Introduction xix
Chapter 1 Threats, Attacks, and Vulnerabilities 1
11 Compare and contrast different types of social engineering techniques 5
12 Given a scenario, analyze potential indicators to determine the type of attack 20
13 Given a scenario, analyze potential indicators associated with application attacks 37
14 Given a scenario, analyze potential indicators associated with network attacks 57
15 Explain different threat actors, vectors, and intelligence sources 80
16 Explain the security concerns associated with various types of vulnerabilities 91
17 Summarize the techniques used in security assessments 99
18 Explain the techniques used in penetration testing 109
Review Questions 118
Chapter 2 Architecture and Design 123
21 Explain the importance of security concepts in an enterprise environment 128
22 Summarize virtualization and cloud computing concepts 139
23 Summarize secure application development, deployment, and automation concepts 152
24 Summarize authentication and authorization design concepts 167
25 Given a scenario, implement cybersecurity resilience 183
26 Explain the security implications of embedded and specialized systems 196
27 Explain the importance of physical security controls 208
28 Summarize the basics of cryptographic concepts 220
Review Questions 240
Chapter 3 Implementation 245
31 Given a scenario, implement secure protocols 248
32 Given a scenario, implement host or application security solutions 262
33 Given a scenario, implement secure network designs 280
34 Given a scenario, install and configure wireless security settings 304
35 Given a scenario, implement secure mobile solutions 315
36 Given a scenario, apply cybersecurity solutions to the cloud 330
37 Given a scenario, implement identity and account management controls 336
38 Given a scenario, implement authentication and authorization solutions 344
39 Given a scenario, implement public key infrastructure 355
Review Questions 370
Chapter 4 Operations and Incident Response 375
41 Given a scenario, use the appropriate tool to assess organizational security 377
42 Summarize the importance of policies, processes, and procedures for incident response 398
43 Given an incident, utilize appropriate data sources to support an investigation 409
44 Given an incident, apply mitigation techniques or controls to secure an environment 418
45 Explain the key aspects of digital forensics 422
Review Questions 435
Chapter 5 Governance, Risk, and Compliance 441
51 Compare and contrast various types of controls 443
52 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture 446
53 Explain the importance of policies to organizational security 456
54 Summarize risk management processes and concepts 469
55 Explain privacy and sensitive data concepts in relation to security 486
Review Questions 494
Appendix Answers to Review Questions 499
Chapter 1: Threats, Attacks, and Vulnerabilities 500
Chapter 2: Architecture and Design 505
Chapter 3: Implementation 508
Chapter 4: Operations and Incident Response 511
Chapter 5: Governance, Risk, and Compliance 514
Index 519