CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide

Name: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide
Price: 485 SEK
Availability: InStock

AvTroy McMillan

2022

Del i serien Certification Guide

485 kr

Beställningsvara. Skickas inom 7-10 vardagar. Fri frakt över 249 kr.

Beskrivning

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide focuses specifically on the objectives for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam. Leading expert Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This complete study package includes

* A test-preparation routine proven to help you pass the exams
* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
* An online interactive Flash Cards application to help you drill on Key Terms by chapter
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies

Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam, including

* Ensuring a secure network architecture
* Determining the proper infrastructure security design
* Implementing secure cloud and virtualization solutions
* Performing threat and vulnerability management activities
* Implementing appropriate incident response
* Applying secure configurations to enterprise mobility
* Configuring and implementing endpoint security controls
* Troubleshooting issues with cryptographic implementations
* Applying appropriate risk strategies

Produktinformation

Utgivningsdatum:2022-10-14
Höjd:194 x 236 x 52 mm
Vikt:1 740 g
Språk:Engelska
Serie:Certification Guide
Antal sidor:864
Upplaga:3
Förlag:Pearson Education
EAN:9780137348954

Utforska kategorier

It-certifieringar inom Data och IT

Mer om författaren

Troy McMillan, CASP, is a product developer and technical editor for CyberVista as well as a full-time trainer. He became a professional trainer more than 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent work includes* Author of CompTIA CySA+ CS0-002 Cert Guide (Pearson IT Certification) * Author of CompTIA A+ Complete Review Guide (Sybex) * Author of CompTIA Server + Study Guide (Sybex) * Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) * Prep test question writer for Network+ Study Guide (Sybex) * Technical editor for Windows 7 Study Guide (Sybex) * Contributing author for CCNA-Wireless Study Guide (Sybex) * Technical editor for CCNA Study Guide, Revision 7 (Sybex) * Author of VCP VMware Certified Professional on vSphere 4 Review Guide: Exam VCP-410 and associated instructional materials (Sybex) * Author of Cisco Essentials (Sybex) * Co-author of CISSP Cert Guide (Pearson IT Certification) * Prep test question writer for CCNA Wireless 640-722 (Cisco Press) He also has appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND 1; ICND 2; and Cloud+.He now creates certification practice tests and study guides and online courses for Cybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.

Innehållsförteckning

Introduction IPart I: Security ArchitectureChapter 1 Ensuring a Secure Network Architecture 3Services 3Load Balancer 3Intrusion Detection System (IDS)/Network Intrusion Detection System (NIDS)/Wireless Intrusion Detection System (WIDS) 3Intrusion Prevention System (IPS)/Network Intrusion Prevention System (NIPS)/Wireless Intrusion Prevention System (WIPS) 6Web Application Firewall (WAF) 6Network Access Control (NAC) 8Virtual Private Network (VPN) 10Domain Name System Security Extensions (DNSSEC) 11Firewall/Unified Threat Management (UTM)/Next-Generation Firewall (NGFW) 11Network Address Translation (NAT) Gateway 19Internet Gateway 21Forward/Transparent Proxy 21Reverse Proxy 22Distributed Denial-of-Service (DDoS) Protection 22Routers 22Mail Security 26Application Programming Interface (API) Gateway/Extensible Markup Language (XML) Gateway 30Traffic Mirroring 30Sensors 32Segmentation 39Microsegmentation 40Local Area Network (LAN)/Virtual Local Area Network (VLAN) 40Jump Box 43Screened Subnet 44Data Zones 44Staging Environments 45Guest Environments 45VPC/Virtual Network (VNET) 45Availability Zone 46NAC Lists 47Policies/Security Groups 47Regions 49Access Control Lists (ACLs) 49Peer-to-Peer 49Air Gap 49De-perimeterization/Zero Trust 49Cloud 50Remote Work 50Mobile 50Outsourcing and Contracting 52Wireless/Radio Frequency (RF) Networks 53Merging of Networks from Various Organizations 58Peering 59Cloud to on Premises 59Data Sensitivity Levels 59Mergers and Acquisitions 60Cross-domain 61Federation 61Directory Services 61Software-Defined Networking (SDN) 62Open SDN 63Hybrid SDN 64SDN Overlay 64Exam Preparation Tasks 66Chapter 2 Determining the Proper Infrastructure Security Design 73Scalability 73Vertically 73Horizontally 74Resiliency 74High Availability/Redundancy 74Diversity/Heterogeneity 75Course of Action Orchestration 75Distributed Allocation 76Replication 76Clustering 76Automation 76Autoscaling 76Security Orchestration, Automation, and Response (SOAR) 77Bootstrapping 77Performance 77Containerization 78Virtualization 79Content Delivery Network 79Caching 80Exam Preparation Tasks 81Chapter 3 Securely Integrating Software Applications 85Baseline and Templates 85Baselines 85Create Benchmarks and Compare to Baselines 85Templates 86Secure Design Patterns/Types of Web Technologies 87Container APIs 88Secure Coding Standards 89Application Vetting Processes 90API Management 91Middleware 91Software Assurance 92Sandboxing/Development Environment 92Validating Third-Party Libraries 93Defined DevOps Pipeline 93Code Signing 94Interactive Application Security Testing (IAST) vs. Dynamic Application Security Testing (DAST) vs. Static Application Security Testing (SAST) 95Considerations of Integrating Enterprise Applications 100Customer Relationship Management (CRM) 100Enterprise Resource Planning (ERP) 100Configuration Management Database (CMDB) 101Content Management System (CMS) 101Integration Enablers 101Integrating Security into Development Life Cycle 103Formal Methods 103Requirements 103Fielding 104Insertions and Upgrades 104Disposal and Reuse 104Testing 105Development Approaches 109Best Practices 117Exam Preparation Tasks 119Chapter 4 Securing the Enterprise Architecture by Implementing Data Security Techniques 125Data Loss Prevention 125Blocking Use of External Media 125Print Blocking 126Remote Desktop Protocol (RDP) Blocking 126Clipboard Privacy Controls 127Restricted Virtual Desktop Infrastructure (VDI) Implementation 128Data Classification Blocking 128Data Loss Detection 129Watermarking 129Digital Rights Management (DRM) 129Network Traffic Decryption/Deep Packet Inspection 130Network Traffic Analysis 130Data Classification, Labeling, and Tagging 130Metadata/Attributes 130Obfuscation 131Tokenization 131Scrubbing 131Masking 132Anonymization 132Encrypted vs. Unencrypted 132Data Life Cycle 132Create 132Use 133Share 133Store 133Archive or Destroy 133Data Inventory and Mapping 133Data Integrity Management 134Data Storage, Backup, and Recovery 134Redundant Array of Inexpensive Disks (RAID) 138Exam Preparation Tasks 143Chapter 5 Providing the Appropriate Authentication and Authorization Controls 149Credential Management 149Password Repository Application 149Hardware Key Manager 150Privileged Access Management 151Privilege Escalation 151Password Policies 151Complexity 153Length 153Character Classes 153History 154Maximum/Minimum Age 154Auditing 155Reversable Encryption 156Federation 156Transitive Trust 156OpenID 156Security Assertion Markup Language (SAML) 157Shibboleth 158Access Control 159Mandatory Access Control (MAC) 160Discretionary Access Control (DAC) 160Role-Based Access Control 161Rule-Based Access Control 161Attribute-Based Access Control 161Protocols 162Remote Authentication Dial-in User Service (RADIUS) 162Terminal Access Controller Access Control System (TACACS) 163Diameter 164Lightweight Directory Access Protocol (LDAP) 164Kerberos 165OAuth 166802.1X 166Extensible Authentication Protocol (EAP) 167Multifactor Authentication (MFA) 168Knowledge Factors 169Ownership Factors 169Characteristic Factors 170Physiological Characteristics 170Behavioral Characteristics 171Biometric Considerations 1722-Step Verification 173In-Band 174Out-of-Band 174One-Time Password (OTP) 175HMAC-Based One-Time Password (HOTP) 175Time-Based One-Time Password (TOTP) 175Hardware Root of Trust 176Single Sign-On (SSO) 177JavaScript Object Notation (JSON) Web Token (JWT) 178Attestation and Identity Proofing 179Exam Preparation Tasks 180Chapter 6 Implementing Secure Cloud and Virtualization Solutions 185Virtualization Strategies 185Type 1 vs. Type 2 Hypervisors 186Containers 187Emulation 188Application Virtualization 189VDI 189Provisioning and Deprovisioning 189Middleware 190Metadata and Tags 190Deployment Models and Considerations 190Business Directives 191Cloud Deployment Models 192Hosting Models 193Multitenant 193Single-Tenant 194Service Models 194Software as a Service (SaaS) 194Platform as a Service (PaaS) 194Infrastructure as a Service (IaaS) 195Cloud Provider Limitations 196Internet Protocol (IP) Address Scheme 196VPC Peering 196Extending Appropriate On-premises Controls 196Storage Models 196Object Storage/File-Based Storage 197Database Storage 197Block Storage 198Blob Storage 198Key-Value Pairs 198Exam Preparation Tasks 199Chapter 7 Supporting Security Objectives and Requirements with Cryptography and Public Key Infrastructure (PKI) 203Privacy and Confidentiality Requirements 203Integrity Requirements 204Non-repudiation 204Compliance and Policy Requirements 204Common Cryptography Use Cases 205Data at Rest 205Data in Transit 205Data in Process/Data in Use 205Protection of Web Services 206Embedded Systems 206Key Escrow/Management 207Mobile Security 209Secure Authentication 209Smart Card 209Common PKI Use Cases 210Web Services 210Email 210Code Signing 211Federation 211Trust Models 212VPN 212Enterprise and Security Automation/Orchestration 213Exam Preparation Tasks 214Chapter 8 Managing the Impact of Emerging Technologies on Enterprise Security and Privacy 219Artificial Intelligence 219Machine Learning 220Quantum Computing 220Blockchain 220Homomorphic Encryption 221Secure Multiparty Computation 221Private Information Retrieval 221Secure Function Evaluation 221Private Function Evaluation 221Distributed Consensus 221Big Data 222Virtual/Augmented Reality 2233-D Printing 224Passwordless Authentication 224Nano Technology 225Deep Learning 225Natural Language Processing 225Deep Fakes 226Biometric Impersonation 226Exam Preparation Tasks 227Part II: Security OperationsChapter 9 Performing Threat Management Activities 231Intelligence Types 231Tactical 231Strategic 232Operational 232Actor Types 233Advanced Persistent Threat (APT)/Nation-State 233Insider Threat 234Competitor 234Hacktivist 234Script Kiddie 235Organized Crime 235Threat Actor Properties 235Resource 235Supply Chain Access 235Create Vulnerabilities 236Capabilities/Sophistication 236Identifying Techniques 237Intelligence Collection Methods 237Intelligence Feeds 237Deep Web 237Proprietary 238Open-Source Intelligence (OSINT) 238Human Intelligence (HUMINT) 243Frameworks 243MITRE Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) 243Diamond Model of Intrusion Analysis 245Cyber Kill Chain 246Exam Preparation Tasks 246Chapter 10 Analyzing Indicators of Compromise and Formulating an Appropriate Response 251Indicators of Compromise 251Packet Capture (PCAP) 251Logs 252Notifications 256Notification Severity/Priorities 260Syslog 261Unusual Process Activity 263Response 265Firewall Rules 265IPS/IDS Rules 267ACL Rules 267Signature Rules 267Behavior Rules 268DLP Rules 268Scripts/Regular Expressions 268Exam Preparation Tasks 268Chapter 11 Performing Vulnerability Management Activities 275Vulnerability Scans 275Credentialed vs. Non-credentialed 275Agent-Based/Server-Based 276Criticality Ranking 277Active vs. Passive 278Security Content Automation Protocol (SCAP) 278Extensible Configuration Checklist Description Format (XCCDF) 278Open Vulnerability and Assessment Language (OVAL) 279Common Platform Enumeration (CPE) 279Common Vulnerabilities and Exposures (CVE) 279Common Vulnerability Scoring System (CVSS) 279Common Configuration Enumeration (CCE) 282Asset Reporting Format (ARF) 282Self-assessment vs. Third-Party Vendor Assessment 283Patch Management 283Manual Patch Management 284Automated Patch Management 284Information Sources 284Advisories 285Bulletins 286Vendor Websites 287Information Sharing and Analysis Centers (ISACs) 287News Reports 287Exam Preparation Tasks 287Chapter 12 Using the Appropriate Vulnerability Assessment and Penetration Testing Methods and Tools 293Methods 293Static Analysis/Dynamic Analysis 293Side-Channel Analysis 293Reverse Engineering 294Wireless Vulnerability Scan 295Rogue Access Points 295Software Composition Analysis 296Fuzz Testing 296Pivoting 297Post-exploitation 297Persistence 298Tools 298SCAP Scanner 298Network Traffic Analyzer 299Vulnerability Scanner 300Protocol Analyzer 302Port Scanner 302HTTP Interceptor 304Exploit Framework 304Password Cracker 306Dependency Management 307Requirements 308Scope of Work 308Rules of Engagement 308Invasive vs. Non-invasive 308Asset Inventory 308Permissions and Access 309Corporate Policy Considerations 310Facility Considerations 310Physical Security Considerations 310Rescan for Corrections/Changes 310Exam Preparation Tasks 310Chapter 13 Analyzing Vulnerabilities and Recommending Risk Mitigations 315Vulnerabilities 315Race Conditions 315Overflows 315Broken Authentication 318Unsecure References 319Poor Exception Handling 319Security Misconfiguration 319Improper Headers 320Information Disclosure 321Certificate Errors 321Weak Cryptography Implementations 321Weak Ciphers 322Weak Cipher Suite Implementations 322Software Composition Analysis 322Use of Vulnerable Frameworks and Software Modules 323Use of Unsafe Functions 323Third-Party Libraries 323Code Injections/Malicious Changes 324End of Support/End of Life 324Regression Issues 324Inherently Vulnerable System/Application 325Client-Side Processing vs. Server-Side Processing 325JSON/Representational State Transfer (REST) 326Browser Extensions 326Hypertext Markup Language 5 (HTML5) 327Asynchronous JavaScript and XML (AJAX) 327Simple Object Access Protocol (SOAP) 329Machine Code vs. Bytecode or Interpreted vs. Emulated 329Attacks 329Directory Traversal 330Cross-site Scripting (XSS) 331Cross-site Request Forgery (CSRF) 331Injection 332Sandbox Escape 337Virtual Machine (VM) Hopping 337VM Escape 337Border Gateway Protocol (BGP) Route Hijacking 338Interception Attacks 339Denial-of-Service (DoS)/DDoS 339Authentication Bypass 340Social Engineering 340VLAN Hopping 341Exam Preparation Tasks 341Chapter 14 Using Processes to Reduce Risk 347Proactive and Detection 347Hunts 347Developing Countermeasures 347Deceptive Technologies 347Security Data Analytics 348Processing Pipelines 349Indexing and Search 350Log Collection and Curation 350Database Activity Monitoring 350Preventive 351Antivirus 352Immutable Systems 352Hardening 352Sandbox Detonation 352Application Control 353License Technologies 353Allow List vs. Block List 354Time of Check vs. Time of Use 354Atomic Execution 355Security Automation 355Cron/Scheduled Tasks 355Bash 356PowerShell 357Python 357Physical Security 358Review of Lighting 358Review of Visitor Logs 359Camera Reviews 359Open Spaces vs. Confined Spaces 361Exam Preparation Tasks 362Chapter 15 Implementing the Appropriate Incident Response 367Event Classifications 367False Positive 367False Negative 367True Positive 367True Negative 367Triage Event 367Preescalation Tasks 368Incident Response Process 368Preparation 369Training 369Testing 370Detection 370Analysis 371Containment 371Recovery 371Response 372Lessons Learned 372Specific Response Playbooks/Processes 373Scenarios 373Non-automated Response Methods 374Automated Response Methods 374Communication Plan 375Stakeholder Management 377Legal 377Human Resources 377Public Relations 378Internal and External 378Exam Preparation Tasks 379Chapter 16 Forensic Concepts 385Legal vs. Internal Corporate Purposes 385Forensic Process 385Identification 385Evidence Collection 385Evidence Preservation 388Analysis 389Verification 391Presentation 391Integrity Preservation 392Hashing 392Cryptanalysis 394Steganalysis 394Exam Preparation Tasks 394Chapter 17 Forensic Analysis Tools 399File Carving Tools 399Foremost 399Strings 400Binary Analysis Tools 401Hex Dump 401Binwalk 401Ghidra 401GNU Project Debugger (GDB) 401OllyDbg 402readelf 402objdump 402strace 402ldd 402file 403Analysis Tools 403ExifTool 403Nmap 403Aircrack-ng 403Volatility 404The Sleuth Kit 405Dynamically vs. Statically Linked 405Imaging Tools 405Forensic Toolkit (FTK) Imager 405dd 406Hashing Utilities 407sha256sum 407ssdeep 407Live Collection vs. Post-mortem Tools 407netstat 407ps 409vmstat 409ldd 410lsof 410netcat 410tcpdump 411conntrack 411Wireshark 412Exam Preparation Tasks 413Part III: Security Engineering and CryptographyChapter 18 Applying Secure Configurations to Enterprise Mobility 419Managed Configurations 419Application Control 419Password 419MFA Requirements 420Token-Based Access 421Patch Repository 422Firmware Over-the-Air 422Remote Wipe 422Wi-Fi 423Profiles 424Bluetooth 424Near-Field Communication (NFC) 424Peripherals 425Geofencing 425VPN Settings 425Geotagging 426Certificate Management 426Full Device Encryption 427Tethering 427Airplane Mode 427Location Services 427DNS over HTTPS (DoH) 428Custom DNS 428Deployment Scenarios 429Bring Your Own Device (BYOD) 429Corporate-Owned 429Corporate-Owned, Personally Enabled (COPE) 429Choose Your Own Device (CYOD) 429Implications of Wearable Devices 429Digital Forensics on Collected Data 430Unauthorized Application Stores 431Jailbreaking/Rooting 431Side Loading 431Containerization 432Original Equipment Manufacturer (OEM) and Carrier Differences 432Supply Chain Issues 432eFuse 432Exam Preparation Tasks 433Chapter 19 Configuring and Implementing Endpoint Security Controls 437Hardening Techniques 437Removing Unneeded Services 437Disabling Unused Accounts 438Images/Templates 438Removing End-of-Life Devices 438Removing End-of-Support Device 438Local Drive Encryption 439Enabling No-Execute (NX)/Execute Never (XN) Bit 439Disabling Central Processing Unit (CPU) Virtualization Support 439Secure Encrypted Enclaves 440Memory Encryption 440Shell Restrictions 441Address Space Layout Randomization (ASLR) 442Processes 442Patching 442Logging 443Monitoring 443Mandatory Access Control 444Security-Enhanced Linux (SELinux)/Security-Enhanced Android (SEAndroid) 444Kernel vs. Middleware 445Trustworthy Computing 445Trusted Platform Module (TPM) 445Secure Boot 446Unified Extensible Firmware Interface (UEFI)/Basic Input/Output System (BIOS) Protection 447Attestation Services 448Hardware Security Module (HSM) 448Measured Boot 449Self-Encrypting Drives (SEDs) 450Compensating Controls 450Antivirus 450Application Controls 451Host-Based Intrusion Detection System (HIDS)/Host-Based Intrusion Prevention System (HIPS) 451Host-Based Firewall 451Endpoint Detection and Response (EDR) 451Redundant Hardware 452Self-Healing Hardware 452User and Entity Behavior Analytics (UEBA) 452Exam Preparation Tasks 452Chapter 20 Security Considerations Impacting Specific Sectors and Operational Technologies 459Embedded 459Internet of Things (IoT) 459System on a Chip (SoC) 461Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA) 461ICS/Supervisory Control and Data Acquisition (SCADA) 462Programmable Logic Controller (PLC) 463Historian 463Ladder Logic 463Safety Instrumented System 464Heating, Ventilation, and Air Conditioning (HVAC) 464Protocols 465Controller Area Network (CAN) Bus 465Modbus 466Distributed Network Protocol 3 (DNP3) 466Zigbee 467Common Industrial Protocol (CIP) 467Data Distribution Service 468Sectors 468Energy 469Manufacturing 469Healthcare 470Public Utilities 470Public Services 470Facility Services 471Exam Preparation Tasks 472Chapter 21 Cloud Technology's Impact on Organizational Security 477Automation and Orchestration 477Encryption Configuration 477Logs 478Availability 479Collection 479Monitoring 479Configuration 480Alerting 480Monitoring Configurations 480Key Ownership and Location 481Key Life-Cycle Management 483Backup and Recovery Methods 485Cloud as Business Continuity and Disaster Recovery (BCDR) 486Primary Provider BCDR 486Alternative Provider BCDR 486Infrastructure vs. Serverless Computing 486Application Virtualization 487Software-Defined Networking 488Misconfigurations 488Collaboration Tools 488Web Conferencing 488Video Conferencing 489Audio Conferencing 491Storage and Document Collaboration Tools 491Storage Configurations 492Bit Splitting 493Data Dispersion 493Cloud Access Security Broker (CASB) 493Exam Preparation Tasks 494Chapter 22 Implementing the Appropriate PKI Solution 499PKI Hierarchy 499Registration Authority (RA) 499Certificate Authority (CA) 499Subordinate/Intermediate CA 500Certificate Types 501Wildcard Certificate 501Extended Validation 502Multidomain 502General Purpose 503Certificate Usages/Profiles/Templates 504Client Authentication 504Server Authentication 504Digital Signatures 504Code Signing 505Extensions 505Common Name (CN) 505Subject Alternate Name (SAN) 505Trusted Providers 505Trust Model 506Cross-certification 506Configure Profiles 507Life-Cycle Management 507Public and Private Keys 508Digital Signature 512Certificate Pinning 512Certificate Stapling 512Certificate Signing Requests (CSRs) 513Online Certificate Status Protocol (OCSP) vs. Certificate Revocation List (CRL) 513HTTP Strict Transport Security (HSTS) 514Exam Preparation Tasks 514Chapter 23 Implementing the Appropriate Cryptographic Protocols and Algorithms 519Hashing 519Secure Hashing Algorithm (SHA) 519Hash-Based Message Authentication Code (HMAC) 520Message Digest (MD) 521RACE Integrity Primitives Evaluation Message Digest (RIPEMD) 521Poly1305 521Symmetric Algorithms 522Modes of Operation 523Stream and Block 526Asymmetric Algorithms 528Key Agreement 529Signing 530Known Flaws/Weaknesses 531Protocols 532Secure Sockets Layer (SSL)/Transport Layer Security (TLS) 532Secure/Multipurpose Internet Mail Extensions (S/MIME) 533Internet Protocol Security (IPsec) 534Secure Shell (SSH) 534EAP 535Elliptic-Curve Cryptography 535P256/P384 535Forward Secrecy 536Authenticated Encryption with Associated Data 536Key Stretching 536Password-Based Key Derivation Function 2 (PBKDF2) 537Bcrypt 537Exam Preparation Tasks 537Implementation and Configuration Issues 542Validity Dates 542Chapter 24 Troubleshooting Issues with Cryptographic Implementations 543Wrong Certificate Type 543Revoked Certificates 543Incorrect Name 543Chain Issues 544