دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: [Second ed.] نویسندگان: Dwayne Williams, Nick Lane, Gregory B. White, William Arthur Conklin سری: ISBN (شابک) : 9781260441345, 1260441342 ناشر: سال نشر: 2019 تعداد صفحات: [851] زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 25 Mb
در صورت تبدیل فایل کتاب All-in-one CASP+ CompTIA advanced security practitioner certification exam guide : (exam CAS-003) به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای آزمون صدور گواهینامه پزشک پیشرفته CASP + CompTIA همه در یک: (آزمون CAS-003) نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توجه ناشر: محصولات خریداری شده از فروشندگان شخص ثالث توسط ناشر برای کیفیت، اصالت یا دسترسی به حقوق آنلاین موجود با محصول تضمین نمی شود. پوشش کامل هر موضوع در آزمون گواهینامه CompTIA Advanced Security Practitioner از این منبع جامع پوشش کاملی از تمام اهداف موجود در آزمون CompTIA CASP+ CAS-003 دریافت کنید. این راهنمای معتبر که توسط تیمی از کارشناسان برجسته امنیت اطلاعات نوشته شده است، به طور کامل به مهارت های مورد نیاز برای ایمن سازی شبکه و مدیریت ریسک می پردازد. در ابتدای هر فصل اهداف یادگیری، نکات امتحانی، تمرین سوالات امتحانی و توضیحات عمیق را خواهید یافت. این جلد قطعی که برای کمک به شما در گذراندن امتحان با سهولت طراحی شده است، همچنین به عنوان یک مرجع ضروری در محل کار عمل می کند. همه حوزههای امتحانی را پوشش میدهد، از جمله: • تهدیدات، حملات و آسیبپذیریها • فناوریها و ابزارها • معماری و طراحی • مدیریت هویت و دسترسی • مدیریت ریسک • رمزنگاری و محتوای الکترونیکی PKIE شامل: • 200 سؤال امتحان تمرینی
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Complete coverage of every topic on the CompTIA Advanced Security Practitioner certification exam Get complete coverage of all objectives included on the CompTIA CASP+ exam CAS-003 from this comprehensive resource. Written by a team of leading information security experts, this authoritative guide fully addresses the skills required for securing a network and managing risk. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference. Covers all exam domains, including:•Threats, attacks, and vulnerabilities•Technologies and tools •Architecture and design•Identity and access management •Risk management•Cryptography and PKIElectronic content includes:•200 practice exam questions
Cover Title Page Copyright Page Dedication About the Authors Contents at a Glance Contents Acknowledgments Introduction Exam CAS-003 Objective Map Part I Risk Management Chapter 1 Security Influences and Risk Risk Management of New Products, New Technologies, and User Behaviors New or Changing Business Models and Strategies Partnerships Outsourcing Cloud Managed Security Services Acquisitions, Mergers, Divestitures, and Demergers Security Concerns of Interconnecting Diverse Industries Rules, Policies, and Regulations Export Controls and Legal Requirements Geography, Data Sovereignty, and Jurisdictions Internal and External Influences Competitors Audit Findings Regulatory Entities Client Requirements Top-Level Management Impact of Deperimeterization Telecommuting Cloud Mobile and Bring Your Own Device (BYOD) Outsourcing Ensuring Third-Party Providers Have Requisite Levels of Information Security Enterprise Standard Operating Environment Personally Managed Devices Merging SOE and Personal Device Networks Chapter Review Quick Tips Questions Answers Chapter 2 Security Policies and Procedures Policy and Process Life Cycle Management Policies Policy Types Standards Guidelines Processes Procedures Baselines New Business and Environmental Changes Support Legal Compliance and Advocacy by Partnering with HR, Legal, Management, and Other Entities Understand Common Business Documents to Support Security Risk Assessment Business Impact Analysis (BIA) Interoperability Agreement (IA) Operating Level Agreement (OLA) Nondisclosure Agreement (NDA) Master Service Agreement (MSA) Research Security Requirements for Contracts Request for Proposal (RFP) Request for Quote (RFQ) Request for Information (RFI) Understand General Privacy Principles for Sensitive Information Support the Development of Policies Containing Standard Security Practices Separation of Duties Job Rotation Mandatory Vacation Least Privilege Incident Response Forensic Tasks Employment and Termination Procedures Continuous Monitoring Ongoing Security Training and Awareness for Users Auditing Requirements and Frequency Information Classification Chapter Review Quick Tips Questions Answers Chapter 3 Risk Mitigation, Strategies, and Controls Categorize Data Types by Impact Levels Based on CIA Confidentiality Integrity Availability CIA Tradeoffs Determine the Aggregate Score of CIA Nomenclature Incorporate Stakeholder Input into CIA Impact-Level Decisions Determine Minimum-Required Security Controls Based on Aggregate Score Select and Implement Controls Based on CIA Requirements and Organizational Policies Extreme Scenario Planning/Worst-Case Scenario Conduct System-Specific Risk Analysis Qualitative Risk Analysis Quantitative Risk Analysis Make Risk Determination Based on Known Metrics Magnitude of Impact Based on ALE and SLE Likelihood of Threat Return on Investment (ROI) Total Cost of Ownership (TCO) Translate Technical Risks in Business Terms Recommend Which Strategy Should Be Applied Based on Risk Appetite Avoid Transfer Mitigate Accept Risk Management Processes Exemptions Deterrence Inherent Residual Continuous Improvement/Monitoring Business Continuity Planning IT Governance Adherence to Risk Management Frameworks Enterprise Resilience Chapter Review Quick Tips Questions Answers Chapter 4 Risk Metrics Review Effectiveness of Existing Security Controls Gap Analysis Conduct a Lessons-Learned/After-Action Review Reverse-Engineer/Deconstruct Existing Solutions Creation, Collection, and Analysis of Metrics KPIs KRIs Prototype and Test Multiple Solutions Create Benchmarks and Compare to Baselines Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs Performance Latency Scalability Capability Usability Maintainability Availability Recoverability Cost Benefit Analysis (ROI, TCO) Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible Chapter Review Quick Tips Questions Answers Part II Enterprise Security Architecture Chapter 5 Network Security Components, Concepts, and Architectures Physical and Virtual Network and Security Devices UTM NIDS/NIPS INE NAC SIEM Switch Firewall Wireless Controller Router Proxy Load Balancer HSM MicroSD HSM Application and Protocol-Aware Technologies WAF Firewall Passive Vulnerability Scanner DAM Advanced Network Design (Wired/Wireless) Remote Access VPN SSH RDP VNC VDI Reverse Proxy IPv4 and IPv6 Transitional Technologies Network Authentication Methods 802.1x Mesh Networks Placement of Hardware, Applications, and Fixed/Mobile Devices Complex Network Security Solutions for Data Flow DLP Deep Packet Inspection Data Flow Enforcement Network Flow Data Flow Diagram Secure Configuration and Baselining of Networking and Security Components Network Baselining Configuration Lockdown Change Monitoring Availability Controls Network ACLs Software-Defined Networking Network Management and Monitoring Tools Alerting Alert Fatigue Advanced Configuration of Routers, Switches, and Other Network Devices Transport Security Trunking Security Port Security Route Protection DDoS Protection Remotely Triggered Black Hole Security Zones DMZ Separation of Critical Assets Network Segmentation Network Access Control Quarantine/Remediation Persistent/Volatile and Nonpersistent Agents Agent vs. Agentless Network-Enabled Devices System on a Chip (SoC) Building/Home Automation Systems IP Video HVAC Controllers Sensors Physical Access Control Systems A/V Systems Scientific/Industrial Equipment Critical Infrastructure Chapter Review Quick Tips Questions Answers Chapter 6 Security Controls for Host Devices Trusted Operating System SELinux SEAndroid Trusted Solaris Least Functionality Endpoint Security Software Antimalware Antivirus Anti-Spyware Spam Filters Patch Management HIPS/HIDS Data Loss Prevention Host-Based Firewalls Log Monitoring Endpoint Detection and Response Host Hardening Standard Operating Environment/Configuration Baselining Security/Group Policy Implementation Command Shell Restrictions Patch Management Configuring Dedicated Interfaces External I/O Restrictions File and Disk Encryption Firmware Updates Boot Loader Protections Secure Boot Measured Launch Integrity Measurement Architecture BIOS/UEFI Attestation Services TPM Vulnerabilities Associated with Hardware Terminal Services/Application Delivery Services Chapter Review Quick Tips Questions Answers Chapter 7 Mobile Security Controls Enterprise Mobility Management Containerization Configuration Profiles and Payloads Personally Owned, Corporate-Enabled (POCE) Application Wrapping Remote Assistance Access Application, Content, and Data Management Over-the-Air Updates (Software/Firmware) Remote Wiping SCEP BYOD COPE CYOD VPN Application Permissions Side Loading Unsigned Apps/System Apps Context-Aware Management Security Implications/Privacy Concerns Data Storage Device Loss/Theft Hardware Anti-Tampering TPM Rooting and Jailbreaking Push Notification Services Geotagging Encrypted Instant Messaging Apps Tokenization OEM/Carrier Android Fragmentation Mobile Payment Tethering Authentication Malware Unauthorized Domain Bridging Baseband Radio/SoC Augmented Reality SMS/MMS/Messaging Wearable Technology Cameras Watches Fitness