CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide: (Certification Guide)

Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam success with this Cert Guide from Pearson IT certification, a leader in IT certification learning.   This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics: ·        Assess your knowledge with chapter-ending quizzes ·        Review key concepts with exam preparation tasks ·        Practice with realistic exam questions ·        Get practical guidance for next steps and more advanced certifications   CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.   The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.   The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.   Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.   This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including ·        Vulnerability management activities ·        Implementing controls to mitigate attacks and software vulnerabilities ·        Security solutions for infrastructure management ·        Software and hardware assurance best practices ·        Understanding and applying the appropriate incident response ·        Applying security concepts in support of organizational risk mitigation   Companion Website: The website provides access to several digital assets as two free, complete practice exams. Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test   Pearson Test Prep online system requirements: Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.   Pearson Test Prep offline system requirements: Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Table of Contents:
Introduction xxxvii Chapter 1 The Importance of Threat Data and Intelligence 3 “Do I Know This Already?” Quiz 3 Foundation Topics 6 Intelligence Sources 6     Open-Source Intelligence6     Proprietary/Closed-Source Intelligence 6     Timeliness 7     Relevancy 7     Confidence Levels 7     Accuracy 7 Indicator Management 7     Structured Threat Information eXpression (STIX) 8     Trusted Automated eXchange of Indicator Information (TAXII) 8     OpenIOC 9 Threat Classification 9     Known Threat vs. Unknown Threat 10     Zero-day 10     Advanced Persistent Threat 11 Threat Actors 12     Nation-state 12     Organized Crime 12     Terrorist Groups 12     Hacktivist 12     Insider Threat 12 Intelligence Cycle 13 Commodity Malware 14 Information Sharing and Analysis Communities 15 Exam Preparation Tasks 16 Chapter 2 Utilizing Threat Intelligence to Support Organizational Security 19 “Do I Know This Already?” Quiz 19 Foundation Topics 21 Attack Frameworks 21     MITRE ATT&CK 21     The Diamond Model of Intrusion Analysis 22     Kill Chain 23 Threat Research 23     Reputational 24     Behavioral 24     Indicator of Compromise (IoC) 25     Common Vulnerability Scoring System (CVSS) 25 Threat Modeling Methodologies 29     Adversary Capability 29     Total Attack Surface 31     Attack Vector 31     Impact 32     Probability 32 Threat Intelligence Sharing with Supported Functions 33     Incident Response 33     Vulnerability Management33     Risk Management 33     Security Engineering 33     Detection and Monitoring34 Exam Preparation Tasks 34 Chapter 3 Vulnerability Management Activities 39 “Do I Know This Already?” Quiz 39 Foundation Topics 41 Vulnerability Identification 41     Asset Criticality 42     Active vs. Passive Scanning 43     Mapping/Enumeration 44 Validation 44 Remediation/Mitigation 45     Configuration Baseline 45     Patching 46     Hardening 46     Compensating Controls 47     Risk Acceptance 47     Verification of Mitigation 47 Scanning Parameters and Criteria 49     Risks Associated with Scanning Activities 49     Vulnerability Feed 49     Scope 49     Credentialed vs. Non-credentialed 51     Server-based vs. Agent-based 52     Internal vs. External 53     Special Considerations 53 Inhibitors to Remediation 62 Exam Preparation Tasks 63 Chapter 4 Analyzing Assessment Output 67 “Do I Know This Already?” Quiz 67 Foundation Topics 69 Web Application Scanner 69     Burp Suite 69     OWASP Zed Attack Proxy (ZAP) 69     Nikto 70     Arachni 70 Infrastructure Vulnerability Scanner 71     Nessus 71     OpenVAS 71 Software Assessment Tools and Techniques 72     Static Analysis 73     Dynamic Analysis 74     Reverse Engineering 75     Fuzzing 75 Enumeration 76     Nmap 76     Host Scanning 79     hping 80     Active vs. Passive 82     Responder 82 Wireless Assessment Tools 82     Aircrack-ng 83     Reaver 84     oclHashcat 86 Cloud Infrastructure Assessment Tools 86     ScoutSuite 87     Prowler 87     Pacu 87 Exam Preparation Tasks 88 Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology 93 “Do I Know This Already?” Quiz 93 Foundation Topics 97 Mobile 97     Unsigned Apps/System Apps 98     Security Implications/Privacy Concerns 99     Device Loss/Theft 100     Rooting/Jailbreaking 100     Push Notification Services 100     Geotagging 100     OEM/Carrier Android Fragmentation 101     Mobile Payment 101     USB 102     Malware 102     Unauthorized Domain Bridging 103     SMS/MMS/Messaging 103 Internet of Things (IoT) 103     IoT Examples 104     Methods of Securing IoT Devices 104 Embedded Systems 105 Real-Time Operating System (RTOS) 105 System-on-Chip (SoC) 105 Field Programmable Gate Array (FPGA) 105 Physical Access Control 106     Systems 106     Devices 107     Facilities 107 Building Automation Systems 109     IP Video 109     HVAC Controllers 111     Sensors 111 Vehicles and Drones 111     CAN Bus 112     Drones 113 Workflow and Process Automation Systems 113 Incident Command System (ICS) 114 Supervisory Control and Data Acquisition (SCADA) 114     Modbus 118 Exam Preparation Tasks 118 Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud 123 “Do I Know This Already?” Quiz 123 Foundation Topics 126 Cloud Deployment Models 126 Cloud Service Models 127 Function as a Service (FaaS)/Serverless Architecture 128 Infrastructure as Code (IaC) 130 Insecure Application Programming Interface (API) 131 Improper Key Management 132     Key Escrow 133     Key Stretching 134 Unprotected Storage 134     Transfer/Back Up Data to Uncontrolled Storage 134     Big Data 135 Logging and Monitoring 136     Insufficient Logging and Monitoring 136     Inability to Access 136 Exam Preparation Tasks 137 Chapter 7 Implementing Controls to Mitigate Attack sand Software Vulnerabilities 141 “Do I Know This Already?” Quiz 141 Foundation Topics 143 Attack Types 143     Extensible Markup Language (XML) Attack 143     Structured Query Language (SQL) Injection 145     Overflow Attacks 147     Remote Code Execution 150     Directory Traversal 151     Privilege Escalation 152     Password Spraying 152     Credential Stuffing 152     Impersonation 154     Man-in-the-Middle Attack 154     Session Hijacking 158     Rootkit 159     Cross-Site Scripting 160 Vulnerabilities 163     Improper Error Handling163     Dereferencing 163     Insecure Object Reference 163     Race Condition 164     Broken Authentication164     Sensitive Data Exposure 165     Insecure Components 165     Insufficient Logging and Monitoring 166     Weak or Default Configurations 167     Use of Insecure Functions 168 Exam Preparation Tasks 169 Chapter 8 Security Solutions for Infrastructure Management 173 “Do I Know This Already?” Quiz 173 Foundation Topics 177 Cloud vs. On-premises 177     Cloud Mitigations 177 Asset Management 178     Asset Tagging 178     Device-Tracking Technologies 178     Object-Tracking and Object-Containment Technologies 179 Segmentation 180     Physical 180     Virtual 182     Jumpbox 183     System Isolation 184 Network Architecture 185     Physical 186     Software-Defined Networking 193     Virtual Private Cloud (VPC) 195     Virtual Private Network (VPN) 195     Serverless 200 Change Management 201 Virtualization 201     Security Advantages and Disadvantages of Virtualization 201     Type 1 vs. Type 2 Hypervisors 203     Virtualization Attacks and Vulnerabilities 203     Virtual Networks 205     Management Interface 205     Vulnerabilitie sAssociated with a Single Physical Server Hosting Multiple Companies' Virtual Machines 206     Vulnerabilities Associated with a Single Platform Hosting Multiple Companies' Virtual Machines 207     Virtual Desktop Infrastructure (VDI) 207     Terminal Services/Application Delivery Services 208 Containerization 208 Identity and Access Management 209     Identify Resources 210     Identify Users 210     Identify Relationships Between Resources and Users 210     Privilege Management 211     Multifactor Authentication (MFA) 211     Single Sign-On (SSO) 214     Active Directory 217     SESAME 219     Federation 219     Role-Based Access Control 224     Attribute-Based Access Control 225     Mandatory Access Control 228     Manual Review 229 Cloud Access Security Broker (CASB) 229 Honeypot 230 Monitoring and Logging 230     Log Management 230     Audit Reduction Tools 231     NIST SP 800-137 232 Encryption 232     Cryptographic Types 233     Hashing Functions 238     Message Digest Algorithm 239     Transport Encryption 240 Certificate Management 242     Certificate Authority and Registration Authority 243     Certificates 243     Certificate Revocation List 244     OCSP 244     PKI Steps 245     Cross-Certification 245     Digital Signatures 245 Active Defense 246     Hunt Teaming 247 Exam Preparation Tasks 247 Chapter 9 Software Assurance Best Practices 253 “Do I Know This Already?” Quiz 253 Foundation Topics 256 Platforms 256     Mobile 256     Web Application 260     Client/Server 263     Embedded 263     System-on-Chip (SoC) 265     Firmware 266 Software Development Life Cycle (SDLC) Integration 267     Step 1: Plan/Initiate Project 267     Step 2: Gather Requirements 268     Step 3: Design 268     Step 4: Develop 269     Step 5: Test/Validate 269     Step 6: Release/Maintain 269     Step 7: Certify/Accredit 270     Step 8: Change Management and Configuration Management/Replacement 270 DevSecOps 270     DevOps 270 Software Assessment Methods 272     User Acceptance Testing 272     Stress Test Application 272     Security Regression Testing 273     Code Review 273     Security Testing 274     Code Review Process 275 Secure Coding Best Practices 275     Input Validation 275     Output Encoding 276     Session Management 276     Authentication 277     Data Protection 285     Parameterized Queries 285 Static Analysis Tools 286 Dynamic Analysis Tools 286 Formal Methods for Verification of Critical Software 286 Service-Oriented Architecture 287     Security Assertions Markup Language (SAML) 287     Simple Object Access Protocol (SOAP) 287     Representational State Transfer (REST) 288     Microservices 288 Exam Preparation Tasks 289 Chapter 10 Hardware Assurance Best Practices 295 “Do I Know This Already?” Quiz 295 Foundation Topics 298 Hardware Root of Trust 298     Trusted Platform Module (TPM) 299     Virtual TPM 300     Hardware Security Module (HSM) 302     MicroSD HSM 302 eFuse 303 Unified Extensible Firmware Interface (UEFI) 303 Trusted Foundry 304 Secure Processing 305     Trusted Execution 305     Secure Enclave 307     Processor Security Extensions 307     Atomic Execution 307 Anti-Tamper 308 Self-Encrypting Drives 308 Trusted Firmware Updates 308 Measured Boot and Attestation 310     Measured Launch 311     Integrity Measurement Architecture 311 Bus Encryption 311 Exam Preparation Tasks 312 Chapter 11 Analyzing Data as Part of Security Monitoring Activities 317 “Do I Know This Already?” Quiz 317 Foundation Topics 320 Heuristics 320 Trend Analysis 320 Endpoint 321     Malware 323     Memory 329     System and Application Behavior 333     File System 339     User and Entity Behavior Analytics (UEBA) 341 Network 342     Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis 342     DNS Analysis 342     Domain Generation Algorithm 343     Flow Analysis 345     NetFlow Analysis 346     Packet and Protocol Analysis 348     Malware 348 Log Review 348     Event Logs 349     Syslog 350     Kiwi Syslog Server 352     Firewall Logs 353     Web Application Firewall (WAF) 355     Proxy 356     Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) 357 Impact Analysis 361     Organization Impact vs.Localized Impact 361     Immediate Impact vs.Total Impact 361 Security Information and Event Management (SIEM) Review 361     Rule Writing 362     Known-Bad Internet Protocol (IP) 363     Dashboard 363 Query Writing 366     String Search 366     Script 366     Piping 367 E-mail Analysis 367     E-mail Spoofing 368     Malicious Payload 368     Domain Keys Identified Mail (DKIM) 368     Sender Policy Framework (SPF) 369     Domain-based Message Authentication, Reporting, and Conformance (DMARC) 369     Phishing 369     Forwarding 370     Digital Signature 371     E-mail Signature Block 372     Embedded Links 372     Impersonation 372 Exam Preparation Tasks 372 Chapter 12 Implementing Configuration Changes to Existing Controls to Improve Security 377 “Do I Know This Already?” Quiz 377 Foundation Topics 381 Permissions 381 Whitelisting and Blacklisting 381     Application Whitelisting and Blacklisting 382     Input Validation 382 Firewall 383     NextGen Firewalls 383     Host-Based Firewalls 384 Intrusion Prevention System (IPS) Rules 386 Data Loss Prevention (DLP) 386 Endpoint Detection and Response (EDR) 387 Network Access Control (NAC) 387     Quarantine/Remediation 389     Agent-Based vs. Agentless NAC 389     802.1X 389 Sinkholing 391 Malware Signatures 391     Development/Rule Writing 392 Sandboxing 392 Port Security 394     Limiting MAC Addresses 395     Implementing Sticky MAC 395 Exam Preparation Tasks 396 Chapter 13 The Importance of Proactive Threat Hunting 401 “Do I Know This Already?” Quiz 401 Foundation Topics 404 Establishing a Hypothesis 404 Profiling Threat Actors and Activities 405 Threat Hunting Tactics 406     Hunt Teaming 406     Threat Model 406     Executable Process Analysis 407     Memory Consumption 409 Reducing the Attack Surface Area 409     System Hardening 410     Configuration Lockdown 410 Bundling Critical Assets 411     Commercial Business Classifications 411     Military and Government Classifications 412     Distribution of Critical Assets 412 Attack Vectors 412 Integrated Intelligence 413 Improving Detection Capabilities 413     Continuous Improvement 413     Continuous Monitoring 414 Exam Preparation Tasks 414 Chapter 14 Automation Concepts and Technologies 419 “Do I Know This Already?” Quiz 419 Foundation Topics 422 Workflow Orchestration 422 Scripting 423 Application Programming Interface (API) Integration 424 Automated Malware Signature Creation 424 Data Enrichment 425 Threat Feed Combination 426 Machine Learning 426 Use of Automation Protocols and Standards 427     Security Content Automation Protocol (SCAP) 427 Continuous Integration 428 Continuous Deployment/Delivery 428 Exam Preparation Tasks 429 Chapter 15 The Incident Response Process 433 “Do I Know This Already?” Quiz 433 Foundation Topics 435 Communication Plan 435     Limiting Communication to Trusted Parties 435     Disclosing Based on Regulatory/Legislative Requirements 435     Preventing Inadvertent Release of Information 435     Using a Secure Method of Communication 435     Reporting Requirements 436 Response Coordination with Relevant Entities 436     Legal 436     Human Resources 437     Public Relations 437     Internal and External 437     Law Enforcement 437     Senior Leadership 438     Regulatory Bodies 438 Factors Contributing to Data Criticality 439     Personally Identifiable Information (PII) 439     Personal Health Information (PHI) 440     Sensitive Personal Information (SPI) 441     High Value Assets 441     Financial Information 441     Intellectual Property 442     Corporate Information 444 Exam Preparation Tasks 445 Chapter 16 Applying the Appropriate Incident Response Procedure 449 “Do I Know This Already?” Quiz 449 Foundation Topics 452 Preparation 452     Training 452     Testing 453     Documentation of Procedures 453 Detection and Analysis 454     Characteristics Contributing to Severity Level Classification 455     Downtime and Recovery Time 455     Data Integrity 456     Economic 456     System Process Criticality 457     Reverse Engineering 457     Data Correlation 458 Containment 458     Segmentation 458     Isolation 459 Eradication and Recovery 459     Vulnerability Mitigation 459     Sanitization 460     Reconstruction/Reimaging 460     Secure Disposal 460     Patching 461     Restoration of Permissions 461     Reconstitution of Resources 462     Restoration of Capabilities and Services 462     Verification of Logging/Communication to Security Monitoring 462 Post-Incident Activities 463     Evidence Retention 463     Lessons Learned Report 463     Change Control Process 464     Incident Response Plan Update 464     Incident Summary Report 464     Indicator of Compromise (IoC) Generation 465     Monitoring 465 Exam Preparation Tasks 465 Chapter 17 Analyzing Potential Indicators of Compromise 469 “Do I Know This Already?” Quiz 469 Foundation Topics 472 Network-Related Indicators of Compromise 472     Bandwidth Consumption 472     Beaconing 473     Irregular Peer-to-Peer Communication 473     Rogue Device on the Network 475     Scan/Sweep 476     Unusual Traffic Spike 476     Common Protocol over Non-standard Port 476 Host-Related Indicators of Compromise 477     Processor Consumption 477     Memory Consumption 477     Drive Capacity Consumption 477     Unauthorized Software 477     Malicious Process 478     Unauthorized Change 479     Unauthorized Privilege 479     Data Exfiltration 479     Abnormal OS Process Behavior 479     File System Change or Anomaly 479     Registry Change or Anomaly 480     Unauthorized Scheduled Task 480 Application-Related Indicators of Compromise 480     Anomalous Activity 480     Introduction of New Accounts 480     Unexpected Output 480     Unexpected Outbound Communication 481     Service Interruption 481     Application Log 481 Exam Preparation Tasks 482 Chapter 18 Utilizing Basic Digital Forensics Techniques 485 “Do I Know This Already?” Quiz 485 Foundation Topics 488 Network 488     Wireshark 488     tcpdump 490 Endpoint 490     Disk 491     Memory 493 Mobile 494 Cloud 495 Virtualization 497 Legal Hold 497 Procedures 497     EnCase Forensic 498     Sysinternals 498     Forensic Investigation Suite 498 Hashing 499     Hashing Utilities 499     Changes to Binaries 500 Carving 500 Data Acquisition 501 Exam Preparation Tasks 501 Chapter 19 The Importance of Data Privacy and Protection 505 “Do I Know This Already?” Quiz 505 Foundation Topics 508 Privacy vs. Security 508 Non-technical Controls 508     Classification 508     Ownership 508     Retention 509     Data Types 509     Retention Standards 510     Confidentiality 510     Legal Requirements 510     Data Sovereignty 514     Data Minimization 515     Purpose Limitation 515     Non-disclosure agreement (NDA) 516 Technical Controls 516     Encryption 516     Data Loss Prevention (DLP) 516     Data Masking 516     Deidentification 517     Tokenization 517     Digital Rights Management (DRM) 517     Geographic Access Requirements 521     Access Controls 521 Exam Preparation Tasks 521 Chapter 20 Applying Security Concepts in Support of Organizational Risk Mitigation 527 “Do I Know This Already?” Quiz 527 Foundation Topics 530 Business Impact Analysis 530     Identify Critical Processes and Resources 530     Identify Outage Impacts and Estimate Downtime 531     Identify Resource Requirements 531     Identify Recovery Priorities 531 Risk Identification Process 532     Make Risk Determination Based upon Known Metrics 533     Qualitative Risk Analysis 533     Quantitative Risk Analysis 534 Risk Calculation 534     Probability 535     Magnitude 535 Communication of Risk Factors 536 Risk Prioritization 537     Security Controls 538     Engineering Tradeoffs 538 Systems Assessment 539     ISO/IEC 27001 539     ISO/IEC 27002 541 Documented Compensating Controls 541 Training and Exercises 542     Red Team 542     Blue Team 542     White Team 543     Tabletop Exercise 543 Supply Chain Assessment 543     Vendor Due Diligence 543     Hardware Source Authenticity 544 Exam Preparation Tasks 544 Chapter 21 The Importance of Frameworks, Policies,Procedures, and Controls 549 “Do I Know This Already?” Quiz 549 Foundation Topics 552 Frameworks 552     Risk-Based Frameworks 552     Prescriptive Frameworks 555 Policies and Procedures 562     Code of Conduct/Ethics 563     Acceptable Use Policy (AUP) 563     Password Policy 564     Data Ownership 567     Data Retention 567     Account Management 568     Continuous Monitoring 569     Work Product Retention 570 Category 570     Managerial 570     Operational 571     Technical 571 Control Type 571     Preventative 572     Detective 572     Corrective 572     Deterrent 572     Directive 572     Physical 572 Audits and Assessments 573     Regulatory 573     Compliance 575 Exam Preparation Tasks 575 Chapter 22 Final Preparation 579 Exam Information 579 Getting Ready 580 Tools for Final Preparation 582     Pearson Test Prep Practice Test Software and Questions on the Website 582     Memory Tables 582     Chapter-Ending Review Tools 582 Suggested Plan for Final Review/Study 583 Summary 583 Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 585 Appendix B CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide Exam Updates 651 Glossary of Key Terms 653   Online Elements: Appendix C Memory Tables Appendix D Memory Tables Answer Key Appendix E Study Planner Glossary of Key Terms   9780136747161   TOC   9/1/2020

About the Author :
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones: ·        Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) ·        Author of CISSP Cert Guide (Pearson) ·        Prep test question writer for CCNA Wireless 640-722 Official Cert Guide (Cisco Press) ·        Author of CompTIA Advanced Security Practitioner (CASP) Cert Guide (Pearson) Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2. He delivers CISSP training classes for CyberVista, and is an authorized online training provider for (ISC)2. Troy also creates certification practice tests and study guides for CyberVista. He lives in Asheville, North Carolina, with his wife, Heike.