CompTIA CASP+ (CAS-003)

Introduction

• Before You Begin the CompTIA CASP+ Certification Exam
• Who Should Read This Course
• What You Will Learn
• How This Course Is Organized
• How to Use This Course
• Tips for Taking the CASP+ Exam
• The CASP+ (2018 Edition) Exam Objective Map

Cryptographic Tools and Techniques

• The History of Cryptography
• Cryptographic Services
• Symmetric Encryption
• Asymmetric Encryption
• Hybrid Encryption
• Hashing
• Digital Signatures
• Public Key Infrastructure
• Implementation of Cryptographic Solutions
• Cryptographic Attacks
• Exam Essentials
• Summary

Comprehensive Security Solutions

• Advanced Network Design
• TCP/IP
• Secure Communication Solutions
• Secure Facility Solutions
• Secure Network Infrastructure Design
• Summary
• Exam Essentials

Securing Virtualized, Distributed, and Shared Computing

• Enterprise Security
• Cloud Computing
• Virtualization
• Virtual LANs
• Virtual Networking and Security Components
• Enterprise Storage
• Summary
• Exam Essentials

Host Security

• Firewalls and Network Access Control
• Host-Based Firewalls
• Persistent Agent
• Non-Persistent Agent
• Agent-Based Technology
• Agentless-Based Technology
• Trusted Operating Systems
• Endpoint Security Solutions
• Anti-Malware
• Host Hardening
• Asset Management
• Data Exfiltration
• Intrusion Detection and Prevention
• Network Management, Monitoring, and Security Tools
• Summary
• Exam Essentials

Application Security and Penetration Testing

• Application Security Design Considerations
• Specific Application Issues
• Application Sandboxing
• Application Security Frameworks
• Software Assurance
• Development Approaches
• Secure Coding Standards
• Documentation
• Validation and Acceptance Testing
• Application Exploits
• Privilege Escalation
• Improper Storage of Sensitive Data
• Secure Cookie Storage and Transmission
• Context-Aware Management
• Malware Sandboxing
• Pivoting
• Open-Source Intelligence
• Memory Dumping
• Client-Side Processing vs. Server-Side Processing
• Security Assessments and Penetration Testing
• Red, Blue, and White Teaming
• Vulnerability Assessment Areas
• Security Assessment and Penetration Test Tools
• Summary
• Exam Essentials

Risk Management

• Risk Terminology
• Identifying Vulnerabilities
• Operational Risks
• The Risk Assessment Process
• Best Practices for Risk Assessments
• Summary
• Exam Essentials
• Resources

Policies, Procedures, and Incident Response

• A High-Level View of Documentation
• Business Documents Used to Support Security
• Documents and Controls Used for Sensitive Information
• Training and Awareness for Users
• Auditing Requirements and Frequency
• The Incident Response Framework
• Incident and Emergency Response
• Summary
• Exam Essentials

Security Research and Analysis

• Applying Research Methods to Determine Industry Trends and Their Impact on the Enterprise
• Analyze Scenarios to Secure the Enterprise
• Summary
• Exam Essentials

Enterprise Security Integration

• Integrate Enterprise Disciplines to Achieve Secure Solutions
• Integrate Hosts, Storage, Networks, and Applications into a Secure Enterprise Architecture
• Integrate Mobility Management
• Summary
• Exam Essentials

Security Controls for Communication and Collaboration

• Selecting the Appropriate Control to Secure Communications and Collaboration Solutions
• Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives
• Implement Security Activities across the Technology Life Cycle
• Physical Security Tools for Security Assessment
• Summary
• Exam Essentials

Appendix: 3D Avatar-based Simulation