CASP+ CompTIA Advanced Security Practitioner Study Guide
eBook - ePub

CASP+ CompTIA Advanced Security Practitioner Study Guide

Exam CAS-003

Jeff T. Parker, Michael Gregg

Compartir libro
  1. English
  2. ePUB (apto para móviles)
  3. Disponible en iOS y Android
eBook - ePub

CASP+ CompTIA Advanced Security Practitioner Study Guide

Exam CAS-003

Jeff T. Parker, Michael Gregg

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Comprehensive coverage of the new CASP+ exam, with hands-on practice and interactive study tools

The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, offers invaluable preparation for exam CAS-003. Covering 100 percent of the exam objectives, this book provides expert walk-through of essential security concepts and processes to help you tackle this challenging exam with full confidence. Practical examples and real-world insights illustrate critical topics and show what essential practices look like on the ground, while detailed explanations of technical and business concepts give you the background you need to apply identify and implement appropriate security solutions. End-of-chapter reviews help solidify your understanding of each objective, and cutting-edge exam prep software features electronic flashcards, hands-on lab exercises, and hundreds of practice questions to help you test your knowledge in advance of the exam.

The next few years will bring a 45-fold increase in digital data, and at least one third of that data will pass through the cloud. The level of risk to data everywhere is growing in parallel, and organizations are in need of qualified data security professionals; the CASP+ certification validates this in-demand skill set, and this book is your ideal resource for passing the exam.

  • Master cryptography, controls, vulnerability analysis, and network security
  • Identify risks and execute mitigation planning, strategies, and controls
  • Analyze security trends and their impact on your organization
  • Integrate business and technical components to achieve a secure enterprise architecture

CASP+ meets the ISO 17024 standard, and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is also compliant with government regulations under the Federal Information Security Management Act (FISMA). As such, this career-building credential makes you in demand in the marketplace and shows that you are qualified to address enterprise-level security concerns. The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, is the preparation resource you need to take the next big step for your career and pass with flying colors.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es CASP+ CompTIA Advanced Security Practitioner Study Guide un PDF/ePUB en línea?
Sí, puedes acceder a CASP+ CompTIA Advanced Security Practitioner Study Guide de Jeff T. Parker, Michael Gregg en formato PDF o ePUB, así como a otros libros populares de Computer Science y Cyber Security. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Sybex
Año
2019
ISBN
9781119477679
Edición
3
Categoría
Computer Science
Categoría
Cyber Security

Chapter 1
Cryptographic Tools and Techniques

THE FOLLOWING COMPTIA CASP+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
  • images
    2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
  • images
    2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
    • Physical and virtual network and security devices
      • HSM
  • images
    2.3 Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
    • Security implications/privacy concerns
      • TPM
  • images
    4.4 Given a scenario, implement cryptographic techniques.
    • Techniques
      • Key stretching
      • Hashing
      • Digital signature
      • Message authentication
      • Code signing
      • Pseudo-random number generation
      • Perfect forward secrecy
      • Data-at-rest encryption
        • Disk
        • Block
        • File
        • Record
      • Steganography
    • Implementations
      • DRM
      • Watermarking
      • GPG
      • SSL/TLS
      • SSH
      • S/MIME
      • Cryptographic applications and proper/improper implementations
        • Strength
        • Performance
        • Feasibility to implement
        • Interoperability
      • Stream vs. block
      • PKI
        • Wild card
        • OCSP vs. CRL
        • Issuance to entities
        • Key escrow
        • Certificate
        • Tokens
        • Stapling
        • Pinning
      • Cryptocurrency/blockchain
images
This chapter discusses cryptography, which can be defined as the art of protecting information by transforming it into an unreadable format. Everywhere you turn you see cryptography. It is used to protect sensitive information, prove the identity of a claimant, and verify the integrity of an application or program. As a security professional for your company, which of the following would you consider more critical if you could choose only one?
  • Provide a locking cable for every laptop user in the organization.
  • Enforce full disk encryption for every mobile device.
Our choice would be full disk encryption. Typically, the data will be worth more than the cost of a replacement laptop. If the data is lost or exposed, you’ll incur additional costs such as client notification and reputation loss.
As a security professional, you should have a good basic understanding of cryptographic functions. This chapter begins by reviewing a little of the history of cryptography. Next, we discuss basic cryptographic types, explaining symmetric and asymmetric encryption, hashing, digital signatures, and public key infrastructure. These concepts are important as we move on to more advanced topics and begin to look at cryptographic applications. Understanding them will help you prepare for the CompTIA exam and to implement cryptographic solutions to protect your company’s assets better.

The History of Cryptography

Encryption is not a new concept. The desire to keep secrets is as old as civilization. There are two basic ways in which encryption is used: for data at rest and for data in motion. Data at rest might be information on a laptop hard drive or in cloud storage. Data in motion might be data being processed by SQL, a URL requested via HTTP, or information traveling over a VPN at the local coffee shop bound for the corporate network. In each of these cases, protection must be sufficient. The following list includes some examples of early cryptographic systems:
Scytale This system functioned by wrapping a strip of papyrus or leather, on which a message was written, around a rod of fixed diameter. The recipient used a rod of the same diameter to read the message. Although such systems seem basic today, it worked well in the time of the Spartans. Even if someone was to intercept the message, it appeared as a jumble of meaningless letters.
Caesar’s Cipher Julius Caesar is known for an early form of encryption, the Caesar cipher, which was used to transmit messages sent between Caesar and his generals. The cipher worked by means of a simple substitution. Before a message was sent, the plain text was rotated forward by three characters (ROT3). Using Caesar’s cipher to encrypt the word cat would result in fdw. Decrypting required moving back three characters.
Other Examples Substitution ciphers replace one character for another. The best example of a substitution cipher is the Vigenère polyalphabetic cipher. Other historical systems include a running key cipher and the Vernam cipher. The running key cipher is another way to generate the keystream for use with the tabula recta. The Vernam is also known as the onetime pad.

Cryptographic Services

As a security professional, you need to understand cryptographic services and how they are applied. You also need to know the goals of cryptography and basic terms. Although your job may not require you to be a cryptographic expert, to pass the CASP+ exam you should be able to explain how specific cryptographic functions work.

Cryptographic Goals

Cryptography includes methods such as symmetric encryption, asymmetric encryption, hashing, and digital signatures. Each provides specific attributes and solutions. These cryptographic services include the following goals:
Privacy Also called confidentiality. What is private (confidential) should stay private, whether at rest or in transit.
Authentication There should be proof that the message is from the person or entity you believe it to be from.
Integrity Information should remain unaltered at the point at which it was produced, while it is in transmission, and during storage.
Non-repudiation The sender of data is provided with proof of delivery, and the recipient is assured of the sender’s identity.
images
An easy way to remember...

Índice