CASP. CompTIA Advanced Security Practitioner. Study Guide. Second Edition. Michael Gregg

Transcription

1

2

3 CASP TM CompTIA Advanced Security Practitioner Study Guide Second Edition Michael Gregg

4 Senior Acquisitions Editor: Jeff Kellum Development Editor: Jim Compton Technical Editors: Buzz Murphy and Dr. John DeLalla Production Editor: Eric Charbonneau Copy Editor: Liz Welch Editorial Manager: Pete Gaughan Production Manager: Kathleen Wisor Professional Technology and Strategy Director: Barry Pruett Associate Publisher: Chris Webb Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Josh Frank Media Quality Assurance: Doug Kuhn Book Designer: Judy Fung Proofreader: Nancy Bell Indexer: Ted Laux Project Coordinator, Cover: Patrick Redmond Cover Designer: Wiley Copyright 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: ISBN: (ebk.) ISBN: (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) , fax (978) Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) , fax (201) , or online at Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) , outside the U.S. at (317) or fax (317) Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at For more information about Wiley products, visit Library of Congress Control Number: TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CASP is a trademark of CompTIA Properties, LLC. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book

5 Dear Reader, Thank you for choosing CASP: CompTIA Advanced Security Practitioner Study Guide, Second Edition. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching. Sybex was founded in More than 30 years later, we re still committed to producing consistently exceptional books. With each of our titles, we re working hard to set a new standard for the industry. From the paper we print on to the authors we work with, our goal is to bring you the best books available. I hope you see all that reflected in these pages. I d be very interested to hear your comments and get your feedback on how we re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an at contactus@sybex.com. If you think you ve found a technical error in this book, please visit Customer feedback is critical to our efforts at Sybex. Best regards, Chris Webb Associate Publisher Sybex, an Imprint of Wiley

6 To Christine, thank you for your love and for always supporting me in my endeavors. I love you.

7 Acknowledgments I want to acknowledge and thank the talented team at Sybex and Wiley for their tireless pursuit of accuracy, precision, and clarity. Thank you for your skillful efforts. I would also like to acknowledge and thank you, the reader, for your desire for selfimprovement and your faith in us to produce a resource worthy of your time, money, and consumption. We ve done our best to make this a powerful asset in your efforts to be a better IT professional. To all of you who read this book, keep learning and taking steps to move your career forward.

8 About the Author Michael Gregg is the founder and CEO of Superior Solutions, Inc., a Houston, Texas based IT security consulting firm. Superior Solutions performs security assessments and penetration testing for Fortune 1000 firms. The company has performed security assessments for private, public, and governmental agencies. Its Houston-based team travels the United States to assess, audit, and provide training services. Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technologies. He has more than 20 years of experience in the IT field and holds two associate s degrees, a bachelor s degree, and a master s degree. In addition to co-writing the first, second, and third editions of Security Administrator Street Smarts, Michael has written or co-written 14 other books, including Build Your Own Security Lab: A Field Guide for Network Testing (ISBN: ), Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network (ISBN: ), Certified Ethical Hacker Exam Prep 2 (ISBN: ), and Inside Network Security Assessment: Guarding Your IT Infrastructure (ISBN: ). Michael has been featured on Fox News, the New York Times, CBS News, CNN, and other print and TV outlets and has testified before US Congress as an industry/cyber security expert. Michael has created over a dozen training security classes and training manuals and has created and performed video instruction on many security topics such as cyber security, CISSP, CISA, Security+, and others. When not consulting, teaching, or writing, Michael enjoys 1960s muscle cars and giving back to the community. He is a board member of Habitat for Humanity. About the Contributor Dr. John DeLalla has been an educator with the University of Arizona for more than twelve years; as Program Director for the Bachelors of Applied Science degree in computer network administration, John teaches a variety of networking classes. He also founded and runs a non-credit IT certification program offering community outreach via the university which includes the Security+, CASP, and CISSP training courses. Prior to joining the university, he worked in the IT field and helped launch a successful Silicon Valley dotcom in a public relations role. John has also worked with The Walt Disney Company, and toured with the Goo Goo Dolls in a marketing role. John earned three degrees from Northern Arizona University: B.S. in advertising, M.Ed. in adult education, and Ed.D. in higher education leadership. He has more than 20 information technology certifications, including IT security and wireless networking. He was awarded the Superior Faculty Achievement Award for excellence in teaching in 2012 and University of Arizona Staff Innovation Award in Away from the office, John has been building a riding railroad at his home in southern Arizona and is active in community affairs.

9 Contents at a Glance Foreword Introduction Assessment Test xxi xxv lviii Chapter 1 Cryptographic Tools and Techniques 1 Chapter 2 Comprehensive Security Solutions 45 Chapter 3 Securing Virtualized, Distributed, and Shared Computing 93 Chapter 4 Host Security 133 Chapter 5 Application Security and Penetration Testing 177 Chapter 6 Risk Management 229 Chapter 7 Policies, Procedures, and Incident Response 273 Chapter 8 Security Research and Analysis 313 Chapter 9 Enterprise Security Integration 363 Chapter 10 Security Controls for Communication and Collaboration 401 Appendix A CASP Lab Manual 451 Appendix B Answers to Review Questions 509 Appendix C About the Additional Study Tools 523 Index 527

10

11 Contents Foreword Introduction Assessment Test xxi xxv lviii Chapter 1 Cryptographic Tools and Techniques 1 The History of Cryptography 3 Cryptographic Services 4 Cryptographic Goals 4 Cryptographic Terms 5 Cipher Types and Methods 8 Symmetric Encryption 10 Data Encryption Standard 12 Triple DES 13 Advanced Encryption Standard 14 International Data Encryption Algorithm 14 Rivest Cipher Algorithms 14 Asymmetric Encryption 15 Diffie Hellman 16 RSA 17 Elliptic Curve Cryptography 18 ElGamal 18 Hybrid Encryption 18 Hashing 19 Hashing and Message Digests 19 MD Series 21 SHA 21 HAVAL 22 Message Authentication Code 22 HMAC 22 Digital Signatures 22 Public Key Infrastructure 24 Certificate Authority 25 Registration Authority 25 Certificate Revocation List 26 Digital Certificates 26 Certificate Distribution 28 The Client s Role in PKI 29 Implementation of Cryptographic Solutions 30

12 x Contents Application Layer Encryption 31 Transport Layer Encryption 32 Internet Layer Controls 33 Physical Layer Controls 34 Steganography 35 Cryptographic Attacks 36 Summary 37 Exam Essentials 38 Review Questions 40 Chapter 2 Comprehensive Security Solutions 45 Advanced Network Design 47 Network Authentication Methods x 48 Mesh Networks 48 Remote Access 49 Virtual Networking and Placement of Security Components 51 SCADA 55 VoIP 56 TCP/IP 58 Network Interface Layer 59 Internet Layer 61 Transport Layer 67 Application Layer 69 Secure Communication Solutions 72 Network Data Flow 72 SSL Inspection 73 Domain Name Service 73 Securing Zone Transfers 74 Start of Authority 75 Secure DNS 76 Transaction Signature 77 Fast Flux DNS 77 Lightweight Directory Access Protocol 78 Secure Directory Services 78 Active Directory 78 Security Information and Event Management 79 Database Activity Monitoring 79 Federated ID 79 Single Sign-On 80 Kerberos 80 Secure Facility Solutions 80

13 Contents xi Building Layouts 81 Facilities Management 81 Secure Network Infrastructure Design 82 Router Configuration 83 Enterprise Service Bus 84 Web Services Security 85 Summary 85 Exam Essentials 86 Review Questions 88 Chapter 3 Securing Virtualized, Distributed, and Shared Computing 93 Enterprise Security 96 Software-Defined Networking 98 Cloud Computing 100 Cloud Computing Models 100 Cloud Computing Providers and Hosting Options 101 Benefits of Cloud Computing 102 Security of On-Demand/Elastic Cloud Computing 105 Cloud Computing Vulnerabilities 109 Cloud Storage 110 Cloud-Augmented Security Services 111 Virtualization 112 Virtualized Servers 113 Virtual LANs 118 Virtual Networking and Security Components 120 Enterprise Storage 121 Summary 127 Exam Essentials 127 Review Questions 129 Chapter 4 Host Security 133 Firewalls and Network Access Control 136 Host-Based Firewalls 141 Trusted Operating Systems 144 Endpoint Security Solutions 147 Common Threats to Endpoint Security 149 Anti-malware 151 Antivirus 152 Anti-spyware 154 Spam Filters 155 Host Hardening 157 Asset Management 162

14 xii Contents Data Exfiltration 163 Intrusion Detection and Prevention 165 Network Management, Monitoring, and Security Tools 168 Security Devices 168 Operational and Consumer Network-Enabled Devices 169 Summary 170 Exam Essentials 171 Review Questions 173 Chapter 5 Application Security and Penetration Testing 177 Application Security Testing 180 Specific Application Issues 182 Cross-Site Scripting 183 Cross-Site Request Forgery 184 Improper Error Handling 184 Geotagging 185 Clickjacking 185 Session Management 186 Input Validation 187 SQL Injection 187 Application Sandboxing 189 Application Security Frameworks 189 Standard Libraries 191 Secure Coding Standards 191 Application Exploits 193 Escalation of Privilege 193 Improper Storage of Sensitive Data 194 Cookie Storage and Transmission 195 Malware Sandboxing 196 Memory Dumping 197 Process Handling at the Client and Server 197 JSON/REST 198 Browser Extensions 198 Ajax 198 JavaScript/Applets 199 Flash 199 HTML5 200 SOAP 200 Web Services Security 200 Buffer Overflow 201 Memory Leaks 202 Integer Overflow 202 Race Conditions (TOC/TOU) 203

15 Contents xiii Resource Exhaustion 204 Security Assessments and Penetration Testing 204 Test Methods 205 Penetration Testing Steps 205 Assessment Types 206 Vulnerability Assessment Areas 207 Security Assessment and Penetration Test Tools 209 Summary 222 Exam Essentials 223 Review Questions 224 Chapter 6 Risk Management 229 Risk Terminology 232 Identifying Vulnerabilities 233 Operational Risks 236 Risk in Business Models 236 Risk in External and Internal Influences 243 Risks with Data 246 The Risk Assessment Process 252 Asset Identification 252 Information Classification 254 Risk Assessment 255 Risk Analysis Options 260 Implementing Controls 261 Continuous Monitoring 263 Enterprise Security Architecture Frameworks and Governance 263 Best Practices for Risk Assessments 264 Summary 265 Exam Essentials 266 Review Questions 268 Chapter 7 Policies, Procedures, and Incident Response 273 A High-Level View of Documentation 276 The Policy Development Process 277 Policies and Procedures 278 Business Documents Used to Support Security 283 Documents and Controls Used for Sensitive Information 286 Why Security? 286 Personally Identifiable Information Controls 287 Data Breaches 288 Policies Used to Manage Employees 290

16 xiv Contents Training and Awareness for Users 294 Auditing Requirements and Frequency 296 The Incident Response Framework 297 Incident and Emergency Response 300 Digital Forensics Tasks 301 Summary 305 Exam Essentials 306 Review Questions 308 Chapter 8 Security Research and Analysis 313 Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316 Performing Ongoing Research 316 Best Practices 321 New Technologies 323 Situational Awareness 332 Knowledge of Current Vulnerabilities and Threats 336 Research Security Implications of New Business Tools 341 Global IA Industry Community 344 Research Security Requirements for Contracts 348 Analyze Scenarios to Secure the Enterprise 350 Benchmarking and Baselining 350 Prototyping and Testing Multiple Solutions 350 Cost Benefit Analysis 351 Metrics Collection and Analysis 352 Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs 352 Reviewing Effectiveness of Existing Security Controls 353 Reverse Engineering or Deconstructing Existing Solutions 354 Analyzing Security Solutions to Ensure They Meet Business Needs 354 Conducting a Lessons Learned/After-Action Review 356 Using Judgment to Solve Difficult Problems 356 Summary 357 Exam Essentials 358 Review Questions 359 Chapter 9 Enterprise Security Integration 363 Integrate Enterprise Disciplines to Achieve Secure Solutions 366 The Role of IT Governance 368

17 Contents xv Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370 Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373 Establish Effective Collaboration within Teams to Implement Secure Solutions 375 Disciplines 378 Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture 381 Secure Data Flows to Meet Changing Business Needs 384 Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices 386 Secure Infrastructure Design 386 Standards 387 Design Considerations During Mergers, Acquisitions, and De-mergers/Divestitures 387 Technical Deployment Models (Outsourcing, Insourcing, Managed Services, Partnership) 388 Storage Integration (Security Considerations) 389 In-House Developed vs. Commercial vs. Commercial Customized 390 Interoperability Issues 392 Enterprise Application Integration Enablers 393 Summary 394 Exam Essentials 395 Review Questions 396 Chapter 10 Security Controls for Communication and Collaboration 401 Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404 Security of Unified Collaboration 405 VoIP 413 VoIP Implementation 415 Remote Access and Advanced Trust Models 416 Mobile Device Management 417 Secure External Communications 418 Secure Implementation of Collaboration Sites and Platforms 420 Prioritizing Traffic with QoS 421 Mobile Devices 422

18 xvi Contents Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425 Authentication 426 Authorization 426 Federation and SAML 426 Identity Propagation 428 XACML 428 SOAP 429 Single Sign-On 430 Service Provisioning Markup Language 430 OAUTH 431 Attestation 431 Certificate-Based Authentication 431 Implement Security Activities across the Technology Life Cycle 433 End-to-End Solution Ownership 433 Understanding the Results of Solutions in Advance 434 Systems Development Life Cycle 436 Adapt Solutions to Address Emerging Threats and Security Trends 439 Validating System Designs 441 Summary 444 Exam Essentials 444 Review Questions 446 Appendix A CASP Lab Manual 451 What You ll Need 452 Lab A1: Verifying a Baseline Security Configuration 455 Lab A2: Introduction to a Protocol Analyzer 458 Lab A3: Performing a Wireless Site Survey 461 Lab A4: Using Windows Remote Access 462 Connecting to the Remote Desktop PC 463 Lab A5: Configuring a VPN Client 464 Lab A6: Using the Windows Command-Line Interface (CLI) 467 Lab A7: Cisco IOS Command-Line Basics 469 Lab A8: Shopping for Wi-Fi Antennas 470 Lab A9: Cloud Provisioning 472 Lab A10: Introduction to Windows Command-line Forensic Tools 473 Lab A11: Introduction to Hashing Using a GUI 480 Lab A12: Hashing from the Command Line 482 Verifying File Integrity from a Command Line 482 Verifying File Integrity on a Downloaded File 483

19 Contents xvii Lab A13: Cracking Encrypted Passwords 484 Lab A14: Threat Modeling 486 Lab A15: Social Engineering 487 Lab A16: Downloading, Verifying, and Installing a Virtual Environment 490 Lab A17: Exploring Your Virtual Network 493 Lab A18: Port Scanning 497 Lab A19: Introduction to the Metasploit Framework 501 Lab A20: Sniffing NETinVM Traffic with Wireshark 503 Suggestions for Further Exploration of Security Topics 507 Appendix B Answers to Review Questions 509 Chapter 1: Cryptographic Tools and Techniques 510 Chapter 2: Comprehensive Security Solutions 511 Chapter 3: Securing Virtualized, Distributed, and Shared Computing 512 Chapter 4: Host Security 513 Chapter 5: Application Security and Penetration Testing 514 Chapter 6: Risk Management 515 Chapter 7: Policies, Procedures, and Incident Response 517 Chapter 8: Security Research and Analysis 518 Chapter 9: Enterprise Security Integration 519 Chapter 10: Security Controls for Communication and Collaboration 520 Appendix C About the Additional Study Tools 523 Additional Study Tools 524 Sybex Test Engine 524 Electronic Flashcards 524 PDF of Glossary of Terms 524 Adobe Reader 524 System Requirements 524 Using the Study Tools 525 Troubleshooting 525 Customer Care 525 Index 527

20

21 Table of Exercises Exercise 2.1 Sniffing VoIP Traffic Exercise 2.2 Spoofing MAC Addresses with SMAC Exercise 2.3 Sniffing IPv4 with Wireshark Exercise 2.4 Capturing a Ping Packet with Wireshark Exercise 2.5 Capturing a TCP Header with Wireshark Exercise 2.6 Using Men & Mice to Verify DNS Configuration Exercise 2.7 Attempting a Zone Transfer Exercise 3.1 What Services Should Be Moved to the Cloud? Exercise 3.2 Identifying Risks and Issues with Cloud Computing Exercise 3.3 Turning to the Cloud for Storage and Large File Transfer Exercise 3.4 Creating a Virtual Machine Exercise 3.5 Understanding Online Storage Exercise 4.1 Reviewing and Assessing ACLs Exercise 4.2 Configuring IPTables Exercise 4.3 Testing Your Antivirus Program Exercise 4.4 Taking Control of a Router with Physical Access Exercise 4.5 Running a Security Scanner to Identify Vulnerabilities Exercise 4.6 Bypassing Command Shell Restrictions Exercise 5.1 Identifying Testing Types at Your Organization Exercise 5.2 Downloading and Running Kali Exercise 5.3 Performing Passive Reconnaissance on Your Company or Another Organization Exercise 5.4 Performing TCP and UDP Port Scanning Exercise 6.1 Tracking Vulnerabilities in Software Exercise 6.2 Outsourcing Issues to Review Exercise 6.3 Calculating Annualized Loss Expectancy Exercise 7.1 Reviewing Security Policy Exercise 7.2 Reviewing Documents Exercise 7.3 Reviewing the Employee Termination Process Exercise 7.4 Exploring Helix, a Well-Known Forensic Tool Exercise 8.1 Using WinDump to Sniff Traffic Exercise 8.2 Exploring the Nagios Tool Exercise 8.3 Using Ophcrack

