CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002), 2nd Edition

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002), 2nd Edition

by Brent Chapman, Fernando Maymi
Released November 2020
Publisher(s): McGraw-Hill
ISBN: 9781260464313

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Prepare for the CompTIA CySA+ certification exam with this fully updated self-study resource

This highly effective self-study system provides complete coverage of every objective for the challenging CompTIA CySA+ Cybersecurity Analyst exam. You’ll find learning objectives at the beginning of each chapter, exam tips, in-depth explanations, and practice exam questions. All questions closely mirror those on the actual test in content, format, and tone. Designed to help you pass the CS0-002 exam with ease, this definitive guide also serves as an essential on-the-job reference.

Covers all exam topics, including:

  • Threat and vulnerability management
  • Threat data and intelligence
  • Vulnerability management, assessment tools, and mitigation
  • Software and systems security
  • Solutions for infrastructure management
  • Software and hardware assurance best practices
  • Security operations and monitoring
  • Proactive threat hunting
  • Automation concepts and technologies
  • Incident response process, procedure, and analysis
  • Compliance and assessment
  • Data privacy and protection
  • Support of organizational risk mitigation
Online content includes:

  • 200+ practice questions
  • Interactive performance-based questions
  • Test engine that provides full-length practice exams and customizable quizzes by exam objective

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Part I Threat and Vulnerability Management
    1. Chapter 1 The Importance of Threat Data and Intelligence
      1. Foundations of Intelligence
      2. Intelligence Sources
        1. Open Source Intelligence
        2. Proprietary/Closed Source Intelligence
        3. Characteristics of Intelligence Source Data
      3. Confidence Levels
      4. Indicator Management
        1. Indicator Lifecycle
        2. Structured Threat Information Expression
        3. Trusted Automated Exchange of Indicator Information
        4. OpenIOC
      5. Threat Classification
        1. Known Threats vs. Unknown Threats
        2. Zero Day
        3. Advanced Persistent Threat
      6. Threat Actors
        1. Nation-State Threat Actors
        2. Hacktivists
        3. Organized Crime
        4. Insider Threat Actors
      7. Intelligence Cycle
        1. Requirements
        2. Collection
        3. Analysis
        4. Dissemination
        5. Feedback
      8. Commodity Malware
      9. Information Sharing and Analysis Communities
      10. Chapter Review
        1. Questions
        2. Answers
    2. Chapter 2 Threat Intelligence in Support of Organizational Security
      1. Levels of Intelligence
      2. Attack Frameworks
        1. MITRE ATT&CK
        2. The Diamond Model of Intrusion Analysis
        3. Kill Chain
      3. Threat Research
        1. Reputational
        2. Behavioral
        3. Indicator of Compromise
        4. Common Vulnerability Scoring System
      4. Threat Modeling Methodologies
        1. Adversary Capability
        2. Total Attack Surface
        3. Attack Vector
        4. Impact
        5. Likelihood
        6. STRIDE
        7. PASTA
      5. Threat Intelligence Sharing with Supported Functions
        1. Incident Response
        2. Vulnerability Management
        3. Risk Management
        4. Security Engineering
        5. Detection and Monitoring
      6. Chapter Review
        1. Questions
        2. Answers
    3. Chapter 3 Vulnerability Management Activities
      1. Vulnerability Identification
        1. Regulatory Environments
        2. Corporate Security Policy
        3. Data Classification
        4. Asset Inventory
        5. Active vs. Passive Scanning
      2. Scanning Parameters and Criteria
        1. Risks Associated with Scanning Activities
        2. Regulatory Requirements
        3. Technical Constraints
        4. Workflow
        5. Sensitivity Levels
        6. Vulnerability Feed
        7. Scope
        8. Noncredentialed vs. Credentialed
        9. Server Based vs. Agent Based
        10. Internal vs. External
        11. Types of Data
        12. Tool Updates and Plug-Ins
        13. SCAP
        14. Special Considerations
      3. Intrusion Prevention System, Intrusion Detection System, and Firewall Settings
      4. Generating Reports
        1. Automated vs. Manual Distribution
      5. Validation
        1. True Positives
        2. False Positives
        3. True Negatives
        4. False Negatives
      6. Remediation
        1. Patching
        2. Prioritizing
        3. Hardening
        4. Compensating Controls
        5. Risk Acceptance
        6. Verification of Mitigation
      7. Inhibitors to Remediation
        1. Memorandum of Understanding
        2. Service Level Agreement
        3. Organizational Governance
        4. Business Process Interruption
        5. Degrading Functionality
        6. Legacy and Proprietary Systems
      8. Ongoing Scanning and Continuous Monitoring
      9. Chapter Review
        1. Questions
        2. Answers
    4. Chapter 4 Vulnerability Assessment Tools
      1. Web Application Scanners
        1. OWASP Zed Attack Proxy
        2. Burp Suite
        3. Nikto
        4. Arachni
      2. Infrastructure Vulnerability Scanners
        1. Nessus
        2. OpenVAS
        3. Qualys
      3. Software Assessment Tools and Techniques
        1. Static Analysis
        2. Dynamic Analysis
        3. Reverse Engineering
        4. Fuzzing
      4. Enumeration Tools and Techniques
        1. nmap
        2. hping
        3. Passive vs. Active Enumeration Techniques
        4. responder
      5. Wireless Assessment Tools
        1. Aircrack-ng
        2. Reaver
        3. oclHashcat
      6. Cloud Infrastructure Assessment Tools
        1. Scout Suite
        2. Prowler
        3. Pacu
      7. Chapter Review
        1. Questions
        2. Answers
    5. Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology
      1. Access Points
      2. Virtual Private Networks
      3. Mobile Devices
        1. Network Vulnerabilities
        2. Device Vulnerabilities
        3. Operating System Vulnerabilities
        4. App Vulnerabilities
      4. Internet of Things
        1. The Mirai Botnet
      5. Embedded Systems
        1. Real-Time Operating Systems
      6. System on a Chip
      7. Field Programmable Gate Array
      8. Physical Access Control
      9. Connected Vehicles
        1. CAN Bus
      10. Drones
        1. Hardware Security
        2. Communications Channels Security
        3. Web Portal Security
      11. Industrial Control Systems
      12. SCADA Devices
        1. Modbus
      13. Process Automation Systems
      14. Chapter Review
        1. Questions
        2. Answers
    6. Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud
      1. Cloud Service Models
        1. Shared Responsibility Model
        2. Software as a Service
        3. Platform as a Service
        4. Infrastructure as a Service
      2. Cloud Deployment Models
        1. Public
        2. Private
        3. Community
        4. Hybrid
      3. Serverless Architecture
        1. Function as a Service
      4. Infrastructure as Code
      5. Insecure Application Programming Interface
        1. Broken Object Level Authorization
        2. Broken User Authentication
        3. Excessive Data Exposure
        4. Lack of Resources and Rate Limiting
        5. Broken Function Level Authorization
        6. Mass Assignment
        7. Security Misconfiguration
        8. Injection
        9. Improper Asset Management
        10. Insufficient Logging and Monitoring
      6. Improper Key Management
      7. Unprotected Storage
      8. Logging and Monitoring
      9. Chapter Review
        1. Questions
        2. Answers
    7. Chapter 7 Mitigating Controls for Attacks and Software Vulnerabilities
      1. Attack Types
        1. Injection Attacks
        2. Buffer Overflow Attacks
        3. Privilege Escalation
        4. Authentication Attacks
        5. Rootkits
      2. Vulnerabilities
        1. Improper Error Handling
        2. Dereferencing
        3. Insecure Object Reference
        4. Race Condition
        5. Sensitive Data Exposure
        6. Insecure Components
        7. Insufficient Logging and Monitoring
        8. Weak or Default Configurations
        9. Use of Insecure Functions
      3. Chapter Review
        1. Questions
        2. Answers
  9. Part II Software and Systems Security
    1. Chapter 8 Security Solutions for Infrastructure Management
      1. Cloud vs. On-Premises Solutions
      2. Network Architecture
        1. Physical Network
        2. Software-Defined Network
        3. Virtual Private Cloud Network
        4. Virtual Private Network
        5. Serverless Network
      3. Virtualization
        1. Hypervisors
        2. Virtual Desktop Infrastructure
      4. Containerization
      5. Network Segmentation
        1. Virtual Local Area Networks
        2. Physical Segmentation
        3. Jump Boxes
        4. System Isolation
      6. Honeypots and Honeynets
      7. Asset Management
        1. Asset Inventory
        2. Asset Tagging
      8. Change Management
      9. Identity and Access Management
        1. Privilege Management
        2. Multifactor Authentication
        3. Single Sign-On
        4. Identity Federation
        5. Role-Based Access Control
        6. Attribute-Based Access Control
        7. Mandatory Access Control
        8. Manual Review
      10. Cloud Access Security Broker
      11. Monitoring and Logging
      12. Encryption
        1. Symmetric Cryptography
        2. Asymmetric Cryptography
        3. Symmetric vs. Asymmetric Cryptography
      13. Certificate Management
      14. Active Defense
      15. Chapter Review
        1. Questions
        2. Answers
    2. Chapter 9 Software Assurance Best Practices
      1. Platforms and Software Architectures
        1. Client/Server
        2. Web Application
        3. Mobile
        4. Embedded
        5. System on a Chip
        6. Firmware
      2. Service-Oriented Architecture
        1. Simple Object Access Protocol
        2. Representational State Transfer
        3. Microservices
        4. Security Assertions Markup Language
      3. The Software Development Lifecycle
        1. Requirements
        2. Development
        3. Implementation
        4. Operation and Maintenance
      4. DevOps and DevSecOps
      5. Software Assessment Methods
        1. User Acceptance Testing
        2. Stress Testing
        3. Security Regression Testing
        4. Code Reviews
        5. Static Analysis Tools
        6. Dynamic Analysis Tools
        7. Formal Methods of Verifying Critical Software
      6. Secure Coding Best Practices
        1. Input Validation
        2. Output Encoding
        3. Session Management
        4. Authentication
        5. Data Protection
        6. Parameterized Queries
      7. Chapter Review
        1. Questions
        2. Answers
    3. Chapter 10 Hardware Assurance Best Practices
      1. Hardware Root of Trust
        1. Trusted Platform Module
        2. Hardware Security Module
      2. eFuse
      3. Firmware
        1. Unified Extensible Firmware Interface
        2. Measured Boot and Attestation
        3. Trusted Firmware Updates
      4. Self-Encrypting Drive
