Atnaujinkite slapukų nuostatas

El. knyga: CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide

3.50/5 (8 ratings by Goodreads)
  • Formatas: 560 pages
  • Serija: Certification Guide
  • Išleidimo metai: 28-Sep-2020
  • Leidėjas: Pearson IT Certification
  • Kalba: eng
  • ISBN-13: 9780136747185
Kitos knygos pagal šią temą:
CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert GuideDidesnis paveikslėlis
  • Formatas: 560 pages
  • Serija: Certification Guide
  • Išleidimo metai: 28-Sep-2020
  • Leidėjas: Pearson IT Certification
  • Kalba: eng
  • ISBN-13: 9780136747185
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam success with this Cert Guide from Pearson IT certification, a leader in IT certification learning.

 

This study guide helps you master the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam topics:

·        Assess your knowledge with chapter-ending quizzes

·        Review key concepts with exam preparation tasks

·        Practice with realistic exam questions

·        Get practical guidance for next steps and more advanced certifications

 

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide is a best-of-breed exam study guide. Leading IT certification instructor Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

 

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

 

The companion website contains the powerful Pearson Test Prep practice test software, complete with exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Digital Key Terms Flashcards are included for every term in the glossary and help you master each concept.

 

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

 

This study guide helps you master all the topics on the CompTIA Cybersecurity Analyst (CySA+) CS0-002 exam, including

·        Vulnerability management activities

·        Implementing controls to mitigate attacks and software vulnerabilities

·        Security solutions for infrastructure management

·        Software and hardware assurance best practices

·        Understanding and applying the appropriate incident response

·        Applying security concepts in support of organizational risk mitigation

 

Companion Website:

The website provides access to several digital assets as two free, complete practice exams.

Includes Exclusive Offer for up to 80% Off Premium Edition eBook and Practice Test

 

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.

 