22 xx Table of Exercises Exercise 8.4 Installing Cookie Cadger Exercise 8.5 Identifying XSS Vulnerabilities Exercise 9.1 Reviewing Your Company s Acceptable Use Policy Exercise 10.1 Eavesdropping on Web Conferences Exercise 10.2 Sniffing with Wireshark Exercise 10.3 Sniffing VoIP with Cain & Abel

23 Foreword It Pays to Get Certified In a digital world, digital literacy is an essential survival skill. Certification demonstrates that you have the knowledge and skill to solve technical or business problems in virtually any business environment. CompTIA certifications are highly valued credentials that qualify you for jobs, increased compensation, and promotion. LEARN CERTIFY WORK IT Is Everywhere IT Knowledge and Skills Get Jobs Job Retention New Opportunities High Pay High Growth Jobs IT is mission critical to almost all organizations and its importance is increasing. Certifications verify your knowledge and skills that qualifies you for: Competence is noticed and valued in organizations. Certifications qualify you for new opportunities in your current job or when you want to change careers. Hiring managers demand the strongest skill set. 79% of U.S. businesses report IT is either important or very important to the success of their company Jobs in the high growth IT career field Increased compensation Challenging assignments and promotions 60% report that being certified is an employer or job requirement Increased knowledge of new or complex technologies Enhanced productivity More insightful problem solving Better project management and communication skills 47% report being certified problem solving skills 31% report certification improved their career advancement opportunities There is a widening IT skills gap with over 300,000 jobs open 88% report being certified enhanced their resume

24 xxii Foreword Certification Helps Your Career The CompTIA Advanced Security Practitioner (CASP) certification designates IT professionals with advanced-level security skills and knowledge. The CASP is the first mastery level certification available from CompTIA. It expands on the widely recognized path of CompTIA Security+ with almost 250,000 certified Security+ professionals. Being CASP certified demonstrates technical competency in enterprise security; risk management; research and analysis; and integration of computing, communications, and business disciplines. Approved by the U.S. Department of Defense (DoD) for 4 information assurance job roles in the DoD M directive: IA Technical Level III, IA Manager level II, and IA System Architect & Engineer (IASAE) Levels I and II. Steps to Getting Certified Review Exam Objectives Review the certification objectives to make sure you know what is covered in the exam. Visit Practice for the Exam After you have studied for the certification, take a free assessment and sample test to get an idea what type of questions might be on the exam. Visit Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace, which is located at Take the Test! Go to the Pearson VUE website and schedule a time to take your exam. You can find exam providers here: Stay Certified! Continuing Education The CASP certification is valid for three years from the date of certification. There are a number of ways the certification can be renewed. For more information, go to How to Obtain More Information Visit CompTIA online to learn more about getting CompTIA certified.

25 Foreword xxiii Contact CompTIA: call and choose Option 2 or questions@ comptia.org. Social Media Find CompTIA on: Facebook LinkedIn Twitter YouTube

26

27 Introduction The CASP certification was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 years experience in IT administration and at least 5 years hands-on technical experience. The security professional s job is to protect the confidentiality, integrity, and availability of an organization s valuable information assets. As such, these individuals need to have the ability to apply critical thinking and judgment. According to CompTIA, the CASP certification is a vendor-neutral credential. The CASP validates advanced-level security skills and knowledge internationally. There is no prerequisite, but CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level. Many certification books present material for you to memorize before the exam, but this book goes a step further in that it offers best practices, tips, and hands-on exercises that help those in the field of security better protect critical assets, build defense in depth, and accurately assess risk. If you re preparing to take the CASP exam, it is a good idea to find as much information as possible about computer security practices and techniques. Because this test is designed for those with years of experience, you will be better prepared by having the most handson experience possible; this study guide was written with this in mind. We have included hands-on exercises, real-world scenarios, and review questions at the end of each chapter to give you some idea as to what the exam is like. You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam; if you re unable to do so, reread the chapter and try the questions again. Your score should improve. Before You Begin the CompTIA CASP Certification Exam Before you begin studying for the exam, it s good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifications) and is granted to those who obtain a passing score on a single exam. Before you begin studying for the exam, learn all you can about the certification. A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is presented in this introduction; see the section The CASP (2014 Edition) Exam Objective Map.

28 xxvi Introduction Obtaining CASP certification demonstrates that you can help your organization design and maintain system and network security services designed to secure the organization s assets. By obtaining CASP certification, you show that you have the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. How to Become a CASP Certified Professional As this book goes to press, candidates can take the exam at any Pearson VUE testing center. The following table contains all the necessary contact information and exam-specific details for registering. Exam pricing might vary by country or by CompTIA membership. Vendor Website Phone Number Pearson VUE U.S. and Canada: PLUS (7587) Who Should Read This Book? CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out. Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment. College classes, training classes, and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and techniques discussed in the book.

29 Introduction xxvii How This Book Is Organized This book is organized into 10 chapters. Each chapter looks at specific skills and abilities needed by a security professional. The chapters, appendixes, and their descriptions are as follows: Chapter 1: Cryptographic Tools and Techniques Shows you where cryptographic solutions can be applied. Cryptography can be used to secure information while in storage or in transit. Chapter 2: Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices. This chapter also addresses system virtualization. Chapter 3: Securing Virtualized, Distributed, and Shared Computing Presents essential enterprise security information. This chapter deals with storage, network infrastructure, and cloud computing. Chapter 4: Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses, worms, spyware, and rootkits. This chapter also addresses critical differences between IDS and IPS. Further, it shows how to configure basic firewall rules. Chapter 5: Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls. Topics like the systems development life cycle are discussed. Chapter 6: Risk Management Discusses the importance of risk management. This chapter also reviews methods for executing and implementing risk management strategies and controls. Chapter 7: Policies, Procedures, and Incident Response Reviews the importance of a good policy structure. This chapter also addresses the importance of preparing for incident response and disaster recovery. Chapter 8: Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your systems as an attacker would see them. Chapter 9: Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise. Chapter 10: Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls. This chapter also covers techniques to protect emerging technologies. Appendix A: CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book. It also includes a suggested lab setup.

30 xxviii Introduction Appendix B: Answers to Review Questions Here you ll find the answers to the review questions that appear at the end of each chapter. Appendix C: About the Additional Study Tools Here you ll find brief instructions for downloading and working effectively with this book s additional study tools flashcards, two 50-question practice exams, and a glossary available from Exam Strategy The CASP exam is similar to other CompTIA exams in that it is computer based. When you arrive at the testing center, you will need to bring two forms of indentification, opne of which must contain a photo. It s good practice to arrive at least 15 minutes early. Upon signing in, you will need to show your photo identification. Once the testing center has been configured, you will be assigned a seat and can start the exam. You will not be allowed to bring any paper or notes into the testing center. The exam is closed book. You will be provided paper to write on which must be returned at the end of the exam. During the 165-minute exam time limit, you will need to complete 80 questions. While you should have adequate time to complete the test, time management is a must. The CASP exam allows you to mark questions and return to them if you like. This means that if you are not sure about a question it s best to mark it, move on, and return to it after you have tackled the easy questions. This test is much more difficult than a basic exam such as Network+ or Security+. Questions on the exam are multiple choice, simulation, and drag and drop. You should attempt to answer all questions. It is better to guess an answer than leave a question blank. My personal approach is to make multiple passes on the exam. Unlike some other exams, you can mark any question you are not sure of and return to it later. On the first pass, answer all the questions you are sure of. Sometimes this can even help with other questions. You may see something in one that helps you remember a needed fact for another. On the second pass, work through the more difficult questions or the ones that you are just not sure of. Take your time in reading the question, because missing just one word on a question can make a big difference. Again, it s better to guess at an answer than to leave a question blank. In the next section, I will discuss some of the types of test questions you will be presented with. Tips for Taking the CASP Exam CompTIA did something new with this exam it contains more than just standard questions. During the exam, you may be presented with regular multiple-choice