CompTIA Cybersecurity Analyst CySA+ Certification Training

CompTIA Cybersecurity Analyst CySA+ Certification Training

Level: Intermediate
Course #: 2047
Course info - Prices, Enrollment

Key Features of this CySA+ Training

CompTIA-approved CySA+ training programs

After-course instructor coaching benefit

Exam voucher included

You Will Learn How To:

Prepare for and pass the Cybersecurity Analyst (CySA+) exam

Threat and Vulnerability Management

Software and Systems Security

Security Operations and Monitoring

Incident Response

Compliance and Assessment

Choose the Training Solution That Best Fits Your Individual Needs

Important CySA+ Course Information

Requirements

IT Security Professionals must have 3-4 years of hands-on information security or related experience at the level of Network+ or Security+

Recommended Experience

It is recommended that you have the following skills and knowledge before starting this course:

Knowledge of basic network terminology and functions (such as OSI Model, Topology, Ethernet, Wi-Fi, switches, routers)

Understanding of TCP/IP addressing, core protocols, and troubleshooting tools

Network attack strategies and defenses

Knowledge of the technologies and uses of cryptographic standards and products

Network- and host-based security technologies and practices

Standards and products used to enforce security on web and communications technologies

Exam Information

Course tuition includes an exam voucher. The exam is offered through Pearson Vue.

Certification Information

To earn this certification, you must take and pass CompTIA exam CS0-002

CySA+ Course Outline

1.0 Threat and Vulnerability Management

1.1 Explain the importance of threat data and intelligence.

Intelligence sources

Open-source intelligence

Proprietary/closed-source intelligence

Timeliness

Relevancy

Accuracy

Indicator management

Structured Threat Information eXpression (STIX)

Trusted Automated eXchange of Indicator Information (TAXII) OpenIoC

Threat classification

Known threat vs. unknown threat

Zero-day

Advanced persistent threat

Threat actors

Nation-state

Hacktivist

Organized crime

Insider threat Intentional

Unintentional

Intelligence cycle

Requirements

Collection

Analysis

Dissemination

Feedback

Commodity malware

Information sharing and analysis communities

Healthcare

Financial

Aviation

Government

Critical infrastructure

1.2 Given a scenario, utilize threat intelligence to support organizational security.

Attack frameworks

MITRE ATT&CK

The Diamond Model of Intrusion Analysis Kill chain

Threat research

Reputational

Behavioral

Indicator of compromise (IoC)

Common vulnerability scoring system (CVSS)

Threat modeling methodologies

Adversary capability

Total attack surface

Attack vector

Impact

Liklihood

Threat intelligence sharing with supported functions

Incident response

Vulnerability management

Risk management

Security engineering

Detection and monitoring

1.3 Given a scenario, perform vulnerability management activities.
Vulnerability identification

Asset criticality

Active vs. passive scanning

Mapping/enumeration

Validation

True positive

False positive – True negative

False negative

Remediation/mitigation

Configuration baseline

Patching

Hardening

Compensating controls Risk acceptance

Verification of mitigation

Scanning parameters and criteria

Risks associated with scanning activities

Vulnerability feed

Scope

Credentialed vs. non-credentialed

Server-based vs. agent-based

Internal vs. external

Special considerations Types of data

Technical constraints

Workflow

Sensitivity levels

Regulatory requirements

Segmentation

Intrusion prevention system (IPS), intrusion detection system (IDS), and firewall settings

Inhibitors to remediation

Memorandum of understanding (MOU)

Service-level agreement (SLA)

Organizational governance

Business process interruption

Degrading functionality

Legacy systems

1.4 Given a scenario, analyze the output from common vulnerability assessment tools.

Web application scanner OWASP Zed Attack Proxy (ZAP)

Burp suite

Nikto

Arachni

Infrastructure vulnerability scanner

Nessus

OpenVAS

Qualys

Software assessment tools and techniques

Static analysis

Dynamic analysis

Reverse engineering

Fuzzing

Enumeration

Nmap

hping

Active vs. passive

Responder

Wireless assessment tools

Aircrack-ng Reaver oclHashcat

Cloud Infrastructure assessment tools

ScoutSuite

Prowler

Pacu

1.5 Explain the threats and vulnerabilities associated with specialized technology.

Mobile

Internet of Things (IoT)

Embedded

Real-time operating system (RTOS) System-on-Chip (SoC)

Field programmable gate array (FPGA)

Physical access control

Busiling automation systems

Vehicles and drones CAN bus

Workflow and process automation systems

Industrial control system

Supervisory control and data acquisition (SCADA) Modbus

1.6 Explain the threats and vulnerabilities associated with operating in the cloud.

Cloud service models

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Cloud deployment models

Public

Private

Community

Hybrid

Function as a Service (FaaS)/ serverless architecture

Infrastructure as code (IaC)

Insecure application programming interface (API)

Improper key management

Unprotected storage

Logging and monitoring

Insufficient logging and monitoring

Inability to access

1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.

