Part I Security Architecture
Chapter 1 Ensuring a Secure Network Architecture
3(70)
Services
3(1)
Load Balancer
3(1)
Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS)
3(3)
Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS)
6(1)
Web Application Firewall (WAF)
6(2)
Network Access Control (NAC)
8(1)
Quarantine/Remediation
9(1)
Persistent/Volatile or Non-persistent Agent
9(1)
Agent vs. Agentless
9(1)
Virtual Private Network (VPN)
10(1)
Domain Name System Security Extensions (DNSSEC)
11(1)
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW)
11(1)
Types of Firewalls
12(2)
Next-Generation Firewalls (NGFWs)
14(1)
Firewall Placement
15(4)
Deep Packet Inspection
19(1)
Network Address Translation (NAT) Gateway
19(1)
Stateful NAT
20(1)
Static vs. Dynamic NAT
21(1)
Internet Gateway
21(1)
Forward/Transparent Proxy
21(1)
Reverse Proxy
22(1)
Distributed Denial-of-Service (DDoS) Protection
22(1)
Routers
22(1)
Routing Tables
23(2)
Additional Route Protection
25(1)
Mail Security
26(1)
IMAP
26(1)
POP
27(1)
SMTP
27(1)
Email Spoofing
27(1)
Spear Phishing
28(1)
Whaling
28(1)
Spam
28(1)
Captured Messages
29(1)
Disclosure of Information
30(1)
Malware
30(1)
Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway
30(1)
Traffic Mirroring
30(1)
Switched Port Analyzer (SPAN) Ports
31(1)
Port Mirroring
31(1)
Virtual Private Cloud (VPC)
32(1)
Network Tap
32(1)
Sensors
32(1)
Security Information and Event Management (SIEM)
33(2)
File Integrity Monitoring (FIM)
35(1)
Simple Network Management Protocol (SNMP) Traps
36(1)
NetFlow
36(1)
Data Loss Prevention (DLP)
37(2)
Antivirus
39(1)
Segmentation
39(1)
Microsegmentation
40(1)
Local Area Network (LAN)/Virtual Local Area Network (VLAN)
40(3)
Jump Box
43(1)
Screened Subnet
44(1)
Data Zones
44(1)
Staging Environments
45(1)
Guest Environments
45(1)
VPC/Virtual Network (VNET)
45(1)
Availability Zone
46(1)
NAC Lists
47(1)
Policies/Security Groups
47(2)
Regions
49(1)
Access Control Lists (ACLs)
49(1)
Peer-to-Peer
49(1)
Air Gap
49(1)
De-perimeterizarion/Zero Trust
49(1)
Cloud
50(1)
Remote Work
50(1)
Mobile
50(2)
Outsourcing and Contracting
52(1)
Wireless/Radio Frequency (RF) Networks
53(1)
WLAN-802.11
53(1)
WLAN Standards
54(2)
WLAN Security
56(2)
Merging of Networks from Various Organizations
58(1)
Peering
59(1)
Cloud to on Premises
59(1)
Data Sensitivity Levels
59(1)
Mergers and Acquisitions
60(1)
Cross-domain
61(1)
Federation
61(1)
Directory Services
61(1)
Software-Defined Networking (SDN)
62(1)
Open SDN
63(1)
Hybrid SDN
64(1)
SDN Overlay
64(2)
Exam Preparation Tasks
66(1)
Review All Key Topics
66(2)
Define Key Terms
68(1)
Complete Tables and Lists from Memory
69(1)
Review Questions
69(4)
Chapter 2 Determining the Proper Infrastructure Security Design
73(12)
Scalability
73(1)
Vertically
73(1)
Horizontally
74(1)
Resiliency
74(1)
High Availability/Redundancy
74(1)
Diversity/Heterogeneity
75(1)
Course of Action Orchestration
75(1)
Distributed Allocation
76(1)
Replication
76(1)
Clustering
76(1)
Automation
76(1)
Autoscaling
76(1)
Security Orchestration, Automation, and Response (SOAR)
77(1)
Bootstrapping
77(1)
Performance
77(1)
Containerization
78(1)
Virtualization
79(1)
Content Delivery Network
79(1)
Caching
80(1)
Exam Preparation Tasks
81(1)
Review All Key Topics
81(1)
Define Key Terms
81(1)
Complete Tables and Lists from Memory
81(1)
Review Questions
82(3)
Chapter 3 Securely Integrating Software Applications
85(40)
Baseline and Templates
85(1)
Baselines
85(1)
Create Benchmarks and Compare to Baselines
85(1)
Templates
86(1)
Secure Design Patterns/Types of Web Technologies
87(1)
Storage Design Patterns
87(1)
Container APIs
88(1)
Secure Coding Standards
89(1)
CVE
90(1)
DISASTIG
90(1)
PA-DSS
90(1)
Application Vetting Processes
90(1)
API Management
91(1)
Middleware
91(1)
Software Assurance
92(1)
Sandboxing/Development Environment
92(1)
Validating Third-Party Libraries
93(1)
Defined DevOps Pipeline
93(1)
Code Signing
94(1)
Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST)
95(1)
Interactive Application Security Testing (IAST)
95(1)
Static Application Security Testing (SAST)
95(1)
Dynamic Application Security Testing (DAST)
95(1)
Code Analyzers
95(1)
Fuzzer
95(3)
Static
98(1)
Dynamic
98(1)
Misuse Case Testing
99(1)
Test Coverage Analysis
99(1)
Interface Testing
100(1)
Considerations of Integrating Enterprise Applications
100(1)
Customer Relationship Management (CRM)
100(1)
Enterprise Resource Planning (ERP)
100(1)
Configuration Management Database (CMDB)
101(1)
Content Management System (CMS)
101(1)
Integration Enablers
101(1)
Directory Services
101(1)
Domain Name System (DNS)
101(1)
Service-Oriented Architecture (SOA)
102(1)
Enterprise Service Bus (ESB)
103(1)
Integrating Security into Development Life Cycle
103(1)
Formal Methods
103(1)
Requirements
103(1)
Fielding
104(1)
Insertions and Upgrades
104(1)
Disposal and Reuse
104(1)
Testing
105(2)
Validation and Acceptance Testing
107(1)
Regression
107(1)
Unit Testing
107(2)
Development Approaches
109(1)
SecDevOps
109(1)
Agile
109(2)
Spiral
111(1)
Security Implications of Agile Software Development
112(1)
Security Implications of the Waterfall Model
113(1)
Security Implications of the Spiral Model
114(1)
Versioning
114(2)
Continuous Integration/Continuous Delivery (CI/CD) Pipelines
116(1)
Best Practices
117(1)
Open Web Application Security Project (OWASP)
117(1)
Proper Hypertext Transfer Protocol (HTTP) Headers
117(2)
Exam Preparation Tasks
119(1)
Review All Key Topics
119(1)
Define Key Terms
120(1)
Complete Tables and Lists from Memory
121(1)
Review Questions
121(4)
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security
Techniques
125(1)
Data Loss Prevention
125(1)
Blocking Use of External Media
125(1)
Print Blocking
126(1)
Remote Desktop Protocol (RDP) Blocking
126(1)
Clipboard Privacy Controls
127(1)
Restricted Virtual Desktop Infrastructure (VDI) Implementation
128(1)
Data Classification Blocking
128(1)
Data Loss Detection
129(1)
Watermarking
129(1)
Digital Rights Management (DRM)
129(1)
Network Traffic Decryption/Deep Packet Inspection
130(1)
Network Traffic Analysis
130(1)
Data Classification, Labeling, and Tagging
130(1)
Metadata/Attributes
130(1)
XACML
130(1)
LDAP
131(1)
Obfuscation
131(1)
Tokenization
131(1)
Scrubbing
131(1)
Masking
132(1)
Anonymization
132(1)
Encrypted vs. Unencrypted
132(1)
Data Life Cycle
132(1)
Create
132(1)
Use
133(1)
Share
133(1)
Store
133(1)
Archive or Destroy
133(1)
Data Inventory and Mapping
133(1)
Data Integrity Management
134(1)
Data Storage, Backup, and Recovery
134(4)
Redundant Array of Inexpensive Disks (RAID)
138(5)
Exam Preparation Tasks
143(1)
Review All Key Topics
143(1)
Define Key Terms
144(1)
Complete Tables and Lists from Memory
144(1)
Review Questions
144(5)
Chapter 5 Providing the Appropriate Authentication and Authorization Controls
149(36)
Credential Management
149(1)
Password Repository Application
149(1)
End - User Password Storage
149(1)
On Premises vs. Cloud Repository
150(1)
Hardware Key Manager
150(1)
Privileged Access Management
151(1)
Privilege Escalation
151(1)
Password Policies
151(2)
Complexity
153(1)
Length
153(1)
Character Classes
153(1)
History
154(1)
Maximum/Minimum Age
154(1)
Auditing
155(1)
Reversable Encryption
156(1)
Federation
156(1)
Transitive Trust
156(1)
OpenID
156(1)
Security Assertion Markup Language (SAML)
157(1)
Shibboleth
158(1)
Access Control
159(1)
Mandatory Access Control (MAC)
160(1)
Discretionary Access Control (DAC)
160(1)
Role-Based Access Control
161(1)
Rule-Based Access Control
161(1)
Attribute-Based Access Control
161(1)
Protocols
162(1)
Remote Authentication Dial-in User Service (RADIUS)
162(1)
Terminal Access Controller Access Control System (TACACS)
163(1)
Diameter
164(1)
Lightweight Directory Access Protocol (LDAP)
164(1)
Kerberos
165(1)
OAuth
166(1)
802.IX
166(1)
Extensible Authentication Protocol (EAP)
167(1)
Multifactor Authentication (MFA)
168(1)
Knowledge Factors
169(1)
Ownership Factors
169(1)
Characteristic Factors
170(1)
Physiological Characteristics
170(1)
Behavioral Characteristics
171(1)
Biometric Considerations
172(1)
2-Step Verification
173(1)
In-Band
174(1)
Out-of-Band
174(1)
One-Time Password (OTP)
175(1)
HMAC-Based One-Time Password (HOTP)
175(1)
Time-Based One-Time Password (TOTP)
175(1)
Hardware Root of Trust
176(2)
JavaScript Object Notation (JSON) Web Token (JWT)
178(1)
Attestation and Identity Proofing
179(2)
Define Key Terms
181(1)
Review Questions
181(4)
Chapter 6 Implementing Secure Cloud and Virtualization Solutions
185(18)
Single Sign-On (SSO)
177(3)
Exam Preparation Tasks
180(1)
Review All Key Topics
180(5)
Virtualization Strategies
185(1)
Type 1 vs. Type 2 Hypervisors
186(1)
Type 1 Hypervisor
186(1)
Type 2 Hypervisor
187(1)
Containers
187(1)
Emulation
188(1)
Application Virtualization
189(1)
VDI
189(1)
Provisioning and Deprovisioning
189(1)
Middleware
190(1)
Metadata and Tags
190(1)
Deployment Models and Considerations
190(1)
Business Directives
191(1)
Cost
191(1)
Scalability
191(1)
Resources
191(1)
Location
191(1)
Data Protection
192(1)
Cloud Deployment Models
192(1)
Private
193(1)
Public
193(1)
Hybrid
193(1)
Community
193(1)
Hosting Models
193(1)
Multitenant
193(1)
Single-Tenant
194(1)
Service Models
194(1)
Software as a Service (SaaS)
194(1)
Platform as a Service (PaaS)
194(1)
Infrastructure as a Service (IaaS)
195(1)
Cloud Provider Limitations
196(1)
Internet Protocol (IP) Address Scheme
196(1)
VPC Peering
196(1)
Extending Appropriate On-premises Controls
196(1)
Storage Models
196(1)
Object Storage/File-Based Storage
197(1)
Database Storage
197(1)
Block Storage
198(1)
Blob Storage
198(1)
Key-Value Pairs
198(1)
Exam Preparation Tasks
199(1)
Review All Key Topics
199(1)
Define Key Terms
199(1)
Complete Tables and Lists from Memory
200(1)
Review Questions
200(3)
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI)
203(16)
Privacy and Confidentiality Requirements
203(1)
Integrity Requirements
204(1)
Non-repudiation
204(1)
Compliance and Policy Requirements
204(1)
Common Cryptography Use Cases
205(1)
Data at Rest
205(1)
Data in Transit
205(1)
Data in Process/Data in Use
205(1)
Protection of Web Services
206(1)
Embedded Systems
206(1)
Key Escrow/Management
207(2)
Mobile Security
209(1)
Elliptic Curve Cryptography
209(1)
P256 vs. P384 vs. P512
209(1)
Secure Authentication
209(1)
Smart Card
209(1)
Common PKI Use Cases
210(1)
Web Services
210(1)
Email
210(1)
GNU Privacy Guard (GPG)
211(1)
Code Signing
211(1)
Federation
211(1)
Trust Models
212(1)
VPN
212(1)
SSL/TLS
212(1)
Other Tunneling Protocols
213(1)
Enterprise and Security Automation/Orchestration
213(1)
Exam Preparation Tasks
214(1)
Review All Key Topics
214(1)
Define Key Terms
214(1)
Complete Tables and Lists from Memory
214(1)
Review Questions
215(4)
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy
219(12)
Artificial Intelligence
219(1)
Machine Learning
220(1)
Quantum Computing
220(1)
Blockchain
220(1)
Homomorphic Encryption
221(1)
Secure Multiparty Computation
221(1)
Private Information Retrieval
221(1)
Secure Function Evaluation
221(1)
Private Function Evaluation
221(1)
Distributed Consensus
221(1)
Big Data
222(1)
Virtual/Augmented Reality
223(1)
3-D Printing
224(1)
Passwordless Authentication
224(1)
Nano Technology
225(1)
Deep Learning
225(1)
Natural Language Processing
225(1)
Deep Fakes
226(1)
Biometric Impersonation
226(1)
Exam Preparation Tasks
227(1)
Review All Key Topics
227(1)
Define Key Terms
227(1)
Complete Tables and Lists from Memory
227(1)
Review Questions
228(3)
Part II Security Operations
Chapter 9 Performing Threat Management Activities
231(20)
Intelligence Types
231(1)
Tactical
231(1)
Commodity Malware
231(1)
Strategic
232(1)
Targeted Attacks
232(1)
Operational
232(1)
Threat Hunting
232(1)
Threat Emulation
233(1)
Actor Types
233(1)
Advanced Persistent Threat (APT)/Nation-State
233(1)
Insider Threat
234(1)
Competitor
234(1)
Hacktivist
234(1)
Script Kiddie
235(1)
Organized Crime
235(1)
Threat Actor Properties
235(1)
Resource
235(1)
Time
235(1)
Money
235(1)
Supply Chain Access
235(1)
Create Vulnerabilities
236(1)
Capabilities/Sophistication
236(1)
Identifying Techniques
237(1)
Intelligence Collection Methods
237(1)
Intelligence Feeds
237(1)
Deep Web
237(1)
Proprietary
238(1)
Open-Source Intelligence (OSINT)
238(1)
Social Media
238(1)
Intelligence Collection Methods
239(1)
Routing Tables
239(1)
DNS Records
239(3)
Search Engines
242(1)
Human Intelligence (HUMINT)
243(1)
Frameworks
243(1)
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK)
243(2)
ATT&CK for Industrial Control System (ICS)
245(1)
Diamond Model of Intrusion Analysis
245(1)
Cyber Kill Chain
246(1)
Exam Preparation Tasks
246(1)
Review All Key Topics
246(1)
Define Key Terms
247(1)
Complete Tables and Lists from Memory
247(1)
Review Questions
248(3)
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate
Response
251(1)
Indicators of Compromise
251(1)
Packet Capture (PCAP)
251(1)
Protocol Analyzers
252(1)
tshark
252(1)
Logs
252(1)
Network Logs
253(1)
Vulnerability Logs
254(1)
Operating System Logs
254(1)
Access Logs
255(1)
NetFlow Logs
256(1)
Notifications
256(1)
FIM Alerts
257(1)
SIEM Alerts
257(1)
DLP Alerts
257(1)
IDS/IPS Alerts
258(1)
Antivirus Alerts
259(1)
Notification Severity/Priorities
260(1)
Syslog
261(2)
Unusual Process Activity
263(2)
Response
265(1)
Firewall Rules
265(2)
IPS/IDS Rules
267(1)
ACL Rules
267(1)
Signature Rules
267(1)
Behavior Rules
268(1)
DLP Rules
268(1)
Scripts/Regular Expressions
268(1)
Exam Preparation Tasks
268(1)
Review All Key Topics
269(1)
Define Key Terms
269(1)
Complete Tables and Lists from Memory
270(1)
Review Questions
270(5)
Chapter 11 Performing Vulnerability Management Activities
275(18)
Vulnerability Scans
275(1)
Credentialed vs. Non-credentialed
275(1)
Agent-Based/Server-Based
276(1)
Criticality Ranking
277(1)
Active vs. Passive
278(1)
Security Content Automation Protocol (SCAP)
278(1)
Extensible Configuration Checklist Description Format (XCCDF)
278(1)
Open Vulnerability and Assessment Language (OVAL)
279(1)
Common Platform Enumeration (CPE)
279(1)
Common Vulnerabilities and Exposures (CVE)
279(1)
Common Vulnerability Scoring System (CVSS)
279(3)
Common Configuration Enumeration (CCE)
282(1)
Asset Reporting Format (ARF)
282(1)
Self-assessment vs. Third-Party Vendor Assessment
283(1)
Patch Management
283(1)
Manual Patch Management
284(1)
Automated Patch Management
284(1)
Information Sources
284(1)
Advisories
285(1)
Bulletins
286(1)
Vendor Websites
287(1)
Information Sharing and Analysis Centers (ISACs)
287(1)
News Reports
287(1)
Exam Preparation Tasks
287(1)
Review All Key Topics
287(1)
Define Key Terms
288(1)
Complete Tables and Lists from Memory
288(1)
Review Questions
288(5)
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools
293(22)
Methods
293(1)
Static Analysis/Dynamic Analysis
293(1)
Side-Channel Analysis
293(1)
Reverse Engineering
294(1)
Software
294(1)
Hardware
294(1)
Wireless Vulnerability Scan
295(1)
Rogue Access Points
295(1)
Software Composition Analysis
296(1)
Fuzz Testing
296(1)
Pivoting
297(1)
Post-exploitation
297(1)
Persistence
298(1)
Tools
298(1)
SCAP Scanner
298(1)
Network Traffic Analyzer
299(1)
Vulnerability Scanner
300(2)
Protocol Analyzer
302(1)
Port Scanner
302(2)
HTTP Interceptor
304(1)
Exploit Framework
304(2)
Password Cracker
306(1)
Dependency Management
307(1)
Requirements
308(1)
Scope of Work
308(1)
Rules of Engagement
308(1)
Invasive vs. Non-invasive
308(1)
Asset Inventory
308(1)
Permissions and Access
309(1)
Corporate Policy Considerations
310(1)
Facility Considerations
310(1)
Physical Security Considerations
310(1)
Rescan for Corrections/Changes
310(1)
Exam Preparation Tasks
310(1)
Review All Key Topics
310(1)
Define Key Terms
311(1)
Complete Tables and Lists from Memory
312(1)
Review Questions
312(3)
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations
315(32)
Vulnerabilities
315(1)
Race Conditions
315(1)
Overflows
315(1)
Buffer
316(2)
Integer
318(1)
Broken Authentication
318(1)
Unsecure References
319(1)
Poor Exception Handling
319(1)
Security Misconfiguration
319(1)
Improper Headers
320(1)
Information Disclosure
321(1)
Certificate Errors
321(1)
Weak Cryptography Implementations
321(1)
Weak Ciphers
322(1)
Weak Cipher Suite Implementations
322(1)
Software Composition Analysis
322(1)
Use of Vulnerable Frameworks and Software Modules
323(1)
Use of Unsafe Functions
323(1)
Third-Party Libraries
323(1)
Dependencies
324(1)
Code Injections/Malicious Changes
324(1)
End of Support/End of Life
324(1)
Regression Issues
324(1)
Inherently Vulnerable System/Application
325(1)
Client-Side Processing vs. Server-Side Processing
325(1)
JSON/Representatdonal State Transfer (REST)
326(1)
Browser Extensions
326(1)
Flash
327(1)
ActiveX
327(1)
Hypertext Markup Language 5 (HTML5)
327(1)
Asynchronous JavaScript and XML (AJAX)
327(2)
Simple Object Access Protocol (SOAP)
329(1)
Machine Code vs. Bytecode or Interpreted vs. Emulated Attacks
329(1)
Directory Traversal
330(1)
Cross-site Scripting (XSS)
331(1)
Cross-site Request Forgery (CSRF)
331(1)
Injection
332(1)
XML
332(3)
LDAP
335(1)
Structured Query Language (SQL)
335(2)
Command
337(1)
Process
337(1)
Sandbox Escape
337(1)
Virtual Machine (VM) Hopping
337(1)
VM Escape
337(1)
Border Gateway Protocol (BGP) Route Hijacking
338(1)
Interception Attacks
339(1)
Denial-of-Service (DoS)/DDoS
339(1)
SYN Flood
339(1)
Teardrop Attack
340(1)
Authentication Bypass
340(1)
Social Engineering
340(1)
Phishing/Pharming
340(1)
Shoulder Surfing
341(1)
Identity Theft
341(1)
Dumpster Diving
341(1)
VLAN Hopping
341(1)
Exam Preparation Tasks
341(1)
Review All Key Topics
341(1)
Define Key Terms
342(1)
Complete Tables and Lists from Memory
343(1)
Review Questions
343(4)
Chapter 14 Using Processes to Reduce Risk
347(20)
Proactive and Detection
347(1)
Hunts
347(1)
Developing Countermeasures
347(1)
Deceptive Technologies
347(1)
Honeynet/Honeypot
348(1)
Simulators
348(1)
Dynamic Network Configurations
348(1)
Security Data Analytics
348(1)
Decoy Files
348(1)
Processing Pipelines
349(1)
Data
349(1)
Stream
349(1)
Indexing and Search
350(1)
Log Collection and Curation
350(1)
Database Activity Monitoring
350(1)
Preventive
351(1)
Antivirus
352(1)
Immutable Systems
352(1)
Hardening
352(1)
Sandbox Detonation
352(1)
Application Control
353(1)
License Technologies
353(1)
Allow List vs. Block List
354(1)
Time of Check vs. Time of Use
354(1)
Atomic Execution
355(1)
Security Automation
355(1)
Cron/Scheduled Tasks
355(1)
Bash
356(1)
PowerShell
357(1)
Python
357(1)
Physical Security
358(1)
Review of Lighting
358(1)
Types of Lighting Systems
358(1)
Types of Lighting
359(1)
Review of Visitor Logs
359(1)
Camera Reviews
359(2)
Open Spaces vs. Confined Spaces
361(1)
Natural Access Control
361(1)
Natural Surveillance
361(1)
Natural Territorial Reinforcement
361(1)
Exam Preparation Tasks
362(1)
Review All Key Topics
362(1)
Define Key Terms
362(1)
Complete Tables and Lists from Memory
363(1)
Review Questions
363(4)
Chapter 15 Implementing the Appropriate Incident Response
367(18)
Event Classifications
367(1)
False Positive
367(1)
False Negative
367(1)
True Positive
367(1)
True Negative
367(1)
Triage Event
367(1)
Preescalation Tasks
368(1)
Incident Response Process
368(1)
Preparation
369(1)
Training
369(1)
Testing
370(1)
Detection
370(1)
Analysis
371(1)
Containment
371(1)
Minimize
371(1)
Isolate
371(1)
Recovery
371(1)
Response
372(1)
Lessons Learned
372(1)
Specific Response Playbooks/Processes
373(1)
Scenarios
373(1)
Ransomware
373(1)
Data Exfiltration
373(1)
Social Engineering
374(1)
Non-automated Response Methods
374(1)
Automated Response Methods
374(1)
Runbooks
374(1)
SOAR
375(1)
Communication Plan
375(2)
Stakeholder Management
377(1)
Legal
377(1)
Human Resources
377(1)
Public Relations
378(1)
Internal and External
378(1)
Law Enforcement
378(1)
Senior Leadership
379(1)
Regulatory Bodies
379(1)
Exam Preparation Tasks
379(1)
Review All Key Topics
379(1)
Define Key Terms
380(1)
Review Questions
380(5)
Chapter 16 Forensic Concepts
385(14)
Legal vs. Internal Corporate Purposes
385(1)
Forensic Process
385(1)
Identification
385(1)
Evidence Collection
385(1)
Chain of Custody
385(1)
Order of Volatility
386(1)
Memory Snapshots
387(1)
Images
388(1)
Cloning
388(1)
Evidence Preservation
388(1)
Secure Storage
389(1)
Backups
389(1)
Analysis
389(1)
Media Analysis
389(1)
Software Analysis
390(1)
Network Analysis
390(1)
Hardware/Embedded Device Analysis
391(1)
Forensics Tools
391(1)
Verification
391(1)
Presentation
391(1)
Integrity Preservation
392(1)
Hashing
392(2)
Cryptanalysis
394(1)
Steganalysis
394(1)
Exam Preparation Tasks
394(1)
Review All Key Topics
394(1)
Define Key Terms
395(1)
Complete Tables and Lists from Memory
395(1)
Review Questions
395(4)
Chapter 17 Forensic Analysis Tools
399(20)
File Carving Tools
399(1)
Foremost
399(1)
Strings
400(1)
Binary Analysis Tools
401(1)
Hex Dump
401(1)
Binwalk
401(1)
Ghidra
401(1)
GNU Project Debugger (GDB)
401(1)
OllyDbg
402(1)
readelf
402(1)
objdump
402(1)
strace
402(1)
ldd
402(1)
file
403(1)
Analysis Tools
403(1)
ExifTool
403(1)
Nmap
403(1)
Aircrack-ng
403(1)
Volatility
404(1)
The Sleuth Kit
405(1)
Dynamically vs. Statically Linked
405(1)
Imaging Tools
405(1)
Forensic Toolkit (FTK) Imager
405(1)
dd
406(1)
Hashing Utilities
407(1)
sha256sum
407(1)
ssdeep
407(1)
Live Collection vs. Post-mortem Tools
407(1)
netstat
407(2)
ps
409(1)
vmstat
409(1)
ldd
410(1)
lsof
410(1)
netcat
410(1)
tcpdump
411(1)
conntrack
411(1)
Wireshark
412(1)
Exam Preparation Tasks
413(1)
Review All Key Topics
413(1)
Define Key Terms
414(1)
Complete Tables and Lists from Memory
414(1)
Review Questions
414(5)
Part III Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility
419(18)
Managed Configurations
419(1)
Application Control
419(1)
Password
419(1)
MFA Requirements
420(1)
Facial
421(1)
Fingerprint
421(1)
Iris Scan
421(1)
Token-Based Access
421(1)
Patch Repository
422(1)
Firmware Over-the-Air
422(1)
Remote Wipe
422(1)
Wi-Fi
423(1)
Wi-Fi Protected Access (WPA2/3)
423(1)
Device Certificates
423(1)
Profiles
424(1)
Bluetooth
424(1)
Near-Field Communication (NFC)
424(1)
Peripherals
425(1)
Geofencing
425(1)
VPN Settings
425(1)
Geotagging
426(1)
Certificate Management
426(1)
Full Device Encryption
427(1)
Tethering
427(1)
Airplane Mode
427(1)
Location Services
427(1)
DNS over HTTPS (DoH)
428(1)
Custom DNS
428(1)
Deployment Scenarios
429(1)
Bring Your Own Device (BYOD)
429(1)
Corporate-Owned
429(1)
Corporate-Owned, Personally Enabled (COPE)
429(1)
Choose Your Own Device (CYOD)
429(1)
Implications of Wearable Devices
429(1)
Unauthorized Remote Activation/Deactivation of Devices or Features
430(1)
Encrypted and Unencrypted Communication Concerns
430(1)
Physical Reconnaissance
430(1)
Personal Data Theft
430(1)
Health Privacy
430(1)
Digital Forensics on Collected Data
430(1)
Unauthorized Application Stores
431(1)
Jailbreaking/Rooting
431(1)
Side Loading
431(1)
Containerization
432(1)
Original Equipment Manufacturer (OEM) and Carrier Differences
432(1)
Supply Chain Issues
432(1)
eFuse
432(1)
Exam Preparation Tasks
433(1)
Review All Key Topics
433(1)
Define Key Terms
433(1)
Complete Tables and Lists from Memory
433(1)
Review Questions
433(4)
Chapter 19 Configuring and Implementing Endpoint Security Controls
437(22)
Hardening Techniques
437(1)
Removing Unneeded Services
437(1)
Disabling Unused Accounts
438(1)
Images/Templates
438(1)
Removing End-of-Life Devices
438(1)
Removing End-of-Support Device
438(1)
Local Drive Encryption
439(1)
Enabling No-Execute (NX)/Execute Never (XN) Bit
439(1)
Disabling Central Processing Unit (CPU) Virtualization Support
439(1)
Secure Encrypted Enclaves
440(1)
Memory Encryption
440(1)
Shell Restrictions
441(1)
Address Space Layout Randomization (ASLR)
442(1)
Processes
442(1)
Patching
442(1)
Firmware
442(1)
Application
443(1)
Logging
443(1)
Monitoring
443(1)
Mandatory Access Control
444(1)
Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid)
444(1)
SELinux
444(1)
SEAndroid
444(1)
Kernel vs. Middleware
445(1)
Trustworthy Computing
445(1)
Trusted Platform Module (TPM)
445(1)
Secure Boot
446(1)
Unified Extensible Firmware Interface (UEFIVBasic Input/Output System (BIOS) Protection
447(1)
Attestation Services
448(1)
Hardware Security Module (HSM)
448(1)
Measured Boot
449(1)
Self-Encrypting Drives (SEDs)
450(1)
Compensating Controls
450(1)
Antivirus
450(1)
Application Controls
451(1)
Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS)
451(1)
Host-Based Firewall
451(1)
Endpoint Detection and Response (EDR)
451(1)
Redundant Hardware
452(1)
Self-Healing Hardware
452(1)
User and Entity Behavior Analytics (UEBA)
452(1)
Exam Preparation Tasks
452(1)
Review All Key Topics
452(1)
Define Key Terms
453(1)
Complete Tables and Lists from Memory
454(1)
Review Questions
454(5)
Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies
459(18)
Embedded
459(1)
Internet of Things (IoT)
459(1)
IoT Examples
460(1)
Methods of Securing IoT Devices
461(1)
System on a Chip (SoC)
461(1)
Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA)
461(1)
ICS/Supervisory Control and Data Acquisition (SCADA)
462(1)
Programmable Logic Controller (PLC)
463(1)
Historian
463(1)
Ladder Logic
463(1)
Safety Instrumented System
464(1)
Heating, Ventilation, and Air Conditioning (HVAC)
464(1)
Protocols
465(1)
Controller Area Network (CAN) Bus
465(1)
Modbus
466(1)
Distributed Network Protocol 3 (DNP3)
466(1)
Zigbee
467(1)
Common Industrial Protocol (CIP)
467(1)
Data Distribution Service
468(1)
Sectors
468(1)
Energy
469(1)
Manufacturing
469(1)
Healthcare
470(1)
Public Utilities
470(1)
Public Services
470(1)
Facility Services
471(1)
Exam Preparation Tasks
472(1)
Review All Key Topics
472(1)
Define Key Terms
472(1)
Complete Tables and Lists from Memory
473(1)
Review Questions
473(4)
Chapter 21 Cloud Technology's Impact on Organizational Security
477(22)
Automation and Orchestration
477(1)
Encryption Configuration
477(1)
Logs
478(1)
Availability
479(1)
Collection
479(1)
Monitoring
479(1)
Configuration
480(1)
Alerting
480(1)
Monitoring Configurations
480(1)
Key Ownership and Location
481(2)
Key Life-Cycle Management
483(2)
Backup and Recovery Methods
485(1)
Cloud as Business Continuity and Disaster Recovery (BCDR)
486(1)
Primary Provider BCDR
486(1)
Alternative Provider BCDR
486(1)
Infrastructure vs. Serverless Computing
486(1)
Application Virtualization
487(1)
Software-Defined Networking
488(1)
Misconfigurations
488(1)
Collaboration Tools
488(1)
Web Conferencing
488(1)
Video Conferencing
489(2)
Audio Conferencing
491(1)
Storage and Document Collaboration Tools
491(1)
Storage Configurations
492(1)
Bit Splitting
493(1)
Data Dispersion
493(1)
Cloud Access Security Broker (CASB)
493(1)
Exam Preparation Tasks
494(1)
Review All Key Topics
494(1)
Define Key Terms
495(1)
Review Questions
495(4)
Chapter 22 Implementing the Appropriate PKI Solution
499(20)
PKI Hierarchy
499(1)
Registration Authority (RA)
499(1)
Certificate Authority (CA)
499(1)
Subordinate/Intermediate CA
500(1)
Certificate Types
501(1)
Wildcard Certificate
501(1)
Extended Validation
502(1)
Multidomain
502(1)
General Purpose
503(1)
Certificate Usages/Profiles/Templates
504(1)
Client Authentication
504(1)
Server Authentication
504(1)
Digital Signatures
504(1)
Code Signing
505(1)
Extensions
505(1)
Common Name (CN)
505(1)
Subject Alternate Name (SAN)
505(1)
Trusted Providers
505(1)
Trust Model
506(1)
Cross-certification
506(1)
Configure Profiles
507(1)
Life-Cycle Management
507(1)
Public and Private Keys
508(4)
Digital Signature
512(1)
Certificate Pinning
512(1)
Certificate Stapling
512(1)
Certificate Signing Requests (CSRs)
513(1)
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL)
513(1)
HTTP Strict Transport Security (HSTS)
514(1)
Exam Preparation Tasks
514(1)
Review All Key Topics
514(1)
Define Key Terms
515(1)
Review Questions
515(4)
Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms
519(24)
Hashing
519(1)
Secure Hashing Algorithm (SHA)
519(1)
Hash-Based Message Authentication Code (HMAC)
520(1)
Message Digest (MD)
521(1)
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
521(1)
Poly 1305
521(1)
Symmetric Algorithms
522(1)
Modes of Operation
523(1)
Electronic Codebook (ECB)
523(1)
Cipher Block Chaining (CBC)
524(1)
Output Feedback (OFB)
524(1)
Counter (CTR)
525(1)
Galois/Counter Mode (GCM)
525(1)
Stream and Block
526(1)
Advanced Encryption Standard (AES)
527(1)
Triple Digital Encryption Standard (3DES)
528(1)
ChaCha/Salsa20
528(1)
Asymmetric Algorithms
528(1)
Key Agreement
529(1)
Diffie-Hellman
529(1)
Elliptic-Curve Diffie-Hellman (ECDH)
530(1)
Signing
530(1)
Digital Signature Algorithm (DSA)
530(1)
Rivest, Shamir, andAdleman (RSA)
530(1)
Elliptic-Curve Digital Signature Algorithm (ECDSA)
531(1)
Known Flaws/Weaknesses
531(1)
Protocols
532(1)
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
532(1)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
533(1)
Internet Protocol Security (IPsec)
534(1)
Secure Shell (SSH)
534(1)
EAP
535(1)
Elliptic-Curve Cryptography
535(1)
P256/P384
535(1)
Forward Secrecy
536(1)
Authenticated Encryption with Associated Data
536(1)
Key Stretching
536(1)
Password-Based Key Derivation Function 2 (PBKDF2)
537(1)
Bcrypt
537(1)
Exam Preparation Tasks
537(1)
Review All Key Topics
537(1)
Define Key Terms
538(1)
Complete Tables and Lists from Memory
538(4)
Implementation and Configuration Issues
542(1)
Validity Dates
542(1)
Chapter 24 Troubleshooting Issues with Cryptographic Implementations
543(12)
Wrong Certificate Type
543(1)
Revoked Certificates
543(1)
Incorrect Name
543(1)
Chain Issues
544(1)
Invalid Root or Intermediate CAs
544(1)
Self-signed
544(1)
Weak Signing Algorithm
545(1)
Weak Cipher Suite
545(1)
Incorrect Permissions
546(1)
Cipher Mismatches
546(1)
Downgrade
546(1)
Keys
546(1)
Mismatched
547(1)
Improper Key Handling
547(1)
Embedded Keys
548(1)
Rekeying
548(1)
Exposed Private Keys
548(1)
Crypto Shredding
548(1)
Cryptographic Obfuscation
548(1)
Key Rotation
549(1)
Compromised Keys
549(1)
Exam Preparation Tasks
549(1)
Review All Key Topics
549(1)
Define Key Terms
550(1)
Complete Tables and Lists from Memory
550(1)
Review Questions
550(5)
Part IV Governance, Risk, and Compliance
Chapter 25 Applying Appropriate Risk Strategies
555(52)
Risk Assessment
555(1)
Likelihood
556(1)
Impact
556(1)
Qualitative vs. Quantitative
557(1)
Qualitative Risk Analysis
557(1)
Quantitative Risk Analysis
558(1)
Exposure Factor
558(1)
Asset Value
558(1)
Total Cost of Ownership (TCO)
559(1)
Return on Investment (ROI)
560(1)
Payback
561(1)
Net Present Value (NPV)
562(1)
Mean Time to Recovery (MTTR)
562(1)
Mean Time Between Failure (MTBF)
562(1)
Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE)
562(1)
ALE
563(1)
ARO
563(1)
SLE
563(1)
Gap Analysis
564(1)
Risk Handling Techniques
565(1)
Transfer
565(1)
Accept
565(1)
Avoid
566(1)
Mitigate
566(1)
Risk Types
566(1)
Inherent
567(1)
Residual
567(1)
Exceptions
567(1)
Risk Management Life Cycle
568(1)
Identify
569(1)
Assess
570(1)
Control
570(2)
People
572(1)
Process
572(1)
Technology
572(1)
Control Types
572(1)
Protect
572(1)
Detect
572(1)
Respond
572(1)
Restore
573(1)
Review
573(1)
Frameworks
573(1)
NIST
574(4)
Open Source Security Testing Methodology Manual (OSSTMM)
588(1)
COSO's Enterprise Risk Management (ERM) Integrated Framework
588(1)
Risk Management Standard by the Federation of European Risk Management Associations (FERMA)
589(1)
Risk Tracking
590(1)
Risk Register
590(1)
Key Performance Indicators/Key Risk Indicators
591(1)
KPIs
592(2)
KRIs
594(1)
Risk Appetite vs. Risk Tolerance
594(1)
Tradeoff Analysis
595(1)
Usability vs. Security Requirements
595(1)
Policies and Security Practices
595(1)
Separation of Duties
595(1)
Job Rotation
596(1)
Mandatory Vacation
596(1)
Least Privilege
597(1)
Employment and Termination Procedures
598(1)
Training and Awareness for Users
599(2)
Auditing Requirements and Frequency
601(1)
Exam Preparation Tasks
601(1)
Review All Key Topics
601(2)
Define Key Terms
603(1)
Complete Tables and Lists from Memory
603(1)
Review Questions
603(4)
Chapter 26 Managing and Mitigating Vendor Risk
607(18)
Shared Responsibility Model (Roles/Responsibilities)
607(1)
Cloud Service Provider (CSP)
607(1)
Geographic Location
608(1)
Infrastructure
608(1)
Compute/Storage/Networking
608(1)
Services
608(1)
Client
609(1)
Encryption
609(1)
Operating Systems
609(1)
Applications
609(1)
Data
609(1)
Vendor Lock-in and Vendor Lock-out
610(1)
Vendor Viability
610(1)
Financial Risk
610(1)
Merger or Acquisition Risk
610(1)
Meeting Client Requirements
610(1)
Legal
610(1)
Change Management
611(1)
Staff Turnover
612(1)
Device and Technical Configurations
612(1)
ACLs
612(1)
Creating Rule Sets
613(1)
Change Monitoring
614(1)
Configuration Lockdown
614(1)
Support Availability
615(1)
Geographical Consideration
615(1)
Supply Chain Visibility
615(1)
Incident Reporting Requirements
616(1)
Source Code Escrows
616(1)
Ongoing Vendor Assessment Tools
616(1)
Third-Party Dependencies
616(1)
Code
617(1)
Hardware
617(1)
Modules
618(1)
Technical Considerations
618(1)
Technical Testing
618(1)
Network Segmentation
618(1)
Transmission Control
618(1)
Shared Credentials
619(1)
Exam Preparation Tasks
620(1)
Review All Key Topics
620(1)
Define Key Terms
620(1)
Complete Tables and Lists from Memory
621(1)
Review Questions
621(4)
Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations
625(32)
Security Concerns of Integrating Diverse Industries
625(1)
Rules
625(1)
Policies
626(1)
Regulations
626(1)
Data Considerations
626(1)
Data Sovereignty
626(1)
Data Ownership
627(1)
Data Classifications
627(1)
Commercial Business Classifications
628(1)
Military and Government Classifications
628(1)
Data Retention
629(1)
Data Types
629(1)
Health/Financial
630(1)
Intellectual Property
630(3)
Personally Identifiable Information (PII)
633(1)
Data Removal, Destruction, and Sanitization
634(1)
Geographic Considerations
635(1)
Location of Data
636(1)
Location of Data Subject
636(1)
Location of Cloud Provider
637(1)
Third-Party Attestation of Compliance
637(1)
Regulations, Accreditations, and Standards
637(1)
Open Standards
638(1)
Adherence to Standards
638(1)
Competing Standards
639(1)
Lack of Standards
639(1)
De Facto Standards
639(1)
Payment Card Industry Data Security Standard (PCI DSS)
639(1)
General Data Protection Regulation (GDPR)
640(1)
International Organization for Standardization (ISO)
641(2)
Capability Maturity Model Integration (CMMI)
643(1)
National Institute of Standards and Technology (NIST)
644(1)
Children's Online Privacy Protection Act (COPPA)
644(1)
Common Criteria
644(2)
Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
646(1)
Legal Considerations
646(1)
Due Diligence/Due Care
646(1)
Export Controls
647(1)
Legal Holds
648(1)
E-Discovery
648(1)
Contract and Agreement Types
648(1)
Service-Level Agreement (SLA)
649(1)
Master Service Agreement (MSA)
649(1)
Non-disclosure Agreement (NDA)
650(1)
Memorandum of Understanding (MOU)
650(1)
Interconnection Security Agreement (ISA)
650(1)
Operational-Level Agreement
651(1)
Privacy-Level Agreement
651(1)
Exam Preparation Tasks
651(1)
Review All Key Topics
651(1)
Define Key Terms
652(1)
Complete Tables and Lists from Memory
653(3)
Business Impact Analysis
656(1)
Chapter 28 Business Continuity and Disaster Recovery Concepts
657(16)
Develop Contingency Planning Policy
658(1)
Conduct the BIA
658(1)
Identify Critical Processes and Resources
659(1)
Recovery Time Objective
659(1)
Recovery Point Objective
659(1)
Recovery Service Level
659(1)
Mission Essential Functions
659(1)
Privacy Impact Assessment
660(1)
Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP)
660(1)
Personnel Components
661(1)
Project Scope
661(1)
Business Continuity Steps
662(1)
Recovery and Multiple Site Strategies
662(1)
Cold Site
663(1)
Warm Site
663(1)
Hot Site
663(1)
Mobile Site
664(1)
Incident Response Plan
664(1)
Roles/Responsibilities
665(1)
After-Action Reports
666(1)
Testing Plans
666(1)
Checklist
666(1)
Walk-through
666(1)
Tabletop Exercises
666(1)
Full Interruption Test
667(1)
Parallel Test/Simulation Test
667(1)
Exam Preparation Tasks
667(1)
Review All Key Topics
667(1)
Define Key Terms
668(1)
Complete Tables and Lists from Memory
668(4)
Tools for Final Preparation
672(1)
Pearson Test Prep Practice Test Software and Questions on the Website
672(1)
Chapter 29 Final Preparations
673(6)
Accessing the Pearson Test Prep Software Online
673(1)
Accessing the Pearson Test Prep Practice Test Software Offline
673(1)
Customizing Your Exams
674(1)
Updating Your Exams
675(1)
Premium Edition
676(1)
Chapter-Ending Review Tools
676(1)
Suggested Plan for Final Review/Study
676(1)
Summary
677(2)
Appendix A Answers to the Review Questions 679(30)
Glossary 709(52)
Index 761
Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes

* Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification) * Author of CompTIA A+ Complete Review Guide (Sybex) * Author of CompTIA Server + Study Guide (Sybex) * Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) * Prep test question writer for Network+ Study Guide (Sybex) * Technical editor for Windows 7 Study Guide (Sybex) * Contributing author for CCNA-Wireless Study Guide (Sybex) * Technical editor for CCNA Study Guide, Revision 7 (Sybex) * Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex) * Author of Cisco Essentials (Sybex) * Co-author of CISSP Cert Guide (Pearson IT Certification) * Prep test question writer for CCNA Wireless 640-722 (Cisco Press) He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.

He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97801373489092e.html
Raktažodžiai: