64,15 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
This complete study package includes
* A test-preparation routine proven to help you pass the exams* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Ensuring a secure network architecture* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
This complete study package includes
* A test-preparation routine proven to help you pass the exams* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including
* Ensuring a secure network architecture* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies
Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes
* Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification)* Author of CompTIA A+ Complete Review Guide (Sybex)
* Author of CompTIA Server + Study Guide (Sybex)
* Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)
* Prep test question writer for Network+ Study Guide (Sybex)
* Technical editor for Windows 7 Study Guide (Sybex)
* Contributing author for CCNA-Wireless Study Guide (Sybex)
* Technical editor for CCNA Study Guide, Revision 7 (Sybex)
* Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex)
* Author of Cisco Essentials (Sybex)
* Co-author of CISSP Cert Guide (Pearson IT Certification)
* Prep test question writer for CCNA Wireless 640-722 (Cisco Press)
He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.
He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response...
Erscheinungsjahr: | 2022 |
---|---|
Fachbereich: | Allgemeines |
Genre: | Erziehung & Bildung, Importe |
Rubrik: | Sozialwissenschaften |
Thema: | Lexika |
Medium: | Taschenbuch |
Inhalt: | Kartoniert / Broschiert |
ISBN-13: | 9780137348954 |
ISBN-10: | 0137348959 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Mcmillan, Troy |
Auflage: | 3rd edition |
Hersteller: | Pearson Education |
Verantwortliche Person für die EU: | preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de |
Maße: | 231 x 196 x 48 mm |
Von/Mit: | Troy Mcmillan |
Erscheinungsdatum: | 05.08.2022 |
Gewicht: | 1,61 kg |
Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes
* Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification)* Author of CompTIA A+ Complete Review Guide (Sybex)
* Author of CompTIA Server + Study Guide (Sybex)
* Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)
* Prep test question writer for Network+ Study Guide (Sybex)
* Technical editor for Windows 7 Study Guide (Sybex)
* Contributing author for CCNA-Wireless Study Guide (Sybex)
* Technical editor for CCNA Study Guide, Revision 7 (Sybex)
* Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex)
* Author of Cisco Essentials (Sybex)
* Co-author of CISSP Cert Guide (Pearson IT Certification)
* Prep test question writer for CCNA Wireless 640-722 (Cisco Press)
He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.
He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.
Introduction I
Part I: Security Architecture
Chapter 1 Ensuring a Secure Network Architecture 3
Services 3
Load Balancer 3
Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3
Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6
Web Application Firewall (WAF) 6
Network Access Control (NAC) 8
Virtual Private Network (VPN) 10
Domain Name System Security Extensions (DNSSEC) 11
Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11
Network Address Translation (NAT) Gateway 19
Internet Gateway 21
Forward/Transparent Proxy 21
Reverse Proxy 22
Distributed Denial-of-Service (DDoS) Protection 22
Routers 22
Mail Security 26
Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30
Traffic Mirroring 30
Sensors 32
Segmentation 39
Microsegmentation 40
Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40
Jump Box 43
Screened Subnet 44
Data Zones 44
Staging Environments 45
Guest Environments 45
VPC/Virtual Network (VNET) 45
Availability Zone 46
NAC Lists 47
Policies/Security Groups 47
Regions 49
Access Control Lists (ACLs) 49
Peer-to-Peer 49
Air Gap 49
De-perimeterization/Zero Trust 49
Cloud 50
Remote Work 50
Mobile 50
Outsourcing and Contracting 52
Wireless/Radio Frequency (RF) Networks 53
Merging of Networks from Various Organizations 58
Peering 59
Cloud to on Premises 59
Data Sensitivity Levels 59
Mergers and Acquisitions 60
Cross-domain 61
Federation 61
Directory Services 61
Software-Defined Networking (SDN) 62
Open SDN 63
Hybrid SDN 64
SDN Overlay 64
Exam Preparation Tasks 66
Chapter 2 Determining the Proper Infrastructure Security Design 73
Scalability 73
Vertically 73
Horizontally 74
Resiliency 74
High Availability/Redundancy 74
Diversity/Heterogeneity 75
Course of Action Orchestration 75
Distributed Allocation 76
Replication 76
Clustering 76
Automation 76
Autoscaling 76
Security Orchestration, Automation, and Response (SOAR) 77
Bootstrapping 77
Performance 77
Containerization 78
Virtualization 79
Content Delivery Network 79
Caching 80
Exam Preparation Tasks 81
Chapter 3 Securely Integrating Software Applications 85
Baseline and Templates 85
Baselines 85
Create Benchmarks and Compare to Baselines 85
Templates 86
Secure Design Patterns/Types of Web Technologies 87
Container APIs 88
Secure Coding Standards 89
Application Vetting Processes 90
API Management 91
Middleware 91
Software Assurance 92
Sandboxing/Development Environment 92
Validating Third-Party Libraries 93
Defined DevOps Pipeline 93
Code Signing 94
Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95
Considerations of Integrating Enterprise Applications 100
Customer Relationship Management (CRM) 100
Enterprise Resource Planning (ERP) 100
Configuration Management Database (CMDB) 101
Content Management System (CMS) 101
Integration Enablers 101
Integrating Security into Development Life Cycle 103
Formal Methods 103
Requirements 103
Fielding 104
Insertions and Upgrades 104
Disposal and Reuse 104
Testing 105
Development Approaches 109
Best Practices 117
Exam Preparation Tasks 119
Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125
Data Loss Prevention 125
Blocking Use of External Media 125
Print Blocking 126
Remote Desktop Protocol (RDP) Blocking 126
Clipboard Privacy Controls 127
Restricted Virtual Desktop Infrastructure (VDI) Implementation 128
Data Classification Blocking 128
Data Loss Detection 129
Watermarking 129
Digital Rights Management (DRM) 129
Network Traffic Decryption/Deep Packet Inspection 130
Network Traffic Analysis 130
Data Classification, Labeling, and Tagging 130
Metadata/Attributes 130
Obfuscation 131
Tokenization 131
Scrubbing 131
Masking 132
Anonymization 132
Encrypted vs. Unencrypted 132
Data Life Cycle 132
Create 132
Use 133
Share 133
Store 133
Archive or Destroy 133
Data Inventory and Mapping 133
Data Integrity Management 134
Data Storage, Backup, and Recovery 134
Redundant Array of Inexpensive Disks (RAID) 138
Exam Preparation Tasks 143
Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149
Credential Management 149
Password Repository Application 149
Hardware Key Manager 150
Privileged Access Management 151
Privilege Escalation 151
Password Policies 151
Complexity 153
Length 153
Character Classes 153
History 154
Maximum/Minimum Age 154
Auditing 155
Reversable Encryption 156
Federation 156
Transitive Trust 156
OpenID 156
Security Assertion Markup Language (SAML) 157
Shibboleth 158
Access Control 159
Mandatory Access Control (MAC) 160
Discretionary Access Control (DAC) 160
Role-Based Access Control 161
Rule-Based Access Control 161
Attribute-Based Access Control 161
Protocols 162
Remote Authentication Dial-in User Service (RADIUS) 162
Terminal Access Controller Access Control System (TACACS) 163
Diameter 164
Lightweight Directory Access Protocol (LDAP) 164
Kerberos 165
OAuth 166
802.1X 166
Extensible Authentication Protocol (EAP) 167
Multifactor Authentication (MFA) 168
Knowledge Factors 169
Ownership Factors 169
Characteristic Factors 170
Physiological Characteristics 170
Behavioral Characteristics 171
Biometric Considerations 172
2-Step Verification 173
In-Band 174
Out-of-Band 174
One-Time Password (OTP) 175
HMAC-Based One-Time Password (HOTP) 175
Time-Based One-Time Password (TOTP) 175
Hardware Root of Trust 176
Single Sign-On (SSO) 177
JavaScript Object Notation (JSON) Web Token (JWT) 178
Attestation and Identity Proofing 179
Exam Preparation Tasks 180
Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185
Virtualization Strategies 185
Type 1 vs. Type 2 Hypervisors 186
Containers 187
Emulation 188
Application Virtualization 189
VDI 189
Provisioning and Deprovisioning 189
Middleware 190
Metadata and Tags 190
Deployment Models and Considerations 190
Business Directives 191
Cloud Deployment Models 192
Hosting Models 193
Multitenant 193
Single-Tenant 194
Service Models 194
Software as a Service (SaaS) 194
Platform as a Service (PaaS) 194
Infrastructure as a Service (IaaS) 195
Cloud Provider Limitations 196
Internet Protocol (IP) Address Scheme 196
VPC Peering 196
Extending Appropriate On-premises Controls 196
Storage Models 196
Object Storage/File-Based Storage 197
Database Storage 197
Block Storage 198
Blob Storage 198
Key-Value Pairs 198
Exam Preparation Tasks 199
Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203
Privacy and Confidentiality Requirements 203
Integrity Requirements 204
Non-repudiation 204
Compliance and Policy Requirements 204
Common Cryptography Use Cases 205
Data at Rest 205
Data in Transit 205
Data in Process/Data in Use 205
Protection of Web Services 206
Embedded Systems 206
Key Escrow/Management 207
Mobile Security 209
Secure Authentication 209
Smart Card 209
Common PKI Use Cases 210
Web Services 210
Email 210
Code Signing 211
Federation 211
Trust Models 212
VPN 212
Enterprise and Security Automation/Orchestration 213
Exam Preparation Tasks 214
Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219
Artificial Intelligence 219
Machine Learning 220
Quantum Computing 220
Blockchain 220
Homomorphic Encryption 221
Secure Multiparty Computation 221
Private Information Retrieval 221
Secure Function Evaluation 221
Private Function Evaluation 221
Distributed Consensus 221
Big Data 222
Virtual/Augmented Reality 223
3-D Printing 224
Passwordless Authentication 224
Nano Technology 225
Deep Learning 225
Natural Language Processing 225
Deep Fakes 226
Biometric Impersonation 226
Exam Preparation Tasks 227
Part II: Security Operations
Chapter 9 Performing Threat Management Activities 231
Intelligence Types 231
Tactical 231
Strategic 232
Operational 232
Actor Types 233
Advanced Persistent Threat (APT)/Nation-State 233
Insider Threat 234
Competitor 234
Hacktivist 234
Script Kiddie 235
Organized Crime 235
Threat Actor Properties 235
Resource 235
Supply Chain Access 235
Create Vulnerabilities 236
Capabilities/Sophistication 236
Identifying Techniques 237
Intelligence Collection Methods 237
Intelligence Feeds 237
Deep Web 237
Proprietary 238
Open-Source Intelligence (OSINT) 238
Human Intelligence (HUMINT) 243
Frameworks 243
MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243
Diamond Model of Intrusion Analysis 245
Cyber Kill Chain 246
Exam Preparation Tasks 246
Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response...
Erscheinungsjahr: | 2022 |
---|---|
Fachbereich: | Allgemeines |
Genre: | Erziehung & Bildung, Importe |
Rubrik: | Sozialwissenschaften |
Thema: | Lexika |
Medium: | Taschenbuch |
Inhalt: | Kartoniert / Broschiert |
ISBN-13: | 9780137348954 |
ISBN-10: | 0137348959 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Mcmillan, Troy |
Auflage: | 3rd edition |
Hersteller: | Pearson Education |
Verantwortliche Person für die EU: | preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de |
Maße: | 231 x 196 x 48 mm |
Von/Mit: | Troy Mcmillan |
Erscheinungsdatum: | 05.08.2022 |
Gewicht: | 1,61 kg |