CompTIA Advanced Security Practitioner (Part 1 of 2)

CompTIA Advanced Security Practitioner (Exam CAS-002) (Part 1 of 2)

4.40 (54 reviews)
Udemy
platform
English
language
Network & Security
category
342
students
17 hours
content
Sep 2018
last update
$19.99
regular price

What you will learn

After successfully completing this course, the students shall be able to:

Manage security in an enterprise network

Integrate IT with business in an enterprise

Conduct research and analysis of the threats to enterprise security

Implement cryptographic techniques to secure data

Implement security controls and policies for applications, compute and storage

Conduct vulnerability assessments

Respond effectively to incidents and emergencies

Implement advances authentication and authorization techniques

Description

CompTIA Advanced Security Practitioner (CAS-002) is the course that teaches the students about securing complex enterprise environments. In this course, the students will expand their knowledge of IT security and learn about the more advanced tools and techniques to keep any organization safe and secure. 

The CompTIA Advanced Security Practitioner (CAS-002) course will enable the students to meet the growing demands of today’s IT environment. The course helps the students to develop their skills and perform their jobs as advanced security professionals in their organizations. The course is designed for IT security professionals who want to acquire the technical knowledge and skills needed to conceptualize, engineer, integrate, and implement secure solutions across complex enterprise environments. 

Content

Course Introduction

Introduction
Course Introduction
Instructor Introduction

Lesson 01 - The Enterprise Security Architecture

The Enterprise Security Architecture
Topic A: The Basics of Enterprise Security
The Enterprise
Enterprise Security
Business Goals and Security
Common Enterprise Security Principles
Enterprise Threat Intelligence
What to Protect?
Defense in Depth
Common Components of an Enterprise Security Solutions
Policies, Standards, and Procedures
Enterprise Policy Types
Topic B: The Enterprise Structure
Organizational Structures
The Management Team
Network Administrator
The DBA
Programmers
Stakeholders
Finance
Human Resources
Physical Security and Facilities Roles
Discipline Collaboration
Topic C: Enterprise Security Requirements
Legal Compliance
PII
Privacy Requirements
Organizational Security Requirements
Lesson 01 Review
Lesson 01 - Quiz

Lesson 02 - The Enterprise Security Technology

Common Enterprise Security Components
Topic A: Common Network Security Components and Technologies
VoIP Integration
IPv6 Migration and Integration
VLAN Integration
DNS Security Techniques
Secure Directory Services
NIDS
NIPS
The NIPS Process
ESB
The ESB Process
DAM
Topic B: Communications and Collaboration Security
UC Security
UC Attacks
UC Components
Traffic Prioritization (QoS)
Security Solutions for Data Flow
VoIP Security
The VoIP Implementation Process
VoIP Implementation Considerations
Remote Access Security
VPN Solutions
External Communications Security
Collaboration Platform Security Issues
Demo - Least Privilege
Common Mobile Devices
Enterprise Security Methods for Mobile Devices
Topic C: Cryptographic Tools and Techniques
Cryptography in the Enterprise
Considerations for Cryptography in the Enterprise
Demo - File Encryption
Cryptographic Methods and Design
Basic Approaches to Encryption
Transport Encryption Methods
Security Implications for Encryption
Digital Signature Techniques
Advanced PKI Components
Code Signing
Attestation
Entropy
PRNG
PFS
Confusion and Diffusion
Topic D: Advanced Authentication
Advanced Authentication Within the Enterprise
Certificate -Based Authentication
SAML
SPML
XACML
SOAP
WSS
Lesson 02 Review
Lesson 02 - Quiz

Lesson 03 - Enterprise Resource Technology

Enterprise Resource Technology
Topic A: Enterprise Storage Security Issues
Common Enterprise Storage Technologies
NAS Security Implications
SAN Security Implications
vSAN Security Implications
Virtual Storage
Security Implications of Virtual Storage
Cloud Storage
Security Implications of Cloud Storage
Data Warehousing
Security Implications of Data Warehousing
Data Archiving
Security Implications of Data Archiving
iSCSI Security Implications
iSCSI
Security Implications of iSCSI
FCoE Security Implications
FCoE
Security Implications of FCoE
vSAN
Security Implications of vSAN
LUN
LUN Masking in the Security Architecture
Redundancy
Dynamic Disk Pools
LUN Masking and Mapping
HBA Allocations
Multipath
Offsite and Multisite Replication
Additional Storage Security Implications
Snapshots
Deduplication
Guidelines for Ensuring Secure Storage Management
Topic B: Distributed, Shared, and Virtualized Computing
Why Virtualization?
Advantages of Virtualization
VLANs
VMs
VDI
Terminal Services
Virtualization Vulnerabilities
Vulnerabilities of Hosting VMs for Multiple Companies
Virtual Environment Security Methods
Topic C: Cloud Computing and Security
Cloud Computing
Cloud Computing Service Models
Cloud Storage Considerations
Security Vulnerabilities of Cloud Computing
Secure Use of Cloud Computing Within the Enterprise
Lesson 03 Review
Lesson 03 - Quiz-

Lesson 04 - Security Design and Solutions

Security Design and Solutions
Topic A: Network Security Design
Network Design Types and Techniques
Network Design Considerations
Data Network Types
A Data Network Topology
Data Network Topology Types
A Network Diagram
Data Network Media Types
Network Transmission Methodologies
Physical Security
Building Layout
Facilities Management
Unified Threat Management
NIDS
NIPS
Inline Network Encryptor
Security Information and Event Management
SIEM Capabilities
Network-Attached HSM
Application and Protocol Aware Technologies
Virtual Networking and Security Components
Device Placement
Guidelines for Analyzing Network Security Components and Devices
Guidelines for Analyzing Network Security Components and Devices (Cont.)
Building Automation Systems
Hardware Attacks
Environmental Threats and Vulnerabilities
Sensors
Physical Access Control Systems
Scientific and Industrial Equipment
A/V Systems
IP Video
Network Attacks
SCADA
Secure Infrastructure Design
Storage Integration Considerations
Guidelines for Analyzing Network-Enabled Devices
Remote Access
IPv6 and Associated Transitional Technologies
Network Authentication
802.1X
Software-Defined Networking
Cloud-Managed Networks
Guidelines for Analyzing Advanced Network Design
Network Baselining
Configuration Lockdown
Change Monitoring
Availability Controls
ACLs
DMZ
Separation of Critical Assets
Data Flow Enforcement
Network Device Configuration
Network Access Control
Critical Infrastructure and Industrial Control Systems
Network Management and Monitoring Tools
Guidelines for Configuring Controls for Network Security
Topic B: Conduct a Security Assessment
Malware Sandboxing
Memory Dumping
Runtime Debugging
Vulnerability Assessment
Penetration Testing
Hacking Steps
Penetration Testing Techniques
Fingerprinting
Types of Social Engineering
Vulnerability Scanners
Port Scanners
Protocol Analyzers
Network Enumerators
Password Crackers
Fuzzers
HTTP Interceptors
Exploitation Tools and Frameworks
Passive Reconaissance and Intelligence Gathering Tools
Code Review Methods
A Social Engineering Test
Security Assessment Tools
How to Conduct a Security Assessment
Topic C: Host Security
Host-Based Security Controls
Host-Based Firewalls
Firewall Rules
Demo - Firewalls
TPM
Trusted OS
Endpoint Security
Endpoint Security Software
Guidelines for Selecting Host Hardware and Software
Security and Group Policy Implementations
Standard Operating Environment
Command Shell Restrictions
Patch Management
Out-of-Band Communication
Peripheral Restrictions
Communications Protocols Used by Peripherals
Full Disk Encryption
Trusted OS (Cont.)
Endpoint Security (Cont.)
Anti-Malware Software
Host Hardening
Guidelines for Hardening Hosts
Operating System Security
Host Hardening Action Steps
Asset Management
HIDS
HIPS
Host Monitoring
Virtualization Platforms
Hypervisors
Container-Based Virtualization
VDI
Security Implications of VDI
Terminal Services
Application Delivery Services
vTPM
VM Vulnerabilities
Guidelines for Virtualizing Servers and Desktops
Cloud Services
Cloud Security Services
Hash Matching
Content Filtering
Guidelines for Implementing Cloud Augmented Security Services
BIOS
UEFI
Secure Boot
Measured Launch
IMA
Lesson 04 Review
Lesson 04 - Quiz

Lesson 05 - Managing Risk in Projects

Managing Risk in Projects
Topic A: Create a Risk Management Plan
Risk
Risk Exposure
Risk Analysis Methods
Risks Facing an Enterprise
Project Buffer
Classification of Risks
Business Risk vs. Insurable Risk
Risk Tolerance
Probability Scale
Impact Scale
RBS
RBS (Cont.)
Enterprise Security Architecture Frameworks
ESA Framework Assessment Process
New Products and Technologies
New and Changing Business Models
Partnership Model
Outsourcing Model
Cloud Model
Mergers
Demergers and Divestitures
Integration of Diverse Industries
Third-Party Providers
Internal and External Influences
De-perimeterization
Risk Determinations
Guidelines for Assessing Risk
Classes of Information
Classification of Information Types into CIA Levels
Stakeholder Input for CIA Decisions
Technical Controls
Aggregate CIA Score
Extreme Scenario Planning and Worst Case Scenarios
System-Specific Risk Analysis
Risk Response Techniques
Risk Management Processes
Continuous Monitoring and Improvement
Risk Management
The Risk Management Plan
Components of a Risk Management Plan
How to Create a Risk Management Plan
IT Governance
IT Governance A
Guidelines for Mitigating Risk
Policy Development
Process and Procedure Development
Best Practices to Incorporate in Security Policies and Procedures
Legal Compliance and Advocacy
General Privacy Principles
Topic B: Identify Risks and Their Causes
Triggers
Information Gathering Techniques
Documentation Reviews
SWOT Analysis
Risk Analysis
Risk Register
Components of a Risk Register
Risk Categories
How to Identify Risks and Their Causes
Topic C: Analyze Risks
Qualitative Risk Analysis
Quantitative Risk Analysis
Risk Probability and Impact Assessment
The Probability and Impact Risk Rating Matrix
The Ongoing Risk Assessment Process
Project Risk Ranking
Data Collection and Representation Techniques
Basics of Probability
Probability Distribution
Quantitative Analysis Methods
Qualitative Analysis Methods
Risk Data Quality Assessment
Risk Urgency Assessment
Simulation
Monte Carlo Analysis
How to Analyze Risks
How to Analyze Risks A
Topic D: Develop a Risk Response Plan
Negative Risks
Negative Risk Strategies
Positive Risks
Positive Risk Strategies
Contingency Plan
The BCP
DRP
Contingency Reserve
Risk-Related Contract Decisions
How to Develop a Risk Response Plan A
How to Develop a Risk Response Plan B
Lesson 05 Review
Lesson 05- Quiz

Lesson 06 - Integrating Advanced Authentication and Authorization Techniques

Integrating Advanced Authentication and Authorization Techniques
Topic A: Implement Authentication and Authorization Technologies
Authentication
Certificate-Based Authentication
SSO
Authorization
OAuth
The OAuth Process
XACML
SPML
Trust Models
RADIUS Configurations
LDAP
Active Directory
Kerberos
Guidelines for Implementing Authentication and Authorization
Topic B: Implement Advanced Identity Management
Attestation
Identity Propagation
Identity Federation
Identity Federation Methods
Guidelines for Implementing Advanced Identity Management
Lesson 06 Review
Lesson 06 - Quiz

Lesson 07 - Implementing Cryptographic Techniques

Implementing Cryptographic Techniques
Topic A: Describe Cryptographic Concepts
Confidentiality
Integrity
Non-repudiation
Entropy
Confusion
Diffusion
Chain of Trust
Root of Trust
Steganography
Advanced PKI Concepts
Topic B: Choose Cryptographic Techniques
Cryptographic Applications
Cryptographic Methods
Block Cipher Modes
Cryptographic Design Considerations
Data at Rest Encryption
Transport Encryption Protocols
Transport Encryption
Hashing
Hash Functions
Key Stretching
Digital Signatures
Code Signing
Pseudorandom Number Generation
Perfect Forward Secrecy
Guidelines for Choosing Cryptographic Techniques
Topic C: Choose Cryptographic Implementations
DRM
Digital Watermarking
SSL/TLS
SSH
PGP and GPG
S/MIME
Guidelines for Choosing Cryptographic Implementations
Lesson 07 Review
Lesson 07 - Quiz

Lesson 08 - Integrating Hosts, Storage, Networks, and Applications in a Secure 1

Integrating Hosts, Storage, Networks, and Applications in a Secure Enterprise Ar
Topic A: Implement Security Standards in the Enterprise
Standards
Categories of Standards
Interoperability Issues
Data Flow Security
Guidelines for Implementing Standards in the Enterprise
Topic B: Select Technical Deployment Models
Deployment Models
Cloud and Virtualization and Hosting Options
Elastic Cloud Computing
Data Remnants in the Cloud
Data Aggregation
Data Isolation
Resource Provisioning and De-provisioning
Virtual Machine Vulnerabilities
Virtual Environment Security
Virtual Environment Security (Cont.)
Network Segmentation
Network Delegation
Mergers and Acquisitions
Guidelines for Selecting Technical Deployment Models
Topic C: Secure the Design of the Enterprise Infrastructure
Infrastructure Design Security
Deployment Diagrams
Storage Integration
Guidelines for Securing the Design of the Enterprise Infrastructure
Topic D: Secure Enterprise Application Integration Enablers
Customer Relationship Management
Enterprise Resource Planning
Governance, Risk, and Compliance
Enterprise Service Bus
Service Oriented Architecture
Directory Services
Domain Name System
Configuration Management Database
Content Management System
Guidelines for Securing Enterprise Application Integration Enablers
Lesson 08 Review
Lesson 08 - Quiz

Lesson 09 - Security Research and Analysis

Security Research and Analysis
Topic A: Perform an Industry Trends and Impact Analysis
Industry Best Practices
Demo - Security Research
Research Methods
Technology Evolution
New Technologies, Security Systems, and Services
New Security Technology Types
Global IA Industry and Community
Security Requirements for Contracts
Guidelines for Determining Industry Trends and Effects on the Enterprise
Situational Awareness
Situational Awareness Considerations
Emerging Business Tools
Social Media as an Emerging Business Tool
Mobile Devices as Emerging Business Tools
Emerging Security Issues
The Global Impact Analysis Industry
Security Requirements for Business Contracts
How to Perform an Industry Trends Impact Analysis
Topic B : Perform an Enterprise Security Analysis
Benchmarking
Network Traffic Analysis
Types of Network Traffic Analysis
Prototyping and Testing
Cost -Benefit Analysis
Security Analysis Strategies
Security Solution Analysis
Lessons Learned Review
How to Perform an Enterprise Security Analysis
Review Existing Security
Reverse Engineering
Solution Attributes
After -Action Report
Guidelines for Analyzing Scenarios to Secure the Enterprise
Lesson 09 Review
Lesson 09 - Quiz

Lesson 10 - Disaster Recovery and Business Continuity

Disaster Recovery and Business Continuity
Topic A : BCP Fundamentals
BCPs
BCP Development Phases
NIST Contingency Planning Steps
NFPA Business Planning Framework
Disruptive Events
BIA
BIA Organizational Goals
BIA Process
Critical Business Process
Vulnerability Assessments
MTD
RPO
RTO
RPO/RTO Optimization
Topic B: BCP Implementation
Program Coordinators
Advisory Committee -BCP Team
BCP Team Responsibilities
BCP Contents
Business Plan Evaluations
Business Plan Testing
Business Plan Maintenance
Business Continuity Process
Topic C: DRP Fundamentals
DRP
Disaster Recovery Strategy
Disaster Recovery Priority Levels
Disaster Recovery Response Approaches
Backup Strategies
Data Restoration Strategies
Alternate Sites
Topic D: DRP Implementation
Recovery Team
Salvage Team
Disaster Recovery Evaluation and Maintenance
Disaster Recovery Testing
Disaster Recovery Process
Lesson 10 Review
Lesson 10 - Quiz

Screenshots

CompTIA Advanced Security Practitioner (Part 1 of 2) - Screenshot_01CompTIA Advanced Security Practitioner (Part 1 of 2) - Screenshot_02CompTIA Advanced Security Practitioner (Part 1 of 2) - Screenshot_03CompTIA Advanced Security Practitioner (Part 1 of 2) - Screenshot_04

Reviews

Marquis
August 23, 2019
So far I like the course because they are short videos and they give me time to take notes. The only thing I wish for are more visual examples. Its hard to understand whats going by just looking at someone standing in front of a camera talking about the course.
Eddie
July 2, 2018
This course fills in some gaps I have with Cyber Security in general. I am hoping for some more in-depth knowledge as I progress.
Frantz
June 12, 2018
I am continuing to assess the the material offered here and comparing it with other study materials to solidify what is being offered in this course.

Charts

Price

CompTIA Advanced Security Practitioner (Part 1 of 2) - Price chart

Rating

CompTIA Advanced Security Practitioner (Part 1 of 2) - Ratings chart

Enrollment distribution

CompTIA Advanced Security Practitioner (Part 1 of 2) - Distribution chart

Related Topics

1620208
udemy ID
3/28/2018
course created date
11/22/2019
course indexed date
Bot
course submited by