CASP+ CompTIA Advanced Security Practitioner Study Guide
eBook - ePub

CASP+ CompTIA Advanced Security Practitioner Study Guide

Exam CAS-003

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

CASP+ CompTIA Advanced Security Practitioner Study Guide

Exam CAS-003

About this book

Comprehensive coverage of the new CASP+ exam, with hands-on practice and interactive study tools

The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, offers invaluable preparation for exam CAS-003. Covering 100 percent of the exam objectives, this book provides expert walk-through of essential security concepts and processes to help you tackle this challenging exam with full confidence. Practical examples and real-world insights illustrate critical topics and show what essential practices look like on the ground, while detailed explanations of technical and business concepts give you the background you need to apply identify and implement appropriate security solutions. End-of-chapter reviews help solidify your understanding of each objective, and cutting-edge exam prep software features electronic flashcards, hands-on lab exercises, and hundreds of practice questions to help you test your knowledge in advance of the exam.

The next few years will bring a 45-fold increase in digital data, and at least one third of that data will pass through the cloud. The level of risk to data everywhere is growing in parallel, and organizations are in need of qualified data security professionals; the CASP+ certification validates this in-demand skill set, and this book is your ideal resource for passing the exam.

  • Master cryptography, controls, vulnerability analysis, and network security
  • Identify risks and execute mitigation planning, strategies, and controls
  • Analyze security trends and their impact on your organization
  • Integrate business and technical components to achieve a secure enterprise architecture

CASP+ meets the ISO 17024 standard, and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is also compliant with government regulations under the Federal Information Security Management Act (FISMA). As such, this career-building credential makes you in demand in the marketplace and shows that you are qualified to address enterprise-level security concerns. The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, is the preparation resource you need to take the next big step for your career and pass with flying colors.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access CASP+ CompTIA Advanced Security Practitioner Study Guide by Jeff T. Parker,Michael Gregg in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Sybex
Year
2019
Print ISBN
9781119477648
eBook ISBN
9781119477679
Edition
3
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Chapter 1
Cryptographic Tools and Techniques

THE FOLLOWING COMPTIA CASP+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
  • images
    2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
  • images
    2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
    • Physical and virtual network and security devices
      • HSM
  • images
    2.3 Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
    • Security implications/privacy concerns
      • TPM
  • images
    4.4 Given a scenario, implement cryptographic techniques.
    • Techniques
      • Key stretching
      • Hashing
      • Digital signature
      • Message authentication
      • Code signing
      • Pseudo-random number generation
      • Perfect forward secrecy
      • Data-at-rest encryption
        • Disk
        • Block
        • File
        • Record
      • Steganography
    • Implementations
      • DRM
      • Watermarking
      • GPG
      • SSL/TLS
      • SSH
      • S/MIME
      • Cryptographic applications and proper/improper implementations
        • Strength
        • Performance
        • Feasibility to implement
        • Interoperability
      • Stream vs. block
      • PKI
        • Wild card
        • OCSP vs. CRL
        • Issuance to entities
        • Key escrow
        • Certificate
        • Tokens
        • Stapling
        • Pinning
      • Cryptocurrency/blockchain
images
This chapter discusses cryptography, which can be defined as the art of protecting information by transforming it into an unreadable format. Everywhere you turn you see cryptography. It is used to protect sensitive information, prove the identity of a claimant, and verify the integrity of an application or program. As a security professional for your company, which of the following would you consider more critical if you could choose only one?
  • Provide a locking cable for every laptop user in the organization.
  • Enforce full disk encryption for every mobile device.
Our choice would be full disk encryption. Typically, the data will be worth more than the cost of a replacement laptop. If the data is lost or exposed, you’ll incur additional costs such as client notification and reputation loss.
As a security professional, you should have a good basic understanding of cryptographic functions. This chapter begins by reviewing a little of the history of cryptography. Next, we discuss basic cryptographic types, explaining symmetric and asymmetric encryption, hashing, digital signatures, and public key infrastructure. These concepts are important as we move on to more advanced topics and begin to look at cryptographic applications. Understanding them will help you prepare for the CompTIA exam and to implement cryptographic solutions to protect your company’s assets better.

The History of Cryptography

Encryption is not a new concept. The desire to keep secrets is as old as civilization. There are two basic ways in which encryption is used: for data at rest and for data in motion. Data at rest might be information on a laptop hard drive or in cloud storage. Data in motion might be data being processed by SQL, a URL requested via HTTP, or information traveling over a VPN at the local coffee shop bound for the corporate network. In each of these cases, protection must be sufficient. The following list includes some examples of early cryptographic systems:
Scytale This system functioned by wrapping a strip of papyrus or leather, on which a message was written, around a rod of fixed diameter. The recipient used a rod of the same diameter to read the message. Although such systems seem basic today, it worked well in the time of the Spartans. Even if someone was to intercept the message, it appeared as a jumble of meaningless letters.
Caesar’s Cipher Julius Caesar is known for an early form of encryption, the Caesar cipher, which was used to transmit messages sent between Caesar and his generals. The cipher worked by means of a simple substitution. Before a message was sent, the plain text was rotated forward by three characters (ROT3). Using Caesar’s cipher to encrypt the word cat would result in fdw. Decrypting required moving back three characters.
Other Examples Substitution ciphers replace one character for another. The best example of a substitution cipher is the Vigenère polyalphabetic cipher. Other historical systems include a running key cipher and the Vernam cipher. The running key cipher is another way to generate the keystream for use with the tabula recta. The Vernam is also known as the onetime pad.

Cryptographic Services

As a security professional, you need to understand cryptographic services and how they are applied. You also need to know the goals of cryptography and basic terms. Although your job may not require you to be a cryptographic expert, to pass the CASP+ exam you should be able to explain how specific cryptographic functions work.

Cryptographic Goals

Cryptography includes methods such as symmetric encryption, asymmetric encryption, hashing, and digital signatures. Each provides specific attributes and solutions. These cryptographic services include the following goals:
Privacy Also called confidentiality. What is private (confidential) should stay private, whether at rest or in transit.
Authentication There should be proof that the message is from the person or entity you believe it to be from.
Integrity Information should remain unaltered at the point at which it was produced, while it is in transmission, and during storage.
Non-repudiation The sender of data is provided with proof of delivery, and the recipient is assured of the sender’s identity.
images
An easy way to remember...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. Acknowledgments
  6. About the Authors
  7. Table of Exercises
  8. Introduction
  9. Assessment Test
  10. Answers to Assessment Test
  11. Chapter 1 Cryptographic Tools and Techniques
  12. Chapter 2 Comprehensive Security Solutions
  13. Chapter 3 Securing Virtualized, Distributed, and Shared Computing
  14. Chapter 4 Host Security
  15. Chapter 5 Application Security and Penetration Testing
  16. Chapter 6 Risk Management
  17. Chapter 7 Policies, Procedures, and Incident Response
  18. Chapter 8 Security Research and Analysis
  19. Chapter 9 Enterprise Security Integration
  20. Chapter 10 Security Controls for Communication and Collaboration
  21. Appendix A Answers to Review Questions
  22. Appendix B CASP+ Lab Manual
  23. Index
  24. Advert
  25. End User License Agreement