CompTIA CySA+ Cybersecurity Analyst Certification Practice Exams (Exam CS0-002), 2nd Edition

CHAPTER 17

Analyze Potential Indicators of Compromise

This chapter includes questions on the following topics:

• How to diagnose incidents by examining network symptoms

• How to diagnose incidents by examining host symptoms

• How to diagnose incidents by examining application symptoms

Any action of an individual, and obviously the violent action constituting a crime, cannot occur without leaving a trace.

–Dr. Edmond Locard

Known as “Locard’s principle,” this quote also holds true for computer and network forensics. Every attack on a system leaves multiple pieces of evidence or indicators of compromise (IOCs). The trick is to discover and assemble together as many IOCs as possible to paint the picture and reveal the details of the ...

Get CompTIA CySA+ Cybersecurity Analyst Certification Practice Exams (Exam CS0-002), 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA CySA+ Cybersecurity Analyst Certification Practice Exams (Exam CS0-002), 2nd Edition by Kelly Sparks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly