You are previewing CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002, Second Edition.
O'Reilly logo
CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002, Second Edition

Book Description

CompTIA-approved, best-selling prep for CompTIA's Advanced Security Practitioner certification, updated for the CAS-002 exam

CASP: CompTIA Advanced Security Practitioner Study Guide: CAS-002 is the updated edition of the bestselling book covering the CASP certification exam. CompTIA approved, this guide covers all of the CASP exam objectives with clear, concise, thorough information on crucial security topics. With practical examples and insights drawn from real-world experience, the book is a comprehensive study resource with authoritative coverage of key concepts. Exam highlights, end-of-chapter reviews, and a searchable glossary help with information retention, and cutting-edge exam prep software offers electronic flashcards and hundreds of bonus practice questions. Additional hands-on lab exercises mimic the exam's focus on practical application, providing extra opportunities for readers to test their skills.

CASP is a DoD 8570.1-recognized security certification that validates the skillset of advanced-level IT security professionals. The exam measures the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments, as well as the ability to think critically and apply good judgment across a broad spectrum of security disciplines. This study guide helps CASP candidates thoroughly prepare for the exam, providing the opportunity to:

  • Master risk management and incident response

  • Sharpen research and analysis skills

  • Integrate computing with communications and business

  • Review enterprise management and technical component integration

  • Experts predict a 45-fold increase in digital data by 2020, with one-third of all information passing through the cloud. Data has never been so vulnerable, and the demand for certified security professionals is increasing quickly. The CASP proves an IT professional's skills, but getting that certification requires thorough preparation. This CASP study guide provides the information and practice that eliminate surprises on exam day.

    Table of Contents

    1. Title Page
    2. Copyright
    3. Publisher's Note
    4. Dedication
    5. Acknowledgments
    6. About the Author
    7. About the Contributor
    8. Foreword
    9. Introduction
      1. Before You Begin the CompTIA CASP Certification Exam
      2. How to Become a CASP Certified Professional
      3. Who Should Read This Book?
      4. How This Book Is Organized
      5. Exam Strategy
      6. How to Use This Book and Companion Website
      7. The CASP (2014 Edition) Exam Objectives
    10. Assessment Test
      1. Answers to Assessment Test
    11. Chapter 1: Cryptographic Tools and Techniques
      1. The History of Cryptography
      2. Cryptographic Services
      3. Symmetric Encryption
      4. Asymmetric Encryption
      5. Hybrid Encryption
      6. Hashing
      7. Digital Signatures
      8. Public Key Infrastructure
      9. Implementation of Cryptographic Solutions
      10. Cryptographic Attacks
      11. Summary
      12. Exam Essentials
      13. Review Questions
    12. Chapter 2: Comprehensive Security Solutions
      1. Advanced Network Design
      2. TCP/IP
      3. Secure Communication Solutions
      4. Secure Facility Solutions
      5. Secure Network Infrastructure Design
      6. Summary
      7. Exam Essentials
      8. Review Questions
    13. Chapter 3: Securing Virtualized, Distributed, and Shared Computing
      1. Enterprise Security
      2. Cloud Computing
      3. Virtualization
      4. Virtual LANs
      5. Virtual Networking and Security Components
      6. Enterprise Storage
      7. Summary
      8. Exam Essentials
      9. Review Questions
    14. Chapter 4: Host Security
      1. Firewalls and Network Access Control
      2. Host-Based Firewalls
      3. Trusted Operating Systems
      4. Endpoint Security Solutions
      5. Anti-malware
      6. Host Hardening
      7. Asset Management
      8. Data Exfiltration
      9. Intrusion Detection and Prevention
      10. Network Management, Monitoring, and Security Tools
      11. Summary
      12. Exam Essentials
      13. Review Questions
    15. Chapter 5: Application Security and Penetration Testing
      1. Application Security Testing
      2. Specific Application Issues
      3. Application Sandboxing
      4. Application Security Frameworks
      5. Secure Coding Standards
      6. Application Exploits
      7. Escalation of Privilege
      8. Improper Storage of Sensitive Data
      9. Cookie Storage and Transmission
      10. Malware Sandboxing
      11. Memory Dumping
      12. Process Handling at the Client and Server
      13. Security Assessments and Penetration Testing
      14. Summary
      15. Exam Essentials
      16. Review Questions
    16. Chapter 6: Risk Management
      1. Risk Terminology
      2. Identifying Vulnerabilities
      3. Operational Risks
      4. The Risk Assessment Process
      5. Best Practices for Risk Assessments
      6. Summary
      7. Exam Essentials
      8. Review Questions
    17. Chapter 7: Policies, Procedures, and Incident Response
      1. A High-Level View of Documentation
      2. Business Documents Used to Support Security
      3. Documents and Controls Used for Sensitive Information
      4. Training and Awareness for Users
      5. Auditing Requirements and Frequency
      6. The Incident Response Framework
      7. Incident and Emergency Response
      8. Summary
      9. Exam Essentials
      10. Review Questions
    18. Chapter 8: Security Research and Analysis
      1. Apply Research Methods to Determine Industry Trends and Impact to the Enterprise
      2. Analyze Scenarios to Secure the Enterprise
      3. Summary
      4. Exam Essentials
      5. Review Questions
    19. Chapter 9: Enterprise Security Integration
      1. Integrate Enterprise Disciplines to Achieve Secure Solutions
      2. Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture
      3. Summary
      4. Exam Essentials
      5. Review Questions
    20. Chapter 10: Security Controls for Communication and Collaboration
      1. Selecting the Appropriate Control to Secure Communications and Collaboration Solutions
      2. Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives
      3. Implement Security Activities across the Technology Life Cycle
      4. Summary
      5. Exam Essentials
      6. Review Questions
    21. Appendix A: CASP Lab Manual
      1. What You'll Need
      2. Lab A1: Verifying a Baseline Security Configuration
      3. Lab A2: Introduction to a Protocol Analyzer
      4. Lab A3: Performing a Wireless Site Survey
      5. Lab A4: Using Windows Remote Access
      6. Lab A5: Configuring a VPN Client
      7. Lab A6: Using the Windows Command-Line Interface (CLI)
      8. Lab A7: Cisco IOS Command-Line Basics
      9. Lab A8: Shopping for Wi-Fi Antennas
      10. Lab A9: Cloud Provisioning
      11. Lab A10: Introduction to Windows Command-Line Forensic Tools
      12. Lab A11: Introduction to Hashing Using a GUI
      13. Lab A12: Hashing from the Command Line
      14. Lab A13: Cracking Encrypted Passwords
      15. Lab A14: Threat Modeling
      16. Lab A15: Social Engineering
      17. Lab A16: Downloading, Verifying, and Installing a Virtual Environment
      18. Lab A17: Exploring Your Virtual Network
      19. Lab A18: Port Scanning
      20. Lab A19: Introduction to the Metasploit Framework
      21. Lab A20: Sniffing NETinVM Traffic with Wireshark
      22. Suggestions for Further Exploration of Security Topics
    22. Appendix B: Answers to Review Questions
      1. Chapter 1: Cryptographic Tools and Techniques
      2. Chapter 2: Comprehensive Security Solutions
      3. Chapter 3: Securing Virtualized, Distributed, and Shared Computing
      4. Chapter 4: Host Security
      5. Chapter 5: Application Security and Penetration Testing
      6. Chapter 6: Risk Management
      7. Chapter 7: Policies, Procedures, and Incident Response
      8. Chapter 8: Security Research and Analysis
      9. Chapter 9: Enterprise Security Integration
      10. Chapter 10: Security Controls for Communication and Collaboration
    23. Appendix C: About the Additional Study Tools
      1. Additional Study Tools
      2. System Requirements
      3. Using the Study Tools
      4. Troubleshooting
    24. Free Online Study Tools
    25. End User License Agreement