book

CompTIA CySA+ Study Guide, 3rd Edition

by Mike Chapple, David Seidl

July 2023

Intermediate to advanced

576 pages

15h 38m

English

Sybex

Audiobook available

Read now

Unlock full access

CompTIA The Cybersecurity Analyst+ ExamStudy and Exam Preparation TipsTaking the ExamAfter the Cybersecurity Analyst+ ExamWhat Does This Book Cover?Objectives Map for CompTIA CySA+ Exam CS0-003Setting Up a Kali and Metasploitable Learning EnvironmentAssessment TestAnswers to the Assessment Test
Cybersecurity ObjectivesPrivacy vs. SecurityEvaluating Security RisksBuilding a Secure NetworkSecure Endpoint ManagementPenetration TestingReverse EngineeringEfficiency and Process ImprovementThe Future of Cybersecurity AnalyticsSummaryExam EssentialsLab Exercises

Infrastructure Concepts and DesignOperating System ConceptsLogging, Logs, and Log IngestionNetwork ArchitectureIdentity and Access ManagementEncryption and Sensitive Data ProtectionSummaryExam EssentialsLab ExercisesReview Questions
Analyzing Network EventsInvestigating Host-Related IssuesInvestigating Service- and Application-Related IssuesDetermining Malicious Activity Using Tools and TechniquesSummaryExam EssentialsLab ExercisesReview Questions
Threat Data and IntelligenceThreat ClassificationApplying Threat Intelligence OrganizationwideSummaryExam EssentialsLab ExercisesReview Questions
Mapping, Enumeration, and Asset DiscoveryPassive DiscoverySummaryExam EssentialsLab ExercisesReview Questions
Identifying Vulnerability Management RequirementsConfiguring and Executing Vulnerability ScansDeveloping a Remediation WorkflowOvercoming Risks of Vulnerability ScanningVulnerability Assessment ToolsSummaryExam EssentialsLab ExercisesReview Questions
Reviewing and Interpreting Scan ReportsValidating Scan ResultsCommon VulnerabilitiesSummaryExam EssentialsLab ExercisesReview Questions
Analyzing RiskManaging RiskImplementing Security ControlsThreat ClassificationManaging the Computing EnvironmentSoftware Assurance Best PracticesDesigning and Coding for SecuritySoftware Security TestingPolicies, Governance, and Service Level ObjectivesSummaryExam EssentialsLab ExercisesReview Questions
Security IncidentsPhases of Incident ResponseBuilding the Foundation for Incident ResponseCreating an Incident Response TeamClassifying IncidentsAttack FrameworksSummaryExam EssentialsLab ExercisesReview Questions
Indicators of CompromiseInvestigating IoCsEvidence Acquisition and PreservationSummaryExam EssentialsLab ExercisesReview Questions
Containing the DamageIncident Eradication and RecoveryValidating Data IntegrityWrapping Up the ResponseSummaryExam EssentialsLab ExercisesReview Questions
Vulnerability Management Reporting and CommunicationIncident Response Reporting and CommunicationSummaryExam EssentialsLab ExercisesReview Questions
Building a Forensics CapabilityUnderstanding Forensic SoftwareConducting Endpoint ForensicsNetwork ForensicsCloud, Virtual, and Container ForensicsPost-Incident Activity and Evidence AcquisitionForensic Investigation: An ExampleSummaryExam EssentialsLab ExercisesReview Questions
Chapter 2: System and Network ArchitectureChapter 3: Malicious ActivityChapter 4: Threat IntelligenceChapter 5: Reconnaissance and Intelligence GatheringChapter 6: Designing a Vulnerability Management ProgramChapter 7: Analyzing Vulnerability ScansChapter 8: Responding to VulnerabilitiesChapter 9: Building an Incident Response ProgramChapter 10: Incident Detection and AnalysisChapter 11: Containment, Eradication, and RecoveryChapter 12: Reporting and CommunicationChapter 13: Performing Forensic Analysis and Techniques for Incident Response

Content preview from CompTIA CySA+ Study Guide, 3rd Edition

Chapter 10Incident Detection and Analysis

Responding to security incidents and network events is a common task for cybersecurity analysts, and to do so, you need to know how to detect and analyze indicators of compromise (IoCs), to acquire evidence, and to preserve it. Network-based IoCs such as excessive or suspicious bandwidth consumption, probes and scans, and rogue devices are all likely to be encountered by security professionals, and knowing how to identify and understand them is critical for security practitioners. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

CompTIA Cloud+ Study Guide, 3rd Edition

Ben Piper

CompTIA Server+ Study Guide, 2nd Edition

Troy McMillan

CompTIA PenTest+ Study Guide, 3rd Edition

Mike Chapple, Robert Shimonski, David Seidl

CompTIA PenTest+ Study Guide, 2nd Edition

Mike Chapple, David Seidl

Publisher Resources

ISBN: 9781394182909Purchase Link