CompTIA Cybersecurity Analyst (CySA+) CS0-002

CompTIA Cybersecurity Analyst (CySA+) CS0-002

by Aamir Lakhani
Released November 2021
Publisher(s): Pearson
ISBN: 0137432119

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

20 Hours of Video Instruction

20 hours of deep-dive training covering every objective in the CompTIA Cybersecurity Analyst CySA+ (CS0-002) exam.

Overview:

The CompTIA Cybersecurity Analyst (CySA+) CS0-002 Complete Video Course is a full and complete resource to successfully study for the CompTIA CySA+ exam. With 20 hours of video training this course provides learners with topic-focused coverage on key exam topics, deep-dive demos and examples, and an exploration of relevant cybersecurity foundations and principles to help you gain an in-depth understanding of each objective in the CompTIA CySA+ certification, as well as a deeper understanding of cyber security.

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Complete Video Course contains 20 hours of training with content divided into 7 modules with 33 content targeted lessons. This title will surpass the traditional “test prep” training by providing an in-depth analysis of core concepts so that students understand all objectives in the CySA+ exam and will learn the fundamentals of preventing, detecting, and combatting cybersecurity threats. Taught by expert trainer, author, and cybersecurity expert Aamir Lakhani, this course uses trainer discussions, hands-on demos, and lightboard work to teach cyber security fundamentals in a way that is easy to access and implement in real world situations.

About the Instructor

Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions, and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement.

Topics include:
  • CompTIA Cybersecurity Analyst (CySA+) CS0-002 Objectives
  • Threat and Vulnerability Management
  • Software and Systems Security
  • Security Operations and Monitoring
  • Incident Response
  • Compliance and Assessment
  • Malware and Incident Response
Skill Level:
  • Intermediate
Learn How To:
  • Prepare for every objective on the CompTIA Cybersecurity Analyst CySA+ exam
  • Leverage intelligence and threat detection techniques
  • Analyze and interpret data
  • Identify and address vulnerabilities
  • Suggest preventative measures
  • Effectively respond to and recover from incidents
  • Real-world cyber security configuration and detection skills
  • How to perform data analysis and interpret results to identify vulnerabilities, threats, and risks
Who Should Take This Course:
  • Anyone preparing for the CompTIA Cybersecurity Analyst CySA+ examination
  • Anyone interested in learning cyber security fundamentals
Course Requirements:

Although there is no required prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

About Pearson Video Training:

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. CompTIA Cybersecurity Analyst (CySA+) CS0-002: Introduction
  2. Module 1: Threat and Vulnerability Management
    1. Module introduction
  3. Lesson 1: Importance of Threat Data and Intelligence
    1. Learning objectives
    2. 1.1 What is Threat Intelligence
    3. 1.2 Threat Sources - Part 1
    4. 1.3 Threat Sources - Part 2
    5. 1.4 Threat Classifications
    6. 1.5 Cyber Threat Investigation - Part 1
    7. 1.6 Cyber Threat Investigation - Part 2
    8. 1.7 Social Media Graphs - Part 1
    9. 1.8 Social Media Graphs - Part 2
    10. 1.9 Log Challenges - Part 1
    11. 1.10 Log Challenges - Part 2
    12. 1.11 Advanced Threat Hunting - Part 1
    13. 1.12 Advanced Threat Hunting - Part 2
    14. 1.13 Endpoint Detection
  4. Lesson 2: Utilizing Threat Intelligence to Support Organization Security
    1. Learning objectives
    2. 2.1 Attack Frameworks - Part 1
    3. 2.2 Attack Frameworks - Part 2
    4. 2.3 Threat Research
    5. 2.4 Threat Modeling Methodologies and Threat Intelligence Sharing with Support Functions
    6. 2.5 Wireless Analysis Techniques
  5. Lesson 3: Vulnerability Management Activities
    1. Learning objectives
    2. 3.1 Vulnerability Identification - Part 1
    3. 3.2 Vulnerability Identification - Part 2
    4. 3.3 Validation
    5. 3.4 Remediation and Mitigation and Inhibitors
    6. 3.5 Scanning Parameters and Criteria
    7. 3.6 Vulnerability Scanning - Part 1
    8. 3.7 Vulnerability Scanning - Part 2
    9. 3.8 Enumeration
  6. Lesson 4: Analyze Output from Common Vulnerability Assessment Tools
    1. Learning objectives
    2. 4.1 Understanding Results
    3. 4.2 Web Application Scanners
    4. 4.3 Infrastructure Vulnerability Scanner
    5. 4.4 Software Assessment Tools and Techniques
    6. 4.5 Wireless Assessment
    7. 4.6 Cloud Infrastructure Assessment
  7. Lesson 5: Threats and Vulnerabilities Associated with Specialized Technology
    1. Learning objectives
    2. 5.1 Mobile
    3. 5.2 Internet of Things (IoT) and Embedded Devices - Part 1
    4. 5.3 Internet of Things (IoT) and Embedded Devices - Part 2
    5. 5.4 APTs
    6. 5.5 Embedded and Real-Time Operating Systems (RTOS)
    7. 5.6 SOC and FPGA
    8. 5.7 Physical Access Control
    9. 5.8 Building Automation Systems, Vehicles, and Drones
    10. 5.9 Industrial Control Systems (ICS) and Process Automation
    11. 5.10 Defending Critical Infrastructure
    12. 5.11 Supervisory Control and Data Acquisition (SCADA) - Part 1
    13. 5.12 Supervisory Control and Data Acquisition (SCADA) - Part 2
    14. 5.13 Verifications and Quality Controls
  8. Lesson 6: Threats Associated with the Cloud
    1. Learning objectives
    2. 6.1 Cloud Service, FaaS, and Deployment Models
    3. 6.2 IaC, Insecure Applications
    4. 6.3 Application Programming Interface
    5. 6.4 Improper Key Management
    6. 6.5 Logging and Monitoring
  9. Lesson 7: Implement Controls to Mitigate Attacks
    1. Learning objectives
    2. 7.1 Attack Types and XML Types
    3. 7.2 SQL Attacks
    4. 7.3 Overflow Attacks
    5. 7.4 Cross-Site Scripting
    6. 7.5 Remote Code Execution
    7. 7.6 Directory Traversal
    8. 7.7 Privilege Escalation
    9. 7.8 Password Spraying
    10. 7.9 Credential Stuffing
    11. 7.10 Impersonation
    12. 7.11 On-path and Man-in-the-Middle
    13. 7.12 Session Hijacking
  10. Lesson 8: Implement Controls for Software Vulnerabilities
    1. Learning objectives
    2. 8.1 Vulnerabilities Improper Error Handling
    3. 8.2 Dereferencing
    4. 8.3 Insecure Object Reference
    5. 8.4 Race Condition
    6. 8.5 Broker Authentication
    7. 8.6 Sensitive Data Exposure
    8. 8.7 Insecure Components
    9. 8.8 Insufficient Logging and Monitoring
    10. 8.9 Weak or Default Configurations
  11. Module 2: Software and Systems Security
    1. Module introduction
  12. Lesson 9: Security Solutions for Infrastructure Management
    1. Learning objectives
    2. 9.1 Cloud vs. On-premises - Part 1
    3. 9.2 Cloud vs. On-premises - Part 2
    4. 9.3 Asset Management
    5. 9.4 Segmentation
    6. 9.5 Network Architecture
    7. 9.6 Change Management
    8. 9.7 Containerization
    9. 9.8 Identity and Access Management
    10. 9.9 Cloud Access Security Broker (CASB)
    11. 9.10 Honeypots and Breach Detection
    12. 9.11 Encryption and Certificate Management
  13. Lesson 10: Software Assurance Best Practices
    1. Learning objectives
    2. 10.1 SDLC Platforms
    3. 10.2 DevSecOps
    4. 10.3 Software Assessment Methods
    5. 10.4 User Acceptance Training and Stress Test
    6. 10.5 Security Regression Training
    7. 10.6 Code Review
    8. 10.7 Secure Coding Best Practices
    9. 10.8 Input Validation
    10. 10.9 Output Encoding
    11. 10.10 Session Management
    12. 10.11 Authentication
    13. 10.12 Data Protection
    14. 10.13 Paramaterized Queries
  14. Lesson 11: Hardware Assurance Best Practices
    1. Learning objectives
    2. 11.1 Hardware Root of Trust
    3. 11.2 Trusted Platform Module (TPM) and Hardware Security Module (HSM)
    4. 11.3 Unified Extensible Firmware Interface (UEFI)
  15. Module 3: Security Operations and Monitoring
    1. Module introduction
  16. Lesson 12: Analyzing Logs and Impact Analysis
    1. Learning objectives
    2. 12.1 Event Logs
    3. 12.2 Syslogs
    4. 12.3 Firewall Logs
    5. 12.4 Web Application Firewall (WAF)
    6. 12.5 Proxy
    7. 12.6 Intrusion Detection and Prevention (IDS/IPS)
    8. 12.7 Impact Analysis
    9. 12.8 Organizations Impact vs. Localized Impact
    10. 12.9 Immediate vs. Total
  17. Lesson 13: SIEMs and Query Writing
    1. Learning objectives
    2. 13.1 Security Information and Event Management (SIEM) - Part 1
    3. 13.2 Security Information and Event Management (SIEM) - Part 2
    4. 13.3 Rule Writing
    5. 13.4 Known-bad Internet Protocol (IP)
  18. Lesson 14: E-Mail Analysis
    1. Learning objectives
    2. 14.1 Malicious Payload
    3. 14.2 Domain Keys Identified Mail (DKIM)
    4. 14.3 Domain-based Message
    5. 14.4 Embedded Links
    6. 14.5 Impersonation
    7. 14.6 Header
  19. Lesson 15: Change Control
    1. Learning objectives
    2. 15.1 Change Control
    3. 15.2 Allow List
    4. 15.3 Blocklist
    5. 15.4 Firewall
    6. 15.5 Intrusion Prevention System (IPS) Rules
    7. 15.6 Data Loss Prevention (DLP)
    8. 15.7 Endpoint Detection and Response (EDR)
    9. 15.8 Network Access Control (NAC)
    10. 15.9 Sinkholing
    11. 15.10 Malware Signature Rule Writing
    12. 15.11 Sandboxing
    13. 15.12 Port Security
  20. Lesson 16: Proactive Threat Hunting
    1. Learning objectives
    2. 16.1 Establishing a Hypothesis
    3. 16.2 Profiling Threat Actors and Activities
    4. 16.3 Reducing the Attack Surface Area
    5. 16.4 Bundling Critical Assets
    6. 16.5 Attack Vectors
    7. 16.6 Integrated Intelligence
    8. 16.7 Improving Detection Capabilities
  21. Lesson 17: Automation
    1. Learning objectives
    2. 17.1 Workflow Orchestration
    3. 17.2 Security Orchestration
    4. 17.3 Security Orchestration, Automation, and Response (SOAR)
    5. 17.4 Scripting
    6. 17.5 Application Programming Interface (API) Integration
    7. 17.6 Automated Malware Signature Creation
    8. 17.7 Data Encrichment
    9. 17.8 Threat Feed Combination
    10. 17.9 Machine Learning
    11. 17.10 Security Content Automation Protocol (SCAP)
    12. 17.11 Continuous Integration
    13. 17.12 Continuous Deployment and Delivery
  22. Module 4: Incident Response
    1. Module introduction
  23. Lesson 18: Communications Process
    1. Learning objectives
    2. 18.1 What is a Cyber Incident
    3. 18.2 Communication Plan
    4. 18.3 Trusted Parties
    5. 18.4 Regulatory and Legislative Requirements
    6. 18.5 Preventing Inadvertent Release of Information
  24. Lesson 19: Response Coordination Process
    1. Learning objectives
    2. 19.1 Legal
    3. 19.2 Human Resources
    4. 19.3 Public Relations
    5. 19.4 Senior Leadership
    6. 19.5 Regulatory Bodies
  25. Lesson 20: Data Criticality Process
    1. Learning objectives
    2. 20.1 Personal Identifiable Information (PII)
    3. 20.2 Personal Health Information (PHI)
    4. 20.3 Sensitive Personal Information (SPI) and High Value Assets
    5. 20.4 Intellectual Property
  26. Lesson 21: Responding to an Incident
    1. Learning objectives
    2. 21.1 Preparation
    3. 21.2 Training
    4. 21.3 Testing
    5. 21.4 Document Procedures
    6. 21.5 Detection and Analysis
    7. 21.6 Severity Level Classification
    8. 21.7 Downtime
    9. 21.8 Recovery Time
    10. 21.9 Reverse Engineering
    11. 21.10 Containment and Isolation
  27. Module 5: Compliance and Assessment
    1. Module introduction
  28. Lesson 22: Data Privacy and Protection
    1. Learning objectives
    2. 22.1 Privacy vs. Security
    3. 22.2 Non-technical Controls
    4. 22.3 Classification, Ownership, Retention, and Data Types
    5. 22.4 Confidentiality, Legal Requirements, and Data Sovereignty
    6. 22.5 Data Minimization, Purpose Limitation, and NDA
    7. 22.6 Technical Controls
    8. 22.7 Encryption
    9. 22.8 Data Loss Prevention (DLP)
    10. 22.9 Data Masking and Deidentification
    11. 22.10 Tokenization
    12. 22.11 Digital Rights Management (DRM) and Watermarking
    13. 22.12 Geographic Access Requirements
    14. 22.13 Access Controls
  29. Lesson 23: Risk Mitigation
    1. Learning objectives
    2. 23.1 Business Impact and Risk Calculation
    3. 23.2 Communication Risk Factors and Risk Prioritization
    4. 23.3 System Assessments
    5. 23.4 Compensating Controls and Training - Part 1
    6. 23.5 Compensating Controls and Training - Part 2
    7. 23.6 Supply Chain Assessment
  30. Lesson 24: Importance of Policies, Procedures, and Controls
    1. Learning objectives
    2. 24.1 Frameworks
    3. 24.2 AUP, Password Policies, Data Ownership, and Other Procedures
    4. 24.3 Control Types
    5. 24.4 Audits and Assessments
  31. Module 6: Malware and Incident Response
    1. Module introduction
  32. Lesson 25: Threat Landscape
    1. Learning objectives
    2. 25.1 Malware Threat Landscape
    3. 25.2 Malware Analysis
    4. 25.3 Malware Analysis Overview
  33. Lesson 26: Malware Labs
    1. Learning objectives
    2. 26.1 Why Set Up a Malware Lab
    3. 26.2 How to Correctly Set Up a Lab
  34. Lesson 27: Dynamic Analysis
    1. Learning objectives
    2. 27.1 Cuckoo Sandbox
    3. 27.2 Other Sandbox Systems
    4. 27.3 Networking and Internet Connections
    5. 27.4 Sandbox and Network
  35. Lesson 28: Malware Packet Analysis
    1. Learning objectives
    2. 28.1 Wireshark
    3. 28.2 Column Setup
  36. Lesson 29: PE File Identification
    1. Learning objectives
    2. 29.1 PE File Format
    3. 29.2 Image Header
    4. 29.3 Entry Points
  37. Lesson 30: File Persistence
    1. Learning objectives
    2. 30.1 Registry Persistence
    3. 30.2 Analyzing for Persistence
    4. 30.3 Other Techniques
  38. Lesson 31: String Analysis
    1. Learning objectives
    2. 31.1 What to Look for
  39. Module 7: Certification Exam
    1. Module introduction
  40. Lesson 32: Preparing and Taking the CySA+
    1. Learning objectives
    2. 32.1 Understanding the Test
    3. 32.2 Type of Test Questions
    4. 32.3 Increasing Your Chances for Passing the Test
    5. 32.4 Certification Review
  41. Lesson 33: Next Steps
    1. Learning objectives
    2. 33.1 What I Learned
  42. Summary
    1. CompTIA Cybersecurity Analyst (CySA+) CS0-002: Summary

Product information

  • Title: CompTIA Cybersecurity Analyst (CySA+) CS0-002
  • Author(s): Aamir Lakhani
  • Release date: November 2021
  • Publisher(s): Pearson
  • ISBN: 0137432119