eBook - ePub
CASP+ CompTIA Advanced Security Practitioner Study Guide
Exam CAS-003
Jeff T. Parker, Michael Gregg
This is a test
Condividi libro
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
CASP+ CompTIA Advanced Security Practitioner Study Guide
Exam CAS-003
Jeff T. Parker, Michael Gregg
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Comprehensive coverage of the new CASP+ exam, with hands-on practice and interactive study tools
The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, offers invaluable preparation for exam CAS-003. Covering 100 percent of the exam objectives, this book provides expert walk-through of essential security concepts and processes to help you tackle this challenging exam with full confidence. Practical examples and real-world insights illustrate critical topics and show what essential practices look like on the ground, while detailed explanations of technical and business concepts give you the background you need to apply identify and implement appropriate security solutions. End-of-chapter reviews help solidify your understanding of each objective, and cutting-edge exam prep software features electronic flashcards, hands-on lab exercises, and hundreds of practice questions to help you test your knowledge in advance of the exam.
The next few years will bring a 45-fold increase in digital data, and at least one third of that data will pass through the cloud. The level of risk to data everywhere is growing in parallel, and organizations are in need of qualified data security professionals; the CASP+ certification validates this in-demand skill set, and this book is your ideal resource for passing the exam.
- Master cryptography, controls, vulnerability analysis, and network security
- Identify risks and execute mitigation planning, strategies, and controls
- Analyze security trends and their impact on your organization
- Integrate business and technical components to achieve a secure enterprise architecture
CASP+ meets the ISO 17024 standard, and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is also compliant with government regulations under the Federal Information Security Management Act (FISMA). As such, this career-building credential makes you in demand in the marketplace and shows that you are qualified to address enterprise-level security concerns. The CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003, Third Edition, is the preparation resource you need to take the next big step for your career and pass with flying colors.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
CASP+ CompTIA Advanced Security Practitioner Study Guide è disponibile online in formato PDF/ePub?
Sì, puoi accedere a CASP+ CompTIA Advanced Security Practitioner Study Guide di Jeff T. Parker, Michael Gregg in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Cyber Security. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Chapter 1
Cryptographic Tools and Techniques
THE FOLLOWING COMPTIA CASP+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
- 2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
- 2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
- Physical and virtual network and security devices
- HSM
- Physical and virtual network and security devices
- 2.3 Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
- Security implications/privacy concerns
- TPM
- Security implications/privacy concerns
- 4.4 Given a scenario, implement cryptographic techniques.
- Techniques
- Key stretching
- Hashing
- Digital signature
- Message authentication
- Code signing
- Pseudo-random number generation
- Perfect forward secrecy
- Data-at-rest encryption
- Disk
- Block
- File
- Record
- Steganography
- Implementations
- DRM
- Watermarking
- GPG
- SSL/TLS
- SSH
- S/MIME
- Cryptographic applications and proper/improper implementations
- Strength
- Performance
- Feasibility to implement
- Interoperability
- Stream vs. block
- PKI
- Wild card
- OCSP vs. CRL
- Issuance to entities
- Key escrow
- Certificate
- Tokens
- Stapling
- Pinning
- Cryptocurrency/blockchain
- Techniques
- Provide a locking cable for every laptop user in the organization.
- Enforce full disk encryption for every mobile device.
Our choice would be full disk encryption. Typically, the data will be worth more than the cost of a replacement laptop. If the data is lost or exposed, you’ll incur additional costs such as client notification and reputation loss.
As a security professional, you should have a good basic understanding of cryptographic functions. This chapter begins by reviewing a little of the history of cryptography. Next, we discuss basic cryptographic types, explaining symmetric and asymmetric encryption, hashing, digital signatures, and public key infrastructure. These concepts are important as we move on to more advanced topics and begin to look at cryptographic applications. Understanding them will help you prepare for the CompTIA exam and to implement cryptographic solutions to protect your company’s assets better.
The History of Cryptography
Encryption is not a new concept. The desire to keep secrets is as old as civilization. There are two basic ways in which encryption is used: for data at rest and for data in motion. Data at rest might be information on a laptop hard drive or in cloud storage. Data in motion might be data being processed by SQL, a URL requested via HTTP, or information traveling over a VPN at the local coffee shop bound for the corporate network. In each of these cases, protection must be sufficient. The following list includes some examples of early cryptographic systems:
Scytale This system functioned by wrapping a strip of papyrus or leather, on which a message was written, around a rod of fixed diameter. The recipient used a rod of the same diameter to read the message. Although such systems seem basic today, it worked well in the time of the Spartans. Even if someone was to intercept the message, it appeared as a jumble of meaningless letters.
Caesar’s Cipher Julius Caesar is known for an early form of encryption, the Caesar cipher, which was used to transmit messages sent between Caesar and his generals. The cipher worked by means of a simple substitution. Before a message was sent, the plain text was rotated forward by three characters (ROT3). Using Caesar’s cipher to encrypt the word cat would result in fdw. Decrypting required moving back three characters.
Other Examples Substitution ciphers replace one character for another. The best example of a substitution cipher is the Vigenère polyalphabetic cipher. Other historical systems include a running key cipher and the Vernam cipher. The running key cipher is another way to generate the keystream for use with the tabula recta. The Vernam is also known as the onetime pad.
Cryptographic Services
As a security professional, you need to understand cryptographic services and how they are applied. You also need to know the goals of cryptography and basic terms. Although your job may not require you to be a cryptographic expert, to pass the CASP+ exam you should be able to explain how specific cryptographic functions work.
Cryptographic Goals
Cryptography includes methods such as symmetric encryption, asymmetric encryption, hashing, and digital signatures. Each provides specific attributes and solutions. These cryptographic services include the following goals:
Privacy Also called confidentiality. What is private (confidential) should stay private, whether at rest or in transit.
Authentication There should be proof that the message is from the person or entity you believe it to be from.
Integrity Information should remain unaltered at the point at which it was produced, while it is in transmission, and during storage.
Non-repudiation The sender of data is provided with proof of delivery, and the recipient is assured of the sender’s identity.
