CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide
Pearson IT Certification
978-0-13-674716-1 (ISBN)
This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics:
· Assess your knowledge with chapter-ending quizzes
· Review key concepts with exam preparation tasks
· Practice with realistic exam questions
· Get practical guidance for next steps and more advanced certifications
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.
This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including
· Vulnerability management activities
· Implementing controls to mitigate attacks and software vulnerabilities
· Security solutions for infrastructure management
· Software and hardware assurance best practices
· Understanding and applying the appropriate incident response
· Applying security concepts in support of organizational risk mitigation
Companion Website:
The website provides access to several digital assets as two free, complete practice exams.
Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test
Pearson Test Prep online system requirements:
Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.
Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones: · Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) · Author of CISSP Cert Guide (Pearson) · Prep test question writer for CCNA Wireless 640-722 Official Cert Guide (Cisco Press) · Author of CompTIA Advanced Security Practitioner (CASP) Cert Guide (Pearson) Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2. He delivers CISSP training classes for CyberVista, and is an authorized online training provider for (ISC)2. Troy also creates certification practice tests and study guides for CyberVista. He lives in Asheville, North Carolina, with his wife, Heike.
Introduction xxxvii
Chapter 1 The Importance of Threat Data and Intelligence 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Intelligence Sources 6
Open-Source Intelligence6
Proprietary/Closed-Source Intelligence 6
Timeliness 7
Relevancy 7
Confidence Levels 7
Accuracy 7
Indicator Management 7
Structured Threat Information eXpression (STIX) 8
Trusted Automated eXchange of Indicator Information (TAXII) 8
OpenIOC 9
Threat Classification 9
Known Threat vs. Unknown Threat 10
Zero-day 10
Advanced Persistent Threat 11
Threat Actors 12
Nation-state 12
Organized Crime 12
Terrorist Groups 12
Hacktivist 12
Insider Threat 12
Intelligence Cycle 13
Commodity Malware 14
Information Sharing and Analysis Communities 15
Exam Preparation Tasks 16
Chapter 2 Utilizing Threat Intelligence to Support Organizational Security 19
“Do I Know This Already?” Quiz 19
Foundation Topics 21
Attack Frameworks 21
MITRE ATT&CK 21
The Diamond Model of Intrusion Analysis 22
Kill Chain 23
Threat Research 23
Reputational 24
Behavioral 24
Indicator of Compromise (IoC) 25
Common Vulnerability Scoring System (CVSS) 25
Threat Modeling Methodologies 29
Adversary Capability 29
Total Attack Surface 31
Attack Vector 31
Impact 32
Probability 32
Threat Intelligence Sharing with Supported Functions 33
Incident Response 33
Vulnerability Management33
Risk Management 33
Security Engineering 33
Detection and Monitoring34
Exam Preparation Tasks 34
Chapter 3 Vulnerability Management Activities 39
“Do I Know This Already?” Quiz 39
Foundation Topics 41
Vulnerability Identification 41
Asset Criticality 42
Active vs. Passive Scanning 43
Mapping/Enumeration 44
Validation 44
Remediation/Mitigation 45
Configuration Baseline 45
Patching 46
Hardening 46
Compensating Controls 47
Risk Acceptance 47
Verification of Mitigation 47
Scanning Parameters and Criteria 49
Risks Associated with Scanning Activities 49
Vulnerability Feed 49
Scope 49
Credentialed vs. Non-credentialed 51
Server-based vs. Agent-based 52
Internal vs. External 53
Special Considerations 53
Inhibitors to Remediation 62
Exam Preparation Tasks 63
Chapter 4 Analyzing Assessment Output 67
“Do I Know This Already?” Quiz 67
Foundation Topics 69
Web Application Scanner 69
Burp Suite 69
OWASP Zed Attack Proxy (ZAP) 69
Nikto 70
Arachni 70
Infrastructure Vulnerability Scanner 71
Nessus 71
OpenVAS 71
Software Assessment Tools and Techniques 72
Static Analysis 73
Dynamic Analysis 74
Reverse Engineering 75
Fuzzing 75
Enumeration 76
Nmap 76
Host Scanning 79
hping 80
Active vs. Passive 82
Responder 82
Wireless Assessment Tools 82
Aircrack-ng 83
Reaver 84
oclHashcat 86
Cloud Infrastructure Assessment Tools 86
ScoutSuite 87
Prowler 87
Pacu 87
Exam Preparation Tasks 88
Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology 93
“Do I Know This Already?” Quiz 93
Foundation Topics 97
Mobile 97
Unsigned Apps/System Apps 98
Security Implications/Privacy Concerns 99
Device Loss/Theft 100
Rooting/Jailbreaking 100
Push Notification Services 100
Geotagging 100
OEM/Carrier Android Fragmentation 101
Mobile Payment 101
USB 102
Malware 102
Unauthorized Domain Bridging 103
SMS/MMS/Messaging 103
Internet of Things (IoT) 103
IoT Examples 104
Methods of Securing IoT Devices 104
Embedded Systems 105
Real-Time Operating System (RTOS) 105
System-on-Chip (SoC) 105
Field Programmable Gate Array (FPGA) 105
Physical Access Control 106
Systems 106
Devices 107
Facilities 107
Building Automation Systems 109
IP Video 109
HVAC Controllers 111
Sensors 111
Vehicles and Drones 111
CAN Bus 112
Drones 113
Workflow and Process Automation Systems 113
Incident Command System (ICS) 114
Supervisory Control and Data Acquisition (SCADA) 114
Modbus 118
Exam Preparation Tasks 118
Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud 123
“Do I Know This Already?” Quiz 123
Foundation Topics 126
Cloud Deployment Models 126
Cloud Service Models 127
Function as a Service (FaaS)/Serverless Architecture 128
Infrastructure as Code (IaC) 130
Insecure Application Programming Interface (API) 131
Improper Key Management 132
Key Escrow 133
Key Stretching 134
Unprotected Storage 134
Transfer/Back Up Data to Uncontrolled Storage 134
Big Data 135
Logging and Monitoring 136
Insufficient Logging and Monitoring 136
Inability to Access 136
Exam Preparation Tasks 137
Chapter 7 Implementing Controls to Mitigate Attack sand Software Vulnerabilities 141
“Do I Know This Already?” Quiz 141
Foundation Topics 143
Attack Types 143
Extensible Markup Language (XML) Attack 143
Structured Query Language (SQL) Injection 145
Overflow Attacks 147
Remote Code Execution 150
Directory Traversal 151
Privilege Escalation 152
Password Spraying 152
Credential Stuffing 152
Impersonation 154
Man-in-the-Middle Attack 154
Session Hijacking 158
Rootkit 159
Cross-Site Scripting 160
Vulnerabilities 163
Improper Error Handling163
Dereferencing 163
Insecure Object Reference 163
Race Condition 164
Broken Authentication164
Sensitive Data Exposure 165
Insecure Components 165
Insufficient Logging and Monitoring 166
Weak or Default Configurations 167
Use of Insecure Functions 168
Exam Preparation Tasks 169
Chapter 8 Security Solutions for Infrastructure Management 173
“Do I Know This Already?” Quiz 173
Foundation Topics 177
Cloud vs. On-premises 177
Cloud Mitigations 177
Asset Management 178
Asset Tagging 178
Device-Tracking Technologies 178
Object-Tracking and Object-Containment Technologies 179
Segmentation 180
Physical 180
Virtual 182
Jumpbox 183
System Isolation 184
Network Architecture 185
Physical 186
Software-Defined Networking 193
Virtual Private Cloud (VPC) 195
Virtual Private Network (VPN) 195
Serverless 200
Change Management 201
Virtualization 201
Security Advantages and Disadvantages of Virtualization 201
Type 1 vs. Type 2 Hypervisors 203
Virtualization Attacks and Vulnerabilities 203
Virtual Networks 205
Management Interface 205
Vulnerabilitie sAssociated with a Single Physical Server Hosting Multiple Companies' Virtual Machines 206
Vulnerabilities Associated with a Single Platform Hosting Multiple Companies' Virtual Machines 207
Virtual Desktop Infrastructure (VDI) 207
Terminal Services/Application Delivery Services 208
Containerization 208
Identity and Access Management 209
Identify Resources 210
Identify Users 210
Identify Relationships Between Resources and Users 210
Privilege Management 211
Multifactor Authentication (MFA) 211
Single Sign-On (SSO) 214
Active Directory 217
SESAME 219
Federation 219
Role-Based Access Control 224
Attribute-Based Access Control 225
Mandatory Access Control 228
Manual Review 229
Cloud Access Security Broker (CASB) 229
Honeypot 230
Monitoring and Logging 230
Log Management 230
Audit Reduction Tools 231
NIST SP 800-137 232
Encryption 232
Cryptographic Types 233
Hashing Functions 238
Message Digest Algorithm 239
Transport Encryption 240
Certificate Management 242
Certificate Authority and Registration Authority 243
Certificates 243
Certificate Revocation List 244
OCSP 244
PKI Steps 245
Cross-Certification 245
Digital Signatures 245
Active Defense 246
Hunt Teaming 247
Exam Preparation Tasks 247
Chapter 9 Software Assurance Best Practices 253
“Do I Know This Already?” Quiz 253
Foundation Topics 256
Platforms 256
Mobile 256
Web Application 260
Client/Server 263
Embedded 263
System-on-Chip (SoC) 265
Firmware 266
Software Development Life Cycle (SDLC) Integration 267
Step 1: Plan/Initiate Project 267
Step 2: Gather Requirements 268
Step 3: Design 268
Step 4: Develop 269
Step 5: Test/Validate 269
Step 6: Release/Maintain 269
Step 7: Certify/Accredit 270
Step 8: Change Management and Configuration Management/Replacement 270
DevSecOps 270
DevOps 270
Software Assessment Methods 272
User Acceptance Testing 272
Stress Test Application 272
Security Regression Testing 273
Code Review 273
Security Testing 274
Code Review Process 275
Secure Coding Best Practices 275
Input Validation 275
Output Encoding 276
Session Management 276
Authentication 277
Data Protection 285
Parameterized Queries 285
Static Analysis Tools 286
Dynamic Analysis Tools 286
Formal Methods for Verification of Critical Software 286
Service-Oriented Architecture 287
Security Assertions Markup Language (SAML) 287
Simple Object Access Protocol (SOAP) 287
Representational State Transfer (REST) 288
Microservices 288
Exam Preparation Tasks 289
Chapter 10 Hardware Assurance Best Practices 295
“Do I Know This Already?” Quiz 295
Foundation Topics 298
Hardware Root of Trust 298
Trusted Platform Module (TPM) 299
Virtual TPM 300
Hardware Security Module (HSM) 302
MicroSD HSM 302
eFuse 303
Unified Extensible Firmware Interface (UEFI) 303
Trusted Foundry 304
Secure Processing 305
Trusted Execution 305
Secure Enclave 307
Processor Security Extensions 307
Atomic Execution 307
Anti-Tamper 308
Self-Encrypting Drives 308
Trusted Firmware Updates 308
Measured Boot and Attestation 310
Measured Launch 311
Integrity Measurement Architecture 311
Bus Encryption 311
Exam Preparation Tasks 312
Chapter 11 Analyzing Data as Part of Security Monitoring Activities 317
“Do I Know This Already?” Quiz 317
Foundation Topics 320
Heuristics 320
Trend Analysis 320
Endpoint 321
Malware 323
Memory 329
System and Application Behavior 333
File System 339
User and Entity Behavior Analytics (UEBA) 341
Network 342
Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis 342
DNS Analysis 342
Domain Generation Algorithm 343
Flow Analysis 345
NetFlow Analysis 346
Packet and Protocol Analysis 348
Malware 348
Log Review 348
Event Logs 349
Syslog 350
Kiwi Syslog Server 352
Firewall Logs 353
Web Application Firewall (WAF) 355
Proxy 356
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) 357
Impact Analysis 361
Organization Impact vs.Localized Impact 361
Immediate Impact vs.Total Impact 361
Security Information and Event Management (SIEM) Review 361
Rule Writing 362
Known-Bad Internet Protocol (IP) 363
Dashboard 363
Query Writing 366
String Search 366
Script 366
Piping 367
E-mail Analysis 367
E-mail Spoofing 368
Malicious Payload 368
Domain Keys Identified Mail (DKIM) 368
Sender Policy Framework (SPF) 369
Domain-based Message Authentication, Reporting, and Conformance (DMARC) 369
Phishing 369
Forwarding 370
Digital Signature 371
E-mail Signature Block 372
Embedded Links 372
Impersonation 372
Exam Preparation Tasks 372
Chapter 12 Implementing Configuration Changes to Existing Controls to Improve Security 377
“Do I Know This Already?” Quiz 377
Foundation Topics 381
Permissions 381
Whitelisting and Blacklisting 381
Application Whitelisting and Blacklisting 382
