CompTIA Cybersecurity Analyst (CySA+) Cert Guide: (Certification Guide)

Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CSA+) exam success with this CompTIA Approved Cert Guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner. ·         Master CompTIA Cybersecurity Analyst (CSA+) exam topics ·         Assess your knowledge with chapter-ending quizzes ·         Review key concepts with exam preparation tasks ·         Practice with realistic exam questions CompTIA Cybersecurity Analyst (CSA+) Cert Guide is a best-of-breed exam study guide. Expert technology instructor and certification author Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.   The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.   The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.   Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.   The CompTIA approved study guide helps you master all the topics on the CSA+ exam, including   ·         Applying environmental reconnaissance ·         Analyzing results of network reconnaissance ·         Implementing responses and countermeasures ·         Implementing vulnerability management processes ·         Analyzing scan output and identifying common vulnerabilities ·         Identifying incident impact and assembling a forensic toolkit ·         Utilizing effective incident response processes ·         Performing incident recovery and post-incident response ·         Establishing frameworks, policies, controls, and procedures ·         Remediating identity- and access-related security issues ·         Architecting security and implementing compensating controls ·         Implementing application security best practices ·         Using cybersecurity tools and technologies   Companion Website The companion website provides access to several digital assets as well as the Pearson Test Prep practice test software, available in both an online application and a Windows desktop offline application, with two full practice exams   Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test   Pearson Test Prep online system requirements: Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.   Pearson Test Prep offline system requirements: Windows 10, Windows 8.1, Windows 7, or Vista (SP2); Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases  

Table of Contents:
Introduction xxvii Chapter 1 Applying Environmental Reconnaissance Techniques 3 “Do I Know This Already?” Quiz 3 Foundation Topics 5 Procedures/Common Tasks 5     Topology Discovery 5     OS Fingerprinting 5     Service Discovery 6     Packet Capture 6     Log Review 6     Router/Firewall ACLs Review 6     E-mail Harvesting 7     Social Media Profiling 7     Social Engineering 8     DNS Harvesting 8     Phishing 11 Variables 11     Wireless vs. Wired 12     Virtual vs. Physical 13     Internal vs. External 14     On-premises vs. Cloud 15 Tools 16     Nmap 16     Host Scanning 19     Network Mapping 20     Netstat 21     Packet Analyzer 23     IDS/IPS 25     HIDS/NIDS 27     Firewall Rule-Based and Logs 27         Firewall Types 27         Firewall Architecture 29     Syslog 30     Vulnerability Scanner 30 Exam Preparation Tasks 31 Review All Key Topics 31 Define Key Terms 32 Review Questions 32 Chapter 2 Analyzing the Results of Network Reconnaissance 37 “Do I Know This Already?” Quiz 37 Foundation Topics 40 Point-in-Time Data Analysis 40     Packet Analysis 40     Protocol Analysis 40     Traffic Analysis 40     NetFlow Analysis 41     Wireless Analysis 43         CSMA/CA 43 Data Correlation and Analytics 45     Anomaly Analysis 45     Trend Analysis 46     Availability Analysis 46     Heuristic Analysis 46     Behavioral Analysis 47 Data Output 47     Firewall Logs 47     Packet Captures 49     Nmap Scan Results 52         Port Scans 52     Event Logs 53     Syslog 55     IDS Report 56 Tools 57     SIEM 57     Packet Analyzer 59     IDS 60     Resource Monitoring Tool 61     NetFlow Analyzer 61 Exam Preparation Tasks 62 Review All Key Topics 62 Define Key Terms 63 Review Questions 63 Chapter 3 Recommending and Implementing the Appropriate Response and Countermeasure 69 “Do I Know This Already?” Quiz 69 Foundation Topics 72 Network Segmentation 72     LAN 72     Intranet 72     Extranet 72     DMZ 73     VLANs 73     System Isolation 75     Jump Box 76 Honeypot 77 Endpoint Security 77 Group Policies 78 ACLs 80     Sinkhole 81 Hardening 82     Mandatory Access Control (MAC) 82     Compensating Controls 83         Control Categories 83         Access Control Types 84         Administrative (Management) Controls 85         Logical (Technical) Controls 85         Physical Controls 85     Blocking Unused Ports/Services 86     Patching 86 Network Access Control 86     Quarantine/Remediation 88     Agent-Based vs. Agentless NAC 88     802.1x 88 Exam Preparation Tasks 90 Review All Key Topics 90 Define Key Terms 91 Review Questions 91 Chapter 4 Practices Used to Secure a Corporate Environment 95 “Do I Know This Already?” Quiz 95 Foundation Topics 98 Penetration Testing 98     Rules of Engagement 100 Reverse Engineering 101     Isolation/Sandboxing 101     Hardware 103     Software/Malware 104 Training and Exercises 105 Risk Evaluation 106     Technical Impact and Likelihood 106     Technical Control Review 107     Operational Control Review 107 Exam Preparation Tasks 107 Review All Key Topics 108 Define Key Terms 108 Review Questions 108 Chapter 5 Implementing an Information Security Vulnerability Management Process 113 “Do I Know This Already?” Quiz 113 Foundation Topics 117 Identification of Requirements 117     Regulatory Environments 117     Corporate Policy 119     Data Classification 119     Asset Inventory 120 Establish Scanning Frequency 120     Risk Appetite 120     Regulatory Requirements 121     Technical Constraints 121     Workflow 121 Configure Tools to Perform Scans According to Specification 122     Determine Scanning Criteria 122         Sensitivity Levels 122         Vulnerability Feed 123         Scope 123         Credentialed vs. Non-credentialed 125         Types of Data 126         Server-Based vs. Agent-Based 126     Tool Updates/Plug-ins 128         SCAP 128     Permissions and Access 131 Execute Scanning 131 Generate Reports 132     Automated vs. Manual Distribution 132 Remediation 133     Prioritizing 133         Criticality 134         Difficulty of Implementation 134     Communication/Change Control 134     Sandboxing/Testing 134     Inhibitors to Remediation 134         MOUs 134         SLAs 135         Organizational Governance 135         Business Process Interruption 135         Degrading Functionality 135 Ongoing Scanning and Continuous Monitoring 135 Exam Preparation Tasks 136 Review All Key Topics 136 Define Key Terms 136 Review Questions 137 Chapter 6 Analyzing Scan Output and Identifying Common Vulnerabilities 141 “Do I Know This Already?” Quiz 141 Foundation Topics 143 Analyzing Output Resulting from a Vulnerability Scan 143     Analyze Reports from a Vulnerability Scan 143         Review and Interpret Scan Results 145     Validate Results and Correlate Other Data Points 147 Common Vulnerabilities Found in Targets Within an Organization 148     Servers 148         Web Servers 149         Database Servers 160     Endpoints 161     Network Infrastructure 162         Switches 163         MAC Overflow 164         ARP Poisoning 164         VLANs 165         Routers 168     Network Appliances 169     Virtual Infrastructure 169         Virtual Hosts 169         Virtual Networks 170         Management Interface 171     Mobile Devices 173     Interconnected Networks 174     Virtual Private Networks 175     Industrial Control Systems/SCADA Devices 179 Exam Preparation Tasks 180 Review All Key Topics 181 Define Key Terms 182 Review Questions 182 Chapter 7 Identifying Incident Impact and Assembling a Forensic Toolkit 187 “Do I Know This Already?” Quiz 187 Foundation Topics 189 Threat Classification 189     Known Threats vs. Unknown Threats 190     Zero Day 190     Advanced Persistent Threat 191 Factors Contributing to Incident Severity and Prioritization 191     Scope of Impact 191         Downtime and Recovery Time 191         Data Integrity 193         Economic 193         System Process Criticality 193     Types of Data 194         Personally Identifiable Information (PII) 194         Personal Health Information (PHI) 195         Payment Card Information 195         Intellectual Property 197         Corporate Confidential 199 Forensics Kit 201     Digital Forensics Workstation 202 Forensic Investigation Suite 206 Exam Preparation Tasks 208 Review All Key Topics 208 Define Key Terms 208 Review Questions 209 Chapter 8 The Incident Response Process 213 “Do I Know This Already?” Quiz 213 Foundation Topics 216 Stakeholders 216     HR 216     Legal 217     Marketing 217     Management 217 Purpose of Communication Processes 217     Limit Communication to Trusted Parties 218     Disclosure Based on Regulatory/Legislative Requirements 218     Prevent Inadvertent Release of Information 218     Secure Method of Communication 218 Role-Based Responsibilities 218     Technical 219     Management 219     Law Enforcement 219     Retain Incident Response Provider 220 Using Common Symptoms to Select the Best Course of Action to Support Incident Response 220     Common Network-Related Symptoms 220         Bandwidth Consumption 221         Beaconing 221         Irregular Peer-to-Peer Communication 222         Rogue Devices on the Network 223         Scan Sweeps 224         Unusual Traffic Spikes 225     Common Host-Related Symptoms 225         Processor Consumption 226         Memory Consumption 227         Drive Capacity Consumption 227         Unauthorized Software 228         Malicious Processes 229         Unauthorized Changes 