CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)

CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)

by Bobby E. Rogers
Released January 2021
Publisher(s): McGraw-Hill
ISBN: 9781260462258

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Focused coverage of every topic on the current version of the CompTIA CySA+ exam

Get on the fast track to becoming CompTIA CySA+ certified with this affordable, portable study tool. Inside, cybersecurity professional Bobby Rogers guides you on your career path, providing expert tips and sound advice along the way. With an intensive focus only on what you need to know to pass CompTIA CySA+ Exam CS0-002, this certification passport is your ticket to success on exam day.

Designed for focus on key topics and exam success:

  • List of official exam objectives covered by domain
  • Exam Tip element offers expert pointers for success on the test
  • Key Term highlights specific term or acronym definitions key to passing the exam
  • Caution notes common pitfalls and real-world issues as well as warnings about the exam
  • Tables, bulleted lists, and figures throughout focus on quick reference and review
  • Cross-References point to an essential, related concept covered elsewhere in the book
  • Practice questions and content review after each objective section prepare you for exam mastery

Covers all exam topics, including:

  • Threat and vulnerability management
  • Threat data and intelligence
  • Vulnerability management, assessment tools, and mitigation
  • Software and systems security
  • Solutions for infrastructure management
  • Software and hardware assurance best practices
  • Security operations and monitoring
  • Proactive threat hunting
  • Automation concepts and technologies
  • Incident response process, procedure, and analysis
  • Compliance and assessment
  • Data privacy and protection
  • Support of organizational risk mitigation

Online content includes:

  • Customizable practice exam test engine for CS0-002
  • 200+ realistic multiple-choice and performance-based practice questions and in-depth explanations

