ComparingAccess Control Models
Role-Based Access Control
Using Roles Based on Jobs and Functions
Documenting Roles with a Matrix
Establishing Access with Group-Based Privileges
Rule-Based Access Control
Discretionary Access Control
SIDs and DACLs
The Owner Establishes Access
Beware of Trojans
Mandatory AccessControl
Labels and Lattice
Establishing Access
Attribute-Based AccessControl
Chapter 2 ExamTopic Review
Chapter2PracticeQuestions
Chapter 2 Practice Question Answers
Chapter 3 Exploring Network Technologies and Tools
Reviewing Basic Networking Concepts
Basic NetworkingProtocols
Implementing Protocols for Use Cases
Voice and Video Use Case
File Transfer Use Case
Email and Web Use Cases
Directory Services Use Case
Remote Access Use Cases
Time Synchronization Use Case
Network Address Allocation Use Case
Domain Name Resolution Use Case
Subscription Services Use Case
Understanding and IdentifyingPorts
Combining the IP Address and the Port
IP Address Used to Locate Hosts
Server Ports
Client Ports
Putting It All Together
The Importance of Ports in Security
UnderstandingBasicNetworkDevices
Switches
Security Benefit of a Switch
Port Security
Physical Security of a Switch
Loop Prevention
Flood Attacks and Flood Guards
Routers
Routers and ACLs
Implicit Deny Antispoofing
Bridge
AggregationSwitch Firewalls
Host-BasedFirewalls
Application-Based Versus Network-Based Firewalls
Stateless Firewall Rules
Stateful Versus Stateless
Web ApplicationFirewall
ImplementingaSecureNetwork
Zones and Topologies
DMZ
Understanding NAT and PAT
Network Separation
Physical Isolation and Airgaps
Logical Separation and Segmentation
Comparing a Layer 2 Versus Layer 3 Switch
Isolating Traffic with a VLAN
Media Gateway
Proxy Servers
Caching Content for Performance
Transparent Proxy Versus Nontransparent Proxy
Reverse Proxy
Application Proxy
Mail Gateways
SummarizingRoutingandSwitchingUse Cases
Chapter 3 ExamTopic Review
Chapter 4 Securing Your Network
Exploring Advanced Security Devices
Understanding IDSs and IPSs
HIDS
NIDS
Sensor and Collector Placement
Detection Methods
Data Sources and Trends
Reporting Based on Rules
False Positives Versus False Negatives
IPS Versus IDS Inline Versus Passive
SSL/TLS Accelerators
SSL Decryptors
Honeypots
Honeynets
IEEE 802.1x Security
Securing Wireless Networks
ReviewingWirelessBasics
Fat Versus Thin Access Points
Band Selection and Channel Widths
Access Point SSID
Disable SSID Broadcasting or Not
Enable MAC Filtering
AntennaTypes and Placement
Antenna Power and Signal Strength
Network ArchitectureZones
Wireless CryptographicProtocols
WPA
WPA2
TKIP Versus CCMP
PSK, Enterprise, and Open Modes
Authentication Protocols
Captive Portals
Understanding Wireless Attacks
Disassociation Attacks
WPS and WPS Attacks
Rogue AP
Evil Twin
Jamming Attacks
IV Attacks
NFC Attacks
Bluetooth Attacks
WirelessReplayAttacks
RFID Attacks
Misconfigured Access Points
UsingVPNsforRemoteAccess
VPNs and VPN Concentrators
Remote Access VPN
IPsec as a Tunneling Protocol
TLS as a Tunneling Protocol
Split Tunnel Versus Full Tunnel
Site-to-Site VPNs
Always-OnVPN
Network AccessControl
Host Health Checks
PermanentVersus Dissolvable
Identity and AccessServices
PAP
CHAP
MS-CHAP and MS-CHAPv2
RADIUS
TACACS+
Diameter
AAA Protocols
Chapter 4 ExamTopic Review
Chapter4PracticeQuestions
Chapter 5 Securing Hosts and Data
ImplementingSecureSystems
Operating Systems
Secure Operating System Configurations
Using Master Images
Resiliency and AutomationStrategies
Secure Baseline and Integrity Measurements
Patch Management
Change Management Policy
Unauthorized Software and Compliance Violations
Application Whitelisting and Blacklisting
Secure Staging and Deployment
Sandboxing with VMs
Sandboxing with Chroot
Secure Staging Environment
Peripherals
Hardware and Firmware Security
EMI and EMP
FDE and SED
UEFI and BIOS
Trusted Platform Module
Hardware Security Module
Summarizing CloudConcepts
Software as aService
Platform as aService
Infrastructure as aService
Security Responsibilities with Cloud Models
Security as a Service
Cloud DeploymentModels
DeployingMobileDevicesSecurely DeploymentModels
Connection Methods
MobileDeviceManagement
Mobile Device Enforcement and Monitoring
Unauthorized Software
HardwareControl
Unauthorized Connections
Exploring EmbeddedSystems
Security Implications andVulnerabilities
Comparing Embedded Systems
ProtectingData
Protecting Confidentiality withEncryption
Database Security
File System Security
Data Loss Prevention
Removable Media
Data Exfiltration
Cloud-Based DLP
Chapter 5 ExamTopic Review
Chapter5PracticeQuestions
Chapter5PracticeQuestionAnswers
Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks
UnderstandingThreatActors
Determining Malware Types
Viruses
Worms
Logic Bombs
Backdoors
Trojans
RAT
Ransomware
Keylogger
Spyware
Adware
Bots andBotnets
Rootkits
Recognizing Common Attacks
Social Engineering
Impersonation
Shoulder Surfing
Tricking Users with Hoaxes
Tailgating and Mantraps
Dumpster Diving
Watering Hole Attacks
Attacks via Email and Phone
Spam
Phishing
Spear Phishing
Whaling
Vishing
One Click Lets ThemIn
BlockingMalwareandOtherAttacks
Protecting Systems from Malware
Antivirus and Anti-Malware Software
Data ExecutionPrevention
Advanced Malware Tools
Spam Filters
Educating Users
New Viruses
Phishing Attacks
Zero-Day Exploits
Why Social Engineering Works
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity
Trust
Chapter 6 ExamTopic Review
Chapter6PracticeQuestions
Chapter6PracticeQuestionAnswers
Chapter 7 Protecting Against Advanced Attacks
ComparingCommonAttacks
DoS Versus DDoS
Privilege Escalation
Spoofing
SYN Flood Attacks
Man-in-the-Middle Attacks
ARP Poisoning Attacks
DNS Attacks
DNS Poisoning Attacks
Pharming Attacks
DDoS DNS Attacks
Amplification Attacks
PasswordAttacks
Brute Force Attacks
Dictionary Attacks
Password Hashes
Pass the Hash Attacks
Birthday Attacks
Rainbow Table Attacks
Replay Attacks
Known PlaintextAttacks
Hijacking and RelatedAttacks
Domain Hijacking
Man-in-the-Browser
Driver Manipulation
Zero-Day Attacks
MemoryBufferVulnerabilities
Memory Leak
Integer Overflow
Buffer Overflows and Buffer Overflow Attacks
Pointer Dereference
DLL Injection
Summarizing
Secure Coding Concepts
Compiled Versus Runtime Code
Proper InputValidation
Client-Side and Server-Side Input Validation
Other Input Validation Techniques
Avoiding Race Conditions
Proper Error Handling
Cryptographic Techniques
Code Reuse and SDKs
Code Obfuscation
Code Quality and Testing
Development Life-CycleModels
Secure DevOps
Version Control and Change Management
Provisioning and Deprovisioning
Identifying Application Attacks
Web Servers
Database Concepts
Normalization
SQL Queries
Injection Attacks
Cross-Site Scripting
Cross-Site Request Forgery
Understanding Frameworks and Guides
Chapter 7 ExamTopic Review
Chapter7PracticeQuestions
Chapter7PracticeQuestionAnswers
Chapter 8 Using Risk Management Tools
UnderstandingRiskManagement
Threats and Threat Assessments
Vulnerabilities
RiskManagement
Risk Assessment
Risk Registers
Supply Chain Assessment
Comparing Scanning and Testing Tools
Checking for Vulnerabilities
PasswordCrackers
Network Scanners
Banner Grabbing
Vulnerability Scanning
Credentialed VersusNon-Credentialed
Configuration Compliance Scanner
Obtaining Authorization
Penetration Testing
Passive Reconnaissance
Active Reconnaissance
Initial Exploitation
Escalation of Privilege
Pivot
Persistence
White, Gray, and Black Box Testing
Intrusive Versus Non-IntrusiveTesting
Passive Versus ActiveTools
Exploitation Frameworks
Using SecurityTools
Sniffing with a Protocol Analyzer
Command-Line Tools
Tcpdump
Nmap
Netcat
Monitoring Logs for Event Anomalies
Operating System Event Logs
Firewall and Router Access Logs
Linux Logs
OtherLogs
SIEM
Continuous Monitoring
Usage Auditing and Reviews
Permission Auditing and Review
Chapter 8 ExamTopic Review
Chapter8PracticeQuestions
Chapter8PracticeQuestionAnswers
Chapter 9 Implementing Controls to Protect Assets
Implementing Defense in Depth
Comparing Physical Security Controls
Using Signs
Comparing Door Lock Types
Securing Door Access with Cipher Locks
Securing Door Access with Cards
Securing Door Access withBiometrics
Tailgating
Preventing Tailgating with Mantraps
Increasing Physical Security with Guards
Monitoring Areas with Cameras
Fencing, Lighting, and Alarms
Securing Access with Barricades
Using Hardware Locks
Securing Mobile Computers with Cable Locks
Securing Servers with Locking Cabinets
Securing Small Devices with a Safe
Asset Management
Implementing Environmental Controls
Heating, Ventilation, and Air Conditioning
Hot and Cold Aisles
HVAC and Fire
Fire Suppression
Environmental Monitoring
Shielding
Protected Cabling
Protected Distribution of Cabling
Faraday Cage
Adding Redundancy and Fault Tolerance
Single Point of Failure
Disk Redundancies
RAID-0
RAID-1
RAID-5 and RAID-6
RAID-10
Server Redundancy and HighAvailability
Failover Clusters for High Availability
Load Balancers for High Availability
Clustering Versus Load Balancing
Power Redundancies
Protecting Data with Backups
Comparing Backup Types
Full Backups
Restoring a Full Backup
Differential Backups
Order of Restoration for a Full/Differential Backup Set
Incremental Backups
Order of Restoration for a Full/Incremental Backup Set
Choosing Full/Incremental or Full/Differential
Snapshot Backup
Testing Backups
Protecting Backups
Backups and Geographic Considerations
ComparingBusinessContinuityElements
Business Impact Analysis Concepts
Impact
Privacy Impact and Threshold Assessments
RecoveryTime Objective
Recovery PointObjective
Comparing MTBF andMTTR
Continuity of Operations Planning
Recovery Sites
Order of Restoration
Disaster Recovery
Testing Plans with Exercises
Chapter 9 ExamTopic Review
Chapter9PracticeQuestionAnswers
Chapter 10 Understanding Cryptography and PKI
Introducing CryptographyConcepts
Providing Integrity withHashing
MD5
SHA
HMAC
RIPEMD
Hashing Files
Hashing Passwords
Key Stretching
Hashing Messages
Using HMAC
Providing Confidentiality with Encryption
Encryption Terms
Block Versus Stream Ciphers
Cipher Modes
Symmetric Encryption
AES
DES
3DES
RC4
Blowfish and Twofish
Symmetric Encryption Summary
Asymmetric Encryption
The Rayburn Box
The Rayburn Box Used to Send Secrets
The Rayburn Box Used for Authentication
The RayburnBox Demystified
Certificates
RSA Static Versus EphemeralKeys
Elliptic Curve Cryptography
Diffie-Hellman
Steganography
Using CryptographicProtocols
Protecting Email
Signing Email with Digital Signatures
Encrypting Email
S/MIME
PGP/GPG
HTTPS Transport Encryption
SSL Versus TLS
Encrypting HTTPS Traffic with TLS
Cipher Suites
Implementation Versus AlgorithmSelection
Downgrade Attacks on Weak Implementations
Exploring PKI Components
Certificate Authority
Certificate Chaining and Trust Models
Registration and CSRs
Revoking Certificates
Certificate Issues
Public Key Pinning
Key Escrow
Recovery Agent
Comparing Certificate Types
Certificate Formats
Chapter 10 ExamTopic Review
Chapter 10 Practice Questions
Chapter 10 Practice Question Answers
Chapter 11 Implementing Policies to Mitigate Risks
Exploring Security Policies
Personnel Management Policies
Acceptable Use Policy
Mandatory Vacations
Separation of Duties
Job Rotation
Clean Desk Policy
Background Check
NDA
Exit Interview
Onboarding
Policy Violations and Adverse Actions
Other General Security Policies
Agreement Types
ProtectingData
Information Classification
Data Sensitivity Labeling and Handling
Data Destruction and Media Sanitization
Data RetentionPolicies
PII and PHI
Protecting PII and PHI
Legal and Compliance Issues
Data Roles andResponsibilities
Responding toIncidents
Incident Response Plan
Incident ResponseProcess
Implementing Basic Forensic Procedures
Order of Volatility
Data Acquisition and Preservation of Evidence
Chain of Custody
Legal Hold
Recovery of Data
Active Logging for Intelligence Gathering
Track Man-Hours andExpense
Providing Training
Role-Based Awareness Training
Continuing Education
Training and Compliance Issues
Troubleshooting Personnel Issues
Chapter 11 ExamTopic Review
Chapter 11 Practice Questions
Chapter 11 Practice Question Answers
Post-Assessment Exam
Assessment Exam Answers
