book

CompTIA CySA+ Study Guide, 3rd Edition

by Mike Chapple, David Seidl

July 2023

Intermediate to advanced

576 pages

15h 38m

English

Sybex

Audiobook available

Read now

Unlock full access

CompTIA The Cybersecurity Analyst+ ExamStudy and Exam Preparation TipsTaking the ExamAfter the Cybersecurity Analyst+ ExamWhat Does This Book Cover?Objectives Map for CompTIA CySA+ Exam CS0-003Setting Up a Kali and Metasploitable Learning EnvironmentAssessment TestAnswers to the Assessment Test
Cybersecurity ObjectivesPrivacy vs. SecurityEvaluating Security RisksBuilding a Secure NetworkSecure Endpoint ManagementPenetration TestingReverse EngineeringEfficiency and Process ImprovementThe Future of Cybersecurity AnalyticsSummaryExam EssentialsLab Exercises

Infrastructure Concepts and DesignOperating System ConceptsLogging, Logs, and Log IngestionNetwork ArchitectureIdentity and Access ManagementEncryption and Sensitive Data ProtectionSummaryExam EssentialsLab ExercisesReview Questions
Analyzing Network EventsInvestigating Host-Related IssuesInvestigating Service- and Application-Related IssuesDetermining Malicious Activity Using Tools and TechniquesSummaryExam EssentialsLab ExercisesReview Questions
Threat Data and IntelligenceThreat ClassificationApplying Threat Intelligence OrganizationwideSummaryExam EssentialsLab ExercisesReview Questions
Mapping, Enumeration, and Asset DiscoveryPassive DiscoverySummaryExam EssentialsLab ExercisesReview Questions
Identifying Vulnerability Management RequirementsConfiguring and Executing Vulnerability ScansDeveloping a Remediation WorkflowOvercoming Risks of Vulnerability ScanningVulnerability Assessment ToolsSummaryExam EssentialsLab ExercisesReview Questions
Reviewing and Interpreting Scan ReportsValidating Scan ResultsCommon VulnerabilitiesSummaryExam EssentialsLab ExercisesReview Questions
Analyzing RiskManaging RiskImplementing Security ControlsThreat ClassificationManaging the Computing EnvironmentSoftware Assurance Best PracticesDesigning and Coding for SecuritySoftware Security TestingPolicies, Governance, and Service Level ObjectivesSummaryExam EssentialsLab ExercisesReview Questions
Security IncidentsPhases of Incident ResponseBuilding the Foundation for Incident ResponseCreating an Incident Response TeamClassifying IncidentsAttack FrameworksSummaryExam EssentialsLab ExercisesReview Questions
Indicators of CompromiseInvestigating IoCsEvidence Acquisition and PreservationSummaryExam EssentialsLab ExercisesReview Questions
Containing the DamageIncident Eradication and RecoveryValidating Data IntegrityWrapping Up the ResponseSummaryExam EssentialsLab ExercisesReview Questions
Vulnerability Management Reporting and CommunicationIncident Response Reporting and CommunicationSummaryExam EssentialsLab ExercisesReview Questions
Building a Forensics CapabilityUnderstanding Forensic SoftwareConducting Endpoint ForensicsNetwork ForensicsCloud, Virtual, and Container ForensicsPost-Incident Activity and Evidence AcquisitionForensic Investigation: An ExampleSummaryExam EssentialsLab ExercisesReview Questions
Chapter 2: System and Network ArchitectureChapter 3: Malicious ActivityChapter 4: Threat IntelligenceChapter 5: Reconnaissance and Intelligence GatheringChapter 6: Designing a Vulnerability Management ProgramChapter 7: Analyzing Vulnerability ScansChapter 8: Responding to VulnerabilitiesChapter 9: Building an Incident Response ProgramChapter 10: Incident Detection and AnalysisChapter 11: Containment, Eradication, and RecoveryChapter 12: Reporting and CommunicationChapter 13: Performing Forensic Analysis and Techniques for Incident Response

Content preview from CompTIA CySA+ Study Guide, 3rd Edition

Index

A

abnormal account activity, 121
abnormal OS process behavior, 96
AbuseIPDB, 114
acceptable use policy (AUP), 327
access, Generally Accepted Privacy Principles (GAPP) for, 6
access control list (ACL), 15, 181
AccessChk, 98
accidental threats, 9
accounts
- introducing new, 101, 104
- management policy for, 327
- unusual behaviors for, 383–384
acquisition
- of data, 470–472
- of evidence, 388–389, 405
action plans, 426
actions on objectives, as stage in Lockheed Martin's Cyber Kill Chain, 365, 366
active defense, for threat hunting, 151
Active Directory Federation Services (AD FS), 61, 62–63
active monitoring, 81–82
active reconnaissance, 161–162
active scanning, 212
Advanced Intrusion Detection Environment (AIDE), 92
advanced persistent ...