CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide
Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam success with this Cert Guide from Pearson IT certification, a leader in IT certification learning.

This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics:

· Assess your knowledge with chapter-ending quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions

· Get practical guidance for next steps and more advanced certifications

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including

· Vulnerability management activities

· Implementing controls to mitigate attacks and software vulnerabilities

· Security solutions for infrastructure management

· Software and hardware assurance best practices

· Understanding and applying the appropriate incident response

· Applying security concepts in support of organizational risk mitigation

Companion Website:

The website provides access to several digital assets as two free, complete practice exams.

Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

1136314455
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide
Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam success with this Cert Guide from Pearson IT certification, a leader in IT certification learning.

This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics:

· Assess your knowledge with chapter-ending quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions

· Get practical guidance for next steps and more advanced certifications

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including

· Vulnerability management activities

· Implementing controls to mitigate attacks and software vulnerabilities

· Security solutions for infrastructure management

· Software and hardware assurance best practices

· Understanding and applying the appropriate incident response

· Applying security concepts in support of organizational risk mitigation

Companion Website:

The website provides access to several digital assets as two free, complete practice exams.

Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

59.99 In Stock
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide

by Troy McMillan
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide

by Troy McMillan

Overview

Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam success with this Cert Guide from Pearson IT certification, a leader in IT certification learning.

This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics:

· Assess your knowledge with chapter-ending quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions

· Get practical guidance for next steps and more advanced certifications

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including

· Vulnerability management activities

· Implementing controls to mitigate attacks and software vulnerabilities

· Security solutions for infrastructure management

· Software and hardware assurance best practices

· Understanding and applying the appropriate incident response

· Applying security concepts in support of organizational risk mitigation

Companion Website:

The website provides access to several digital assets as two free, complete practice exams.

Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Product Details

ISBN-13: 9780136747161
Publisher: Pearson Education
Publication date: 10/24/2020
Series: Certification Guide
Edition description: 2nd ed.
Pages: 784
Sales rank: 982,965
Product dimensions: 7.40(w) x 9.10(h) x 1.70(d)

About the Author

Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones:

· Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)

· Author of CISSP Cert Guide (Pearson)

· Prep test question writer for CCNA Wireless 640-722 Official Cert Guide (Cisco Press)

· Author of CompTIA Advanced Security Practitioner (CASP) Cert Guide (Pearson)

Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2.

He delivers CISSP training classes for CyberVista, and is an authorized online training provider for (ISC)2.

Troy also creates certification practice tests and study guides for CyberVista. He lives in Asheville, North Carolina, with his wife, Heike.

