Introduction
Welcome
Download Your Free Study Guide
Checkpoint: Introduction
Data Considerations (Domain 4)
Data Considerations (OBJ 4.3)
Data Security (OBJ. 4.3)
Data Classification (OBJ. 4.3)
Data Types (OBJ. 4.3)
Data Retention (OBJ. 4.3)
Data Destruction (OBJ. 4.3)
Data Ownership (OBJ. 4.3)
Data Sovereignty (OBJ. 4.3)
Checkpoint: Data Considerations
Risk Management (Domain 4)
Risk Management (OBJ 4.1)
Risk Strategies (OBJ. 4.1)
Risk Management Lifecycle (OBJ. 4.1)
Risk Types (OBJ. 4.1)
Risk Handling (OBJ. 4.1)
Risk Tracking (OBJ. 4.1)
Risk Assessment (OBJ. 4.1)
When Risk Management Fails (OBJ. 4.1)
Checkpoint: Risk Management
Policies and Frameworks (Domain 4)
Policies and Frameworks (OBJ. 4.1 & 4.3)
Policies (OBJ. 4.1)
Frameworks (OBJ. 4.1)
Regulations (OBJ. 4.3)
Standards (OBJ. 4.3)
Contracts and Agreements (OBJ. 4.3)
Legal Considerations (OBJ. 4.3)
Integrating Industries (OBJ. 4.3)
Checkpoint: Policies and Frameworks
Business Continuity (Domain 4)
Business Continuity (OBJ 4.4)
Business Continuity Plan (OBJ 4.4)
Business Impact Analysis (OBJ 4.4)
Privacy Impact Assessment (OBJ 4.4)
Incident Response Plan (OBJ 4.4)
Testing Plans (OBJ 4.4)
Checkpoint: Business Continuity
Risk Strategies (Domain 4)
Risk Strategies (OBJ 4.1)
Asset Value (OBJ 4.1)
Access Control (OBJ 4.1)
Aggregating Risk (OBJ 4.1)
Scenario Planning (OBJ 4.1)
Security Controls (OBJ 4.1)
Security Solutions (OBJ 4.1)
Cost of a Data Breach (OBJ 4.1)
Checkpoint: Risk Strategies
Vendor Risk (Domain 4)
Vendor Risk (OBJ 4.2)
Business Models (OBJ 4.2)
Influences (OBJ 4.2)
Organizational Changes (OBJ 4.2)
Shared Responsibility Model (OBJ 4.2)
Viability and Support (OBJ 4.2)
Dependencies (OBJ 4.2)
Considerations (OBJ 4.2)
Supply Chain (OBJ 4.2)
Checkpoint: Vendor Risk
Securing Networks (Domain 1)
Securing Networks (OBJ 1.1)
Switches (OBJ 1.1)
Routers (OBJ 1.1)
Wireless and Mesh (OBJ 1.1)
Firewalls (OBJ 1.1)
Configuring Firewalls (OBJ 1.1)
Proxies (OBJ 1.1)
Gateways (OBJ 1.1)
IDS and IPS (OBJ 1.1)
Network Access Control (NAC) (OBJ 1.1)
Remote Access (OBJ 1.1)
Unified Communications (OBJ 1.1)
Cloud vs On-premise (OBJ 1.1)
DNSSEC (OBJ 1.1)
Load Balancer (OBJ 1.1)
Checkpoint: Securing Networks
Securing Architectures (Domain 1)
Securing Architectures (OBJ 1.1)
Traffic Mirroring (OBJ 1.1)
Network Sensors (OBJ 1.1)
Host Sensors (OBJ 1.1)
Layer 2 Segmentation (OBJ 1.1)
Network Segmentation (OBJ 1.1)
Implement Network Segmentation (OBJ 1.1)
Server Segmentation (OBJ 1.1)
Zero Trust (OBJ 1.1)
Merging Networks (OBJ 1.1)
Software-Defined Networking (SDN) (OBJ 1.1)
Checkpoint: Securing Architectures
Infrastructure Design (Domain 1)
Infrastructure Design (OBJ 1.2)
Scalability (OBJ 1.2)
Resiliency Issues (OBJ 1.2)
Automation (OBJ 1.2)
Performance Design (OBJ 1.2)
Virtualization (OBJ 1.2)
Securing VMs (OBJ 1.2)
Containerization (OBJ 1.2)
Checkpoint: Infrastructure Design
Cloud and Virtualization (Domain 1)
Cloud and Virtualization (OBJ 1.6)
Cloud Deployment Models (OBJ 1.6)
Cloud Service Models (OBJ 1.6)
Deployment Considerations (OBJ 1.6)
Provider Limitations (OBJ 1.6)
Extending Controls (OBJ 1.6)
Provision and Deprovision (OBJ 1.6)
Storage Models (OBJ 1.6)
Virtualization (OBJ 1.6)
Checkpoint: Cloud and Virtualization
Software Applications (Domain 1)
Software Applications (OBJ 1.3)
Systems Development Life Cycle (OBJ 1.3)
Software Development Life Cycle (OBJ 1.3)
Development Approaches (OBJ 1.3)
Software Assurance (OBJ 1.3)
Baselins and Templates (OBJ 1.3)
Best Practices (OBJ 1.3)
Integrating Applications (OBJ 1.3)
Checkpoint: Software Applications
Data Security (Domain 1)
Data Security (OBJ 1.4)
Data Life Cycle (OBJ 1.4)
Data Classification (OBJ 1.4)
Labeling and Tagging (OBJ 1.4)
Deidentification (OBJ 1.4)
Data Encryption (OBJ 1.4)
Data Loss Prevention (DLP) (OBJ 1.4)
DLP Detection (OBJ 1.4)
Data Loss Detection (OBJ 1.4)
Auditing Files (OBJ 1.4)
Checkpoint: Data Security
Authentication and Authorization (Domain 1)
Authentication and Authorization (OBJ 1.5)
Access Control (OBJ 1.5)
Credential Management (OBJ 1.5)
Password Policies (OBJ 1.5)
Implementing Password Policies (OBJ 1.5)
Cracking Weak Passwords (OBJ 1.5)
Multifactor Authentication (OBJ 1.5)
Authentication Protocols (OBJ 1.5)
Federation (OBJ 1.5)
Root of Trust (OBJ 1.5)
Attestation (OBJ 1.5)
Identity Proofing (OBJ 1.5)
Checkpoint: Authentication and Authorization
Cryptography (Domain 1)
Cryptography (OBJ 1.7)
Privacy and Confidentiality (OBJ 1.7)
Integrity and Non-repudiation (OBJ 1.7)
Compliance and Policy (OBJ 1.7)
Data States (OBJ 1.7)
Cryptographic Use Cases (OBJ 1.7)
PKI Use Cases (OBJ 1.7)
Checkpoint: Cryptography
Emerging Technology (Domain 1)
Emerging Technology (OBJ 1.8)
Artificial Intelligence (AI) & Machine Learning (ML) (OBJ 1.8)
Deep Learning (OBJ 1.8)
Big Data (OBJ 1.8)
Blockchain & Distributed Consensus (OBJ 1.8)
Passwordless Authentication (OBJ 1.8)
Homomorphic Encryption (OBJ 1.8)
Virtual/Augmented Reality (OBJ 1.8)
3D Printing (OBJ 1.8)
Quantum Computing (OBJ 1.8)
Checkpoint: Emerging Technology
Enterprise Mobility (Domain 3)
Enterprise Mobility
Enterprise Mobility Management (EMM) (OBJ. 3.1)
WPA3 (OBJ. 3.1)
Connectivity Options (OBJ. 3.1)
Security Configurations (OBJ. 3.1)
DNS Protection (OBJ. 3.1)
Deployment Options (OBJ. 3.1)
Reconnaissance Concerns (OBJ. 3.1)
Mobile Security (OBJ. 3.1)
Checkpoint: Enterprise Mobility
Endpoint Security Controls (Domain 3)
Endpoint Security Controls
Device Hardening (OBJ. 3.2)
Unnecessary Services (OBJ. 3.2)
Patching (OBJ. 3.2)
Security Settings (OBJ. 3.2)
Mandatory Access Controls (MAC) (OBJ. 3.2)
Secure Boot (OBJ. 3.2)
Hardware Encryption (OBJ. 3.2)
Endpoint Protections (OBJ. 3.2)
Logging and Monitoring (OBJ. 3.2)
Configuring SIEM Agents (OBJ. 3.2)
Resiliency (OBJ. 3.2)
Checkpoint: Endpoint Security Controls
Cloud Technologies (Domain 3)
Cloud Technologies
Business Continuity/Disaster Recovery (BC/DR) (OBJ. 3.4)
Cloud Encryption (OBJ. 3.4)
Serverless Computing (OBJ. 3.4)
Software-Defied Networking (SDN) (OBJ. 3.4)
Log Collection and Analysis (OBJ. 3.4)
Cloud Access Security Broker (CASB) (OBJ. 3.4)
Cloud Misconfigurations (OBJ. 3.4)
Checkpoint: Cloud Technologies
Operational Technologies (Domain 3)
Operational Technologies
Embedded Systems (OBJ. 3.3)
ICS and SCADA (OBJ. 3.3)
ICS Protocols (OBJ. 3.3)
Industries and Sectors (OBJ. 3.3)
Checkpoint: Operational Technologies
Hashing and Symmetric Algorithms (Domain 3)
Hashing and Symmetric Algorithms
Hashing (OBJ. 3.6)
Calculating Hash Digests (OBJ. 3.6)
Message Authentication (OBJ. 3.6)
Symmetric Algorithms (OBJ. 3.6)
Stream Ciphers (OBJ. 3.6)
Block Ciphers (OBJ. 3.6)
Checkpoint: Hashing and Symmetric Algorithms
Asymmetric Algorithms (Domain 3)
Asymmetric Algorithms
Using Asymmetric Algortihms
SSL/TLS and Cipher Suites (OBJ. 3.6)
S/MIME and SSH (OBJ. 3.6)
EAP (OBJ. 3.6)
IPSec (OBJ. 3.6)
Elliptic Curve Cryptography (ECC) (OBJ. 3.6)
Forward Secrecy (OBJ. 3.6)
Authenticated Encryption with Associated Data (AEAD) (OBJ. 3.6)
Key Stretching (OBJ. 3.6)
Checkpoint: Asymmetric Algorithms
Public Key Infrastructure (Domain 3)
Public Key Infrastructure
PKI Components (OBJ. 3.5)
Digital Certificates (OBJ. 3.5)
Using Digital Certificates (OBJ. 3.5)
Exploring Server Certificates (OBJ. 3.5)
Trust Models (OBJ. 3.5)
Certificate Management (OBJ. 3.5)
Certificate Validity (CRL and OCSP) (OBJ. 3.5)
Protecting Web Traffic (OBJ. 3.5)
Troubleshooting Certificates (OBJ. 3.7)
Troubleshooting Keys (OBJ. 3.7)
Checkpoint: Public Key Infrastructure
Threat and Vulnerability Management (Domain 2)
Threat and Vulnerability Management
Threat Intelligence (OBJ. 2.1)
Threat Hunting (OBJ. 2.1)
Intelligence Collection (OBJ. 2.1)
Threat Actors (OBJ. 2.1)
Threat Management Frameworks (OBJ. 2.1)
Vulnerability Management Activities (OBJ. 2.3)
Security Content Automation Protocol (SCAP) (OBJ. 2.3)
Checkpoint: Threat and Vulnerability Management
Vulnerability Assessments (Domain 2)
Vulnerability Assessments
Penetration Test (OBJ. 2.4)
PenTest Steps (OBJ. 2.4)
PenTest Requirements (OBJ. 2.4)
Code Analysis (OBJ. 2.4)
Protocol Analysis (OBJ. 2.4)
TCPDump (OBJ. 2.4)
Wireshark (OBJ. 2.4)
Nmap (OBJ. 2.4)
Analysis Utilities (OBJ. 2.4)
Vulnerability Scanning (OBJ. 2.4)
Analyzing Scan Outputs (OBJ. 2.4)
Checkpoint: Vulnerability Assessments
Risk Reduction (Domain 2)
Risk Reduction
Deceptive Technologies (OBJ. 2.6)
Security Data Analytics (OBJ. 2.6)
Preventative Controls (OBJ. 2.6)
Application Controls (OBJ. 2.6)
Security Automation (OBJ. 2.6)
Physical Security (OBJ. 2.6)
Lock Picking (OBJ. 2.6)
Checkpoint: Risk Reduction
Analyzing Vulnerabilities (Domain 2)
Analyzing Vulnerabilities
Race Conditions (OBJ. 2.5)
Buffer Overflows (OBJ. 2.5)
Buffer Overflow Attack (OBJ. 2.6)
Authentication and References (OBJ. 2.5)
Ciphers and Certificates (OBJ. 2.5)
Improper Headers (OBJ. 2.5)
Software Composition (OBJ. 2.5)
Vulnerable Web Applications (OBJ. 2.5)
Checkpoint: Analyzing Vulnerabilities
Attacking Vulnerabilities (Domain 2)
Attacking Vulnerabilities
Directory Traversals (OBJ. 2.5)
Cross-Site Scripting (XSS) (OBJ. 2.5)
Cross-Site Request Forgery (CSRF) (OBJ. 2.5)
SQL Injections (OBJ. 2.5)
XML Injections (OBJ. 2.5)
Other Injection Attacks (OBJ. 2.5)
Authentication Bypass (OBJ. 2.5)
Web Application Vulnerabilities (OBJ. 2.5)
VM Attacks (OBJ. 2.5)
Network Attacks (OBJ. 2.5)
Analyzing Web Applications (OBJ. 2.5)
Social Engineering (OBJ. 2.5)
Phishing Campaigns (OBJ. 2.5)
Checkpoint: Attacking Vulnerabilities
Indicators of Compromise (Domain 2)
Indicators of Compromise
Types of IoCs (OBJ. 2.2)
PCAP Files (OBJ. 2.2)
Conduct Packet Analysis (OBJ. 2.2)
NetFlow (OBJ. 2.2)
Logs (OBJ. 2.2)
IoC Notifications (OBJ. 2.2)
Response to IoCs (OBJ. 2.2)
Security Appliances (OBJ. 2.2)
Checkpoint: Indicators of Compromise
Incident Response (Domain 2)
Incident Response
Triage (OBJ. 2.7)
Communication Plan (OBJ. 2.7)
Stakeholder Management (OBJ. 2.7)
Incident Response Process (OBJ. 2.7)
Playbooks (OBJ. 2.7)
Checkpoint: Incident Response
Digital Forensics (Domain 2)
Digital Forensics
Forensic Process (OBJ. 2.8)
Chain of Custody (OBJ. 2.8)
Order of Volatility (OBJ. 2.8)
Forensic Analysis (OBJ. 2.8)
Steganography
Checkpoint: Digital Forensics
Digital Forensic Tools (Domain 2)
Digital Forensic Tools
Forensic Workstations (OBJ. 2.9)
File Carving Tools (OBJ. 2.9)
Binary Analysis Tools (OBJ. 2.9)
Performing Malware Analysis (OBJ. 2.9)
Forensic Analysis Tools (OBJ. 2.9)
Using Aircrack-ng (OBJ. 2.9)
Imaging Tools (OBJ. 2.9)
Collecting and Validating Evidence (OBJ. 2.9)
Collection Tools (OBJ. 2.9)
Using Collection Tools (OBJ. 2.10)
Checkpoint: Digital Forensic Tools
Conclusion
Conclusion
CASP+ (CAS-004) Practice Exam