Cargando…

CASP+ : b preparing tools for all domains CompTIA advanced security practitioner : preparing for the exam and becoming a professional.

Dean Bushmiller will give you the easiest, best path to learning the CompTIA CASP+ This course is about collection of resources and preparation of those resources before you get into the specific domain material. If you have taken other certification exams, this one is different in it's prepara...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Formato: Electrónico Video
Idioma:Inglés
Publicado: [Place of publication not identified] : Expanding Security, [2023]
Edición:[First edition].
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Descripción
Sumario:Dean Bushmiller will give you the easiest, best path to learning the CompTIA CASP+ This course is about collection of resources and preparation of those resources before you get into the specific domain material. If you have taken other certification exams, this one is different in it's preparation and the tools you use to pass. The online reading from https://csf.tools/ require you to know your controls. This section prepares you for success when consuming the actual content of the domains. CASP+ This certification qualifies you to assess cyber readiness within an enterprise. You will be able to design and implement the proper solutions to ensure the organization is ready for the next attack. You will have the knowledge and skills required to do the following: Architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise Use monitoring, detection, incident response, and automation to proactively support ongoing security operations in an enterprise environment Apply security practices to cloud, on-premises, endpoint, and mobile infrastructure, while considering cryptographic technologies and techniques Consider the impact of governance, risk, and compliance requirements throughout the enterprise The 4 courses in the CASP series covers the following topics: Architecture Analyze security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network Services Deperimeterization/zero trust Merging of networks from various organizations Software-defined networking Analyze organizational requirements to determine proper infrastructure security design Scalability Resiliency Automation Performance Containerization Virtualization Content delivery network Caching Integrate software applications securely into an enterprise architecture Baseline and templates Software assurance Considerations of integrating enterprise applications Integrating security into development life cycle Implement data security techniques for securing enterprise architecture Data loss prevention Data loss detection Data classification, labeling, and tagging Obfuscation Anonymization Encrypted versus unencrypted Data life cycle Data inventory and mapping Data integrity management Data storage, backup, and recovery Analyze security requirements and objectives to provide appropriate authentication and authorization controls Credential management Password policies Federation Access control Protocols Multifactor authentication One-time password Hardware root of trust Single sign-on JavaScript Object Notation web token Attestation and identity proofing Implement secure cloud and virtualization solutions Virtualization strategies Provisioning and deprovisioning Middleware Metadata and tags Deployment models and considerations Hosting models Service models Cloud provider limitations Extending appropriate on-premises controls Storage models Explain how cryptography and public key infrastructure support security objectives and requirements Privacy and confidentiality requirements Integrity requirements Non-repudiation Compliance and policy requirements Common cryptography use cases Common Public key infrastructure use cases Explain impact of emerging technologies on enterprise security and privacy Artificial intelligence Machine learning Quantum computing Blockchain Homomorphic encryption Secure multiparty computation Distributed consensus Big Data Virtual reality Three Dimetional printing Passwordless authentication Nano technology Deep learning Biometric impersonation Operations Perform threat management activities Intelligence types Actor types Threat actor properties Intelligence collection methods Frameworks Analyze indicators of compromise and formulate an appropriate response Indicators of compromise Response Rules Perform vulnerability management activities Vulnerability scans Security Content Automation Protocol Self-assessment or third party vendor assessment Patch management Information sources Use appropriate vulnerability assessment and penetration testing methods and tools Methods Tools Dependency management Requirements Analyze vulnerabilities and recommend risk mitigations Vulnerabilities Inherently vulnerable system or application Attacks Use processes to reduce risk Proactive and detection Security data analytics Preventive Application control Security automation Physical security Given an incident, implement appropriate response Event classifications Triage event Preescalation tasks Incident response process Specific response playbooks Communication plan Stakeholder management Explain importance of forensic concepts Legal versus internal corporate purposes Forensic process Integrity preservation Cryptanalysis Steganalysis Use forensic analysis tools File carving tools Binary analysis tools Analysis tools Imaging tools Hashing utilities Live collection versus post-mortem tools Engineering and Cryptography Apply secure configurations to enterprise mobility Managed configurations Deployment scenarios Security considerations Configure and implement endpoint security controls Hardening techniques Processes Mandatory access control Trustworthy computing Compensating controls Explain security considerations impacting specific sectors and operational technologies Embedded ICS/supervisory control and data acquisition Protocols Sectors Explain how cloud technology adoption impacts organizational security Automation and orchestration Encryption configuration Logs Monitoring configurations Key ownership and location Key life-cycle management Backup and recovery methods Infrastructure versus serverless computing Application virtualization Software-defined networking Misconfigurations Collaboration tools Storage configurations Cloud access security broker Given a business requirement, implement appropriate Public key infrastructure solution Public key infrastructure hierarchy Certificate types Certificate usages/profiles/templates Extensions Trusted providers Trust model Cross-certification Configure profiles Life-cycle management Public and private keys Digital signature Certificate pinning Certificate stapling Certificate signing requests Online Certificate Status Protocol versus certificate revocation list HTTP Strict Transport Security Given a business requirement, implement appropriate cryptographic protocols and algorithms Hashing Symmetric algorithms Symetric Complexity Contruction Asymmetric algorithms Protocols Elliptic curve cryptography Forward secrecy Authenticated encryption with associated data Key stretching Troubleshoot issues with cryptographic implementations Implementation and configuration issues Keys Governance, Risk, and Compliance Given a set of requirements, apply appropriate risk strategies Risk assessment Risk handling techniques Risk types Risk management life cycle Risk tracking Risk appetite Risk tolerance Policies and security practices Explain importance of managing and mitigating vendor risk Shared responsibility model Vendor lock-in and vendor lockout Vendor viability Meeting client requirements Support availability Geographical considerations Supply chain visibility Incident reporting requirements Source code escrows Ongoing vendor assessment tools Third-party dependencies Technical considerations Explain compliance frameworks and legal considerations, and IR organizational impact Security concerns of integrating diverse industries Data considerations Geographic considerations Third-party attestation of compliance Regulations, accreditations, and standards Legal considerations Contract and agreement types Explain importance of business continuity and disaster recovery concepts Business impact analysis Privacy impact assessment Disaster recovery plan Business continuity plan Incident response plan Testing plans.
Descripción Física:1 online resource (1 video file (2 hr., 43 min.)) : sound, color.
Tiempo de Juego:02:43:00
ISBN:9780996619172
0996619178