Troy Mcmillan
Comptia Advanced Security Practitioner (Casp+) Cas-004 Cert Guide
Troy Mcmillan
Comptia Advanced Security Practitioner (Casp+) Cas-004 Cert Guide
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of…mehr
Andere Kunden interessierten sich auch für
- Mike SpolskyRocketPrep CompTIA Security+ Concepts 350 Practice Questions and Answers23,99 €
- Sharon A WynneGace Early Childhood Special Education 004 Teacher Certification Test Prep Study Guide54,99 €
- Sharon A. WynneNYSTCE CST Mathematics 004 Practice Test 113,99 €
- Antonia EraudWelfare considerations in animal-assisted interventions : the role of the practitioner19,99 €
- Udayan KhattryOracle Certified Professional Java SE 8 Programmer II 1Z0-809 Practice Tests: 500+ Questions to assess your OCP preparation35,99 €
- Practitioner Research In The Primary School62,99 €
- Ceoe Osat Advanced Mathematics Field 11 Teacher Certification Test Prep Study Guide55,99 €
-
-
-
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. This complete study package includes * A test-preparation routine proven to help you pass the exams * Chapter-ending exercises, which help you drill on key concepts you must know thoroughly * An online interactive Flash Cards application to help you drill on Key Terms by chapter * A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies Study plan suggestions and templates to help you organize and optimize your study time Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success. This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including * Ensuring a secure network architecture * Determining the proper infrastructure security design * Implementing secure cloud and virtualization solutions * Performing threat and vulnerability management activities * Implementing appropriate incident response * Applying secure configurations to enterprise mobility * Configuring and implementing endpoint security controls * Troubleshooting issues with cryptographic implementations * Applying appropriate risk strategies
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Pearson Education
- 3rd edition
- Seitenzahl: 864
- Erscheinungstermin: 5. August 2022
- Englisch
- Abmessung: 231mm x 196mm x 48mm
- Gewicht: 1610g
- ISBN-13: 9780137348954
- ISBN-10: 0137348959
- Artikelnr.: 63625651
- Verlag: Pearson Education
- 3rd edition
- Seitenzahl: 864
- Erscheinungstermin: 5. August 2022
- Englisch
- Abmessung: 231mm x 196mm x 48mm
- Gewicht: 1610g
- ISBN-13: 9780137348954
- ISBN-10: 0137348959
- Artikelnr.: 63625651
Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes * Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification) * Author of CompTIA A+ Complete Review Guide (Sybex) * Author of CompTIA Server + Study Guide (Sybex) * Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) * Prep test question writer for Network+ Study Guide (Sybex) * Technical editor for Windows 7 Study Guide (Sybex) * Contributing author for CCNA-Wireless Study Guide (Sybex) * Technical editor for CCNA Study Guide, Revision 7 (Sybex) * Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex) * Author of Cisco Essentials (Sybex) * Co-author of CISSP Cert Guide (Pearson IT Certification) * Prep test question writer for CCNA Wireless 640-722 (Cisco Press) He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+. He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System
(NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language
(XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data
Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an
Appropriate Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Logs 252
Notifications 256
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
Authentication Bypass 340
Social Engineering 340
VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Security Data Analytics 348
Processing Pipelines 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370
Detection 370
Analysis 371
Containment 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Non-automated Response Methods 374
Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385
Evidence Preservation 388
Analysis 389
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401
OllyDbg 402
readelf 402
objdump 402
strace 402
ldd 402
file 403
Analysis Tools 403
ExifTool 403
Nmap 403
Aircrack-ng 403
Volatility 404
The Sleuth Kit 405
Dynamically vs. Statically Linked 405
Imaging Tools 405
Forensic Toolkit (FTK) Imager 405
dd 406
Hashing Utilities 407
sha256sum 407
ssdeep 407
Live Collection vs. Post-mortem Tools 407
netstat 407
ps 409
vmstat 409
ldd 410
lsof 410
netcat 410
tcpdump 411
conntrack 411
Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
Application Control 419
Password 419
MFA Requirements 420
Token-Based Access 421
Patch Repository 422
Firmware Over-the-Air 422
Remote Wipe 422
Wi-Fi 423
Profiles 424
Bluetooth 424
Near-Field Communication (NFC) 424
Peripherals 425
Geofencing 425
VPN Settings 425
Geotagging 426
Certificate Management 426
Full Device Encryption 427
Tethering 427
Airplane Mode 427
Location Services 427
DNS over HTTPS (DoH) 428
Custom DNS 428
Deployment Scenarios 429
Bring Your Own Device (BYOD) 429
Corporate-Owned 429
Corporate-Owned, Personally Enabled (COPE) 429
Choose Your Own Device (CYOD) 429
Implications of Wearable Devices 429
Digital Forensics on Collected Data 430
Unauthorized Application Stores 431
Jailbreaking/Rooting 431
Side Loading 431
Containerization 432
Original Equipment Manufacturer (OEM) and Carrier Differences 432
Supply Chain Issues 432
eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
Removing Unneeded Services 437
Disabling Unused Accounts 438
Images/Templates 438
Removing End-of-Life Devices 438
Removing End-of-Support Device 438
Local Drive Encryption 439
Enabling No-Execute (NX)/Execute Never (XN) Bit 439
Disabling Central Processing Unit (CPU) Virtualization Support 439
Secure Encrypted Enclaves 440
Memory Encryption 440
Shell Restrictions 441
Address Space Layout Randomization (ASLR) 442
Processes 442
Patching 442
Logging 443
Monitoring 443
Mandatory Access Control 444
Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
Kernel vs. Middleware 445
Trustworthy Computing 445
Trusted Platform Module (TPM) 445
Secure Boot 446
Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System
(BIOS) Protection 447
Attestation Services 448
Hardware Security Module (HSM) 448
Measured Boot 449
Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
Antivirus 450
Application Controls 451
Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion
Prevention System (HIPS) 451
Host-Based Firewall 451
Endpoint Detection and Response (EDR) 451
Redundant Hardware 452
Self-Healing Hardware 452
User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and
Operational Technologies 459
Embedded 459
Internet of Things (IoT) 459
System on a Chip (SoC) 461
Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate
Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
Programmable Logic Controller (PLC) 463
Historian 463
Ladder Logic 463
Safety Instrumented System 464
Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
Controller Area Network (CAN) Bus 465
Modbus 466
Distributed Network Protocol 3 (DNP3) 466
Zigbee 467
Common Industrial Protocol (CIP) 467
Data Distribution Service 468
Sectors 468
Energy 469
Manufacturing 469
Healthcare 470
Public Utilities 470
Public Services 470
Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
Availability 479
Collection 479
Monitoring 479
Configuration 480
Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
Cloud as Business Continuity and Disaster Recovery (BCDR) 486
Primary Provider BCDR 486
Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
Web Conferencing 488
Video Conferencing 489
Audio Conferencing 491
Storage and Document Collaboration Tools 491
Storage Configurations 492
Bit Splitting 493
Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
Registration Authority (RA) 499
Certificate Authority (CA) 499
Subordinate/Intermediate CA 500
Certificate Types 501
Wildcard Certificate 501
Extended Validation 502
Multidomain 502
General Purpose 503
Certificate Usages/Profiles/Templates 504
Client Authentication 504
Server Authentication 504
Digital Signatures 504
Code Signing 505
Extensions 505
Common Name (CN) 505
Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List
(CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
Hashing 519
Secure Hashing Algorithm (SHA) 519
Hash-Based Message Authentication Code (HMAC) 520
Message Digest (MD) 521
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
Poly1305 521
Symmetric Algorithms 522
Modes of Operation 523
Stream and Block 526
Asymmetric Algorithms 528
Key Agreement 529
Signing 530
Known Flaws/Weaknesses 531
Protocols 532
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
Internet Protocol Security (IPsec) 534
Secure Shell (SSH) 534
EAP 535
Elliptic-Curve Cryptography 535
P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
Password-Based Key Derivation Function 2 (PBKDF2) 537
Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
Revoked Certificates 543
Incorrect Name 543
Chain Issues 544
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System
(NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language
(XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data
Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an
Appropriate Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Logs 252
Notifications 256
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
Authentication Bypass 340
Social Engineering 340
VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Security Data Analytics 348
Processing Pipelines 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370
Detection 370
Analysis 371
Containment 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Non-automated Response Methods 374
Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385
Evidence Preservation 388
Analysis 389
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401
OllyDbg 402
readelf 402
objdump 402
strace 402
ldd 402
file 403
Analysis Tools 403
ExifTool 403
Nmap 403
Aircrack-ng 403
Volatility 404
The Sleuth Kit 405
Dynamically vs. Statically Linked 405
Imaging Tools 405
Forensic Toolkit (FTK) Imager 405
dd 406
Hashing Utilities 407
sha256sum 407
ssdeep 407
Live Collection vs. Post-mortem Tools 407
netstat 407
ps 409
vmstat 409
ldd 410
lsof 410
netcat 410
tcpdump 411
conntrack 411
Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
Application Control 419
Password 419
MFA Requirements 420
Token-Based Access 421
Patch Repository 422
Firmware Over-the-Air 422
Remote Wipe 422
Wi-Fi 423
Profiles 424
Bluetooth 424
Near-Field Communication (NFC) 424
Peripherals 425
Geofencing 425
VPN Settings 425
Geotagging 426
Certificate Management 426
Full Device Encryption 427
Tethering 427
Airplane Mode 427
Location Services 427
DNS over HTTPS (DoH) 428
Custom DNS 428
Deployment Scenarios 429
Bring Your Own Device (BYOD) 429
Corporate-Owned 429
Corporate-Owned, Personally Enabled (COPE) 429
Choose Your Own Device (CYOD) 429
Implications of Wearable Devices 429
Digital Forensics on Collected Data 430
Unauthorized Application Stores 431
Jailbreaking/Rooting 431
Side Loading 431
Containerization 432
Original Equipment Manufacturer (OEM) and Carrier Differences 432
Supply Chain Issues 432
eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
Removing Unneeded Services 437
Disabling Unused Accounts 438
Images/Templates 438
Removing End-of-Life Devices 438
Removing End-of-Support Device 438
Local Drive Encryption 439
Enabling No-Execute (NX)/Execute Never (XN) Bit 439
Disabling Central Processing Unit (CPU) Virtualization Support 439
Secure Encrypted Enclaves 440
Memory Encryption 440
Shell Restrictions 441
Address Space Layout Randomization (ASLR) 442
Processes 442
Patching 442
Logging 443
Monitoring 443
Mandatory Access Control 444
Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
Kernel vs. Middleware 445
Trustworthy Computing 445
Trusted Platform Module (TPM) 445
Secure Boot 446
Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System
(BIOS) Protection 447
Attestation Services 448
Hardware Security Module (HSM) 448
Measured Boot 449
Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
Antivirus 450
Application Controls 451
Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion
Prevention System (HIPS) 451
Host-Based Firewall 451
Endpoint Detection and Response (EDR) 451
Redundant Hardware 452
Self-Healing Hardware 452
User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and
Operational Technologies 459
Embedded 459
Internet of Things (IoT) 459
System on a Chip (SoC) 461
Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate
Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
Programmable Logic Controller (PLC) 463
Historian 463
Ladder Logic 463
Safety Instrumented System 464
Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
Controller Area Network (CAN) Bus 465
Modbus 466
Distributed Network Protocol 3 (DNP3) 466
Zigbee 467
Common Industrial Protocol (CIP) 467
Data Distribution Service 468
Sectors 468
Energy 469
Manufacturing 469
Healthcare 470
Public Utilities 470
Public Services 470
Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
Availability 479
Collection 479
Monitoring 479
Configuration 480
Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
Cloud as Business Continuity and Disaster Recovery (BCDR) 486
Primary Provider BCDR 486
Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
Web Conferencing 488
Video Conferencing 489
Audio Conferencing 491
Storage and Document Collaboration Tools 491
Storage Configurations 492
Bit Splitting 493
Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
Registration Authority (RA) 499
Certificate Authority (CA) 499
Subordinate/Intermediate CA 500
Certificate Types 501
Wildcard Certificate 501
Extended Validation 502
Multidomain 502
General Purpose 503
Certificate Usages/Profiles/Templates 504
Client Authentication 504
Server Authentication 504
Digital Signatures 504
Code Signing 505
Extensions 505
Common Name (CN) 505
Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List
(CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
Hashing 519
Secure Hashing Algorithm (SHA) 519
Hash-Based Message Authentication Code (HMAC) 520
Message Digest (MD) 521
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
Poly1305 521
Symmetric Algorithms 522
Modes of Operation 523
Stream and Block 526
Asymmetric Algorithms 528
Key Agreement 529
Signing 530
Known Flaws/Weaknesses 531
Protocols 532
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
Internet Protocol Security (IPsec) 534
Secure Shell (SSH) 534
EAP 535
Elliptic-Curve Cryptography 535
P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
Password-Based Key Derivation Function 2 (PBKDF2) 537
Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
Revoked Certificates 543
Incorrect Name 543
Chain Issues 544
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System
(NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language
(XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data
Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an
Appropriate Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Logs 252
Notifications 256
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
Authentication Bypass 340
Social Engineering 340
VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Security Data Analytics 348
Processing Pipelines 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370
Detection 370
Analysis 371
Containment 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Non-automated Response Methods 374
Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385
Evidence Preservation 388
Analysis 389
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401
OllyDbg 402
readelf 402
objdump 402
strace 402
ldd 402
file 403
Analysis Tools 403
ExifTool 403
Nmap 403
Aircrack-ng 403
Volatility 404
The Sleuth Kit 405
Dynamically vs. Statically Linked 405
Imaging Tools 405
Forensic Toolkit (FTK) Imager 405
dd 406
Hashing Utilities 407
sha256sum 407
ssdeep 407
Live Collection vs. Post-mortem Tools 407
netstat 407
ps 409
vmstat 409
ldd 410
lsof 410
netcat 410
tcpdump 411
conntrack 411
Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
Application Control 419
Password 419
MFA Requirements 420
Token-Based Access 421
Patch Repository 422
Firmware Over-the-Air 422
Remote Wipe 422
Wi-Fi 423
Profiles 424
Bluetooth 424
Near-Field Communication (NFC) 424
Peripherals 425
Geofencing 425
VPN Settings 425
Geotagging 426
Certificate Management 426
Full Device Encryption 427
Tethering 427
Airplane Mode 427
Location Services 427
DNS over HTTPS (DoH) 428
Custom DNS 428
Deployment Scenarios 429
Bring Your Own Device (BYOD) 429
Corporate-Owned 429
Corporate-Owned, Personally Enabled (COPE) 429
Choose Your Own Device (CYOD) 429
Implications of Wearable Devices 429
Digital Forensics on Collected Data 430
Unauthorized Application Stores 431
Jailbreaking/Rooting 431
Side Loading 431
Containerization 432
Original Equipment Manufacturer (OEM) and Carrier Differences 432
Supply Chain Issues 432
eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
Removing Unneeded Services 437
Disabling Unused Accounts 438
Images/Templates 438
Removing End-of-Life Devices 438
Removing End-of-Support Device 438
Local Drive Encryption 439
Enabling No-Execute (NX)/Execute Never (XN) Bit 439
Disabling Central Processing Unit (CPU) Virtualization Support 439
Secure Encrypted Enclaves 440
Memory Encryption 440
Shell Restrictions 441
Address Space Layout Randomization (ASLR) 442
Processes 442
Patching 442
Logging 443
Monitoring 443
Mandatory Access Control 444
Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
Kernel vs. Middleware 445
Trustworthy Computing 445
Trusted Platform Module (TPM) 445
Secure Boot 446
Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System
(BIOS) Protection 447
Attestation Services 448
Hardware Security Module (HSM) 448
Measured Boot 449
Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
Antivirus 450
Application Controls 451
Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion
Prevention System (HIPS) 451
Host-Based Firewall 451
Endpoint Detection and Response (EDR) 451
Redundant Hardware 452
Self-Healing Hardware 452
User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and
Operational Technologies 459
Embedded 459
Internet of Things (IoT) 459
System on a Chip (SoC) 461
Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate
Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
Programmable Logic Controller (PLC) 463
Historian 463
Ladder Logic 463
Safety Instrumented System 464
Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
Controller Area Network (CAN) Bus 465
Modbus 466
Distributed Network Protocol 3 (DNP3) 466
Zigbee 467
Common Industrial Protocol (CIP) 467
Data Distribution Service 468
Sectors 468
Energy 469
Manufacturing 469
Healthcare 470
Public Utilities 470
Public Services 470
Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
Availability 479
Collection 479
Monitoring 479
Configuration 480
Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
Cloud as Business Continuity and Disaster Recovery (BCDR) 486
Primary Provider BCDR 486
Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
Web Conferencing 488
Video Conferencing 489
Audio Conferencing 491
Storage and Document Collaboration Tools 491
Storage Configurations 492
Bit Splitting 493
Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
Registration Authority (RA) 499
Certificate Authority (CA) 499
Subordinate/Intermediate CA 500
Certificate Types 501
Wildcard Certificate 501
Extended Validation 502
Multidomain 502
General Purpose 503
Certificate Usages/Profiles/Templates 504
Client Authentication 504
Server Authentication 504
Digital Signatures 504
Code Signing 505
Extensions 505
Common Name (CN) 505
Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List
(CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
Hashing 519
Secure Hashing Algorithm (SHA) 519
Hash-Based Message Authentication Code (HMAC) 520
Message Digest (MD) 521
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
Poly1305 521
Symmetric Algorithms 522
Modes of Operation 523
Stream and Block 526
Asymmetric Algorithms 528
Key Agreement 529
Signing 530
Known Flaws/Weaknesses 531
Protocols 532
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
Internet Protocol Security (IPsec) 534
Secure Shell (SSH) 534
EAP 535
Elliptic-Curve Cryptography 535
P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
Password-Based Key Derivation Function 2 (PBKDF2) 537
Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
Revoked Certificates 543
Incorrect Name 543
Chain Issues 544
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System
(NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System
(NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language
(XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application
Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data
Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization
Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography
and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise
Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an
Appropriate Response 251
Indicators of Compromise 251
Packet Capture (PCAP) 251
Logs 252
Notifications 256
Notification Severity/Priorities 260
Syslog 261
Unusual Process Activity 263
Response 265
Firewall Rules 265
IPS/IDS Rules 267
ACL Rules 267
Signature Rules 267
Behavior Rules 268
DLP Rules 268
Scripts/Regular Expressions 268
Exam Preparation Tasks 268
Chapter 11 Performing Vulnerability Management Activities 275
Vulnerability Scans 275
Credentialed vs. Non-credentialed 275
Agent-Based/Server-Based 276
Criticality Ranking 277
Active vs. Passive 278
Security Content Automation Protocol (SCAP) 278
Extensible Configuration Checklist Description Format (XCCDF) 278
Open Vulnerability and Assessment Language (OVAL) 279
Common Platform Enumeration (CPE) 279
Common Vulnerabilities and Exposures (CVE) 279
Common Vulnerability Scoring System (CVSS) 279
Common Configuration Enumeration (CCE) 282
Asset Reporting Format (ARF) 282
Self-assessment vs. Third-Party Vendor Assessment 283
Patch Management 283
Manual Patch Management 284
Automated Patch Management 284
Information Sources 284
Advisories 285
Bulletins 286
Vendor Websites 287
Information Sharing and Analysis Centers (ISACs) 287
News Reports 287
Exam Preparation Tasks 287
Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration
Testing Methods and Tools 293
Methods 293
Static Analysis/Dynamic Analysis 293
Side-Channel Analysis 293
Reverse Engineering 294
Wireless Vulnerability Scan 295
Rogue Access Points 295
Software Composition Analysis 296
Fuzz Testing 296
Pivoting 297
Post-exploitation 297
Persistence 298
Tools 298
SCAP Scanner 298
Network Traffic Analyzer 299
Vulnerability Scanner 300
Protocol Analyzer 302
Port Scanner 302
HTTP Interceptor 304
Exploit Framework 304
Password Cracker 306
Dependency Management 307
Requirements 308
Scope of Work 308
Rules of Engagement 308
Invasive vs. Non-invasive 308
Asset Inventory 308
Permissions and Access 309
Corporate Policy Considerations 310
Facility Considerations 310
Physical Security Considerations 310
Rescan for Corrections/Changes 310
Exam Preparation Tasks 310
Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315
Vulnerabilities 315
Race Conditions 315
Overflows 315
Broken Authentication 318
Unsecure References 319
Poor Exception Handling 319
Security Misconfiguration 319
Improper Headers 320
Information Disclosure 321
Certificate Errors 321
Weak Cryptography Implementations 321
Weak Ciphers 322
Weak Cipher Suite Implementations 322
Software Composition Analysis 322
Use of Vulnerable Frameworks and Software Modules 323
Use of Unsafe Functions 323
Third-Party Libraries 323
Code Injections/Malicious Changes 324
End of Support/End of Life 324
Regression Issues 324
Inherently Vulnerable System/Application 325
Client-Side Processing vs. Server-Side Processing 325
JSON/Representational State Transfer (REST) 326
Browser Extensions 326
Hypertext Markup Language 5 (HTML5) 327
Asynchronous JavaScript and XML (AJAX) 327
Simple Object Access Protocol (SOAP) 329
Machine Code vs. Bytecode or Interpreted vs. Emulated 329
Attacks 329
Directory Traversal 330
Cross-site Scripting (XSS) 331
Cross-site Request Forgery (CSRF) 331
Injection 332
Sandbox Escape 337
Virtual Machine (VM) Hopping 337
VM Escape 337
Border Gateway Protocol (BGP) Route Hijacking 338
Interception Attacks 339
Denial-of-Service (DoS)/DDoS 339
Authentication Bypass 340
Social Engineering 340
VLAN Hopping 341
Exam Preparation Tasks 341
Chapter 14 Using Processes to Reduce Risk 347
Proactive and Detection 347
Hunts 347
Developing Countermeasures 347
Deceptive Technologies 347
Security Data Analytics 348
Processing Pipelines 349
Indexing and Search 350
Log Collection and Curation 350
Database Activity Monitoring 350
Preventive 351
Antivirus 352
Immutable Systems 352
Hardening 352
Sandbox Detonation 352
Application Control 353
License Technologies 353
Allow List vs. Block List 354
Time of Check vs. Time of Use 354
Atomic Execution 355
Security Automation 355
Cron/Scheduled Tasks 355
Bash 356
PowerShell 357
Python 357
Physical Security 358
Review of Lighting 358
Review of Visitor Logs 359
Camera Reviews 359
Open Spaces vs. Confined Spaces 361
Exam Preparation Tasks 362
Chapter 15 Implementing the Appropriate Incident Response 367
Event Classifications 367
False Positive 367
False Negative 367
True Positive 367
True Negative 367
Triage Event 367
Preescalation Tasks 368
Incident Response Process 368
Preparation 369
Training 369
Testing 370
Detection 370
Analysis 371
Containment 371
Recovery 371
Response 372
Lessons Learned 372
Specific Response Playbooks/Processes 373
Scenarios 373
Non-automated Response Methods 374
Automated Response Methods 374
Communication Plan 375
Stakeholder Management 377
Legal 377
Human Resources 377
Public Relations 378
Internal and External 378
Exam Preparation Tasks 379
Chapter 16 Forensic Concepts 385
Legal vs. Internal Corporate Purposes 385
Forensic Process 385
Identification 385
Evidence Collection 385
Evidence Preservation 388
Analysis 389
Verification 391
Presentation 391
Integrity Preservation 392
Hashing 392
Cryptanalysis 394
Steganalysis 394
Exam Preparation Tasks 394
Chapter 17 Forensic Analysis Tools 399
File Carving Tools 399
Foremost 399
Strings 400
Binary Analysis Tools 401
Hex Dump 401
Binwalk 401
Ghidra 401
GNU Project Debugger (GDB) 401
OllyDbg 402
readelf 402
objdump 402
strace 402
ldd 402
file 403
Analysis Tools 403
ExifTool 403
Nmap 403
Aircrack-ng 403
Volatility 404
The Sleuth Kit 405
Dynamically vs. Statically Linked 405
Imaging Tools 405
Forensic Toolkit (FTK) Imager 405
dd 406
Hashing Utilities 407
sha256sum 407
ssdeep 407
Live Collection vs. Post-mortem Tools 407
netstat 407
ps 409
vmstat 409
ldd 410
lsof 410
netcat 410
tcpdump 411
conntrack 411
Wireshark 412
Exam Preparation Tasks 413
Part III: Security Engineering and Cryptography
Chapter 18 Applying Secure Configurations to Enterprise Mobility 419
Managed Configurations 419
Application Control 419
Password 419
MFA Requirements 420
Token-Based Access 421
Patch Repository 422
Firmware Over-the-Air 422
Remote Wipe 422
Wi-Fi 423
Profiles 424
Bluetooth 424
Near-Field Communication (NFC) 424
Peripherals 425
Geofencing 425
VPN Settings 425
Geotagging 426
Certificate Management 426
Full Device Encryption 427
Tethering 427
Airplane Mode 427
Location Services 427
DNS over HTTPS (DoH) 428
Custom DNS 428
Deployment Scenarios 429
Bring Your Own Device (BYOD) 429
Corporate-Owned 429
Corporate-Owned, Personally Enabled (COPE) 429
Choose Your Own Device (CYOD) 429
Implications of Wearable Devices 429
Digital Forensics on Collected Data 430
Unauthorized Application Stores 431
Jailbreaking/Rooting 431
Side Loading 431
Containerization 432
Original Equipment Manufacturer (OEM) and Carrier Differences 432
Supply Chain Issues 432
eFuse 432
Exam Preparation Tasks 433
Chapter 19 Configuring and Implementing Endpoint Security Controls 437
Hardening Techniques 437
Removing Unneeded Services 437
Disabling Unused Accounts 438
Images/Templates 438
Removing End-of-Life Devices 438
Removing End-of-Support Device 438
Local Drive Encryption 439
Enabling No-Execute (NX)/Execute Never (XN) Bit 439
Disabling Central Processing Unit (CPU) Virtualization Support 439
Secure Encrypted Enclaves 440
Memory Encryption 440
Shell Restrictions 441
Address Space Layout Randomization (ASLR) 442
Processes 442
Patching 442
Logging 443
Monitoring 443
Mandatory Access Control 444
Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444
Kernel vs. Middleware 445
Trustworthy Computing 445
Trusted Platform Module (TPM) 445
Secure Boot 446
Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System
(BIOS) Protection 447
Attestation Services 448
Hardware Security Module (HSM) 448
Measured Boot 449
Self-Encrypting Drives (SEDs) 450
Compensating Controls 450
Antivirus 450
Application Controls 451
Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion
Prevention System (HIPS) 451
Host-Based Firewall 451
Endpoint Detection and Response (EDR) 451
Redundant Hardware 452
Self-Healing Hardware 452
User and Entity Behavior Analytics (UEBA) 452
Exam Preparation Tasks 452
Chapter 20 Security Considerations Impacting Specific Sectors and
Operational Technologies 459
Embedded 459
Internet of Things (IoT) 459
System on a Chip (SoC) 461
Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate
Array (FPGA) 461
ICS/Supervisory Control and Data Acquisition (SCADA) 462
Programmable Logic Controller (PLC) 463
Historian 463
Ladder Logic 463
Safety Instrumented System 464
Heating, Ventilation, and Air Conditioning (HVAC) 464
Protocols 465
Controller Area Network (CAN) Bus 465
Modbus 466
Distributed Network Protocol 3 (DNP3) 466
Zigbee 467
Common Industrial Protocol (CIP) 467
Data Distribution Service 468
Sectors 468
Energy 469
Manufacturing 469
Healthcare 470
Public Utilities 470
Public Services 470
Facility Services 471
Exam Preparation Tasks 472
Chapter 21 Cloud Technology's Impact on Organizational Security 477
Automation and Orchestration 477
Encryption Configuration 477
Logs 478
Availability 479
Collection 479
Monitoring 479
Configuration 480
Alerting 480
Monitoring Configurations 480
Key Ownership and Location 481
Key Life-Cycle Management 483
Backup and Recovery Methods 485
Cloud as Business Continuity and Disaster Recovery (BCDR) 486
Primary Provider BCDR 486
Alternative Provider BCDR 486
Infrastructure vs. Serverless Computing 486
Application Virtualization 487
Software-Defined Networking 488
Misconfigurations 488
Collaboration Tools 488
Web Conferencing 488
Video Conferencing 489
Audio Conferencing 491
Storage and Document Collaboration Tools 491
Storage Configurations 492
Bit Splitting 493
Data Dispersion 493
Cloud Access Security Broker (CASB) 493
Exam Preparation Tasks 494
Chapter 22 Implementing the Appropriate PKI Solution 499
PKI Hierarchy 499
Registration Authority (RA) 499
Certificate Authority (CA) 499
Subordinate/Intermediate CA 500
Certificate Types 501
Wildcard Certificate 501
Extended Validation 502
Multidomain 502
General Purpose 503
Certificate Usages/Profiles/Templates 504
Client Authentication 504
Server Authentication 504
Digital Signatures 504
Code Signing 505
Extensions 505
Common Name (CN) 505
Subject Alternate Name (SAN) 505
Trusted Providers 505
Trust Model 506
Cross-certification 506
Configure Profiles 507
Life-Cycle Management 507
Public and Private Keys 508
Digital Signature 512
Certificate Pinning 512
Certificate Stapling 512
Certificate Signing Requests (CSRs) 513
Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List
(CRL) 513
HTTP Strict Transport Security (HSTS) 514
Exam Preparation Tasks 514
Chapter 23 Implementing the Appropriate Cryptographic Protocols and
Algorithms 519
Hashing 519
Secure Hashing Algorithm (SHA) 519
Hash-Based Message Authentication Code (HMAC) 520
Message Digest (MD) 521
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521
Poly1305 521
Symmetric Algorithms 522
Modes of Operation 523
Stream and Block 526
Asymmetric Algorithms 528
Key Agreement 529
Signing 530
Known Flaws/Weaknesses 531
Protocols 532
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532
Secure/Multipurpose Internet Mail Extensions (S/MIME) 533
Internet Protocol Security (IPsec) 534
Secure Shell (SSH) 534
EAP 535
Elliptic-Curve Cryptography 535
P256/P384 535
Forward Secrecy 536
Authenticated Encryption with Associated Data 536
Key Stretching 536
Password-Based Key Derivation Function 2 (PBKDF2) 537
Bcrypt 537
Exam Preparation Tasks 537
Implementation and Configuration Issues 542
Validity Dates 542
Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543
Wrong Certificate Type 543
Revoked Certificates 543
Incorrect Name 543
Chain Issues 544