      5. Bus Encryption
      6. Secure Processing
        1. Trusted Execution Environment
        2. Processor Security Extensions
        3. Atomic Execution
      7. Trusted Foundry
      8. Anti-Tamper Techniques
      9. Chapter Review
        1. Questions
        2. Answers
  10. Part III Security Operations and Monitoring
    1. Chapter 11 Data Analysis in Security Monitoring Activities
      1. Security Data Analytics
        1. Data Aggregation and Correlation
      2. Data Analysis
        1. Trend Analysis
        2. Historical Analysis
      3. Behavioral Analysis
        1. Heuristics
        2. Anomaly Analysis
      4. Endpoint Security
        1. Malware
        2. Detect and Block
        3. Fileless Malware
        4. Sandbox
        5. Cloud-Connected Protection
        6. User and Entity Behavior Analytics
      5. Network
        1. Domain Name System Analysis
        2. Domain Generation Algorithms
        3. Flow Analysis
        4. Packet Analysis
        5. Malware
      6. Log Review
        1. Packet Captures
        2. System Logs
        3. Firewall Logs
        4. Intrusion Detection/Prevention Systems
        5. Authentication Logs
      7. Impact Analysis
        1. Availability Analysis
      8. Security Information and Event Management Review
      9. Query Writing
      10. E-mail Analysis
        1. Malicious Payload
        2. DomainKeys Identified Mail
        3. Sender Policy Framework
        4. Domain-Based Message Authentication, Reporting, and Conformance
        5. Header
        6. Phishing
        7. Forwarding
        8. Digital Signatures and Encryption
        9. Embedded Links
        10. Impersonation
      11. Chapter Review
        1. Questions
        2. Answers
    2. Chapter 12 Implement Configuration Changes to Existing Controls to Improve Security
      1. Permissions
        1. Users
        2. Groups
      2. Blacklisting
      3. Whitelisting
      4. Firewalls
        1. Web Proxies
        2. Web Application Firewalls
        3. Operating System Firewalls
      5. Intrusion Prevention System Rules
        1. Snort Rule Building
        2. Zeek Logs
        3. Suricata Rule-Building
        4. Host-Based Intrusion Prevention Systems
      6. Data Loss Prevention
      7. Endpoint Detection and Response
      8. Network Access Control
        1. Time-Based Solution
        2. Rule-Based Solution
        3. Role-Based Solution
        4. Location-Based Solution
      9. Sinkholing
      10. Malware Signatures
      11. Sandboxing
      12. Port Security
      13. Chapter Review
        1. Questions
        2. Answers
    3. Chapter 13 The Importance of Proactive Threat Hunting
      1. Establishing a Hypothesis
      2. Profiling Threat Actors and Activities
      3. Threat-Hunting Tactics
        1. High-Impact TTPs
      4. Delivering Results
        1. Documenting the Process
        2. Reducing the Attack Surface Area and Bundling Critical Assets
        3. Attack Vectors
        4. Integrated Intelligence
        5. Improving Detection Capabilities
      5. Chapter Review
        1. Questions
        2. Answers
    4. Chapter 14 Automation Concepts and Technologies
      1. Workflow Orchestration
        1. Security Orchestration, Automation, and Response Platforms
        2. Orchestration Playbooks
      2. Data Enrichment
      3. Scripting
        1. Python Scripting
        2. PowerShell Scripting
      4. Application Programming Interface Integration
        1. Representational State Transfer
        2. Automating API Calls
      5. Automated Malware Signature Creation
      6. Threat Feed Combination
      7. Machine Learning
      8. Use of Automation Protocols and Standards
        1. Security Content Automation Protocol
      9. Software Engineering
        1. Continuous Integration
        2. Continuous Delivery
        3. Continuous Deployment
      10. Chapter Review
        1. Questions
        2. Answers
  11. Part IV Incident Response
    1. Chapter 15 The Importance of the Incident Response Process
      1. Establishing a Communication Process
        1. Internal Communications
        2. External Communications
        3. Response Coordination with Relevant Entities
      2. Factors Contributing to Data Criticality
        1. Personally Identifiable Information
        2. Personal Health Information
        3. High-Value Assets
        4. Payment Card Information
        5. Intellectual Property
        6. Corporate Confidential Information
      3. Chapter Review
        1. Questions
        2. Answers
    2. Chapter 16 Appropriate Incident Response Procedures
      1. Preparation
        1. Training
        2. Testing
        3. Documentation
      2. Detection and Analysis
        1. Characteristics of Severity Level Classification
        2. Reverse Engineering
      3. Containment
        1. Segmentation
        2. Isolation
        3. Removal
      4. Eradication and Recovery
        1. Vulnerability Mitigation
        2. Sanitization
        3. Reconstruction
        4. Secure Disposal
        5. Patching
        6. Restoration of Permissions
        7. Restoration of Services and Verification of Logging
      5. Post-Incident Activities
        1. Lessons-Learned Report
        2. Change Control Process
        3. Updates to Response Plan
        4. Summary Report
        5. Indicator of Compromise Generation
        6. Monitoring
      6. Chapter Review
        1. Questions
        2. Answers
    3. Chapter 17 Analyze Potential Indicators of Compromise
      1. Network-Related Indicators
        1. Bandwidth Utilization
        2. Beaconing
        3. Irregular Peer-to-Peer Communication
        4. Rogue Devices on the Network
        5. Scan Sweeps
        6. Common Protocol over a Nonstandard Port
      2. Host-Related Indicators
        1. Capacity Consumption
        2. Unauthorized Software
        3. Malicious Processes
        4. Memory Contents
        5. Unauthorized Changes
        6. Unauthorized Privileges
        7. Data Exfiltration
        8. Registry Change or Anomaly
        9. Unauthorized Scheduled Task
      3. Application-Related Indicators
        1. Anomalous Activity
        2. Introduction of New Accounts
        3. Unexpected Output
        4. Unexpected Outbound Communication
        5. Service Interruption
        6. Memory Overflows
        7. Application Logs
      4. Chapter Review
        1. Questions
        2. Answers
    4. Chapter 18 Utilize Basic Digital Forensics Techniques
      1. Phases of an Investigation
        1. Seizure
        2. Data Acquisition
        3. Analysis
        4. Reporting
      2. Network
        1. Network Tap
        2. Hub
        3. Switches
        4. Wireshark/TShark
        5. tcpdump
      3. Endpoints
        1. Servers
        2. OS and Process Analysis
      4. Mobile Device Forensics
      5. Virtualization and the Cloud
      6. Procedures
        1. Building Your Forensic Kit
        2. Cryptography Tools
      7. Acquisition Utilities
        1. Forensic Duplicators
        2. Password Crackers
        3. Hashing Utilities
        4. Forensic Suites
        5. File Carving
      8. Chapter Review
        1. Questions
        2. Answers
  12. Part V Compliance and Assessment
    1. Chapter 19 The Importance of Data Privacy and Protection
      1. Privacy vs. Security
      2. Types of Data
        1. Legal Requirements for Data
      3. Nontechnical Controls
        1. Data Ownership
        2. Data Classification
        3. Data Confidentiality
        4. Data Sovereignty
        5. Data Minimization
        6. Data Purpose Limitation
        7. Data Retention
      4. Technical Controls
        1. Access Controls
        2. Encryption
        3. Sharing Data While Preserving Privacy
        4. Digital Rights Management
        5. Data Loss Prevention
      5. Chapter Review
        1. Questions
        2. Answers
    2. Chapter 20 Security Concepts in Support of Organizational Risk Mitigation
      1. Business Impact Analysis
      2. Risk Assessment
        1. Risk Identification Process
        2. Risk Calculation
        3. Communication of Risk Factors
        4. Risk Prioritization
        5. Security Controls
        6. Engineering Tradeoffs
      3. Documented Compensating Controls
      4. Systems Assessment
      5. Supply Chain Risk Assessment
        1. Vendor Due Diligence
        2. Hardware Source Authenticity
      6. Training and Exercises
        1. Types of Exercises
        2. Red Team
        3. Blue Team
        4. White Team
      7. Chapter Review
        1. Questions
        2. Answers
    3. Chapter 21 The Importance of Frameworks, Policies, Procedures, and Controls
      1. Security Frameworks
        1. NIST
        2. ISO/IEC 27000 Series
        3. Center for Internet Security Controls
      2. Policies and Procedures
        1. Ethics and Codes of Conduct
        2. Acceptable Use Policy
        3. Password Policy
        4. Data Ownership
        5. Data Retention
        6. Work Product Retention
        7. Account Management
        8. Continuous Monitoring
      3. Control Types
      4. Audits and Assessments
        1. Standards Compliance
        2. Regulatory Compliance
      5. Chapter Review
        1. Questions
        2. Answers
  13. Part VI Appendixes and Glossary
    1. Appendix A Objective Map
    2. Appendix B About the Online Content
      1. System Requirements
      2. Your Total Seminars Training Hub Account
        1. Privacy Notice
      3. Single User License Terms and Conditions
      4. TotalTester Online
        1. Performance-Based Questions
      5. Technical Support
  14. Glossary
  15. Index

Product information

  • Title: CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002), 2nd Edition
  • Author(s): Brent Chapman, Fernando Maymi
  • Release date: November 2020
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260464313