O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-001)

Book Description

This comprehensive self-study guide offers complete coverage of the new CompTIA Cybersecurity Analyst+ certification exam

Note: This guide has been updated to reflect CompTIA's exam acronym CySA+.

This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You'll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the live test in content, format, and tone. Designed to help you pass exam CS0-001 with ease, this definitive guide also serves as an essential on-the-job reference.

Covers every topic on the exam, including:

•Threat and vulnerability management

•Conducting and analyzing reconnaissance

•Responding to network-based threats

•Securing a cooperate network

•Cyber incident response

•Determining the impact of incidents

•Preparing the incident response toolkit

•Security architectures

Policies, procedures, and controls

•Assuring identity and access management

•Putting in compensating controls

•Secure software development

Electronic content includes:

•200 practice questions

•Secured book PDF


Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Acknowledgments
  6. Introduction
  7. Part I Threat Management
  8. Chapter 1 Applying Reconnaissance Techniques
    1. Open Source Intelligence
    2. Google
    3. Internet Registries
    4. Job Sites
    5. Social Media
    6. Active Reconnaissance
    7. Scanning
    8. Capturing Packets
    9. Special Considerations
    10. Wired Network Considerations
    11. Wireless Network Considerations
    12. Virtualization Technologies
    13. Cloud Computing
    14. Defending Against Reconnaissance
    15. Tools of the Trade
    16. nmap
    17. Nikto
    18. OWASP Zed Attack Proxy
    19. Nessus
    20. netstat
    21. tcpdump
    22. Wireshark/TShark
    23. Intrusion Detection and Prevention Systems
    24. Chapter Review
    25. Questions
    26. Answers
  9. Chapter 2 Analyzing the Results of Reconnaissance
    1. Data Sources
    2. Firewall Logs
    3. Intrusion Detection/Prevention Systems
    4. Packet Captures
    5. System Logs
    6. nmap Scan Results
    7. Point-in-Time Analysis
    8. Packet Analysis
    9. Protocol Analysis
    10. Traffic Analysis
    11. NetFlow Analysis
    12. Wireless Analysis
    13. Correlation Analysis
    14. Anomaly Analysis
    15. Behavioral Analysis
    16. Trend Analysis
    17. Availability Analysis
    18. Heuristics
    19. Tools of the Trade
    20. Security Information and Event Management Systems
    21. Packet Analyzers
    22. Intrusion Detection Systems
    23. Resource-Monitoring Tools
    24. NetFlow Analyzers
    25. Chapter Review
    26. Questions
    27. Answers
  10. Chapter 3 Responding to Network-Based Threats
    1. Network Segmentation
    2. System Isolation
    3. Jump Box
    4. Honeypots and Honeynets
    5. ACLs
    6. File System ACLs
    7. Network ACLs
    8. Black Hole
    9. DNS Sinkhole
    10. Endpoint Security
    11. Detect and Block
    12. Sandbox
    13. Cloud-Connected Protection
    14. Group Policies
    15. Device Hardening
    16. Discretionary Access Control (DAC)
    17. Mandatory Access Control (MAC)
    18. Role-Based Access Control (RBAC)
    19. Compensating Controls
    20. Blocking Unused Ports/Services
    21. Patching
    22. Network Access Control
    23. Time Based
    24. Rule Based
    25. Role Based
    26. Location Based
    27. Chapter Review
    28. Questions
    29. Answers
  11. Chapter 4 Securing a Corporate Network
    1. Penetration Testing
    2. Rules of Engagement
    3. Reverse Engineering
    4. Hardware
    5. Software/Malware
    6. Isolation/Sandboxing
    7. Training and Exercises
    8. Types of Exercises
    9. Red Team
    10. Blue Team
    11. White Team
    12. Risk Evaluation
    13. Impact and Likelihood
    14. Technical Control Review
    15. Operational Control Review
    16. Chapter Review
    17. Questions
    18. Answers
  12. Part II Vulnerability Management
  13. Chapter 5 Implementing Vulnerability Management Processes
    1. Vulnerability Management Requirements
    2. Regulatory Environments
    3. Corporate Security Policy
    4. Data Classification
    5. Asset Inventory
    6. Common Vulnerabilities
    7. Servers
    8. Endpoints
    9. Network Infrastructure
    10. Virtual Infrastructure
    11. Mobile Devices
    12. Interconnected Networks
    13. Virtual Private Networks
    14. Industrial Control Systems
    15. SCADA Devices
    16. Frequency of Vulnerability Scans
    17. Risk Appetite
    18. Regulatory Requirements
    19. Technical Constraints
    20. Workflow
    21. Tool Configuration
    22. Scanning Criteria
    23. Tool Updates and Plug-Ins
    24. SCAP
    25. Permissions and Access
    26. Chapter Review
    27. Questions
    28. Answers
  14. Chapter 6 Vulnerability Scanning
    1. Execute Scanning
    2. Nessus
    3. OpenVAS
    4. Nikto
    5. Generate Reports
    6. Automated vs. Manual Distribution
    7. Remediation
    8. Prioritizing
    9. Communication/Change Control
    10. Sandboxing/Testing
    11. Inhibitors to Remediation
    12. Ongoing Scanning and Continuous Monitoring
    13. Analyze Reports from a Vulnerability Scan
    14. Review and Interpret Scan Results
    15. Validate Results and Correlate Other Data Points
    16. Compare to Best Practices or Compliance
    17. Reconcile Results
    18. Review Related Logs and/or Other Data Sources
    19. Determine Trends
    20. Chapter Review
    21. Questions
    22. Answers
  15. Part III Cyber Incident Response
  16. Chapter 7 The Incident Response Process
    1. A Cast of Characters
    2. Key Roles
    3. Stakeholders
    4. Response Techniques
    5. Containment
    6. Eradication
    7. Validation
    8. Corrective Actions
    9. Communication Processes
    10. Internal Communications
    11. External Communications
    12. Chapter Review
    13. Questions
    14. Answers
  17. Chapter 8 Determining the Impact of Incidents
    1. Threat Classification
    2. Known Threats vs. Unknown Threats
    3. Zero Day
    4. Advanced Persistent Threat
    5. Factors Contributing to Incident Severity and Prioritization
    6. Scope of Impact
    7. Types of Data
    8. Chapter Review
    9. Questions
    10. Answers
  18. Chapter 9 Preparing the Incident Response Toolkit
    1. Digital Forensics
    2. Phases of an Investigation
    3. Forensic Investigation Suite
    4. Acquisition Utilities
    5. Analysis Utilities
    6. OS and Process Analysis
    7. Mobile Device Forensics
    8. Log Viewers
    9. Building Your Forensic Kit
    10. Jump Bag
    11. Chapter Review
    12. Questions
    13. Answers
  19. Chapter 10 Selecting the Best Course of Action
    1. Introduction to Diagnosis
    2. Network-Related Symptoms
    3. Bandwidth Utilization
    4. Beaconing
    5. Irregular Peer-to-Peer Communication
    6. Rogue Devices on the Network
    7. Scan Sweeps
    8. Host-Related Symptoms
    9. Running Processes
    10. Memory Contents
    11. File System
    12. Capacity Consumption
    13. Unauthorized Privileges
    14. Application-Related Symptoms
    15. Anomalous Activity
    16. Introduction of New Accounts
    17. Unexpected Output
    18. Unexpected Outbound Communication
    19. Service Interruption
    20. Memory Overflows
    21. Chapter Review
    22. Questions
    23. Answers
  20. Part IV Security Architectures
  21. Chapter 11 Frameworks, Policies, Controls, and Procedures
    1. Security Frameworks
    2. NIST
    3. ISO
    4. COBIT
    5. SABSA
    6. TOGAF
    7. ITIL
    8. Policies and Procedures
    9. Security Policies
    10. Procedures
    11. Controls
    12. Physical Controls
    13. Logical Controls
    14. Administrative Controls
    15. Control Selection
    16. Regulatory Compliance
    17. Verification and Quality Control
    18. Audits
    19. Assessments
    20. Certification
    21. Maturity Models
    22. Chapter Review
    23. Questions
    24. Answers
  22. Chapter 12 Identity and Access Management
    1. Security Issues Associated with Context-Based Authentication
    2. Time
    3. Location
    4. Frequency
    5. Behavioral
    6. Security Issues Associated with Identities
    7. Personnel
    8. Endpoints
    9. Servers
    10. Services
    11. Roles
    12. Applications
    13. Security Issues Associated with Identity Repositories
    14. Directory Services
    15. TACACS+
    16. RADIUS
    17. Security Issues Associated with Federation and Single Sign-On
    18. Manual vs. Automatic Provisioning/Deprovisioning
    19. Self-Service Password Reset
    20. Exploits
    21. Impersonation
    22. Man in the Middle
    23. Session Hijack
    24. Cross-Site Scripting
    25. Privilege Escalation
    26. Rootkits
    27. Chapter Review
    28. Questions
    29. Answers
  23. Chapter 13 Putting in Compensating Controls
    1. Security Data Analytics
    2. Data Aggregation and Correlation
    3. Trend Analysis
    4. Historical Analysis
    5. Manual Review
    6. Firewall Log
    7. Syslog
    8. Authentication Logs
    9. Event Logs
    10. Defense in Depth
    11. Personnel
    12. Processes
    13. Other Security Concepts
    14. Chapter Review
    15. Questions
    16. Answers
  24. Chapter 14 Secure Software Development
    1. The Software Development Lifecycle
    2. Requirements
    3. Development
    4. Implementation
    5. Operation and Maintenance
    6. Secure Software Development
    7. Secure Coding
    8. Security Testing
    9. Best Practices
    10. Software Engineering Institute
    11. OWASP
    12. SANS
    13. Center for Internet Security
    14. Chapter Review
    15. Questions
    16. Answers
  25. Chapter 15 Tool Sets
    1. Preventative Tools
    2. Firewalls
    3. IDS and IPS
    4. Host-Based Intrusion Prevention Systems
    5. Antimalware
    6. Enhanced Mitigation Experience Toolkit
    7. Web Proxies
    8. Web Application Firewalls
    9. Collective Tools
    10. Security Information and Event Management
    11. Network Scanning
    12. Packet Capture
    13. Command-line Utilities
    14. Analytical Tools
    15. Vulnerability Scanning
    16. Monitoring Tools
    17. Interception Proxy
    18. Exploitative Tools
    19. Exploitation Frameworks
    20. Fuzzers
    21. Forensic Tools
    22. Forensic Suites
    23. Hashing
    24. Password Cracking
    25. Imaging
    26. Chapter Review
    27. Questions
    28. Answers
  26. Part V Appendixes and Glossary
  27. Appendix A Objectives Map
  28. Appendix B About the Download
    1. System Requirements
    2. Installing and Running Total Tester
    3. About Total Tester
    4. Pre-assessment Test
    5. Performance-Based Questions
    6. McGraw-Hill Professional Media Center Download
    7. Technical Support
  29. Glossary
  30. Index