Attack types

Extensible markup language (XML) attack Structured query language (SQL) injection

Overflow attack Buffer

Integer

Heap

Remote code execution

Directory traversal

Privilege escalation

Password spraying

Credential stuffing

Impersonation

Man-in-the-middle attack

Session hijacking

Rootkit

Cross-site scripting

Reflected

Persistent

Document object model (DOM)

Improper error handling

Dereferencing

Insecure object reference Race condition

Broken authentication

Sensitive data exposure

Insecure components – Insufficient logging and monitoring – Weak or default configurations – Use of insecure functions – strcpy

2.0 Software and Systems Security

2.1 Given a scenario, apply security solutions for infrastructure management.

Cloud vs. on-premises

Asset management Asset tagging

Segmentation Physical

Virtual

Jumpbox

System isolation

Air gap

Network architecture Physical

Software-define

Virtual private cloud (VPC)

Virtual private network (VPN)

Serverless

Change management

Virtualization

Virtual desktop infrastructure (VDI)

Containerization

Identity and access management

Privilege management

Multifactor authentication (MFA)

Single sign-on (SSO)

Federation

Role-based

Attribute-based

Mandatory

Manual review

Cloud access security broker (CASB)

Honeypot

Monitoring and logging

Encryption

Certificate management

Active defense

2.2 Explain software assurance best practices.

Platforms Mobile

Web application

Client/server

Embedded

System-on-chip (SoC)

Firmware

Software development life cycle (SDLC) integration

DevSecOps

Software assessment methods User acceptance testing Stress test application

Security regression testing

Code review

Secure coding best practices

Input validation

Output encoding

Session management

Authentication

Data protection

Parameterized queries Static analysis tools

Dynamic analysis tools

Formal methods for verification of critical software

Service-oriented architecture

Security Assertions Markup Language (SAML)

Simple Object Access Protocol (SOAP)

Representational State Transfer (REST)

Microservices

2.3 Explain hardware assurance best practices.

Hardware root of trust

Trusted platform module (TPM)

Hardware security module (HSM)

Unified Extensible Firmware Interface (UEFI)

Trusted foundry

Secure processing Trusted execution

Secure enclave

Processor security extensions

Atomic execution Anti-tamper

Self-encrypting drive

Trusted firmware updates

Measured boot and attestation

Bus encryption

3.0 Security Operations and Monitoring

3.1 Given a scenario, analyze data as part of security monitoring activities.

Heuristics

Trend analysis

Endpoint Malware

Reverse engineering

Memory

System and application behavior

Known-good behavior

Anomalous behavior

Exploit techniques

File system

User and entity behavior analytics (UEBA)

Uniform Resource Locator (URL) and domain name system (DNS) analysis

Domain generation algorithm

Flow analysis

Packet and protocol analysis

Malware

Log review Event logs

Syslog

Firewall logs

Web application firewall (WAF)

Proxy

Intrusion detection system (IDS)/ Intrusion prevention system (IPS)

Impact analysis

Organization impact vs. localized impact

Immediate vs. total

Security information and event management (SIEM) review

Rule writing

Known-bad Internet protocol (IP)

Dashboard

Query writing String search

Script

Piping

E-mail analysis Malicious payload

Domain Keys Identified Mail (DKIM)

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Sender Policy Framework (SPF)

Phishing

Forwarding

Digital signature

E-mail signature block

Embedded links

Impersonation

Header

3.2 Given a scenario, implement configuration changes to existing controls to improve security.

Permissions

Whitelisting

Blacklisting

Firewall

Intrusion prevention system (IPS) rules

Data loss prevention (DLP)

Endpoint detection and response (EDR)

Network access control (NAC)

Sinkholing

Malware signatures

Development/rule writing

Sandboxing

Port security

3.3 Explain the importance of proactive threat hunting

Establishing a hypothesis

Profiling threat actors and activities

Threat hunting tactics

Executable process analysis

Reducing the attack surface area

Bundling critical assets

Attack vectors

Integrated intelligence

Improving detection capabilities

3.4 Compare and contrast automation concepts and technologies.

Workflow orchestration

Security Orchestration, Automation, and Response (SOAR)

Application programming interface (API) integration

Automated malware signature creation

Data enrichment

Threat feed combination

Machine learning

Use of automation protocols and standards Security Content Automation Protocol (SCAP)

Continuous integration

Continuous deployment/delivery

4.0 Incident Response
4.1 Explain the importance of the incident response process.

Communication plan

Limiting communication to trusted parties

Disclosing based on regulatory/ legislative requirements

Preventing inadvertent release of information

Using a secure method of communication

Reporting requirements

Response coordination with relevant entities

Legal Human resources Public relations

Internal and external

Law enforcement Senior leadership

Regulatory bodies

Factors contributing to data criticality

Personally identifiable information (PII)

Personal health information (PHI)

Sensitive personal information (SPI)

High value asset

Financial information

Intellectual property

Corporate information

4.2 Given a scenario, apply the appropriate incident response procedure.

Preparation Training

Testing

Documentation of procedures

Detection and analysis

Characteristics contributing to severity level classification

Downtime

Recovery time

Data integrity

Economic

System process criticality

Reverse engineering

Data correlation

Containment Segmentation

Isolation

Eradication and recovery Vulnerability mitigation

Sanitization

Reconstruction/reimaging

Secure disposal

Patching

Restoration of permissions

Reconstitution of resources

Restoration of capabilities and services

Verification of logging/ communication to security monitoring

Post-incident activities

Evidence retention

Lessons learned report

Change control process

Incident response plan update

Incident summary report

IoC generation

Monitoring

4.3 Given an incident, analyze potential indicators of compromise.

Network-related Bandwidth consumption

Beaconing

Irregular peer-to-peer communication

Rogue device on the network

Scan/sweep

Unusual traffic spike

Common protocol over non-standard port

Host-related

Processor consumption

Memory consumption

Drive capacity consumption

Unauthorized software

Malicious process

Unauthorized change

Unauthorized privilege

Data exfiltration

Abnormal OS process behavior

File system change or anomaly

Registry change or anomaly

Unauthorized scheduled task

Application-related Anomalous activity

Introduction of new accounts

Unexpected output

Hashing

Carving

5.1 Understand the importance of data privacy and protection.

Privacy vs. security

Non-technical controls

Classification

Ownership

Retention

Data types

Retention standards Confidentiality

Legal requirements

Data sovereignty

Data minimization

Purpose limitation

Non-disclosure agreement (NDA)

Technical controls

Encryption

Data loss prevention (DLP)

Data masking

Deidentification

Tokenization

Digital rights management (DRM) ?

Watermarking

Geographic access requirements

Access controls

5.2 Given a scenario, apply security concepts in support of organizational risk mitigation.

Business impact analysis

Risk identification process

Risk calculation Probability

Magnitude

Communication of risk factors

Risk prioritization Security controls –

Engineering tradeoffs

Systems assessment

Documented compensating controls

Training and exercises Red team

Blue team

White team

Tabletop exercise

Supply chain assessment

Vendor due diligence

Hardware source authenticity

5.3 Explain the importance of frameworks, policies, procedures, and controls.

Frameworks Risk-based

Prescriptive

Policies and procedures Code of conduct/ethics

Acceptable use policy (AUP)

Password policy

Data ownership

Data retention

Account management

Continuous monitoring

Work product retention

Category Managerial

Operational

Technical

Control type Preventative

Detective

Corrective

Deterrent

Compensating

Physical

Audits and assessments

Regulatory

Compliance

Team Training

CySA+ Training FAQs

What is CompTIA CySA+ certification?

Cybersecurity Analyst (CySA+) is an IT workforce certfication. It applies behavioral analytics to networks and devices to help prevent, detect and combat cyber threats.

How do I earn CompTIA CySA+ certification?

To earn this certification, you must take and pass CompTIA exam CS0-002.

How do I take the CySA+ exam (CS0-002)?

Course tuition includes an exam voucher. The exam is offered through Pearson Vue.

 

Course info - Prices, Enrollment

Comments are closed.