Atjaunināt sīkdatņu piekrišanu

CompTIA CySAplus Certification Kit: Exam CS0-002 [Mīkstie vāki]

5.00/5 (2 ratings by Goodreads)
, (University of Notre Dame)
  • Formāts: Paperback / softback, 1232 pages, height x width x depth: 234x185x69 mm, weight: 1701 g
  • Izdošanas datums: 03-Dec-2020
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119793998
  • ISBN-13: 9781119793991
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 94,16 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
CompTIA CySAplus Certification Kit: Exam CS0-002Palielināt
  • Formāts: Paperback / softback, 1232 pages, height x width x depth: 234x185x69 mm, weight: 1701 g
  • Izdošanas datums: 03-Dec-2020
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119793998
  • ISBN-13: 9781119793991
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119793991.html

Your one-stop resource for preparing for the CompTIA CySA+ exam!

The Certification Kit includes:

CompTIA CySA+ Study Guide: Exam CS0-002, Second Edition

100% coverage of the REVISED CompTIA CySA+ (Cybersecurity Analyst+) exam objectives. The book contains clear and concise information on crucial security topics. It includes practical examples and insights drawn from real-world experience, as well as exam highlights and end-of-chapter review questions. This comprehensive study resource provides authoritative coverage of key exam topics, including:

  • Threat and Vulnerability Management
  • Software and Systems Security
  • Security Operations and Monitoring
  • Incident Response
  • Compliance and Assessment 

Because the exam focuses on practical application of key security concepts, the book includes additional hands-on labs and recommendations for creating a cybersecurity toolkit. 

CompTIA CySA+ Practice Tests: Exam CS0-002, Second Edition

This Practie Tests provides hundreds of domain-by-domain questions, covering all the CompTIA CySA+ objectives, PLUS two additional practice exams, for a total of 1000 test questions! Coverage of all exam objective domains helps you gain the confidence you need for taking the CompTIA CySA+ Exam CS0-002. The practice test questions prepare you for success.

Readers of this Certification Kit also have one year of FREE access after activation to additional study tools, including a leading-edge interactive online test bank with hundreds of bonus practice questions and electronic flashcards, and a searchable glossary of the most important terms readers need to understand.

