CompTIA CySA+ Study Guide
Description
In the newly revised third edition of CompTIA CySA+ Study Guide: Exam CS0-003, a team of leading security experts and tech educators delivers comprehensive and accurate coverage of every topic and domain covered on the certification exam. You'll find clear and concise information on critical security topics presented by way of practical, real-world examples, chapter reviews, and exam highlights.
Prepare for the test and for a new role in cybersecurity with the book's useful study tools, including:
* Hands-on lab exercises and an opportunity to create your own cybersecurity toolkit
* Authoritative discussions of each exam competency, including security operations, vulnerability management, incident response and management, and reporting and communication
* Complimentary access to Sybex's proven library of digital resources, including an online test bank, bonus questions, flashcards, and glossary, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions
Reduce test anxiety and get a head-start learning the on-the-job skills you'll need on your first day in a cybersecurity career. Or augment your existing CompTIA Security+ certification with an impressive new credential. Fully updated for the newly released CS0-003 exam, CompTIA CySA+ Study Guide: Exam CS0-003, Third Edition is an essential resource for test takers and cybersecurity professionals alike.
More details
Other editions
Additional editions
Previous edition
Persons
MIKE CHAPPLE, PhD, Security+, CySA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US(Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com.
DAVID SEIDL, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.
Content
Assessment Test xxxv
Domain I Security Operations 1
Chapter 1 Today's Cybersecurity Analyst 3
Chapter 2 System and Network Architecture 37
Chapter 3 Malicious Activity 77
Chapter 4 Threat Intelligence 135
Chapter 5 Reconnaissance and Intelligence Gathering 159
Domain II Vulnerability Management 201
Chapter 6 Designing a Vulnerability Management Program 203
Chapter 7 Analyzing Vulnerability Scans 245
Chapter 8 Responding to Vulnerabilities 293
Domain III Incident Response and Management 341
Chapter 9 Building an Incident Response Program 343
Chapter 10 Incident Detection and Analysis 377
Chapter 11 Containment, Eradication, and Recovery 397
Domain IV Reporting and Communication 421
Chapter 12 Reporting and Communication 423
Chapter 13 Performing Forensic Analysis and Techniques for Incident Response 447
Appendix Answers to Review Questions 489
Index 513
Introduction
CompTIA® CySA+ (Cybersecurity Analyst) Study Guide: Exam CS0-003, Third Edition, provides accessible explanations and real-world knowledge about the exam objectives that make up the Cybersecurity Analyst+ certification. This book will help you to assess your knowledge before taking the exam, as well as provide a stepping-stone to further learning in areas where you may want to expand your skillset or expertise.
Before you tackle the CySA+ exam, you should already be a security practitioner. CompTIA suggests that test takers have about four years of existing hands-on information security experience. You should also be familiar with at least some of the tools and techniques described in this book. You don't need to know every tool, but understanding how to approach a new scenario, tool, or technology that you may not know using existing experience is critical to passing the CySA+ exam.
For up-to-the-minute updates covering additions or modifications to the CompTIA certification exams, as well as additional study tools, videos, practice questions, and bonus material, be sure to visit the Sybex website and forum at www.sybex.com.
CompTIA
CompTIA is a nonprofit trade organization that offers certification in a variety of IT areas, ranging from the skills that a PC support technician needs, which are covered in the A+ exam, to advanced certifications like the CompTIA Advanced Security Practitioner (CASP+) certification.
CompTIA recommends that practitioners follow a cybersecurity career path as shown here:
The Cybersecurity Analyst+ exam is a more advanced exam, intended for professionals with hands-on experience and who possess the knowledge covered by the prior exams.
CompTIA certifications are ISO and ANSI accredited, and they are used throughout multiple industries as a measure of technical skill and knowledge. In addition, CompTIA certifications, including the CySA+, the Security+, and the CASP+ certifications, have been approved by the U.S. government as Information Assurance baseline certifications and are included in the State Department's Skills Incentive Program.
The Cybersecurity Analyst+ Exam
The Cybersecurity Analyst+ exam, which CompTIA refers to as CySA+, is designed to be a vendor-neutral certification for cybersecurity, threat, and vulnerability analysts. The CySA+ certification is designed for security analysts and engineers as well as security operations center (SOC) staff, vulnerability analysts, and threat intelligence analysts. It focuses on security analytics and practical use of security tools in real-world scenarios. It covers four major domains: Security Operations, Vulnerability Management, Incident Response and Management, and Reporting and Communications. These four areas include a range of topics, from reconnaissance to incident response and forensics, while focusing heavily on scenario-based learning.
The CySA+ exam fits between the entry-level Security+ exam and the CompTIA Advanced Security Practitioner (CASP+) certification, providing a mid-career certification for those who are seeking the next step in their certification and career path.
The CySA+ exam is conducted in a format that CompTIA calls "performance-based assessment." This means that the exam employs hands-on simulations using actual security tools and scenarios to perform tasks that match those found in the daily work of a security practitioner. Exam questions may include multiple types of questions such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.
CompTIA recommends that test takers have four years of information security-related experience before taking this exam. The exam costs $392 at the time this book was written in the United States, with roughly equivalent prices in other locations around the globe. More details about the CySA+ exam and how to take it can be found at www.comptia.org/certifications/cybersecurity-analyst.
Study and Exam Preparation Tips
A test preparation book like this cannot teach you every possible security software package, scenario, or specific technology that may appear on the exam. Instead, you should focus on whether you are familiar with the type or category of technology, tool, process, or scenario as you read the book. If you identify a gap, you may want to find additional tools to help you learn more about those topics.
Additional resources for hands-on exercises include the following:
- Exploit Exercises provides virtual machines, documentation, and challenges covering a wide range of security issues at
http://Exploit-Exercises.com. - Hacking-Lab provides capture the flag (CTF) exercises in a variety of fields at
hacking-lab.com. - PentesterLab provides a subscription-based access to penetration testing exercises at
http://pentesterlab.com/exercises.
Since the exam uses scenario-based learning, expect the questions to involve analysis and thought, rather than relying on simple memorization. As you might expect, it is impossible to replicate that experience in a book, so the questions here are intended to help you be confident that you know the topic well enough to think through hands-on exercises.
Taking the Exam
Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:
Currently, CompTIA offers two options for taking the exam: an in-person exam at a testing center and an at-home exam that you take on your own computer.
This book includes a coupon that you may use to save 10 percent on your CompTIA exam registration.
In-Person Exams
CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to "Find a test center."
https://home.pearsonvue.com/comptia
Once you know where you'd like to take the exam, simply set up a Pearson VUE testing account and schedule an exam on their site.
On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.
At-Home Exams
CompTIA also offers an at-home testing option that uses the Pearson Vue remote proctoring service. Candidates using this approach will take the exam at their home or office and be proctored over a webcam by a remote proctor.
You can learn more about the at-home testing experience by visiting:
www.comptia.org/testing/testing-options/take-online-exam
After the Cybersecurity Analyst+ Exam
Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.
Maintaining Your Certification
CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.
CompTIA provides information on renewals via their website at:
www.comptia.org/continuing-education
When you sign up to renew your certification, you will be asked to agree to the CE program's Code of Ethics, pay a renewal fee, and submit the materials required for your chosen renewal method.
A full list of the industry certifications you can use to acquire CEUs toward renewing the CySA+ can be found at:
What Does This Book Cover?
This book is designed to cover the four domains included in the CySA+ exam.
- Chapter 1: Today's Cybersecurity Analyst The book starts by teaching you how to assess cybersecurity threats, as well as how to evaluate and select controls to keep your networks and systems secure.
- Chapter 2: System and Network Architecture Understanding the underlying architecture that makes up your organization's infrastructure will help you defend your organization. In this chapter you will explore concepts like serverless and containerization technology as well as virtualization. You will also explore logs and logging, network architecture and design concepts, identity and access management concepts, and how encryption can be used for security and data protection.
- Chapter 3: Malicious Activity Analyzing events and identifying malicious activity is a key part of many security professionals roles. In this chapter you will explore how to monitor for and detect host-based, network-based, and...
