Prepare to succeed in your new cybersecurity career with the challenging and sought-after CASP+ credential
In the newly updated Fourth Edition of CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004, risk management and compliance expert Jeff Parker walks you through critical security topics and hands-on labs designed to prepare you for the new CompTIA Advanced Security Professional exam and a career in cybersecurity implementation. Content and chapter structure of this Fourth edition was developed and restructured to represent the CAS-004 Exam Objectives.
From operations and architecture concepts, techniques and requirements to risk analysis, mobile and small-form factor device security, secure cloud integration, and cryptography, you’ll learn the cybersecurity technical skills you’ll need to succeed on the new CAS-004 exam, impress interviewers during your job search, and excel in your new career in cybersecurity implementation.
This comprehensive book offers:
Efficient preparation for a challenging and rewarding career in implementing specific solutions within cybersecurity policies and frameworks A robust grounding in the technical skills you’ll need to impress during cybersecurity interviews Content delivered through scenarios, a strong focus of the CAS-004 Exam Access to an interactive online test bank and study tools, including bonus practice exam questions, electronic flashcards, and a searchable glossary of key terms
Perfect for anyone preparing for the CASP+ (CAS-004) exam and a new career in cybersecurity, CASP+ CompTIA Advanced Security Practitioner Study Guide Exam CAS-004 is also an ideal resource for current IT professionals wanting to promote their cybersecurity skills or prepare for a career transition into enterprise cybersecurity.
By:
Nadean H. Tanner,
Jeff T. Parker
Imprint: Sybex Inc.,U.S.
Country of Publication: United States
Edition: 4th edition
Dimensions:
Height: 229mm,
Width: 185mm,
Spine: 36mm
Weight: 794g
ISBN: 9781119803164
ISBN 10: 1119803160
Series: Sybex Study Guide
Pages: 592
Publication Date: 11 November 2022
Audience:
Professional and scholarly
,
Undergraduate
Format: Paperback
Publisher's Status: Active
Introduction xxv Assessment Test xxxv Chapter 1 Risk Management 1 Risk Terminology 4 The Risk Assessment Process 6 Policies Used to Manage Employees 17 Cost-Benefit Analysis 21 Continuous Monitoring 22 Enterprise Security Architecture Frameworks and Governance 23 Training and Awareness for Users 24 Best Practices for Risk Assessments 25 Business Continuity Planning and Disaster Recovery 27 Reviewing the Effectiveness of Existing Security Controls 28 Conducting Lessons Learned and After-Action Reviews 30 Creation, Collection, and Analysis of Metrics 31 Analyzing Security Solutions to Ensure They Meet Business Needs 32 Testing Plans 33 Internal and External Audits 34 Using Judgment to Solve Difficult Problems 35 Summary 35 Exam Essentials 36 Review Questions 38 Chapter 2 Configure and Implement Endpoint Security Controls 43 Hardening Techniques 45 Trusted Operating Systems 52 Compensating Controls 55 Summary 57 Exam Essentials 58 Review Questions 59 Chapter 3 Security Operations Scenarios 63 Threat Management 66 Actor Types 67 Intelligence Collection Methods 71 Frameworks 74 Indicators of Compromise 77 Response 80 Summary 85 Exam Essentials 85 Review Questions 86 Chapter 4 Security Ops: Vulnerability Assessments and Operational Risk 91 Terminology 97 Vulnerability Management 98 Vulnerabilities 134 Inherently Vulnerable System/Application 140 Proactive Detection 153 Summary 159 Exam Essentials 160 Review Questions 161 Chapter 5 Compliance and Vendor Risk 165 Shared Responsibility in Cloud Computing 168 Security Concerns of Integrating Diverse Industries 185 Regulations, Accreditations, and Standards 187 Contract and Agreement Types 198 Third-Party Attestation of Compliance 202 Legal Considerations 203 Summary 204 Exam Essentials 205 Review Questions 206 Chapter 6 Cryptography and PKI 211 The History of Cryptography 216 Cryptographic Goals and Requirements 217 Supporting Security Requirements 218 Risks with Data 221 Hashing 223 Symmetric Algorithms 227 Asymmetric Encryption 233 Public Key Infrastructure Hierarchy 239 Digital Certificates 241 Implementation of Cryptographic Solutions 247 Recognizing Cryptographic Attacks 254 Troubleshooting Cryptographic Implementations 256 Summary 259 Exam Essentials 259 Review Questions 261 Chapter 7 Incident Response and Forensics 265 The Incident Response Framework 268 Forensic Concepts 277 Forensic Analysis Tools 283 Summary 294 Exam Essentials 294 Review Questions 295 Chapter 8 Security Architecture 301 Security Requirements and Objectives for a Secure Network Architecture 310 Organizational Requirements for Infrastructure Security Design 358 Integrating Applications Securely into an Enterprise Architecture 362 Data Security Techniques for Securing Enterprise Architecture 384 Security Requirements and Objectives for Authentication and Authorization Controls 394 Summary 406 Exam Essentials 407 Review Questions 410 Chapter 9 Secure Cloud and Virtualization 415 Implement Secure Cloud and Virtualization Solutions 418 How Cloud Technology Adoption Impacts Organization Security 445 Summary 461 Exam Essentials 462 Review Questions 463 Chapter 10 Mobility and Emerging Technologies 467 Emerging Technologies and Their Impact on Enterprise Security and Privacy 471 Secure Enterprise Mobility Configurations 478 Security Considerations for Technologies, Protocols, and Sectors 495 Summary 500 Exam Essentials 500 Review Questions 501 Appendix Answers to Review Questions 505 Chapter 1: Risk Management 506 Chapter 2: Configure and Implement Endpoint Security Controls 507 Chapter 3: Security Operations Scenarios 509 Chapter 4: Security Ops: Vulnerability Assessments and Operational Risk 511 Chapter 5: Compliance and Vendor Risk 513 Chapter 6: Cryptography and PKI 514 Chapter 7: Incident Response and Forensics 516 Chapter 8: Security Architecture 519 Chapter 9: Secure Cloud and Virtualization 522 Chapter 10: Mobility and Emerging Technologies 524 Index 529
ABOUT THE AUTHORS NADEAN H. TANNER has been in the technology industry for over 20 years in a variety of positions from marketing to training to web development to hardware. She has worked in academia as an IT director and a postgraduate technology instructor. She has also been a trainer and consultant in advanced cybersecurity for Fortune 500 companies as well as the U.S. Department of Defense. Nadean is the author of CASP+ Practices Tests: Exam CAS-004 and Cybersecurity Blue Team Toolkit. JEFF T. PARKER, CISSP, CompTIA Project+, CySA+, is a certified technical trainer and consultant specializing in governance, risk management and compliance. Jeff’s infosec roots began as a security engineer, a member of a HP consulting group in Boston, USA. Prior to becoming an author, Jeff was a Global IT Risk Manager residing for several years in Prague, Czech Republic, where he rolled out a new risk management strategy for a multinational logistics firm.
