Architect, engineer, integrate, and implement security across increasingly complex, hybrid enterprise networks

Key Features

• Learn how to apply industry best practices and earn the CASP+ certification
• Explore over 400 CASP+ questions to test your understanding of key concepts and help you prepare for the exam
• Discover over 300 illustrations and diagrams that will assist you in understanding advanced CASP+ concepts

Book Description

CompTIA Advanced Security Practitioner (CASP+) ensures that security practitioners stay on top of the ever-changing security landscape. The CompTIA CASP+ CAS-004 Certification Guide offers complete, up-to-date coverage of the CompTIA CAS-004 exam so you can take it with confidence, fully equipped to pass on the first attempt.

Written in a clear, succinct way with self-assessment questions, exam tips, and mock exams with detailed explanations, this book covers security architecture, security operations, security engineering, cryptography, governance, risk, and compliance. You'll begin by developing the skills to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. Moving on, you'll discover how to monitor and detect security incidents, implement incident response, and use automation to proactively support ongoing security operations. The book also shows you how to apply security practices in the cloud, on-premises, to endpoints, and to mobile infrastructure. Finally, you'll understand the impact of governance, risk, and compliance requirements throughout the enterprise.

By the end of this CASP study guide, you'll have covered everything you need to pass the CompTIA CASP+ CAS-004 certification exam and have a handy reference guide.

What you will learn

• Understand Cloud Security Alliance (CSA) and the FedRAMP programs
• Respond to Advanced Persistent Threats (APT) by deploying hunt teams
• Understand the Cyber Kill Chain framework as well as MITRE ATT&CK and Diamond Models
• Deploy advanced cryptographic solutions using the latest FIPS standards
• Understand compliance requirements for GDPR, PCI, DSS, and COPPA
• Secure Internet of Things (IoT), Industrial control systems (ICS), and SCADA
• Plan for incident response and digital forensics using advanced tools

Who this book is for

This CompTIA book is for CASP+ CAS-004 exam candidates who want to achieve CASP+ certification to advance their career. Security architects, senior security engineers, SOC managers, security analysts, IT cybersecurity specialists/INFOSEC specialists, and cyber risk analysts will benefit from this book. Experience in an IT technical role or CompTIA Security+ certification or equivalent is assumed.

Table of Contents

1. Designing a Secure Network Architecture
2. Integrating Software Applications into the Enterprise
3. Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
4. Deploying Enterprise Authentication and Authorization Controls
5. Threat and Vulnerability Management
6. Vulnerability Assessment and Penetration Testing Methods and Tools
7. Risk Mitigation Controls
8. Implementing Incident Response and Forensics Procedures
9. Enterprise Mobility and Endpoint Security Controls
10. Security Considerations Impacting Specific Sectors and Operational Technologies
11. Implementing Cryptographic Protocols and Algorithms
12. Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
13. Applying Appropriate Risk Strategies Compliance Frameworks, Legal Considerations, and Their Organizational Impact
14. Business Continuity and Disaster Recovery Concepts
15. Mock Exam 1
16. Mock Exam 2

About the Author

Mark Birch is an experienced courseware developer and teacher in both information systems and cyber-security. Mark has been developing content and teaching CompTIA CASP since its inception in 2011 and understands the subject area in depth. Mark began his career working within the aerospace industry (for a major defense contractor) and has over 30 years’ experience consulting, engineering and deploying secure information systems. He has spent over 20 years working with the United States Military and United Kingdom Armed Forces, helping many students attain their learning goals. Mark has ensured that Soldiers, Officers and civilians have had the best opportunities to gain cyber-security accreditation.