This CompTIA Cybersecurity Analyst (CySA+) training course will prepare you to successfully achieve this in-demand certification with hands-on, scenario-based training so you’ll be ready to meet advanced persistent threats (APTs) head on.
In this certification training course, you will gain the foundational knowledge to fully prepare for the CySA+ exam (CS0-002). This is an intermediate certification that is part of the CompTIA certification pathway, fitting in between the Network+ & CASP certifications. Achieving this certification validates that you have the skills as a cybersecurity analyst, that you can take an analytical approach to cybersecurity, and have the knowledge of network security tools and techniques to combat threats.
Included in your course tuition is a voucher that enables you to take the CS0-002 exam at any Pearson VUE Test Center location.
IT Security Professionals must have 3-4 years of hands-on information security or related experience at the level of Network+ or Security+
It is recommended that you have the following skills and knowledge before starting this course:
Knowledge of basic network terminology and functions (such as OSI Model, Topology, Ethernet, Wi-Fi, switches, routers)
Understanding of TCP/IP addressing, core protocols, and troubleshooting tools
Network attack strategies and defenses
Knowledge of the technologies and uses of cryptographic standards and products
Network- and host-based security technologies and practices
Standards and products used to enforce security on web and communications technologies
Course tuition includes an exam voucher. The exam is offered through Pearson Vue.
To earn this certification, you must take and pass CompTIA exam CS0-002
You must earn 60 CompTIA CEUs over a three-year period to maintain CySA+ certification
This is a CompTIA certification prep course.
CompTIA Cybersecurity Analyst CySA+ Certification Training Delivery Methods
CompTIA-approved CySA+ training programs
After-course instructor coaching benefit
Exam voucher included
CompTIA Cybersecurity Analyst CySA+ Certification Training Course Benefits
Prepare for and pass the Cybersecurity Analyst (CySA+) examThreat and Vulnerability ManagementSoftware and Systems Security Security Operations and MonitoringIncident ResponseCompliance and Assessment
CySA+ Course Outline
1.0 Threat and Vulnerability Management
1.1 Explain the importance of threat data and intelligence.
Intelligence sources
Open-source intelligence
Proprietary/closed-source intelligence
Timeliness
Relevancy
Accuracy
Indicator management
Structured Threat Information eXpression (STIX)
Trusted Automated eXchange of Indicator Information (TAXII)
OpenIoC
Threat classification
Known threat vs. unknown threat
Zero-day
Advanced persistent threat
Threat actors
Nation-state
Hacktivist
Organized crime
Insider threat
Intentional
Unintentional
Intelligence cycle
Requirements
Collection
Analysis
Dissemination
Feedback
Commodity malware
Information sharing and analysis communities
Healthcare
Financial
Aviation
Government
Critical infrastructure
1.2 Given a scenario, utilize threat intelligence to support organizational security.
Attack frameworks
MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Kill chain
Threat research
Reputational
Behavioral
Indicator of compromise (IoC)
Common vulnerability scoring system (CVSS)
Threat modeling methodologies
Adversary capability
Total attack surface
Attack vector
Impact
Liklihood
Threat intelligence sharing with supported functions
Incident response
Vulnerability management
Risk management
Security engineering
Detection and monitoring
1.3 Given a scenario, perform vulnerability management activities.
Vulnerability identification
Asset criticality
Active vs. passive scanning
Mapping/enumeration
Validation
True positive
False positive – True negative
False negative
Remediation/mitigation
Configuration baseline
Patching
Hardening
Compensating controls
Risk acceptance
Verification of mitigation
Scanning parameters and criteria
Risks associated with scanning activities
Vulnerability feed
Scope
Credentialed vs. non-credentialed
Server-based vs. agent-based
Internal vs. external
Special considerations
Types of data
Technical constraints
Workflow
Sensitivity levels
Regulatory requirements
Segmentation
Intrusion prevention system (IPS), intrusion detection system (IDS), and firewall settings
Inhibitors to remediation
Memorandum of understanding (MOU)
Service-level agreement (SLA)
Organizational governance
Business process interruption
Degrading functionality
Legacy systems
1.4 Given a scenario, analyze the output from common vulnerability assessment tools.
Web application scanner
OWASP Zed Attack Proxy (ZAP)
Burp suite
Nikto
Arachni
Infrastructure vulnerability scanner
Nessus
OpenVAS
Qualys
Software assessment tools and techniques
Static analysis
Dynamic analysis
Reverse engineering
Fuzzing
Enumeration
Nmap
hping
Active vs. passive
Responder
Wireless assessment tools
Aircrack-ng
Reaver
oclHashcat
Cloud Infrastructure assessment tools
ScoutSuite
Prowler
Pacu
1.5 Explain the threats and vulnerabilities associated with specialized technology.
Mobile
Internet of Things (IoT)
Embedded
Real-time operating system (RTOS)
System-on-Chip (SoC)
Field programmable gate array (FPGA)
Physical access control
Busiling automation systems
Vehicles and drones
CAN bus
Workflow and process automation systems
Industrial control system
Supervisory control and data acquisition (SCADA)
Modbus
1.6 Explain the threats and vulnerabilities associated with operating in the cloud.
Cloud service models
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Cloud deployment models
Public
Private
Community
Hybrid
Function as a Service (FaaS)/ serverless architecture
Infrastructure as code (IaC)
Insecure application programming interface (API)
Improper key management
Unprotected storage
Logging and monitoring
Insufficient logging and monitoring
Inability to access
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.
Attack types
Extensible markup language (XML) attack
Structured query language (SQL) injection
Overflow attack
Buffer
Integer
Heap
Remote code execution
Directory traversal
Privilege escalation
Password spraying
Credential stuffing
Impersonation
Man-in-the-middle attack
Session hijacking
Rootkit
Cross-site scripting
Reflected
Persistent
Document object model (DOM)
Vulnerabilities
Improper error handling
Dereferencing
Insecure object reference
Race condition
Broken authentication
Sensitive data exposure
Insecure components – Insufficient logging and monitoring – Weak or default configurations – Use of insecure functions – strcpy
2.0 Software and Systems Security
3.0 Security Operations and Monitoring
4.0 Incident Response
5.0 Compliance and Assessment
العربية