229         Unauthorized Privileges 229         Data Exfiltration 229     Common Application-Related Symptoms 230         Anomalous Activity 230         Introduction of New Accounts 231         Unexpected Output 231         Unexpected Outbound Communication 231         Service Interruption 231         Memory Overflows 231 Exam Preparation Tasks 232 Review All Key Topics 232 Define Key Terms 232 Review Questions 233 Chapter 9 Incident Recovery and Post-Incident Response 237 “Do I Know This Already?” Quiz 237 Foundation Topics 240 Containment Techniques 240     Segmentation 240     Isolation 240     Removal 241     Reverse Engineering 241 Eradication Techniques 242     Sanitization 242     Reconstruction/Reimage 242     Secure Disposal 242 Validation 243     Patching 243     Permissions 244     Scanning 244     Verify Logging/Communication to Security Monitoring 244 Corrective Actions 245     Lessons Learned Report 245     Change Control Process 245     Update Incident Response Plan 245 Incident Summary Report 246 Exam Preparation Tasks 246 Review All Key Topics 246 Define Key Terms 247 Review Questions 247 Chapter 10 Frameworks, Policies, Controls, and Procedures 251 “Do I Know This Already?” Quiz 251 Foundation Topics 254 Regulatory Compliance 254 Frameworks 258     National Institute of Standards and Technology (NIST) 258     Framework for Improving Critical Infrastructure Cybersecurity 259 ISO 260     Control Objectives for Information and Related Technology (COBIT) 263     Sherwood Applied Business Security Architecture (SABSA) 265     The Open Group Architecture Framework (TOGAF) 265     Information Technology Infrastructure Library (ITIL) 267 Policies 268     Password Policy 268     Acceptable Use Policy (AUP) 271     Data Ownership Policy 272     Data Retention Policy 272     Account Management Policy 273     Data Classification Policy 274         Sensitivity and Criticality 275         Commercial Business Classifications 276         Military and Government Classifications 276 Controls 277     Control Selection Based on Criteria 278         Handling Risk 278     Organizationally Defined Parameters 281     Access Control Types 282 Procedures 284     Continuous Monitoring 284     Evidence Production 285     Patching 285     Compensating Control Development 286     Control Testing Procedures 286     Manage Exceptions 287     Remediation Plans 287 Verifications and Quality Control 288     Audits 288     Evaluations 290     Assessments 290     Maturity Model 291         CMMI 291     Certification 291         NIACAP 292         ISO/IEC 27001 292         ISO/IEC 27002 294 Exam Preparation Tasks 294 Review All Key Topics 294 Define Key Terms 295 Review Questions 296 Chapter 11 Remediating Security Issues Related to Identity and Access Management 301 “Do I Know This Already?” Quiz 301 Foundation Topics 304 Security Issues Associated with Context-Based Authentication 304     Time 304     Location 304     Frequency 305     Behavioral 305 Security Issues Associated with Identities 305     Personnel 306         Employment Candidate Screening 306         Employment Agreement and Policies 308         Periodic Review 308         Proper Credential Management 308         Creating Accountability 309         Maintaining a Secure Provisioning Life Cycle 309     Endpoints 310         Social Engineering Threats 310         Malicious Software 311         Rogue Endpoints 311         Rogue Access Points 312     Servers 312     Services 313     Roles 315     Applications 316         IAM Software 316         Applications as Identities 317         OAuth 318         OpenSSL 319 Security Issues Associated with Identity Repositories 319     Directory Services 319         LDAP 319         Active Directory (AD) 320         SESAME 321         DNS 322     TACACS+ and RADIUS 323 Security Issues Associated with Federation and Single Sign-on 325     Identity Propagation 326     Federations 327     XACML 327     SPML 329     SAML 330     OpenID 331     Shibboleth 332     Manual vs. Automatic Provisioning/Deprovisioning 333     Self-Service Password Reset 334     Exploits 334     Impersonation 334     Man-in-the-Middle 334     Session Hijack 335     Cross-Site Scripting 335     Privilege Escalation 335     Rootkit 335 Exam Preparation Tasks 336 Review All Key Topics 336 Define Key Terms 337 Review Questions 338 Chapter 12 Security Architecture and Implementing Compensating Controls 343 “Do I Know This Already?” Quiz 343 Foundation Topics 346 Security Data Analytics 346     Data Aggregation and Correlation 346     Trend Analysis 346     Historical Analysis 347 Manual Review 348     Firewall Log 348     Syslogs 350     Authentication Logs 351     Event Logs 352 Defense in Depth 353     Personnel 354         Training 354         Dual Control 355         Separation of Duties 355         Split Knowledge 355         Third Party/Consultants 355         Cross-Training/Mandatory Vacations 356         Succession Planning 356     Processes 356         Continual Improvement 356         Scheduled Reviews/Retirement of Processes 357     Technologies 358         Automated Reporting 358         Security Appliances 358         Security Suites 359         Outsourcing 360         Cryptography 362     Other Security Concepts 373         Network Design 374 Exam Preparation Tasks 379 Review All Key Topics 379 Define Key Terms 380 Review Questions 380 Chapter 13 Application Security Best Practices 385 “Do I Know This Already?” Quiz 385 Foundation Topics 387 Best Practices During Software Development 387     Plan/Initiate Project 387     Gather Requirements (Security Requirements Definition) 388     Design 388     Develop 389     Test/Validate 389     Security Testing Phases 390         Static Code Analysis 390         Web App Vulnerability Scanning 391         Fuzzing 391         Use Interception Proxy to Crawl Application 392     Manual Peer Reviews 393     User Acceptance Testing 393     Stress Test Application 393     Security Regression Testing 394     Input Validation 394     Release/Maintain 395     Certify/Accredit 395     Change Management and Configuration Management/Replacement 395 Secure Coding Best Practices 396     OWASP 396     SANS 396     Center for Internet Security 397         System Design Recommendations 397         Benchmarks 398 Exam Preparation Tasks 398 Review All Key Topics 398 Define Key Terms 399 Review Questions 399 Chapter 14 Using Cybersecurity Tools and Technologies 403 “Do I Know This Already?” Quiz 403 Foundation Topics 405 Preventative Tools 405     IPS 405     IDS 405         Sourcefire 405         Snort 406         Bro 407     HIPS 408     Firewall 408         Firewall Architecture 410         Cisco 415         Palo Alto 415         Check Point 415     Antivirus 415     Anti-malware 416         Anti-spyware 416         Cloud Antivirus Services 417     EMET 418     Web Proxy 418         Web Application Firewall 418         ModSecurity 420         NAXSI 420         Imperva 421 Collective Tools 421     SIEM 421         ArcSight 421         QRadar 422         Splunk 422         AlienVault/OSSIM 422         Kiwi Syslog 423     Network Scanning 423     Nmap 423     Vulnerability Scanning 423         Qualys 425         Nessus 425         OpenVAS 426         Nexpose 426         Nikto 427         Microsoft Baseline Security Analyzer 427     Packet Capture 428         Wireshark 428         tcpdump 429         Network General 429         Aircrack-ng 429     Command Line/IP Utilities 430         Netstat 430         ping 431         tracert/traceroute 432         ipconfig/ifconfig 433         nslookup/dig 434         Sysinternals 435         OpenSSL 436     IDS/HIDS 436 Analytical Tools 436     Vulnerability Scanning 437     Monitoring Tools 437         MRTG 437         Nagios 438         SolarWinds 438         Cacti 439         NetFlow Analyzer 439     Interception Proxy 439         Burp Suite 440         Zap 440         Vega 440 Exploit Tools 440     Interception Proxy 440     Exploit Framework 441         Metasploit 441         Nexpose 442     Fuzzers 442         Untidy/Peach Fuzzer 442         Microsoft SDL File/Regex Fuzzer 442 Forensics Tools 443     Forensic Suites 443         EnCase 444         FTK 444         Helix 444         Sysinternals 444         Cellebrite 445     Hashing 445         MD5sum 445         SHAsum 445     Password Cracking 445         John the Ripper 445         Cain & Abel 446         Imaging 447         DD 447 Exam Preparation Tasks 447 Review All Key Topics 447 Define Key Terms 448 Review Questions 448 Chapter 15 Final Preparation 453 Tools for Final Preparation 453     Pearson Test Prep Practice Test Software and Questions on the Website 453         Accessing the Pearson Test Prep Software Online 454         Accessing the Pearson Test Prep Practice Test Software Offline 454     Customizing Your Exams 455     Updating Your Exams 456         Premium Edition 456     Chapter-Ending Review Tools 457 Suggested Plan for Final Review/Study 457 Summary 457 Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 459 Glossary 491     9780789756954    TOC    5/22/2017  

About the Author :
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 16 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones: ·         Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) ·         Author of CISSP Cert Guide (Pearson) ·         Prep test question writer for CCNA Wireless 640-722 (Cisco Press) ·         Author of CASP Cert Guide(Pearson) Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2. He delivers CISSP training classes for CyberVista, authorized online training provider for (ISC)2. Troy now creates certification practice tests and study guides for the Transcender and Self-Test brands. He lives in Pfafftown, North Carolina, with his wife, Heike