Cover image for CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)

CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)

Release Date: 2021/01/01
ISBN: 9781260462258
Topic:
0%
18
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Focused coverage of every topic on the current version of the CompTIA CySA+ exam

Get on the fast track to becoming CompTIA CySA+ certified with this affordable, portable study tool. Inside, cybersecurity professional Bobby Rogers guides you on your career path, providing expert tips and sound advice along the way. With an intensive focus only on what you need to know to pass CompTIA CySA+ Exam CS0-002, this certification passport is your ticket to success on exam day.

Designed for focus on key topics and exam success:

  • List of official exam objectives covered by domain
  • Exam Tip element offers expert pointers for success on the test
  • Key Term highlights specific term or acronym definitions key to passing the exam
  • Caution notes common pitfalls and real-world issues as well as warnings about the exam
  • Tables, bulleted lists, and figures throughout focus on quick reference and review
  • Cross-References point to an essential, related concept covered elsewhere in the book
  • Practice questions and content review after each objective section prepare you for exam mastery

Covers all exam topics, including:

  • Threat and vulnerability management
  • Threat data and intelligence
  • Vulnerability management, assessment tools, and mitigation
  • Software and systems security
  • Solutions for infrastructure management
  • Software and hardware assurance best practices
  • Security operations and monitoring
  • Proactive threat hunting
  • Automation concepts and technologies
  • Incident response process, procedure, and analysis
  • Compliance and assessment
  • Data privacy and protection
  • Support of organizational risk mitigation

Online content includes:

  • Customizable practice exam test engine for CS0-002
  • 200+ realistic multiple-choice and performance-based practice questions and in-depth explanations

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. 1.0 Threat and Vulnerability Management
    1. Objective 1.1 Explain the importance of threat data and intelligence
    2. Intelligence Sources
    3. Open-Source Intelligence
    4. Proprietary and Closed-Source Intelligence
    5. Timeliness
    6. Relevancy
    7. Accuracy
    8. Confidence Levels
    9. Indicator Management
    10. Structured Threat Information eXpression (STIX)
    11. Trusted Automated eXchange of Indicator Intelligence (TAXII)
    12. OpenIOC
    13. Threat Classification
    14. Known Threats vs. Unknown Threats
    15. Zero-Day Threats
    16. Advanced Persistent Threats
    17. Threat Actors
    18. Nation-States
    19. Hacktivists
    20. Organized Crime
    21. Insider Threats
    22. Intelligence Cycle
    23. Requirements
    24. Collection
    25. Analysis
    26. Dissemination
    27. Feedback
    28. Commodity Malware
    29. Information Sharing and Analysis Communities
    30. Healthcare
    31. Financial
    32. Aviation
    33. Government
    34. Critical Infrastructure
    35. REVIEW
    36. 1.1 QUESTIONS
    37. 1.1 ANSWERS
    38. Objective 1.2 Given a scenario, utilize threat intelligence to support organizational security
    39. Attack Frameworks
    40. MITRE ATT&CK
    41. The Diamond Model of Intrusion Analysis
    42. Cyber Kill Chain
    43. Threat Research
    44. Reputational
    45. Behavioral
    46. Indicators of Compromise (IOCs)
    47. Common Vulnerability Scoring System (CVSS)
    48. Threat Modeling Methodologies
    49. Common Threat Modeling Methodologies
    50. Adversary Capability
    51. Total Attack Surface
    52. Attack Vector
    53. Impact
    54. Likelihood
    55. Threat Intelligence Sharing with Supported Functions
    56. Incident Response
    57. Vulnerability Management
    58. Risk Management
    59. Security Engineering
    60. Detection and Monitoring
    61. REVIEW
    62. 1.2 QUESTIONS
    63. 1.2 ANSWERS
    64. Objective 1.3 Given a scenario, perform vulnerability management activities
    65. Vulnerability Identification
    66. Asset Criticality
    67. Active vs. Passive Scanning
    68. Mapping/Enumeration
    69. Validation
    70. True Positive
    71. False Positive
    72. True Negative
    73. False Negative
    74. Remediation/Mitigation
    75. Configuration Baseline
    76. Patching
    77. Hardening
    78. Compensating Controls
    79. Risk Acceptance
    80. Verification of Mitigation
    81. Scanning Parameters and Criteria
    82. Risks Associated with Scanning Activities
    83. Vulnerability Feed
    84. Scope
    85. Credentialed vs. Non-Credentialed
    86. Server-Based vs. Agent-Based
    87. Internal vs. External
    88. Special Considerations
    89. Inhibitors to Remediation
    90. Memorandum of Understanding (MOU)
    91. Service Level Agreement (SLA)
    92. Organizational Governance
    93. Business Process Interruption
    94. Degrading Functionality
    95. Legacy Systems
    96. Proprietary Systems
    97. REVIEW
    98. 1.3 QUESTIONS
    99. 1.3 ANSWERS
    100. Objective 1.4 Given a scenario, analyze the output from common vulnerability assessment tools
    101. Vulnerability Assessment Tools
    102. Application Tools
    103. Web Application Scanners
    104. Software Assessment Tools and Techniques
    105. Infrastructure Tools
    106. Network Enumeration
    107. Network Vulnerability Scanners
    108. Wireless Assessment
    109. Cloud Infrastructure Assessment
    110. REVIEW
    111. 1.4 QUESTIONS
    112. 1.4 ANSWERS
    113. Objective 1.5 Explain the threats and vulnerabilities associated with specialized technology
    114. Mobile Devices
    115. Mobile Device Threats and Vulnerabilities
    116. Corporate Device Considerations
    117. Mobile Device Protections
    118. Internet of Things (IoT)
    119. Embedded Devices
    120. Physical Access Controls
    121. Building Automation Systems
    122. Vehicles and Drones
    123. Industrial Control Systems
    124. Workflow and Process Automation Systems
    125. Supervisory Control and Data Acquisition (SCADA)
    126. REVIEW
    127. 1.5 QUESTIONS
    128. 1.5 ANSWERS
    129. Objective 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
    130. Cloud Service Models
    131. Software as a Service (SaaS)
    132. Platform as a Service (PaaS)
    133. Infrastructure as a Service (IaaS)
    134. Serverless Architecture and Function as a Service (FaaS)
    135. Infrastructure as Code (IaC)
    136. Cloud Deployment Models
    137. Public
    138. Private
    139. Community
    140. Hybrid
    141. Cloud Vulnerabilities
    142. Insecure Application Programming Interface (API)
    143. Improper Key Management
    144. Unprotected Storage
    145. Insufficient Logging and Monitoring
    146. Inability to Access
    147. REVIEW
    148. 1.6 QUESTIONS
    149. 1.6 ANSWERS
    150. Objective 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
    151. Vulnerabilities
    152. Improper Error Handling
    153. Dereferencing
    154. Insecure Object Reference
    155. Race Condition
    156. Broken Authentication
    157. Sensitive Data Exposure
    158. Insecure Components
    159. Insufficient Logging and Monitoring
    160. Weak or Default Configurations
    161. Use of Insecure Functions
    162. Attack Types
    163. Injection Attacks
    164. Authentication Attacks
    165. Overflow Attacks
    166. REVIEW
    167. 1.7 QUESTIONS
    168. 1.7 ANSWERS
  9. 2.0 Software and Systems Security
    1. Objective 2.1 Given a scenario, apply security solutions for infrastructure management
    2. Infrastructure Management
    3. Cloud vs. On-Premises
    4. Asset Management
    5. Segmentation
    6. Network Architecture
    7. Change Management
    8. Virtualization
    9. Containerization
    10. Identity and Access Management
    11. Authentication Methods
    12. Access Control Models
    13. Cloud Access Security Broker (CASB)
    14. Honeypot
    15. Monitoring and Logging
    16. Encryption
    17. Certificate Management
    18. Active Defense
    19. REVIEW
    20. 2.1 QUESTIONS
    21. 2.1 ANSWERS
    22. Objective 2.2 Explain software assurance best practices
    23. Platforms
    24. Mobile
    25. Web Application
    26. Client/Server
    27. Embedded Platforms
    28. Firmware
    29. System-on-Chip (SoC)
    30. Service-Oriented Architecture
    31. Security Assertions Markup Language (SAML)
    32. Simple Object Access Protocol (SOAP)
    33. Representational State Transfer (REST)
    34. Microservices
    35. Software Development Lifecycle (SDLC) Integration
    36. DevSecOps
    37. Secure Coding Best Practices
    38. Input Validation
    39. Output Encoding
    40. Session Management
    41. Authentication
    42. Data Protection
    43. Parameterized Queries
    44. Software Assessment Methods
    45. User Acceptance Testing
    46. Stress Testing
    47. Security Regression Testing
    48. Code Review
    49. Static Analysis Tools
    50. Dynamic Analysis Tools
    51. Formal Methods for Verification of Critical Software
    52. REVIEW
    53. 2.2 QUESTIONS
    54. 2.2 ANSWERS
    55. Objective 2.3 Explain hardware assurance best practices
    56. Hardware Root of Trust
    57. Trusted Platform Module (TPM)
    58. Hardware Security Module (HSM)
    59. eFuse
    60. Unified Extensible Firmware Interface (UEFI)
    61. Trusted Foundry
    62. Secure Processing
    63. Trusted Execution and Secure Enclave
    64. Processor Security Extensions
    65. Atomic Execution
    66. Bus Encryption
    67. Anti-Tamper
    68. Self-Encrypting Drive (SED)
    69. Trusted Firmware Updates
    70. Measured Boot and Attestation
    71. REVIEW
    72. 2.3 QUESTIONS
    73. 2.3 ANSWERS
  10. 3.0 Security Operations and Monitoring
    1. Objective 3.1 Given a scenario, analyze data as part of security monitoring activities
    2. Heuristics
    3. Trend Analysis
    4. Endpoint Data
    5. Known-Good vs. Anomalous Behavior Analysis
    6. Malware Analysis and Reverse Engineering
    7. Memory Analysis
    8. File System Analysis
    9. System and Application Behavior
    10. User and Entity Behavior Analytics (UEBA)
    11. Analysis of Endpoint Exploitation Techniques
    12. Network
    13. Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis
    14. Domain Generation Algorithm
    15. Flow Analysis
    16. Packet and Protocol Analysis
    17. Network-Based Malware Analysis
    18. Log Review
    19. Event Logs
    20. Syslog
    21. Firewall Logs
    22. Web Application Firewall (WAF)
    23. Proxy
    24. Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
    25. Impact Analysis
    26. Organization Impact vs. Localized Impact
    27. Immediate vs. Total
    28. Security Information and Event Management (SIEM) Review
    29. Dashboard
    30. Rule and Query Writing
    31. String Search
    32. Scripting and Piping
    33. E-mail Analysis
    34. Impersonation
    35. Malicious Payload
    36. Embedded Links
    37. Phishing
    38. Forwarding
    39. Digital Signatures
    40. Header
    41. E-mail Signature Block
    42. Domain Keys Identified Mail (DKIM)
    43. Sender Policy Framework (SPF)
    44. Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
    45. REVIEW
    46. 3.1 QUESTIONS
    47. 3.1 ANSWERS
    48. Objective 3.2 Given a scenario, implement configuration changes to existing controls to improve security
    49. Review of Control Concepts
    50. Control Categories and Functions
    51. Control Implementation and Risk
    52. Permissions
    53. Windows Permissions
    54. Linux Permissions
    55. Access Control Lists
    56. Allow Lists
    57. Deny Lists
    58. Firewalls
    59. Packet-Filtering Firewalls
    60. Circuit-Level Gateways
    61. Stateful Inspection Firewalls
    62. Application-Level Gateways
    63. Web Application Firewalls (WAFs)
    64. Next-Generation Firewalls
    65. Cloud-Based Firewalls
    66. Intrusion Prevention System (IPS) Rules
    67. Data Loss Prevention (DLP)
    68. Endpoint Detection and Response (EDR)
    69. Network Access Control (NAC)
    70. Sinkholing
    71. Malware Signatures
    72. Development/Rule Writing
    73. Sandboxing
    74. Port Security
    75. REVIEW
    76. 3.2 QUESTIONS
    77. 3.2 ANSWERS
    78. Objective 3.3 Explain the importance of proactive threat hunting
    79. Establishing a Hypothesis
    80. Profiling Threat Actors and Activities
    81. Threat Hunting Tactics
    82. Executable Process Analysis
    83. Reducing the Attack Surface Area
    84. System Level
    85. Network Level
    86. Organization Level
    87. Operating Environment
    88. Bundling Critical Assets
    89. Attack Vectors
    90. Integrated Intelligence
    91. Improving Detection Capabilities
    92. REVIEW
    93. 3.3 QUESTIONS
    94. 3.3 ANSWERS
    95. Objective 3.4 Compare and contrast automation concepts and technologies
    96. Automation Concepts
    97. Workflow Orchestration
    98. Security Orchestration, Automation, and Response (SOAR)
    99. Scripting
    100. Application Programming Interface (API) Integration
    101. Automated Malware Signature Creation
    102. Data Enrichment
    103. Threat Feed Combination
    104. Machine Learning
    105. Use of Automation Protocols and Standards
    106. Automating Software Integration, Delivery, and Deployment
    107. REVIEW
    108. 3.4 QUESTIONS
    109. 3.4 ANSWERS
  11. 4.0 Incident Response
    1. Objective 4.1 Explain the importance of the incident response process
    2. Critical Incident Response Processes
    3. Communications Plan
    4. Response Coordination with Relevant Entities
    5. Factors Contributing to Data Criticality
    6. REVIEW
    7. 4.1 QUESTIONS
    8. 4.1 ANSWERS
    9. Objective 4.2 Given a scenario, apply the appropriate incident response procedure
    10. Incident Response Procedures
    11. Preparation
    12. Detection and Analysis
    13. Containment
    14. Eradication and Recovery
    15. Post-Incident Activities
    16. REVIEW
    17. 4.2 QUESTIONS
    18. 4.2 ANSWERS
    19. Objective 4.3 Given an incident, analyze potential indicators of compromise
    20. Analyzing Indicators of Compromise
    21. Network-Related IOCs
    22. Host-Related IOCs
    23. Application-Related IOCs
    24. REVIEW
    25. 4.3 QUESTIONS
    26. 4.3 ANSWERS
    27. Objective 4.4 Given a scenario, utilize basic digital forensics techniques
    28. Forensics Considerations
    29. Forensics Foundations
    30. Network
    31. Endpoint Forensics Considerations
    32. Mobile Forensics
    33. Cloud Forensics
    34. Virtualization Forensics
    35. Key Forensic Procedures
    36. REVIEW
    37. 4.4 QUESTIONS
    38. 4.4 ANSWERS
  12. 5.0 Compliance and Assessment
    1. Objective 5.1 Understand the importance of data privacy and protection
    2. Privacy vs. Security
    3. Nontechnical Controls
    4. Technical Controls
    5. REVIEW
    6. 5.1 QUESTIONS
    7. 5.1 ANSWERS
    8. Objective 5.2 Given a scenario, apply security concepts in support of organizational risk mitigation
    9. Organizational Risk Mitigation
    10. Business Impact Analysis (BIA)
    11. Risk Identification Process
    12. Risk Calculation
    13. Communication of Risk Factors
    14. Risk Prioritization
    15. Systems Assessment
    16. Documented Compensating Controls
    17. Training and Exercises
    18. Supply Chain Assessment
    19. REVIEW
    20. 5.2 QUESTIONS
    21. 5.2 ANSWERS
    22. Objective 5.3 Explain the importance of frameworks, policies, procedures, and controls
    23. Organizational Governance Flow
    24. Frameworks
    25. Policies and Procedures
    26. Control Categories
    27. Control Types
    28. Audits and Assessments
    29. REVIEW
    30. 5.3 QUESTIONS
    31. 5.3 ANSWERS
  13. A About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
    3. Privacy Notice
    4. Single User License Terms and Conditions
    5. TotalTester Online
    6. Performance-Based Questions
    7. Technical Support
  14. Glossary
  15. Index
18.226.150.175