CompTIA Cybersecurity Analyst (CySA+) Cert Guide

CompTIA Cybersecurity Analyst (CySA+) Cert Guide

3.92 (13 ratings by Goodreads)
By (author) 
3.92 (13 ratings by Goodreads)
Free delivery worldwide Expected delivery to the United States in 6-9 business days.

Not ordering to the United States? Click here.
Order now for expected delivery to the United States by Christmas Order now for expected delivery to the United States by Christmas

Description

One million cybersecurity jobs will open this year, and many will require strong knowledge and skills in cybersecurity analysis. CompTIA's new vendor-neutral Cybersecurity Analyst (CSA+) IT professional validates the knowledge and skills you'll need to qualify for these opportunities. CompTIA Cybersecurity Analyst+ Cert Guide is the comprehensive self-study resource for the brand-new CSA+ (CSO-001) exam.



Designed for all CompTIA Cybersecurity Analyst (CSA+) candidates, this guide covers every exam objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find:



Pre-chapter quizzes to assess knowledge upfront and focus your study more efficiently
Foundation topics sections that explain concepts and configurations, and link theory to practice
Key topics sections calling attention to every figure, table, and list you must know
Exam Preparation sections with additional chapter review features
Final preparation chapter providing tools and a complete final study plan
A customizable practice test library

This guide offers comprehensive, up-to-date coverage of all CSA+ topics related to:



Environmental reconnaissance, response, and countermeasures
Securing corporate environments
Managing information security vulnerabilities, including detailed coverage of common vulnerabilities
Analyzing threat data or behavior, performing computer forensics, and responding to incidents
Recovering and responding to incidents
Using security frameworks to guide common security policies
Implementing identity/access management and compensating controls
Optimizing security throughout the Software Development Life Cycle (SDLC)
Choosing and applying cybersecurity tools and technologies, and more
show more

Product details

  • Mixed media product | 592 pages
  • 195 x 240 x 30mm | 1,179g
  • PEARSON IT CERTIFICATION
  • Upper Saddle River, United States
  • English
  • 0789756951
  • 9780789756954
  • 676,749

Table of contents

Introduction xxvii

Chapter 1 Applying Environmental Reconnaissance Techniques 3

"Do I Know This Already?" Quiz 3

Foundation Topics 5

Procedures/Common Tasks 5

Topology Discovery 5

OS Fingerprinting 5

Service Discovery 6

Packet Capture 6

Log Review 6

Router/Firewall ACLs Review 6

E-mail Harvesting 7

Social Media Profiling 7

Social Engineering 8

DNS Harvesting 8

Phishing 11

Variables 11

Wireless vs. Wired 12

Virtual vs. Physical 13

Internal vs. External 14

On-premises vs. Cloud 15

Tools 16

Nmap 16

Host Scanning 19

Network Mapping 20

Netstat 21

Packet Analyzer 23

IDS/IPS 25

HIDS/NIDS 27

Firewall Rule-Based and Logs 27

Firewall Types 27

Firewall Architecture 29

Syslog 30

Vulnerability Scanner 30

Exam Preparation Tasks 31

Review All Key Topics 31

Define Key Terms 32

Review Questions 32

Chapter 2 Analyzing the Results of Network Reconnaissance 37

"Do I Know This Already?" Quiz 37

Foundation Topics 40

Point-in-Time Data Analysis 40

Packet Analysis 40

Protocol Analysis 40

Traffic Analysis 40

NetFlow Analysis 41

Wireless Analysis 43

CSMA/CA 43

Data Correlation and Analytics 45

Anomaly Analysis 45

Trend Analysis 46

Availability Analysis 46

Heuristic Analysis 46

Behavioral Analysis 47

Data Output 47

Firewall Logs 47

Packet Captures 49

Nmap Scan Results 52

Port Scans 52

Event Logs 53

Syslog 55

IDS Report 56

Tools 57

SIEM 57

Packet Analyzer 59

IDS 60

Resource Monitoring Tool 61

NetFlow Analyzer 61

Exam Preparation Tasks 62

Review All Key Topics 62

Define Key Terms 63

Review Questions 63

Chapter 3 Recommending and Implementing the Appropriate Response and Countermeasure 69

"Do I Know This Already?" Quiz 69

Foundation Topics 72

Network Segmentation 72

LAN 72

Intranet 72

Extranet 72

DMZ 73

VLANs 73

System Isolation 75

Jump Box 76

Honeypot 77

Endpoint Security 77

Group Policies 78

ACLs 80

Sinkhole 81

Hardening 82

Mandatory Access Control (MAC) 82

Compensating Controls 83

Control Categories 83

Access Control Types 84

Administrative (Management) Controls 85

Logical (Technical) Controls 85

Physical Controls 85

Blocking Unused Ports/Services 86

Patching 86

Network Access Control 86

Quarantine/Remediation 88

Agent-Based vs. Agentless NAC 88

802.1x 88

Exam Preparation Tasks 90

Review All Key Topics 90

Define Key Terms 91

Review Questions 91

Chapter 4 Practices Used to Secure a Corporate Environment 95

"Do I Know This Already?" Quiz 95

Foundation Topics 98

Penetration Testing 98

Rules of Engagement 100

Reverse Engineering 101

Isolation/Sandboxing 101

Hardware 103

Software/Malware 104

Training and Exercises 105

Risk Evaluation 106

Technical Impact and Likelihood 106

Technical Control Review 107

Operational Control Review 107

Exam Preparation Tasks 107

Review All Key Topics 108

Define Key Terms 108

Review Questions 108

Chapter 5 Implementing an Information Security Vulnerability Management Process 113

"Do I Know This Already?" Quiz 113

Foundation Topics 117

Identification of Requirements 117

Regulatory Environments 117

Corporate Policy 119

Data Classification 119

Asset Inventory 120

Establish Scanning Frequency 120

Risk Appetite 120

Regulatory Requirements 121

Technical Constraints 121

Workflow 121

Configure Tools to Perform Scans According to Specification 122

Determine Scanning Criteria 122

Sensitivity Levels 122

Vulnerability Feed 123

Scope 123

Credentialed vs. Non-credentialed 125

Types of Data 126

Server-Based vs. Agent-Based 126

Tool Updates/Plug-ins 128

SCAP 128

Permissions and Access 131

Execute Scanning 131

Generate Reports 132

Automated vs. Manual Distribution 132

Remediation 133

Prioritizing 133

Criticality 134

Difficulty of Implementation 134

Communication/Change Control 134

Sandboxing/Testing 134

Inhibitors to Remediation 134

MOUs 134

SLAs 135

Organizational Governance 135

Business Process Interruption 135

Degrading Functionality 135

Ongoing Scanning and Continuous Monitoring 135

Exam Preparation Tasks 136

Review All Key Topics 136

Define Key Terms 136

Review Questions 137

Chapter 6 Analyzing Scan Output and Identifying Common Vulnerabilities 141

"Do I Know This Already?" Quiz 141

Foundation Topics 143

Analyzing Output Resulting from a Vulnerability Scan 143

Analyze Reports from a Vulnerability Scan 143

Review and Interpret Scan Results 145

Validate Results and Correlate Other Data Points 147

Common Vulnerabilities Found in Targets Within an Organization 148

Servers 148

Web Servers 149

Database Servers 160

Endpoints 161

Network Infrastructure 162

Switches 163

MAC Overflow 164

ARP Poisoning 164

VLANs 165

Routers 168

Network Appliances 169

Virtual Infrastructure 169

Virtual Hosts 169

Virtual Networks 170

Management Interface 171

Mobile Devices 173

Interconnected Networks 174

Virtual Private Networks 175

Industrial Control Systems/SCADA Devices 179

Exam Preparation Tasks 180

Review All Key Topics 181

Define Key Terms 182

Review Questions 182

Chapter 7 Identifying Incident Impact and Assembling a Forensic Toolkit 187

"Do I Know This Already?" Quiz 187

Foundation Topics 189

Threat Classification 189

Known Threats vs. Unknown Threats 190

Zero Day 190

Advanced Persistent Threat 191

Factors Contributing to Incident Severity and Prioritization 191

Scope of Impact 191

Downtime and Recovery Time 191

Data Integrity 193

Economic 193

System Process Criticality 193

Types of Data 194

Personally Identifiable Information (PII) 194

Personal Health Information (PHI) 195

Payment Card Information 195

Intellectual Property 197

Corporate Confidential 199

Forensics Kit 201

Digital Forensics Workstation 202

Forensic Investigation Suite 206

Exam Preparation Tasks 208

Review All Key Topics 208

Define Key Terms 208

Review Questions 209

Chapter 8 The Incident Response Process 213

"Do I Know This Already?" Quiz 213

Foundation Topics 216

Stakeholders 216

HR 216

Legal 217

Marketing 217

Management 217

Purpose of Communication Processes 217

Limit Communication to Trusted Parties 218

Disclosure Based on Regulatory/Legislative Requirements 218

Prevent Inadvertent Release of Information 218

Secure Method of Communication 218

Role-Based Responsibilities 218

Technical 219

Management 219

Law Enforcement 219

Retain Incident Response Provider 220

Using Common Symptoms to Select the Best Course of Action to Support Incident Response 220

Common Network-Related Symptoms 220

Bandwidth Consumption 221

Beaconing 221

Irregular Peer-to-Peer Communication 222

Rogue Devices on the Network 223

Scan Sweeps 224

Unusual Traffic Spikes 225

Common Host-Related Symptoms 225

Processor Consumption 226

Memory Consumption 227

Drive Capacity Consumption 227

Unauthorized Software 228

Malicious Processes 229

Unauthorized Changes 229

Unauthorized Privileges 229

Data Exfiltration 229

Common Application-Related Symptoms 230

Anomalous Activity 230

Introduction of New Accounts 231

Unexpected Output 231

Unexpected Outbound Communication 231

Service Interruption 231

Memory Overflows 231

Exam Preparation Tasks 232

Review All Key Topics 232

Define Key Terms 232

Review Questions 233

Chapter 9 Incident Recovery and Post-Incident Response 237

"Do I Know This Already?" Quiz 237

Foundation Topics 240

Containment Techniques 240

Segmentation 240

Isolation 240

Removal 241

Reverse Engineering 241

Eradication Techniques 242

Sanitization 242

Reconstruction/Reimage 242

Secure Disposal 242

Validation 243

Patching 243

Permissions 244

Scanning 244

Verify Logging/Communication to Security Monitoring 244

Corrective Actions 245

Lessons Learned Report 245

Change Control Process 245

Update Incident Response Plan 245

Incident Summary Report 246

Exam Preparation Tasks 246

Review All Key Topics 246

Define Key Terms 247

Review Questions 247

Chapter 10 Frameworks, Policies, Controls, and Procedures 251

"Do I Know This Already?" Quiz 251

Foundation Topics 254

Regulatory Compliance 254

Frameworks 258

National Institute of Standards and Technology (NIST) 258

Framework for Improving Critical Infrastructure Cybersecurity 259 ISO 260

Control Objectives for Information and Related Technology (COBIT) 263

Sherwood Applied Business Security Architecture (SABSA) 265

The Open Group Architecture Framework (TOGAF) 265

Information Technology Infrastructure Library (ITIL) 267

Policies 268

Password Policy 268

Acceptable Use Policy (AUP) 271

Data Ownership Policy 272

Data Retention Policy 272

Account Management Policy 273

Data Classification Policy 274

Sensitivity and Criticality 275

Commercial Business Classifications 276

Military and Government Classifications 276

Controls 277

Control Selection Based on Criteria 278

Handling Risk 278

Organizationally Defined Parameters 281

Access Control Types 282

Procedures 284

Continuous Monitoring 284

Evidence Production 285

Patching 285

Compensating Control Development 286

Control Testing Procedures 286

Manage Exceptions 287

Remediation Plans 287

Verifications and Quality Control 288

Audits 288

Evaluations 290

Assessments 290

Maturity Model 291

CMMI 291

Certification 291

NIACAP 292

ISO/IEC 27001 292

ISO/IEC 27002 294

Exam Preparation Tasks 294

Review All Key Topics 294

Define Key Terms 295

Review Questions 296

Chapter 11 Remediating Security Issues Related to Identity and Access Management 301

"Do I Know This Already?" Quiz 301

Foundation Topics 304

Security Issues Associated with Context-Based Authentication 304

Time 304

Location 304

Frequency 305

Behavioral 305

Security Issues Associated with Identities 305

Personnel 306

Employment Candidate Screening 306

Employment Agreement and Policies 308

Periodic Review 308

Proper Credential Management 308

Creating Accountability 309

Maintaining a Secure Provisioning Life Cycle 309

Endpoints 310

Social Engineering Threats 310

Malicious Software 311

Rogue Endpoints 311

Rogue Access Points 312

Servers 312

Services 313

Roles 315

Applications 316

IAM Software 316

Applications as Identities 317

OAuth 318

OpenSSL 319

Security Issues Associated with Identity Repositories 319

Directory Services 319

LDAP 319

Active Directory (AD) 320

SESAME 321

DNS 322

TACACS+ and RADIUS 323

Security Issues Associated with Federation and Single Sign-on 325

Identity Propagation 326

Federations 327

XACML 327

SPML 329

SAML 330

OpenID 331

Shibboleth 332

Manual vs. Automatic Provisioning/Deprovisioning 333

Self-Service Password Reset 334

Exploits 334

Impersonation 334

Man-in-the-Middle 334

Session Hijack 335

Cross-Site Scripting 335

Privilege Escalation 335

Rootkit 335

Exam Preparation Tasks 336

Review All Key Topics 336

Define Key Terms 337

Review Questions 338

Chapter 12 Security Architecture and Implementing Compensating Controls 343

"Do I Know This Already?" Quiz 343

Foundation Topics 346

Security Data Analytics 346

Data Aggregation and Correlation 346

Trend Analysis 346

Historical Analysis 347

Manual Review 348

Firewall Log 348

Syslogs 350

Authentication Logs 351

Event Logs 352

Defense in Depth 353

Personnel 354

Training 354

Dual Control 355

Separation of Duties 355

Split Knowledge 355

Third Party/Consultants 355

Cross-Training/Mandatory Vacations 356

Succession Planning 356

Processes 356

Continual Improvement 356

Scheduled Reviews/Retirement of Processes 357

Technologies 358

Automated Reporting 358

Security Appliances 358

Security Suites 359

Outsourcing 360

Cryptography 362

Other Security Concepts 373

Network Design 374

Exam Preparation Tasks 379

Review All Key Topics 379

Define Key Terms 380

Review Questions 380

Chapter 13 Application Security Best Practices 385

"Do I Know This Already?" Quiz 385

Foundation Topics 387

Best Practices During Software Development 387

Plan/Initiate Project 387

Gather Requirements (Security Requirements Definition) 388

Design 388

Develop 389

Test/Validate 389

Security Testing Phases 390

Static Code Analysis 390

Web App Vulnerability Scanning 391

Fuzzing 391

Use Interception Proxy to Crawl Application 392

Manual Peer Reviews 393

User Acceptance Testing 393

Stress Test Application 393

Security Regression Testing 394

Input Validation 394

Release/Maintain 395

Certify/Accredit 395

Change Management and Configuration Management/Replacement 395

Secure Coding Best Practices 396

OWASP 396

SANS 396

Center for Internet Security 397

System Design Recommendations 397

Benchmarks 398

Exam Preparation Tasks 398

Review All Key Topics 398

Define Key Terms 399

Review Questions 399

Chapter 14 Using Cybersecurity Tools and Technologies 403

"Do I Know This Already?" Quiz 403

Foundation Topics 405

Preventative Tools 405

IPS 405

IDS 405

Sourcefire 405

Snort 406

Bro 407

HIPS 408

Firewall 408

Firewall Architecture 410

Cisco 415

Palo Alto 415

Check Point 415

Antivirus 415

Anti-malware 416

Anti-spyware 416

Cloud Antivirus Services 417

EMET 418

Web Proxy 418

Web Application Firewall 418

ModSecurity 420

NAXSI 420

Imperva 421

Collective Tools 421

SIEM 421

ArcSight 421

QRadar 422

Splunk 422

AlienVault/OSSIM 422

Kiwi Syslog 423

Network Scanning 423

Nmap 423

Vulnerability Scanning 423

Qualys 425

Nessus 425

OpenVAS 426

Nexpose 426

Nikto 427

Microsoft Baseline Security Analyzer 427

Packet Capture 428

Wireshark 428

tcpdump 429

Network General 429

Aircrack-ng 429

Command Line/IP Utilities 430

Netstat 430

ping 431

tracert/traceroute 432

ipconfig/ifconfig 433

nslookup/dig 434

Sysinternals 435

OpenSSL 436

IDS/HIDS 436

Analytical Tools 436

Vulnerability Scanning 437

Monitoring Tools 437

MRTG 437

Nagios 438

SolarWinds 438

Cacti 439

NetFlow Analyzer 439

Interception Proxy 439

Burp Suite 440

Zap 440

Vega 440

Exploit Tools 440

Interception Proxy 440

Exploit Framework 441

Metasploit 441

Nexpose 442

Fuzzers 442

Untidy/Peach Fuzzer 442

Microsoft SDL File/Regex Fuzzer 442

Forensics Tools 443

Forensic Suites 443

EnCase 444

FTK 444

Helix 444

Sysinternals 444

Cellebrite 445

Hashing 445

MD5sum 445

SHAsum 445

Password Cracking 445

John the Ripper 445

Cain & Abel 446

Imaging 447

DD 447

Exam Preparation Tasks 447

Review All Key Topics 447

Define Key Terms 448

Review Questions 448

Chapter 15 Final Preparation 453

Tools for Final Preparation 453

Pearson Test Prep Practice Test Software and Questions on the Website 453

Accessing the Pearson Test Prep Software Online 454

Accessing the Pearson Test Prep Practice Test Software Offline 454

Customizing Your Exams 455

Updating Your Exams 456

Premium Edition 456

Chapter-Ending Review Tools 457

Suggested Plan for Final Review/Study 457

Summary 457

Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 459

Glossary 491





9780789756954 TOC 5/22/2017
show more

About Troy Mcmillan

Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 16 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones:

* Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)

* Author of CISSP Cert Guide (Pearson)

* Prep test question writer for CCNA Wireless 640-722 (Cisco Press)

* Author of CASP Cert Guide(Pearson)




Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2.




He delivers CISSP training classes for CyberVista, authorized online training provider for (ISC)2.




Troy now creates certification practice tests and study guides for the Transcender and Self-Test brands. He lives in Pfafftown, North Carolina, with his wife, Heike
show more

Rating details

13 ratings
3.92 out of 5 stars
5 38% (5)
4 31% (4)
3 23% (3)
2 0% (0)
1 8% (1)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X