CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)
1st Edition
Published on 1. January 2021
448 pages
978-1-260-46225-8 (ISBN)
Available for download
Description
Focused coverage of every topic on the current version of the CompTIA CySA+ examGet on the fast track to becoming CompTIA CySA+ certified with this affordable, portable study tool. Inside, cybersecurity professional Bobby Rogers guides you on your career path, providing expert tips and sound advice along the way. With an intensive focus only on what you need to know to pass CompTIA CySA+ Exam CS0-002, this certification passport is your ticket to success on exam day.Designed for focus on key topics and exam success:List of official exam objectives covered by domainExam Tip element offers expert pointers for success on the testKey Term highlights specific term or acronym definitions key to passing the examCaution notes common pitfalls and real-world issues as well as warnings about the examTables, bulleted lists, and figures throughout focus on quick reference and reviewCross-References point to an essential, related concept covered elsewhere in the bookPractice questions and content review after each objective section prepare you for exam masteryCovers all exam topics, including:Threat and vulnerability managementThreat data and intelligenceVulnerability management, assessment tools, and mitigationSoftware and systems securitySolutions for infrastructure managementSoftware and hardware assurance best practicesSecurity operations and monitoringProactive threat huntingAutomation concepts and technologiesIncident response process, procedure, and analysisCompliance and assessmentData privacy and protectionSupport of organizational risk mitigationOnline content includes:Customizable practice exam test engine for CS0-002200+ realistic multiple-choice and performance-based practice questions and in-depth explanations
More details
Other editions
Additional editions
Book
03/2021
McGraw-Hill Education
€37.50
Article exhausted; check different version
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents
- Acknowledgments
- Introduction
- 1.0 Threat and Vulnerability Management
- Objective 1.1 Explain the importance of threat data and intelligence
- Intelligence Sources
- Open-Source Intelligence
- Proprietary and Closed-Source Intelligence
- Timeliness
- Relevancy
- Accuracy
- Confidence Levels
- Indicator Management
- Structured Threat Information eXpression (STIX)
- Trusted Automated eXchange of Indicator Intelligence (TAXII)
- OpenIOC
- Threat Classification
- Known Threats vs. Unknown Threats
- Zero-Day Threats
- Advanced Persistent Threats
- Threat Actors
- Nation-States
- Hacktivists
- Organized Crime
- Insider Threats
- Intelligence Cycle
- Requirements
- Collection
- Analysis
- Dissemination
- Feedback
- Commodity Malware
- Information Sharing and Analysis Communities
- Healthcare
- Financial
- Aviation
- Government
- Critical Infrastructure
- REVIEW
- 1.1 QUESTIONS
- 1.1 ANSWERS
- Objective 1.2 Given a scenario, utilize threat intelligence to support organizational security
- Attack Frameworks
- MITRE ATT&CK
- The Diamond Model of Intrusion Analysis
- Cyber Kill Chain
- Threat Research
- Reputational
- Behavioral
- Indicators of Compromise (IOCs)
- Common Vulnerability Scoring System (CVSS)
- Threat Modeling Methodologies
- Common Threat Modeling Methodologies
- Adversary Capability
- Total Attack Surface
- Attack Vector
- Impact
- Likelihood
- Threat Intelligence Sharing with Supported Functions
- Incident Response
- Vulnerability Management
- Risk Management
- Security Engineering
- Detection and Monitoring
- REVIEW
- 1.2 QUESTIONS
- 1.2 ANSWERS
- Objective 1.3 Given a scenario, perform vulnerability management activities
- Vulnerability Identification
- Asset Criticality
- Active vs. Passive Scanning
- Mapping/Enumeration
- Validation
- True Positive
- False Positive
- True Negative
- False Negative
- Remediation/Mitigation
- Configuration Baseline
- Patching
- Hardening
- Compensating Controls
- Risk Acceptance
- Verification of Mitigation
- Scanning Parameters and Criteria
- Risks Associated with Scanning Activities
- Vulnerability Feed
- Scope
- Credentialed vs. Non-Credentialed
- Server-Based vs. Agent-Based
- Internal vs. External
- Special Considerations
- Inhibitors to Remediation
- Memorandum of Understanding (MOU)
- Service Level Agreement (SLA)
- Organizational Governance
- Business Process Interruption
- Degrading Functionality
- Legacy Systems
- Proprietary Systems
- REVIEW
- 1.3 QUESTIONS
- 1.3 ANSWERS
- Objective 1.4 Given a scenario, analyze the output from common vulnerability assessment tools
- Vulnerability Assessment Tools
- Application Tools
- Web Application Scanners
- Software Assessment Tools and Techniques
- Infrastructure Tools
- Network Enumeration
- Network Vulnerability Scanners
- Wireless Assessment
- Cloud Infrastructure Assessment
- REVIEW
- 1.4 QUESTIONS
- 1.4 ANSWERS
- Objective 1.5 Explain the threats and vulnerabilities associated with specialized technology
- Mobile Devices
- Mobile Device Threats and Vulnerabilities
- Corporate Device Considerations
- Mobile Device Protections
- Internet of Things (IoT)
- Embedded Devices
- Physical Access Controls
- Building Automation Systems
- Vehicles and Drones
- Industrial Control Systems
- Workflow and Process Automation Systems
- Supervisory Control and Data Acquisition (SCADA)
- REVIEW
- 1.5 QUESTIONS
- 1.5 ANSWERS
- Objective 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
- Cloud Service Models
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Serverless Architecture and Function as a Service (FaaS)
- Infrastructure as Code (IaC)
- Cloud Deployment Models
- Public
- Private
- Community
- Hybrid
- Cloud Vulnerabilities
- Insecure Application Programming Interface (API)
- Improper Key Management
- Unprotected Storage
- Insufficient Logging and Monitoring
- Inability to Access
- REVIEW
- 1.6 QUESTIONS
- 1.6 ANSWERS
- Objective 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
- Vulnerabilities
- Improper Error Handling
- Dereferencing
- Insecure Object Reference
- Race Condition
- Broken Authentication
- Sensitive Data Exposure
- Insecure Components
- Insufficient Logging and Monitoring
- Weak or Default Configurations
- Use of Insecure Functions
- Attack Types
- Injection Attacks
- Authentication Attacks
- Overflow Attacks
- REVIEW
- 1.7 QUESTIONS
- 1.7 ANSWERS
- 2.0 Software and Systems Security
- Objective 2.1 Given a scenario, apply security solutions for infrastructure management
- Infrastructure Management
- Cloud vs. On-Premises
- Asset Management
- Segmentation
- Network Architecture
- Change Management
- Virtualization
- Containerization
- Identity and Access Management
- Authentication Methods
- Access Control Models
- Cloud Access Security Broker (CASB)
- Honeypot
- Monitoring and Logging
- Encryption
- Certificate Management
- Active Defense
- REVIEW
- 2.1 QUESTIONS
- 2.1 ANSWERS
- Objective 2.2 Explain software assurance best practices
- Platforms
- Mobile
- Web Application
- Client/Server
- Embedded Platforms
- Firmware
- System-on-Chip (SoC)
- Service-Oriented Architecture
- Security Assertions Markup Language (SAML)
- Simple Object Access Protocol (SOAP)
- Representational State Transfer (REST)
- Microservices
- Software Development Lifecycle (SDLC) Integration
- DevSecOps
- Secure Coding Best Practices
- Input Validation
- Output Encoding
- Session Management
- Authentication
- Data Protection
- Parameterized Queries
- Software Assessment Methods
- User Acceptance Testing
- Stress Testing
- Security Regression Testing
- Code Review
- Static Analysis Tools
- Dynamic Analysis Tools
- Formal Methods for Verification of Critical Software
- REVIEW
- 2.2 QUESTIONS
- 2.2 ANSWERS
- Objective 2.3 Explain hardware assurance best practices
- Hardware Root of Trust
- Trusted Platform Module (TPM)
- Hardware Security Module (HSM)
- eFuse
- Unified Extensible Firmware Interface (UEFI)
- Trusted Foundry
- Secure Processing
- Trusted Execution and Secure Enclave
- Processor Security Extensions
- Atomic Execution
- Bus Encryption
- Anti-Tamper
- Self-Encrypting Drive (SED)
- Trusted Firmware Updates
- Measured Boot and Attestation
- REVIEW
- 2.3 QUESTIONS
- 2.3 ANSWERS
- 3.0 Security Operations and Monitoring
- Objective 3.1 Given a scenario, analyze data as part of security monitoring activities
- Heuristics
- Trend Analysis
- Endpoint Data
- Known-Good vs. Anomalous Behavior Analysis
- Malware Analysis and Reverse Engineering
- Memory Analysis
- File System Analysis
- System and Application Behavior
- User and Entity Behavior Analytics (UEBA)
- Analysis of Endpoint Exploitation Techniques
- Network
- Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis
- Domain Generation Algorithm
- Flow Analysis
- Packet and Protocol Analysis
- Network-Based Malware Analysis
- Log Review
- Event Logs
- Syslog
- Firewall Logs
- Web Application Firewall (WAF)
- Proxy
- Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
- Impact Analysis
- Organization Impact vs. Localized Impact
- Immediate vs. Total
- Security Information and Event Management (SIEM) Review
- Dashboard
- Rule and Query Writing
- String Search
- Scripting and Piping
- E-mail Analysis
- Impersonation
- Malicious Payload
- Embedded Links
- Phishing
- Forwarding
- Digital Signatures
- Header
- E-mail Signature Block
- Domain Keys Identified Mail (DKIM)
- Sender Policy Framework (SPF)
- Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
- REVIEW
- 3.1 QUESTIONS
- 3.1 ANSWERS
- Objective 3.2 Given a scenario, implement configuration changes to existing controls to improve security
- Review of Control Concepts
- Control Categories and Functions
- Control Implementation and Risk
- Permissions
- Windows Permissions
- Linux Permissions
- Access Control Lists
- Allow Lists
- Deny Lists
- Firewalls
- Packet-Filtering Firewalls
- Circuit-Level Gateways
- Stateful Inspection Firewalls
- Application-Level Gateways
- Web Application Firewalls (WAFs)
- Next-Generation Firewalls
- Cloud-Based Firewalls
- Intrusion Prevention System (IPS) Rules
- Data Loss Prevention (DLP)
- Endpoint Detection and Response (EDR)
- Network Access Control (NAC)
- Sinkholing
- Malware Signatures
- Development/Rule Writing
- Sandboxing
- Port Security
- REVIEW
- 3.2 QUESTIONS
- 3.2 ANSWERS
- Objective 3.3 Explain the importance of proactive threat hunting
- Establishing a Hypothesis
- Profiling Threat Actors and Activities
- Threat Hunting Tactics
- Executable Process Analysis
- Reducing the Attack Surface Area
- System Level
- Network Level
- Organization Level
- Operating Environment
- Bundling Critical Assets
- Attack Vectors
- Integrated Intelligence
- Improving Detection Capabilities
- REVIEW
- 3.3 QUESTIONS
- 3.3 ANSWERS
- Objective 3.4 Compare and contrast automation concepts and technologies
- Automation Concepts
- Workflow Orchestration
- Security Orchestration, Automation, and Response (SOAR)
- Scripting
- Application Programming Interface (API) Integration
- Automated Malware Signature Creation
- Data Enrichment
- Threat Feed Combination
- Machine Learning
- Use of Automation Protocols and Standards
- Automating Software Integration, Delivery, and Deployment
- REVIEW
- 3.4 QUESTIONS
- 3.4 ANSWERS
- 4.0 Incident Response
- Objective 4.1 Explain the importance of the incident response process
- Critical Incident Response Processes
- Communications Plan
- Response Coordination with Relevant Entities
- Factors Contributing to Data Criticality
- REVIEW
- 4.1 QUESTIONS
- 4.1 ANSWERS
- Objective 4.2 Given a scenario, apply the appropriate incident response procedure
- Incident Response Procedures
- Preparation
- Detection and Analysis
- Containment
- Eradication and Recovery
- Post-Incident Activities
- REVIEW
- 4.2 QUESTIONS
- 4.2 ANSWERS
- Objective 4.3 Given an incident, analyze potential indicators of compromise
- Analyzing Indicators of Compromise
- Network-Related IOCs
- Host-Related IOCs
- Application-Related IOCs
- REVIEW
- 4.3 QUESTIONS
- 4.3 ANSWERS
- Objective 4.4 Given a scenario, utilize basic digital forensics techniques
- Forensics Considerations
- Forensics Foundations
- Network
- Endpoint Forensics Considerations
- Mobile Forensics
- Cloud Forensics
- Virtualization Forensics
- Key Forensic Procedures
- REVIEW
- 4.4 QUESTIONS
- 4.4 ANSWERS
- 5.0 Compliance and Assessment
- Objective 5.1 Understand the importance of data privacy and protection
- Privacy vs. Security
- Nontechnical Controls
- Technical Controls
- REVIEW
- 5.1 QUESTIONS
- 5.1 ANSWERS
- Objective 5.2 Given a scenario, apply security concepts in support of organizational risk mitigation
- Organizational Risk Mitigation
- Business Impact Analysis (BIA)
- Risk Identification Process
- Risk Calculation
- Communication of Risk Factors
- Risk Prioritization
- Systems Assessment
- Documented Compensating Controls
- Training and Exercises
- Supply Chain Assessment
- REVIEW
- 5.2 QUESTIONS
- 5.2 ANSWERS
- Objective 5.3 Explain the importance of frameworks, policies, procedures, and controls
- Organizational Governance Flow
- Frameworks
- Policies and Procedures
- Control Categories
- Control Types
- Audits and Assessments
- REVIEW
- 5.3 QUESTIONS
- 5.3 ANSWERS
- A About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Privacy Notice
- Single User License Terms and Conditions
- TotalTester Online
- Performance-Based Questions
- Technical Support
- Glossary
- Index
