The CompTIA Cybersecurity Analyst (CySA+) course is an international, vendor-neutral cybersecurity certification that applies behavioural analytics to improve the overall state of IT security. The CySA+ course validates knowledge and skills that are required to prevent, detect and combat cybersecurity threats.In addition, this course covers the duties of those who are responsible for monitoring and detecting security incidents in information systems and networks, and for executing a proper response to such incidents. Depending on the size of the organization, this individual may act alone or may be a member of a cybersecurity incident response team (CSIRT).
The course introduces delegates to tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization’s security, collect and analyse cybersecurity intelligence, and handle incidents as they occur. Ultimately, the course promotes a comprehensive approach to security aimed towards those on the front lines of defence.
This course is designed primarily for cybersecurity practitioners who perform job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This course focuses on the knowledge, ability, and skills necessary to provide for the defence of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes.In addition, the course ensures that all members of an IT team; everyone from help desk staff to the Chief Information Officer; understand their role in these security processes.
Prerequisites
- To ensure your success in this course, delegates should meet the following requirements:
- At least two years (recommended) of experience in computer network security technology or a related field
- The ability to recognize information security vulnerabilities and threats in the context of risk management
- Foundation-level operational skills with some of the common operating systems for computing environments
- Foundational knowledge of the concepts and operational framework of common assurance safeguards in computing environments. Safeguards include, but are not limited to, basic authentication and authorization, resource permissions, and anti-malware mechanisms
- Foundation-level understanding of some of the common concepts for network environments, such as routing and switching
- Foundational knowledge of major TCP/IP networking protocols, including, but not limited to, TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP
- Foundational knowledge of the concepts and operational framework of common assurance safeguards in network environments. Safeguards include, but are not limited to, firewalls, intrusion prevention systems, and VPNs
Delegates can obtain this level of skills and knowledge by taking the following courses:
Here’s what you will learn
Lessons 1: Introduction
- CompTIA
- The Cybersecurity Analyst+ Exam
- What Does This Course Cover?
- Objectives Map for CompTIA CySA+ Exam CS0-003
- Setting Up a Kali and Metasploitable Learning Environment
Lessons 2: Today’s Cybersecurity Analyst
- Cybersecurity Objectives
- Privacy vs. Security
- Evaluating Security Risks
- Building a Secure Network
- Secure Endpoint Management
- Penetration Testing
- Reverse Engineering
- Efficiency and Process Improvement
- The Future of Cybersecurity Analytics
- Summary
- Exam Essentials
- Lab Exercises
Lessons 3: System and Network Architecture
- Infrastructure Concepts and Design
- Operating System Concepts
- Logging, Logs, and Log Ingestion
- Network Architecture
- Identity and Access Management
- Encryption and Sensitive Data Protection
- Summary
- Exam Essentials
- Lab Exercises
Lessons 4: Malicious Activity
- Analyzing Network Events
- Investigating Host-Related Issues
- Investigating Service- and Application-Related Issues
- Determining Malicious Activity Using Tools and Techniques
- Summary
- Exam Essentials
- Lab Exercises
Lessons 5: Threat Intelligence
- Threat Data and Intelligence
- Threat Classification
- Applying Threat Intelligence Organizationwide
- Summary
- Exam Essentials
- Lab Exercises
Lessons 6: Reconnaissance and Intelligence Gathering
- Mapping, Enumeration, and Asset Discovery
- Passive Discovery
- Summary
- Exam Essentials
- Lab Exercises
Lessons 7: Designing a Vulnerability Management Program
- Identifying Vulnerability Management Requirements
- Configuring and Executing Vulnerability Scans
- Developing a Remediation Workflow
- Overcoming Risks of Vulnerability Scanning
- Vulnerability Assessment Tools
- Summary
- Exam Essentials
- Lab Exercises
Lessons 8: Analyzing Vulnerability Scans
- Reviewing and Interpreting Scan Reports
- Validating Scan Results
- Common Vulnerabilities
- Summary
- Exam Essentials
- Lab Exercises
Lessons 9: Responding to Vulnerabilities
- Analyzing Risk
- Managing Risk
- Implementing Security Controls
- Threat Classification
- Managing the Computing Environment
- Software Assurance Best Practices
- Designing and Coding for Security
- Software Security Testing
- Policies, Governance, and Service Level Objectives
- Summary
- Exam Essentials
- Lab Exercises
Lessons 10: Building an Incident Response Program
- Security Incidents
- Phases of Incident Response
- Building the Foundation for Incident Response
- Creating an Incident Response Team
- Classifying Incidents
- Attack Frameworks
- Summary
- Exam Essentials
- Lab Exercises
Lessons 11: Incident Detection and Analysis
- Indicators of Compromise
- Investigating IoCs
- Evidence Acquisition and Preservation
- Summary
- Exam Essentials
- Lab Exercises
Lessons 12: Containment, Eradication, and Recovery
- Containing the Damage
- Incident Eradication and Recovery
- Validating Data Integrity
- Wrapping Up the Response
- Summary
- Exam Essentials
- Lab Exercises
Lessons 13: Reporting and Communication
- Vulnerability Management Reporting and Communication
- Incident Response Reporting and Communication
- Summary
- Exam Essentials
- Lab Exercises
Lessons 14: Performing Forensic Analysis and ?Techniques for Incident Response
- Building a Forensics Capability
- Understanding Forensic Software
- Conducting Endpoint Forensics
- Network Forensics
- Cloud, Virtual, and Container Forensics
- Post-Incident Activity and Evidence Acquisition
- Forensic Investigation: An Example
- Summary
- Exam Essentials
- Lab Exercises
Hands-on LAB Activities
Today’s Cybersecurity Analyst
- Creating a Firewall Rule
- Setting Up a Honeypot on Kali Linux
System and Network Architecture
- Installing Docker
- Viewing the Windows File Registry
- Installing the AD FS Role
- Examining PKI Certificates
Malicious Activity
- Confirming the Spoofing Attack in Wireshark
- Performing a DoS Attack with the SYN Flood
- Using Social Engineering Techniques to Plan an Attack
- Using Performance Monitor
- Performing a Memory-Based Attack
- Using Command-line Tools
- Examining and Analyzing Malware
- Examining phishing attacks
- Capturing Network Packets Using tcpdump
- Using TCPdump
- Enabling Logging for Audited Objects
- Examining Audited Events
- Capturing a Packet Using Wireshark
Threat Intelligence
- Examining MITRE ATT&CK
Reconnaissance and Intelligence Gathering
- Using Maltego
- Performing an Intense Scan in Zenmap
- Using Shodan to Find Webcams
- Using Recon-ng
- Identifying Search Options in Metasploit
- Performing Reconnaissance on a Network
- Scanning the Local Network
- Using the hping Program
- Making Syslog Entries Readable
- Performing Zone Transfer
- Using Netstat
- Using the whois Program
- Using nslookup for Passive Reconnaissance
Designing a Vulnerability Management Program
- Using OWASP ZAP
- Consulting a Vulnerability Database
- Conducting Vulnerability Scanning Using Nessus
- Performing Vulnerability Scanning Using OpenVAS
- Performing Session Hijacking Using Burp Suite
- Using Nikto
Analyzing Vulnerability Scans
- Exploiting Local File Inclusion and Remote File Inclusion Vulnerabilities
- Exploiting a Website Using SQL Injection
- Conducting Cross-Site Request Forgery Attacks
- Defending Against a Buffer Overflow Attack
- Understanding Local Privilege Escalation
- Performing a MITM Attack
- Detecting Rootkits
- Attacking a Website Using XSS Injection
Incident Detection and Analysis
- Creating a Forensic Image with FTK Imager
Performing Forensic Analysis and ?Techniques for Incident Response
- Using EnCase Imager
- Analyzing Forensics with Autopsy
- Observing an SHA256-Generated Hash Value
- Using the MD5 Hash Algorithm
- Cracking Passwords Using Cain and Abel
- Completing the Chain of Custody
- Finding Hard Drives on the System
Reviews
There are no reviews yet.