課程名稱:CompTIA Advanced Security Practitioner CASP+ 國際認可證書課程 - 簡稱:CASP+ Training Course |
Module 1: Designing a Secure Network Architecture
1.1 Physical, virtual network and security devices
- OSI model
- Unified threat management
- IDS/IPS
- Network IDS versus NIPS
- Wireless IPS
- Inline Encryptors
- Network access control
- SIEM
- Switches
- Firewalls
- Routers
- Proxy
- Network address translation gateway
- Load balancer
- Hardware security module
1.2 Application- and protocol-aware technologies
- DLP
- WAF
- Database activity monitoring
- Spam filter
- Advanced network design
- Remote access
- VPN
- IPsec
- SSH
- Remote Desktop Protocol
- Virtual Network Computing
- Network authentication methods
- Placement of hardware and applications
1.3 Network management and monitoring tools
- Alert definitions and rule writing
- Advanced configuration of network devices
- Transport security
- Port security
- Route protection
- Distributed DoS protection
- Remotely triggered black hole
1.4 Security zones
Module 2: Integrating Software Applications into the Enterprise
2.1 Integrating security into the development life cycle
- Systems development life cycle
- Development approaches
- Versioning
2.2 Software assurance
- Sandboxing/development environment
- Validating third-party libraries
- SecDevOps
- Defining the DevOps pipeline
2.3 Baseline and templates
- Secure coding standards
- Application vetting processes
- Hypertext Transfer Protocol
- (HTTP) headers
- Application Programming Interface
- (API) management
2.4 Considerations when integrating enterprise applications
- Customer relationship management (CRM)
- Enterprise resource planning (ERP)
- Configuration Management
- Database (CMDB)
- Content management systems
2.5 Integration enablers
- Directory services
- Domain name system
- Service-oriented architecture
- Enterprise service bus
Module 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
3.1 Implementing data loss prevention
- Blocking the use of external media
- Print blocking
- Remote Desktop Protocol blocking
3.2 Implementing data loss detection
- Watermarking
- Digital rights management
- Network traffic decryption/deep
- packet inspection
- Network traffic analysis
3.3 Enabling data protection
- Data classification
- Metadata/attributes
- Obfuscation
- Anonymization
- Encrypted versus unencrypted
- Data life cycle
- Data inventory and mapping
- Data integrity management
- Data storage, backup, and recovery
- Redundant array of inexpensive disks
3.4 Implementing secure cloud and virtualization solutions
- Virtualization strategies
- Security considerations for virtualization
3.5 Investigating cloud deployment models
- Deployment models and considerations
- Private cloud
- Public cloud
- Hybrid cloud
- Hosting models
- Service models
- Software as a service
- Platform as a service
- Infrastructure as a service
- Cloud provider limitations
3.6 Extending appropriate on-premises controls
- Micro-segmentation
- Jump box
- Examining cloud
- storage models
- File-based storage
- Database storage
- Block storage
- Blob storage
- Key/value pairs
Module 4: Deploying Enterprise Authentication and Authorization Controls
4.1 Credential management
- Hardware key manager
- Password policies
4.2 Identity federation
4.3 Access control
4.4 Authentication and authorization protocols
4.5 Multi-Factor Authentication (MFA)
Module 5: Threat and Vulnerability Management
5.1 Intelligence types
- Tactical intelligence
- Strategic intelligence
- Operational intelligence
- Commodity malware
- Targeted attacks
5.2 Actor types
- Advanced persistent threat – nation-state
- Insider threat
- Competitor
- Hacktivist
- Script kiddie
- Organized crime
5.3 Threat actor properties
- Resources
- Time
- Money
- Supply chain access
- Capabilities and sophistication
- Identifying techniques
5.4 Intelligence collection methods
- Intelligence feeds
- Deep web
- Proprietary intelligence
- Open source intelligence
- Human intelligence
5.5 Frameworks
- MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
- ATT&CK for industrial control systems
- The Diamond model of intrusion analysis
- Cyber Kill Chain
- Threat hunting
- Threat emulation
5.6 Indicators of compromise
- Packet capture
- Logs
- Network logs
- Vulnerability logs
- Operating system logs
- Access logs
- NetFlow logs
- Notifications
- File integrity monitoring alerts
- SIEM alerts
- Data loss prevention alerts
- Intrusion detection system and intrusion prevention system alerts
- Antivirus alerts
- Notification severity and priorities
5.7 Responses
- Firewall rules
- Intrusion prevention system and intrusion detection system rules
- Access control list rules
- Signature rules
- Behavior rules
- Data loss prevention rules
- Scripts/regular expressions
Module 6: Vulnerability Assessment and Penetration Testing Methods and Tools
6.1 Vulnerability scans
- Credentialed versus non-credentialed scans
- Agent-based/server-based
- Criticality ranking
- Active versus passive scans
6.2 Security Content Automation Protocol (SCAP)
- Extensible Configuration Checklist
- Description Format (XCCDF)
- Open Vulnerability and Assessment
- Language (OVAL)
- Common Platform Enumeration (CPE)
- Common Vulnerabilities and
- Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Common Configuration Enumeration (CCE)
- Asset Reporting Format (ARF)
- Self-assessment versus third-party vendor assessment
- Patch management 224
6.3 Information sources
- Advisories
- Bulletins
- Vendor websites
- Information Sharing and Analysis
- Centers (ISACs)
- News reports
6.4 Testing methods
- Static analysis
- Dynamic analysis
- Side-channel analysis
- Wireless vulnerability scan
- Software Composition Analysis (SCA)
- Fuzz testing
6.5 Penetration testing
- Requirements
- Box testing
- Post-exploitation
- Persistence
- Pivoting
- Rescanning for corrections/changes
6.6 Security tools
- SCAP scanner
- Network traffic analyzer
- Vulnerability scanner
- Protocol analyzer
- Port scanner
- HTTP interceptor
- Exploit framework
- Dependency management tools
Module 7: Risk Mitigation Controls
7.1 Understanding application vulnerabilities
- Race conditions
- Buffer overflows
- Broken authentication
- Insecure references
- Poor exception handling
- Security misconfiguration
- Information disclosure
- Certificate errors
- Use of unsafe functions
- Third-party libraries
- Dependencies
- End-of-support and end-of-life
- Regression issues
7.2 Assessing inherently vulnerable systems and applications
- Client-side processing and server-side processing
- JSON and representational state transfer
- Browser extensions
- Hypertext Markup Language 5 (HTML5)
- Asynchronous JavaScript and XML (AJAX)
- Simple Object Access Protocol (SOAP)
7.3 Recognizing common attacks
- Directory traversal
- Cross-site scripting
- Cross-site request forgery
- Injection attacks
- Sandbox escape
- VM hopping
- VM escape
- Border Gateway Protocol and route hijacking
- Interception attacks
- Denial of service and distributed denial of service
- Social engineering
- VLAN hopping
7.4 Proactive and detective risk reduction
- Hunts
- Developing countermeasures
- Deceptive technologies
- Security data analytics
7.5 Applying preventative risk reduction
- Application control
- Security automation
- Physical security
Module 8: Implementing Incident Response and Forensics Procedures
8.1 Understanding incident response planning
- Understanding the incident response process
- Preparation
- Detection
- Analysis
- Containment
- Eradication and recovery
- Lessons learned
- Specific response playbooks/processes
- Non-automated response methods
- Automated response methods
- Communication plan
8.2 Understanding forensic concepts
- Forensic process
- Chain of custody
- Order of volatility
- Event classifications
- Triage event
- Memory snapshots
- Images
- Evidence preservation
- Cryptanalysis
- Steganalysis
8.3 Using forensic analysis tools
- File carving tools
- Binary analysis tools
- Analysis tools
- Imaging tools
- Hashing utilities
- Using live collection and post-mortem tools
Module 9: Enterprise Mobility and Endpoint Security Controls
9.1 Implementing enterprise mobility management
9.2 Security considerations for mobility management
- The unauthorized remote activation and deactivation of devices or features
- Encrypted and unencrypted communication concerns
- Physical reconnaissance
- Personal data theft
- Health privacy
- The implications of wearable devices
- The digital forensics of collected data
- Unauthorized application stores
- Containerization
- Original equipment manufacturer (OEM) and carrier differences
- Supply chain issues
- The use of an eFuse
9.3 Implementing endpoint security controls
- Hardening techniques
- Compensating controls
Module 10: Security Considerations Impacting Specific Sectors and Operational Technologies
10.1 Identifying regulated business sectors
- Energy sector
- Manufacturing
- Healthcare
- Public utilities
- Public services
- Facility services
10.2 Understanding embedded systems
- Internet of things
- System on a chip
- Application-specific integrated circuits
- Field-programmable gate array
10.3 Understanding ICS/SCADA
- PLCs
- Historian
- Ladder logic
- Safety instrumented system
- Heating, ventilation, and air conditioning
10.4 Understanding OT protocols
- Controller area network bus (CANBus)
- Modbus
- Distributed Network Protocol 3.0
- Zigbee
- Common Industrial Protocol
- Data Distribution Service
Module 11: Implementing Cryptographic Protocols and Algorithms
11.1 Understanding hashing algorithms
- Secure Hashing Algorithm (SHA)
- Hash-Based Message Authentication Code (HMAC)
- Message Digest (MD)
- RACE integrity primitives evaluation message digest (RIPEMD)
11.2 Understanding symmetric encryption algorithms
- Block ciphers
- Stream ciphers
11.2 Understanding asymmetric encryption algorithms
- Rivest, Shamir, and Adleman (RSA)
- Digital Signature Algorithm (DSA)
- Elliptic-curve Digital Signature Algorithm (ECDSA)
- Diffie-Hellman (DH)
- Elliptic-curve Cryptography (ECC)
- Elliptic-curve Diffie-Hellman (ECDH)
11.3 Understanding encryption protocols 414
- Secure Sockets Layer (SSL)/Transport
- Layer Security (TLS)
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Internet Protocol Security (IPSec)
- Secure Shell (SSH)
- Key stretching
- Password salting
- Password-based key derivation function 2 (PBKDF2)
11.4 Understanding emerging security technologies
- Quantum computing
- Blockchain
- Homomorphic encryption
- Biometric impersonation
- 3D printing
Module 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
12.1 Understanding the PKI hierarchy
- Certificate authority
- Registration authority
- Certificate revocation list
- Online Certificate Status Protocol
12.2 Understanding certificate types
- Wildcard certificate
- Extended validation
- Multi-domain
- General-purpose
- Certificate usages/templates
12.3 Understanding PKI security and interoperability
- Trusted certificate providers
- Trust models
- Cross-certification certificate
- Life cycle management
- Certificate pinning
- Certificate stapling
- CSRs
- Common PKI use cases
- Key escrow
12.4 Troubleshooting issues with cryptographic implementations
- Key rotation
- Mismatched keys
- Improper key handling
- Embedded keys
- Exposed private keys
- Crypto shredding
- Cryptographic obfuscation
- Compromised keys
Module 13: Applying Appropriate Risk Strategies
13.1 Understanding risk assessments
- Qualitative risk assessments
- Quantitative risk assessments
13.2 Implementing risk-handling techniques
- Transfer
- Accept
- Avoid
- Mitigate
- Risk types
13.3 Understanding the risk management life cycle
- Department of Defense Risk
- Management Framework
- NIST Cybersecurity Framework (CSF)
- Understanding risk controls
13.4 Understanding risk tracking
- Key performance indicators
- Key risk indicators
- Risk appetite
- Risk tolerance
- Trade-off analysis
13.5 Managing risk with policies and security practices
- Separation of duties (SoD)
- Job rotation
- Mandatory vacation
- Least privilege
- Employment and termination procedures
- Training and awareness for users
- Auditing requirements and frequency
13.6 Explaining the importance of managing and mitigating vendor risk
- Vendor lock-in
- Vendor viability
- Merger or acquisition risk
- Meeting client requirements
- Ongoing vendor assessment tools
Module 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
14.1 Security concerns associated with integrating diverse industries
- Data considerations
- Understanding geographic considerations
- Third-party attestation of compliance
Understanding regulations, accreditations, and standards
- Understanding legal considerations
- Application of contract and agreement types
Module 15: Business Continuity and Disaster Recovery Concepts
15.1 Conducting a business impact analysis
- Maximum Tolerable Downtime (MTD)
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Recovery service level
- Mission-essential functions
- Privacy Impact Assessment (PIA)
- Preparing a Disaster Recovery Plan/Business Continuity Plan
- Backup and recovery methods
15.2 Planning for high availability and automation
- Scalability
- Resiliency
- Automation
- Content Delivery Network (CDN)
- Testing plans
15.3 Explaining how cloud technology aids enterprise resilience
- Using cloud solutions for business continuity and disaster recovery (BCDR)
- Infrastructure versus serverless computing
- Collaboration tools
- Storage configurations
- Cloud Access Security Broker (CASB)
The course content above may change at any time without notice in order to better reflect the contents of the examination.
|