Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying CompTIA CySA+ Study Guide: Exam CS0-002
  • Table Of Contents Toc
  • Feedback & Rating feedback
CompTIA CySA+ Study Guide: Exam CS0-002

CompTIA CySA+ Study Guide: Exam CS0-002

By : Mike Chapple, David Seidl
close
close
CompTIA CySA+ Study Guide: Exam CS0-002

CompTIA CySA+ Study Guide: Exam CS0-002

By: Mike Chapple, David Seidl

Overview of this book

The Cybersecurity Analyst (CySA+) certification applies behavioral analytics to improve the overall state of IT security. CompTIA CySA+ meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA). More than just test prep, this book helps you to learn skills to demonstrate your command of all domains and topics covered by the CySA+ exam. The CompTIA CySA+ Study Guide provides complete coverage of all exam objectives for the new CySA+ certification. The CySA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, and identify vulnerabilities with a goal of securing and protecting systems of organizations. You'll study concepts with real-world examples drawn from experts, and hands-on labs. You'll gain insight on how to create your own cybersecurity toolkit. The end-of-chapter review questions will help you reinforce your knowledge. By the end of the book, you’ll have the skills and confidence you need to think and respond like a seasoned professional.
Table of Contents (23 chapters)
close
close
close
Lock Free Chapter
1
Acknowledgments
Icon
Acknowledgments
2
About the Authors
Icon
About the Authors
3
Introduction
Icon
Introduction
Icon
What Does This Book Cover?
Icon
Setting Up a Kali and Metasploitable Learning Environment
Icon
Setting Up Your Environment
Icon
Objectives Map for CompTIA Cybersecurity Analyst (CySA+) Exam CS0-001
Icon
Objectives Map
4
Assessment Test
Icon
Assessment Test
5
Answer to the Assessment Test
Icon
Answer to the Assessment Test
6
Chapter 1 Defending Against Cybersecurity Threats
Icon
Chapter 1 Defending Against Cybersecurity Threats
Icon
Cybersecurity Objectives
Icon
Evaluating Security Risks
Icon
Building a Secure Network
Icon
Secure Endpoint Management
Icon
Penetration Testing
Icon
Reverse Engineering
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
7
Chapter 2 Reconnaissance and Intelligence Gathering
Icon
Chapter 2 Reconnaissance and Intelligence Gathering
Icon
Footprinting
Icon
Passive Footprinting
Icon
Gathering Organizational Intelligence
Icon
Detecting, Preventing, and Responding to Reconnaissance
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
8
Chapter 3 Designing a Vulnerability Management Program
Icon
Chapter 3 Designing a Vulnerability Management Program
Icon
Identifying Vulnerability Management Requirements
Icon
Configuring and Executing Vulnerability Scans
Icon
Developing a Remediation Workflow
Icon
Overcoming Barriers to Vulnerability Scanning
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
9
Chapter 4 Analyzing Vulnerability Scans
Icon
Chapter 4 Analyzing Vulnerability Scans
Icon
Reviewing and Interpreting Scan Reports
Icon
Validating Scan Results
Icon
Common Vulnerabilities
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
10
Chapter 5 Building an Incident Response Program
Icon
Chapter 5 Building an Incident Response Program
Icon
Security Incidents
Icon
Phases of Incident Response
Icon
Building the Foundation for Incident Response
Icon
Creating an Incident Response Team
Icon
Coordination and Information Sharing
Icon
Classifying Incidents
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
11
Chapter 6 Analyzing Symptoms for Incident Response
Icon
Chapter 6 Analyzing Symptoms for Incident Response
Icon
Analyzing Network Events
Icon
Handling Network Probes and Attacks
Icon
Investigating Host Issues
Icon
Investigating Service and Application Issues
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
12
Chapter 7 Performing Forensic Analysis
Icon
Chapter 7 Performing Forensic Analysis
Icon
Building a Forensics Capability
Icon
Understanding Forensic Software
Icon
Conducting a Forensic Investigation
Icon
Forensic Investigation: An Example
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
13
Chapter 8 Recovery and Post-Incident Response
chevron up
Icon
Chapter 8 Recovery and Post-Incident Response
Icon
Containing the Damage
Icon
Incident Eradication and Recovery
Icon
Wrapping Up the Response
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
14
Chapter 9 Policy and Compliance
Icon
Chapter 9 Policy and Compliance
Icon
Understanding Policy Documents
Icon
Complying with Laws and Regulations
Icon
Adopting a Standard Framework
Icon
Implementing Policy-Based Controls
Icon
Security Control Verification and Quality Control
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
15
Chapter 10 Defense-in-Depth Security Architectures
Icon
Chapter 10 Defense-in-Depth Security Architectures
Icon
Understanding Defense in Depth
Icon
Implementing Defense in Depth
Icon
Analyzing Security Architecture
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
16
Chapter 11 Identity and Access Management Security
Icon
Chapter 11 Identity and Access Management Security
Icon
Understanding Identity
Icon
Threats to Identity and Access
Icon
Identity as a Security Layer
Icon
Understanding Federated Identity and Single Sign-On
Icon
Review Questions
17
Chapter 12 Software Development Security
Icon
Chapter 12 Software Development Security
Icon
Understanding the Software Development Life Cycle
Icon
Designing and Coding for Security
Icon
Software Security Testing
Icon
Summary
Icon
Exam Essentials
Icon
Lab Exercises
Icon
Review Questions
18
Chapter 13 Cybersecurity Toolkit
Icon
Chapter 13 Cybersecurity Toolkit
Icon
Host Security Tools
Icon
Monitoring and Analysis Tools
Icon
Scanning and Testing Tools
Icon
Network Security Tools
Icon
Web Application Security Tools
Icon
Forensics Tools
Icon
Summary
19
Index
Icon
Index
20
Advert
Icon
Advert
21
EULA
Icon
EULA
1
Appendix A Answers to the Review Questions
Icon
Appendix A Answers to the Review Questions
Icon
Chapter 1: Defending Against Cybersecurity Threats
Icon
Chapter 2: Reconnaissance and Intelligence Gathering
Icon
Chapter 3: Designing a Vulnerability Management Program
Icon
Chapter 4: Analyzing Vulnerability Scans
Icon
Chapter 5: Building an Incident Response Program
Icon
Chapter 6: Analyzing Symptoms for Incident Response
Icon
Chapter 7: Performing Forensic Analysis
Icon
Chapter 8: Recovery and Post-Incident Response
Icon
Chapter 9: Policy and Compliance
Icon
Chapter 10: Defense-in-Depth Security Architectures
Icon
Chapter 11: Identity and Access Management Security
Icon
Chapter 12: Software Development Security
2
Appendix B Answers to the Lab Exercises
Icon
Appendix B Answers to the Lab Exercises
Icon
Chapter 1: Defending Against Cybersecurity Threats
Icon
Chapter 2: Reconnaissance and Intelligence Gathering
Icon
Chapter 4: Analyzing Vulnerability Scans
Icon
Chapter 5: Building an Incident Response Program
Icon
Chapter 6: Analyzing Symptoms for Incident Response
Icon
Chapter 7: Performing Forensic Analysis
Icon
Chapter 8: Recovery and Post-Incident Response
Icon
Chapter 9: Policy and Compliance
Icon
Chapter 10: Defense-in-Depth Security Architectures
Icon
Chapter 11: Identity and Access Management Security
Icon
Chapter 12: Software Development Security

Chapter 8
Recovery and Post-Incident Response

THE COMPTIA CYBERSECURITY ANALYST+ EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE:

  • Domain 3: Cyber Incident Response
    • ✓ 3.5 Summarize the incident recovery and post-incident response process.

Chapter 5, “Building an Incident Response Program,” provided an overview of the steps required to build and implement a cybersecurity incident response program according to the process advocated by the National Institute of Standards and Technology (NIST). In their Computer Security Incident Handling Guide, NIST outlines the four-phase incident response process shown in Figure 8.1

“Diagram shows incidence response process with four different steps like preparation, detection and analysis, containment eradication and recovery, and post-incident activity with flow connections.”

Figure 8.1 Incident response process

Source: NIST SP 800-61: Computer Security Incident Handling Guide

The remainder of Chapter 5 provided an overview of the Preparation phase of incident response. Chapter 6, “Analyzing Symptoms for Incident Response,” and Chapter 7, “Performing Forensic Analysis,” covered the details...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
CompTIA CySA+ Study Guide: Exam CS0-002
End of Section 13
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon