CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. This complete study package includes * A test-preparation routine proven to help you pass the exams * Chapter-ending exercises, which help you drill on key concepts you must know thoroughly * An online interactive Flash Cards application to help you drill on Key Terms by chapter * A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies * Study plan suggestions and templates to help you organize and optimize your study time Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success. This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including * Ensuring a secure network architecture * Determining the proper infrastructure security design * Implementing secure cloud and virtualization solutions * Performing threat and vulnerability management activities * Implementing appropriate incident response * Applying secure configurations to enterprise mobility * Configuring and implementing endpoint security controls * Troubleshooting issues with cryptographic implementations * Applying appropriate risk strategies

Table of Contents:
Introduction I Part I: Security Architecture Chapter 1 Ensuring a Secure Network Architecture 3 Services 3     Load Balancer 3     Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3     Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6     Web Application Firewall (WAF) 6     Network Access Control (NAC) 8     Virtual Private Network (VPN) 10     Domain Name System Security Extensions (DNSSEC) 11     Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11     Network Address Translation (NAT) Gateway 19     Internet Gateway 21     Forward/Transparent Proxy 21     Reverse Proxy 22     Distributed Denial-of-Service (DDoS) Protection 22     Routers 22     Mail Security 26     Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30     Traffic Mirroring 30     Sensors 32 Segmentation 39     Microsegmentation 40     Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40     Jump Box 43     Screened Subnet 44     Data Zones 44     Staging Environments 45     Guest Environments 45     VPC/Virtual Network (VNET) 45     Availability Zone 46     NAC Lists 47     Policies/Security Groups 47     Regions 49     Access Control Lists (ACLs) 49     Peer-to-Peer 49     Air Gap 49 De-perimeterization/Zero Trust 49     Cloud 50     Remote Work 50     Mobile 50     Outsourcing and Contracting 52     Wireless/Radio Frequency (RF) Networks 53 Merging of Networks from Various Organizations 58     Peering 59     Cloud to on Premises 59     Data Sensitivity Levels 59     Mergers and Acquisitions 60     Cross-domain 61     Federation 61     Directory Services 61 Software-Defined Networking (SDN) 62     Open SDN 63     Hybrid SDN 64     SDN Overlay 64 Exam Preparation Tasks 66 Chapter 2 Determining the Proper Infrastructure Security Design 73 Scalability 73     Vertically 73     Horizontally 74 Resiliency 74     High Availability/Redundancy 74     Diversity/Heterogeneity 75     Course of Action Orchestration 75     Distributed Allocation 76     Replication 76     Clustering 76 Automation 76     Autoscaling 76     Security Orchestration, Automation, and Response (SOAR) 77     Bootstrapping 77 Performance 77 Containerization 78 Virtualization 79 Content Delivery Network 79 Caching 80 Exam Preparation Tasks 81 Chapter 3 Securely Integrating Software Applications 85 Baseline and Templates 85     Baselines 85     Create Benchmarks and Compare to Baselines 85     Templates 86     Secure Design Patterns/Types of Web Technologies 87     Container APIs 88     Secure Coding Standards 89     Application Vetting Processes 90     API Management 91     Middleware 91 Software Assurance 92     Sandboxing/Development Environment 92     Validating Third-Party Libraries 93     Defined DevOps Pipeline 93     Code Signing 94     Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95 Considerations of Integrating Enterprise Applications 100     Customer Relationship Management (CRM) 100     Enterprise Resource Planning (ERP) 100     Configuration Management Database (CMDB) 101     Content Management System (CMS) 101     Integration Enablers 101 Integrating Security into Development Life Cycle 103     Formal Methods 103     Requirements 103     Fielding 104     Insertions and Upgrades 104     Disposal and Reuse 104     Testing 105     Development Approaches 109     Best Practices 117 Exam Preparation Tasks 119 Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125 Data Loss Prevention 125     Blocking Use of External Media 125     Print Blocking 126     Remote Desktop Protocol (RDP) Blocking 126     Clipboard Privacy Controls 127     Restricted Virtual Desktop Infrastructure (VDI) Implementation 128     Data Classification Blocking 128 Data Loss Detection 129     Watermarking 129     Digital Rights Management (DRM) 129     Network Traffic Decryption/Deep Packet Inspection 130     Network Traffic Analysis 130 Data Classification, Labeling, and Tagging 130     Metadata/Attributes 130 Obfuscation 131     Tokenization 131     Scrubbing 131     Masking 132 Anonymization 132 Encrypted vs. Unencrypted 132 Data Life Cycle 132     Create 132     Use 133     Share 133     Store 133     Archive or Destroy 133 Data Inventory and Mapping 133 Data Integrity Management 134 Data Storage, Backup, and Recovery 134     Redundant Array of Inexpensive Disks (RAID) 138 Exam Preparation Tasks 143 Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149 Credential Management 149     Password Repository Application 149     Hardware Key Manager 150     Privileged Access Management 151     Privilege Escalation 151     Password Policies 151     Complexity 153     Length 153     Character Classes 153     History 154     Maximum/Minimum Age 154     Auditing 155     Reversable Encryption 156 Federation 156     Transitive Trust 156     OpenID 156     Security Assertion Markup Language (SAML) 157     Shibboleth 158 Access Control 159     Mandatory Access Control (MAC) 160     Discretionary Access Control (DAC) 160     Role-Based Access Control 161     Rule-Based Access Control 161     Attribute-Based Access Control 161 Protocols 162     Remote Authentication Dial-in User Service (RADIUS) 162     Terminal Access Controller Access Control System (TACACS) 163     Diameter 164     Lightweight Directory Access Protocol (LDAP) 164     Kerberos 165     OAuth 166     802.1X 166     Extensible Authentication Protocol (EAP) 167 Multifactor Authentication (MFA) 168     Knowledge Factors 169     Ownership Factors 169     Characteristic Factors 170     Physiological Characteristics 170     Behavioral Characteristics 171     Biometric Considerations 172     2-Step Verification 173     In-Band 174     Out-of-Band 174 One-Time Password (OTP) 175     HMAC-Based One-Time Password (HOTP) 175     Time-Based One-Time Password (TOTP) 175 Hardware Root of Trust 176 Single Sign-On (SSO) 177 JavaScript Object Notation (JSON) Web Token (JWT) 178 Attestation and Identity Proofing 179 Exam Preparation Tasks 180 Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185 Virtualization Strategies 185     Type 1 vs. Type 2 Hypervisors 186     Containers 187     Emulation 188     Application Virtualization 189     VDI 189 Provisioning and Deprovisioning 189 Middleware 190 Metadata and Tags 190 Deployment Models and Considerations 190     Business Directives 191     Cloud Deployment Models 192 Hosting Models 193     Multitenant 193     Single-Tenant 194 Service Models 194     Software as a Service (SaaS) 194     Platform as a Service (PaaS) 194     Infrastructure as a Service (IaaS) 195 Cloud Provider Limitations 196     Internet Protocol (IP) Address Scheme 196     VPC Peering 196 Extending Appropriate On-premises Controls 196 Storage Models 196     Object Storage/File-Based Storage 197     Database Storage 197     Block Storage 198     Blob Storage 198     Key-Value Pairs 198 Exam Preparation Tasks 199 Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203 Privacy and Confidentiality Requirements 203 Integrity Requirements 204 Non-repudiation 204 Compliance and Policy Requirements 204 Common Cryptography Use Cases 205     Data at Rest 205     Data in Transit 205     Data in Process/Data in Use 205     Protection of Web Services 206     Embedded Systems 206     Key Escrow/Management 207     Mobile Security 209     Secure Authentication 209     Smart Card 209 Common PKI Use Cases 210     Web Services 210     Email 210     Code Signing 211     Federation 211     Trust Models 212     VPN 212     Enterprise and Security Automation/Orchestration 213 Exam Preparation Tasks 214 Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219 Artificial Intelligence 219 Machine Learning 220 Quantum Computing 220 Blockchain 220 Homomorphic Encryption 221 Secure Multiparty Computation 221     Private Information Retrieval 221     Secure Function Evaluation 221     Private Function Evaluation 221 Distributed Consensus 221 Big Data 222 Virtual/Augmented Reality 223 3-D Printing 224 Passwordless Authentication 224 Nano Technology 225 Deep Learning 225     Natural Language Processing 225     Deep Fakes 226 Biometric Impersonation 226 Exam Preparation Tasks 227 Part II: Security Operations Chapter 9 Performing Threat Management Activities 231 Intelligence Types 231     Tactical 231     Strategic 232     Operational 232 Actor Types 233     Advanced Persistent Threat (APT)/Nation-State 233     Insider Threat 234     Competitor 234     Hacktivist 234     Script Kiddie 235     Organized Crime 235 Threat Actor Properties 235     Resource 235     Supply Chain Access 235     Create Vulnerabilities 236     Capabilities/Sophistication 236     Identifying Techniques 237 Intelligence Collection Methods 237     Intelligence Feeds 237     Deep Web 237     Proprietary 238     Open-Source Intelligence (OSINT) 238     Human Intelligence (HUMINT) 243 Frameworks 243     MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243     Diamond Model of Intrusion Analysis 245     Cyber Kill Chain 246 Exam Preparation Tasks 246 Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251 Indicators of Compromise 251     Packet Capture (PCAP) 251     Logs 252     Notifications 256     Notification Severity/Priorities 260     Syslog 261     Unusual Process Activity 263 Response 265     Firewall Rules 265     IPS/IDS Rules 267     ACL Rules 267     Signature Rules 267     Behavior Rules 268     DLP Rules 268     Scripts/Regular Expressions 268 Exam Preparation Tasks 268 Chapter 11 Performing Vulnerability Management Activities 275 Vulnerability Scans 275     Credentialed vs. Non-credentialed 275     Agent-Based/Server-Based 276     Criticality Ranking 277     Active vs. Passive 278 Security Content Automation Protocol (SCAP) 278     Extensible Configuration Checklist Description Format (XCCDF) 278     Open Vulnerability and Assessment Language (OVAL) 279     Common Platform Enumeration (CPE) 279     Common Vulnerabilities and Exposures (CVE) 279     Common Vulnerability Scoring System (CVSS) 279     Common Configuration Enumeration (CCE) 282     Asset Reporting Format (ARF) 282 Self-assessment vs. Third-Party Vendor Assessment 283 Patch Management 283     Manual Patch Management 284     Automated Patch Management 284 Information Sources 284     Advisories 285     Bulletins 286     Vendor Websites 287     Information Sharing and Analysis Centers (ISACs) 287     News Reports 287 Exam Preparation Tasks 287 Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293 Methods 293     Static Analysis/Dynamic Analysis 293     Side-Channel Analysis 293     Reverse Engineering 294     Wireless Vulnerability Scan 295     Rogue Access Points 295     Software Composition Analysis 296     Fuzz Testing 296     Pivoting 297     Post-exploitation 297     Persistence 298 Tools 298     SCAP Scanner 298     Network Traffic Analyzer 299     Vulnerability Scanner 300     Protocol Analyzer 302     Port Scanner 302     HTTP Interceptor 304     Exploit Framework 304     Password Cracker 306 Dependency Management 307 Requirements 308     Scope of Work 308     Rules of Engagement 308     Invasive vs. Non-invasive 308     Asset Inventory 308     Permissions and Access 309     Corporate Policy Considerations 310     Facility Considerations 310     Physical Security Considerations 310     Rescan for Corrections/Changes 310 Exam Preparation Tasks 310 Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315 Vulnerabilities 315     Race Conditions 315     Overflows 315     Broken Authentication 318     Unsecure References 319     Poor Exception Handling 319     Security Misconfiguration 319     Improper Headers 320     Information Disclosure 321     Certificate Errors 321     Weak Cryptography Implementations 321     Weak Ciphers 322     Weak Cipher Suite Implementations 322     Software Composition Analysis 322     Use of Vulnerable Frameworks and Software Modules 323     Use of Unsafe Functions 323     Third-Party Libraries 323     Code Injections/Malicious Changes 324     End of Support/End of Life 324     Regression Issues 324 Inherently Vulnerable System/Application 325     Client-Side Processing vs. Server-Side Processing 325     JSON/Representational State Transfer (REST) 326     Browser Extensions 326     Hypertext Markup Language 5 (HTML5) 327     Asynchronous JavaScript and XML (AJAX) 327     Simple Object Access Protocol (SOAP) 329     Machine Code vs. Bytecode or Interpreted vs. Emulated 329 Attacks 329     Directory Traversal 330     Cross-site Scripting (XSS) 331     Cross-site Request Forgery (CSRF) 331     Injection 332     Sandbox Escape 337     Virtual Machine (VM) Hopping 337     VM Escape 337     Border Gateway Protocol (BGP) Route Hijacking 338     Interception Attacks 339     Denial-of-Service (DoS)/DDoS 339     Authentication Bypass 340     Social Engineering 340     VLAN Hopping 341 Exam Preparation Tasks 341 Chapter 14 Using Processes to Reduce Risk 347 Proactive and Detection 347     Hunts 347     Developing Countermeasures 347     Deceptive Technologies 347 Security Data Analytics 348     Processing Pipelines 349     Indexing and Search 350     Log Collection and Curation 350     Database Activity Monitoring 350 Preventive 351     Antivirus 352     Immutable Systems 352     Hardening 352     Sandbox Detonation 352 Application Control 353     License Technologies 353     Allow List vs. Block List 354     Time of Check vs. Time of Use 354     Atomic Execution 355 Security Automation 355     Cron/Scheduled Tasks 355     Bash 356     PowerShell 357     Python 357 Physical Security 358     Review of Lighting 358     Review of Visitor Logs 359     Camera Reviews 359     Open Spaces vs. Confined Spaces 361 Exam Preparation Tasks 362 Chapter 15 Implementing the Appropriate Incident Response 367 Event Classifications 367     False Positive 367     False Negative 367     True Positive 367     True Negative 367 Triage Event 367 Preescalation Tasks 368 Incident Response Process 368     Preparation 369     Training 369     Testing 370     Detection 370     Analysis 371     Containment 371     Recovery 371     Response 372     Lessons Learned 372 Specific Response Playbooks/Processes 373     Scenarios 373     Non-automated Response Methods 374     Automated Response Methods 374 Communication Plan 375 Stakeholder Management 377     Legal 377     Human Resources 377     Public Relations 378     Internal and External 378 Exam Preparation Tasks 379 Chapter 16 Forensic Concepts 385 Legal vs. Internal Corporate Purposes 385 Forensic Process 385     Identification 385     Evidence Collection 385     Evidence Preservation 388     Analysis 389     Verification 391     Presentation 391 Integrity Preservation 392     Hashing 392 Cryptanalysis 394 Steganalysis 394 Exam Preparation Tasks 394 Chapter 17 Forensic Analysis Tools 399 File Carving Tools 399     Foremost 399     Strings 400 Binary Analysis Tools 401     Hex Dump 401     Binwalk 401     Ghidra 401     GNU Project Debugger (GDB) 401     OllyDbg 402     readelf 402     objdump 402     strace 402     ldd 402     file 403 Analysis Tools 403     ExifTool 403     Nmap 403     Aircrack-ng 403     Volatility 404     The Sleuth Kit 405     Dynamically vs. Statically Linked 405 Imaging Tools 405     Forensic Toolkit (FTK) Imager 405     dd 406 Hashing Utilities 407     sha256sum 407     ssdeep 407 Live Collection vs. Post-mortem Tools 407     netstat 407     ps 409     vmstat 409     ldd 410     lsof 410     netcat 410     tcpdump 411     conntrack 411     Wireshark 412 Exam Preparation Tasks 413 Part III: Security Engineering and Cryptography Chapter 18 Applying Secure Configurations to Enterprise Mobility 419 Managed Configurations 419     Application Control 419     Password 419     MFA Requirements 420     Token-Based Access 421     Patch Repository 422     Firmware Over-the-Air 422     Remote Wipe 422     Wi-Fi 423     Profiles 424     Bluetooth 424     Near-Field Communication (NFC) 424     Peripherals 425     Geofencing 425     VPN Settings 425     Geotagging 426     Certificate Management 426     Full Device Encryption 427     Tethering 427     Airplane Mode 427     Location Services 427     DNS over HTTPS (DoH) 428     Custom DNS 428 Deployment Scenarios 429     Bring Your Own Device (BYOD) 429     Corporate-Owned 429     Corporate-Owned, Personally Enabled (COPE) 429     Choose Your Own Device (CYOD) 429     Implications of Wearable Devices 429     Digital Forensics on Collected Data 430     Unauthorized Application Stores 431     Jailbreaking/Rooting 431     Side Loading 431     Containerization 432     Original Equipment Manufacturer (OEM) and Carrier Differences 432     Supply Chain Issues 432     eFuse 432 Exam Preparation Tasks 433 Chapter 19 Configuring and Implementing Endpoint Security Controls 437 Hardening Techniques 437     Removing Unneeded Services 437     Disabling Unused Accounts 438     Images/Templates 438     Removing End-of-Life Devices 438     Removing End-of-Support Device 438     Local Drive Encryption 439     Enabling No-Execute (NX)/Execute Never (XN) Bit 439     Disabling Central Processing Unit (CPU) Virtualization Support 439     Secure Encrypted Enclaves 440     Memory Encryption 440     Shell Restrictions 441     Address Space Layout Randomization (ASLR) 442 Processes 442     Patching 442     Logging 443     Monitoring 443 Mandatory Access Control 444     Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444     Kernel vs. Middleware 445 Trustworthy Computing 445     Trusted Platform Module (TPM) 445     Secure Boot 446     Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447     Attestation Services 448     Hardware Security Module (HSM) 448     Measured Boot 449     Self-Encrypting Drives (SEDs) 450 Compensating Controls 450     Antivirus 450     Application Controls 451     Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451     Host-Based Firewall 451     Endpoint Detection and Response (EDR) 451     Redundant Hardware 452     Self-Healing Hardware 452     User and Entity Behavior Analytics (UEBA) 452 Exam Preparation Tasks 452 Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459 Embedded 459     Internet of Things (IoT) 459     System on a Chip (SoC) 461     Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461 ICS/Supervisory Control and Data Acquisition (SCADA) 462     Programmable Logic Controller (PLC) 463     Historian 463     Ladder Logic 463     Safety Instrumented System 464     Heating, Ventilation, and Air Conditioning (HVAC) 464 Protocols 465     Controller Area Network (CAN) Bus 465     Modbus 466     Distributed Network Protocol 3 (DNP3) 466     Zigbee 467     Common Industrial Protocol (CIP) 467     Data Distribution Service 468 Sectors 468     Energy 469     Manufacturing 469     Healthcare 470     Public Utilities 470     Public Services 470     Facility Services 471 Exam Preparation Tasks 472 Chapter 21 Cloud Technology's Impact on Organizational Security 477 Automation and Orchestration 477 Encryption Configuration 477 Logs 478     Availability 479     Collection 479     Monitoring 479     Configuration 480     Alerting 480 Monitoring Configurations 480 Key Ownership and Location 481 Key Life-Cycle Management 483 Backup and Recovery Methods 485     Cloud as Business Continuity and Disaster Recovery (BCDR) 486     Primary Provider BCDR 486     Alternative Provider BCDR 486 Infrastructure vs. Serverless Computing 486 Application Virtualization 487 Software-Defined Networking 488 Misconfigurations 488 Collaboration Tools 488     Web Conferencing 488     Video Conferencing 489     Audio Conferencing 491     Storage and Document Collaboration Tools 491 Storage Configurations 492     Bit Splitting 493     Data Dispersion 493 Cloud Access Security Broker (CASB) 493 Exam Preparation Tasks 494 Chapter 22 Implementing the Appropriate PKI Solution 499 PKI Hierarchy 499     Registration Authority (RA) 499     Certificate Authority (CA) 499     Subordinate/Intermediate CA 500 Certificate Types 501     Wildcard Certificate 501     Extended Validation 502     Multidomain 502     General Purpose 503 Certificate Usages/Profiles/Templates 504     Client Authentication 504     Server Authentication 504     Digital Signatures 504     Code Signing 505 Extensions 505     Common Name (CN) 505     Subject Alternate Name (SAN) 505 Trusted Providers 505 Trust Model 506 Cross-certification 506 Configure Profiles 507 Life-Cycle Management 507 Public and Private Keys 508 Digital Signature 512 Certificate Pinning 512 Certificate Stapling 512 Certificate Signing Requests (CSRs) 513 Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513 HTTP Strict Transport Security (HSTS) 514 Exam Preparation Tasks 514 Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519 Hashing 519     Secure Hashing Algorithm (SHA) 519     Hash-Based Message Authentication Code (HMAC) 520     Message Digest (MD) 521     RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521     Poly1305 521 Symmetric Algorithms 522     Modes of Operation 523     Stream and Block 526 Asymmetric Algorithms 528     Key Agreement 529     Signing 530     Known Flaws/Weaknesses 531 Protocols 532     Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532     Secure/Multipurpose Internet Mail Extensions (S/MIME) 533     Internet Protocol Security (IPsec) 534     Secure Shell (SSH) 534     EAP 535 Elliptic-Curve Cryptography 535     P256/P384 535 Forward Secrecy 536 Authenticated Encryption with Associated Data 536 Key Stretching 536     Password-Based Key Derivation Function 2 (PBKDF2) 537     Bcrypt 537 Exam Preparation Tasks 537 Implementation and Configuration Issues 542 Validity Dates 542 Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543 Wrong Certificate Type 543     Revoked Certificates 543     Incorrect Name 543     Chain Issues 544     Weak Signing Algorithm 545     Weak Cipher Suite 545     Incorrect Permissions 546     Cipher Mismatches 546     Downgrade 546 Keys 546     Mismatched 547     Improper Key Handling 547     Embedded Keys 548     Rekeying 548     Exposed Private Keys 548     Crypto Shredding 548     Cryptographic Obfuscation 548     Key Rotation 549     Compromised Keys 549 Exam Preparation Tasks 549 Part IV: Governance, Risk, and Compliance Chapter 25 Applying Appropriate Risk Strategies 555 Risk Assessment 555     Likelihood 556     Impact 556     Qualitative vs. Quantitative 557     Exposure Factor 558     Asset Value 558     Total Cost of Ownership (TCO) 559     Return on Investment (ROI) 560     Mean Time to Recovery (MTTR) 562     Mean Time Between Failure (MTBF) 562     Annualized Loss Expectancy (ALE)/Annualized Rate of Occurrence (ARO)/Single Loss Expectancy (SLE) 562     Gap Analysis 564 Risk Handling Techniques 565     Transfer 565     Accept 565     Avoid 566     Mitigate 566 Risk Types 566     Inherent 567     Residual 567     Exceptions 567 Risk Management Life Cycle 568     Identify 569     Assess 570     Control 570     Control Types 572     Review 573     Frameworks 573 Risk Tracking 590     Risk Register 590     Key Performance Indicators/Key Risk Indicators 591 Risk Appetite vs. Risk Tolerance 594     Tradeoff Analysis 595     Usability vs. Security Requirements 595 Policies and Security Practices 595     Separation of Duties 595     Job Rotation 596     Mandatory Vacation 596     Least Privilege 597     Employment and Termination Procedures 598     Training and Awareness for Users 599     Auditing Requirements and Frequency 601 Exam Preparation Tasks 601 Chapter 26 Managing and Mitigating Vendor Risk 607 Shared Responsibility Model (Roles/Responsibilities) 607     Cloud Service Provider (CSP) 607     Client 609 Vendor Lock-in and Vendor Lock-out 610 Vendor Viability 610     Financial Risk 610     Merger or Acquisition Risk 610 Meeting Client Requirements 610     Legal 610     Change Management 611     Staff Turnover 612     Device and Technical Configurations 612 Support Availability 615 Geographical Consideration 615 Supply Chain Visibility 615 Incident Reporting Requirements 616 Source Code Escrows 616 Ongoing Vendor Assessment Tools 616 Third-Party Dependencies 616     Code 617     Hardware 617     Modules 618 Technical Considerations 618     Technical Testing 618     Network Segmentation 618     Transmission Control 618     Shared Credentials 619 Exam Preparation Tasks 620 Chapter 27 The Organizational Impact of Compliance Frameworks and Legal Considerations 625 Security Concerns of Integrating Diverse Industries 625     Rules 625     Policies 626     Regulations 626 Data Considerations 626     Data Sovereignty 626     Data Ownership 627     Data Classifications 627     Data Retention 629     Data Types 629     Data Removal, Destruction, and Sanitization 634 Geographic Considerations 635     Location of Data 636     Location of Data Subject 636     Location of Cloud Provider 637 Third-Party Attestation of Compliance 637 Regulations, Accreditations, and Standards 637     Open Standards 638     Adherence to Standards 638     Competing Standards 639     Lack of Standards 639     De Facto Standards 639     Payment Card Industry Data Security Standard (PCI DSS) 639     General Data Protection Regulation (GDPR) 640     International Organization for Standardization (ISO) 641     Capability Maturity Model Integration (CMMI) 643     National Institute of Standards and Technology (NIST) 644     Children's Online Privacy Protection Act (COPPA) 644     Common Criteria 644     Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) 646 Legal Considerations 646     Due Diligence/Due Care 646     Export Controls 647     Legal Holds 648     E-Discovery 648 Contract and Agreement Types 648     Service-Level Agreement (SLA) 649     Master Service Agreement (MSA) 649     Non-disclosure Agreement (NDA) 650     Memorandum of Understanding (MOU) 650     Interconnection Security Agreement (ISA) 650     Operational-Level Agreement 651     Privacy-Level Agreement 651 Exam Preparation Tasks 651 Chapter 28 Business Continuity and Disaster Recovery Concepts 657 Develop Contingency Planning Policy 658     Conduct the BIA 658     Identify Critical Processes and Resources 659     Recovery Time Objective 659     Recovery Point Objective 659     Recovery Service Level 659     Mission Essential Functions 659 Privacy Impact Assessment 660 Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP) 660     Personnel Components 661     Project Scope 661     Business Continuity Steps 662     Recovery and Multiple Site Strategies 662     Cold Site 663     Warm Site 663     Hot Site 663     Mobile Site 664 Incident Response Plan 664     Roles/Responsibilities 665     After-Action Reports 666 Testing Plans 666     Checklist 666     Walk-through 666     Tabletop Exercises 666     Full Interruption Test 667     Parallel Test/Simulation Test 667 Exam Preparation Tasks 667 Tools for Final Preparation 672 Pearson Test Prep Practice Test Software and Questions on the Website 672 Chapter 29 Final Preparation 673 Accessing the Pearson Test Prep Software Online 673 Accessing the Pearson Test Prep Practice Test Software Offline 673 Customizing Your Exams 674 Updating Your Exams 675 Premium Edition 676 Chapter-Ending Review Tools 676 Suggested Plan for Final Review/Study 676 Appendix A Answers to the Review Questions 679 Glossary 709 Online Elements Appendix B Memory Tables Appendix C Memory Tables Answer Key Appendix D Study Planner Glossary 9780137348954    TOC    5/26/2022