CompTIA CySA+ cybersecurity analyst certification exam guide (exam CS0-003)

CompTIA CySA+ cybersecurity analyst certification exam guide (exam CS0-003)

Mya Heath

Book - 2023

"Take the current version of the challenging CompTIA CySA+" certification exam with confidence using the detailed information contained in this up-to-date integrated study system. Based on proven pedagogy, the book contains detailed explanations, real-world examples, step-by-step exercises, and exam-focused special elements that teach and reinforce practical skills."--Amazon.com.

Saved in:
Place a Hold Save to List Email this

2nd Floor Show me where

005.8076/CySA+/Heath
1 / 1 copies available
Location Call Number   Status
2nd Floor 005.8076/CySA+/Heath Checked In
Subjects
Computing Technology Industry Association > Examinations > Study guides.
Computer security > United States > Examinations > Study guides.
Computer security > Security measures > United States > Examinations > Study guides.
Computer security > Examinations > Study guides.
Study guides.
Genres
Study guides
Published
New York : McGraw-Hill Education [2023]
Language
English
Main Author
Mya Heath (author)
Other Authors
Bobby E. Rogers (author), Brent Chapman, Fernando Maymí
Edition
Third edition
Item Description
"Exam CS0-003"--Cover.
Physical Description
xxviii, 532 pages : illustrations ; 23 cm
Bibliography
Includes index (pages 511-532).
ISBN
9781265452438
  • Acknowledgments
  • Introduction
  • Part I. Security Operations
  • Chapter 1. System and Network Architectures
  • The Importance of Logging
  • Logging Levels
  • Log Ingestion
  • Time Synchronization
  • Operating System Concepts
  • Windows Registry
  • Linux Configuration Settings
  • System Hardening
  • File Structure
  • System Processes
  • Hardware Architecture
  • Network Architecture
  • On-premises Architecture
  • Network Segmentation
  • Zero Trust
  • Software-Defined Networking
  • Secure Access Secure Edge
  • Cloud Service Models
  • Cloud Deployment Models
  • Hybrid Models
  • Cloud Access Security Broker
  • Infrastructure Concepts
  • Virtualization
  • Containerization
  • Serverless Architecture
  • Identity and Access Management
  • Multifactor Authentication
  • Single Sign-On
  • Federation
  • Privileged Access Management
  • Encryption
  • Symmetric Cryptography
  • Asymmetric Cryptography
  • Symmetric vs. Asymmetric Cryptography
  • Public Key Infrastructure
  • Digital Signatures
  • Sensitive Data Protection
  • Personally Identifiable Information
  • Personal Health Information
  • Cardholder Data
  • Data Loss Prevention
  • Secure Sockets Layer and Transport Layer Security Inspection
  • Chapter Review
  • Questions
  • Answers
  • Chapter 2. Standardizing and Streamlining Security Operations
  • Streamlining Security Operations
  • Automation and Orchestration
  • Orchestration Playbooks
  • Process Standardization
  • Identification of Tasks Suitable for Automation
  • Minimizing Human Engagement
  • Team Coordination to Manage and Facilitate Automation
  • Technology and Tool Integration
  • Scripting
  • Application Programming Interface
  • Representational State Transfer
  • Automating API Calls
  • Webhooks
  • Plug-Ins
  • Orchestrating Threat Intelligence Data
  • Data Enrichment
  • Single Pane of Glass
  • Use of Automation Protocols and Standards
  • Security Content Automation Protocol
  • Chapter Review
  • Questions
  • Answers
  • Chapter 3. Attack Methodology Frameworks
  • Attack Frameworks
  • MITRE ATT&CK
  • The Diamond Model of Intrusion Analysis
  • Kill Chain
  • Open Source Security Testing Methodology Manual
  • OWASP Web Security Testing Guide
  • Chapter Review
  • Questions
  • Answers
  • Chapter 4. Analyzing Potentially Malicious Activity
  • Network-Related Indicators
  • Bandwidth Consumption
  • Beaconing
  • Irregular Peer-to-Peer Communication
  • Rogue Devices on the Network
  • Scans/Sweeps
  • Unusual Traffic Spikes
  • Activity on Unexpected Ports
  • Network-Related Indicators Summary
  • Host-Related Indicators
  • Capacity Consumption
  • Unauthorized Software
  • Malicious Processes
  • Memory Contents
  • Unauthorized Changes
  • Unauthorized Privileges
  • Data Exfiltration
  • Registry Change or Anomaly
  • Unauthorized Scheduled Task
  • Application-Related Indicators
  • Anomalous Activity
  • Introduction of New Accounts
  • Unexpected Output
  • Unexpected Outbound Communication
  • Service Interruption
  • Memory Overflows
  • Application Logs
  • Other Indicators
  • Social Engineering
  • Obfuscated Links
  • Chapter Review
  • Questions
  • Answers
  • Chapter 5. Techniques for Malicious Activity Analysis
  • Capturing Network Traffic
  • Log Analysis and Correlation
  • Security Information and Event Management
  • Security Orchestration, Automation, and Response
  • Endpoint
  • Endpoint Detection and Response
  • Reputation Analysis
  • File Analysis
  • Static Analysis
  • Dynamic Analysis
  • File Reputation Analysis
  • Code Analysis
  • Behavior Analysis
  • User Behavior Analysis
  • Entity Behavior Analysis
  • Abnormal Account Activity
  • Impossible Travel
  • E-mail Analysis
  • Malicious Payload
  • DomainKeys Identified Mail
  • Sender Policy Framework
  • Domain-Based Message Authentication, Reporting, and Conformance
  • Header
  • Phishing
  • Forwarding
  • Digital Signatures and Encryption
  • Embedded Links
  • Impersonation
  • Programming Languages
  • Extensible Markup Language
  • JavaScript Object Notation
  • Shell Scripting
  • Regular Expressions
  • PowerShell
  • Python
  • Chapter Review
  • Questions
  • Answers
  • Chapter 6. Tools for Malicious Activity Analysis
  • Network Analysis Tools
  • BPF
  • Wireshark and TShark
  • Tcpdump
  • WHOIS
  • AbuseIPDB
  • File Analysis Tools
  • Strings
  • Hashing Utilities
  • VirusTotal
  • Joe Sandbox
  • Cuckoo Sandbox
  • Chapter Review
  • Questions
  • Answers
  • Chapter 7. Fundamentals of Threat Intelligence
  • Foundations of Intelligence
  • Threat Classification
  • Known Threats vs. Unknown Threats
  • Zero-Day
  • Threat Actors
  • Advanced Persistent Threats
  • Hacktivists
  • Organized Crime
  • Nation-States
  • Script Kiddies
  • Insider Threats
  • Supply Chain Threats
  • Commodity Malware
  • Tactics, Techniques, and Procedures
  • Characteristics of Intelligence Source Data
  • Confidence Levels
  • Collection Methods and Sources
  • Open Source
  • Closed Source
  • Threat Intelligence Sharing
  • Information Sharing and Analysis Communities
  • Managing Indicators of Compromise
  • Indicator Lifecycle
  • Structured Threat Information Expression
  • Trusted Automated Exchange of Indicator Information
  • OpenIOC
  • MISP and Open CTI
  • Intelligence Cycle
  • Requirements
  • Collection
  • Analysis
  • Dissemination
  • Feedback
  • Application of the Intelligence Cycle
  • Chapter Review
  • Questions
  • Answers
  • Chapter 8. Applying Threat Intelligence in Support of Organizational Security
  • Levels of Intelligence
  • Threat Research
  • Reputational
  • Behavioral
  • Indicator of Compromise
  • Common Vulnerability Scoring System
  • Threat Modeling Methodologies
  • Adversary Capability
  • Total Attack Surface
  • Attack Vector
  • Likelihood
  • Impact
  • STRIDE
  • PASTA
  • Threat Intelligence Sharing with Supported Functions
  • Incident Response
  • Vulnerability Management
  • Risk Management
  • Security Engineering
  • Detection and Monitoring
  • Threat Hunting
  • Establishing a Hypothesis
  • Profiling Threat Actors and Activities
  • Threat Hunting Tactics
  • High-Impact TTPs
  • Delivering Results
  • Documenting the Process
  • Integrating Vulnerability Management with Threat Hunting
  • Attack Vectors
  • Integrated Intelligence
  • Improving Detection Capabilities
  • Focus Areas
  • Chapter Review
  • Questions
  • Answers
  • Part II. Vulnerability Management
  • Chapter 9. Vulnerability Scanning Methods and Concepts
  • Asset Discovery
  • Asset Mapping Scans and Fingerprinting
  • Industry Frameworks
  • Payment Card Industry Data Security Standard
  • Center for Internet Security Controls
  • Open Web Application Security Project
  • ISO/IEC 27000 Series
  • Critical Infrastructure
  • Industrial Control Systems and Operational Technology
  • Supervisory Control and Data Acquisition Systems
  • Vulnerability Identification and Scanning
  • Passive vs. Active Scanning
  • Scanning Parameters and Criteria
  • Types of Vulnerability Scans
  • Special Considerations for Vulnerability Scans
  • Risks Associated with Scanning Activities
  • Generating Vulnerability Management Reports
  • Software Vulnerability Assessment Tools and Techniques
  • Chapter Review
  • Questions
  • Answers
  • Chapter 10. Vulnerability Assessment Tools
  • Network Scanning and Mapping
  • Passive vs. Active Enumeration Techniques
  • Angry IP Scanner
  • Maltego
  • Web Application Scanners
  • Burp Suite
  • OWASP Zed Attack Proxy
  • Arachni
  • Nikto
  • Infrastructure Vulnerability Scanners
  • Nessus
  • OpenVAS
  • Qualys
  • Multipurpose Tools
  • Nmap
  • Hping
  • Metasploit Framework
  • Recon-ng
  • Wireless Assessment Tools
  • Aircrack-ng
  • Reaver
  • Hashcat
  • Debuggers
  • Debugger Scenario
  • GDB
  • Immunity Debugger
  • Cloud Infrastructure Assessment Tools
  • Scout Suite
  • Prowler
  • Pacu
  • Chapter Review
  • Questions
  • Answers
  • Chapter 11. Analyzing and Prioritizing Vulnerabilities
  • Common Vulnerability Scoring System
  • Base Metric Group
  • Temporal Metric Group
  • Environmental Metric Group
  • Validating Vulnerabilities
  • True Positives
  • False Positives
  • True Negatives
  • False Negatives
  • Examining True Positives
  • Context Awareness
  • Internal
  • External
  • Isolated
  • Exploitability and Weaponization
  • Asset Value
  • Zero-Day
  • Preparing for Zero-Days
  • Chapter Review
  • Questions
  • Answers
  • Chapter 12. Mitigating Vulnerabilities
  • Attack Types
  • Injection Attacks
  • Buffer Overflow Vulnerabilities
  • Broken Access Control
  • Cryptographic Failures
  • Data Poisoning
  • Privilege Escalation
  • Identification and Authentication Attacks
  • Local File Inclusion/Remote File Inclusion Attacks
  • Rootkits
  • Insecure Design Vulnerabilities
  • Improper Error Handling
  • Dereferencing
  • Insecure Object Reference
  • Race Condition
  • Sensitive Data Exposure
  • Insecure Components
  • Insufficient Logging and Monitoring
  • Security Misconfiguration
  • Use of Insecure Functions
  • End-of-Life or Outdated Components
  • Chapter Review
  • Questions
  • Answers
  • Chapter 13. Vulnerability Handling and Response
  • Vulnerability Management Governance and Policy
  • Control Types and Functions
  • Managerial
  • Technical
  • Operational
  • Control Functions
  • Patching and Configuration Management
  • Testing
  • Implementation
  • Rollback
  • Validation
  • Maintenance Windows
  • Exceptions
  • Prioritization and Escalation
  • Risk Management Principles
  • Elements of Risk
  • Risk Assessment and Analysis
  • Risk Appetite and Tolerance
  • Risk Response
  • Attack Surface Management
  • Edge and Passive Discovery
  • Security Controls Testing
  • Penetration Testing and Adversary Emulation
  • Bug Bounty
  • Attack Surface Reduction
  • Secure Coding Best Practices
  • Input Validation
  • Output Encoding
  • Session Management
  • Authentication
  • Data Protection
  • Parameterized Queries
  • Secure Software Development Lifecycle
  • Requirements
  • Development
  • Implementation
  • Operation and Maintenance
  • DevOps and DevSecOps
  • Vulnerability Management Reporting and Communication
  • Stakeholder Identification and Communication
  • Vulnerability Reports
  • Compliance Reports
  • Action Plans
  • Inhibitors to Remediation
  • Metrics and Key Performance Indicators
  • Chapter Review
  • Questions
  • Answers
  • Part III. Incident Response
  • Chapter 14. Incident Response Procedures
  • Preparation
  • The Incident Response Plan
  • Establishing a Communication Process
  • Training
  • Testing
  • Playbooks
  • Documentation
  • Detection and Analysis
  • Incident Scope and Impact
  • Reverse Engineering
  • Incident Response Tools
  • Containment
  • Segmentation
  • Isolation
  • Removal
  • Eradication and Recovery
  • Remediation
  • Compensating Controls
  • Vulnerability Mitigation
  • Sanitization
  • Reconstruction
  • Secure Disposal
  • Patching
  • Restoration of Permissions
  • Validation of Permissions
  • Restoration of Services and Verification of Logging
  • Chapter Review
  • Questions
  • Answers
  • Chapter 15. Post-Incident Response Activities
  • Post-Incident Activities
  • Forensics
  • Root Cause Analysis
  • Change Control Process
  • Updates to the Incident Response Plan
  • Indicator of Compromise Generation
  • Monitoring
  • Incident Reporting and Communication
  • Stakeholder Identification and Communication
  • Incident Response Reporting
  • Lessons Learned
  • Metrics and Key Performance Indicators
  • Chapter Review
  • Questions
  • Answers
  • Chapter 16. Utilize Basic Digital Forensics Techniques
  • Phases of an Investigation
  • Evidence Seizure
  • Evidence Acquisition
  • Analysis
  • Reporting
  • Network
  • Network Tap
  • Hub
  • Switches
  • Endpoints
  • Servers
  • OS and Process Analysis
  • Mobile Device Forensics
  • Visualization and the Cloud
  • Procedures
  • Building Your Forensic Kit
  • Cryptography Tools
  • Acquisition Utilities
  • Forensic Duplicators
  • Password Crackers
  • Hashing Utilities
  • Forensic Suites
  • File Carving
  • Chapter Review
  • Questions
  • Answers
  • Part IV. Appendixes and Glossary
  • Appendix A. Objective Map
  • Exam CS0-003
  • Appendix B. About the Online Content
  • System Requirements
  • Your Total Seminars Training Hub Account
  • Privacy Notice
  • Single User License Terms and Conditions
  • TotalTester Online
  • Technical Support
  • Glossary
  • Index

Similar Items