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. 1.0 Threat and Vulnerability Management
    1. Objective 1.1 Explain the importance of threat data and intelligence
    2. Intelligence Sources
      1. Open-Source Intelligence
      2. Proprietary and Closed-Source Intelligence
      3. Timeliness
      4. Relevancy
      5. Accuracy
    3. Confidence Levels
    4. Indicator Management
      1. Structured Threat Information eXpression (STIX)
      2. Trusted Automated eXchange of Indicator Intelligence (TAXII)
      3. OpenIOC
    5. Threat Classification
      1. Known Threats vs. Unknown Threats
      2. Zero-Day Threats
      3. Advanced Persistent Threats
    6. Threat Actors
      1. Nation-States
      2. Hacktivists
      3. Organized Crime
      4. Insider Threats
    7. Intelligence Cycle
      1. Requirements
      2. Collection
      3. Analysis
      4. Dissemination
      5. Feedback
    8. Commodity Malware
    9. Information Sharing and Analysis Communities
      1. Healthcare
      2. Financial
      3. Aviation
      4. Government
      5. Critical Infrastructure
    10. REVIEW
      1. 1.1 QUESTIONS
      2. 1.1 ANSWERS
    11. Objective 1.2 Given a scenario, utilize threat intelligence to support organizational security
    12. Attack Frameworks
      1. MITRE ATT&CK
      2. The Diamond Model of Intrusion Analysis
      3. Cyber Kill Chain
    13. Threat Research
      1. Reputational
      2. Behavioral
      3. Indicators of Compromise (IOCs)
      4. Common Vulnerability Scoring System (CVSS)
    14. Threat Modeling Methodologies
      1. Common Threat Modeling Methodologies
      2. Adversary Capability
      3. Total Attack Surface
      4. Attack Vector
      5. Impact
      6. Likelihood
    15. Threat Intelligence Sharing with Supported Functions
      1. Incident Response
      2. Vulnerability Management
      3. Risk Management
      4. Security Engineering
      5. Detection and Monitoring
    16. REVIEW
      1. 1.2 QUESTIONS
      2. 1.2 ANSWERS
    17. Objective 1.3 Given a scenario, perform vulnerability management activities
    18. Vulnerability Identification
      1. Asset Criticality
      2. Active vs. Passive Scanning
      3. Mapping/Enumeration
    19. Validation
      1. True Positive
      2. False Positive
      3. True Negative
      4. False Negative
    20. Remediation/Mitigation
      1. Configuration Baseline
      2. Patching
      3. Hardening
      4. Compensating Controls
      5. Risk Acceptance
      6. Verification of Mitigation
    21. Scanning Parameters and Criteria
      1. Risks Associated with Scanning Activities
      2. Vulnerability Feed
      3. Scope
      4. Credentialed vs. Non-Credentialed
      5. Server-Based vs. Agent-Based
      6. Internal vs. External
      7. Special Considerations
    22. Inhibitors to Remediation
      1. Memorandum of Understanding (MOU)
      2. Service Level Agreement (SLA)
      3. Organizational Governance
      4. Business Process Interruption
      5. Degrading Functionality
      6. Legacy Systems
      7. Proprietary Systems
    23. REVIEW
      1. 1.3 QUESTIONS
      2. 1.3 ANSWERS
    24. Objective 1.4 Given a scenario, analyze the output from common vulnerability assessment tools
    25. Vulnerability Assessment Tools
    26. Application Tools
      1. Web Application Scanners
      2. Software Assessment Tools and Techniques
    27. Infrastructure Tools
      1. Network Enumeration
      2. Network Vulnerability Scanners
      3. Wireless Assessment
      4. Cloud Infrastructure Assessment
    28. REVIEW
      1. 1.4 QUESTIONS
      2. 1.4 ANSWERS
    29. Objective 1.5 Explain the threats and vulnerabilities associated with specialized technology
    30. Mobile Devices
      1. Mobile Device Threats and Vulnerabilities
      2. Corporate Device Considerations
      3. Mobile Device Protections
    31. Internet of Things (IoT)
      1. Embedded Devices
      2. Physical Access Controls
      3. Building Automation Systems
      4. Vehicles and Drones
    32. Industrial Control Systems
      1. Workflow and Process Automation Systems
      2. Supervisory Control and Data Acquisition (SCADA)
    33. REVIEW
      1. 1.5 QUESTIONS
      2. 1.5 ANSWERS
    34. Objective 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
    35. Cloud Service Models
      1. Software as a Service (SaaS)
      2. Platform as a Service (PaaS)
      3. Infrastructure as a Service (IaaS)
      4. Serverless Architecture and Function as a Service (FaaS)
      5. Infrastructure as Code (IaC)
    36. Cloud Deployment Models
      1. Public
      2. Private
      3. Community
      4. Hybrid
    37. Cloud Vulnerabilities
      1. Insecure Application Programming Interface (API)
      2. Improper Key Management
      3. Unprotected Storage
      4. Insufficient Logging and Monitoring
      5. Inability to Access
    38. REVIEW
      1. 1.6 QUESTIONS
      2. 1.6 ANSWERS
    39. Objective 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
    40. Vulnerabilities
      1. Improper Error Handling
      2. Dereferencing
      3. Insecure Object Reference
      4. Race Condition
      5. Broken Authentication
      6. Sensitive Data Exposure
      7. Insecure Components
      8. Insufficient Logging and Monitoring
      9. Weak or Default Configurations
      10. Use of Insecure Functions
    41. Attack Types
      1. Injection Attacks
      2. Authentication Attacks
      3. Overflow Attacks
    42. REVIEW
      1. 1.7 QUESTIONS
      2. 1.7 ANSWERS
  9. 2.0 Software and Systems Security
    1. Objective 2.1 Given a scenario, apply security solutions for infrastructure management
    2. Infrastructure Management
      1. Cloud vs. On-Premises
      2. Asset Management
      3. Segmentation
      4. Network Architecture
      5. Change Management
      6. Virtualization
      7. Containerization
    3. Identity and Access Management
      1. Authentication Methods
      2. Access Control Models
      3. Cloud Access Security Broker (CASB)
      4. Honeypot
      5. Monitoring and Logging
      6. Encryption
      7. Certificate Management
      8. Active Defense
    4. REVIEW
      1. 2.1 QUESTIONS
      2. 2.1 ANSWERS
    5. Objective 2.2 Explain software assurance best practices
    6. Platforms
      1. Mobile
      2. Web Application
      3. Client/Server
      4. Embedded Platforms
      5. Firmware
      6. System-on-Chip (SoC)
    7. Service-Oriented Architecture
      1. Security Assertions Markup Language (SAML)
      2. Simple Object Access Protocol (SOAP)
      3. Representational State Transfer (REST)
      4. Microservices
    8. Software Development Lifecycle (SDLC) Integration
    9. DevSecOps
    10. Secure Coding Best Practices
      1. Input Validation
      2. Output Encoding
      3. Session Management
      4. Authentication
      5. Data Protection
      6. Parameterized Queries
    11. Software Assessment Methods
      1. User Acceptance Testing
      2. Stress Testing
      3. Security Regression Testing
      4. Code Review
      5. Static Analysis Tools
      6. Dynamic Analysis Tools
      7. Formal Methods for Verification of Critical Software
    12. REVIEW
      1. 2.2 QUESTIONS
      2. 2.2 ANSWERS
    13. Objective 2.3 Explain hardware assurance best practices
    14. Hardware Root of Trust
      1. Trusted Platform Module (TPM)
      2. Hardware Security Module (HSM)
    15. eFuse
    16. Unified Extensible Firmware Interface (UEFI)
    17. Trusted Foundry
    18. Secure Processing
      1. Trusted Execution and Secure Enclave
      2. Processor Security Extensions
      3. Atomic Execution
    19. Bus Encryption
    20. Anti-Tamper
    21. Self-Encrypting Drive (SED)
    22. Trusted Firmware Updates
    23. Measured Boot and Attestation
    24. REVIEW
      1. 2.3 QUESTIONS
      2. 2.3 ANSWERS
  10. 3.0 Security Operations and Monitoring
    1. Objective 3.1 Given a scenario, analyze data as part of security monitoring activities
    2. Heuristics
    3. Trend Analysis
    4. Endpoint Data
      1. Known-Good vs. Anomalous Behavior Analysis
      2. Malware Analysis and Reverse Engineering
      3. Memory Analysis
      4. File System Analysis
      5. System and Application Behavior
      6. User and Entity Behavior Analytics (UEBA)
      7. Analysis of Endpoint Exploitation Techniques
    5. Network
      1. Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis
      2. Domain Generation Algorithm
      3. Flow Analysis
      4. Packet and Protocol Analysis
      5. Network-Based Malware Analysis
    6. Log Review
      1. Event Logs
      2. Syslog
      3. Firewall Logs
      4. Web Application Firewall (WAF)
      5. Proxy
      6. Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
    7. Impact Analysis
      1. Organization Impact vs. Localized Impact
      2. Immediate vs. Total
    8. Security Information and Event Management (SIEM) Review
      1. Dashboard
      2. Rule and Query Writing
      3. String Search
      4. Scripting and Piping
    9. E-mail Analysis
      1. Impersonation
      2. Malicious Payload
      3. Embedded Links
      4. Phishing
      5. Forwarding
      6. Digital Signatures
      7. Header
      8. E-mail Signature Block
      9. Domain Keys Identified Mail (DKIM)
      10. Sender Policy Framework (SPF)
      11. Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
    10. REVIEW
      1. 3.1 QUESTIONS
      2. 3.1 ANSWERS
    11. Objective 3.2 Given a scenario, implement configuration changes to existing controls to improve security
    12. Review of Control Concepts
      1. Control Categories and Functions
      2. Control Implementation and Risk
    13. Permissions
      1. Windows Permissions
      2. Linux Permissions
    14. Access Control Lists
      1. Allow Lists
      2. Deny Lists
    15. Firewalls
      1. Packet-Filtering Firewalls
      2. Circuit-Level Gateways
      3. Stateful Inspection Firewalls
      4. Application-Level Gateways
      5. Web Application Firewalls (WAFs)
      6. Next-Generation Firewalls
      7. Cloud-Based Firewalls
    16. Intrusion Prevention System (IPS) Rules
    17. Data Loss Prevention (DLP)
    18. Endpoint Detection and Response (EDR)
    19. Network Access Control (NAC)
    20. Sinkholing
    21. Malware Signatures
      1. Development/Rule Writing
    22. Sandboxing
    23. Port Security
    24. REVIEW
      1. 3.2 QUESTIONS
      2. 3.2 ANSWERS
    25. Objective 3.3 Explain the importance of proactive threat hunting
    26. Establishing a Hypothesis
    27. Profiling Threat Actors and Activities
    28. Threat Hunting Tactics
      1. Executable Process Analysis
    29. Reducing the Attack Surface Area
      1. System Level
      2. Network Level
      3. Organization Level
      4. Operating Environment
    30. Bundling Critical Assets
    31. Attack Vectors
    32. Integrated Intelligence
    33. Improving Detection Capabilities
    34. REVIEW
      1. 3.3 QUESTIONS
      2. 3.3 ANSWERS
    35. Objective 3.4 Compare and contrast automation concepts and technologies
    36. Automation Concepts
    37. Workflow Orchestration
      1. Security Orchestration, Automation, and Response (SOAR)
      2. Scripting
      3. Application Programming Interface (API) Integration
      4. Automated Malware Signature Creation
      5. Data Enrichment
      6. Threat Feed Combination
      7. Machine Learning
      8. Use of Automation Protocols and Standards
      9. Automating Software Integration, Delivery, and Deployment
    38. REVIEW
      1. 3.4 QUESTIONS
      2. 3.4 ANSWERS
  11. 4.0 Incident Response
    1. Objective 4.1 Explain the importance of the incident response process
    2. Critical Incident Response Processes
      1. Communications Plan
      2. Response Coordination with Relevant Entities
      3. Factors Contributing to Data Criticality
    3. REVIEW
      1. 4.1 QUESTIONS
      2. 4.1 ANSWERS
    4. Objective 4.2 Given a scenario, apply the appropriate incident response procedure
    5. Incident Response Procedures
      1. Preparation
      2. Detection and Analysis
      3. Containment
      4. Eradication and Recovery
      5. Post-Incident Activities
    6. REVIEW
      1. 4.2 QUESTIONS
      2. 4.2 ANSWERS
    7. Objective 4.3 Given an incident, analyze potential indicators of compromise
    8. Analyzing Indicators of Compromise
      1. Network-Related IOCs
      2. Host-Related IOCs
      3. Application-Related IOCs
    9. REVIEW
      1. 4.3 QUESTIONS
      2. 4.3 ANSWERS
    10. Objective 4.4 Given a scenario, utilize basic digital forensics techniques
    11. Forensics Considerations
      1. Forensics Foundations
      2. Network
      3. Endpoint Forensics Considerations
      4. Mobile Forensics
      5. Cloud Forensics
      6. Virtualization Forensics
      7. Key Forensic Procedures
    12. REVIEW
      1. 4.4 QUESTIONS
      2. 4.4 ANSWERS
  12. 5.0 Compliance and Assessment
    1. Objective 5.1 Understand the importance of data privacy and protection
      1. Privacy vs. Security
      2. Nontechnical Controls
      3. Technical Controls
    2. REVIEW
      1. 5.1 QUESTIONS
      2. 5.1 ANSWERS
    3. Objective 5.2 Given a scenario, apply security concepts in support of organizational risk mitigation
    4. Organizational Risk Mitigation
      1. Business Impact Analysis (BIA)
      2. Risk Identification Process
      3. Risk Calculation
      4. Communication of Risk Factors
      5. Risk Prioritization
      6. Systems Assessment
      7. Documented Compensating Controls
      8. Training and Exercises
      9. Supply Chain Assessment
    5. REVIEW
      1. 5.2 QUESTIONS
      2. 5.2 ANSWERS
    6. Objective 5.3 Explain the importance of frameworks, policies, procedures, and controls
    7. Organizational Governance Flow
      1. Frameworks
      2. Policies and Procedures
      3. Control Categories
      4. Control Types
      5. Audits and Assessments
    8. REVIEW
      1. 5.3 QUESTIONS
      2. 5.3 ANSWERS
  13. A About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
      1. Performance-Based Questions
    5. Technical Support
  14. Glossary
  15. Index

Product information

  • Title: CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002)
  • Author(s): Bobby E. Rogers
  • Release date: January 2021
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260462258