Chapter 3Domain 3.0: Security Operations and Monitoring

EXAM OBJECTIVES COVERED IN THIS CHAPTER:

  • 3.1 Given a scenario, analyze data as part of security monitoring activities.
    • Heuristics
    • Trend analysis
    • Network
    • Log review
    • Impact analysis
    • Security information and event management (SIEM) review
    • Query writing
    • Email analysis
  • 3.2 Given a scenario, implement configuration changes to existing controls to improve security.
    • Permissions
    • Whitelisting
    • Blacklisting
    • Firewall
    • Intrusion prevention system (IPS) rules
    • Data loss prevention (DLP)
    • Endpoint detection and response (EDR)
    • Network access control (NAC)
    • Sinkholing
    • Malware signatures
    • Sandboxing
    • Port security
  • 3.3 Explain the importance of proactive threat hunting.
    • Establishing a hypothesis
    • Profiling ...

Get CompTIA CySA+ Practice Tests, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial