Transcription
CompTIA AdvancedSecurity Practitioner(CASP) CAS-003Cert GuideRobin AbernathyTroy McMillan800 East 96th StreetIndianapolis, Indiana 46240 USA
CompTIA Advanced Security Practitioner (CASP) CAS-003Cert GuideEditor-In-ChiefMark TaubCopyright 2018 by Pearson Education, Inc.Product Line ManagerBrett BartowAll rights reserved. No part of this book shall be reproduced, stored ina retrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission fromthe publisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damagesresulting from the use of the information contained herein.ISBN-13: 978-0-7897-5944-3ISBN-10: 0-7897-5944-6Library of Congress Control Number: 20189324050118TrademarksAcquisitions EditorMichelle NewcombDevelopment EditorEllie BruManaging EditorSandra SchroederProject EditorMandie FrankCopy EditorKitty WilsonAll terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certificationcannot attest to the accuracy of this information. Use of a term in this bookshould not be regarded as affecting the validity of any trademark or servicemark.IndexerKen JohnsonWindows is a registered trademark of Microsoft Corporation.Technical EditorsChris CraytonProofreaderDebbie WilliamsWarning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book.Special SalesFor information about buying this title in bulk quantities, or for specialsales opportunities (which may include electronic versions; custom coverdesigns; and content particular to your business, training goals, marketingfocus, or branding interests), please contact our corporate sales departmentat corpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Publishing CoordinatorVanessa EvansDesignerChuti PrasertsithCompositionTricia Bronkella
Contents at a GlanceINTRODUCTION The CASP Exam2CHAPTER 1 Business and Industry Influences and Associated SecurityRisks 38CHAPTER 2 Security, Privacy Policies, and ProceduresCHAPTER 3 Risk Mitigation Strategies and Controls6496CHAPTER 4 Risk Metric Scenarios to Secure the Enterprise174CHAPTER 5 Network and Security Components, Concepts, andArchitectures 192CHAPTER 6 Security Controls for Host Devices286CHAPTER 7 Security Controls for Mobile and Small Form Factor DevicesCHAPTER 8 Software Vulnerability Security ControlsCHAPTER 9 Security Assessments354382CHAPTER 10 Select the Appropriate Security Assessment ToolCHAPTER 11 Incident Response and Recovery410448CHAPTER 12 Host, Storage, Network, and Application IntegrationCHAPTER 13 Cloud and Virtualization Technology Integration486512CHAPTER 14 Authentication and Authorization Technology IntegrationCHAPTER 15 Cryptographic Techniques570CHAPTER 16 Secure Communication and Collaboration616CHAPTER 17 Industry Trends and Their Impact to the EnterpriseCHAPTER 18 Security Activities Across the Technology Life CycleCHAPTER 19 Business Unit Interaction716APPENDIX A Answers 732GlossaryIndex754798Online-only Elements:Appendix B Memory TablesAppendix C Memory Table AnswersAppendix D Study Planner638664536328
Table of ContentsIntroduction The CASP Exam 2The Goals of the CASP Certification 3Sponsoring Bodies 3Other Security Exams 4Stated Goals 4The Value of the CASP Certification 5To the Security Professional 5Department of Defense Directive 8140 and 8570 (DoDD 8140 and8570) 5To the Enterprise 6CASP Exam Objectives 71.0 Risk Management 71.1 Summarize business and industry influences and associated securityrisks. 71.2 Compare and contrast security, privacy policies and procedures based onorganizational requirements. 81.3 Given a scenario, execute risk mitigation strategies and controls. 91.4 Analyze risk metric scenarios to secure the enterprise. 112.0 Enterprise Security Architecture 122.1 Analyze a scenario and integrate network and security components, conceptsand architectures to meet security requirements. 122.2 Analyze a scenario to integrate security controls for host devices to meetsecurity requirements. 142.3 Analyze a scenario to integrate security controls for mobile and small formfactor devices to meet security requirements. 172.4 Given software vulnerability scenarios, select appropriate securitycontrols. 193.0 Enterprise Security Operations 213.1 Given a scenario, conduct a security assessment using the appropriatemethods. 213.2 Analyze a scenario or output, and select the appropriate tool for a securityassessment. 223.3 Given a scenario, implement incident response and recovery procedures. 23
4.0 Technical Integration of Enterprise Security 254.1 Given a scenario, integrate hosts, storage, networks and applications into asecure enterprise architecture. 254.2 Given a scenario, integrate cloud and virtualization technologies into asecure enterprise architecture. 274.3 Given a scenario, integrate and troubleshoot advanced authentication andauthorization technologies to support enterprise security objectives. 284.4 Given a scenario, implement cryptographic techniques. 294.5 Given a scenario, select the appropriate control to secure communicationsand collaboration solutions. 315.0 Research, Development and Collaboration 315.1 Given a scenario, apply research methods to determine industry trends andtheir impact to the enterprise. 315.2 Given a scenario, implement security activities across the technology lifecycle. 325.3 Explain the importance of interaction across diverse business units to achievesecurity goals. 34Steps to Becoming a CASP 35Qualifying for the Exam 35Signing Up for the Exam 35About the Exam 35CompTIA Authorized Materials Use Policy 35Chapter 1Business and Industry Influences and Associated Security Risks 38Risk Management of New Products, New Technologies, and UserBehaviors 39New or Changing Business Models/Strategies rger and Divestiture/Demerger 42Data Ownership 43Data Reclassification 44Security Concerns of Integrating Diverse Industries 44RulesPolicies4445
viCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideRegulations45Export Controls 45Legal Requirements 46Geography50Data Sovereignty 50Jurisdictions 51Internal and External Influences 52Competitors52Auditors/Audit Findings 52Regulatory Entities 53Internal and External Client Requirements 53Top-Level Management 54Impact of De-perimeterization (e.g., Constantly Changing NetworkBoundary) 54Telecommuting 55Cloud55Mobile55BYOD56Outsourcing58Ensuring Third-Party Providers Have Requisite Levels of InformationSecurity 58Exam Preparation Tasks 60Review All Key Topics 60Define Key Terms 60Review Questions 61Chapter 2Security, Privacy Policies, and Procedures 64Policy and Process Life Cycle Management 65New Business 68New Technologies 68Environmental Changes 69Regulatory Requirements 69Emerging Risks 70Support Legal Compliance and Advocacy 70
ContentsCommon Business Documents to Support Security 71Risk Assessment (RA) 71Business Impact Analysis (BIA) 72Interoperability Agreement (IA) 72Interconnection Security Agreement (ISA) 72Memorandum of Understanding (MOU) 73Service-Level Agreement (SLA) 73Operating-Level Agreement (OLA) 73Non-Disclosure Agreement (NDA) 74Business Partnership Agreement (BPA) 74Master Service Agreement (MSA) 75Security Requirements for Contracts 75Request for Proposal (RFP) 76Request for Quote (RFQ) 76Request for Information (RFI) 76Agreement or Contract 77General Privacy Principles for Sensitive Information 77Support the Development of Policies Containing Standard SecurityPractices 78Separation of Duties 78Job Rotation 79Mandatory Vacation 80Least Privilege 80Incident Response 81Events Versus Incidents 83Rules of Engagement, Authorization, and Scope 83Forensic Tasks 84Employment and Termination Procedures 85Continuous Monitoring 86Training and Awareness for Users 86Auditing Requirements and Frequency 88Information Classification and Life Cycle 89Commercial Business Classifications 89Military and Government Classifications 90Information Life Cycle 90vii
viiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideExam Preparation Tasks 91Review All Key Topics 91Define Key Terms 92Review Questions 92Chapter 3Risk Mitigation Strategies and Controls 96Categorize Data Types by Impact Levels Based on CIA 98Incorporate Stakeholder Input into CIA Impact-Level Decisions 100Determine the Aggregate CIA Score 101Determine Minimum Required Security Controls Based on AggregateScore 102Select and Implement Controls Based on CIA Requirements andOrganizational Policies 102Access Control Categories 102Compensative 103Corrective103Detective 103Deterrent103Directive 103Preventive 104Recovery104Access Control Types 104Administrative (Management) Controls 104Logical (Technical) Controls 106Physical Controls 107Security Requirements Traceability Matrix (SRTM) 108Security Control Frameworks 109ISO/IEC 27000 Series 110Zachman Framework 112The Open Group Architecture Framework (TOGAF) 113Department of Defense Architecture Framework (DoDAF) 113British Ministry of Defence Architecture Framework (MODAF) 113Sherwood Applied Business Security Architecture (SABSA) 113Control Objectives for Information and Related Technology (COBIT) 114National Institute of Standards and Technology (NIST) Special Publication(SP) 800 Series 115
ContentsHITRUST CSF 118CIS Critical Security Controls 118Committee of Sponsoring Organizations (COSO) of the Treadway CommissionFramework 119Operationally Critical Threat, Asset and Vulnerability Evaluation(OCTAVE) 120Information Technology Infrastructure Library (ITIL) 120Six Sigma 121Capability Maturity Model Integration (CMMI) 123CCTA Risk Analysis and Management Method (CRAMM) 123Extreme Scenario Planning/Worst-Case Scenario 123Conduct System-Specific Risk Analysis 125Make Risk Determination Based upon Known Metrics 126Qualitative Risk Analysis 126Quantitative Risk Analysis 127Magnitude of Impact Based on ALE and SLE 128SLE128ALE128Likelihood of Threat 129MotivationSourceARO129130130Trend Analysis 130Return on Investment (ROI) 131Payback 132Net Present Value (NPV) 132Total Cost of Ownership 133Translate Technical Risks in Business Terms 134Recommend Which Strategy Should Be Applied Based on RiskAppetite 135Avoid135Transfer 136Mitigate136Accept 137ix
xCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideRisk Management Processes 137Information and Asset (Tangible/Intangible) Value and Costs 138Vulnerabilities and Threats Identification 139Exemptions 139Deterrence 140Inherent140Residual140Continuous Improvement/Monitoring 141Business Continuity Planning 141Business Continuity Scope and Plan 141Personnel Components 142Project Scope 142Business Continuity Steps 142Develop Contingency Planning Policy 144Conduct the BIA 145Identify Preventive Controls 147Create Contingency Strategies 148Plan Testing, Training, and Exercises (TT&E) 148Maintain the Plan 148IT Governance 148Adherence to Risk Management Frameworks 149NIST149Organizational Governance Components 164Policies 165Processes 167Procedures167Standards167Guidelines167Baselines 167Enterprise Resilience 168Exam Preparation Tasks 170Review All Key Topics 170Define Key Terms 171Review Questions 171
ContentsChapter 4Risk Metric Scenarios to Secure the Enterprise 174Review Effectiveness of Existing Security Controls 175Gap Analysis 176Lessons Learned and After-Action Reports 177Reverse Engineer/Deconstruct Existing Solutions 177Creation, Collection, and Analysis of Metrics 177KPIs179KRIs180Prototype and Test Multiple Solutions 180Create Benchmarks and Compare to Baselines 181Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs 182Analyze Security Solution Metrics and Attributes to Ensure They MeetBusiness Needs 183Performance183Latency 184Scalability184Capability185Usability 185MaintainabilityAvailability185185Recoverability 186Cost/Benefit Analysis 186ROI 186TCO186Use Judgment to Solve Problems Where the Most Secure Solution Is NotFeasible 187Exam Preparation Tasks 187Review All Key Topics 187Define Key Terms 188Review Questions 189Chapter 5Network and Security Components, Concepts, andArchitectures 192Physical and Virtual Network and Security Devices 194UTM194IDS/IPS195xi
xiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideHIDS/HIPSNIPS197NIDS198197INE 198NAC199SIEM199Switch201Firewall202Types of Firewalls 202NGFWs205Firewall Architecture 205Wireless Controller 208Router210Proxy210Load Balancer 211HSM211MicroSD HSM 212Application and Protocol-Aware Technologies 212WAF212Firewall213Passive Vulnerability Scanners 213Active Vulnerability Scanners 214DAM214Advanced Network Design (Wired/Wireless) 215Remote Access 215VPN215SSH220RDP220VNC221VDI221Reverse Proxy 222IPv4 and IPv6 Transitional Technologies 222Network Authentication Methods 224802.1x226
