O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, Second Edition

Book Description

Learn, prepare, and practice for CompTIA Advanced Security Practitioner (CASP) CAS-003 exam success with this CompTIA Approved Cert Guide from Pearson IT Certification, a leader in IT Certification learning and a CompTIA Authorized Platinum Partner.

  • Master CompTIA Advanced Security Practitioner (CASP) CAS-003 exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with unique sets of exam-realistic practice questions

CompTIA Advanced Security Practitioner (CASP) CAS-003 Authorized Cert Guide is a best-of-breed exam study guide. Leading security certification training experts Robin Abernathy and Troy McMillan share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

 

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

 

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. This online assessment engine enables you to access the practice tests via the Internet on any desktop, laptop, tablet, or smartphone device with internet connectivity. The web-based version also allows you to download the software to your desktop, so you can use the practice test even when you don't have an internet connection. The desktop version syncs with your online version when an internet connection is established, to update and track your progress. This integrated learning package offers these additional benefits:

• Allows you to focus on individual topic areas or take complete, timed exams
• Presents unique sets of exam-realistic practice questions
• Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

 

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time, including:

  • Enterprise security
  • Risk management and incident response
  • Research, analysis, and assessment
  • Integration of computing, communications, and business disciplines
  • Technical integration of enterprise components

 

Companion Website

The website contains two free, complete practice exams.

 

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test & 60% off
CompTIA Advanced Security Practitioner (CASP) CAS-003 Complete Video Course and Practice Test

 

Pearson Test Prep online system requirements:

Browsers: Chrome version 40 and above; Firefox
version 35 and above; Safari version 7; Internet Explorer
10, 11; Microsoft Edge; Opera. Devices: Desktop and
laptop computers, tablets running on Android and iOS,
smartphones with a minimum screen size of 4.7".
Internet access required.

 

Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1, or Windows 7; Microsoft .NET
Framework 4.5 Client; Pentium-class 1 GHz processor (or
equivalent); 512 MB RAM; 650 MB disk space plus 50 MB
for each downloaded practice exam; access to the Internet
to register and download exam databases..

