CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide, 2nd Edition

Chapter 17

Analyzing Potential Indicators of Compromise

This chapter covers the following topics related to Objective 4.3 (Given an incident, analyze potential indicators of compromise) of the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam:

Network-related indicators of compromise: Includes bandwidth consumption, beaconing, irregular peer-to-peer communication, rogue device on the network, scan/sweep, unusual traffic spike, and common protocol over non-standard port.
Host-related indicators of compromise: Covers processor consumption, memory consumption, drive capacity consumption, unauthorized software, malicious process, unauthorized change, unauthorized privilege, data exfiltration, abnormal OS process behavior, file system ...

Get CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide, 2nd Edition by Troy McMillan

Chapter 17

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly