YoVDO

CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep

Offered By: LinkedIn Learning

Tags

Cybersecurity Courses Cryptography Courses Network Security Courses Risk Management Courses Digital Forensics Courses Incident Response Courses Cloud Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Get a comprehensive, all-in-one resource to help you prepare for the CompTIA CASP+ (CAS-004) certification exam.

Syllabus

Introduction
  • Welcome
  • About the exam
1. Securing Networks
  • Securing networks
  • Switches
  • Routers
  • Wireless and mesh
  • Firewalls
  • Proxies
  • Gateways
  • IDS and IPS
  • Network access control
  • Remote access
  • Unified communication
  • Cloud vs. on-premises
  • DNSSEC
  • Load balancer
2. Securing Architectures
  • Securing architectures
  • Traffic mirroring
  • Network sensors
  • Host sensors
  • Layer 2 segmentation
  • Network segmentation
  • Server segmentation
  • Zero trust
  • Merging networks
  • Software-defined networking
3. Infrastructure Design
  • Infrastructure design
  • Scalability
  • Resiliency issues
  • Automation
  • Performance design
  • Virtualization
  • Containerization
4. Cloud and Virtualization
  • Cloud and virtualization
  • Cloud deployment models
  • Cloud service models
  • Deployment considerations
  • Provider limitations
  • Extending controls
  • Provisioning and deprovision
  • Storage models
  • Virtualization
5. Software Applications
  • Software applications
  • Systems development lifecycle
  • Software development lifecycle
  • Development approaches
  • Software assurance
  • Baselines and templates
  • Best practices
  • Integrating applications
6. Data Security
  • Data security
  • Data lifecycle
  • Data classification
  • Labeling and tagging
  • Deidentification
  • Data encryption
  • Data loss prevention (DLP)
  • DLP detection
  • Data loss detection
7. Authentication and Authorization
  • Authentication and authorization
  • Access control
  • Credential management
  • Password policies
  • Multifactor authentication
  • Authentication protocols
  • Federation
  • Root of trust
  • Attestation
  • Identity proofing
8. Cryptography
  • Cryptography
  • Privacy and confidentiality
  • Integrity
  • Compliance and policy
  • Data states
  • Cryptographic use cases
  • PKI use cases
9. Emerging Technology
  • Emerging technology
  • Artificial intelligence and machine learning
  • Deep learning
  • Big data
  • Blockchain distributed consensus
  • Passwordless authentication
  • Homomorphic encryption
  • Virtual and augmented reality
  • 3D printing
  • Quantum computing
10. Threat and Vulnerability Management
  • Threat and vulnerability management
  • Threat intelligence
  • Threat hunting
  • Intelligence collection
  • Threat actors
  • Threat management frameworks
  • Vulnerability management activities
  • Security Content Automation Protocol
11. Vulnerability Assessments
  • Vulnerability assessments
  • Penetration test
  • Pen test steps
  • Pen test requirements
  • Code analysis
  • Protocol analysis
  • Analysis utilities
12. Risk Reduction
  • Risk reduction
  • Deceptive technologies
  • Security data analytics
  • Preventative controls
  • Application controls
  • Security automation
  • Physical security
13. Analyzing Vulnerabilities
  • Analyzing vulnerabilities
  • Race conditions
  • Buffer overflows
  • Authentication and references
  • Ciphers and certificates
  • Improper headers
  • Software composition
  • Vulnerable web applications
14. Attacking Vulnerabilities
  • Attacking vulnerabilities
  • Directory traversals
  • Cross-Site Scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injections
  • XML injections
  • Other injection attacks
  • Authentication bypass
  • VM attacks
  • Network Attacks
  • Social engineering
15. Indicators of Compromise
  • Indicators of compromise
  • Types of IoCs
  • PCAP files
  • NetFlow
  • Logs
  • IoC notifications
  • Response to IoCs
16. Incident Response
  • Incident response
  • Triage
  • Communication plan
  • Stakeholder management
  • Incident response process
  • Playbooks
17. Digital Forensics
  • Digital forensics
  • Forensic process
  • Chain of custody
  • Order of volatility
  • Forensic analysis
18. Digital Forensic Tools
  • Digital forensic tools
  • Forensic workstations
  • File carving tools
  • Binary analysis tools
  • Forensic analysis tools
  • Imaging tools
  • Collection tools
19. Enterprise Mobility
  • Enterprise mobility
  • Enterprise mobility management
  • WPA3
  • Connectivity options
  • Security configurations
  • DNS protection
  • Deployment options
  • Reconnaissance concerns
  • Mobile security
20. Endpoint Security Controls
  • Endpoint security controls
  • Device hardening
  • Patching
  • Security settings
  • Mandatory access controls (MAC)
  • Secure boot
  • Hardware encryption
  • Endpoint protections
  • Logging and monitoring
  • Resiliency
21. Cloud Technologies
  • Cloud technologies
  • Business continuity and disaster recovery
  • Cloud encryption
  • Serverless computing
  • Software-defined networking (SDN)
  • Log collection and analysis
  • Cloud application security broker
  • Cloud misconfigurations
22. Operational Technologies
  • Operational technologies
  • Embedded systems
  • ICS and SCADA
  • ICS protocols
  • Industries and sectors
23. Hashing and Symmetric Algorithms
  • Hashing and symmetric algorithms
  • Hashing
  • Message authentication
  • Symmetric algorithms
  • Stream ciphers
  • Block ciphers
24. Asymmetric Algorithms
  • Asymmetric algorithms
  • Using asymmetric algorithms
  • SSL, TLS, and cipher suites
  • S/MIME and SSH
  • EAP
  • IPSec
  • Elliptic curve cryptography (ECC)
  • Forward secrecy
  • Authenticated encryption with associated data (AEAD)
  • Key stretching
25. Public Key Infrastructure
  • Public key infrastructure
  • PKI components
  • Digital certificates
  • Using digital certificates
  • Trust models
  • Certificate management
  • Certificate validity: CRL and OCSP
  • Protecting web traffic
  • Troubleshooting certificates
  • Troubleshooting keys
26. Data Considerations
  • Data considerations
  • Data security
  • Data classification
  • Data types
  • Data retention
  • Data destruction
  • Data ownership
  • Data sovereignty
27. Risk Management
  • Risk management
  • Risk strategies
  • Risk management lifecycle
  • Risk types
  • Risk handling
  • Risk tracking
  • Risk assessment
  • When risk management fails
28. Policies and Frameworks
  • Policies and frameworks
  • Policies
  • Frameworks
  • Regulations
  • Standards
  • Contracts and agreements
  • Legal considerations
  • Integrating industries
29. Business Continuity
  • Business continuity
  • Business continuity plan
  • Business impact analysis
  • Privacy impact analysis
  • Incident response plan
  • Testing plans
30. Risk Strategies
  • Risk strategies
  • Asset value
  • Access control
  • Aggregating risk
  • Scenario planning
  • Security controls
  • Security solutions
  • Cost of a data breach
31. Vendor Risk
  • Vendor risk
  • Business models
  • Influences
  • Organizational changes
  • Shared responsibility model
  • Viability and support
  • Dependencies
  • Considerations
  • Supply chain

Taught by

Dion Training Solutions LLC and Jason Dion

Related Courses

Information Security Management in a Nutshell
SAP Learning Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Enterprise Security Fundamentals
Microsoft via edX Planning a Security Incident Response
Microsoft via edX Introduction to Cybersecurity
Udacity