Table of Contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents at a Glance
  7. Table of Contents
  8. About the Authors
  9. Dedication
  10. Acknowledgments
  11. About the Reviewer
  12. We Want to Hear from You!
  13. Reader Services
  14. About the Book
  15. Introduction: The CASP Exam
    1. The Goals of the CASP Certification
    2. The Value of the CASP Certification
    3. CASP Exam Objectives
    4. Steps to Becoming a CASP
    5. CompTIA Authorized Materials Use Policy
  16. Chapter 1. Business and Industry Influences and Associated Security Risks
    1. Risk Management of New Products, New Technologies, and User Behaviors
    2. New or Changing Business Models/Strategies
    3. Security Concerns of Integrating Diverse Industries
    4. Internal and External Influences
    5. Impact of De-perimeterization (e.g., Constantly Changing Network Boundary)
    6. Exam Preparation Tasks
    7. Review All Key Topics
    8. Define Key Terms
    9. Review Questions
  17. Chapter 2. Security, Privacy Policies, and Procedures
    1. Policy and Process Life Cycle Management
    2. Support Legal Compliance and Advocacy
    3. Common Business Documents to Support Security
    4. Security Requirements for Contracts
    5. General Privacy Principles for Sensitive Information
    6. Support the Development of Policies Containing Standard Security Practices
    7. Exam Preparation Tasks
    8. Review All Key Topics
    9. Define Key Terms
    10. Review Questions
  18. Chapter 3. Risk Mitigation Strategies and Controls
    1. Categorize Data Types by Impact Levels Based on CIA
    2. Incorporate Stakeholder Input into CIA Impact-Level Decisions
    3. Determine the Aggregate CIA Score
    4. Determine Minimum Required Security Controls Based on Aggregate Score
    5. Select and Implement Controls Based on CIA Requirements and Organizational Policies
    6. Extreme Scenario Planning/Worst-Case Scenario
    7. Conduct System-Specific Risk Analysis
    8. Make Risk Determination Based upon Known Metrics
    9. Translate Technical Risks in Business Terms
    10. Recommend Which Strategy Should Be Applied Based on Risk Appetite
    11. Risk Management Processes
    12. Continuous Improvement/Monitoring
    13. Business Continuity Planning
    14. IT Governance
    15. Enterprise Resilience
    16. Exam Preparation Tasks
    17. Review All Key Topics
    18. Define Key Terms
    19. Review Questions
  19. Chapter 4. Risk Metric Scenarios to Secure the Enterprise
    1. Review Effectiveness of Existing Security Controls
    2. Reverse Engineer/Deconstruct Existing Solutions
    3. Creation, Collection, and Analysis of Metrics
    4. Prototype and Test Multiple Solutions
    5. Create Benchmarks and Compare to Baselines
    6. Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
    7. Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs
    8. Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible
    9. Exam Preparation Tasks
    10. Review All Key Topics
    11. Define Key Terms
    12. Review Questions
  20. Chapter 5. Network and Security Components, Concepts, and Architectures
    1. Physical and Virtual Network and Security Devices
    2. Application and Protocol-Aware Technologies
    3. Advanced Network Design (Wired/Wireless)
    4. Complex Network Security Solutions for Data Flow
    5. Secure Configuration and Baselining of Networking and Security Components
    6. Software-Defined Networking
    7. Network Management and Monitoring Tools
    8. Advanced Configuration of Routers, Switches, and Other Network Devices
    9. Security Zones
    10. Network Access Control
    11. Network-Enabled Devices
    12. Critical Infrastructure
    13. Exam Preparation Tasks
    14. Review All Key Topics
    15. Define Key Terms
    16. Review Questions
  21. Chapter 6. Security Controls for Host Devices
    1. Trusted OS (e.g., How and When to Use It)
    2. Endpoint Security Software
    3. Host Hardening
    4. Boot Loader Protections
    5. Vulnerabilities Associated with Hardware
    6. Terminal Services/Application Delivery Services
    7. Exam Preparation Tasks
    8. Review All Key Topics
    9. Define Key Terms
    10. Review Questions
  22. Chapter 7. Security Controls for Mobile and Small Form Factor Devices
    1. Enterprise Mobility Management
    2. Security Implications/Privacy Concerns
    3. Wearable Technology
    4. Exam Preparation Tasks
    5. Review All Key Topics
    6. Define Key Terms
    7. Review Questions
  23. Chapter 8. Software Vulnerability Security Controls
    1. Application Security Design Considerations
    2. Specific Application Issues
    3. Application Sandboxing
    4. Secure Encrypted Enclaves
    5. Database Activity Monitor
    6. Web Application Firewalls
    7. Client-Side Processing vs. Server-Side Processing
    8. Operating System Vulnerabilities
    9. Firmware Vulnerabilities
    10. Exam Preparation Tasks
    11. Define Key Terms
    12. Review Questions
  24. Chapter 9. Security Assessments
    1. Methods
    2. Test Types
    3. Exam Preparation Tasks
    4. Define Key Terms
    5. Review Questions
  25. Chapter 10. Select the Appropriate Security Assessment Tool
    1. Network Tool Types
    2. Host Tool Types
    3. Physical Security Tools
    4. Exam Preparation Tasks
    5. Review All Key Topics
    6. Define Key Terms
    7. Review Questions
  26. Chapter 11. Incident Response and Recovery
    1. E-Discovery
    2. Data Breach
    3. Facilitate Incident Detection and Response
    4. Incident and Emergency Response
    5. Incident Response Support Tools
    6. Severity of Incident or Breach
    7. Post-incident Response
    8. Exam Preparation Tasks
    9. Review All Key Topics
    10. Define Key Terms
    11. Review Questions
  27. Chapter 12. Host, Storage, Network, and Application Integration
    1. Adapt Data Flow Security to Meet Changing Business Needs
    2. Standards
    3. Interoperability Issues
    4. Resilience Issues
    5. Data Security Considerations
    6. Resources Provisioning and Deprovisioning
    7. Design Considerations During Mergers, Acquisitions and Demergers/Divestitures
    8. Network Secure Segmentation and Delegation
    9. Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
    10. Security and Privacy Considerations of Storage Integration
    11. Security Implications of Integrating Enterprise Applications
    12. Exam Preparation Tasks
    13. Review All Key Topics
    14. Define Key Terms
    15. Review Questions
  28. Chapter 13. Cloud and Virtualization Technology Integration
    1. Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership)
    2. Security Advantages and Disadvantages of Virtualization
    3. Cloud Augmented Security Services
    4. Vulnerabilities Associated with Comingling of Hosts with Different Security Requirements
    5. Data Security Considerations
    6. Resources Provisioning and Deprovisioning
    7. Exam Preparation Tasks
    8. Review All Key Topics
    9. Define Key Terms
    10. Review Questions
  29. Chapter 14. Authentication and Authorization Technology Integration
    1. Authentication
    2. Authorization
    3. Attestation
    4. Identity Propagation
    5. Federation
    6. Trust Models
    7. Exam Preparation Tasks
    8. Review Questions
  30. Chapter 15. Cryptographic Techniques
    1. Techniques
    2. Implementations
    3. Exam Preparation Tasks
    4. Review Questions
  31. Chapter 16. Secure Communication and Collaboration
    1. Remote Access
    2. Unified Collaboration Tools
    3. Exam Preparation Tasks
    4. Define Key Terms
    5. Review Questions
  32. Chapter 17. Industry Trends and Their Impact to the Enterprise
    1. Perform Ongoing Research
    2. Threat Intelligence
    3. Research Security Implications of Emerging Business Tools
    4. Global IA Industry/Community
    5. Exam Preparation Tasks
    6. Define Key Terms
    7. Review Questions
  33. Chapter 18. Security Activities Across the Technology Life Cycle
    1. Systems Development Life Cycle
    2. Software Development Life Cycle
    3. Adapt Solutions
    4. Asset Management (Inventory Control)
    5. Exam Preparation Tasks
    6. Review Questions
  34. Chapter 19. Business Unit Interaction
    1. Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
    2. Provide Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls
    3. Establish Effective Collaboration Within Teams to Implement Secure Solutions
    4. Governance, Risk, and Compliance Committee
    5. Exam Preparation Tasks
    6. Define Key Terms
    7. Review Questions
  35. Appendix A. Answers
  36. Glossary
  37. Index
  38. Appendix B. Memory Tables
  39. Appendix C. Memory Table Answers
  40. Appendix D. Study Planner
  41. Code Snippets
  42. Where are the companion content files? - Login
  43. Where are the companion content files? - Register