課程名稱:CompTIA Advanced Security Practitioner CASP+ 國際認可證書課程
- 簡稱:CASP+ Training Course |
1. Designing a Secure Network Architecture
1.1 Physical, virtual network and security devices
1.1.1 OSI model
1.1.2 Unified threat management
1.1.3 IDS/IPS
1.1.4 Network IDS versus NIPS
1.1.5 Wireless IPS
1.1.6 Inline Encryptors
1.1.7 Network access control
1.1.8 SIEM
1.1.9 Switches
1.1.10 Firewalls
1.1.11 Routers
1.1.12 Proxy
1.1.13 Network address translation gateway
1.1.14 Load balancer
1.1.15 Hardware security module
1.2 Application- and protocol-aware technologies
1.2.1 DLP
1.2.2 WAF
1.2.3 Database activity monitoring
1.2.4 Spam filter
1.2.5 Advanced network design
1.2.6 Remote access
1.2.7 VPN
1.2.8 IPsec
1.2.9 SSH
1.2.10 Remote Desktop Protocol
1.2.11 Virtual Network Computing
1.2.12 Reverse proxy
1.2.13 Network authentication methods
1.2.14 Placement of hardware and applications
1.3 Network management and monitoring tools
1.3.1 Alert definitions and rule writing
1.3.2 Advanced configuration of network devices
1.3.3 Transport security
1.3.4 Port security
1.3.5 Route protection
1.3.6 Distributed DoS protection
1.3.7 Remotely triggered black hole
1.4 Security zones
1.4.1 DMZ
2. Integrating Software Applications into the Enterprise
2.1 Integrating security into the development life cycle
2.1.1 Systems development life cycle
2.1.2 Development approaches
2.1.3 Versioning
2.2 Software assurance
2.2.1 Sandboxing/development environment
2.2.2 Validating third-party libraries
2.2.3 SecDevOps
2.2.4 Defining the DevOps pipeline
2.3 Baseline and templates
2.3.1 Secure coding standards
2.3.2 Application vetting processes
2.3.3 Hypertext Transfer Protocol
2.3.4 (HTTP) headers
2.3.5 Application Programming Interface (API) management
2.4 Considerations when integrating enterprise applications
2.4.1 Customer relationship management (CRM)
2.4.2 Enterprise resource planning (ERP)
2.4.3 Configuration Management Database (CMDB)
2.4.4 Content management systems
2.5 Integration enablers
2.5.1 Directory services
2.5.2 Domain name system
2.5.3 Service-oriented architecture
2.5.4 Enterprise service bus
3. Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
3.1 Implementing data loss prevention
3.1.1 Blocking the use of external media
3.1.2 Print blocking
3.1.3 Remote Desktop Protocol blocking
3.2 Implementing data loss detection
3.2.1 Watermarking
3.2.2 Digital rights management
3.2.3 Network traffic decryption/deep packet inspection
3.2.4 Network traffic analysis
3.3 Enabling data protection
3.3.1 Data classification
3.3.2 Metadata/attributes
3.3.3 Obfuscation
3.3.4 Anonymization
3.3.5 Encrypted versus unencrypted
3.3.6 Data life cycle
3.3.7 Data inventory and mapping
3.3.8 Data integrity management
3.3.9 Data storage, backup, and recovery
3.3.10 Redundant array of inexpensive disks
3.4 Implementing secure cloud and virtualization solutions
3.4.1 Virtualization strategies
3.4.2 Security considerations for virtualization
3.5 Investigating cloud deployment models
3.5.1 Deployment models and considerations
3.5.2 Private cloud
3.5.3 Public cloud
3.5.4 Hybrid cloud
3.5.5 Hosting models
3.5.6 Service models
3.5.7 Software as a service
3.5.8 Platform as a service
3.5.9 Infrastructure as a service
3.5.10 Cloud provider limitations
3.6 Extending appropriate on-premises controls
3.6.1 Micro-segmentation
3.6.2 Jump box
3.6.3 Examining cloud storage models
3.6.4 File-based storage
3.6.5 Database storage
3.6.6 Block storage
3.6.7 Blob storage
3.6.8 Key/value pairs
4. Deploying Enterprise Authentication and Authorization Controls
4.1 Credential management
4.1.1 Single Sign-On (SSO)
4.1.2 Password repository applications
4.1.3 On-premises versus cloud password repository
4.1.4 Hardware key manager
4.1.5 Privileged access management
4.1.6 Password policies
4.2 Identity federation
4.2.1 Transitive trust
4.2.2 OpenID
4.2.3 Security Assertion Markup Language (SAML)
4.3 Access control
4.3.1 Mandatory Access Control (MAC)
4.3.2 Discretionary Access Control (DAC)
4.3.3 Role-based access control
4.3.4 Rule-based access control
4.3.5 Attribute-based access control
4.4 Authentication and authorization protocols
4.4.1 Remote Authentication Dial-In User Server (RADIUS)
4.4.2 Terminal Access Controller Access Control System (TACACS)
4.4.3 Diameter
4.4.4 Lightweight Directory Access Protocol (LDAP)
4.4.5 Kerberos
4.4.6 OAuth
4.4.7 802.1X
4.4.8 Extensible Authentication Protocol (EAP)
4.5 Multi-Factor Authentication (MFA)
4.5.1 Two-Factor Authentication (2FA)
4.5.2 Two-step verification
4.5.3 In-band authentication
4.5.4 Out-of-Band Authentication (OOBA)
4.5.5 One-Time Password (OTP)
4.5.6 HMAC-based One-Time Password (HOTP)
4.5.7 Time-based One-Time Password (TOTP)
4.5.8 Hardware root of trust
4.5.9 JWT
5. Threat and Vulnerability Management
5.1 Intelligence types
5.1.1 Tactical intelligence
5.1.2 Strategic intelligence
5.1.3 Operational intelligence
5.1.4 Commodity malware
5.1.5 Targeted attacks
5.2 Actor types
5.2.1 Advanced persistent threat – nation-state
5.2.2 Insider threat
5.2.3 Competitor
5.2.4 Hacktivist
5.2.5 Script kiddie
5.2.6 Organized crime
5.3 Threat actor properties
5.3.1 Resources
5.3.2 Time
5.3.3 Money
5.3.4 Supply chain access
5.3.5 Capabilities and sophistication
5.3.6 Identifying techniques
5.4 Intelligence collection methods
5.4.1 Intelligence feeds
5.4.2 Deep web
5.4.3 Proprietary intelligence
5.4.4 Open source intelligence
5.4.5 Human intelligence
5.5 Frameworks
5.5.1 MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
5.5.2 ATT&CK for industrial control systems
5.5.3 The Diamond model of intrusion analysis
5.5.4 Cyber Kill Chain
5.5.5 Threat hunting
5.5.6 Threat emulation
5.6 Indicators of compromise
5.6.1 Packet capture
5.6.2 Logs
5.6.3 Network logs
5.6.4 Vulnerability logs
5.6.5 Operating system logs
5.6.6 Access logs
5.6.7 NetFlow logs
5.6.8 Notifications
5.6.9 File integrity monitoring alerts
5.6.10 SIEM alerts
5.6.11 Data loss prevention alerts
5.6.12 Intrusion detection system and intrusion prevention system alerts
5.6.13 Antivirus alerts
5.6.14 Notification severity and priorities
5.7 Responses
5.7.1 Firewall rules
5.7.2 Intrusion prevention system and intrusion detection system rules
5.7.3 Access control list rules
5.7.4 Signature rules
5.7.5 Behavior rules
5.7.6 Data loss prevention rules
5.7.7 Scripts/regular expressions
6. Vulnerability Assessment and Penetration Testing Methods and Tools
6.1 Vulnerability scans
6.1.1 Credentialed versus non-credentialed scans
6.1.2 Agent-based/server-based
6.1.3 Criticality ranking
6.1.4 Active versus passive scans
6.2 Security Content Automation Protocol (SCAP)
6.2.1 Extensible Configuration Checklist Description Format (XCCDF)
6.2.2 Open Vulnerability and Assessment Language (OVAL)
6.2.3 Common Platform Enumeration (CPE)
6.2.4 Common Vulnerabilities and Exposures (CVE)
6.2.5 Common Vulnerability Scoring System (CVSS)
6.2.6 Common Configuration Enumeration (CCE)
6.2.7 Asset Reporting Format (ARF)
6.2.8 Self-assessment versus third-party vendor assessment
6.2.9 Patch management
6.3 Information sources
6.3.1 Advisories
6.3.2 Bulletins
6.3.3 Vendor websites
6.3.4 Information Sharing and Analysis
6.3.5 News reports
6.4 Testing methods
6.4.1 Static analysis
6.4.2 Dynamic analysis
6.4.3 Side-channel analysis
6.4.4 Wireless vulnerability scan
6.4.5 Software Composition Analysis (SCA)
6.4.6 Fuzz testing
6.5 Penetration testing
6.5.1 Requirements
6.5.2 Box testing
6.5.3 Post-exploitation
6.5.4 Persistence
6.5.5 Pivoting
6.5.6 Rescanning for corrections/changes
6.6 Security tools
6.6.1 SCAP scanner
6.6.2 Network traffic analyzer
6.6.3 Vulnerability scanner
6.6.4 Protocol analyzer
6.6.5 Port scanner
6.6.6 HTTP interceptor
6.6.7 Exploit framework
6.6.8 Password crackers
6.6.9 Dependency management tools
7. Risk Mitigation Controls
7.1 Understanding application vulnerabilities
7.1.1 Race conditions
7.1.2 Buffer overflows
7.1.3 Integer overflow
7.1.4 Broken authentication
7.1.5 Insecure references
7.1.6 Poor exception handling
7.1.7 Security misconfiguration
7.1.8 Information disclosure
7.1.9 Certificate errors
7.1.10 Weak cryptography implementations
7.1.11 Weak ciphers
7.1.12 Software composition analysis
7.1.13 Use of vulnerable frameworks and software modules
7.1.14 Use of unsafe functions
7.1.15 Third-party libraries
7.1.16 Dependencies
7.1.17 End-of-support and end-of-life
7.1.18 Regression issues
7.2 Assessing inherently vulnerable systems and applications
7.2.1 Client-side processing and server-side processing
7.2.2 JSON and representational state transfer
7.2.3 Browser extensions
7.2.4 Hypertext Markup Language 5 (HTML5)
7.2.5 Asynchronous JavaScript and XML (AJAX)
7.2.6 Simple Object Access Protocol (SOAP)
7.3 Recognizing common attacks
7.3.1 Directory traversal
7.3.2 Cross-site scripting
7.3.3 Cross-site request forgery
7.3.4 Injection attacks
7.3.5 Sandbox escape
7.3.6 VM hopping
7.3.7 VM escape
7.3.8 Border Gateway Protocol and route hijacking
7.3.9 Interception attacks
7.3.10 Denial of service and distributed denial of service
7.3.11 Social engineering
7.3.12 VLAN hopping
7.4 Proactive and detective risk reduction
7.4.1 Hunts
7.4.2 Developing countermeasures
7.4.3 Deceptive technologies
7.4.4 Security data analytics
7.5 Applying preventative risk reduction
7.5.1 Application control
7.5.2 Security automation
7.5.3 Physical security
8. Implementing Incident Response and Forensics Procedures
8.1 Understanding incident response planning
8.1.1 Understanding the incident response process
8.1.2 Preparation
8.1.3 Detection
8.1.4 Analysis
8.1.5 Containment
8.1.6 Eradication and recovery
8.1.7 Lessons learned
8.1.8 Specific response playbooks/processes
8.1.9 Non-automated response methods
8.1.10 Automated response methods
8.1.11 Communication plan
8.2 Understanding forensic concepts
8.2.1 Forensic process
8.2.2 Chain of custody
8.2.3 Order of volatility
8.2.4 Memory snapshots
8.2.5 Images
8.2.6 Evidence preservation
8.2.7 Cryptanalysis
8.2.8 Steganalysis
8.3 Using forensic analysis tools
8.3.1 File carving tools
8.3.2 Binary analysis tools
8.3.3 Analysis tools
8.3.4 ExifTool
8.3.5 Imaging tools
8.3.6 Hashing utilities
8.3.7 Using live collection and post-mortem tools
9. Enterprise Mobility and Endpoint Security Controls
9.1 Implementing enterprise mobility management
9.1.1 Managed configurations
9.1.2 Application control
9.1.3 Passwords
9.1.4 Multi-factor authentication requirements
9.1.5 Patch repositories
9.1.6 Patch repositories
9.1.7 Firmware over-the-air (FOTA)
9.1.8 Remote wipe options
9.1.9 Wi-Fi
9.1.10 Wi-Fi protected access (WPA2/3)
9.1.11 Device certificates
9.1.12 Device profiles
9.1.13 Bluetooth
9.1.14 Near-field communication
9.1.15 Peripherals
9.1.16 Geofencing
9.1.17 Geotagging
9.1.18 Full device encryption
9.1.19 Tethering
9.1.20 Airplane mode
9.1.21 Location services
9.1.22 DNS over HTTPS (DoH)
9.1.23 Custom DNS settings
9.1.24 Deployment scenarios
9.1.25 Bring your own device challenges
9.1.26 Corporate-owned devices
9.1.27 Corporate-owned, personally enabled (COPE) devices
9.1.28 Choose your own device (CYOD) challenges
9.2 Security considerations for mobility management
9.2.1 The unauthorized remote activation and deactivation of devices or features
9.2.2 Encrypted and unencrypted communication concerns
9.2.3 Physical reconnaissance
9.2.4 Personal data theft
9.2.5 Health privacy
9.2.6 The implications of wearable devices
9.2.7 The digital forensics of collected data
9.2.8 Unauthorized application stores
9.2.9 Containerization
9.2.10 Original equipment manufacturer (OEM) and carrier differences
9.2.11 Supply chain issues
9.2.12 The use of an eFuse
9.3 Implementing endpoint security controls
9.3.1 Hardening techniques
9.3.2 Compensating controls
10. Security Considerations Impacting Specific Sectors and Operational Technologies
10.1 Identifying regulated business sectors
10.1.1 Energy sector
10.1.2 Manufacturing
10.1.3 Healthcare
10.1.4 Public utilities
10.1.5 Public services
10.1.6 Facility services
10.2 Understanding embedded systems
10.2.1 Internet of things
10.2.2 System on a chip
10.2.3 Application-specific integrated circuits
10.2.4 Field-programmable gate array
10.3 Understanding ICS/SCADA
10.3.1 PLCs
10.3.2 Historian
10.3.3 Ladder logic
10.3.4 Safety instrumented system
10.3.5 Heating, ventilation, and air conditioning
10.4 Understanding OT protocols
10.4.1 Controller area network bus (CANBus)
10.4.2 Modbus
10.4.3 Distributed Network Protocol 3.0
10.4.4 Zigbee
10.4.5 Common Industrial Protocol
10.4.6 Data Distribution Service
11. Implementing Cryptographic Protocols and Algorithms
11.1 Understanding hashing algorithms
11.1.1 Secure Hashing Algorithm (SHA)
11.1.2 Hash-Based Message Authentication Code (HMAC)
11.1.3 Message Digest (MD)
11.1.4 RACE integrity primitives evaluation message digest (RIPEMD)
11.2 Understanding symmetric encryption algorithms
11.2.1 Block ciphers
11.2.2 Stream ciphers
11.3 Understanding asymmetric encryption algorithms
11.3.1 Rivest, Shamir, and Adleman (RSA)
11.3.2 Digital Signature Algorithm (DSA)
11.3.3 Elliptic-curve Digital Signature Algorithm (ECDSA)
11.3.4 Diffie-Hellman (DH)
11.3.5 Elliptic-curve Cryptography (ECC)
11.3.6 Elliptic-curve Diffie-Hellman (ECDH)
11.4 Understanding encryption protocols
11.4.1 Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
11.4.2 Secure/Multipurpose Internet Mail Extensions (S/MIME)
11.4.3 Internet Protocol Security (IPSec)
11.4.4 Secure Shell (SSH)
11.4.5 Key stretching
11.4.6 Password salting
11.4.7 Password-based key derivation function 2 (PBKDF2)
11.5 Understanding emerging security technologies
11.5.1 Quantum computing
11.5.2 Blockchain
11.5.3 Homomorphic encryption
11.5.4 Biometric impersonation
11.5.5 3D printing
12. Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
12.1 Understanding the PKI hierarchy
12.1.1 Certificate authority
12.1.2 Registration authority
12.1.3 Certificate revocation list
12.1.4 Online Certificate Status Protocol
12.2 Understanding certificate types
12.2.1 Wildcard certificate
12.2.2 Extended validation
12.2.3 Multi-domain
12.2.4 General-purpose
12.2.5 Certificate usages/templates
12.3 Understanding PKI security and interoperability
12.3.1 Trusted certificate providers
12.3.2 Trust models
12.3.3 Cross-certification certificate
12.3.4 Life cycle management
12.3.5 Certificate pinning
12.3.6 Certificate stapling
12.3.7 CSRs
12.3.8 Common PKI use cases
12.3.9 Key escrow
12.4 Troubleshooting issues with cryptographic implementations
12.4.1 Key rotation
12.4.2 Mismatched keys
12.4.3 Improper key handling
12.4.4 Embedded keys
12.4.5 Exposed private keys
12.4.6 Crypto shredding
12.4.7 Cryptographic obfuscation
12.4.8 Compromised keys
13. Applying Appropriate Risk Strategies
13.1 Understanding risk assessments
13.1.1 Qualitative risk assessments
13.1.2 Quantitative risk assessments
13.1.3 Gap analysis
13.2 Implementing risk-handling techniques
13.2.1 Transfer
13.2.2 Accept
13.2.3 Avoid
13.2.4 Mitigate
13.2.5 Risk types
13.3 Understanding the risk management life cycle
13.3.1 Department of Defense Risk Management Framework
13.3.2 NIST Cybersecurity Framework (CSF)
13.3.3 Understanding risk controls
13.4 Understanding risk tracking
13.4.1 Key performance indicators
13.4.2 Key risk indicators
13.4.3 Risk appetite
13.4.4 Risk tolerance
13.4.5 Trade-off analysis
13.5 Managing risk with policies and security practices
13.5.1 Separation of duties (SoD)
13.5.2 Job rotation
13.5.3 Mandatory vacation
13.5.4 Least privilege
13.5.5 Employment and termination procedures
13.5.6 Training and awareness for users
13.5.7 Auditing requirements and frequency
13.6 Explaining the importance of managing and mitigating vendor risk
13.6.1 Vendor lock-in
13.6.2 Vendor Lock-Out
13.6.3 Vendor viability
13.6.4 Merger or acquisition risk
13.6.5 Meeting client requirements
13.6.6 Ongoing vendor assessment tools
14. Compliance Frameworks, Legal Considerations, and Their Organizational Impact
14.1 Security concerns associated with integrating diverse industries
14.1.1 Data considerations
14.1.2 Understanding geographic considerations
14.1.3 Third-party attestation of compliance
14.2 Understanding regulations, accreditations, and standards
14.2.1 Understanding legal considerations
14.2.2 Application of contract and agreement types
15. Business Continuity and Disaster Recovery Concepts
15.1 Conducting a business impact analysis
15.1.1 Maximum Tolerable Downtime (MTD)
15.1.2 Recovery Time Objective (RTO)
15.1.3 Recovery Point Objective (RPO)
15.1.4 Recovery service level
15.1.5 Mission-essential functions
15.1.6 Privacy Impact Assessment (PIA)
15.1.7 Preparing a Disaster Recovery Plan/Business Continuity Plan
15.1.8 Backup and recovery methods
15.2 Planning for high availability and automation
15.2.1 Scalability
15.2.2 Resiliency
15.2.3 Automation
15.2.4 Content Delivery Network (CDN)
15.2.5 Testing plans
15.3 Explaining how cloud technology aids enterprise resilience
15.3.1 Using cloud solutions for business continuity and disaster recovery (BCDR)
15.3.2 Infrastructure versus serverless computing
15.3.3 Collaboration tools
15.3.4 Storage configurations
15.3.5 Cloud Access Security Broker (CASB)
16. Operations Security and Safety
16.1 Physical/Logical Operations
16.1.1 Facilities and Redundancy
16.1.2 American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE)
16.1.3 Power Redundancy
16.1.4 Power Provider Redundancy
16.1.5 Power Line Redundancy
16.1.6 Power Conditioning and Distribution Redundancy
16.1.7 Communications Redundancy
16.1.8 Personnel Redundancy
16.1.9 Security Redundancy
16.1.10 Holistic Redundancy: The Uptime Institute Tiers
16.1.11 Virtualization Operations
16.1.12 Instance Isolation
16.1.13 Storage Operations
16.1.14 Physical and Logical Isolation
16.2 Security Operations Center
16.2.1 Continuous Monitoring
16.2.2 Incident Management
|
繳付學費,過程簡便!
