back

CompTIA CASP+ (CAS-003)

CompTIA Advanced Security Practitioner63 H 55 M

This course has a virtual lab
This course has a practice test
Episodes
Episodes
  • Supporting IT Governance and Risk Management
    • Overview
    • So You Want To Setup a Lab
    • Begin at the Beginning - Confidentiality
    • Begin at the Beginning - Integrity
    • Begin at the Beginning - Availability
    • Governance and Risk Management: Overview
    • Governance and Risk Management: Risk Vocabulary
    • Governance and Risk Management: Risk Management
    • Governance and Risk Management: Risk Analysis
    • Assess Risks: What is a Security Framework
    • Assess Risks: ESA Framework Assessment Process
    • Assess Risks: System Specific Risk Analysis
    • Assess Risks: Risk Determination
    • Assess Risks: Guidelines for Assessing Risk
    • Risk Mitigation: What is a Aggregate CIA Score
    • Risk Mitigation: What are the CVSS and CVE
    • Risk Mitigation: Risk Responses
    • Risk Management Documentation: Best Practices
    • Risk Management Documentation: BCP
    • Risk Management Documentation: What is a BIA
    • Risk Management Documentation: Downtime
    • Risk Management Documentation: Documents
    • I.T. Governance and Risk Management - Key Points
  • Leveraging Collaboration to Support Security
    • Collaboration: GRC and Controls
    • Collaboration: What is an SCA
    • Collaboration: Solutions
    • Leveraging Collaboration - Key Points
  • Using Research and Analysis to Secure the Enterprise
    • Research and Analysis: Industry Trends
    • Research and Analysis: Artificial Intelligence
    • Research and Analysis: Requirements for Contracts
    • Analyze Scenarios to Secure the Enterprise
    • Using Research and Analysis - Key Points
  • Integrating Advanced Authentication and Authorization Techniques
    • Authentication and Access Control
    • Authentication Factors and Controls
    • Authentication Types
    • Centralized Remote Authentication Services
    • Deep Dive: RADIUS
    • Deep Dive: 802.1X
    • What is Authorization/OAuth2.0
    • What is XACML
    • Trusts Models and Kerberos
    • Trust Models and Kerberos Part 2
    • Directory Services and LDAP
    • Hands On: Establishing Peer Trusts
    • Authentication and Authorization Review Questions
    • Advanced Identity Concepts and Vocabulary
    • Identity Federation Methods
    • Advanced Identity Review Questions
    • Authentication and Authorization: Key Points
  • Implementing Cryptographic Techniques
    • Encryption
    • Hashing
    • Digital Signatures
    • Blockchain and Bitcoin
    • Hands on: Configuring a Blockchain
    • Public Key Infrastructure PKI - Design
    • Public Key Infrastructure PKI - Concepts
    • Cryptography Concepts
    • Stream vs. Block Ciphers
    • Implement Cryptography
    • Implementing Cryptographic Techniques - Key Points
  • Implementing Security Controls for Hosts
    • Host Concepts and Vocabulary
    • Product Evaluation Models - TCSEC
    • Product Evaluation Models - ITSEC
    • Product Evaluation Models - Common Criteria
    • What is a Trusted OS
    • Types of Security Models
    • Bell-LaPadula
    • Biba
    • Clark-Wilson and Others
    • Access Control Concepts
    • Role-Based Access Control (RBAC)
    • Other Access Control Models
    • Endpoint Security
    • Host Review Questions
    • Hardening Hosts Concepts and Vocabulary
    • Peripherals
    • Full Disk Encryption
    • Hands-on: Hardening Windows Hosts, AppLocker
    • Virtualization Concepts and Vocabulary
    • Common VM Vulnerabilities
    • Hands-on: Creating Securing VM using Virtualbox
    • Boot Loader Concepts and Vocabulary
    • Hands-on: Protecting Boot Loaders
    • Implementing Security Controls Hosts Key Points
  • Security Controls for Mobile Devices
    • Mobile Deployment Models
    • MDM Concepts and Vocabulary
    • MDM Concepts and Vocabulary Part 2
    • Storage
    • Concepts and Vocabulary
    • Concepts and Vocabulary Part 2
    • Security Controls for Mobile Devices - Key Points
  • Implementing Network Security
    • IDSs vs IPSs casp
    • What is a SIEM system
    • Network Security Concepts and Vocabulary
    • Hands-On Deploy Network Security Platform OPNsense
    • SoC, BASs, ICS and SCADA
    • Network-Enabled Devices Review Questions
    • Remote Access and IPv6
    • Network Authentication
    • Network Topologies and SDN
    • Optimizing Resource Placement
    • Advanced Network Design Review Questions
    • Network Security Controls Concepts Vocabulary
    • VLANS and Network Data Flow
    • DPI and HTTPS Inspection
    • Network Device Configurations
    • NAC and Alerting
    • Hands on: Implementing Network Monitoring ntopng
    • Implementing Network Security - Key Points
  • Implementing Security in the Systems and Software Development Lifecycle
    • What is the Systems Development Life Cycle SDLC
    • Development Methodologies
    • What are the SDLC Phases
    • Security Requirements Traceability Matrix SRTM
    • Common Software Development Approaches
    • Common Software Development Methods
    • What about Validation and Acceptance Testing
    • SDLC Review Questions
    • Secure vs Insecure Direct Object References
    • Error Exception Handling Try...Catch Statements
    • What is Privilege Escalation
    • Overflows and Canaries
    • Memory Leaks
    • Races and Exhaustion
    • What is SQL Injection
    • What is Session...
    • What is a Cross-Site Scripting XSS Attack
    • Cross-Site Request Forgery XSRF/CSRF Attack
    • What about Clickjacking and Cookie Hijacking
    • What is security by...
    • Input Validation Fuzzing Application Sandboxing
    • WS-Security DAM and Software Assurance Tech
    • Implementing Security in the SDLC - Key Points
  • Integrating Assets in a Secure Enterprise Architecture
    • Integrate Best Practices in Enterprise Security
    • Technical Deployment Models: What is a Model
    • Technical Deployment Models: What is Cloud
    • Cloud Security Services in the Enterprise
    • Secure Design: Vocabulary and Concepts
    • Secure Design: Vocabulary and Concepts Part 2
    • Secure Design: Review Questions
    • Data Security: Owners, Processors and Sovereignty
    • Data Security: Data Flow Security
    • Data Security: Data Remanence
    • Data Security: Provisioning and Deprovisioning
    • Data Security: Review Questions
    • Enterprise Applications: What are They
    • Enterprise Applications: Directory Svcs, DNS
    • Enterprise Applications: Directory Svsc, DNS Pt.2
    • Enterprise Applications: Hands on with DNS RRs
    • DNSSEC, Zone Transfers and TSIGs
    • DNSSEC, Zone Transfers and TSIG Part 2
    • DNSSEC, Zone Transfers and TSIG Part 3
    • Hands on With DNSSEC
    • Enterprise Applications: Configuration Management
    • Enterprise Applications: Review Questions
    • Integrating Assets - Key Points
  • Conducting Security Assessments
    • Security Assessments: Types
    • Security Assessments: Application Code Review
    • Going Deeper: Vulnerability Scanning
    • Going Deeper: Testing Software
    • Software Testing Types
    • Software Testing Types Part 2
    • Logs, Memory and Debugging
    • Social Engineering
    • OSINT, Self-Assessments and Teaming
    • Security Assessments - Review Questions
    • Vulnerability Scanner (Nikto)
    • Port Scanner (Zenmap)
    • Protocol Analyzer (Wireshark)
    • Network Enumerator (Zenmap)
    • Password Cracker (John the Ripper)
    • Using a Fuzzer in Kali Linux
    • HTTP Interceptor (Burp Suite)
    • Exploitation Framework (Social-Engineer Toolkit)
    • Log Analysis in Kali (grep and cut)
    • OpenSCAP
    • Reverse Engineering (strace)
    • Conducting Security Assessments - Key Points
  • Responding to and Recovering from Incidents
    • Concepts and Vocabulary
    • Incident Response Facilitators
    • Incident Response Facilitators Part 2
    • e-Discovery
    • Incident Response Review Questions
    • What is COOP
    • CSIRTs and Common Tools
    • Evidence Collection and Handling
    • Types of Evidence
    • Five Rules of Evidence 5 B's
    • Principles of Criminalistics
    • Investigation Process
    • Forensic Analysis of Compromised Systems
    • What is the Order of Volatility
    • Conducting Forensic Analysis with Autopsy
    • Responding to Incidents - Key Points

Overview

2 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

362356440

You're watching ITProTV. [MUSIC] >> Hello and welcome to the CompTIA Advanced Security Practitioner Show. We're gonna be spending a lot of time with you in this show talking about all the knowledge elements and the things you need to do to be successful in order to take and pass the CASP+ exam. Join me here if you will, we're on the CompTIA's website specific to the CASP certification. I encourage you, by the way, to go take a look at this web page, not just now as you're going through the overview, follow along and, obviously, see what I'm about to talk about, but if you have questions about how to take any of the certifications for CompTIA, how to go in and set up your testing and all the things necessary to be successful, you can find that all right here. We're gonna scroll down real quickly and I'm just gonna show you maybe a little preview of the skills we're gonna be focusing on as we get into the show. We've taken the risk management, as you can see, enterprise security architecture, enterprise security operations, technical integration of enterprise security, and also research development and collaboration, main topics, and broken them out into an outline that you'll see at the beginning of every episode. That way you know where we are and what areas were focusing on. And all of those sub topics listed below any of those major elements are also noted. So every episode will focus in on a key aspect of one of these areas. We'll have a total of 12 topics to go through overall. And as we go through them, we'll be providing to you a wealth of resources. Always available for you are my show notes, the diagrams we may use to illustrate a point, got a hands on lab environment that we're gonna be using to demonstrate a lot of the skills necessary for you to be successful on the exam. We're also gonna have our key points episodes as we summarize all the elements in a topic, reminding you in one succinct episode how to prepare for and study for them with the highlights on things you want to know about. And often sprinkled throughout many of those discussions, we'll have review question episodes where we give you review questions, provide to you the right answers, but really focus on breaking down the methodology associated with how to answer the question types correctly if you see them on the exam. It's gonna be a lot of fun. I look forward to spending time with you. You'll see a variety of different hosts popping in from time to time to spend time with us, so that way you're gonna hear from a lot of different perspectives as we go through the material. Can't wait to get started. I hope you're as excited as I am. Get going, start watching those episodes, we've got a lot of work to do. See you soon. >> Thank you for watching ITProTV.

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.