Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Brent Chapman, Fernando Maymi
CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002), 2nd Edition
Cover
Title Page
Copyright Page
Dedication
Contents
Acknowledgments
Introduction
Part I Threat and Vulnerability Management
Chapter 1 The Importance of Threat Data and Intelligence
Foundations of Intelligence
Intelligence Sources
Open Source Intelligence
Proprietary/Closed Source Intelligence
Characteristics of Intelligence Source Data
Confidence Levels
Indicator Management
Indicator Lifecycle
Structured Threat Information Expression
Trusted Automated Exchange of Indicator Information
OpenIOC
Threat Classification
Known Threats vs. Unknown Threats
Zero Day
Advanced Persistent Threat
Threat Actors
Nation-State Threat Actors
Hacktivists
Organized Crime
Insider Threat Actors
Intelligence Cycle
Requirements
Collection
Analysis
Dissemination
Feedback
Commodity Malware
Information Sharing and Analysis Communities
Chapter Review
Questions
Answers
Chapter 2 Threat Intelligence in Support of Organizational Security
Levels of Intelligence
Attack Frameworks
MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Kill Chain
Threat Research
Reputational
Behavioral
Indicator of Compromise
Common Vulnerability Scoring System
Threat Modeling Methodologies
Adversary Capability
Total Attack Surface
Attack Vector
Impact
Likelihood
STRIDE
PASTA
Threat Intelligence Sharing with Supported Functions
Incident Response
Vulnerability Management
Risk Management
Security Engineering
Detection and Monitoring
Chapter Review
Questions
Answers
Chapter 3 Vulnerability Management Activities
Vulnerability Identification
Regulatory Environments
Corporate Security Policy
Data Classification
Asset Inventory
Active vs. Passive Scanning
Scanning Parameters and Criteria
Risks Associated with Scanning Activities
Regulatory Requirements
Technical Constraints
Workflow
Sensitivity Levels
Vulnerability Feed
Scope
Noncredentialed vs. Credentialed
Server Based vs. Agent Based
Internal vs. External
Types of Data
Tool Updates and Plug-Ins
SCAP
Special Considerations
Intrusion Prevention System, Intrusion Detection System, and Firewall Settings
Generating Reports
Automated vs. Manual Distribution
Validation
True Positives
False Positives
True Negatives
False Negatives
Remediation
Patching
Prioritizing
Hardening
Compensating Controls
Risk Acceptance
Verification of Mitigation
Inhibitors to Remediation
Memorandum of Understanding
Service Level Agreement
Organizational Governance
Business Process Interruption
Degrading Functionality
Legacy and Proprietary Systems
Ongoing Scanning and Continuous Monitoring
Chapter Review
Questions
Answers
Chapter 4 Vulnerability Assessment Tools
Web Application Scanners
OWASP Zed Attack Proxy
Burp Suite
Nikto
Arachni
Infrastructure Vulnerability Scanners
Nessus
OpenVAS
Qualys
Software Assessment Tools and Techniques
Static Analysis
Dynamic Analysis
Reverse Engineering
Fuzzing
Enumeration Tools and Techniques
nmap
hping
Passive vs. Active Enumeration Techniques
responder
Wireless Assessment Tools
Aircrack-ng
Reaver
oclHashcat
Cloud Infrastructure Assessment Tools
Scout Suite
Prowler
Pacu
Chapter Review
Questions
Answers
Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology
Access Points
Virtual Private Networks
Mobile Devices
Network Vulnerabilities
Device Vulnerabilities
Operating System Vulnerabilities
App Vulnerabilities
Internet of Things
The Mirai Botnet
Embedded Systems
Real-Time Operating Systems
System on a Chip
Field Programmable Gate Array
Physical Access Control
Connected Vehicles
CAN Bus
Drones
Hardware Security
Communications Channels Security
Web Portal Security
Industrial Control Systems
SCADA Devices
Modbus
Process Automation Systems
Chapter Review
Questions
Answers
Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud
Cloud Service Models
Shared Responsibility Model
Software as a Service
Platform as a Service
Infrastructure as a Service
Cloud Deployment Models
Public
Private
Community
Hybrid
Serverless Architecture
Function as a Service
Infrastructure as Code
Insecure Application Programming Interface
Broken Object Level Authorization
Broken User Authentication
Excessive Data Exposure
Lack of Resources and Rate Limiting
Broken Function Level Authorization
Mass Assignment
Security Misconfiguration
Injection
Improper Asset Management
Insufficient Logging and Monitoring
Improper Key Management
Unprotected Storage
Logging and Monitoring
Chapter Review
Questions
Answers
Chapter 7 Mitigating Controls for Attacks and Software Vulnerabilities
Attack Types
Injection Attacks
Buffer Overflow Attacks
Privilege Escalation
Authentication Attacks
Rootkits
Vulnerabilities
Improper Error Handling
Dereferencing
Insecure Object Reference
Race Condition
Sensitive Data Exposure
Insecure Components
Insufficient Logging and Monitoring
Weak or Default Configurations
Use of Insecure Functions
Chapter Review
Questions
Answers
Part II Software and Systems Security
Chapter 8 Security Solutions for Infrastructure Management
Cloud vs. On-Premises Solutions
Network Architecture
Physical Network
Software-Defined Network
Virtual Private Cloud Network
Virtual Private Network
Serverless Network
Virtualization
Hypervisors
Virtual Desktop Infrastructure
Containerization
Network Segmentation
Virtual Local Area Networks
Physical Segmentation
Jump Boxes
System Isolation
Honeypots and Honeynets
Asset Management
Asset Inventory
Asset Tagging
Change Management
Identity and Access Management
Privilege Management
Multifactor Authentication
Single Sign-On
Identity Federation
Role-Based Access Control
Attribute-Based Access Control
Mandatory Access Control
Manual Review
Cloud Access Security Broker
Monitoring and Logging
Encryption
Symmetric Cryptography
Asymmetric Cryptography
Symmetric vs. Asymmetric Cryptography
Certificate Management
Active Defense
Chapter Review
Questions
Answers
Chapter 9 Software Assurance Best Practices
Platforms and Software Architectures
Client/Server
Web Application
Mobile
Embedded
System on a Chip
Firmware
Service-Oriented Architecture
Simple Object Access Protocol
Representational State Transfer
Microservices
Security Assertions Markup Language
The Software Development Lifecycle
Requirements
Development
Implementation
Operation and Maintenance
DevOps and DevSecOps
Software Assessment Methods
User Acceptance Testing
Stress Testing
Security Regression Testing
Code Reviews
Static Analysis Tools
Dynamic Analysis Tools
Formal Methods of Verifying Critical Software
Secure Coding Best Practices
Input Validation
Output Encoding
Session Management
Authentication
Data Protection
Parameterized Queries
Chapter Review
Questions
Answers
Chapter 10 Hardware Assurance Best Practices
Hardware Root of Trust
Trusted Platform Module
Hardware Security Module
eFuse
Firmware
Unified Extensible Firmware Interface
Measured Boot and Attestation
Trusted Firmware Updates
Self-Encrypting Drive
Bus Encryption
Secure Processing
Trusted Execution Environment
Processor Security Extensions
Atomic Execution
Trusted Foundry
Anti-Tamper Techniques
Chapter Review
Questions
Answers
Part III Security Operations and Monitoring
Chapter 11 Data Analysis in Security Monitoring Activities
Security Data Analytics
Data Aggregation and Correlation
Data Analysis
Trend Analysis
Historical Analysis
Behavioral Analysis
Heuristics
Anomaly Analysis
Endpoint Security
Malware
Detect and Block
Fileless Malware
Sandbox
Cloud-Connected Protection
User and Entity Behavior Analytics
Network
Domain Name System Analysis
Domain Generation Algorithms
Flow Analysis
Packet Analysis
Malware
Log Review
Packet Captures
System Logs
Firewall Logs
Intrusion Detection/Prevention Systems
Authentication Logs
Impact Analysis
Availability Analysis
Security Information and Event Management Review
Query Writing
E-mail Analysis
Malicious Payload
DomainKeys Identified Mail
Sender Policy Framework
Domain-Based Message Authentication, Reporting, and Conformance
Header
Phishing
Forwarding
Digital Signatures and Encryption
Embedded Links
Impersonation
Chapter Review
Questions
Answers
Chapter 12 Implement Configuration Changes to Existing Controls to Improve Security
Permissions
Users
Groups
Blacklisting
Whitelisting
Firewalls
Web Proxies
Web Application Firewalls
Operating System Firewalls
Intrusion Prevention System Rules
Snort Rule Building
Zeek Logs
Suricata Rule-Building
Host-Based Intrusion Prevention Systems
Data Loss Prevention
Endpoint Detection and Response
Network Access Control
Time-Based Solution
Rule-Based Solution
Role-Based Solution
Location-Based Solution
Sinkholing
Malware Signatures
Sandboxing
Port Security
Chapter Review
Questions
Answers
Chapter 13 The Importance of Proactive Threat Hunting
Establishing a Hypothesis
Profiling Threat Actors and Activities
Threat-Hunting Tactics
High-Impact TTPs
Delivering Results
Documenting the Process
Reducing the Attack Surface Area and Bundling Critical Assets
Attack Vectors
Integrated Intelligence
Improving Detection Capabilities
Chapter Review
Questions
Answers
Chapter 14 Automation Concepts and Technologies
Workflow Orchestration
Security Orchestration, Automation, and Response Platforms
Orchestration Playbooks
Data Enrichment
Scripting
Python Scripting
PowerShell Scripting
Application Programming Interface Integration
Representational State Transfer
Automating API Calls
Automated Malware Signature Creation
Threat Feed Combination
Machine Learning
Use of Automation Protocols and Standards
Security Content Automation Protocol
Software Engineering
Continuous Integration
Continuous Delivery
Continuous Deployment
Chapter Review
Questions
Answers
Part IV Incident Response
Chapter 15 The Importance of the Incident Response Process
Establishing a Communication Process
Internal Communications
External Communications
Response Coordination with Relevant Entities
Factors Contributing to Data Criticality
Personally Identifiable Information
Personal Health Information
High-Value Assets
Payment Card Information
Intellectual Property
Corporate Confidential Information
Chapter Review
Questions
Answers
Chapter 16 Appropriate Incident Response Procedures
Preparation
Training
Testing
Documentation
Detection and Analysis
Characteristics of Severity Level Classification
Reverse Engineering
Containment
Segmentation
Isolation
Removal
Eradication and Recovery
Vulnerability Mitigation
Sanitization
Reconstruction
Secure Disposal
Patching
Restoration of Permissions
Restoration of Services and Verification of Logging
Post-Incident Activities
Lessons-Learned Report
Change Control Process
Updates to Response Plan
Summary Report
Indicator of Compromise Generation
Monitoring
Chapter Review
Questions
Answers
Chapter 17 Analyze Potential Indicators of Compromise
Network-Related Indicators
Bandwidth Utilization
Beaconing
Irregular Peer-to-Peer Communication
Rogue Devices on the Network
Scan Sweeps
Common Protocol over a Nonstandard Port
Host-Related Indicators
Capacity Consumption
Unauthorized Software
Malicious Processes
Memory Contents
Unauthorized Changes
Unauthorized Privileges
Data Exfiltration
Registry Change or Anomaly
Unauthorized Scheduled Task
Application-Related Indicators
Anomalous Activity
Introduction of New Accounts
Unexpected Output
Unexpected Outbound Communication
Service Interruption
Memory Overflows
Application Logs
Chapter Review
Questions
Answers
Chapter 18 Utilize Basic Digital Forensics Techniques
Phases of an Investigation
Seizure
Data Acquisition
Analysis
Reporting
Network
Network Tap
Hub
Switches
Wireshark/TShark
tcpdump
Endpoints
Servers
OS and Process Analysis
Mobile Device Forensics
Virtualization and the Cloud
Procedures
Building Your Forensic Kit
Cryptography Tools
Acquisition Utilities
Forensic Duplicators
Password Crackers
Hashing Utilities
Forensic Suites
File Carving
Chapter Review
Questions
Answers
Part V Compliance and Assessment
Chapter 19 The Importance of Data Privacy and Protection
Privacy vs. Security
Types of Data
Legal Requirements for Data
Nontechnical Controls
Data Ownership
Data Classification
Data Confidentiality
Data Sovereignty
Data Minimization
Data Purpose Limitation
Data Retention
Technical Controls
Access Controls
Encryption
Sharing Data While Preserving Privacy
Digital Rights Management
Data Loss Prevention
Chapter Review
Questions
Answers
Chapter 20 Security Concepts in Support of Organizational Risk Mitigation
Business Impact Analysis
Risk Assessment
Risk Identification Process
Risk Calculation
Communication of Risk Factors
Risk Prioritization
Security Controls
Engineering Tradeoffs
Documented Compensating Controls
Systems Assessment
Supply Chain Risk Assessment
Vendor Due Diligence
Hardware Source Authenticity
Training and Exercises
Types of Exercises
Red Team
Blue Team
White Team
Chapter Review
Questions
Answers
Chapter 21 The Importance of Frameworks, Policies, Procedures, and Controls
Security Frameworks
NIST
ISO/IEC 27000 Series
Center for Internet Security Controls
Policies and Procedures
Ethics and Codes of Conduct
Acceptable Use Policy
Password Policy
Data Ownership
Data Retention
Work Product Retention
Account Management
Continuous Monitoring
Control Types
Audits and Assessments
Standards Compliance
Regulatory Compliance
Chapter Review
Questions
Answers
Part VI Appendixes and Glossary
Appendix A Objective Map
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Performance-Based Questions
Technical Support
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
CompTIA CySA+™ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002)
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset