Module 2: Security architecture introduction

Contents

• Introduction Introduction

  • CompTIA SecurityX (CAS-005): Introduction

    3m 30s
• 1. Implementing Appropriate Governance Components 1. Implementing Appropriate Governance Components

  • (Locked)
    Module 1: Governance, risk, and compliance introduction

    1m 32s
  • (Locked)
    Learning objectives

    26s
  • (Locked)
    Security program documentation

    6m 2s
  • Security program management

    14m 35s
  • (Locked)
    Governance frameworks

    2m 25s
  • (Locked)
    Change and configuration management

    5m 37s
  • (Locked)
    Governance, risk, and compliance (GRC) tools

    4m 49s
  • (Locked)
    Data governance in staging environments

    5m 38s
• 2. Risk Management Activities 2. Risk Management Activities

  • (Locked)
    Learning objectives

    28s
  • (Locked)
    Impact analysis

    2m 34s
  • (Locked)
    Risk assessment and management

    11m 39s
  • (Locked)
    Third-party risk management

    4m 54s
  • (Locked)
    Availability risk considerations

    9m 56s
  • (Locked)
    Confidentiality risk considerations

    9m 58s
  • (Locked)
    Integrity risk considerations

    5m 30s
  • (Locked)
    Privacy risk considerations

    6m 7s
  • Crisis management and breach response

    6m 40s
• 3. Compliance Security Strategies 3. Compliance Security Strategies

  • (Locked)
    Learning objectives

    26s
  • (Locked)
    Awareness of industry-specific compliance

    4m 7s
  • (Locked)
    Industry standards

    2m 20s
  • Security and reporting frameworks

    5m 18s
  • (Locked)
    Audits vs. assessments vs. certifications

    5m 4s
  • (Locked)
    Privacy regulations

    3m 26s
  • (Locked)
    Cross-jurisdictional compliance requirements

    10m 15s
• 4. Threat Modeling Activities 4. Threat Modeling Activities

  • (Locked)
    Learning objectives

    20s
  • (Locked)
    Threat actor characteristics

    13m 44s
  • (Locked)
    Attack patterns

    1m 27s
  • (Locked)
    Threat modeling frameworks

    6m 42s
  • (Locked)
    Attack surface determination

    12m 4s
  • (Locked)
    Threat modeling methods

    13m 59s
  • Modeling applicability to the environment

    4m 31s
• 5. Security Challenges with AI 5. Security Challenges with AI

  • (Locked)
    Learning objectives

    27s
  • (Locked)
    Legal and privacy implications

    6m 57s
  • (Locked)
    Threats to the models

    9m 8s
  • (Locked)
    AI-enabled attacks

    5m 45s
  • Risks of AI usage

    5m 37s
  • (Locked)
    AI assistants and digital workers

    5m 2s
• 6. Designing Resilient Systems 6. Designing Resilient Systems

  • (Locked)
    Module 2: Security architecture introduction

    2m 33s
  • (Locked)
    Learning objectives

    27s
  • (Locked)
    Next-generation firewalls

    2m 2s
  • Intrusion detection/prevention systems

    7m 8s
  • (Locked)
    VPNs and SDPs

    10m 50s
  • (Locked)
    Network access control (NAC)

    4m 20s
  • (Locked)
    Web application firewalls (WAF)

    2m 47s
  • (Locked)
    Content delivery networks (CDN)

    3m 36s
  • (Locked)
    Scanners, proxies, taps, and collectors

    8m 4s
  • (Locked)
    Availability and integrity design considerations

    14m 27s
• 7. Securing the DevOps Lifecycle 7. Securing the DevOps Lifecycle

  • (Locked)
    Learning objectives

    29s
  • (Locked)
    Security requirements definition

    4m 37s
  • (Locked)
    Software assurance

    9m 18s
  • (Locked)
    Continuous integration/continuous deployment (CI/CD)

    11m 47s
  • Supply chain risk management

    4m 13s
  • (Locked)
    Hardware assurance

    3m 20s
  • (Locked)
    End-of-life (EOL) considerations

    1m 20s
• 8. Secure Architecture Control Design 8. Secure Architecture Control Design

  • (Locked)
    Learning objectives

    30s
  • (Locked)
    Attack surface management and reduction

    5m 59s
  • (Locked)
    Detection and threat hunting

    2m 10s
  • (Locked)
    Information and data security design

    3m 18s
  • (Locked)
    Data loss prevention (DLP)

    3m 33s
  • Securing hybrid infrastructures

    4m 45s
  • (Locked)
    Securing third-party integrations

    2m 53s
  • (Locked)
    Assessing control effectiveness

    5m 41s
• 9. Designing Access, Authentication, and Authorization 9. Designing Access, Authentication, and Authorization

  • (Locked)
    Learning objectives

    32s
  • (Locked)
    Provisioning, proofing, and deprovisioning

    9m 34s
  • (Locked)
    Access control systems

    4m 58s
  • (Locked)
    Federation and SSO

    8m 11s
  • Zero trust PDPs and PEPs

    6m 31s
  • (Locked)
    Access control models

    12m 8s
  • (Locked)
    Public key infrastructure (PKI)

    11m 15s
  • (Locked)
    Logging and auditing access control

    2m 50s
• 10. Secure Cloud Implementation 10. Secure Cloud Implementation

  • (Locked)
    Learning objectives

    37s
  • (Locked)
    Cloud service types and shared responsibility

    8m 6s
  • (Locked)
    Cloud control strategies

    4m 2s
  • (Locked)
    Serverless cloud solutions

    12m 28s
  • (Locked)
    Infrastructure as code (IaC)

    3m 13s
  • (Locked)
    Container security

    6m 4s
  • (Locked)
    API security

    3m 54s
  • (Locked)
    Cloud access security brokers (CASB)

    5m 3s
  • (Locked)
    Key management services

    3m 49s
  • (Locked)
    Cloud connectivity, integration, and adoption

    9m 8s
• 11. Zero Trust Concepts 11. Zero Trust Concepts

  • (Locked)
    Learning objectives

    39s
  • Zero trust principles

    4m 55s
  • (Locked)
    Defining subject-object relationships

    4m 9s
  • (Locked)
    Continuous authorization and context-based reauthentication

    3m 41s
  • (Locked)
    Zero trust network architecture

    4m 38s
  • (Locked)
    API integration and validation

    3m 11s
  • (Locked)
    Asset identification, management, and attestation

    2m 37s
  • (Locked)
    Security boundaries and deperimeterization

    4m 20s
• 12. Engineering and Troubleshooting IAM 12. Engineering and Troubleshooting IAM

  • (Locked)
    Module 3: Security engineering introduction

    4m 9s
  • (Locked)
    Learning objectives

    33s
  • Subject access control

    7m 38s
  • (Locked)
    Authentication and authorization

    16m 49s
  • (Locked)
    Biometric factors

    14m 5s
  • (Locked)
    Secrets management

    2m 42s
  • (Locked)
    Conditional access

    6m 28s
  • (Locked)
    Privileged identity management and attestation

    4m 22s
  • (Locked)
    Cloud IAM access and trust policies

    3m 8s
  • (Locked)
    Logging and monitoring IAM

    2m 36s
• 13. Enhancing Endpoint to Server Security 13. Enhancing Endpoint to Server Security

  • (Locked)
    Learning objectives

    46s
  • (Locked)
    Host-based IDS and IPS

    3m 55s
  • (Locked)
    Endpoint detection and response (EDR)

    1m 51s
  • (Locked)
    Next-generation EDR

    2m 12s
  • (Locked)
    Attack surface monitoring and reduction

    4m 41s
  • (Locked)
    Antimalware

    2m 55s
  • (Locked)
    Host-based firewall and browser isolation

    3m 26s
  • (Locked)
    SELinux

    3m 20s
  • (Locked)
    Configuration management and application control

    7m 58s
  • (Locked)
    Enterprise mobility management (MDM and MAM)

    6m 26s
  • Threat actor tactics, techniques, and procedures (TTPs)

    3m 17s
• 14. Complex Network Infrastructure Security Issues 14. Complex Network Infrastructure Security Issues

  • (Locked)
    Learning objectives

    29s
  • (Locked)
    Network misconfigurations

    10m 2s
  • (Locked)
    IDS and IPS issues

    5m 15s
  • (Locked)
    Domain name system (DNS) security

    6m 34s
  • (Locked)
    Email security

    8m 13s
  • (Locked)
    TLS and PKI issues

    4m 8s
  • (Locked)
    Denial of service issues

    3m 29s
  • (Locked)
    Network access control list (ACL) issues

    5m 3s
• 15. Hardware Security Technologies and Techniques 15. Hardware Security Technologies and Techniques

  • (Locked)
    Learning objectives

    33s
  • (Locked)
    Threat actor TTPs

    8m 47s
  • (Locked)
    Roots of trust

    6m 42s
  • (Locked)
    Security coprocessors

    4m 37s
  • (Locked)
    Virtual and self-healing hardware

    3m 24s
  • (Locked)
    Secure and measured boot

    3m 12s
  • (Locked)
    Host-based encryption and self-encrypting drive (SED)

    3m 3s
  • (Locked)
    Tamper detection and countermeasures

    4m 4s
• 16. Securing Specialized and Legacy Systems 16. Securing Specialized and Legacy Systems

  • (Locked)
    Learning objectives

    38s
  • (Locked)
    Characteristics of specialized and legacy systems

    4m 25s
  • (Locked)
    Operational technology (OT)

    4m 42s
  • (Locked)
    Internet of things (IoT)

    3m 17s
  • (Locked)
    Embedded systems and system-on-chip (SoC)

    2m 22s
  • (Locked)
    Wireless technologies and radio frequency (RF)

    7m 42s
  • (Locked)
    Security and privacy considerations

    6m 47s
  • (Locked)
    Industry-specific challenges

    7m
• 17. Securing the Enterprise with Automation 17. Securing the Enterprise with Automation

  • (Locked)
    Learning objectives

    40s
  • (Locked)
    Scripting and event-based triggers

    5m 6s
  • (Locked)
    Infrastructure as code (IaC)

    2m 59s
  • Configuration files

    2m 31s
  • (Locked)
    Cloud APIs andsoftware development kits (SDKs)

    4m 44s
  • (Locked)
    Generative AI

    2m 30s
  • (Locked)
    Containerization

    2m 56s
  • (Locked)
    Automated patching and auto-containment

    4m 16s
  • (Locked)
    Security orchestration, automation, and response (SOAR)

    7m 19s
  • (Locked)
    Security content automation protocol (SCAP)

    7m 7s
• 18. Advanced Cryptographic Concepts 18. Advanced Cryptographic Concepts

  • (Locked)
    Learning objectives

    35s
  • (Locked)
    Post-quantum cryptography (PQC)

    5m 56s
  • (Locked)
    Key stretching and splitting

    6m 18s
  • (Locked)
    Homomorphic and envelope encryption

    2m 30s
  • (Locked)
    Forward secrecy

    2m 52s
  • (Locked)
    Authenticated encryption with associated data (AEAD)

    3m 18s
  • Hardware acceleration

    4m 28s
  • (Locked)
    Mutual authentication and secure multiparty computation

    2m 51s
• 19. Appropriate Cryptographic Use Cases and Techniques 19. Appropriate Cryptographic Use Cases and Techniques

  • (Locked)
    Learning objectives

    43s
  • (Locked)
    Data in transit, rest, and use

    5m 32s
  • (Locked)
    Data sanitization and anonymization

    7m 11s
  • (Locked)
    Secure email with cryptography

    1m 43s
  • (Locked)
    Non-repudiation

    5m 49s
  • (Locked)
    Immutable databases and blockchain

    4m 55s
  • (Locked)
    Legal, regulatory, and privacy considerations

    3m 49s
  • (Locked)
    Passwordless authentication

    2m 19s
  • (Locked)
    Software provenance and code integrity

    3m 40s
  • (Locked)
    Survey of cryptographic techniques

    11m 57s
• 20. Monitoring and Response Activities 20. Monitoring and Response Activities

  • (Locked)
    Module 4: Security operations introduction

    2m 7s
  • (Locked)
    Learning objectives

    26s
  • (Locked)
    Security information event management (SIEM)

    2m 47s
  • Aggregate data analysis

    5m 35s
  • (Locked)
    Behavior baselines and analytics

    7m 48s
  • (Locked)
    Incorporating diverse data sources

    11m 10s
  • (Locked)
    Security alerting for data

    6m 16s
  • (Locked)
    Reporting and metrics

    2m 39s
• 21. Analyzing Vulnerabilities and Attacks 21. Analyzing Vulnerabilities and Attacks

  • (Locked)
    Learning objectives

    30s
  • (Locked)
    Injection attacks

    6m 44s
  • (Locked)
    Request forgery

    5m 53s
  • (Locked)
    Unsafe memory utilization

    5m 28s
  • (Locked)
    Race conditions

    5m 36s
  • (Locked)
    Insecure configurations and improper patching

    7m 48s
  • (Locked)
    Deserialization and confused deputy vulnerabilities

    5m 8s
  • (Locked)
    Weak ciphers

    2m 12s
• 22. Mitigating Vulnerabilities and Attacks 22. Mitigating Vulnerabilities and Attacks

  • (Locked)
    Learning objectives

    36s
  • (Locked)
    Input validation, output encoding, and indexing

    6m 31s
  • Safe functions

    2m 55s
  • (Locked)
    Updating and patching

    2m 11s
  • (Locked)
    Security design patterns

    2m 43s
  • (Locked)
    Least privilege, defense in depth, and segregation of duties

    6m 47s
  • (Locked)
    Fail secure and fail safe

    5m 54s
  • (Locked)
    Secrets management

    3m 8s
  • (Locked)
    Encryption and code signing

    4m 3s
• 23. Threat Hunting and Threat Intelligence 23. Threat Hunting and Threat Intelligence

  • (Locked)
    Learning objectives

    33s
  • (Locked)
    Internal intelligence sources

    11m 15s
  • (Locked)
    External intelligence sources

    4m 54s
  • (Locked)
    Counterintelligence and operational security

    4m 40s
  • (Locked)
    Threat intelligence platforms (TIPs)

    2m 51s
  • (Locked)
    Indicator of compromise (IoC) sharing

    3m 19s
  • Indicators of attack

    3m 13s
  • (Locked)
    Rule-based languages

    7m 36s
• 24. Incident Response Activities 24. Incident Response Activities

  • (Locked)
    Learning objectives

    31s
  • (Locked)
    Malware analysis

    9m 30s
  • (Locked)
    Hardware analysis

    5m 29s
  • (Locked)
    Reverse engineering

    3m 53s
  • (Locked)
    Data recovery and extraction

    7m 42s
  • (Locked)
    Root cause analysis and threat response

    8m 26s
  • Preparedness exercises

    6m 8s
  • (Locked)
    Cloud workload protection program (CWPP)

    2m 2s
• Conclusion Conclusion

  • (Locked)
    CompTIA SecurityX (CAS-005): Summary

    36s