Top
Introduction
Part I Threat Management
Chapter 1 Applying Reconnaissance Techniques
Open Source Intelligence
Google
Internet Registries
Job Sites
Social Media
Active Reconnaissance
Scanning
Capturing Packets
Special Considerations
Wired Network Considerations
Wireless Network Considerations
Virtualization Technologies
Cloud Computing
Defending Against Reconnaissance
Tools of the Trade
nmap
Nikto
OWASP Zed Attack Proxy
Nessus
netstat
tcpdump
Wireshark/TShark
Intrusion Detection and Prevention Systems
Chapter Review
Questions
Answers
Chapter 2 Analyzing the Results of Reconnaissance
Data Sources
Firewall Logs
Intrusion Detection/Prevention Systems
Packet Captures
System Logs
nmap Scan Results
Point-in-Time Analysis
Packet Analysis
Protocol Analysis
Traffic Analysis
NetFlow Analysis
Wireless Analysis
Correlation Analysis
Anomaly Analysis
Behavioral Analysis
Trend Analysis
Availability Analysis
Heuristics
Tools of the Trade
Security Information and Event Management Systems
Packet Analyzers
Intrusion Detection Systems
Resource-Monitoring Tools
NetFlow Analyzers
Chapter Review
Questions
Answers
Chapter 3 Responding to Network-Based Threats
Network Segmentation
System Isolation
Jump Box
Honeypots and Honeynets
ACLs
File System ACLs
Network ACLs
Black Hole
DNS Sinkhole
Endpoint Security
Detect and Block
Sandbox
Cloud-Connected Protection
Group Policies
Device Hardening
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Compensating Controls
Blocking Unused Ports/Services
Patching
Network Access Control
Time Based
Rule Based
Role Based
Location Based
Chapter Review
Questions
Answers
Chapter 4 Securing a Corporate Network
Penetration Testing
Rules of Engagement
Reverse Engineering
Hardware
Software/Malware
Isolation/Sandboxing
Training and Exercises
Types of Exercises
Red Team
Blue Team
White Team
Risk Evaluation
Impact and Likelihood
Technical Control Review
Operational Control Review
Chapter Review
Questions
Answers
Part II Vulnerability Management
Chapter 5 Implementing Vulnerability Management Processes
Vulnerability Management Requirements
Regulatory Environments
Corporate Security Policy
Data Classification
Asset Inventory
Common Vulnerabilities
Servers
Endpoints
Network Infrastructure
Virtual Infrastructure
Mobile Devices
Interconnected Networks
Virtual Private Networks
Industrial Control Systems
SCADA Devices
Frequency of Vulnerability Scans
Risk Appetite
Regulatory Requirements
Technical Constraints
Workflow
Tool Configuration
Scanning Criteria
Tool Updates and Plug-Ins
SCAP
Permissions and Access
Chapter Review
Questions
Answers
Chapter 6 Vulnerability Scanning
Execute Scanning
Nessus
OpenVAS
Nikto
Generate Reports
Automated vs. Manual Distribution
Remediation
Prioritizing
Communication/Change Control
Sandboxing/Testing
Inhibitors to Remediation
Ongoing Scanning and Continuous Monitoring
Analyze Reports from a Vulnerability Scan
Review and Interpret Scan Results
Validate Results and Correlate Other Data Points
Compare to Best Practices or Compliance
Reconcile Results
Review Related Logs and/or Other Data Sources
Determine Trends
Chapter Review
Questions
Answers
Part III Cyber Incident Response
Chapter 7 The Incident Response Process
A Cast of Characters
Key Roles
Stakeholders
Response Techniques
Containment
Eradication
Validation
Corrective Actions
Communication Processes
Internal Communications
External Communications
Chapter Review
Questions
Answers
Chapter 8 Determining the Impact of Incidents
Threat Classification
Known Threats vs. Unknown Threats
Zero Day
Advanced Persistent Threat
Factors Contributing to Incident Severity and Prioritization
Scope of Impact
Types of Data
Chapter Review
Questions
Answers
Chapter 9 Preparing the Incident Response Toolkit
Digital Forensics
Phases of an Investigation
Forensic Investigation Suite
Acquisition Utilities
Analysis Utilities
OS and Process Analysis
Mobile Device Forensics
Log Viewers
Building Your Forensic Kit
Jump Bag
Chapter Review
Questions
Answers
Chapter 10 Selecting the Best Course of Action
Introduction to Diagnosis
Network-Related Symptoms
Bandwidth Utilization
Beaconing
Irregular Peer-to-Peer Communication
Rogue Devices on the Network
Scan Sweeps
Host-Related Symptoms
Running Processes
Memory Contents
File System
Capacity Consumption
Unauthorized Privileges
Application-Related Symptoms
Anomalous Activity
Introduction of New Accounts
Unexpected Output
Unexpected Outbound Communication
Service Interruption
Memory Overflows
Chapter Review
Questions
Answers
Part IV Security Architectures
Chapter 11 Frameworks, Policies, Controls, and Procedures
Security Frameworks
NIST
ISO
COBIT
SABSA
TOGAF
ITIL
Policies and Procedures
Security Policies
Procedures
Controls
Physical Controls
Logical Controls
Administrative Controls
Control Selection
Regulatory Compliance
Verification and Quality Control
Audits
Assessments
Certification
Maturity Models
Chapter Review
Questions
Answers
Chapter 12 Identity and Access Management
Security Issues Associated with Context-Based Authentication
Time
Location
Frequency
Behavioral
Security Issues Associated with Identities
Personnel
Endpoints
Servers
Services
Roles
Applications
Security Issues Associated with Identity Repositories
Directory Services
TACACS+
RADIUS
Security Issues Associated with Federation and Single Sign-On
Manual vs. Automatic Provisioning/Deprovisioning
Self-Service Password Reset
Exploits
Impersonation
Man in the Middle
Session Hijack
Cross-Site Scripting
Privilege Escalation
Rootkits
Chapter Review
Questions
Answers
Chapter 13 Putting in Compensating Controls
Security Data Analytics
Data Aggregation and Correlation
Trend Analysis
Historical Analysis
Manual Review
Firewall Log
Syslog
Authentication Logs
Event Logs
Defense in Depth
Personnel
Processes
Other Security Concepts
Chapter Review
Questions
Answers
Chapter 14 Secure Software Development
The Software Development Lifecycle
Requirements
Development
Implementation
Operation and Maintenance
Secure Software Development
Secure Coding
Security Testing
Best Practices
Software Engineering Institute
OWASP
SANS
Center for Internet Security
Chapter Review
Questions
Answers
Chapter 15 Tool Sets
Preventative Tools
Firewalls
IDS and IPS
Host-Based Intrusion Prevention Systems
Antimalware
Enhanced Mitigation Experience Toolkit
Web Proxies
Web Application Firewalls
Collective Tools
Security Information and Event Management
Network Scanning
Packet Capture
Command-line Utilities
Analytical Tools
Vulnerability Scanning
Monitoring Tools
Interception Proxy
Exploitative Tools
Exploitation Frameworks
Fuzzers
Forensic Tools
Forensic Suites
Hashing
Password Cracking
Imaging
Chapter Review
Questions
Answers
Part V Appendixes and Glossary
Appendix A Objectives Map
Appendix B About the Download
System Requirements
Installing and Running Total Tester
About Total Tester
Pre-assessment Test
Performance-Based Questions
McGraw-Hill Professional Media Center Download
Technical Support
Glossary
Index
CompTIA CySA+® Cybersecurity Analyst Certification Practice Exams (Exam CS0-001)
Cover
Title Page
Copyright Page
Dedication
About the Author
Contents
Acknowledgments
Introduction
Objective Map: Exam CS0-001
Part I Threat Management
Chapter 1 Applying Reconnaissance Techniques
Questions
Quick Answer Key
In-Depth Answers
Chapter 2 Analyzing the Results of Reconnaissance
Questions
Quick Answer Key
In-Depth Answers
Chapter 3 Responding to Network-Based Threats
Questions
Quick Answer Key
In-Depth Answers
Chapter 4 Securing a Corporate Network
Questions
Quick Answer Key
In-Depth Answers
Part II Vulnerability Management
Chapter 5 Implementing Vulnerability Management Processes
Questions
Quick Answer Key
In-Depth Answers
Chapter 6 Vulnerability Scanning
Questions
Quick Answer Key
In-Depth Answers
Part III Cyber Incident Response
Chapter 7 The Incident Response Process
Questions
Quick Answer Key
In-Depth Answers
Chapter 8 Determining the Impact of Incidents
Questions
Quick Answer Key
In-Depth Answers
Chapter 9 Preparing the Incident Response Toolkit
Questions
Quick Answer Key
In-Depth Answers
Chapter 10 Selecting the Best Course of Action
Questions
Quick Answer Key
In-Depth Answers
Part IV Security Architecture and Tool Sets
Chapter 11 Frameworks, Policies, Controls, and Procedures
Questions
Quick Answer Key
In-Depth Answers
Chapter 12 Identity and Access Management
Questions
Quick Answer Key
In-Depth Answers
Chapter 13 Putting in Compensating Controls
Questions
Quick Answer Key
In-Depth Answers
Chapter 14 Secure Software Development
Questions
Quick Answer Key
In-Depth Answers
Chapter 15 Tool Sets
Questions
Quick Answer Key
In-Depth Answers
Appendix About the Digital Content
CD-ROM
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
Using the TotalTester Online Content
Pre-Assessment Test
Performance-Based Questions
Technical Support