CompTIA® Cybersecurity Analyst (CySA+) Study Guide Exam CSO-002
Introduction xxvii
Assessment Test xli
Chapter 1 Today's Cybersecurity Analyst
1(34)
Cybersecurity Objectives
2(1)
Privacy vs. Security
3(1)
Evaluating Security Risks
4(6)
Identify Threats
6(2)
Identify Vulnerabilities
8(1)
Determine Likelihood, Impact, and Risk
8(2)
Reviewing Controls
10(1)
Building a Secure Network
10(7)
Network Access Control
10(2)
Firewalls and Network Perimeter Security
12(3)
Network Segmentation
15(1)
Defense Through Deception
16(1)
Secure Endpoint Management
17(2)
Hardening System Configurations
17(1)
Patch Management
17(1)
Group Policies
18(1)
Endpoint Security Software
19(1)
Penetration Testing
19(3)
Planning a Penetration Test
20(1)
Conducting Discovery
21(1)
Executing a Penetration Test
21(1)
Communicating Penetration Test Results
22(1)
Training and Exercises
22(1)
Reverse Engineering
22(3)
Isolation and Sandboxing
23(1)
Reverse-Engineering Software
23(1)
Reverse-Engineering Hardware
24(1)
The Future of Cybersecurity Analytics
25(1)
Summary
26(1)
Exam Essentials
26(2)
Lab Exercises
28(2)
Activity 1.1 Create an Inbound Firewall Rule
28(1)
Activity 1.2 Create a Group Policy Object
28(2)
Activity 1.3 Write a Penetration Testing Plan
30(1)
Activity 1.4 Recognize Security Tools
30(1)
Review Questions
30(5)
Chapter 2 Using Threat Intelligence
35(28)
Threat Data and Intelligence
36(8)
Open Source Intelligence
37(2)
Proprietary and Closed Source Intelligence
39(1)
Assessing Threat Intelligence
39(2)
Threat Indicator Management and Exchange
41(1)
The Intelligence Cycle
42(1)
The Threat Intelligence Community
43(1)
Threat Classification
44(4)
Threat Actors -
44(1)
Threat Classification
45(1)
Threat Research and Modeling
46(2)
Attack Frameworks
48(5)
MITRE's ATT&CK Framework
48(2)
The Diamond Model of Intrusion Analysis
50(1)
Lockheed Martin's Cyber Kill Chain
51(2)
The Unified Kill Chain
53(1)
Common Vulnerability Scoring System (CVSS)
53(1)
Applying Threat Intelligence Organizationwide
53(2)
Proactive Threat Hunting
54(1)
Summary
55(1)
Exam Essentials
56(3)
Lab Exercises
57(1)
Activity 2.1 Explore the ATT&CK Framework
57(1)
Activity 2.2 Set Up a STIX/TAXII Feed
58(1)
Activity 2.3 Intelligence Gathering Techniques
58(1)
Review Questions
59(4)
Chapter 3 Reconnaissance and Intelligence Gathering
63(46)
Mapping and Enumeration
64(11)
Active Reconnaissance
65(1)
Mapping Networks and Discovering Topology
65(2)
Pinging Hosts
67(2)
Port Scanning and Service Discovery Techniques and Tools
69(6)
Passive Footprinting
75(17)
Log and Configuration Analysis
76(8)
Harvesting Data from DNS and Whois
84(7)
Responder
91(1)
Information Aggregation and Analysis Tools
92(1)
Information Gathering Using Packet Capture
92(1)
Gathering Organizational Intelligence
92(5)
Organizational Data
93(1)
Electronic Document Harvesting
94(3)
Detecting, Preventing, and Responding to Reconnaissance
97(3)
Capturing and Analyzing Data to Detect Reconnaissance
97(2)
Preventing Reconnaissance
99(1)
Summary
100(1)
Exam Essentials
101(2)
Lab Exercises
102(1)
Activity 3.1 Port Scanning
102(1)
Activity 3.2 Write an Intelligence Gathering Plan
102(1)
Activity 3.3 Intelligence Gathering Techniques
103(1)
Review Questions
103(6)
Chapter 4 Designing a Vulnerability Management Program
109(36)
Identifying Vulnerability Management Requirements
110(8)
Regulatory Environment
110(4)
Corporate Policy
114(1)
Identifying Scan Targets
114(1)
Determining Scan Frequency
115(2)
Active vs. Passive Scanning
117(1)
Configuring and Executing Vulnerability Scans
118(8)
Scoping Vulnerability Scans
118(1)
Configuring Vulnerability Scans
119(4)
Scanner Maintenance
123(3)
Developing a Remediation Workflow
126(5)
Reporting and Communication
127(2)
Prioritizing Remediation
129(1)
Testing and Implementing Fixes
130(1)
Delayed Remediation Options
131(1)
Overcoming Risks of Vulnerability Scanning
131(2)
Vulnerability Scanning Tools
133(4)
Infrastructure Vulnerability Scanning
133(1)
Web Application Scanning
133(1)
Interception Proxies
134(2)
Wireless Assessment Tools
136(1)
Summary
137(1)
Exam Essentials
138(2)
Lab Exercises
139(1)
Activity 4.1 Install a Vulnerability Scanner
139(1)
Activity 4.2 Run a Vulnerability Scan
140(1)
Review Questions
140(5)
Chapter 5 Analyzing Vulnerability Scans
145(46)
Reviewing and Interpreting Scan Reports
146(9)
Understanding CVSS
148(7)
Validating Scan Results
155(3)
False Positives
156(1)
Documented Exceptions
156(1)
Understanding Informational Results
157(1)
Reconciling Scan Results with Other Data Sources
158(1)
Trend Analysis
158(1)
Common Vulnerabilities
158(25)
Server and Endpoint Vulnerabilities
159(9)
Network Vulnerabilities
168(5)
Virtualization Vulnerabilities
173(3)
Internet of Things (IoT)
176(1)
Web Application Vulnerabilities
177(4)
Authentication Vulnerabilities
181(2)
Summary
183(1)
Exam Essentials
184(1)
Lab Exercises
185(2)
Activity 5.1 Interpret a Vulnerability Scan
185(1)
Activity 5.2 Analyze a CVSS Vector
185(1)
Activity 5.3 Remediate a Vulnerability
185(2)
Review Questions
187(4)
Chapter 6 Cloud Security
191(30)
Understanding Cloud Environments
192(12)
The Case for Cloud Computing
193(1)
Cloud Service Models
194(6)
Cloud Deployment Models
200(4)
Operating in the Cloud
204(4)
DevOps Strategies
205(1)
Infrastructure as Code (IaC)
206(1)
Application Programming Interfaces
207(1)
Cloud Monitoring
208(1)
Cloud Infrastructure Security
208(6)
Cloud Infrastructure Security Tools
209(4)
Cloud Access Security Brokers (CASB)
213(1)
Summary
214(1)
Exam Essentials
215(2)
Lab Exercises
216(1)
Activity 6.1 Run a ScoutSuite Assessment
216(1)
Activity 6.2 Explore the Exploits Available with Pacu
216(1)
Activity 6.3 Scan an AWS Account with Prowler
216(1)
Review Questions
217(4)
Chapter 7 Infrastructure Security and Controls
221(86)
Understanding Defense-in-Depth
222(11)
Layered Security
222(1)
Zero Trust
223(1)
Segmentation
224(2)
Network Architecture
226(1)
Physical Network Architectures
227(1)
Software-Defined Networks
227(1)
Virtualization
228(1)
Asset and Change Management
229(1)
Logging, Monitoring, and Validation
229(1)
Encryption
230(1)
Active Defense
231(1)
Infrastructure Security and the Cloud
231(2)
Improving Security by Improving Controls
233(7)
Layered Host Security
234(1)
Permissions
235(1)
Whitelisting and Blacklisting
235(1)
Technical Controls
236(2)
Policy, Process, and Standards
238(2)
Analyzing Security Architecture
240(9)
Analyzing Security Requirements
240(1)
Reviewing Architecture
241(1)
Common Issues
242(4)
Reviewing a Security Architecture
246(2)
Maintaining a Security Design
248(1)
Summary
249(1)
Exam Essentials
249(4)
Lab Exercises
250(1)
Activity 7.1 Review an Application Using the OWASP Attack Surface Analysis Cheat Sheet
250(1)
Activity 7.2 Review a NIST Security Architecture
251(1)
Activity 7.3 Security Architecture Terminology
252(1)
Review Questions
253(6)
Chapter 8 Identity and Access Management Security
259(1)
Understanding Identity
260(9)
Identity Systems and Security Design
261(8)
Threats to Identity and Access
269(11)
Understanding Security Issues with Identities
269(1)
Attacking AAA Systems and Protocols
270(5)
Targeting Account Creation, Provisioning, - and Deprovisioning
275(1)
Preventing Common Exploits of Identity and Authorization
276(1)
Acquiring Credentials
277(3)
Identity as a Security Layer
280(9)
Identity and Defense-in-Depth
280(1)
Securing Authentication and Authorization
281(7)
Detecting Attacks and Security Operations
288(1)
Federation and Single Sign-On
289(8)
Federated Identity Security Considerations
289(2)
Federated Identity Design Choices
291(2)
Federated Identity Technologies
293(4)
Federation Incident Response
297(1)
Summary
297(1)
Exam Essentials
298(5)
Lab Exercises
299(1)
Activity 8.1 Federated Security Scenario
299(1)
Activity 8.2 On-site Identity Issues Scenario
300(1)
Activity 8.3 Identity and Access Management Terminology
301(2)
Review Questions
303(4)
Chapter 9 Software and Hardware Development Security
307(42)
Software Assurance Best Practices
308(10)
The Software Development Life Cycle
309(1)
Software Development Phases
310(1)
Software Development Models
311(6)
DevSecOps and DevOps
317(1)
Designing and Coding for Security
318(13)
Common Software Development Security Issues
319(2)
Security Implications of Target Platforms
321(1)
Secure Coding Best Practices
322(3)
API Security
325(1)
Service-Oriented Architectures
325(2)
Application Testing
327(1)
Information Security and the SDLC
327(1)
Code Review Models
328(3)
Software Security Testing
331(6)
Software Assessment: Testing and Analyzing Code
332(3)
Web Application Vulnerability Scanning
335(2)
Hardware Assurance Best Practices
337(3)
Cryptographic Hardware
337(1)
Firmware Security
338(1)
Hardware Security
339(1)
Summary
340(1)
Exam Essentials
341(3)
Lab Exercises
342(1)
Activity 9.1 Review an Application Using the OWASP Application Security Architecture Cheat Sheet
342(1)
Activity 9.2 Learn About Web Application Exploits from WebGoat
342(1)
Activity 9.3 SDLC Terminology
343(1)
Review Questions
344(5)
Chapter 10 Security Operations and Monitoring
349(30)
Security Monitoring
350(21)
Analyzing Security Data
350(1)
Logs
351(7)
Endpoint Data Analysis
358(4)
Network Data Analysis
362(3)
Protecting and Analyzing Email
365(4)
Scripting, Searching, and Text Manipulation
369(2)
Summary
371(1)
Exam Essentials
371(3)
Lab Exercises
372(1)
Activity 10.1 Analyze a Network Capture File
372(1)
Activity 10.2 Analyze a Phishing Email
373(1)
Activity 10.3 Security Architecture Terminology
373(1)
Review Questions
374(5)
Chapter 11 Building an Incident Response Program
379(26)
Security Incidents
380(1)
Phases of Incident Response
381(6)
Preparation
382(1)
Detection and Analysis
383(1)
Containment, Eradication, and Recovery
384(1)
Postincident Activity
385(2)
Building the Foundation for Incident Response
387(2)
Policy
387(1)
Procedures and Playbooks
387(1)
Documenting the Incident Response Plan
388(1)
Creating an Incident Response Team
389(2)
Incident Response Providers
391(1)
CSIRT Scope of Control
391(1)
Coordination and Information Sharing
391(2)
Internal Communications
392(1)
External Communications
392(1)
Classifying Incidents
393(5)
Threat Classification
393(1)
Severity Classification
394(4)
Summary
398(1)
Exam Essentials
398(3)
Lab Exercises
399(1)
Activity 11.1 Incident Severity Classification
399(1)
Activity 11.2 Incident Response Phases
400(1)
Activity 11.3 Develop an Incident Communications Plan
400(1)
Review Questions
401(4)
Chapter 12 Analyzing Indicators of Compromise
405(82)
Analyzing Network Events
406(16)
Capturing Network-Related Events
407(4)
Network Monitoring Tools
411(2)
Detecting Common Network Issues
413(4)
Detecting Scans and Probes
417(1)
Detecting Denial-of-Service and Distributed Denial-of-Service Attacks
417(3)
Detecting Other Network Attacks
420(1)
Detecting and Finding Rogue Devices
420(2)
Investigating Host-Related Issues
422(8)
System Resources
422(4)
Malware, Malicious Processes, and Unauthorized Software
426(2)
Unauthorized Access, Changes, and Privileges
428(2)
Investigating Service and Application-Related Issues
430(5)
Application and Service Monitoring
431(2)
Application and Service Issue Response and Restoration
433(1)
Detecting Attacks on Applications
434(1)
Summary
435(1)
Exam Essentials
436(3)
Lab Exercises
436(1)
Activity 12.1 Identify a Network Scan
436(1)
Activity 12.2 Write a Service Issue Response Plan
437(1)
Activity 12.3 Security Tools
438(1)
Review Questions
439(4)
Chapter 13 Performing Forensic Analysis and Techniques
443(1)
Building a Forensics Capability
444(4)
Building a Forensic Toolkit
444(4)
Understanding Forensic Software
448(4)
Capabilities and Application
448(4)
Conducting Endpoint Forensics
452(3)
Operating System, Process, and Memory Dump Analysis
452(3)
Network Forensics
455(3)
Cloud, Virtual, and Container Forensics
458(2)
Conducting a Forensic Investigation
460(11)
Forensic Procedures
460(2)
Target Locations
462(1)
Acquiring and Validating Drive Images
463(4)
Imaging Live Systems
467(1)
Acquiring Other Data
467(4)
Forensic Investigation: An Example
471(7)
Importing a Forensic Image
471(2)
Analyzing the Image
473(3)
Reporting
476(2)
Summary
478(1)
Exam Essentials
478(4)
Lab Exercises
479(1)
Activity 13.1 Create a Disk Image
479(1)
Activity 13.2 Conduct the NIST Rhino Hunt
480(1)
Activity 13.3 Security Tools
481(1)
Review Questions
482(5)
Chapter 14 Containment, Eradication, and Recovery
487(24)
Containing the Damage
489(7)
Segmentation
490(2)
Isolation
492(1)
Removal
493(2)
Evidence Gathering and Handling
495(1)
Identifying Attackers
495(1)
Incident Eradication and Recovery
496(4)
Reconstruction and Reimaging
497(1)
Patching Systems and Applications
497(1)
Sanitization and Secure Disposal
498(2)
Validating the Recovery Effort
500(1)
Wrapping Up the Response
500(2)
Managing Change Control Processes
501(1)
Conducting a Lessons Learned Session
501(1)
Developing a Final Report
501(1)
Evidence Retention
502(1)
Summary
502(1)
Exam Essentials
502(5)
Lab Exercises
503(1)
Activity 14.1 Incident Containment Options
503(2)
Activity 14.2 Incident Response Activities
505(1)
Activity 14.3 Sanitization and Disposal Techniques
506(1)
Review Questions
507(4)
Chapter 15 Risk Management
511(24)
Analyzing Risk
512(6)
Risk Identification
513(1)
Risk Calculation
514(1)
Business Impact Analysis
515(3)
Managing Risk
518(4)
Risk Mitigation
519(1)
Risk Avoidance
520(1)
Risk Transference
520(1)
Risk Acceptance
521(1)
Security Controls
522(6)
Nontechnical Controls
522(4)
Technical Controls
526(2)
Summary
528(1)
Exam Essentials
529(2)
Lab Exercises
529(1)
Activity 15.1 Risk Management Strategies
529(1)
Activity 15.2 Risk Identification and Assessment
530(1)
Activity 15.3 Risk Management
530(1)
Review Questions
531(4)
Chapter 16 Policy and Compliance
535(26)
Understanding Policy Documents
536(9)
Policies
536(3)
Standards
539(2)
Procedures
541(1)
Guidelines
542(1)
Exceptions and Compensating Controls
543(2)
Complying with Laws and Regulations
545(1)
Adopting a Standard Framework
546(6)
NIST Cybersecurity Framework
546(3)
ISO 27001
549(1)
Control Objectives for Information and Related Technologies (COBIT)
550(1)
Information Technology Infrastructure Library (ITIL)
551(1)
Implementing Policy-Based Controls
552(1)
Security Control Categories
552(1)
Security Control Types
553(1)
Security Control Verification and Quality Control
553(1)
Summary
554(1)
Exam Essentials
554(3)
Lab Exercises
555(1)
Activity 16.1 Policy Documents
555(1)
Activity 16.2 Using a Cybersecurity Framework
556(1)
Activity 16.3 Compliance Auditing Tools
556(1)
Review Questions
557(4)
Appendices
561
Appendix A Practice Exam
561(20)
Exam Questions
562(19)
Appendix B Answers to Review Questions and Practice Exam
581(40)
Chapter 1 Today's Cybersecurity Analyst
582(1)
Chapter 2 Using Threat Intelligence
583(2)
Chapter 3 Reconnaissance and Intelligence Gathering
585(2)
Chapter 4 Designing a Vulnerability Management Program
587(2)
Chapter 5 Analyzing Vulnerability Scans
589(1)
Chapter 6 Cloud Security
590(2)
Chapter 7 Infrastructure Security and Controls
592(3)
Chapter 8 Identity and Access Management Security
595(2)
Chapter 9 Software and Hardware Development Security
597(2)
Chapter 10 Security Operations and Monitoring
599(2)
Chapter 11 Building an Incident Response Program
601(2)
Chapter 12 Analyzing Indicators of Compromise
603(2)
Chapter 13 Performing Forensic Analysis and Techniques
605(2)
Chapter 14 Containment, Eradication, and Recovery
607(2)
Chapter 15 Risk Management
609(1)
Chapter 16 Policy and Compliance
610(2)
Practice Exam Answers
612(9)
Appendix C Answers to Lab Exercises
621
Chapter 1 Today's Cybersecurity Analyst
622(1)
Solution to Activity 1.4: Recognize Security Tools
622(1)
Chapter 2 Using Threat Intelligence
622(1)
Solution to Activity 2.3: Intelligence Gathering Techniques
622(1)
Chapter 3 Reconnaissance and Intelligence Gathering
623(1)
Solution to Activity 3.3: Intelligence Gathering Tools
623(1)
Chapter 5 Analyzing Vulnerability Scans
623(1)
Solution to Activity 5.2: Analyze a CVSS Vector
623(1)
Chapter 7 Infrastructure Security and Controls
624(1)
Solution to Activity 7.3: Security Architecture Terminology
624(1)
Chapter 8 Identity and Access Management Security
625(1)
Solution to Activity 8.1: Federated Security Scenario
625(1)
Solution to Activity 8.2: On-site Identity Issues Scenario
625(1)
Solution to Activity 8.3: Identity and Access Management Terminology
626(1)
Chapter 9 Software and Hardware Development Security
627(1)
Solution to Activity 9.3: Security Tools
627(1)
Chapter 10 Security Operations and Monitoring
627(1)
Solution to Activity 10.3: Security Architecture Terminology
627(1)
Chapter 11 Building an Incident Response Program
628(1)
Solution to Activity 11.1: Incident Severity Classification
628(1)
Solution to Activity 11.2: Incident Response Phases
629(1)
Chapter 12 Analyzing Indicators of Compromise
629(1)
Solution to Activity 12.3: Security Tools
629(1)
Chapter 13 Performing Forensic Analysis and Techniques
630(1)
Solution to Activity 13.2: Conduct the NIST Rhino Hunt
630(1)
Solution to Activity 13.3: Security Tools
630(1)
Chapter 14 Containment, Eradication, and Recovery
631(1)
Solution to Activity 14.1: Incident Containment Options
631(1)
Solution to Activity 14.2: Incident Response Activities
632(1)
Solution to Activity 14.3: Sanitization and Disposal Techniques
633(1)
Chapter 15 Risk Management
633(1)
Solution to Activity 15.1: Risk Management Strategies
633(1)
Chapter 16 Policy and Compliance
634(1)
Solution to Activity 16.1: Policy Documents
634(1)
Solution to Activity 16.3: Compliance Auditing Tools
634
Index 635
CompTIA® Cybersecurity Analyst (CySA+™) Practice Tests Exam CSO-002
Introduction xix
Chapter 1 Domain 1.0: Threat and Vulnerability Management
1(104)
Chapter 2 Domain 2.0: Software and Systems Security
105(46)
Chapter 3 Domain 3.0: Security Operations and Monitoring
151(56)
Chapter 4 Domain 4.0: Incident Response
207(58)
Chapter 5 Domain 5.0: Compliance and Assessment
265(24)
Chapter 6 Practice Exam 1
289(26)
Chapter 7 Practice Exam 2
315(32)
Appendix Answers to Review Questions
347(134)
Answers to
Chapter 1: Domain 1.0: Threat and Vulnerability Management
348(33)
Answers to
Chapter 2: Domain 2.0: Software and Systems Security
381(22)
Answers to
Chapter 3: Domain 3.0: Security Operations and Monitoring
403(22)
Answers to
Chapter 4: Domain 4.0: Incident Response
425(25)
Answers to
Chapter 5: Domain 5.0: Compliance and Assessment
450(11)
Answers to
Chapter 6: Practice Exam 1
461(9)
Answers to
Chapter 7: Practice Exam 2
470(11)
Index 481
Mike Chapple, PhD, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

David Seidl, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.