Book Description
Prepare for the CompTIA CySA+ certification exam with this fully updated self-study resource
This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You’ll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the actual test in content, format, and tone. Designed to help you pass the CS0-002 exam with ease, this definitive guide also serves as an essential on-the-job reference.
Covers all exam topics, including:
- Threat and vulnerability management
- Threat data and intelligence
- Vulnerability management, assessment tools, and mitigation
- Software and systems security
- Solutions for infrastructure management
- Software and hardware assurance best practices
- Security operations and monitoring
- Proactive threat hunting
- Automation concepts and technologies
- Incident response process, procedure, and analysis
- Compliance and assessment
- Data privacy and protection
- Support of organizational risk mitigation
Online content includes:
- 200+ practice questions
- Interactive performance-based questions
- Test engine that provides full-length practice exams and customizable quizzes by exam objective
Table of Contents
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents
- Acknowledgments
- Introduction
- Part I Threat and Vulnerability Management
- Chapter 1 The Importance of Threat Data and Intelligence
- Foundations of Intelligence
- Intelligence Sources
- Open Source Intelligence
- Proprietary/Closed Source Intelligence
- Characteristics of Intelligence Source Data
- Confidence Levels
- Indicator Management
- Indicator Lifecycle
- Structured Threat Information Expression
- Trusted Automated Exchange of Indicator Information
- OpenIOC
- Threat Classification
- Known Threats vs. Unknown Threats
- Zero Day
- Advanced Persistent Threat
- Threat Actors
- Nation-State Threat Actors
- Hacktivists
- Organized Crime
- Insider Threat Actors
- Intelligence Cycle
- Requirements
- Collection
- Analysis
- Dissemination
- Feedback
- Commodity Malware
- Information Sharing and Analysis Communities
- Chapter Review
- Questions
- Answers
- Chapter 2 Threat Intelligence in Support of Organizational Security
- Levels of Intelligence
- Attack Frameworks
- MITRE ATT&CK
- The Diamond Model of Intrusion Analysis
- Kill Chain
- Threat Research
- Reputational
- Behavioral
- Indicator of Compromise
- Common Vulnerability Scoring System
- Threat Modeling Methodologies
- Adversary Capability
- Total Attack Surface
- Attack Vector
- Impact
- Likelihood
- STRIDE
- PASTA
- Threat Intelligence Sharing with Supported Functions
- Incident Response
- Vulnerability Management
- Risk Management
- Security Engineering
- Detection and Monitoring
- Chapter Review
- Questions
- Answers
- Chapter 3 Vulnerability Management Activities
- Vulnerability Identification
- Regulatory Environments
- Corporate Security Policy
- Data Classification
- Asset Inventory
- Active vs. Passive Scanning
- Scanning Parameters and Criteria
- Risks Associated with Scanning Activities
- Regulatory Requirements
- Technical Constraints
- Workflow
- Sensitivity Levels
- Vulnerability Feed
- Scope
- Noncredentialed vs. Credentialed
- Server Based vs. Agent Based
- Internal vs. External
- Types of Data
- Tool Updates and Plug-Ins
- SCAP
- Special Considerations
- Intrusion Prevention System, Intrusion Detection System, and Firewall Settings
- Generating Reports
- Automated vs. Manual Distribution
- Validation
- True Positives
- False Positives
- True Negatives
- False Negatives
- Remediation
- Patching
- Prioritizing
- Hardening
- Compensating Controls
- Risk Acceptance
- Verification of Mitigation
- Inhibitors to Remediation
- Memorandum of Understanding
- Service Level Agreement
- Organizational Governance
- Business Process Interruption
- Degrading Functionality
- Legacy and Proprietary Systems
- Ongoing Scanning and Continuous Monitoring
- Chapter Review
- Questions
- Answers
- Chapter 4 Vulnerability Assessment Tools
- Web Application Scanners
- OWASP Zed Attack Proxy
- Burp Suite
- Nikto
- Arachni
- Infrastructure Vulnerability Scanners
- Nessus
- OpenVAS
- Qualys
- Software Assessment Tools and Techniques
- Static Analysis
- Dynamic Analysis
- Reverse Engineering
- Fuzzing
- Enumeration Tools and Techniques
- nmap
- hping
- Passive vs. Active Enumeration Techniques
- responder
- Wireless Assessment Tools
- Aircrack-ng
- Reaver
- oclHashcat
- Cloud Infrastructure Assessment Tools
- Scout Suite
- Prowler
- Pacu
- Chapter Review
- Questions
- Answers
- Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology
- Access Points
- Virtual Private Networks
- Mobile Devices
- Network Vulnerabilities
- Device Vulnerabilities
- Operating System Vulnerabilities
- App Vulnerabilities
- Internet of Things
- The Mirai Botnet
- Embedded Systems
- Real-Time Operating Systems
- System on a Chip
- Field Programmable Gate Array
- Physical Access Control
- Connected Vehicles
- CAN Bus
- Drones
- Hardware Security
- Communications Channels Security
- Web Portal Security
- Industrial Control Systems
- SCADA Devices
- Modbus
- Process Automation Systems
- Chapter Review
- Questions
- Answers
- Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud
- Cloud Service Models
- Shared Responsibility Model
- Software as a Service
- Platform as a Service
- Infrastructure as a Service
- Cloud Deployment Models
- Public
- Private
- Community
- Hybrid
- Serverless Architecture
- Function as a Service
- Infrastructure as Code
- Insecure Application Programming Interface
- Broken Object Level Authorization
- Broken User Authentication
- Excessive Data Exposure
- Lack of Resources and Rate Limiting
- Broken Function Level Authorization
- Mass Assignment
- Security Misconfiguration
- Injection
- Improper Asset Management
- Insufficient Logging and Monitoring
- Improper Key Management
- Unprotected Storage
- Logging and Monitoring
- Chapter Review
- Questions
- Answers
- Chapter 7 Mitigating Controls for Attacks and Software Vulnerabilities
- Attack Types
- Injection Attacks
- Buffer Overflow Attacks
- Privilege Escalation
- Authentication Attacks
- Rootkits
- Vulnerabilities
- Improper Error Handling
- Dereferencing
- Insecure Object Reference
- Race Condition
- Sensitive Data Exposure
- Insecure Components
- Insufficient Logging and Monitoring
- Weak or Default Configurations
- Use of Insecure Functions
- Chapter Review
- Questions
- Answers
- Part II Software and Systems Security
- Chapter 8 Security Solutions for Infrastructure Management
- Cloud vs. On-Premises Solutions
- Network Architecture
- Physical Network
- Software-Defined Network
- Virtual Private Cloud Network
- Virtual Private Network
- Serverless Network
- Virtualization
- Hypervisors
- Virtual Desktop Infrastructure
- Containerization
- Network Segmentation
- Virtual Local Area Networks
- Physical Segmentation
- Jump Boxes
- System Isolation
- Honeypots and Honeynets
- Asset Management
- Asset Inventory
- Asset Tagging
- Change Management
- Identity and Access Management
- Privilege Management
- Multifactor Authentication
- Single Sign-On
- Identity Federation
- Role-Based Access Control
- Attribute-Based Access Control
- Mandatory Access Control
- Manual Review
- Cloud Access Security Broker
- Monitoring and Logging
- Encryption
- Symmetric Cryptography
- Asymmetric Cryptography
- Symmetric vs. Asymmetric Cryptography
- Certificate Management
- Active Defense
- Chapter Review
- Questions
- Answers
- Chapter 9 Software Assurance Best Practices
- Platforms and Software Architectures
- Client/Server
- Web Application
- Mobile
- Embedded
- System on a Chip
- Firmware
- Service-Oriented Architecture
- Simple Object Access Protocol
- Representational State Transfer
- Microservices
- Security Assertions Markup Language
- The Software Development Lifecycle
- Requirements
- Development
- Implementation
- Operation and Maintenance
- DevOps and DevSecOps
- Software Assessment Methods
- User Acceptance Testing
- Stress Testing
- Security Regression Testing
- Code Reviews
- Static Analysis Tools
- Dynamic Analysis Tools
- Formal Methods of Verifying Critical Software
- Secure Coding Best Practices
- Input Validation
- Output Encoding
- Session Management
- Authentication
- Data Protection
- Parameterized Queries
- Chapter Review
- Questions
- Answers
- Chapter 10 Hardware Assurance Best Practices
- Hardware Root of Trust
- Trusted Platform Module
- Hardware Security Module
- eFuse
- Firmware
- Unified Extensible Firmware Interface
- Measured Boot and Attestation
- Trusted Firmware Updates
- Self-Encrypting Drive
- Bus Encryption
- Secure Processing
- Trusted Execution Environment
- Processor Security Extensions
- Atomic Execution
- Trusted Foundry
- Anti-Tamper Techniques
- Chapter Review
- Questions
- Answers
- Part III Security Operations and Monitoring
- Chapter 11 Data Analysis in Security Monitoring Activities
- Security Data Analytics
- Data Aggregation and Correlation
- Data Analysis
- Trend Analysis
- Historical Analysis
- Behavioral Analysis
- Heuristics
- Anomaly Analysis
- Endpoint Security
- Malware
- Detect and Block
- Fileless Malware
- Sandbox
- Cloud-Connected Protection
- User and Entity Behavior Analytics
- Network
- Domain Name System Analysis
- Domain Generation Algorithms
- Flow Analysis
- Packet Analysis
- Malware
- Log Review
- Packet Captures
- System Logs
- Firewall Logs
- Intrusion Detection/Prevention Systems
- Authentication Logs
- Impact Analysis
- Availability Analysis
- Security Information and Event Management Review
- Query Writing
- E-mail Analysis
- Malicious Payload
- DomainKeys Identified Mail
- Sender Policy Framework
- Domain-Based Message Authentication, Reporting, and Conformance
- Header
- Phishing
- Forwarding
- Digital Signatures and Encryption
- Embedded Links
- Impersonation
- Chapter Review
- Questions
- Answers
- Chapter 12 Implement Configuration Changes to Existing Controls to Improve Security
- Permissions
- Users
- Groups
- Blacklisting
- Whitelisting
- Firewalls
- Web Proxies
- Web Application Firewalls
- Operating System Firewalls
- Intrusion Prevention System Rules
- Snort Rule Building
- Zeek Logs
- Suricata Rule-Building
- Host-Based Intrusion Prevention Systems
- Data Loss Prevention
- Endpoint Detection and Response
- Network Access Control
- Time-Based Solution
- Rule-Based Solution
- Role-Based Solution
- Location-Based Solution
- Sinkholing
- Malware Signatures
- Sandboxing
- Port Security
- Chapter Review
- Questions
- Answers
- Chapter 13 The Importance of Proactive Threat Hunting
- Establishing a Hypothesis
- Profiling Threat Actors and Activities
- Threat-Hunting Tactics
- High-Impact TTPs
- Delivering Results
- Documenting the Process
- Reducing the Attack Surface Area and Bundling Critical Assets
- Attack Vectors
- Integrated Intelligence
- Improving Detection Capabilities
- Chapter Review
- Questions
- Answers
- Chapter 14 Automation Concepts and Technologies
- Workflow Orchestration
- Security Orchestration, Automation, and Response Platforms
- Orchestration Playbooks
- Data Enrichment
- Scripting
- Python Scripting
- PowerShell Scripting
- Application Programming Interface Integration
- Representational State Transfer
- Automating API Calls
- Automated Malware Signature Creation
- Threat Feed Combination
- Machine Learning
- Use of Automation Protocols and Standards
- Security Content Automation Protocol
- Software Engineering
- Continuous Integration
- Continuous Delivery
- Continuous Deployment
- Chapter Review
- Questions
- Answers
- Part IV Incident Response
- Chapter 15 The Importance of the Incident Response Process
- Establishing a Communication Process
- Internal Communications
- External Communications
- Response Coordination with Relevant Entities
- Factors Contributing to Data Criticality
- Personally Identifiable Information
- Personal Health Information
- High-Value Assets
- Payment Card Information
- Intellectual Property
- Corporate Confidential Information
- Chapter Review
- Questions
- Answers
- Chapter 16 Appropriate Incident Response Procedures
- Preparation
- Training
- Testing
- Documentation
- Detection and Analysis
- Characteristics of Severity Level Classification
- Reverse Engineering
- Containment
- Segmentation
- Isolation
- Removal
- Eradication and Recovery
- Vulnerability Mitigation
- Sanitization
- Reconstruction
- Secure Disposal
- Patching
- Restoration of Permissions
- Restoration of Services and Verification of Logging
- Post-Incident Activities
- Lessons-Learned Report
- Change Control Process
- Updates to Response Plan
- Summary Report
- Indicator of Compromise Generation
- Monitoring
- Chapter Review
- Questions
- Answers
- Chapter 17 Analyze Potential Indicators of Compromise
- Network-Related Indicators
- Bandwidth Utilization
- Beaconing
- Irregular Peer-to-Peer Communication
- Rogue Devices on the Network
- Scan Sweeps
- Common Protocol over a Nonstandard Port
- Host-Related Indicators
- Capacity Consumption
- Unauthorized Software
- Malicious Processes
- Memory Contents
- Unauthorized Changes
- Unauthorized Privileges
- Data Exfiltration
- Registry Change or Anomaly
- Unauthorized Scheduled Task
- Application-Related Indicators
- Anomalous Activity
- Introduction of New Accounts
- Unexpected Output
- Unexpected Outbound Communication
- Service Interruption
- Memory Overflows
- Application Logs
- Chapter Review
- Questions
- Answers
- Chapter 18 Utilize Basic Digital Forensics Techniques
- Phases of an Investigation
- Seizure
- Data Acquisition
- Analysis
- Reporting
- Network
- Network Tap
- Hub
- Switches
- Wireshark/TShark
- tcpdump
- Endpoints
- Servers
- OS and Process Analysis
- Mobile Device Forensics
- Virtualization and the Cloud
- Procedures
- Building Your Forensic Kit
- Cryptography Tools
- Acquisition Utilities
- Forensic Duplicators
- Password Crackers
- Hashing Utilities
- Forensic Suites
- File Carving
- Chapter Review
- Questions
- Answers
- Part V Compliance and Assessment
- Chapter 19 The Importance of Data Privacy and Protection
- Privacy vs. Security
- Types of Data
- Legal Requirements for Data
- Nontechnical Controls
- Data Ownership
- Data Classification
- Data Confidentiality
- Data Sovereignty
- Data Minimization
- Data Purpose Limitation
- Data Retention
- Technical Controls
- Access Controls
- Encryption
- Sharing Data While Preserving Privacy
- Digital Rights Management
- Data Loss Prevention
- Chapter Review
- Questions
- Answers
- Chapter 20 Security Concepts in Support of Organizational Risk Mitigation
- Business Impact Analysis
- Risk Assessment
- Risk Identification Process
- Risk Calculation
- Communication of Risk Factors
- Risk Prioritization
- Security Controls
- Engineering Tradeoffs
- Documented Compensating Controls
- Systems Assessment
- Supply Chain Risk Assessment
- Vendor Due Diligence
- Hardware Source Authenticity
- Training and Exercises
- Types of Exercises
- Red Team
- Blue Team
- White Team
- Chapter Review
- Questions
- Answers
- Chapter 21 The Importance of Frameworks, Policies, Procedures, and Controls
- Security Frameworks
- NIST
- ISO/IEC 27000 Series
- Center for Internet Security Controls
- Policies and Procedures
- Ethics and Codes of Conduct
- Acceptable Use Policy
- Password Policy
- Data Ownership
- Data Retention
- Work Product Retention
- Account Management
- Continuous Monitoring
- Control Types
- Audits and Assessments
- Standards Compliance
- Regulatory Compliance
- Chapter Review
- Questions
- Answers
- Part VI Appendixes and Glossary
- Appendix A Objective Map
- Appendix B About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Privacy Notice
- Single User License Terms and Conditions
- TotalTester Online
- Performance-Based Questions
- Technical Support
- Glossary
- Index