ContentsMesh Networks 228Application of Solutions 229Placement of Hardware, Applications, and Fixed/Mobile Devices 230Complex Network Security Solutions for Data Flow 241DLP241Deep Packet Inspection 242Data-Flow Enforcement 243Network Flow (S/flow) 244Network Flow Data 244Data Flow Diagram 245Secure Configuration and Baselining of Networking and SecurityComponents 246ACLs246Creating Rule Sets 246Change Monitoring 247Configuration Lockdown 248Availability Controls 248Software-Defined Networking 254Network Management and Monitoring Tools 255Alert Definitions and Rule Writing 259Tuning Alert Thresholds 259Alert Fatigue 260Advanced Configuration of Routers, Switches, and Other NetworkDevices 260Transport Security 260Trunking Security 260Port Security 262Limiting MAC Addresses 263Implementing Sticky Mac 263Ports264Route Protection 266DDoS Protection 266Remotely Triggered Black Hole 267xiii
xivCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideSecurity Zones 268DMZ268Separation of Critical Assets 268Network Segmentation 269Network Access Control 269Quarantine/Remediation 270Persistent/Volatile or Non-persistent Agent 270Agent vs. Agentless 271Network-Enabled Devices 271System on a Chip (SoC) 271Secure Booting 271Secured Memory 272Runtime Data Integrity Check 273Central Security Breach Response 274Building/Home Automation Systems 274IP Video 275HVAC Controllers 276Sensors277Physical Access Control Systems 277A/V Systems 278Scientific/Industrial Equipment 279Critical Infrastructure 279Exam Preparation Tasks 280Review All Key Topics 280Define Key Terms 282Review Questions 282Chapter 6Security Controls for Host Devices 286Trusted OS (e.g., How and When to Use It) 287SELinux289SEAndroid 289TrustedSolaris290Least Functionality 290
ContentsEndpoint Security Software 290Anti-malware 291Antivirus291Anti-spyware291Spam Filters 292Patch Management 292IDS/IPS293HIPS/HIDS293Data Loss Prevention 293Host-Based Firewalls 294Log Monitoring 295Endpoint Detection Response 297Host Hardening 298Standard Operating Environment/Configuration Baselining 298Application Whitelisting and Blacklisting 299Security/Group Policy Implementation 299Command Shell Restrictions 301Patch Management 302Manual302Automated302Configuring Dedicated Interfaces 303Out-of-Band Management 303ACLs304Management Interface 304Data Interface 305External I/O Restrictions 305USB306Wireless306Drive Mounting 313Drive Mapping 314Webcam314Recording Mic 314Audio Output 314SD Port 315xv
xviCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideHDMI Port 315File and Disk Encryption 315TPM315Firmware Updates 316Boot Loader Protections 316Secure Boot 317Measured Launch 317Integrity Measurement Architecture 318BIOS/UEFI318Attestation Services 319TPM319Virtual TPM 320Vulnerabilities Associated with Hardware 322Terminal Services/Application Delivery Services 322Exam Preparation Tasks 323Review All Key Topics 323Define Key Terms 324Review Questions 324Chapter 7Security Controls for Mobile and Small Form Factor Devices 328Enterprise Mobility Management 329Containerization 329Configuration Profiles and Payloads 329Personally Owned, Corporate-Enabled 330Application Wrapping 330Remote Assistance Access 330VNC330Screen Mirroring 330Application, Content, and Data Management 331Over-the-Air Updates (Software/Firmware) 331Remote Wiping 332SCEP332BYOD332COPE332VPN333
ContentsApplication Permissions 333Side Loading 334Unsigned Apps/System Apps 334Context-Aware Management 334Geolocation/Geofencing 335User Behavior 335Security Restrictions 336Time-Based Restrictions 336Frequency336Security Implications/Privacy Concerns 336Data Storage 336Non-Removable Storage 337Removable Storage 337Cloud Storage 337Transfer/Backup Data to Uncontrolled Storage 338USB OTG 338Device Loss/Theft 338Hardware Anti-Tamper 338eFuse338TPM339Rooting/Jailbreaking 339Push Notification Services 339Geotagging339Encrypted Instant Messaging Apps 340Tokenization 340OEM/Carrier Android Fragmentation 340Mobile Payment 340NFC-Enabled340Inductance-Enabled 341Mobile Wallet 341Peripheral-Enabled Payments (Credit Card Reader) 341TetheringUSB341342Spectrum Management 342Bluetooth 3.0 vs. 4.1 342xvii
xviiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideAuthentication342Swipe Pattern 343Gesture 343PIN Code 343Biometric343Malware344Unauthorized Domain Bridging 344Baseband Radio/SOC 345Augmented Reality 345SMS/MMS/Messaging345Wearable Technology 345Devices346Cameras346Watches346Fitness Devices 347Glasses347Medical Sensors/Devices 348Headsets348Security Implications 349Unauthorized Remote Activation/Deactivation of Devices or Features 349Encrypted and Unencrypted Communication Concerns 349Physical Reconnaissance 349Personal Data Theft 350Health Privacy 350Digital Forensics on Collected Data 350Exam Preparation Tasks 350Review All Key Topics 350Define Key Terms 351Review Questions 351Chapter 8Software Vulnerability Security Controls 354Application Security Design Considerations 355Secure: By Design, By Default, By Deployment 355Specific Application Issues 356Unsecure Direct Object References 356XSS356
ContentsCross-Site Request Forgery (CSRF) 357Click-Jacking358Session Management 359Input Validation 360SQL Injection 360Improper Error and Exception Handling 362Privilege Escalation 362Improper Storage of Sensitive Data 362Fuzzing/Fault Injection 363Secure Cookie Storage and Transmission 364Buffer Overflow 364Memory Leaks 367Integer Overflows 367Race Conditions 367Time of Check/Time of Use 367Resource Exhaustion 368Geotagging368Data Remnants 369Use of Third-Party Libraries 369Code Reuse 370Application Sandboxing 370Secure Encrypted Enclaves 371Database Activity Monitor 371Web Application Firewalls 371Client-Side Processing vs. Server-Side Processing 371JSON/REST372Browser Extensions 373ActiveX 373Java Applets 373HTML5374AJAX374SOAP376State Management 376JavaScript 376xix
xxCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideOperating System Vulnerabilities 377Firmware Vulnerabilities 377Exam Preparation Tasks 378Review All Key Topics 378Define Key Terms 378Review Questions 379Chapter 9Security Assessments 382Methods383Malware Sandboxing 383Memory Dumping, Runtime Debugging 384Reconnaissance385Fingerprinting 385Code Review 387Social Engineering 388Phishing/Pharming 388Shoulder Surfing 389Identity Theft 389Dumpster Diving 389Pivoting389Open Source Intelligence 390Social Media 390Whois391Routing Tables 392DNS Records 394Search Engines 397Test Types 398Penetration Test 398Black Box 400White Box 400Gray Box 400Vulnerability Assessment 401Self-Assessment 402Tabletop Exercises 403
ContentsInternal and External Audits 403Color Team Exercises 404Exam Preparation Tasks 405Review All Key Topics 405Define Key Terms 406Review Questions 407Chapter 10Select the Appropriate Security Assessment Tool 410Network Tool Types 411Port Scanners 411Network Vulnerability Scanners 413Protocol Analyzer 414Wired414Wireless415SCAP Scanner 416Permissions and Access 418Execute Scanning 419Network Enumerator 420Fuzzer 421HTTP Interceptor 422Exploitation Tools/Frameworks 422Visualization Tools 424Log Reduction and Analysis Tools 425Host Tool Types 427Password Cracker 427Host Vulnerability Scanners 428Command Line Tools 429netstatping429431tracert/traceroute 433ipconfig/ifconfig 434nslookup/dig 435SysinternalsOpenSSL435436Local Exploitation Tools/Frameworks 436xxi
xxiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideSCAP Tool 437File Integrity Monitoring 437Log Analysis Tools 438Antivirus439Reverse Engineering Tools 440Physical Security Tools 441Lock Picks 441Locks442RFID Tools 444IR Camera 444Exam Preparation Tasks 444Review All Key Topics 444Define Key Terms 445Review Questions 446Chapter 11Incident Response and Recovery 448E-Discovery 449Electronic Inventory and Asset Control 450Data Retention Policies 451Data Recovery and Storage 451Data Ownership 452Data Handling 453Legal Holds 454Data Breach 454Detection and Collection 455Data Analytics 455MitigationMinimize456456Isolate 456Recovery/Reconstitution 456ResponseDisclosure457457Facilitate Incident Detection and Response 457Internal and External Violations 458Privacy Policy Violations 458Criminal Actions 459
ContentsInsider Threats 459Non-malicious Threats/Misconfigurations 459Hunt Teaming 460Heuristics/Behavioral Analytics 460Establish and Review System, Audit and Security Logs 461Incident and Emergency Response 461Chain of Custody 461Evidence 462Surveillance, Search, and Seizure 463Forensic Analysis of Compromised System 463Media Analysis 464Software Analysis 464Network Analysis 464Hardware/Embedded Device Analysis 465Continuity of Operations 465Disaster Recovery 465Data Backup Types and Schemes 465Electronic Backup 469Incident Response Team 469Order of Volatility 470Incident Response Support Tools 471dd471tcpdump 472nbtstat 473netstat474nc (Netcat) 475memcopy 476tshark476foremost477Severity of Incident or Breach 478ScopeImpact478478System Process Criticality 479Cost479xxiii
xxivCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideDowntime479Legal Ramifications 480Post-incident Response 480Root-Cause Analysis 480Lessons Learned 480After-Action Report 481Change Control Process 481Update Incident Response Plan 481Exam Preparation Tasks 481Review All Key Topics 481Define Key Terms 482Review Questions 483Chapter 12Host, Storage, Network, and Application Integration 486Adapt Data Flow Security to Meet Changing Business Needs 487Standards 489Open Standards 489Adherence to Standards 489Competing Standards 490Lack of Standards 490De Facto Standards 490Interoperability Issues 491Legacy Systems and Software/Current Systems 491Application Requirements 492Software Types 492In-house Developed 493Commercial 493Tailored Commercial 493Open Source 493Standard Data Formats 493Protocols and APIs 494Resilience Issues 494Use of Heterogeneous Components 494Course of Action Automation/Orchestration 495Distribution of Critical Assets 495Persistence and Non-persistence of Data 495
ContentsRedundancy/High Availability 496Assumed Likelihood of Attack 496Data Security Considerations 496Data Remnants 497Data Aggregation 498Data Isolation 498Data Ownership 499Data Sovereignty 499Data Volume 500Resources Provisioning and Deprovisioning 500Users500Servers501Virtual Devices 501Applications501Data Remnants 501Design Considerations During Mergers, Acquisitions and Demergers/Divestitures 501Network Secure Segmentation and Delegation 502Logical Deployment Diagram and Corresponding Physical DeploymentDiagram of All Relevant Devices 502Security and Privacy Considerations of Storage Integration 504Security Implications of Integrating Enterprise Applications 504CRMERP504505CMDBCMS505505Integration Enablers 505Directory Services 505DNS506SOA506ESB507Exam Preparation Tasks 507Review All Key Topics 507Define Key Terms 508Review Questions 508xxv
xxviCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideChapter 13Cloud and Virtualization Technology Integration 512Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership) 513Cloud and Virtualization Considerations and Hosting Options cy514515Single Tenancy 515On-Premise vs. Hosted 515Cloud Service Models 516Security Advantages and Disadvantages of Virtualization 518Type 1 vs. Type 2 Hypervisors 519Type 1 Hypervisor 519Type 2 Hypervisor 519Container-Based 520vTPM520Hyperconverged Infrastructure 521Virtual Desktop Infrastructure 521Secure Enclaves and Volumes 521Cloud Augmented Security Services 521Hash Matching 522Anti-malware 522Vulnerability Scanning 523Sandboxing 525Content Filtering 525Cloud Security Broker 526Security as a Service 527Managed Security Service Providers 527Vulnerabilities Associated with Comingling of Hosts with Different SecurityRequirements 527VMEscape527Privilege Elevation 528
ContentsLive VM Migration 528Data Remnants 529Data Security Considerations 529Vulnerabilities Associated with a Single Server Hosting Multiple DataTypes 530Vulnerabilities Associated with a Single Platform Hosting Multiple DataTypes/Owners on Multiple Virtual Machines 530Resources Provisioning and Deprovisioning 531Virtual Devices 531Data Remnants 531Exam Preparation Tasks 532Review All Key Topics 532Define Key Terms 532Review Questions 533Chapter 14Authentication and Authorization Technology Integration 536Authentication537Authentication Factors 538Knowledge Factors 538Ownership Factors 538Characteristic Factors 539Additional Authentication Concepts 540Identity and Account Management 540Password Types and Management 541Physiological Characteristics 544Behavioral Characteristics 545Biometric Considerations 546Dual-Factor and Multi-Factor Authentication 547Certificate-Based Authentication 548Single Sign-on 548802.1x549Context-Aware Authentication 550Push-Based Authentication 550Authorization550Access Control Models 550Discretionary Access Control 551Mandatory Access Control 551xxvii
xxviiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideRole-Based Access Control 551Rule-Based Access Control 552Content-Dependent Access Control 552Access Control Matrix 552ACLs553Access Control Policies 553Default to No Access 553OAuth553XACML555SPML556Attestation557Identity Proofing 558Identity Propagation 63Trust Models 563RADIUS Configurations 563LDAPAD564565Exam Preparation Tasks 566Review All Key Topics 566Define Key Terms 567Review Questions 567Chapter 15Cryptographic Techniques 570Techniques 572Key Stretching 572Hashing572MD2/MD4/MD5/MD6 574SHA/SHA-2/SHA-3HAVAL576RIPEMD-160576575
ContentsDigital Signature 576Message Authentication 577Code Signing 578Pseudo-Random Number Generation 578Perfect Forward Secrecy 578Data-in-Transit Encryption 579SSL/TLS579HTTP/HTTPS/SHTTP 579SET and 3-D Secure 580IPsec580Data-in-Memory/Processing 581Data-at-Rest Encryption 581Symmetric Algorithms 582Asymmetric Algorithms 585Hybrid Ciphers 588Disk-Level Encryption 588Block-Level Encryption 589File-Level Encryption 589Record-Level Encryption 589Port-Level Encryption 591Steganography 591Implementations 592Crypto Modules 592Crypto Processors 593Cryptographic Service Providers 593DRM593Watermarking594GNU Privacy Guard (GPG) 594SSL/TLS595Secure Shell (SSH) 595S/MIME596Cryptographic Applications and Proper/Improper Implementations 596Strength Versus Performance Versus Feasibility to Implement VersusInteroperability 596Feasibility to Implement 597xxix
xxxCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideInteroperability 597Stream vs. Block 597Stream Ciphers 597Block Ciphers 598Modes598Known Flaws/Weaknesses 602PKI603Wildcard603OCSP vs. CRL 604Issuance to Entities 604Key Escrow 606Certificate ockchain 609Mobile Device Encryption Considerations 610Elliptic Curve Cryptography 610P256 vs. P384 vs. P512 610Exam Preparation Tasks 611Review All Key Topics 611Define Key Terms 612Review Questions 613Chapter 16Secure Communication and Collaboration 616Remote Access 617Dial-up 617VPN618SSL 618Remote Administration 618Resource and Services 618Desktop and Application Sharing 619Remote Assistance 620
ContentsUnified Collaboration Tools 621Web Conferencing 621Video Conferencing 622Audio Conferencing 623Storage and Document Collaboration Tools 624Unified Communication 625Instant Messaging 625Presence626Email627IMAP627POP627SMTP628Email Spoofing 628Spear Phishing 628WhalingSpam629629Captured Messages 629Disclosure of Information 630Malware630Telephony and VoIP Integration 630Collaboration Sites 632Social Media 632Cloud-Based Collaboration 633Exam Preparation Tasks 634Review All Key Topics 634Define Key Terms 635Review Questions 635Chapter 17Industry Trends and Their Impact to the Enterprise 638Perform Ongoing Research 639Best Practices 640New Technologies, Security Systems and Services 641Technology Evolution (e.g., RFCs, ISO) 642Threat Intelligence 643Latest Attacks 644Knowledge of Current Vulnerabilities and Threats 646xxxi
xxxiiCompTIA Advanced Security Practitioner (CASP) CAS-003 Cert GuideZero-Day Mitigation Controls and Remediation 647Threat Model 648Research Security Implications of Emerging Business Tools 649Evolving Social Media Platforms 650End-User Cloud Storage 650Integration Within the Business 651Big Data 652AI/Machine Learning 653Global IA Indu
viii CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide Exam Preparation Tasks 91 Review All Key Topics 91 Define Key Terms 92 Review Questions 92 Chapter 3 Risk Mitigation Strategies and Controls 96 Categorize Data Types by Impact Levels Based on CIA 98 Incorpor
