Introduction xxvii Chapter 1 Threats, Attacks, and Vulnerabilities 1 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. 6 Viruses 6 Crypto-malware 7 Ransomware 8 Worm 8 Trojan 8 Rootkit 9 Keylogger 10 Adware 10 Spyware 10 Bots 11 RAT 12 Logic bomb 12 Backdoor 13 Exam Essentials 14 1.2 Compare and contrast types of attacks. 15 Social engineering 15 Application/service attacks 21 Wireless attacks 45 Cryptographic attacks 54 Exam Essentials 63 1.3 Explain threat actor types and attributes. 69 Types of actors 69 Attributes of actors 72 Use of open-source intelligence 73 Exam Essentials 73 1.4 Explain penetration testing concepts.
74 Active reconnaissance 75 Passive reconnaissance 75 Pivot 76 Initial exploitation 76 Persistence 77 Escalation of privilege 77 Black box 77 White box 77 Gray box 78 Pen testing vs. vulnerability scanning 78 Exam Essentials 81 1.5 Explain vulnerability scanning concepts. 82 Passively test security controls 84 Identify vulnerability 84 Identify lack of security controls 84 Identify common misconfigurations 85 Intrusive vs. non-intrusive 85 Credentialed vs. non-credentialed 85 False positive 85 Exam Essentials 86 1.6 Explain the impact associated with types of vulnerabilities. 87 Race conditions 87 Vulnerabilities due to: 88 Improper input handling 89 Improper error handling 89 Misconfiguration/weak configuration 90 Default configuration 90 Resource exhaustion 91 Untrained users 91 Improperly configured accounts 91 Vulnerable business processes 91 Weak cipher suites and implementations 91 Memory/buffer vulnerability 92 System sprawl/undocumented assets 93 Architecture/design weaknesses 94 New threats/zero day 94 Improper certificate and key management 95 Exam Essentials 95 Review Questions 98 Chapter 2 Technologies and Tools 103 2.
1 Install and configure network components, both hardware- and software-based, to support organizational security. 110 Firewall 110 VPN concentrator 114 NIPS/NIDS 118 Router 125 Switch 127 Proxy 130 Load balancer 131 Access point 133 SIEM 139 DLP 142 NAC 143 Mail gateway 144 Bridge 147 SSL/TLS accelerators 147 SSL decryptors 147 Media gateway 147 Hardware security module 148 Exam Essentials 148 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. 152 Protocol analyzer 152 Network scanners 154 Wireless scanners/cracker 155 Password cracker 155 Vulnerability scanner 156 Configuration compliance scanner 157 Exploitation frameworks 157 Data sanitization tools 158 Steganography tools 158 Honeypot 158 Backup utilities 159 Banner grabbing 159 Passive vs. active 160 Command line tools 161 Exam Essentials 169 2.3 Given a scenario, troubleshoot common security issues. 170 Unencrypted credentials/clear text 170 Logs and events anomalies 171 Permission issues 172 Access violations 172 Certificate issues 173 Data exfiltration 173 Misconfigured devices 174 Weak security configurations 175 Personnel issues 176 Unauthorized software 177 Baseline deviation 178 License compliance violation (availability/integrity) 178 Asset management 178 Authentication issues 179 Exam Essentials 179 2.4 Given a scenario, analyze and interpret output from security technologies.
180 HIDS/HIPS 180 Antivirus 181 File integrity check 182 Host-based firewall 183 Application whitelisting 183 Removable media control 184 Advanced malware tools 185 Patch management tools 186 UTM 187 DLP 187 Data execution prevention 188 Web application firewall 188 Exam Essentials 189 2.5 Given a scenario, deploy mobile devices securely. 190 Connection methods 190 Mobile device management concepts 193 Enforcement and monitoring for: 201 Deployment models 207 Exam Essentials 210 2.6 Given a scenario, implement secure protocols. 213 Protocols 213 Use cases 224 Exam Essentials 231 Review Questions 233 Chapter 3 Architecture and Design 237 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides. 244 Industry-standard frameworks and reference architectures 244 Benchmarks/secure configuration guides 246 Defense-in-depth/layered security 248 Exam Essentials 249 3.2 Given a scenario, implement secure network architecture concepts.
249 Zones/topologies 250 Segregation/segmentation/isolation 255 Tunneling/VPN 258 Security device/technology placement 261 SDN 265 Exam Essentials 266 3.3 Given a scenario, implement secure systems design. 268 Hardware/firmware security 268 Operating systems 272 Peripherals 280 Exam Essentials 282 3.4 Explain the importance of secure staging deployment concepts. 284 Sandboxing 284 Environment 284 Secure baseline 285 Integrity measurement 288 Exam Essentials 288 3.5 Explain the security implications of embedded systems. 288 SCADA/ICS 289 Smart devices/IoT 290 HVAC 293 SoC 293 RTOS 294 Printers/MFDs 294 Camera systems 294 Special purpose 295 Exam Essentials 296 3.6 Summarize secure application development and deployment concepts.
297 Development life-cycle models 297 Secure DevOps 300 Version control and change management 302 Provisioning and deprovisioning 303 Secure coding techniques 303 Code quality and testing 306 Compiled vs. runtime code 308 Exam Essentials 309 3.7 Summarize cloud and virtualization concepts. 311 Hypervisor 312 VM sprawl avoidance 314 VM escape protection 314 Cloud storage 315 Cloud deployment models 315 On-premise vs. hosted vs. cloud 317 VDI/VDE 317 Cloud access security broker 317 Security as a Service 317 Exam Essentials 318 3.8 Explain how resiliency and automation strategies reduce risk. 319 Automation/scripting 319 Templates 320 Master image 320 Non-persistence 320 Elasticity 322 Scalability 322 Distributive allocation 322 Redundancy 322 Fault tolerance 323 High availability 324 RAID 326 Exam Essentials 326 3.
9 Explain the importance of physical security controls. 328 Lighting 329 Signs 329 Fencing/gate/cage 330 Security guards 330 Alarms 331 Safe 333 Secure cabinets/enclosures 333 Protected distribution/Protected cabling 333 Airgap 333 Mantrap 333 Faraday cage 334 Lock types 335 Biometrics 335 Barricades/bollards 336 Tokens/cards 336 Environmental controls 336 Cable locks 338 Screen filters 338 Cameras 339 Motion detection 340 Logs 340 Infrared detection 340 Key management 340 Exam Essentials 341 Review Questions 343 Chapter 4 Identity and Access Management 347 4.1 Compare and contrast identity and access management concepts. 350 Identification, authentication, authorization and accounting (AAA) 350 Multifactor authentication 352 Federation 353 Single sign-on 353 Transitive trust 354 Exam Essentials 354 4.2 Given a scenario, install and configure identity and access services. 355 LDAP 355 Kerberos 355 TACACS+ 357 CHAP 358 PAP 359 MSCHAP 359 RADIUS 360 SAML 361 OpenID Connect 362 OAuth 362 Shibboleth 362 Secure token 362 NTLM 363 Exam Essentials 364 4.3 Given a scenario, implement identity and access management controls. 365 Access control models 365 Physical access control 369 Biometric factors 369 Tokens 372 Certificate-based authentication 374 File system security 376 Database security 376 Exam Essentials 380 4.
4 Given a scenario, differentiate common account management practices. 382 Account types 382 General Concepts 384 Account policy enforcement 387 Exam Essentials 393 Review Questions 395 Chapter 5 Risk Management 399 5.1 Explain the importance of policies, plans and procedures related to organizational security. 405 Standard operating procedure 405 Agreement types 405 Personnel management 407 General security policies 416 Exam Essentials 418 5.2 Summarize business impact analysis concepts. 420 RTO/RPO 420 MTBF 421 MTTR 421 Mission-essential functions 421 Identification of critical systems 422 Single point of failure 422 Impact 422 Privacy impact assessment 423 Privacy threshold assessment 423 Exam Essentials 424 5.3 Explain risk management processes and concepts. 425 Threat a.