CompTIA Advanced Security Practitioner (CASP+ Exam CAS-003)

Explore how business and industry influences shape the life of a security professional, highlighting the factors that impact decision-making and security strategy.

Explore ongoing risk management within the IT department, examining how business objectives, politics, policies, legal requirements, regulations, partnerships, and emerging technology shape security decisions to prevent incidents.

Navigate the never-ending cycle of new technologies with formal risk management that updates risk profiles as tech evolves, while monitoring user behavior and aligning training with mobile and cloud-based trends.

Analyze how business models, partnerships, mergers, and outsourcing alter risk profiles and security needs. Identify the role of third party connection agreements, data handling, regulatory demands, and multi-country legal considerations.

Explore cloud technologies across private, public, hybrid, and community models, highlighting regulatory requirements and security concerns while detailing resource provisioning like CPUs, memory, storage, and networking.

Assess acquisitions and mergers by conducting due diligence, performing penetration testing, and designing an interconnection security agreement to unify or separate networks while preserving essential security controls.

Form a due diligence team to plan and measure security controls, identify gaps, overlaps, and risks in data movement, and align auditors with a framework for mergers or demergers.

Explore data ownership in business models and mergers, detailing who owns data, whether data merges, and laws, regulations, and standards guiding extraction and protection of health information, financial information, and PII.

Explore data reclassification during acquisitions, mergers, and divestitures, deciding whether to keep data separate or merge it, and design classification models and procedures to protect legally protected data under regulations.

Integrating diverse industries presents security and regulatory challenges, balancing standardization with unit-specific rules. The lecture covers policies, regulations, and export controls during mergers and legal compliance across industries.

Familiarize with common regulations affecting organizations, including Sox, HIPAA, GLBA, CFAA, the Federal Privacy Act, FISMA, Pipita, Basel II, PCI DSS, and the Patriot Act.

Navigate geographic differences in merger integration by balancing language barriers, technology availability, and policy exceptions. Address data sovereignty and varying international regulations, standardization costs, and data type rules across countries.

Clarify where data is stored, who has access, and how backups are encrypted to address data sovereignty. Both the organization and the storage vendor share responsibility for meeting data regulations.

Balance security with performance and usability while considering internal and external influences like competitors, industry regulations, audits, and client requirements to protect reputation and prevent breaches.

De-perimeterization shifts security from fixed edges to evolving network boundaries, as wireless, portable devices, virtualization, and cloud services expand the attack surface and introduce inter-segment controls.

Explore how telecommuting, bring your own device, and mobile devices expand the network perimeter and require network access control to protect data across private, hybrid, and public clouds.

Explore policies and procedures as IT governance documents that protect organizational assets, while examining how policy and process lifecycles are managed and how to support legal compliance.

Adopt a top-down security program guided by management to align policies with goals. See how policies, processes, and procedures relate, with policies guiding procedures and processes, and procedures detailing steps.

Explore the policy life cycle from development to archive, including quality control, approvals, publishing, training, annual reviews, version control, and archival—examples include password policies and data classification.

Explore how policy-driven processes manage change and risk, guiding policy analysis, design, personnel briefing, monitoring, and the creation or retirement of procedures when policies change.

Review policies and processes to reflect organizational, technology, and regulatory changes. Proactively assess business and environmental shifts, document and analyze risks, report to management, and implement security controls, patch management.

Explore common business documents that support security implementation and risk management, including risk assessment with four steps, BIA, interconnection security agreement, MOU, SLA, NDA, BPA, MSA, and SOW.

Consult legal counsel to ensure third party contracts include security requirements, and identify policies, data handling, training, background checks, device reviews, physical security, and governing laws.

Explore procurement bidding documents, including RFP, RFQ/IFB, and RFI, and how organizations use these to gather supplier capabilities, specifications, and other third-party contracts like purchase orders.

Explore how privacy hinges on how personal information is shared, who can access it, and whether messages are confidential or anonymous, with a clear focus on PII.

Master standard security practices, including separation of duties, job rotation, mandatory vacation, least privilege, need to know, incident response, and forensics, plus information classification.

Explore how to create and implement security policies using sans.org templates, covering password, acceptable use, and compliance, with focus on ownership, monitoring, revision history, and change control.

Explore risk mitigation and control by applying a risk management framework to identify risks and implement appropriate controls.

Explore risk mitigation strategies for security professionals, including CIA-based data impact categorization, extreme scenario planning, translating risks into business terms, and selecting controls based on requirements and policies.

Explore the CIA triad and how confidentiality, integrity, and availability secure data; learn how encryption, steganography, data classifications, digital signatures, and checksums maintain integrity and availability with impact levels.

Consult department heads and all stakeholders to determine CIA levels for each asset, document needs, gain early buy-in, and communicate changes before implementation.

Define the aggregate CIA score from Fips 199, and use security categories to determine controls based on organizational loss levels for confidentiality, integrity, and availability.

Select and implement CIA-aligned controls and conduct a gap analysis, addressing compensative, corrective, detective, deterrent, directive, preventative, and recovery controls, plus administrative, logical, and physical access controls.

Examine security management frameworks and methodologies guiding security program, enterprise and security architect frameworks, security controls, governance, and process management, and distinguish standards as best practices from frameworks and methodologies.

Explore a broad range of security and enterprise frameworks, from ISO 27000 to NIST and TOGAF, and learn to select the framework that best fits stakeholder needs and governance.

Perform extreme scenario planning by identifying internal and external threat actors, then analyze them with criteria like skill, limits, visibility, and objectives, ranking risks for protection using FIPS 199.

Conduct a system-specific risk analysis to identify assets, vulnerabilities, and threats; assess probability and impact, and balance risk with countermeasure cost, before mergers, tech deployments, and with senior management support.

Qualitative risk analysis ranks likelihood and damage using intuition, experience, and brainstorming, focus groups, surveys, questionnaires, and meetings, prioritizing risk though subjective and without monetary values.

Apply quantitative risk analysis to assign monetary values to assets, threat frequency, vulnerability severity, and impact. Use equations to calculate total and residual risk, blending qualitative methods for intangible assets.

Quantify risk impact in financial terms using single loss expectancy and annualized loss expectancy. Use asset value and exposure factor with the annualized rate of occurrence to decide on controls.

Evaluate the likelihood of threats by measuring the chance of a risk event impacting the organization, then determine loss potential by combining likelihood with impact to prioritize risks.

Define return on investment as money gained or lost after an investment and use it to evaluate security investments against costs, highlighting downtime, data loss, repair costs, and reputation damage.

Compare upfront costs to expected savings to assess payback for a power backup. Apply net present value with a 10% discount rate to weigh long-term benefits.

Compute the total cost of ownership of risk, including insurance premiums, finance and administrative costs, and losses, then compare it to revenues and industry baselines to find inefficiencies.

Translate technical cyber risk into business terms by bridging the knowledge gap for diverse audiences, from semi-technical staff to board and executives, using data-driven metrics and transparent cost context.

Discipline risk reduction by analyzing ROI and TCO to determine the organization's risk appetite. Master four strategies: avoid, transfer, mitigate, accept, with examples like data center relocation and outsourcing.

Apply NIST-based risk assessment processes using tools, questionnaires, interviews, and reviews to identify threat sources, vulnerabilities, asset valuation, likelihood, and impact, then communicate and maintain the assessment, including residual risk.

Assess asset value and cost by examining tangible assets (computers, supplies, personnel) and intangible assets (data, intellectual property, reputation); evaluate owner value, development work, maintenance costs, potential damage, penalties, then identify vulnerabilities and threats.

Identify vulnerabilities and threats by categorizing threat agents into human, natural, technical, physical, environmental, and operational factors, and combine them with identified threat actors to build a comprehensive risk list.

Explore exemptions, deterrence, inherent risk, and residual risk in risk management, including how government standards and physical access controls shape protection strategies.

Explore business continuity planning to identify the impact of any disaster and implement a viable recovery plan for every function, ensuring organizational operations continue during disruptions.

A business continuity plan examines all disaster-affected areas, including functions, systems, personnel, and facilities, then lists and prioritizes essential services, with emphasis on telecommunications and IT functions.

Senior management defines scope and goals of the BCP and disaster recovery, while the business continuity coordinator leads a cross-functional committee that develops, tests, and implements the BCP and DRP.

Apply the NIST 834 revision 1 framework to outline contingency planning policy, business impact analysis, identifying critical processes, preventative controls, contingency strategies, and testing and training for the information system.

Explore additional contingency plans, including continuity of operations, crisis communication, critical infrastructure, disaster recovery, information system contingency, and occupant emergency plans, with emphasis on alternate sites and recovery procedures.

The lecture explains how a business impact analysis links systems to critical missions, estimates downtime, and prioritizes recovery resources to inform the business continuity plan.

Assess risk management, business influences and technologies that affect security, and apply policies, procedures, and risk controls to mitigate threats. Consider acquisitions, mergers, demergers, and divestitures in business continuity planning.

Explore physical and virtual network security devices, including unified threat management, intrusion detection and prevention systems, switches, and firewalls.

Explore unified threat management, a hardware or software approach that consolidates firewalling, intrusion prevention, antivirus, antispam, vpn, and content filtering into one device, reducing administration while noting single-point failure risks.

Explore the advantages and drawbacks of unified threat management, including lower upfront costs, a single device and vendor, easy wizard-based setup, and potential single point of failure and performance trade-offs.

Explore how intrusion detection systems detect unauthorized access and how intrusion prevention systems act to isolate traffic, with signature-based, anomaly-based, and rule-based methods.

Explore inline network encryptors, NSA type one devices that secure government documents through a secure tunnel, with NSA approved algorithms and zeroisation, supporting routing and layer 2 VLANs at cost.

Network access control examines health before granting access, checking firewall, antivirus, and patches on devices connecting via wifi, VPN, or access; Cisco uses admission control, Microsoft uses access protection.

Centralize and analyze log data from application, antivirus, OS, and malware detection logs with a SIEM system to identify network threats in real time and support forensic analysis.

Explore firewalls as network devices, including host-based and network-based options, and compare packet filtering, stateful inspection, proxy architectures, circuit- and application-level proxies, and next-generation capabilities.

Explore firewall architecture options, from bastion hosts to dual-homed and multi-homed (three-legged) firewalls with a DMZ, emphasizing attack surface reduction and traffic control.

Wireless controllers centralize management of multiple access points, enabling real-time channel and power control, load balancing, and coverage gap detection for seamless roaming and authentication via 802.1X and EAP methods.

Understand how switches operate at layer two with mac filtering and vlans for traffic isolation, and how routers use routing tables and acls to control layer three traffic.

Explore how proxy servers—appliances or software—mask internal ip addresses, control internet access by user groups, times of day, and website classifications, and boost performance with web caching.

Explore application and protocol level security technologies that monitor current information about applications and their connection protocols to optimize protocol performance and application function.

Learn how web application firewalls apply rule sets to HTTP conversations to block attacks such as cross-site scripting and SQL injections, comparing inline and out-of-band deployments.

Protect and manage digital keys with a hardware security module, offering secure key generation, storage, and crypto processing for public key infrastructure, card payments, SSL, and DNSSEC.

Vulnerability scanners come in passive and active forms, probing networks to reveal weaknesses and block or simulate attacks. Database activity monitors track transactions and logs to detect unauthorized access.

Explore advanced network design and securing the network infrastructure as new technologies and design principles emerge, examining recent advances along with their cost and benefits.

Discover how virtual private networks secure remote access over untrusted networks using encapsulation and encryption, and distinguish remote access from site-to-site VPNs and their endpoints.

Examine PPTP, L2TP/IPSec, IPsec, and SSL VPN options, noting encryption, authentication methods, application-layer SSL variants, and IKE with Windows support.

Learn how IPsec, a suite of protocols including ESP and AH, delivers confidentiality, integrity, and mutual authentication—with IKE and ISAKMP handling secure key exchange for VPN and transport mode use.

IPsec operates as a framework using encryption and hashing to establish a security association. Transport mode works for remote access or internal traffic, while tunnel mode secures site-to-site vpn.

Explore IPsec policies for remote access and site-to-site VPNs, detailing IKE authentication, main mode phase one, and quick mode phase two, with encryption and certificates considerations.

Explore ssl vpn concepts, including portal vpn and ssl tunnel vpn, and compare tls and ssl. Evaluate advantages such as encryption and browser support against firewall and troubleshooting trade-offs.

Explore transport layer security's advanced cipher suites, elliptic curve cryptography, and TLS 1.2 hash negotiation, including SHA-256 defaults, certificate hash control, and Suite B support.

Explore ssh with encrypted channels, change port 22 to above 1024, use version 2, and disable root login, plus rdp and vnc for remote access.

Explore authentication protocols used in remote access, from legacy PAP and CHAP to modern EAP frameworks and 802.1x, including Ms-chap V1 and V2, Eap-tls, Eap-ttls, and central server-based validation.

Explore network solutions for data flow and identify traffic types and sources to balance security and performance, focusing on protecting sensitive data flows.

Implement data loss prevention to prevent data leakage and exfiltration by inspecting ingress and egress traffic with precise and imprecise methods, enforcing policies at network and endpoint levels.

Enforce data flow by securing data movement within applications and between networks. Use boundary control, access control, integrity, cryptography, and auditing services to prevent clear text leakage.

Learn how s flow exports at layer two and UDP port 6434 use NetFlow analyzers to define conversations by ingress interface, source/destination IPs, protocols, and ports for traffic analysis.

Establish secure baselines for networking and security components by configuring and managing device settings, enforcing a consistent change process, and restricting administrative access to enable all security features.

Enable security features on devices, secure the initial configuration, and establish a change process for modifying configurations since default configurations are not inherently secure.

Implement ACLs across firewalls, routers, and switches to regulate traffic and determine flow through interfaces. Configure ACLs via web-based or command-line interfaces, noting vendor, device type, and operating systems.

Explore how access control lists and firewalls use rule sets to filter traffic, emphasize rule order and implied deny, allow logging, and show Cisco IOS example applying ACL on interface.

Enforce a formal change control policy to manage network and security changes. Submit formal requests, assess costs and effects, implement steps with incremental testing, rollback options, and management documentation.

Implement configuration lockdown after configuring devices to prevent any changes and support change control across servers, routers, switches, firewalls, virtual hosts, and hypervisors. Test all services before enabling.

Design and maintain availability controls to ensure data and resource accessibility, using redundancy, fault tolerance, hot-swappable components, and clustering, with metrics like SLA, MTBF, and MTTR.

Raid is a fault-tolerant disk technology, available in hardware or software forms. It covers types like raid 0, 5, and 10, with varying redundancy and performance.

Explore failover, fail soft, clustering, and load balancing as availability concepts. Understand how single points of failure threaten CIA triad availability and how clustering and load balancing relate to availability.

Explore advanced configuration of network devices such as routers and switches, and apply additional settings to enhance their security.

Configure layer two and layer three devices, switches and wireless access points, to secure networks with transport security, VLAN protection, port security, MAC filtering, against spoofing and VLAN hopping.

explains transport security by using IPsec to protect packets at the transport and network layers, independent of applications, with IKE VPN configurations for routers, switches, and wireless access points.

Explore trunking security and how trunk links carry multiple VLANs, including double tagging risks. Prevent VLAN hopping by hard coding trunk ports, moving access ports out of VLAN 1.

Port security enforces layer 2 protection on switch ports by monitoring MAC addresses and allowing only legitimate devices, using sticky MAC to learn addresses and enforce a maximum.

Explore how port numbers and sockets identify upper-layer protocols in tcp/ip, and how firewalls use access lists to allow or block traffic on well-known and dynamic ports.

Design networks with security zones using subnetting, firewall rules, and access lists to isolate segments and implement a dmz for controlled access to public servers and traffic separation between zones.

Deploy network segmentation by creating subnets, vlan, and a dmz using switches and firewalls; apply mac filtering, acls, port security, and software defined networking to secure and improve performance.

Network access control evaluates a device's statement of health against the health policy via a system health validator (NPS), granting access or remediating to a restricted network.

Address the limitations of network access protection and NAC, which work best for organization owned systems. Quarantine and remediation place noncompliant devices on a network until they comply.

Explore network enabled devices beyond routers and switches, featuring system on a chip with secure boot, partitioned memory, runtime data integrity checks, and central security breach response.

Explore physical access control systems that deter unauthorized entry and impersonation, including IP-based video access control, sensors, mantraps, proximity readers, door controls, AV systems, and security guards.

Examine network security devices, firewalls, bastion hosts, and virtual networking to protect data flow and host systems. Establish secure baselines, detect abnormal activity, and apply network configurations to enhance security.

Cover authentication and authorization concepts from basics to advanced types for the CompTIA CASP+ exam, ensuring learners are on the same page.

Define authentication as validating a user's claimed identity after identification, using five broad factors: knowledge, ownership, biometrics, location, and actions, and enabling multi-factor security.

Learn how identity and account management centralize authentication, enabling single sign-on, federation, and password policy enforcement across domain controllers in Windows networks and Kerberos-based environments.

Examine how password lifetime, history, complexity, length, and authentication period shape network security and how proper configuration prevents password reuse and simple passwords.

Learn how to enforce strong passwords through domain-level group policy and user education, using generators like Dynapath and LastPass to create complex, memorable passwords.

Assess biometric system effectiveness by examining enrollment time and sample collection, feature extraction, accuracy, throughput, and acceptability, then analyze false rejection rate, false acceptance rate, and the crossover error rate.

Examine multi-factor authentication, including dual and three-factor setups with knowledge, biometrics such as iris or retina scans, and signature dynamic, plus context-aware access control and push-based authentication.

Explore certificate based authentication within a PKI, using digital certificates issued by trusted certificate authorities to prove identity, and understand trust models, internal and self-signed CAs, and cross certification.

Discover how open authorization, or OAuth, uses tokens issued by an authorization server to let a geolocation app access Facebook data without passwords, enabling single sign-on.

Learn how extensible access control markup language (xacml) enables attribute-based access control with PEP and PDP, decoupling the access decision from applications and centralizing policies across diverse systems.

Explore SPML, an XML-based standard for cross-organization provisioning, including the requesting authority, provisioning service provider, and provisioning service target, with trust via SAML over SOAP carrying requests and responses.

Examine attestation, identity proofing, and identity propagation to enforce access control across authorized devices and software, and explore federation models and single sign-on using OpenID, Shibboleth, and Kerberos tickets.

Examine radius based trust models that centralize authentication for dial-up and network devices, and explore ldap directory services, active directory, forest and trees, domains and OUs, and Kerberos single sign-on.

Explore cryptographic techniques that protect data at rest and in transit by transforming data to hide it or make it unreadable. Learn how cryptography works in practice.

Cryptography protects data at rest and in transit, ensuring confidentiality, integrity, and authentic source verification through encryption at multiple levels, aligned with global standards for compliant, transparent security.

Choose cryptographic techniques based on data context, type, sensitivity, and threats; key stretching, hashing, digital signatures, message authentication, code signing, PRNG, and data in transit, at rest, and in memory.

Strengthen weak keys by applying key stretching to produce an enhanced key of at least 128 bits, slowing attackers who must test each guess; examples include PGP and WPA.

Explore hashing as a one-way digest used to verify data integrity by comparing hash values, and learn how hmac with a symmetric key protects the hash from tampering.

Examine message digest algorithms, including Md2, MD4, MD5, and MD6, and their 128-bit hashes, noting Md2's slowness, MD4's speed, MD5 vulnerabilities, and MD6's variable hash value and withdrawal.

Explore the secure hash algorithm family, from sha-0 and sha-1 flaws to sha-2 variants (224, 256, 384, 512) with 64 rounds and internal state sizes, and note sha-3's 120 rounds.

Learn how message authentication codes provide data integrity and authenticity, like code signing, covering hash-based mac (hmac), cbc-mac, and cmac using aes or 3des.

Code signing digitally signs executables and scripts so users trust the source and that code hasn't been altered, with signatures verified by trusted third parties like Digicert and VeriSign.

Understand how PRNG generates sequences that imitate randomness from a set. Implement perfect forward secrecy to prevent key reuse or derivation from prior keys in VPNs and web browsers.

Explore data in transit encryption and transport-layer security, including SSL/TLS and IPsec, and learn about SET and 3-D Secure for online card transactions.

Encrypt data in memory to secure RAM-stored data, using Windows DPAPI with user credentials and Intel SGX to verify and protect execution for memory-based processing.

Protect data at rest by encrypting stored information with symmetric and asymmetric keys, and use hybrid ciphers to achieve confidentiality, authentication, and non-repudiation.

Examine symmetric algorithms, including DES, triple DES, AES (Rijndael), IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6, and CAST, with notes on key sizes, block sizes, licensing, and uses like SSL and WEP.

Explore asymmetric algorithms like diffie-hellman, rsa, elgamal, and elliptic-curve cryptography, explaining key exchange, encryption, and digital signatures, plus knapsack history and zero-knowledge proofs.

Explore disk level and block level encryption, including TPM-backed BitLocker, file and record level protections, port level encryption, and techniques like steganography and digital watermarking.

Explore how enterprises implement cryptography in diverse ways, and become familiar with crypto modules, crypto processors, CSPs, and DRM watermarking.

Study crypto modules—hardware, software, and firmware—that implement cryptographic logic, and explore NIST and FIPS standards, security levels 1–4, and TPMs or CSPs like the Microsoft Crypto API.

Explore additional crypto options such as digital rights management, watermarking, and tools like GPG, SSL, TLS, SSH, and S/MIME. Learn how these standards secure content, communications, and email.

Implement cryptography within operating systems or applications to keep deployments up to date and seamless; test enterprise implementations and avoid designing or using outdated or partial cryptographic standards.

Explore how to implement cryptographic algorithms to protect enterprise data, balancing strength, performance, feasibility, and interoperability across key exchange, standardized design, and lifecycle from deployment to retirement.

Compare stream and block ciphers. Stream ciphers encrypt bit by bit with a key stream, are cheap and symmetric; block ciphers process blocks with padding and use confusion and diffusion.

Identify the common block cipher modes—electronic codebook, block chaining, cipher feedback, output feedback, and counter mode. Understand that these modes operate differently, though the differences are technical.

Explore enterprise public key infrastructure concepts, including root, subordinate, and issuing certificate authorities, wildcard certificates, and the choice between CRL and OCSP for certificate validation.

Explore the primary PKI functions, including issuing certificates, certificate usage for authentication and email encryption, and verification, retirement, key recovery, and key escrow processes.

Explore advanced PKI concepts, including X.509 certificates and their fields, five VeriSign certificate classes, hardware tokens for storing private keys, OCSP stapling, and HTTP public key pinning.

Explore advanced authentication and authorization concepts, implement access control lists and firewall rules, and analyze cryptography techniques—asymmetric and symmetric encryption, message digests and hashing for data integrity—in real-world enterprise contexts.

Explore security for host devices and the options available to protect them, addressing the issues that network attacks aim to exploit against individual hosts.

Examine the trusted OS concept, multilevel security, and government criteria from tcsec and the Rainbow Series to Orange Book, Bell LaPadula, CC evaluation, and EAL levels 1–7.

Compare trusted OS options and EAL levels from Mac OS X 10.6, HP-UX, Linux, Windows 7, and Solaris trusted OS; learn SELinux, Android SELinux, and protection profiles.

Protect endpoints with anti malware, antivirus, and anti spyware tools using current definitions. Centralize management, enforce safe browsing, spam filtering, and timely patch updates to reduce malware risk.

Explore host-based security options for a device, including data loss prevention and host-based firewalls, with DLP scanning outbound email and IP tables or Windows firewall rules managed by group policy.

Configure a host-based firewall in Windows 10 using the settings app and Windows Defender Security Center, manage inbound and outbound rules, and apply profile-specific network protections.

Audit and log security events from computers, operating systems, and firewalls to detect breaches. Implement audit log management with two-person delete controls and periodic reviews to balance security with performance.

Configure audit policies in Windows with gpedit.msc and group policy to monitor security events, including account logon and account management, and review results in security logs.

Explore how endpoint detection and response supplements existing defenses with a proactive threat-prevention approach, focusing on automation, adaptability, and continuous monitoring to detect and prevent threats.

Harden systems by removing unnecessary apps and disabling unused ports and accounts, enforcing least privilege, and controlling external storage, with centralized security baselines via group policy.

Apply group policy objects in Active Directory to centrally manage user and computer settings, linking to domains or organizational units and enforcing account policies, local policies, and security group filtering.

Explore how group policy hardens Windows systems by configuring security options, enforcing updates, enabling BitLocker, restricting device installations, and centralizing patch management through GPO in a domain.

Learn how command shell restrictions govern administrative tasks across Windows, Linux/Unix, and network devices, including user and privilege modes, and compare shells from bash to PowerShell and Cisco IOS.

Explore out-of-band management interfaces on isolated networks and configure separate subnets, VLANs, QoS, wake-on-LAN, and Intel vPro/AMT with System Center for remote power and BIOS tasks.

Explore dedicated interfaces like obe and acl-based interfaces that control access by source and destination addresses on routers and firewalls, and management interfaces for remote access secured by vty ports.

Discover how external I/O restrictions prevent malware and data leakage by controlling peripheral devices through group policy, encryption with BitLocker To Go, and Azure Information Rights Management.

Explore wireless technologies and their vulnerabilities, including Bluetooth attacks like bluejacking and bluesnarfing, NFC risks, IrDA infrared, and RF 802.11, with security controls and MDM considerations.

Learn about Wi-Fi components and standards, including access points, wireless bridges, routers, and the wireless controller, plus how SSID, infrastructure mode, and ad hoc mode shape secure wireless networks.

Explore the evolution of 802.11 wireless standards from original 802.11 to 802.11ac, detailing frequency bands, speeds, and key innovations like OFDM, MIMO, and roaming enhancements.

Explore wireless security measures, comparing WEP weaknesses with WPA improvements, TKIP and CCMP (AES), enterprise versus personal setups, including ssid hiding, mac address filtering, and authentication methods.

Secure other host devices by preventing automatic drive mounting and disabling unused USB, SD, HDMI ports to reduce malware, data leaks, and eavesdropping risks.

Secure Boot protects the boot process by verifying UEFI executables, the operating system loader, and signatures on boot components, using measured launch and integrity measurement architecture to detect tampering.

Explore boot security options, including measured launch, integrity measurement architecture, and TPM-based attestation to verify runtime integrity and leverage binding, sealing, and BitLocker in hardware and virtual TPM contexts.

Analyze security for mobile devices, enterprise mobility management, and secure administration, along with strategies and tools, while considering privacy concerns and wearable devices such as cameras, watches, and fitness devices.

Explore enterprise mobility management strategies as BYOD and wearables blur personal and corporate data. Address security challenges on public networks and containerization within MDM to separate corporate data.

Containerization creates an encrypted container to quarantine corporate data and enable policies only within that container, while configuration profiles control passcodes, wifi, vpn, app wrapping, and payloads.

Explore over-the-air updates, PRI, PRL, remote wiping, and the Find My iPhone integration, plus sideloading and development tools like Xcode 7 for app deployment.

Apply context based authentication to evaluate multiple attributes such as location, behavior, and request frequency before granting access, improving security against account takeovers and location-based attacks.

Explore mobile security and privacy in BYOD/COPE, addressing data storage risks from non-removable, removable, and cloud storage, encryption, PCI-DSS, remote wipe, backups, and credential exposure risks.

Explore anti-tamper technology and embedded security that protect private keys and encryption data on devices, detecting tampering with e-fuse, Knox applet, and trusted platform modules.

Examines additional mobile device concepts for the CASP+ exam, including rooting, jailbreaking, geotagging, and NFC security. Covers Android fragmentation, encrypted texting, tokenization, mobile payments, and tethering risks.

Compare mobile authentication methods, from swipe patterns and gesture authentication to PINs and biometrics, highlighting vulnerabilities like smudge attacks and keyloggers as a who you are factor.

Explore security implications of mobile devices and wearables, including baseband radio systems, augmented reality, sms/mms security in clear text, and privacy risks from wearables like smartwatches, glasses, and medical sensors.

Identify wearable security implications like unsecured devices and Bluetooth discoverable risks. Disable Bluetooth discovery, enable encryption for fitness and medical sensors, and adapt mobile forensics for evolving device forms.

Explore software security controls and application security design considerations to architect secure software products, embracing secure by design, secure by default, and secure by deployment, including sandboxing and related technologies.

Apply secure by design, by default, and by deployment principles to web applications, balancing default protections with secure deployment and awareness of Open Web Application Security Project top ten errors.

Learn to secure applications by recognizing insecure direct object references, XSS, CSRF, clickjacking, and SQL injection, and apply input validation, output encoding, session management, and proper error handling.

Cover privilege escalation types, vertical and horizontal, and the principle of least privilege. Explain encrypting passwords, fuzz testing, cookies, and defenses against buffer overflow and memory issues.

Learn how data remnants linger after deletion, risking sensitive disclosure, and how degaussing, data purging, and data clearing securely render data unrecoverable during media disposal, while leveraging secure software repositories.

Examine sandboxing to limit app access and discuss encrypted enclaves, DM, and WAFs that defend against SQL injection, XSS, and resource exhaustion, plus server versus client processing trade-offs.

Explain rest architecture and json as a lightweight, readable data format used with http to exchange content; highlight size, parsing efficiency, and caching advantages for mobile and web apps.

Analyze browser extensions and their security implications, including ActiveX and COM/DCOM with elevated rights, authenticode flaws, and Java applets in sandboxed environments versus HTML5, Ajax, and SOAP.

Explore how OS vulnerabilities have moved to the application layer, including drive-by downloads and exploit kits. Mitigate risks with patching, secure browsers, and managed firmware updates for peripherals.

Implement security across systems, software, and storage by hardening host devices, updating patches, and deploying anti-malware. Address mobile device security and integrate security into software development.

Explore cloud computing and virtualization, including how hypervisors enable virtual machines on a host system, and how automatic provisioning, elasticity, and pay-as-you-go models drive scalable, on-demand resources in the cloud.

Highlight the fabric of physical resources and the role of the hypervisor in virtualization. Extend virtualization with automatic provisioning, pay-as-you-go, and elasticity through scalable virtual machines.

Explore public, private, hybrid, and community cloud models, and contrast multi tenancy with single tenancy while highlighting security and provider roles.

Moving from on prem to hosted environments raises security concerns like multi-tenancy and data visibility; major cloud providers offer redundancy and data agreements, and you should conduct environmental reconnaissance testing.

Compare public cloud service models—SaaS, PaaS, and IaaS—and their control trade-offs with private and hybrid clouds, including practical use cases like Office 365.

Explore cloud service models—infrastructure as a service, platform as a service, and software as a service—using Azure and Office 365, covering virtual machines, databases, networks, storage, and security considerations.

Explore how virtualization reduces data center footprint while presenting physical and virtual security challenges, comparing type 1 and type 2 hypervisors, and introducing container-based OS virtualization with Docker and OpenVZ.

Explore cloud security challenges and cloud-augmented services, including hash spoofing threats, cloud-based anti-malware and vulnerability scanning, cloud sandboxing, content filtering, and the role of cloud access security brokers.

Explore security as a service and managed security service providers to see how outsourcing security tasks reduces costs while delivering consistent, uniform protection and decision support.

Explore virtualization vulnerabilities, including VM escape attacks, privilege escalation via the hypervisor, the risks of live migration, and the importance of encryption, patching, and data remnant removal.

Secure remote access and collaboration by examining remote access technologies and unified collaboration tools, identifying security concerns, and implementing controls to mitigate risks.

Explore remote access for protecting organization resources over the internet using vpn, encryption, authentication, and authorization to ensure confidentiality and secure client-server transmissions.

Understand dial-up basics on the PSTN, including analog phone lines, modems converting digital data to analog, and PPP with authentication, Radius or Tacacs+, and callback security.

Explore networks as secure access over untrusted networks, with encapsulation, authentication, and encryption. Learn SSL and IPsec VPNs, including IKE v1/v2, and how a VPN client connects to access server.

Assess remote access needs with management to deploy remote administration controls and telecommuting. Explain how remote desktop and VPN enable access to internal resources via desktop and application sharing.

Learn how remote administration software and vpn tools can be attack vectors. Mitigate with up-to-date software, strong encryption, two-factor authentication, audit logs, secure config files, and removing unused access.

Explore how collaboration and mobility raise security risks as sensitive data is shared. Review web conferencing, audio and video conferencing, storage and document collaboration, email, and instant messaging, with mitigations.

Learn secure web conferencing that reduces travel costs while addressing data leakage and uninvited guests through encryption, unique passwords, and a four-step security-driven selection process.

Recognize that most video conferencing products use 128-bit encryption, yet risk persists. Implement security measures like device keys, session keys, passwords, and encrypted networks; ensure encryption is enabled and updated.

Explore storage and document collaboration tools that enable live updates across locations, and assess risks like credential breaches, federation, and URL metadata exposure.

Examine unified communication tools that consolidate voice, video, email, instant messaging, and documents in one package, with configurable modules and secure, automated on-demand account management.

Instant messaging enables real-time communication and presence indicators, but risks include malware transfer, hijacked accounts, and DDoS via mass messaging. Mitigate with anti-malware, file-transfer controls, training, and encryption.

Explain presence signals in collaboration tools and how availability and location share across channels, and outline securing presence with TLS, PKI, encryption, and access controls.

Explore how email remains a primary enterprise channel, covering smtp and https usage, spoofing, phishing, spam, and mitigations like SPF and encryption.

