CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Third Edition (Exam CS0-003)

By

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Third Edition (Exam CS0-003)

Mya Heath, Fernando J. Maymi, Bobby E. Rogers, Brent Chapman

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide

CONTENTS

Acknowledgments

Introduction

Part I Security Operations

Chapter 1 System and Network Architectures

The Importance of Logging

Logging Levels

Log Ingestion

Time Synchronization

Operating System Concepts

Windows Registry

Linux Configuration Settings

System Hardening

File Structure

System Processes

Hardware Architecture

Network Architecture

On-premises Architecture

Network Segmentation

Zero Trust

Software-Defined Networking

Secure Access Secure Edge

Cloud Service Models

Cloud Deployment Models

Hybrid Models

Cloud Access Security Broker

Infrastructure Concepts

Virtualization

Containerization

Serverless Architecture

Identity and Access Management

Multifactor Authentication

Single Sign-On

Federation

Privileged Access Management

Encryption

Symmetric Cryptography

Asymmetric Cryptography

Symmetric vs. Asymmetric Cryptography

Public Key Infrastructure

Digital Signatures

Sensitive Data Protection

Personally Identifiable Information

Personal Health Information

Cardholder Data

Data Loss Prevention

Secure Sockets Layer and Transport Layer Security

Inspection

Chapter Review

Questions

Answers

Chapter 2 Standardizing and Streamlining Security Operations

Streamlining Security Operations

Automation and Orchestration

Orchestration Playbooks

Process Standardization

Identification of Tasks Suitable for Automation

Minimizing Human Engagement

Team Coordination to Manage and Facilitate Automation

Technology and Tool Integration

Scripting

Application Programming Interface

Representational State Transfer

Automating API Calls

Webhooks

Plug-Ins

Orchestrating Threat Intelligence Data

Data Enrichment

Single Pane of Glass

Use of Automation Protocols and Standards

Security Content Automation Protocol

Chapter Review

Questions

Answers

Chapter 3 Attack Methodology Frameworks

Attack Frameworks

MITRE ATT&CK

The Diamond Model of Intrusion Analysis

Kill Chain

Open Source Security Testing Methodology Manual

OWASP Web Security Testing Guide

Chapter Review

Questions

Answers

Chapter 4 Analyzing Potentially Malicious Activity

Network-Related Indicators

Bandwidth Consumption

Beaconing

Irregular Peer-to-Peer Communication

Rogue Devices on the Network

Scans/Sweeps

Unusual Traffic Spikes

Activity on Unexpected Ports

Network-Related Indicators Summary

Host-Related Indicators

Capacity Consumption

Unauthorized Software

Malicious Processes

Memory Contents

Unauthorized Changes

Unauthorized Privileges

Data Exfiltration

Registry Change or Anomaly

Unauthorized Scheduled Task

Application-Related Indicators

Anomalous Activity

Introduction of New Accounts

Unexpected Output

Unexpected Outbound Communication

Service Interruption

Memory Overflows

Application Logs

Other Indicators

Social Engineering

Obfuscated Links

Chapter Review

Questions

Answers

Chapter 5 Techniques for Malicious Activity Analysis

Capturing Network Traffic

Log Analysis and Correlation

Security Information and Event Management

Security Orchestration, Automation, and Response

Endpoint

Endpoint Detection and Response

Reputation Analysis

File Analysis

Static Analysis

Dynamic Analysis

File Reputation Analysis

Code Analysis

Behavior Analysis

User Behavior Analysis

Entity Behavior Analysis

Abnormal Account Activity

Impossible Travel

E-mail Analysis

Malicious Payload

DomainKeys Identified Mail

Sender Policy Framework

Domain-Based Message Authentication, Reporting, and

Conformance

Header

Phishing

Forwarding

Digital Signatures and Encryption

Embedded Links

Impersonation

Programming Languages

Extensible Markup Language

JavaScript Object Notation

Shell Scripting

Regular Expressions

PowerShell

Python

Chapter Review

Questions

Answers

Chapter 6 Tools for Malicious Activity Analysis

Network Analysis Tools

BPF

Wireshark and TShark

tcpdump

WHOIS

AbuseIPDB

File Analysis Tools

Strings

Hashing Utilities

VirusTotal

Joe Sandbox

Cuckoo Sandbox

Chapter Review

Questions

Answers

Chapter 7 Fundamentals of Threat Intelligence

Foundations of Intelligence

Threat Classification

Known Threats vs. Unknown Threats

Zero-Day

Threat Actors

Advanced Persistent Threats

Hacktivists

Organized Crime

Nation-States

Script Kiddies

Insider Threats

Supply Chain Threats

Commodity Malware

Tactics, Techniques, and Procedures

Characteristics of Intelligence Source Data

Confidence Levels

Collection Methods and Sources

Open Source

Closed Source

Threat Intelligence Sharing

Information Sharing and Analysis Communities

Managing Indicators of Compromise

Indicator Lifecycle

Structured Threat Information Expression

Trusted Automated Exchange of Indicator Information

OpenIOC

MISP and Open CTI

Intelligence Cycle

Requirements

Collection

Analysis

Dissemination

Feedback

Application of the Intelligence Cycle

Chapter Review

Questions

Answers

Chapter 8 Applying Threat Intelligence in Support of Organizational

Security

Levels of Intelligence

Threat Research

Reputational

Behavioral

Indicator of Compromise

Common Vulnerability Scoring System

Threat Modeling Methodologies

Adversary Capability

Total Attack Surface

Attack Vector

Likelihood

Impact

STRIDE

PASTA

Threat Intelligence Sharing with Supported Functions

Incident Response

Vulnerability Management

Risk Management

Security Engineering

Detection and Monitoring

Threat Hunting

Establishing a Hypothesis

Profiling Threat Actors and Activities

Threat Hunting Tactics

High-Impact TTPs

Delivering Results

Documenting the Process

Integrating Vulnerability Management with Threat

Hunting

Attack Vectors

Integrated Intelligence

Improving Detection Capabilities

Focus Areas

Chapter Review

Questions

Answers

Part II Vulnerability Management

Chapter 9 Vulnerability Scanning Methods and Concepts

Asset Discovery

Asset Mapping Scans and Fingerprinting

Industry Frameworks

Payment Card Industry Data Security Standard

Center for Internet Security Controls

Open Web Application Security Project

ISO/IEC 27000 Series

Critical Infrastructure

Industrial Control Systems and Operational Technology

Supervisory Control and Data Acquisition Systems

Vulnerability Identification and Scanning

Passive vs. Active Scanning

Scanning Parameters and Criteria

Types of Vulnerability Scans

Special Considerations for Vulnerability Scans

Risks Associated with Scanning Activities

Generating Vulnerability Management Reports

Software Vulnerability Assessment Tools and Techniques

Chapter Review

Questions

Answers

Chapter 10 Vulnerability Assessment Tools

Network Scanning and Mapping

Passive vs. Active Enumeration Techniques

Angry IP Scanner

Maltego

Web Application Scanners

Burp Suite

OWASP Zed Attack Proxy

Arachni

Nikto

Infrastructure Vulnerability Scanners

Nessus

OpenVAS

Qualys

Multipurpose Tools

nmap

hping

Metasploit Framework

Recon-ng

Wireless Assessment Tools

Aircrack-ng

Reaver

Hashcat

Debuggers

Debugger Scenario

GDB

Immunity Debugger

Cloud Infrastructure Assessment Tools

Scout Suite

Prowler

Pacu

Chapter Review

Questions

Answers

Chapter 11 Analyzing and Prioritizing Vulnerabilities

Common Vulnerability Scoring System

Base Metric Group

Temporal Metric Group

Environmental Metric Group

Validating Vulnerabilities

True Positives

False Positives

True Negatives

False Negatives

Examining True Positives

Context Awareness

Internal

External

Isolated

Exploitability and Weaponization

Asset Value

Zero-Day

Preparing for Zero-Days

Chapter Review

Questions

Answers

Chapter 12 Mitigating Vulnerabilities

Attack Types

Injection Attacks

Buffer Overflow Vulnerabilities

Broken Access Control

Cryptographic Failures

Data Poisoning

Privilege Escalation

Identification and Authentication Attacks

Local File Inclusion/Remote File Inclusion Attacks

Rootkits

Insecure Design Vulnerabilities

Improper Error Handling

Dereferencing

Insecure Object Reference

Race Condition

Sensitive Data Exposure

Insecure Components

Insufficient Logging and Monitoring

Security Misconfiguration

Use of Insecure Functions

End-of-Life or Outdated Components

Chapter Review

Questions

Answers

Chapter 13 Vulnerability Handling and Response

Vulnerability Management Governance and Policy

Control Types and Functions

Managerial

Technical

Operational

Control Functions

Patching and Configuration Management

Testing

Implementation

Rollback

Validation

Maintenance Windows

Exceptions

Prioritization and Escalation

Risk Management Principles

Elements of Risk

Risk Assessment and Analysis

Risk Appetite and Tolerance

Risk Response

Attack Surface Management

Edge and Passive Discovery

Security Controls Testing

Penetration Testing and Adversary Emulation

Bug Bounty

Attack Surface Reduction

Secure Coding Best Practices

Input Validation

Output Encoding

Session Management

Authentication

Data Protection

Parameterized Queries

Secure Software Development Lifecycle

Requirements

Development

Implementation

Operation and Maintenance

DevOps and DevSecOps

Vulnerability Management Reporting and Communication

Stakeholder Identification and Communication

Vulnerability Reports

Compliance Reports

Action Plans

Inhibitors to Remediation

Metrics and Key Performance Indicators

Chapter Review

Questions

Answers

Part III Incident Response

Chapter 14 Incident Response Procedures

Preparation

The Incident Response Plan

Establishing a Communication Process

Training

Testing

Playbooks

Documentation

Detection and Analysis

Incident Scope and Impact

Reverse Engineering

Incident Response Tools

Containment

Segmentation

Isolation

Removal

Eradication and Recovery

Remediation

Compensating Controls

Vulnerability Mitigation

Sanitization

Reconstruction

Secure Disposal

Patching

Restoration of Permissions

Validation of Permissions

Restoration of Services and Verification of Logging

Chapter Review

Questions

Answers

Chapter 15 Post-Incident Response Activities

Post-Incident Activities

Forensics

Root Cause Analysis

Change Control Process

Updates to the Incident Response Plan

Indicator of Compromise Generation

Monitoring

Incident Reporting and Communication

Stakeholder Identification and Communication

Incident Response Reporting

Lessons Learned

Metrics and Key Performance Indicators

Chapter Review

Questions

Answers

Chapter 16 Utilize Basic Digital Forensics Techniques

Phases of an Investigation

Evidence Seizure

Evidence Acquisition

Analysis

Reporting

Network

Network Tap

Hub

Switches

Endpoints

Servers

OS and Process Analysis

Mobile Device Forensics

Virtualization and the Cloud

Procedures

Building Your Forensic Kit

Cryptography Tools

Acquisition Utilities

Forensic Duplicators

Password Crackers

Hashing Utilities

Forensic Suites

File Carving

Chapter Review

Questions

Answers

Part IV Appendixes and Glossary

Appendix A Objective Map

Exam CS0-003

Appendix B About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Privacy Notice

Single User License Terms and Conditions

TotalTester Online

Technical Support

Glossary

Index

This book is US$10
To get free sample pages OR Buy this book
Send email: [email protected]


Share this Book!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.