ebook img

The Official CompTIA CySA+ Student Guide Exam CS0-002 PDF

675 Pages·2020·21.913 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Official CompTIA CySA+ Student Guide Exam CS0-002

The Official CompTIA CySA+ Student Guide (Exam CS0-002) Course Edition: 1.0 Acknowledgments James Pengelly, Author Thomas Reilly, Vice President Learning Katie Hoenicke, Director of Product Management Evan Burns, Senior Manager, Learning Technology Operations and Implementation James Chesterfield, Manager, Learning Content and Design Becky Mann, Senior Manager, Product Development Katherine Keyes, Content Specialist Notices Disclaimer While CompTIA, Inc., takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. The use of screenshots, photographs of another entity‘s products, or another entity‘s product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by nor any affiliation of such entity with CompTIA. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the "External Sites"). CompTIA is not responsible for the availability of, or the content located on or through, any External Site. Please contact CompTIA if you have any concerns regarding such links or External Sites. Trademark Notices CompTIA®, CySA+®, and the CompTIA logo are registered trademarks of CompTIA, Inc., in the U.S. and other countries. All other product and service names used may be common law or registered trademarks of their respective proprietors. Copyright Notice Copyright © 2020 CompTIA, Inc. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of CompTIA, 3500 Lacey Road, Suite 100, Downers Grove, IL 60515-5439. This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and conditions of the owner. If you believe that this book, related materials, or any other CompTIA materials are being reproduced or transmitted without permission, please call 1-866-835-8020, or visit https://help.comptia.org. Table of Contents  |  iii Table of Contents Lesson 1: Explaining the Importance of Security Controls and Security Intelligence ..................................................................................... 1 Topic 1A: Identify Security Control Types ......................................................... 2 Topic 1B: Explain the Importance of Threat Data and Intelligence ................. 7 Lesson 2: Utilizing Threat Data and Intelligence ....................................................... 21 Topic 2A: Classify Threats and Threat Actor Types ............................................. 22 Topic 2B: Utilize Attack Frameworks and Indicator Management ................ 28 Topic 2C: Utilize Threat Modeling and Hunting Methodologies .................... 38 Lesson 3: Analyzing Security Monitoring Data ......................................................... 51 Topic 3A: Analyze Network Monitoring Output ............................................... 52 Topic 3B: Analyze Appliance Monitoring Output ............................................ 73 Topic 3C: Analyze Endpoint Monitoring Output .............................................. 95 Topic 3D: Analyze Email Monitoring Output .................................................. 120 Lesson 4: Collecting and Querying Security Monitoring Data .............................. 137 Topic 4A: Configure Log Review and SIEM Tools ............................................... 138 Topic 4B: Analyze and Query Logs and SIEM Data ....................................... 157 Lesson 5: Utilizing Digital Forensics and Indicator Analysis Techniques ................. 175 Topic 5A: Identify Digital Forensics Techniques ................................................ 176 Topic 5B: Analyze Network-related IoCs ........................................................ 195 Topic 5C: Analyze Host-related IoCs .............................................................. 218 Topic 5D: Analyze Application-Related IoCs ....................................................... 231 Topic 5E: Analyze Lateral Movement and Pivot IoCs ......................................... 249 Lesson 6: Applying Incident Response Procedures ..................................................... 261 Topic 6A: Explain Incident Response Processes ............................................... 262 Topic 6B: Apply Detection and Containment Processes .............................. 272 Topic 6C: Apply Eradication, Recovery, and Post-Incident Processes ....... 282 Table of Contents iv | Table of Contents    Lesson 7: Applying Risk Mitigation and Security Frameworks ............................. 307     Topic 7A: Apply Risk Identification, Calculation, and Prioritization Processes .............................................................................. 308     Topic 7B: Explain Frameworks, Policies, and Procedures ................................. 318     Lesson 8: Performing Vulnerability Management ................................................... 327     Topic 8A: Analyze Output from Enumeration Tools...................................... 328   Topic 8B: Configure Infrastructure Vulnerability   Scanning Parameters .................................................................................. 350   Topic 8C: Analyze Output from Infrastructure Vulnerability Scanners....... 368   Topic 8D: Mitigate Vulnerability Issues .......................................................... 384       Lesson 9 Applying Security Solutions for Infrastructure Management ................ 393   Topic 9A: Apply Identity and Access Management Security Solutions ....... 394   Topic 9B: Apply Network Architecture and   Segmentation Security Solutions .............................................................. 410   Topic 9C: Explain Hardware Assurance Best Practices ..................................... 429     Topic 9D: Explain Vulnerabilities Associated with Specialized Technology ...................................................................... 435       Lesson 10: Understanding Data Privacy and Protection ........................................ 445   Topic 10A: Identify Non-Technical Data and Privacy Controls .................... 446     Topic 10B: Identify Technical Data and Privacy Controls ............................ 454     Lesson 11: Applying Security Solutions for Software Assurance ............................... 467     Topic 11A: Mitigate Software Vulnerabilities and Attacks ........................... 468   Topic 11B: Mitigate Web Application Vulnerabilities and Attacks .............. 478   Topic 11C: Analyze Output from Application Assessments ........................ 492       Lesson 12: Applying Security Solutions for Cloud and Automation ..................... 515   Topic 12A: Identify Cloud Service   and Deployment Model Vulnerabilities ...................................................... 516   Topic 12B: Explain Service-Oriented Architecture........................................ 523   Topic 12C: Analyze Output from Cloud Infrastructure   Assessment Tools ............................................................................................. 533   Topic 12D: Compare Automation Concepts and Technologies ......................... 552   Table of Contents Table of Contents  |  v Course Follow-Up .............................................................................................................. C-1 Appendix A: Mapping Course Content to CompTIA Cybersecurity Analyst (CySA+) Exam CS0-002..................................................A-1 Solutions ........................................................................................................................ S-1 Glossary..........................................................................................................................G-1 Index................................................................................................................................ I-1 Table of Contents Preface | vii About This Course CompTIA is a not-for-profit trade association with the purpose of advancing the interests of IT professionals and IT channel organizations, and its industry-leading IT certifications are an important part of that mission. CompTIA CyberSecurity Analyst (CySA+) certification is an intermediate-level certification designed to demonstrate the knowledge and competencies of a security analyst or specialist with four years' experience in the field. With the end goal of proactively defending and continuously improving the security of  an organization, CySA+ will verify the successful candidate has the knowledge and skills  required to: Leverage intelligence and threat detection techniques; Analyze and interpret  data; Identify and address vulnerabilities; Suggest preventative measures; and Effectively  respond to and recover from incidents.  CompTIA CySA+ exam objectives document    This course covers the duties of cybersecurity analysts who are responsible for monitoring and detecting security incidents in information systems and networks, and for executing a proper response to such incidents. The course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur. The course will also prepare you for the CompTIA CySA+ (Exam CS0-002) certification examination. Course Description Course Objectives In this course, you will assess and respond to security threats and operate a systems and network security analysis platform. You will: • Collect and use cybersecurity intelligence and threat data. • Identify modern cybersecurity threat actors types and tactics, techniques, and procedures. • Analyze data collected from security and event logs and network packet captures. • Respond to and investigate cybersecurity incidents using forensic analysis techniques. • Assess information security risk in computing and network environments. • Implement a vulnerability management program. • Address security issues with an organization‘s network architecture. • Understand the importance of data governance controls. • Address security issues with an organization‘s software development life cycle. • Address security issues with an organization‘s use of cloud and service-oriented architecture. Target Student This course is primarily designed for students who are seeking the CompTIA CySA+ certification and who want to prepare for the CompTIA CySA+ CS0-002 certification exam. The course more generally supports candidates working in or aiming for job roles such About This Course viii | Preface      as security operations center (SOC) analyst, vulnerability analyst, cybersecurity specialist, threat intelligence analyst, security engineer, and cybersecurity analyst. Prerequisites To ensure your success in this course, you should meet the following requirements: • At least two years‘ experience in computer network security technology or a related field • The ability to recognize information security vulnerabilities and threats in the context of risk management • Foundation-level operational skills with the common operating systems for PCs, mobile devices, and servers • Foundation-level understanding of some of the common concepts for network environments, such as routing and switching • Foundational knowledge of TCP/IP networking protocols, including IP, ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP/HTTPS, SMTP, and POP3/IMAP • Foundational knowledge of the concepts and operational framework of common assurance safeguards in computing environments. Safeguards include authentication and authorization, resource permissions, and antimalware mechanisms. • Foundational knowledge of the concepts and operational framework of common assurance safeguards in network environments, such as firewalls, IPS, NAC, and VPNs You can obtain this level of skill and knowledge by taking the following Official CompTIA courses: • The Official CompTIA Network+ (Exam N10-007) Guide • The Official CompTIA Security+ (Exam SY0-501) Guide The prerequisites for this course might differ significantly from the prerequisites for  the CompTIA certification exams. For the most up‐to‐date information about the exam  prerequisites, complete the form on this page: comptia.org/training/exam‐objectives.      How to Use the Study Notes The following notes will help you understand how the course structure and components are designed to support mastery of the competencies and tasks associated with the target job roles and help you to prepare to take the certification exam. As You Learn At the top level, this course is divided into lessons, each representing an area of competency within the target job roles. Each lesson comprises a number of topics. A topic contains subjects that are related to a discrete job task, mapped to objectives and content examples in the CompTIA exam objectives document. Rather than follow the exam domains and objectives sequence, lessons and topics are arranged in order of increasing proficiency. Each topic is intended to be studied within a short period (typically 30 minutes at most). Each topic is concluded by one or more activities, designed to help you to apply your understanding of the study notes to practical scenarios and tasks. About This Course Preface | ix Additional to the study content in the lessons, there is a glossary of the terms and concepts used throughout the course. There is also an index to assist in locating particular terminology, concepts, technologies, and tasks within the lesson and topic content. In many electronic versions of the book, you can click links on key words in the topic content  to move to the associated glossary definition, and on page references in the index to move   to that term in the content. To return to the previous location in the document after clicking  a link, use the appropriate functionality in your ebook viewing software.    Watch throughout the material for the following visual cues. Icon Use A note provides additional information, guidance, or hints about a topic or task. A caution note makes you aware of places where you need to be particularly careful with your actions, settings, or decisions, so that you can be sure to get the desired results of an activity or task. Video notes show you where an associated video is particularly relevant to the content. These videos can be accessed through the Video tile in the CompTIA Learning Center. Additional practice questions are available in the Assessment tile in the CompTIA Learning Center. As You Review Any method of instruction is only as effective as the time and effort you, the student, are willing to invest in it. In addition, some of the information that you learn in class may not be important to you immediately, but it may become important later. For this reason, we encourage you to spend some time reviewing the content of the course after your time in the classroom. Following the lesson content, you will find a table mapping the lessons and topics to the exam domains, objectives, and content examples. You can use this as a checklist as you prepare to take the exam, and review any content that you are uncertain about. As a Reference The organization and layout of this book make it an easy-to-use resource for future reference. Guidelines can be used during class and as after-class references when you're back on the job and need to refresh your understanding. Taking advantage of the glossary, index, and table of contents, you can use this book as a first source of definitions, background information, and summaries. How to Use the Lab Activities Each topic is followed by one or more activities. In some activities, you will answer questions, either working individually or as part of a group or class discussion. Other activities are hands-on labs that will help you to get practical experience of typical job tasks. To complete most of the lab activities in this course, you will configure one or more virtual machines (VMs) running on your Hyper-V-enabled HOST computer. About This Course x | Preface          Each lab comprises a number of headings representing tasks or challenges for you to complete as you progress through the activity. Numbered lists represent the detailed   steps for you to follow in the course of completing each task.   Your class might be using hosted CompTIA Labs in place of classroom labs. If this is the    case, follow the steps in the CompTIA Lab environment rather than the steps in this guide.    The CompTIA Labs follow the same general tasks as the classroom labs, but there are some  implementation differences.        Within each task, the following conventions are used:   • Using the mouse—When instructed to click or select, use the main mouse button;   when instructed to right-click, use the secondary button (that is, the button on the   right-hand side of the mouse, assuming right-handed use).   • File and command selection—Files, applets, dialog tabs, and buttons or menus that   you need to select as part of a step are shown in bold. For example: Click OK, Select   Control Panel, and so on.   • Sequences of commands—a sequence of steps to follow to open a file or activate   a command are shown in bold with arrows. For example, if you need to access the system properties in Windows, this would be shown in the text by: Start > Control   Panel > System.   • Key press—Single key press actions are shown with a border, for example START.   Key combinations where you must press multiple keys simultaneously are shown in   bold with a plus sign. For example, press CTRL+C to copy the file. Sometimes you CTRL need to use both the keyboard and the mouse. For example: +click means   hold down the CTRL key and click the main mouse button.   • Commands and typing—Any information that you must enter using the keyboard is   Cutive Mono [email protected] shown in . For example: Type .   Within typed text, italic text represents some sort of variable, such as a dynamically- ping 10.0.0.x   assigned IP address, as in .   • Code blocks—Longer commands and sequences of commands or script/ Cutive Mono   programming code are shown in as separate indented paragraphs.     How to Use the CompTIA Learning Center     The CompTIA Learning Center is an intuitive online platform that provides access to the eBook and all accompanying resources to support The Official CompTIA curriculum. An   access key to the CompTIA Learning Center is delivered upon purchase of the print or   eBook. Resources include:   • Online Reader: An interactive online reader provides the ability to search, highlight,   take notes, and bookmark passages in the eBook. Students can also access the   eBook through the CompTIA eReader mobile app.   • Resources: Supporting materials for students are available for downloading from   the Resources menu, including PowerPoints.   • Videos: Brief videos supplement key topics on the course.   • Assessments: Practice questions help to verify a student’s understanding of   the material for each Lesson. Answers and feedback can be reviewed after each   question, or at the end of the assessment. A timed Final Assessment provides a practice-test-like experience to help students determine their readiness for the     About This Course

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.