CASP CompTIA advanced security practitioner certification study guide (Exam CAS-001)

CASP CompTIA advanced security practitioner certification study guide (Exam CAS-001)

The Best Fully Integrated Study System Available for Exam CAS-001 With hundreds of practice questions and lab exercises, CASP CompTIA Advanced Security Practitioner Certification Study Guide covers what you need to know—and shows you how to prepare—for this challenging exam. McGraw-Hill is a Gold-Le...

Descripción completa

Detalles Bibliográficos
Otros Autores: Conklin, Wm. Arthur author (author), White, Gregory B. author, Williams, Dwayne author
Formato: Libro electrónico
Idioma:Inglés
Publicado: New York : McGraw-Hill Education 2012.
Edición:First edition
Colección:Certification Press
Materias:
Computing Technology Industry Association > Examinations > Study guides.
Computer networks > Security measures > Examinations > Study guides.
Computer security > Examinations > Study guides.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629340906719
Tabla de Contenidos:
  • Intro
  • Contents
  • Preface
  • Acknowledgments
  • Introduction
  • Part I: Enterprise Security
  • 1 Cryptographic Tools
  • Determine Appropriate Tools and Techniques
  • Advanced PKI Concepts
  • Hashing
  • Cryptographic Applications
  • Digital Signatures
  • Code Signing
  • Nonrepudiation
  • Transport Encryption
  • Implications of Cryptographic Methods and Design
  • Entropy
  • Pseudorandom Number Generation
  • Perfect Forward Secrecy
  • Confusion
  • Diffusion
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 2 Computing Platforms
  • Advantages and Disadvantages of Virtualizing Servers and Minimizing Physical Space Requirements
  • VLAN
  • Securing Virtual Environments, Appliances, and Equipment
  • Vulnerabilities Associated with a Single Physical Server Hosting Multiple Companies' Virtual Machines
  • Vulnerabilities Associated with a Single Platform Hosting Multiple Companies' Virtual Machines
  • Secure Use of On-demand/Elastic Cloud Computing
  • Vulnerabilities Associated with Co-mingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 3 Enterprise Storage
  • Explain the Security Implications of Enterprise Storage
  • Virtual Storage
  • NAS-Network Attached Storage
  • SAN-Storage Area Network
  • VSAN
  • iSCSI
  • FCOE
  • LUN Masking
  • HBA Allocation
  • Redundancy (Location)
  • Secure Storage Management
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 4 Infrastructure
  • Advanced Network Design
  • Complex Network Security Solutions for Data Flow
  • Secure Data Flows to Meet Changing Business Needs
  • Secure DNS
  • Secure Directory Services
  • Network Design Consideration.
  • Multitier Networking Data Design Considerations
  • Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • ESB
  • SOA
  • SIEM
  • Database Access Monitor (DAM)
  • Service Enabled
  • WS-Security
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 5 Host Security Controls
  • Host-based Firewalls
  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Asset Management (Inventory Control)
  • Data Exfiltration
  • HIPS/HIDS
  • NIPS/NIDS
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 6 Application Security
  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Exploits Resulting from Improper Error and Exception Handling
  • Privilege Escalation
  • Improper Storage of Sensitive Data
  • Fuzzing/False Injection
  • Secure Cookie Storage and Transmission
  • Client-Side Processing vs. Server-Side Processing
  • Buffer Overflow
  • Integer Overflows
  • Memory Leaks
  • Race Conditions
  • Resource Exhaustion
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 7 Security Assessments
  • Tool Types
  • Methods
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • Part II: Risk Management, Policy/Procedure, and Legal
  • 8 Analyze Risk Implications
  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Internal and External Influences
  • Impact of De-perimeterization
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question.
  • Self Test Answers
  • Lab Answer
  • 9 Risk Management Strategy and Controls
  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Determine the Aggregate Score of CIA
  • Determine the Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Decide Which Security Controls Should Be Applied Based on Minimum Requirements
  • Implement Controls
  • Enterprise Security Architecture (ESA) Frameworks
  • Continuous Monitoring
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • LAB QUESTION
  • Self Test Answers
  • Lab Answer
  • 10 E-discovery, Data Breaches, and Incident Response
  • E-discovery
  • Data Breach
  • System Design to Facilitate Incident Response, Taking into Account Types of Violations
  • Incident and Emergency Response
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 11 Security and Privacy Policies
  • Policy Development and Updates in Light of New Business, Technology, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for PII/Sensitive PII
  • Support the Development of Policies
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • Part III: Research and Analysis
  • 12 Industry Trends
  • Ongoing Security Research
  • Situational Awareness
  • Research Security Implications of New Business Tools
  • Global Information Assurance Industry/Community
  • Security Requirements for Contracts
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 13 Enterprise Security.
  • Benchmark
  • Prototype and Test Multiple Solutions
  • Cost Benefit Analysis (ROI, TCO)
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Aids
  • Review Effectiveness of Existing Security
  • Reverse-Engineer/Deconstruct Existing Solutions
  • Analyze Security Solutions to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Review
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Conduct Network Traffic Analysis
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Question
  • Part IV: Integration of Computing, Communications and Business Disciplines
  • 14 People and Security
  • Interpreting Security Requirements to Communicate with Others
  • Providing Guidance to Staff and Senior Management
  • Establishing Effective Collaboration within Teams
  • Disciplines
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 15 Change Control
  • Security Concerns of Interconnecting Multiple Industries
  • Design Consideration During Mergers, Acquisitions, and Demergers
  • Assuring Third-Party Products Only Introduce Acceptable Risk
  • Network Secure Segmentation and Delegation
  • Integration of Products and Services
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 16 Security Controls for Communication and Collaboration
  • Unified Communications Security
  • VoIP Security
  • VoIP Implementation
  • Remote Access
  • Enterprise Configuration Management of Mobile Devices
  • Secure External Communications
  • Secure Implementation of Collaboration Platforms
  • Prioritizing Traffic (QoS)
  • Mobile Devices
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 17 Advanced Authentication Tools, Techniques, and Concepts.
  • Federated Identity Management
  • eXtensible Access Control Markup Language (XACML)
  • Simple Object Access Protocol (SOAP)
  • Single Sign On (SSO)
  • Service Provisioning Markup Language (SPML)
  • Certificate-based Authentication
  • Attestation
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • 18 Security Activities Across the Technology Life Cycle
  • End-to-End Solution Ownership
  • Understanding the Results of Solutions in Advance
  • Systems Development Life Cycle
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Validate the System Design
  • Two-Minute Drill
  • Q&amp
  • A Self Test
  • Lab Question
  • Self Test Answers
  • Lab Answer
  • Appendix: About the Download
  • Downloading the ISO File
  • System Requirements
  • Installing and Running MasterExam
  • MasterExam
  • LearnKey Online Training
  • Help
  • Removing Installations
  • Technical Support
  • LearnKey Technical Support
  • Glossary.

Ejemplares similares