Table of Contents

Introduction xxxvii

Chapter 1 The Importance of Threat Data and Intelligence 3

“Do I Know This Already?” Quiz 3

Foundation Topics 6

Intelligence Sources 6

Open-Source Intelligence6

Proprietary/Closed-Source Intelligence 6

Timeliness 7

Relevancy 7

Confidence Levels 7

Accuracy 7

Indicator Management 7

Structured Threat Information eXpression (STIX) 8

Trusted Automated eXchange of Indicator Information (TAXII) 8

OpenIOC 9

Threat Classification 9

Known Threat vs. Unknown Threat 10

Zero-day 10

Advanced Persistent Threat 11

Threat Actors 12

Nation-state 12

Organized Crime 12

Terrorist Groups 12

Hacktivist 12

Insider Threat 12

Intelligence Cycle 13

Commodity Malware 14

Information Sharing and Analysis Communities 15

Exam Preparation Tasks 16

Chapter 2 Utilizing Threat Intelligence to Support Organizational Security 19

“Do I Know This Already?” Quiz 19

Foundation Topics 21

Attack Frameworks 21

MITRE ATT&CK 21

The Diamond Model of Intrusion Analysis 22

Kill Chain 23

Threat Research 23

Reputational 24

Behavioral 24

Indicator of Compromise (IoC) 25

Common Vulnerability Scoring System (CVSS) 25

Threat Modeling Methodologies 29

Adversary Capability 29

Total Attack Surface 31

Attack Vector 31

Impact 32

Probability 32

Threat Intelligence Sharing with Supported Functions 33

Incident Response 33

Vulnerability Management33

Risk Management 33

Security Engineering 33

Detection and Monitoring34

Exam Preparation Tasks 34

Chapter 3 Vulnerability Management Activities 39

“Do I Know This Already?” Quiz 39

Foundation Topics 41

Vulnerability Identification 41

Asset Criticality 42

Active vs. Passive Scanning 43

Mapping/Enumeration 44

Validation 44

Remediation/Mitigation 45

Configuration Baseline 45

Patching 46

Hardening 46

Compensating Controls 47

Risk Acceptance 47

Verification of Mitigation 47

Scanning Parameters and Criteria 49

Risks Associated with Scanning Activities 49

Vulnerability Feed 49

Scope 49

Credentialed vs. Non-credentialed 51

Server-based vs. Agent-based 52

Internal vs. External 53

Special Considerations 53

Inhibitors to Remediation 62

Exam Preparation Tasks 63

Chapter 4 Analyzing Assessment Output 67

“Do I Know This Already?” Quiz 67

Foundation Topics 69

Web Application Scanner 69

Burp Suite 69

OWASP Zed Attack Proxy (ZAP) 69

Nikto 70

Arachni 70

Infrastructure Vulnerability Scanner 71

Nessus 71

OpenVAS 71

Software Assessment Tools and Techniques 72

Static Analysis 73

Dynamic Analysis 74

Reverse Engineering 75

Fuzzing 75

Enumeration 76

Nmap 76

Host Scanning 79

hping 80

Active vs. Passive 82

Responder 82

Wireless Assessment Tools 82

Aircrack-ng 83

Reaver 84

oclHashcat 86

Cloud Infrastructure Assessment Tools 86

ScoutSuite 87

Prowler 87

Pacu 87

Exam Preparation Tasks 88

Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology 93

“Do I Know This Already?” Quiz 93

Foundation Topics 97

Mobile 97

Unsigned Apps/System Apps 98

Security Implications/Privacy Concerns 99

Device Loss/Theft 100

Rooting/Jailbreaking 100

Push Notification Services 100

Geotagging 100

OEM/Carrier Android Fragmentation 101

Mobile Payment 101

USB 102

Malware 102

Unauthorized Domain Bridging 103

SMS/MMS/Messaging 103

Internet of Things (IoT) 103

IoT Examples 104

Methods of Securing IoT Devices 104

Embedded Systems 105

Real-Time Operating System (RTOS) 105

System-on-Chip (SoC) 105

Field Programmable Gate Array (FPGA) 105

Physical Access Control 106

Systems 106

Devices 107

Facilities 107

Building Automation Systems 109

IP Video 109

HVAC Controllers 111

Sensors 111

Vehicles and Drones 111

CAN Bus 112

Drones 113

Workflow and Process Automation Systems 113

Incident Command System (ICS) 114

Supervisory Control and Data Acquisition (SCADA) 114

Modbus 118

Exam Preparation Tasks 118

Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud 123

“Do I Know This Already?” Quiz 123

Foundation Topics 126

Cloud Deployment Models 126

Cloud Service Models 127

Function as a Service (FaaS)/Serverless Architecture 128

Infrastructure as Code (IaC) 130

Insecure Application Programming Interface (API) 131

Improper Key Management 132

Key Escrow 133

Key Stretching 134

Unprotected Storage 134

Transfer/Back Up Data to Uncontrolled Storage 134

Big Data 135

Logging and Monitoring 136

Insufficient Logging and Monitoring 136

Inability to Access 136

Exam Preparation Tasks 137

Chapter 7 Implementing Controls to Mitigate Attack sand Software Vulnerabilities 141

“Do I Know This Already?” Quiz 141

Foundation Topics 143

Attack Types 143

Extensible Markup Language (XML) Attack 143

Structured Query Language (SQL) Injection 145

Overflow Attacks 147

Remote Code Execution 150

Directory Traversal 151

Privilege Escalation 152

Password Spraying 152

Credential Stuffing 152

Impersonation 154

Man-in-the-Middle Attack 154

Session Hijacking 158

Rootkit 159

Cross-Site Scripting 160

Vulnerabilities 163

Improper Error Handling163

Dereferencing 163

Insecure Object Reference 163

Race Condition 164

Broken Authentication164

Sensitive Data Exposure 165

Insecure Components 165

Insufficient Logging and Monitoring 166

Weak or Default Configurations 167

Use of Insecure Functions 168

Exam Preparation Tasks 169

Chapter 8 Security Solutions for Infrastructure Management 173

“Do I Know This Already?” Quiz 173

Foundation Topics 177

Cloud vs. On-premises 177

Cloud Mitigations 177

Asset Management 178

Asset Tagging 178

Device-Tracking Technologies 178

Object-Tracking and Object-Containment Technologies 179

Segmentation 180

Physical 180

Virtual 182

Jumpbox 183

System Isolation 184

Network Architecture 185

Physical 186

Software-Defined Networking 193

Virtual Private Cloud (VPC) 195

Virtual Private Network (VPN) 195

Serverless 200

Change Management 201

Virtualization 201

Security Advantages and Disadvantages of Virtualization 201

Type 1 vs. Type 2 Hypervisors 203

Virtualization Attacks and Vulnerabilities 203

Virtual Networks 205

Management Interface 205

Vulnerabilitie sAssociated with a Single Physical Server Hosting Multiple Companies' Virtual Machines 206

Vulnerabilities Associated with a Single Platform Hosting Multiple Companies' Virtual Machines 207

Virtual Desktop Infrastructure (VDI) 207

Terminal Services/Application Delivery Services 208

Containerization 208

Identity and Access Management 209

Identify Resources 210

Identify Users 210

Identify Relationships Between Resources and Users 210

Privilege Management 211

Multifactor Authentication (MFA) 211

Single Sign-On (SSO) 214

Active Directory 217

SESAME 219

Federation 219

Role-Based Access Control 224

Attribute-Based Access Control 225

Mandatory Access Control 228

Manual Review 229

Cloud Access Security Broker (CASB) 229

Honeypot 230

Monitoring and Logging 230

Log Management 230

Audit Reduction Tools 231

NIST SP 800-137 232

Encryption 232

Cryptographic Types 233

Hashing Functions 238

Message Digest Algorithm 239

Transport Encryption 240

Certificate Management 242

Certificate Authority and Registration Authority 243

Certificates 243

Certificate Revocation List 244

OCSP 244

PKI Steps 245

Cross-Certification 245

Digital Signatures 245

Active Defense 246

Hunt Teaming 247

Exam Preparation Tasks 247

Chapter 9 Software Assurance Best Practices 253

“Do I Know This Already?” Quiz 253

Foundation Topics 256

Platforms 256

Mobile 256

Web Application 260

Client/Server 263

Embedded 263

System-on-Chip (SoC) 265

Firmware 266

Software Development Life Cycle (SDLC) Integration 267

Step 1: Plan/Initiate Project 267

Step 2: Gather Requirements 268

Step 3: Design 268

Step 4: Develop 269

Step 5: Test/Validate 269

Step 6: Release/Maintain 269

Step 7: Certify/Accredit 270

Step 8: Change Management and Configuration Management/Replacement 270

DevSecOps 270

DevOps 270

Software Assessment Methods 272

User Acceptance Testing 272

Stress Test Application 272

Security Regression Testing 273

Code Review 273

Security Testing 274

Code Review Process 275

Secure Coding Best Practices 275

Input Validation 275

Output Encoding 276

Session Management 276

Authentication 277

Data Protection 285

Parameterized Queries 285

Static Analysis Tools 286

Dynamic Analysis Tools 286

Formal Methods for Verification of Critical Software 286

Service-Oriented Architecture 287

Security Assertions Markup Language (SAML) 287

Simple Object Access Protocol (SOAP) 287

Representational State Transfer (REST) 288

Microservices 288

Exam Preparation Tasks 289

Chapter 10 Hardware Assurance Best Practices 295

“Do I Know This Already?” Quiz 295

Foundation Topics 298

Hardware Root of Trust 298

Trusted Platform Module (TPM) 299

Virtual TPM 300

Hardware Security Module (HSM) 302

MicroSD HSM 302

eFuse 303

Unified Extensible Firmware Interface (UEFI) 303

Trusted Foundry 304

Secure Processing 305

Trusted Execution 305

Secure Enclave 307

Processor Security Extensions 307

Atomic Execution 307

Anti-Tamper 308

Self-Encrypting Drives 308

Trusted Firmware Updates 308

Measured Boot and Attestation 310

Measured Launch 311

Integrity Measurement Architecture 311

Bus Encryption 311

Exam Preparation Tasks 312

Chapter 11 Analyzing Data as Part of Security Monitoring Activities 317

“Do I Know This Already?” Quiz 317

Foundation Topics 320

Heuristics 320

Trend Analysis 320

Endpoint 321

Malware 323

Memory 329

System and Application Behavior 333

File System 339

User and Entity Behavior Analytics (UEBA) 341

Network 342

Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis 342

DNS Analysis 342

Domain Generation Algorithm 343

Flow Analysis 345

NetFlow Analysis 346

Packet and Protocol Analysis 348

Malware 348

Log Review 348

Event Logs 349

Syslog 350

Kiwi Syslog Server 352

Firewall Logs 353

Web Application Firewall (WAF) 355

Proxy 356

Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) 357

Impact Analysis 361

Organization Impact vs.Localized Impact 361

Immediate Impact vs.Total Impact 361

Security Information and Event Management (SIEM) Review 361

Rule Writing 362

Known-Bad Internet Protocol (IP) 363

Dashboard 363

Query Writing 366

String Search 366

Script 366

Piping 367

E-mail Analysis 367

E-mail Spoofing 368

Malicious Payload 368

Domain Keys Identified Mail (DKIM) 368

Sender Policy Framework (SPF) 369

Domain-based Message Authentication, Reporting, and Conformance (DMARC) 369

Phishing 369

Forwarding 370

Digital Signature 371

E-mail Signature Block 372

Embedded Links 372

Impersonation 372

Exam Preparation Tasks 372

Chapter 12 Implementing Configuration Changes to Existing Controls to Improve Security 377

“Do I Know This Already?” Quiz 377

Foundation Topics 381

Permissions 381

Whitelisting and Blacklisting 381

Application Whitelisting and Blacklisting 382

Input Validation 382

Firewall 383

NextGen Firewalls 383

Host-Based Firewalls 384

Intrusion Prevention System (IPS) Rules 386

Data Loss Prevention (DLP) 386

Endpoint Detection and Response (EDR) 387

Network Access Control (NAC) 387

Quarantine/Remediation 389

Agent-Based vs. Agentless NAC 389

802.1X 389

Sinkholing 391

Malware Signatures 391

Development/Rule Writing 392

Sandboxing 392

Port Security 394

Limiting MAC Addresses 395

Implementing Sticky MAC 395

Exam Preparation Tasks 396

Chapter 13 The Importance of Proactive Threat Hunting 401

“Do I Know This Already?” Quiz 401

Foundation Topics 404

Establishing a Hypothesis 404

Profiling Threat Actors and Activities 405

Threat Hunting Tactics 406

Hunt Teaming 406

Threat Model 406

Executable Process Analysis 407

Memory Consumption 409

Reducing the Attack Surface Area 409

System Hardening 410

Configuration Lockdown 410

Bundling Critical Assets 411

Commercial Business Classifications 411

Military and Government Classifications 412

Distribution of Critical Assets 412

Attack Vectors 412

Integrated Intelligence 413

Improving Detection Capabilities 413

Continuous Improvement 413

Continuous Monitoring 414

Exam Preparation Tasks 414

Chapter 14 Automation Concepts and Technologies 419

“Do I Know This Already?” Quiz 419

Foundation Topics 422

Workflow Orchestration 422

Scripting 423

Application Programming Interface (API) Integration 424

Automated Malware Signature Creation 424

Data Enrichment 425

Threat Feed Combination 426

Machine Learning 426

Use of Automation Protocols and Standards 427

Security Content Automation Protocol (SCAP) 427

Continuous Integration 428

Continuous Deployment/Delivery 428

Exam Preparation Tasks 429

Chapter 15 The Incident Response Process 433

“Do I Know This Already?” Quiz 433

Foundation Topics 435

Communication Plan 435

Limiting Communication to Trusted Parties 435

Disclosing Based on Regulatory/Legislative Requirements 435

Preventing Inadvertent Release of Information 435

Using a Secure Method of Communication 435

Reporting Requirements 436

Response Coordination with Relevant Entities 436

Legal 436

Human Resources 437

Public Relations 437

Internal and External 437

Law Enforcement 437

Senior Leadership 438

Regulatory Bodies 438

Factors Contributing to Data Criticality 439

Personally Identifiable Information (PII) 439

Personal Health Information (PHI) 440

Sensitive Personal Information (SPI) 441

High Value Assets 441

Financial Information 441

Intellectual Property 442

Corporate Information 444

Exam Preparation Tasks 445

Chapter 16 Applying the Appropriate Incident Response Procedure 449

“Do I Know This Already?” Quiz 449

Foundation Topics 452

Preparation 452

Training 452

Testing 453

Documentation of Procedures 453

Detection and Analysis 454

Characteristics Contributing to Severity Level Classification 455

Downtime and Recovery Time 455

Data Integrity 456

Economic 456

System Process Criticality 457

Reverse Engineering 457

Data Correlation 458

Containment 458

Segmentation 458

Isolation 459

Eradication and Recovery 459

Vulnerability Mitigation 459

Sanitization 460

Reconstruction/Reimaging 460

Secure Disposal 460

Patching 461

Restoration of Permissions 461

Reconstitution of Resources 462

Restoration of Capabilities and Services 462

Verification of Logging/Communication to Security Monitoring 462

Post-Incident Activities 463

Evidence Retention 463

Lessons Learned Report 463

Change Control Process 464

Incident Response Plan Update 464

Incident Summary Report 464

Indicator of Compromise (IoC) Generation 465

Monitoring 465

Exam Preparation Tasks 465

Chapter 17 Analyzing Potential Indicators of Compromise 469

“Do I Know This Already?” Quiz 469

Foundation Topics 472

Network-Related Indicators of Compromise 472

Bandwidth Consumption 472

Beaconing 473

Irregular Peer-to-Peer Communication 473

Rogue Device on the Network 475

Scan/Sweep 476

Unusual Traffic Spike 476

Common Protocol over Non-standard Port 476

Host-Related Indicators of Compromise 477

Processor Consumption 477

Memory Consumption 477

Drive Capacity Consumption 477

Unauthorized Software 477

Malicious Process 478

Unauthorized Change 479

Unauthorized Privilege 479

Data Exfiltration 479

Abnormal OS Process Behavior 479

File System Change or Anomaly 479

Registry Change or Anomaly 480

Unauthorized Scheduled Task 480

Application-Related Indicators of Compromise 480

Anomalous Activity 480

Introduction of New Accounts 480

Unexpected Output 480

Unexpected Outbound Communication 481

Service Interruption 481

Application Log 481

Exam Preparation Tasks 482

Chapter 18 Utilizing Basic Digital Forensics Techniques 485

“Do I Know This Already?” Quiz 485

Foundation Topics 488

Network 488

Wireshark 488

tcpdump 490

Endpoint 490

Disk 491

Memory 493

Mobile 494

Cloud 495

Virtualization 497

Legal Hold 497

Procedures 497

EnCase Forensic 498

Sysinternals 498

Forensic Investigation Suite 498

Hashing 499

Hashing Utilities 499

Changes to Binaries 500

Carving 500

Data Acquisition 501

Exam Preparation Tasks 501

Chapter 19 The Importance of Data Privacy and Protection 505

“Do I Know This Already?” Quiz 505

Foundation Topics 508

Privacy vs. Security 508

Non-technical Controls 508

Classification 508

Ownership 508

Retention 509

Data Types 509

Retention Standards 510

Confidentiality 510

Legal Requirements 510

Data Sovereignty 514

Data Minimization 515

Purpose Limitation 515

Non-disclosure agreement (NDA) 516

Technical Controls 516

Encryption 516

Data Loss Prevention (DLP) 516

Data Masking 516

Deidentification 517

Tokenization 517

Digital Rights Management (DRM) 517

Geographic Access Requirements 521

Access Controls 521

Exam Preparation Tasks 521

Chapter 20 Applying Security Concepts in Support of Organizational Risk Mitigation 527

“Do I Know This Already?” Quiz 527

Foundation Topics 530

Business Impact Analysis 530

Identify Critical Processes and Resources 530

Identify Outage Impacts and Estimate Downtime 531

Identify Resource Requirements 531

Identify Recovery Priorities 531

Risk Identification Process 532

Make Risk Determination Based upon Known Metrics 533

Qualitative Risk Analysis 533

Quantitative Risk Analysis 534

Risk Calculation 534

Probability 535

Magnitude 535

Communication of Risk Factors 536

Risk Prioritization 537

Security Controls 538

Engineering Tradeoffs 538

Systems Assessment 539

ISO/IEC 27001 539

ISO/IEC 27002 541

Documented Compensating Controls 541

Training and Exercises 542

Red Team 542

Blue Team 542

White Team 543

Tabletop Exercise 543

Supply Chain Assessment 543

Vendor Due Diligence 543

Hardware Source Authenticity 544

Exam Preparation Tasks 544

Chapter 21 The Importance of Frameworks, Policies,Procedures, and Controls 549

“Do I Know This Already?” Quiz 549

Foundation Topics 552

Frameworks 552

Risk-Based Frameworks 552

Prescriptive Frameworks 555

Policies and Procedures 562

Code of Conduct/Ethics 563

Acceptable Use Policy (AUP) 563

Password Policy 564

Data Ownership 567

Data Retention 567

Account Management 568

Continuous Monitoring 569

Work Product Retention 570

Category 570

Managerial 570

Operational 571

Technical 571

Control Type 571

Preventative 572

Detective 572

Corrective 572

Deterrent 572

Directive 572

Physical 572

Audits and Assessments 573

Regulatory 573

Compliance 575

Exam Preparation Tasks 575

Chapter 22 Final Preparation 579

Exam Information 579

Getting Ready 580

Tools for Final Preparation 582

Pearson Test Prep Practice Test Software and Questions on the Website 582

Memory Tables 582

Chapter-Ending Review Tools 582

Suggested Plan for Final Review/Study 583

Summary 583

Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 585

Appendix B CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide Exam Updates 651

Glossary of Key Terms 653

Online Elements:

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

Appendix E Study Planner

Glossary of Key Terms

9780136747161 TOC 9/1/2020

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computer Certification & Training
Other Computer Certification
Computers
Computer Certification & Training
Other Computer Certification

Customer Reviews