Devices Glasses Medical Sensors/Devices Headsets Security Implications Chapter Review Quick Tips Questions Answers Chapter 8 Software Vulnerabilities and Security Controls Application Security Design Considerations Secure by Design Secure by Default Secure by Deployment Specific Application Issues Insecure Direct Object References Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Clickjacking Session Management Input Validation SQL Injection Improper Error and Exception Handling Privilege Escalation Improper Storage of Sensitive Data Fuzzing/Fault Injection Secure Cookie Storage and Transmission Buffer Overflow Memory Leaks Integer Overflows Race Conditions Resource Exhaustion Geotagging Data Remnants Use of Third-Party Libraries Code Reuse Application Sandboxing Secure Encrypted Enclaves Database Activity Monitors and Web Application Firewalls Client-Side Processing vs. Server-Side Processing JSON/REST Browser Extensions HTML5 AJAX SOAP State Management JavaScript Operating System Vulnerabilities Firmware Vulnerabilities Chapter Review Quick Tips Questions Answers Part III Enterprise Security Operations Chapter 9 Security Assessments Security Assessment Methods Malware Sandboxing Memory Dumping Runtime Debugging Reconnaissance Fingerprinting Code Review Social Engineering Pivoting Open Source Intelligence Security Assessment Types Penetration Testing Vulnerability Assessment Self-Assessment Internal and External Audits Color-Team Exercises Chapter Review Quick Tips Questions Answers Chapter 10 Security Assessment Tools Network Tool Types Port Scanners Vulnerability Scanners Protocol Analyzers SCAP Scanners Network Enumerators Fuzzers HTTP Interceptors Exploitation Tools/Frameworks Visualization Tools Log Reduction and Analysis Tools Host Tool Types Password Crackers Vulnerability Scanners Command-Line Tools Local Exploitation Tools/Frameworks SCAP Tools File Integrity Monitoring Log Analysis Tools Antivirus Reverse Engineering Tools Physical Security Tools Lock Picks RFID Tools IR Cameras Chapter Review Quick Tips Questions Answers Chapter 11 Incident Response and Recovery Procedures E-Discovery Electronic Inventory and Asset Control Data Retention Policies Data Recovery and Storage Data Ownership and Handling Legal Holds Data Breach Detection and Collection Mitigation and Response Recovery/Reconstitution Disclosure Facilitate Incident Detection and Response Internal and External Criminal Actions Hunt Teaming Behavioral Analytics Heuristic Analytics Establish and Review System, Audit, and Security Logs Incident and Emergency Response Chain of Custody Digital Forensics Digital Forensics Process Privacy Policy Violations Continuity of Operations Disaster Recovery Incident Response Team Order of Volatility Incident Response Support Tools dd tcpdump nbtstat netstat nc (Netcat) memdump tshark Foremost Severity of Incident or Breach Scope Impact Cost Downtime Legal Ramifications Post-Incident Response Root-Cause Analysis Lessons Learned After-Action Report Chapter Review Quick Tips Questions Answers Part IV Technical Integration of Enterprise Security Chapter 12 Hosts, Storage, Networks, and Applications Adapt Data Flow Security to Meet Changing Business Needs Adhere to Standards (Popular, Open, De Facto) Open Standards Adherence to Standards Competing Standards Lack of Standards De Facto Standards Interoperability Issues Legacy Systems and Software/Current Systems Application Requirements Software Types Standard Data Formats Protocols and APIs Resilience Issues Use of Heterogeneous Components Course of Action Automation/Orchestration Distribution of Critical Assets Persistence and Nonpersistence of Data Redundancy/High Availability Assumed Likelihood of Attack Data Security Considerations Data Remnants Data Aggregation Data Isolation Data Ownership Data Sovereignty Data Volume Resources Provisioning and Deprovisioning Users Servers Virtual Devices Applications Data Remnants Design Considerations During Mergers, Acquisitions, and Demergers/Divestitures Network Secure Segmentation and Delegation Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices Security and Privacy Considerations of Storage Integration Security Implications of Integrating Enterprise Applications CRM ERP CMDB CMS Integration Enablers Chapter Review Quick Tips Questions Answers Chapter 13 Cloud and Virtualization Cloud Computing Basics Advantages Associated with Cloud Computing Issues Associated with Cloud Computing Virtualization Basics Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership) Cloud and Virtualization Considerations and Hosting Options On-premises vs. Hosted Cloud Service Models Security Advantages and Disadvantages of Virtualization Advantages of Virtualizing Disadvantages of Virtualizing Type 1 vs. Type 2 Hypervisors Containers vTPM Hyper-Converged Infrastructure (HCI) Virtual Desktop Infrastructure (VDI) Terminal Services Secure Enclaves and Volumes Cloud-Augmented Security Services Antimalware Vulnerability Scanning Sandboxing Content Filtering Cloud Security Broker Security as a Service (SECaaS) Vulnerabilities Associated with the Commingling of Hosts with Different Security Requirements Data Security Considerations Vulnerabilities Associated with a Single Server Hosting Multiple Data Types Vulnerabilities Associated with a Single Platform Hosting Multiple Companies’ Virtual Machines Resources Provisioning and Deprovisioning Virtual Devices Data Remnants Chapter Review Quick Tips Questions Answers Chapter 14 Authentication and Authorization Authentication Authentication Factors Certificate-Based Authentication SSL/TLS Certificate-Based Authentication Single Sign-On 802.1x Context-Aware Authentication Push-Based Authentication Authorization OAuth XACML SPML Attestation Identity Proofing Identity Propagation Federation SAML OpenID Shibboleth WAYF Trust Models Hierarchical Trust Model Peer-to-Peer Trust Model RADIUS Configurations LDAP AD Chapter Review Quick Tips Questions Answers Chapter 15 Cryptographic Techniques Cryptography Fundamentals Goals of Cryptography Cryptographic Techniques Symmetric Key Encryption Methods Asymmetric or Public Key Encryption Methods Cryptography Techniques Key Stretching Hashing Hashing Algorithms Digital Signatures Message Authentication Code Signing Pseudorandom Number Generation Perfect Forward Secrecy Data-in-Transit Encryption Data-in-Memory/Processing Encryption Data-at-Rest Encryption Steganography Cryptographic Implementations Cryptographic Modules Cryptoprocessors Cryptographic Service Providers Digital Rights Management (DRM) Watermarking GNU Privacy Guard (GPG) SSL/TLS Secure Shell (SSH) S/MIME Cryptographic Applications and Proper/Improper Implementations Stream vs. Block PKI Systems Cryptocurrency/Blockchain Mobile Device Encryption Considerations Elliptic Curve Cryptography Chapter Review Quick Tips Questions Answers Chapter 16 Securing Communications and Collaboration Remote Access Dial-Up VPN DirectAccess Resource and Services Desktop and Application Sharing Remote Assistance Unified Collaboration Tools Conferencing Storage and Document Collaboration Tools Unified Communications Instant Messaging Presence E-mail Telephony and VoIP Integration Collaboration Sites Chapter Review Quick Tips Questions Answers Part V Research, Development, and Collaboration Chapter 17 Research Methods and Industry Trends Performing Ongoing Research Best Practices New Technologies, Security Systems, and Services Technology Evolution Threat Intelligence Latest Attacks, Vulnerabilities, and Threats Zero-Day Mitigation Controls and Remediation Threat Model Researching Security Implications of Emerging Business Tools Evolving Social Media Platforms Integration Within the Business Big Data AI/Machine Learning Global IA Industry/Community Computer Emergency Response Team (CERT) Conventions/Conferences Research Consultants/Vendors Threat Actor Activities Emerging Threat Sources Chapter Review Quick Tips Questions Answers Chapter 18 Technology Life Cycles and Security Activities Systems Development Life Cycle Requirements Acquisition Test and Evaluation Commissioning/Decommissioning Operational Activities Asset Disposal Asset/Object Reuse Software Development Life Cycle Requirements Gathering Phase Design Phase Development Phase Testing Phase Operations and Maintenance Phase Application Security Frameworks Software Assurance Development Approaches Secure Coding Standards Documentation Validation of the System Design Adapting Solutions Emerging Threats and Security Trends Disruptive Technologies Asset Management (Inventory Control) Chapter Review Quick Tips Questions Answers Chapter 19 Business Unit Interactions Security Requirements Across Various Roles Sales Staff Programmers Database Administrators Network Administrators Management/Executive Management Financial Human Resources Emergency Response Team Facilities Manager Physical Security Manager Legal Counsel Security Processes and Controls for Senior Management Secure Collaboration Within Teams Governance, Risk, and Compliance Committee Chapter Review Quick Tips Questions Answers Appendix About the Online Content System Requirements Your Total Seminars Training Hub Account Privacy Notice Single User License Terms and Conditions TotalTester Online Pre-Assessment Test Other Book Resources Performance-Based Questions Downloadable Content Technical Support Glossary Index