Assess security across cloud and virtualization technologies, comparing public and private clouds, service models, and hypervisors; secure remote access via VPN and collaboration for email, instant messaging, and web conferencing.

Explore the concept of security assessments, a set of procedures to accurately gauge the security of your network, and learn the various methods and types.

Conduct an honest assessment to identify the types of security weaknesses across the network, using multiple assessment methods, since some issues evade tools and must be addressed.

Malware sandboxing runs suspicious code in a controlled environment to analyze behavior and network activity. It helps detect zero day malware unseen by major antivirus vendors using tools like cuckoo.

Explore memory dumping and core dumps, and analyze volatile memory with tools like Mem Dump, K.A. Tools, and Fat Kit to reveal passwords, encryption keys, and other sensitive data.

Runtime debugging uses programmatic tools to identify syntactical errors and memory weaknesses, revealing memory leaks and buffer overflows, and helping assess what attackers might learn from memory dumps.

Reconnaissance drives the information gathering phase of a network attack, as attackers and security personnel identify targets using technical tools and non-technical approaches, a form of security assessment.

Explore fingerprinting tools for network reconnaissance to identify hosts, services, and operating systems, enabling vulnerability discovery and targeted exploits, using active and passive techniques with port scanners and Network Miner.

Conduct systematic code review to uncover security and functional problems, choosing formal or lightweight approaches. Leverage pair programming, email review, and tool-assisted methods to detect defects.

Explore social engineering threats to the human element, from phishing, spear phishing, and farming to shoulder surfing and dumpster diving, and learn how mandatory, ongoing security awareness training mitigates them.

Examine how public information—from whois and dns records to routing data and CDP—facilitates reconnaissance and network mapping, and how router authentication and dns controls mitigate risks.

Learn how to access public information about a company for security with whois lookups, dns checks, and privacy-aware domain insights using GoDaddy, ICANN, MX Toolbox, and Office 365.

Explore penetration testing by simulating attacks to identify and exploit vulnerabilities, using tools like Metasploit or Canvas, with internal and external tests and black, white, and gray box approaches.

Design a goals-driven vulnerability assessment to identify threats, apply mitigation strategies across networks and devices, use automated tools or vulnerability management systems, verify results, and report findings.

Identify and compare assessment styles, including internal and external testing, third-party pen testing, tabletop exercises, audits, and color team exercises with red, blue, and white teams, using SIEM data analysis.

Explore security assessment tools for networks, including port scanners, vulnerability scanners, protocol analyzers, fuzzers, and enumerators, plus host and physical security tools.

Explains how defense in depth across network, host, and physical layers informs security assessments, covers port scanners, ICMP, Nmap, Nessus, vulnerability scanners, sniffing with Wireshark, and encrypting traffic.

Understand the security content automation protocol (SCAP) and its components—CCE, CPE, CW, CVE, and CVSS metrics—for interoperable scanners and standardized vulnerability scoring.

Examine the cvss base metric group, outlining access vector, access complexity, authentication, availability impact, confidentiality, and integrity. Connect temporal and environmental metric groups to vulnerability scoring.

Explore fuzzing by using fuzzers to inject semi-random data into web apps and detect bugs, noting they tend to find simple bugs, as OWASP recommends tools targeting SOAP services.

Identify exploit kits and exploitation tools used to target security holes, using frameworks like Metasploit or Canvas to create and run exploit code, including agent technology for information gathering.

Learn host security testing with password crackers, dictionary and brute force attacks, and defenses like complex passwords and account lockout; utilize netstat, ping, traceroute, nslookup, ipconfig, and Sysinternals tools.

Use file integrity monitoring to detect unauthorized changes with hash verification and automated repair; review logs with event viewer and PowerShell, and assess local versus cloud antivirus plus log tools.

Explore physical security tools and lock types, including mechanical, electronic, warded, tumbler, and combination locks, and evaluate vulnerabilities with lockpicks and RFID threats. Use infrared cameras for assessments.

Document baseline of normal system actions to detect abnormal activity. Establish procedures to respond to incidents and to document, analyze, and recover systems after containment.

Learn how to conduct e-discovery by quickly collecting and preserving volatile evidence from electronic devices, organizing data with inventory, retention, and legal holds, and using indexing for fast searches.

Detect data breaches quickly and respond to incidents following approved procedures. Remediate affected components, remove traces, recover operations, and document findings for review and future prevention per CASP exam guidelines.

Trace the incident response process from detection and collection to preserving evidence with a chain of custody, data analytics, mitigation, isolation of affected systems, recovery, response, and disclosure.

Explore security assessments, vulnerability scanning, and pen testing with port scanners, packet sniffers, and vulnerability analyzers, and review incident response and quick recovery to learn and strengthen defenses.

Explore how risk assessment identifies vulnerabilities and threats, prioritizes risk, and guides responses such as avoid, transfer, or mitigate. Learn to implement network security controls, authentication, cryptography, and incident response.