Input Validation 382
Firewall 383
NextGen Firewalls 383
Host-Based Firewalls 384
Intrusion Prevention System (IPS) Rules 386
Data Loss Prevention (DLP) 386
Endpoint Detection and Response (EDR) 387
Network Access Control (NAC) 387
Quarantine/Remediation 389
Agent-Based vs. Agentless NAC 389
802.1X 389
Sinkholing 391
Malware Signatures 391
Development/Rule Writing 392
Sandboxing 392
Port Security 394
Limiting MAC Addresses 395
Implementing Sticky MAC 395
Exam Preparation Tasks 396
Chapter 13 The Importance of Proactive Threat Hunting 401
“Do I Know This Already?” Quiz 401
Foundation Topics 404
Establishing a Hypothesis 404
Profiling Threat Actors and Activities 405
Threat Hunting Tactics 406
Hunt Teaming 406
Threat Model 406
Executable Process Analysis 407
Memory Consumption 409
Reducing the Attack Surface Area 409
System Hardening 410
Configuration Lockdown 410
Bundling Critical Assets 411
Commercial Business Classifications 411
Military and Government Classifications 412
Distribution of Critical Assets 412
Attack Vectors 412
Integrated Intelligence 413
Improving Detection Capabilities 413
Continuous Improvement 413
Continuous Monitoring 414
Exam Preparation Tasks 414
Chapter 14 Automation Concepts and Technologies 419
“Do I Know This Already?” Quiz 419
Foundation Topics 422
Workflow Orchestration 422
Scripting 423
Application Programming Interface (API) Integration 424
Automated Malware Signature Creation 424
Data Enrichment 425
Threat Feed Combination 426
Machine Learning 426
Use of Automation Protocols and Standards 427
Security Content Automation Protocol (SCAP) 427
Continuous Integration 428
Continuous Deployment/Delivery 428
Exam Preparation Tasks 429
Chapter 15 The Incident Response Process 433
“Do I Know This Already?” Quiz 433
Foundation Topics 435
Communication Plan 435
Limiting Communication to Trusted Parties 435
Disclosing Based on Regulatory/Legislative Requirements 435
Preventing Inadvertent Release of Information 435
Using a Secure Method of Communication 435
Reporting Requirements 436
Response Coordination with Relevant Entities 436
Legal 436
Human Resources 437
Public Relations 437
Internal and External 437
Law Enforcement 437
Senior Leadership 438
Regulatory Bodies 438
Factors Contributing to Data Criticality 439
Personally Identifiable Information (PII) 439
Personal Health Information (PHI) 440
Sensitive Personal Information (SPI) 441
High Value Assets 441
Financial Information 441
Intellectual Property 442
Corporate Information 444
Exam Preparation Tasks 445
Chapter 16 Applying the Appropriate Incident Response Procedure 449
“Do I Know This Already?” Quiz 449
Foundation Topics 452
Preparation 452
Training 452
Testing 453
Documentation of Procedures 453
Detection and Analysis 454
Characteristics Contributing to Severity Level Classification 455
Downtime and Recovery Time 455
Data Integrity 456
Economic 456
System Process Criticality 457
Reverse Engineering 457
Data Correlation 458
Containment 458
Segmentation 458
Isolation 459
Eradication and Recovery 459
Vulnerability Mitigation 459
Sanitization 460
Reconstruction/Reimaging 460
Secure Disposal 460
Patching 461
Restoration of Permissions 461
Reconstitution of Resources 462
Restoration of Capabilities and Services 462
Verification of Logging/Communication to Security Monitoring 462
Post-Incident Activities 463
Evidence Retention 463
Lessons Learned Report 463
Change Control Process 464
Incident Response Plan Update 464
Incident Summary Report 464
Indicator of Compromise (IoC) Generation 465
Monitoring 465
Exam Preparation Tasks 465
Chapter 17 Analyzing Potential Indicators of Compromise 469
“Do I Know This Already?” Quiz 469
Foundation Topics 472
Network-Related Indicators of Compromise 472
Bandwidth Consumption 472
Beaconing 473
Irregular Peer-to-Peer Communication 473
Rogue Device on the Network 475
Scan/Sweep 476
Unusual Traffic Spike 476
Common Protocol over Non-standard Port 476
Host-Related Indicators of Compromise 477
Processor Consumption 477
Memory Consumption 477
Drive Capacity Consumption 477
Unauthorized Software 477
Malicious Process 478
Unauthorized Change 479
Unauthorized Privilege 479
Data Exfiltration 479
Abnormal OS Process Behavior 479
File System Change or Anomaly 479
Registry Change or Anomaly 480
Unauthorized Scheduled Task 480
Application-Related Indicators of Compromise 480
Anomalous Activity 480
Introduction of New Accounts 480
Unexpected Output 480
Unexpected Outbound Communication 481
Service Interruption 481
Application Log 481
Exam Preparation Tasks 482
Chapter 18 Utilizing Basic Digital Forensics Techniques 485
“Do I Know This Already?” Quiz 485
Foundation Topics 488
Network 488
Wireshark 488
tcpdump 490
Endpoint 490
Disk 491
Memory 493
Mobile 494
Cloud 495
Virtualization 497
Legal Hold 497
Procedures 497
EnCase Forensic 498
Sysinternals 498
Forensic Investigation Suite 498
Hashing 499
Hashing Utilities 499
Changes to Binaries 500
Carving 500
Data Acquisition 501
Exam Preparation Tasks 501
Chapter 19 The Importance of Data Privacy and Protection 505
“Do I Know This Already?” Quiz 505
Foundation Topics 508
Privacy vs. Security 508
Non-technical Controls 508
Classification 508
Ownership 508
Retention 509
Data Types 509
Retention Standards 510
Confidentiality 510
Legal Requirements 510
Data Sovereignty 514
Data Minimization 515
Purpose Limitation 515
Non-disclosure agreement (NDA) 516
Technical Controls 516
Encryption 516
Data Loss Prevention (DLP) 516
Data Masking 516
Deidentification 517
Tokenization 517
Digital Rights Management (DRM) 517
Geographic Access Requirements 521
Access Controls 521
Exam Preparation Tasks 521
Chapter 20 Applying Security Concepts in Support of Organizational Risk Mitigation 527
“Do I Know This Already?” Quiz 527
Foundation Topics 530
Business Impact Analysis 530
Identify Critical Processes and Resources 530
Identify Outage Impacts and Estimate Downtime 531
Identify Resource Requirements 531
Identify Recovery Priorities 531
Risk Identification Process 532
Make Risk Determination Based upon Known Metrics 533
Qualitative Risk Analysis 533
Quantitative Risk Analysis 534
Risk Calculation 534
Probability 535
Magnitude 535
Communication of Risk Factors 536
Risk Prioritization 537
Security Controls 538
Engineering Tradeoffs 538
Systems Assessment 539
ISO/IEC 27001 539
ISO/IEC 27002 541
Documented Compensating Controls 541
Training and Exercises 542
Red Team 542
Blue Team 542
White Team 543
Tabletop Exercise 543
Supply Chain Assessment 543
Vendor Due Diligence 543
Hardware Source Authenticity 544
Exam Preparation Tasks 544
Chapter 21 The Importance of Frameworks, Policies,Procedures, and Controls 549
“Do I Know This Already?” Quiz 549
Foundation Topics 552
Frameworks 552
Risk-Based Frameworks 552
Prescriptive Frameworks 555
Policies and Procedures 562
Code of Conduct/Ethics 563
Acceptable Use Policy (AUP) 563
Password Policy 564
Data Ownership 567
Data Retention 567
Account Management 568
Continuous Monitoring 569
Work Product Retention 570
Category 570
Managerial 570
Operational 571
Technical 571
Control Type 571
Preventative 572
Detective 572
Corrective 572
Deterrent 572
Directive 572
Physical 572
Audits and Assessments 573
Regulatory 573
Compliance 575
Exam Preparation Tasks 575
Chapter 22 Final Preparation 579
Exam Information 579
Getting Ready 580
Tools for Final Preparation 582
Pearson Test Prep Practice Test Software and Questions on the Website 582
Memory Tables 582
Chapter-Ending Review Tools 582
Suggested Plan for Final Review/Study 583
Summary 583
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 585
Appendix B CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide Exam Updates 651
Glossary of Key Terms 653
Online Elements:
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary of Key Terms
9780136747161 TOC 9/1/2020
Erscheint lt. Verlag | 29.12.2020 |
---|---|
Reihe/Serie | Certification Guide |
Verlagsort | Upper Saddle River |
Sprache | englisch |
Maße | 194 x 234 mm |
Gewicht | 1460 g |
Themenwelt | Informatik ► Weitere Themen ► Zertifizierung |
ISBN-10 | 0-13-674716-7 / 0136747167 |
ISBN-13 | 978-0-13-674716-1 / 9780136747161 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich