Table of Contents
Introduction xxvii
Chapter 1 Threats, Attacks, and Vulnerabilities 1
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. 6
Viruses 6
Crypto-malware 7
Ransomware 8
Worm 8
Trojan 8
Rootkit 9
Keylogger 10
Adware 10
Spyware 10
Bots 11
RAT 12
Logic bomb 12
Backdoor 13
Exam Essentials 14
1.2 Compare and contrast types of attacks. 15
Social engineering 15
Application/service attacks 21
Wireless attacks 45
Cryptographic attacks 54
Exam Essentials 63
1.3 Explain threat actor types and attributes. 69
Types of actors 69
Attributes of actors 72
Use of open-source intelligence 73
Exam Essentials 73
1.4 Explain penetration testing concepts. 74
Active reconnaissance 75
Passive reconnaissance 75
Pivot 76
Initial exploitation 76
Persistence 77
Escalation of privilege 77
Black box 77
White box 77
Gray box 78
Pen testing vs. vulnerability scanning 78
Exam Essentials 81
1.5 Explain vulnerability scanning concepts. 82
Passively test security controls 84
Identify vulnerability 84
Identify lack of security controls 84
Identify common misconfigurations 85
Intrusive vs. non-intrusive 85
Credentialed vs. non-credentialed 85
False positive 85
Exam Essentials 86
1.6 Explain the impact associated with types of vulnerabilities. 87
Race conditions 87
Vulnerabilities due to: 88
Improper input handling 89
Improper error handling 89
Misconfiguration/weak configuration 90
Default configuration 90
Resource exhaustion 91
Untrained users 91
Improperly configured accounts 91
Vulnerable business processes 91
Weak cipher suites and implementations 91
Memory/buffer vulnerability 92
System sprawl/undocumented assets 93
Architecture/design weaknesses 94
New threats/zero day 94
Improper certificate and key management 95
Exam Essentials 95
Review Questions 98
Chapter 2 Technologies and Tools 103
2.1 Install and configure network components, both hardware- and software-based, to support organizational security. 110
Firewall 110
VPN concentrator 114
NIPS/NIDS 118
Router 125
Switch 127
Proxy 130
Load balancer 131
Access point 133
SIEM 139
DLP 142
NAC 143
Mail gateway 144
Bridge 147
SSL/TLS accelerators 147
SSL decryptors 147
Media gateway 147
Hardware security module 148
Exam Essentials 148
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. 152
Protocol analyzer 152
Network scanners 154
Wireless scanners/cracker 155
Password cracker 155
Vulnerability scanner 156
Configuration compliance scanner 157
Exploitation frameworks 157
Data sanitization tools 158
Steganography tools 158
Honeypot 158
Backup utilities 159
Banner grabbing 159
Passive vs. active 160
Command line tools 161
Exam Essentials 169
2.3 Given a scenario, troubleshoot common security issues. 170
Unencrypted credentials/clear text 170
Logs and events anomalies 171
Permission issues 172
Access violations 172
Certificate issues 173
Data exfiltration 173
Misconfigured devices 174
Weak security configurations 175
Personnel issues 176
Unauthorized software 177
Baseline deviation 178
xviii Contents
License compliance violation (availability/integrity) 178
Asset management 178
Authentication issues 179
Exam Essentials 179
2.4 Given a scenario, analyze and interpret output from security technologies. 180
HIDS/HIPS 180
Antivirus 181
File integrity check 182
Host-based firewall 183
Application whitelisting 183
Removable media control 184
Advanced malware tools 185
Patch management tools 186
UTM 187
DLP 187
Data execution prevention 188
Web application firewall 188
Exam Essentials 189
2.5 Given a scenario, deploy mobile devices securely. 190
Connection methods 190
Mobile device management concepts 193
Enforcement and monitoring for: 201
Deployment models 207
Exam Essentials 210
2.6 Given a scenario, implement secure protocols. 213
Protocols 213
Use cases 224
Exam Essentials 231
Review Questions 233
Chapter 3 Architecture and Design 237
3.1 Explain use cases and purpose for frameworks,
best practices and secure configuration guides. 244
Industry-standard frameworks and reference
architectures 244
Benchmarks/secure configuration guides 246
Defense-in-depth/layered security 248
Exam Essentials 249
3.2 Given a scenario, implement secure network
architecture concepts. 249
Zones/topologies 250
Segregation/segmentation/isolation 255
Tunneling/VPN 258
Security device/technology placement 261
SDN 265
Exam Essentials 266
3.3 Given a scenario, implement secure systems design. 268
Hardware/firmware security 268
Operating systems 272
Peripherals 280
Exam Essentials 282
3.4 Explain the importance of secure staging
deployment concepts. 284
Sandboxing 284
Environment 284
Secure baseline 285
Integrity measurement 288
Exam Essentials 288
3.5 Explain the security implications of embedded systems. 288
SCADA/ICS 289
Smart devices/IoT 290
HVAC 293
SoC 293
RTOS 294
Printers/MFDs 294
Camera systems 294
Special purpose 295
Exam Essentials 296
3.6 Summarize secure application development and
deployment concepts. 297
Development life-cycle models 297
Secure DevOps 300
Version control and change management 302
Provisioning and deprovisioning 303
Secure coding techniques 303
Code quality and testing 306
Compiled vs. runtime code 308
Exam Essentials 309
3.7 Summarize cloud and virtualization concepts. 311
Hypervisor 312
VM sprawl avoidance 314
VM escape protection 314
Cloud storage 315
Cloud deployment models 315
On-premise vs. hosted vs. cloud 317
VDI/VDE 317
Cloud access security broker 317
Security as a Service 317
Exam Essentials 318
3.8 Explain how resiliency and automation strategies reduce risk. 319
Automation/scripting 319
Templates 320
Master image 320
Non-persistence 320
Elasticity 322
Scalability 322
Distributive allocation 322
Redundancy 322
Fault tolerance 323
High availability 324
RAID 326
Exam Essentials 326
3.9 Explain the importance of physical security controls. 328
Lighting 329
Signs 329
Fencing/gate/cage 330
Security guards 330
Alarms 331
Safe 333
Secure cabinets/enclosures 333
Protected distribution/Protected cabling 333
Airgap 333
Mantrap 333
Faraday cage 334
Lock types 335
Biometrics 335
Barricades/bollards 336
Tokens/cards 336
Environmental controls 336
Cable locks 338
Screen filters 338
Cameras 339
Contents xxi
Motion detection 340
Logs 340
Infrared detection 340
Key management 340
Exam Essentials 341
Review Questions 343
Chapter 4 Identity and Access Management 347
4.1 Compare and contrast identity and access
management concepts. 350
Identification, authentication, authorization and accounting (AAA) 350
Multifactor authentication 352
Federation 353
Single sign-on 353
Transitive trust 354
Exam Essentials 354
4.2 Given a scenario, install and configure identity and access services. 355
LDAP 355
Kerberos 355
TACACS+ 357
CHAP 358
PAP 359
MSCHAP 359
RADIUS 360
SAML 361
OpenID Connect 362
OAuth 362
Shibboleth 362
Secure token 362
NTLM 363
Exam Essentials 364
4.3 Given a scenario, implement identity and access management controls. 365
Access control models 365
Physical access control 369
Biometric factors 369
Tokens 372
Certificate-based authentication 374
File system security 376
Database security 376
Exam Essentials 380
4.4 Given a scenario, differentiate common account management practices. 382
Account types 382
General Concepts 384
Account policy enforcement 387
Exam Essentials 393
Review Questions 395
Chapter 5 Risk Management 399
5.1 Explain the importance of policies, plans and procedures related to organizational security. 405
Standard operating procedure 405
Agreement types 405
Personnel management 407
General security policies 416
Exam Essentials 418
5.2 Summarize business impact analysis concepts. 420
RTO/RPO 420
MTBF 421
MTTR 421
Mission-essential functions 421
Identification of critical systems 422
Single point of failure 422
Impact 422
Privacy impact assessment 423
Privacy threshold assessment 423
Exam Essentials 424
5.3 Explain risk management processes and concepts. 425
Threat assessment 425
Risk assessment 426
Change management 434
Exam Essentials 434
5.4 Given a scenario, follow incident response procedures. 436
Incident response plan 436
Incident response process 438
Exam Essentials 441
5.5 Summarize basic concepts of forensics. 442
Order of volatility 443
Chain of custody 443
Legal hold 444
Data acquisition 444
Contents xxiii
Preservation 447
Recovery 447
Strategic intelligence/counterintelligence gathering 447
Track man-hours 448
Exam Essentials 448
5.6 Explain disaster recovery and continuity of
operation concepts. 449
Recovery sites 453
Order of restoration 454
Backup concepts 455
Geographic considerations 456
Continuity of operation planning 458
Exam Essentials 460
5.7 Compare and contrast various types of controls. 461
Deterrent 461
Preventive 462
Detective 462
Corrective 462
Compensating 463
Technical 463
Administrative 463
Physical 463
Exam Essentials 463
5.8 Given a scenario, carry out data security and privacy practices. 464
Data destruction and media sanitization 464
Data sensitivity labeling and handling 467
Data roles 473
Data retention 474
Legal and compliance 474
Exam Essentials 475
Review Questions 476
Chapter 6 Cryptography and PKI 481
6.1 Compare and contrast basic concepts of cryptography. 486
Symmetric algorithms 487
Modes of operation 489
Asymmetric algorithms 490
Hashing 493
Salt, IV, nonce 496
Elliptic curve 496
Weak/deprecated algorithms 497
Key exchange 497
Digital signatures 497
Diffusion 499
Confusion 499
Collision 499
Steganography 499
Obfuscation 500
Stream vs. block 500
Key strength 501
Session keys 501
Ephemeral key 502
Secret algorithm 502
Data-in-transit 502
Data-at-rest 502
Data-in-use 503
Random/pseudo-random number generation 503
Key stretching 504
Implementation vs. algorithm selection 504
Perfect forward secrecy 505
Security through obscurity 505
Common use cases 505
Exam Essentials 509
6.2 Explain cryptography algorithms and their basic characteristics. 512
Symmetric algorithms 513
Cipher modes 515
Asymmetric algorithms 516
Hashing algorithms 519
Key stretching algorithms 521
Obfuscation 522
Exam Essentials 525
6.3 Given a scenario, install and configure wireless security settings. 527
Cryptographic protocols 527
Authentication protocols 529
Methods 530
Exam Essentials 531
6.4 Given a scenario, implement public key infrastructure. 532
Components 532
Concepts 539
Types of certificates 547
Certificate formats 548
Exam Essentials 549
Review Questions 554
Appendix Answers to Review Questions 559
Chapter 1: Threats, Attacks, and Vulnerabilities 560
Chapter 2: Technologies and Tools 561
Chapter 3: Architecture and Design 564
Chapter 4: Identity and Access Management 566
Chapter 5: Risk Management 568
Chapter 6: Cryptography and PKI 571
Index 575