CompTIA

CompTIA Advanced Security Practitioner

(pearson-cas-002-complete) / ISBN : 978-1-61691-620-6
Lessons
Lab
TestPrep
114 Revisar
Obtenga una prueba gratuita

Habilidades que obtendrás

CompTIA Advanced Security Practitioner es una certificación independiente de CompTIA con el código de examen CAS-001. La certificación CASP es una credencial independiente del proveedor, diseñada para profesionales de seguridad informática de nivel avanzado que desean conceptualizar, diseñar e implementar soluciones seguras en entornos empresariales complejos. Esta certificación valida las habilidades y conocimientos de seguridad de nivel avanzado a nivel internacional.
Descargar el esquema del curso

1

CompTIA® Advanced Security Practitioner (CASP) CAS-002 Cert Guide

  • About the Authors
  • Dedication
  • Acknowledgments
  • About the Reviewers
  • We Want to Hear from You!
2

INTRODUCTION

  • The Goals of the CASP Certification
  • The Value of the CASP Certification
  • CASP Exam Objectives
  • Steps to Becoming a CASP
  • CompTIA Authorized Materials Use Policy
3

Cryptographic concepts and Techniques

  • Cryptographic Techniques
  • Cryptographic Concepts
  • Cryptographic Implementations
  • Review All Key Topics
4

Enterprise Storage

  • Storage Types
  • Storage Protocols
  • Secure Storage Management
  • Review All Key Topics
  • Advanced Network Design (Wired/Wireless)
  • Virtual Networking and Security Components
  • Complex Network Security Solutions for Data Flow
  • Secure Configuration and Baselining of Networking and Security Components
  • Software-Defined Networking
  • Cloud-Managed Networks
  • Network Management and Monitoring Tools
  • Advanced Configuration of Routers, Switches, and Other Network Devices
  • Security Zones
  • Network Access Control
  • Operational and Consumer Network-Enabled Devices
  • Critical Infrastructure/Supervisory Control and ...isition (SCADA)/Industrial Control Systems (ICS)
  • Review All Key Topics
5

Security controls for hosts

  • Trusted OS
  • Endpoint Security Software
  • Host Hardening
  • Security Advantages and Disadvantages of Virtualizing Servers
  • Cloud-Augmented Security Services
  • Boot Loader Protections
  • Vulnerabilities Associated with Commingling of Hosts with Different Security Requirements
  • Virtual Desktop Infrastructure (VDI)
  • Terminal Services/Application Delivery Services
  • Trusted Platform Module (TPM)
  • Virtual TPM (VTPM)
  • Hardware Security Module (HSM)
  • Review All Key Topics
6

Application Vulnerabilities and Security Controls

  • Web Application Security Design Considerations
  • Specific Application Issues
  • Application Sandboxing
  • Application Security Frameworks
  • Secure Coding Standards
  • Software Development Methods
  • Database Activity Monitoring (DAM)
  • Web Application Firewalls (WAF)
  • Client-Side Processing Versus Server-Side Processing
  • Review All Key Topics
7

Business Influences and Associated Security Risks

  • Risk Management of New Products, New Technologies, and User Behaviors
  • New or Changing Business Models/Strategies
  • Security Concerns of Integrating Diverse Industries
  • Ensuring That Third-Party Providers Have Requisite Levels of Information Security
  • Internal and External Influences
  • Impact of De-perimiterization
  • Review All Key Topics
8

Risk Mitigation Planning, Strategies, and Controls

  • Classify Information Types into Levels of CIA Based on Organization/Industry
  • Incorporate Stakeholder Input into CIA Decisions
  • Implement Technical Controls Based on CIA Requirements and Policies of the Organization
  • Determine the Aggregate CIA Score
  • Extreme Scenario/Worst-Case Scenario Planning
  • Determine Minimum Required Security Controls Based on Aggregate Score
  • Conduct System-Specific Risk Analysis
  • Make Risk Determination
  • Recommend Which Strategy Should be Applied Based on Risk Appetite
  • Risk Management Processes
  • Enterprise Security Architecture Frameworks
  • Continuous Improvement/Monitoring
  • Business Continuity Planning
  • IT Governance
  • Review All Key Topics
9

Security, Privacy Policies, and Procedures

  • Policy Development and Updates in Light of New Business, Technology, Risks, and Environment Changes
  • Process/Procedure Development and Updates in Light of Policy, Environment, and Business Changes
  • Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities
  • Use Common Business Documents to Support Security
  • Use General Privacy Principles for Sensitive Information (PII)
  • Support the Development of Various Policies
  • Review All Key Topics
10

Incident Response and Recovery Procedures

  • E-Discovery
  • Data Breach
  • Design Systems to Facilitate Incident Response
  • Incident and Emergency Response
  • Review All Key Topics
11

Industry Trends

  • Perform Ongoing Research
  • Situational Awareness
  • Vulnerability Management Systems
  • Advanced Persistent Threats
  • Zero-Day Mitigating Controls and Remediation
  • Emergent Threats and Issues
  • Research Security Implications of New Business Tools
  • Global IA Industry/Community
  • Research Security Requirements for Contracts
  • Review All Key Topics
12

Securing the Enterprise

  • Create Benchmarks and Compare to Baselines
  • Prototype and Test Multiple Solutions
  • Cost/Benefit Analysis
  • Metrics Collection and Analysis
  • Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
  • Review Effectiveness of Existing Security Controls
  • Reverse Engineer/Deconstruct Existing Solutions
  • Analyze Security Solution Attributes to Ensure They Meet Business Needs
  • Conduct a Lessons-Learned/After-Action Report
  • Use Judgment to Solve Difficult Problems That Do Not Have a Best Solution
  • Review All Key Topics
13

Assesment Tools and Methods

  • Assessment Tool Types
  • Assessment Methods
  • Review All Key Topics
14

Business Unit Collaboration

  • Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
  • Provide Objective Guidance and Impartial Recomme...or Management on Security Processes and Controls
  • Establish Effective Collaboration within Teams to Implement Secure Solutions
  • IT Governance
  • Review All Key Topics
15

Secure Communication and Collaboration

  • Security of Unified Collaboration Tools
  • Remote Access
  • Mobile Device Management
  • Over-the-Air Technologies Concerns
  • Review All Key Topics
16

Security Across the Technology Life Cycle

  • End-to-End Solution Ownership
  • Systems Development Life Cycle (SDLC)
  • Adapt Solutions to Address Emerging Threats and Security Trends
  • Asset Management (Inventory Control)
  • Review All Key Topics
17

Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Secure Data Flows to Meet Changing Business Needs
  • Standards
  • Interoperability Issues
  • Technical Deployment Models
  • Logical and Physical Deployment Diagrams of Relevant Devices
  • Secure Infrastructure Design
  • Storage Integration (Security Considerations)
  • Enterprise Application Integration Enablers
  • Review All Key Topics
18

Authenticatication and Authorization Technologies

  • Authentication
  • Authorization
  • Attestation
  • Identity Propagation
  • Federation
  • Advanced Trust Models
  • Review All Key Topics

1

Cryptographic concepts and Techniques

  • Understanding cryptographic terms
  • Identifying symmetric algorithms
  • Identifying sequence of sender's process for hybrid encryption
  • Identifying sequence of sender's process for digital signatures
  • Identifying cryptographic attacks
  • Understanding steganography
  • Launching Windows certificates manager
  • Identifying password cracking ways
  • Identifying symmetric and asymmetric encryptions
  • Identifying asymmetric encryption algorithms
  • Identifying public key infrastructure components
2

Enterprise Storage

  • Identifying encryption types
3

Security controls for hosts

  • Identifying TCSEC divisions levels
  • Identifying endpoint security solutions
  • Creating a virtual PC machine
  • Identifying hashing algorithms
  • Identifying cloud-augmented security services
4

Application Vulnerabilities and Security Controls

  • Identifying tracking vulnerabilities in software
  • Understanding cross-site scripting
  • Identifying XSS vulnerabilities
  • Viewing cookies and temporary files in IE
  • Understanding application sandboxing
  • Identifying secure coding tests
  • Understanding SOAP
5

Risk Mitigation Planning, Strategies, and Controls

  • Identifying attributes of symmetric and asymmetric encryption
  • Identifying quantitative analysis
  • Identifying employee controls uses
  • Identifying security governance plan
  • Identifying information security policy components
6

Security, Privacy Policies, and Procedures

  • Identifying information security laws
  • Understanding incident response plan
  • Identifying incident responses models
  • Identifying employee controls
  • Identifying stages of building security controls
7

Incident Response and Recovery Procedures

  • Identifying data backup types
  • Understanding facets of an investigation
8

Securing the Enterprise

  • Identifying security solution performances
9

Assesment Tools and Methods

  • Identifying fuzzing tools
  • Identifying the handshake process for CHAP
  • Ejecutar un escáner de seguridad para identificar vulnerabilidades
  • Identifying port scanning techniques
  • Cracking encrypted passwords
  • Identifying penetration testing steps
10

Secure Communication and Collaboration

  • Identifying protocols security issues
  • Arranging the VoIP protocols in the protocol stack
  • Identifying 802.11 standards
  • Creating and configuring a network
11

Security Across the Technology Life Cycle

  • Understanding SDLC activities
12

Host, Storage, Network, and Application Integration into a Secure Enterprise Architecture

  • Setting up a DMZ on a SOHO router
  • Configuring a VPN client
13

Authenticatication and Authorization Technologies

  • Identifying biometric systems
  • Creación de una conexión VPN de acceso remoto
  • Identificación de los inconvenientes de la autenticación Kerberos

¿Alguna pregunta? Consulta las preguntas frecuentes

¿Aún tienes preguntas sin respuesta y necesitas ponerte en contacto?

Contáctanos ahora

El examen contiene 90 preguntas.

165 minutos

Solo aprobado/reprobado. Sin puntuación escalada.

Conozca más sobre el CAS-002

CompTIA Advanced Security Practitioner

$279.99

Comprar ahora

Cursos relacionados

Todo el curso