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases
Introduction xxxvii
Chapter 1 The Importance of Threat Data and Intelligence
3(16)
"Do I Know This Already?" Quiz
3(3)
Foundation Topics
6(1)
Intelligence Sources
6(1)
Open-Source Intelligence
6(1)
Proprietary/Closed-Source Intelligence
6(1)
Timeliness
7(1)
Relevancy
7(1)
Confidence Levels
7(1)
Accuracy
7(1)
Indicator Management
7(2)
Structured Threat Information eXpression (STIX)
8(1)
Trusted Automated eXchange of Indicator Information (TAXII)
8(1)
OpenlOC
9(1)
Threat Classification
9(3)
Known Threat vs. Unknown Threat
10(1)
Zero-day
10(1)
Advanced Persistent Threat
11(1)
Threat Actors
12(1)
Nation-state
12(1)
Organized Crime
12(1)
Terrorist Groups
12(1)
Hacktivist
12(1)
Insider Threat
12(1)
Intentional
13(1)
Unintentional
13(1)
Intelligence Cycle
13(1)
Commodity Malware
14(1)
Information Sharing and Analysis Communities
15(1)
Exam Preparation Tasks
16(1)
Review All Key Topics
16(1)
Define Key Terms
16(1)
Review Questions
17(2)
Chapter 2 Utilizing Threat Intelligence to Support Organizational Security
19(20)
"Do I Know This Already?" Quiz
19(2)
Foundation Topics
21(1)
Attack Frameworks
21(2)
MITRE ATT&CK
21(1)
The Diamond Model of Intrusion Analysis
22(1)
Kill Chain
23(1)
Threat Research
23(6)
Reputational
24(1)
Behavioral
24(1)
Indicator of Compromise (IoC)
25(1)
Common Vulnerability Scoring System (CVSS)
25(4)
Threat Modeling Methodologies
29(4)
Adversary Capability
29(2)
Total Attack Surface
31(1)
Attack Vector
31(1)
Impact
32(1)
Probability
32(1)
Threat Intelligence Sharing with Supported Functions
33(1)
Incident Response
33(1)
Vulnerability Management
33(1)
Risk Management
33(1)
Security Engineering
33(1)
Detection and Monitoring
34(1)
Exam Preparation Tasks
34(1)
Review All Key Topics
34(1)
Define Key Terms
35(1)
Review Questions
35(4)
Chapter 3 Vulnerability Management Activities
39(28)
"Do I Know This Already?" Quiz
39(2)
Foundation Topics
41(1)
Vulnerability Identification
41(3)
Asset Criticality
42(1)
Active vs. Passive Scanning
43(1)
Mapping/Enumeration
44(1)
Validation
44(1)
Remediation/Mitigation
45(4)
Configuration Baseline
45(1)
Patching
46(1)
Hardening
46(1)
Compensating Controls
47(1)
Risk Acceptance
47(1)
Verification of Mitigation
47(2)
Scanning Parameters and Criteria
49(13)
Risks Associated with Scanning Activities
49(1)
Vulnerability Feed
49(1)
Scope
49(2)
Credentialed vs. Non-credentialed
51(1)
Server-based vs. Agent-based
52(1)
Internal vs. External
53(1)
Special Considerations
53(1)
Types of Data
53(1)
Technical Constraints
53(1)
Workflow
53(1)
Sensitivity Levels
54(1)
Regulatory Requirements
55(1)
Segmentation
56(1)
Intrusion Prevention System (IPS), Intrusion Detection System (IDS), and Firewall Settings
57(2)
Firewall
59(3)
Inhibitors to Remediation
62(1)
Exam Preparation Tasks
63(1)
Review All Key Topics
63(1)
Define Key Terms
64(1)
Review Questions
64(3)
Chapter 4 Analyzing Assessment Output
67(26)
"Do I Know This Already?" Quiz
67(2)
Foundation Topics
69(1)
Web Application Scanner
69(2)
Burp Suite
69(1)
OWASP Zed Attack Proxy (ZAP)
69(1)
Nikto
70(1)
Arachni
70(1)
Infrastructure Vulnerability Scanner
71(1)
Nessus
71(1)
OpenVAS
71(1)
Software Assessment Tools and Techniques
72(4)
Static Analysis
73(1)
Dynamic Analysis
74(1)
Reverse Engineering
75(1)
Fuzzing
75(1)
Enumeration
76(6)
Nmap
76(3)
Host Scanning
79(1)
hping
80(2)
Active vs. Passive
82(1)
Responder
82(1)
Wireless Assessment Tools
82(4)
Aircrack-ng
83(1)
Reaver
84(2)
oclHashcat
86(1)
Cloud Infrastructure Assessment Tools
86(2)
ScoutSuite
87(1)
Prowler
87(1)
Pacu
87(1)
Exam Preparation Tasks
88(1)
Review All Key Topics
88(1)
Define Key Terms
89(1)
Review Questions
89(4)
Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology
93(30)
"Do I Know This Already?" Quiz
93(4)
Foundation Topics
97(1)
Mobile
97(6)
Unsigned Apps/System Apps
98(1)
Security Implications/Privacy Concerns
99(1)
Data Storage
99(1)
Nonremovable Storage
99(1)
Removable Storage
99(1)
Transfer/Back Up Data to Uncontrolled Storage
99(1)
USBOTG
99(1)
Device Loss/Theft
100(1)
Rooting/Jailbreaking
100(1)
Push Notification Services
100(1)
Geotagging
100(1)
OEM/Carrier Android Fragmentation
101(1)
Mobile Payment
101(1)
NFC Enabled
101(1)
Inductance Enabled
102(1)
Mobile Wallet
102(1)
Peripheral-Enabled Payments (Credit Card Reader)
102(1)
USB
102(1)
Malware
102(1)
Unauthorized Domain Bridging
103(1)
SMS/MMS/Messaging
103(1)
Internet of Things (IoT)
103(2)
IoT Examples
104(1)
Methods of Securing IoT Devices
104(1)
Embedded Systems
105(1)
Real-Time Operating System (RTOS)
105(1)
System-on-Chip (SoC)
105(1)
Field Programmable Gate Array (FPGA)
105(1)
Physical Access Control
106(3)
Systems
106(1)
Devices
107(1)
Facilities
107(2)
Building Automation Systems
109(2)
IP Video
109(2)
HVAC Controllers
111(1)
Sensors
111(1)
Vehicles and Drones
111(2)
CAN Bus
112(1)
Drones
113(1)
Workflow and Process Automation Systems
113(1)
Incident Command System (ICS)
114(1)
Supervisory Control and Data Acquisition (SCADA)
114(4)
Modbus
118(1)
Exam Preparation Tasks
118(1)
Review All Key Topics
118(1)
Define Key Terms
119(1)
Review Questions
120(3)
Chapter 6 Threats and Vulnerabilities Associated with Operating in the Cloud
123(18)
"Do I Know This Already?" Quiz
123(3)
Foundation Topics
126(1)
Cloud Deployment Models
126(1)
Cloud Service Models
127(1)
Function as a Service (FaaS)/Serverless Architecture
128(2)
Infrastructure as Code (IaC)
130(1)
Insecure Application Programming Interface (API)
131(1)
Improper Key Management
132(2)
Key Escrow
133(1)
Key Stretching
134(1)
Unprotected Storage
134(2)
Transfer/Back Up Data to Uncontrolled Storage
134(1)
Big Data
135(1)
Logging and Monitoring
136(1)
Insufficient Logging and Monitoring
136(1)
Inability to Access
136(1)
Exam Preparation Tasks
137(1)
Review All Key Topics
137(1)
Define Key Terms
137(1)
Review Questions
138(3)
Chapter 7 Implementing Controls to Mitigate Attacks and Software Vulnerabilities
141(32)
"Do I Know This Already?" Quiz
141(2)
Foundation Topics
143(1)
Attack Types
143(20)
Extensible Markup Language (XML) Attack
143(2)
Structured Query Language (SQL) Injection
145(2)
Overflow Attacks
147(1)
Buffer
147(2)
Integer Overflow
149(1)
Heap
150(1)
Remote Code Execution
150(1)
Directory Traversal
151(1)
Privilege Escalation
152(1)
Password Spraying
152(1)
Credential Stuffing
152(2)
Impersonation
154(1)
Man-in-the-Middle Attack
154(2)
VLAN-based Attacks
156(2)
Session Hijacking
158(1)
Rootkit
159(1)
Cross-Site Scripting
160(1)
Reflected
161(1)
Persistent
161(1)
Document Object Model (DOM)
162(1)
Vulnerabilities
163(6)
Improper Error Handling
163(1)
Dereferencing
163(1)
Insecure Object Reference
163(1)
Race Condition
164(1)
Broken Authentication
164(1)
Sensitive Data Exposure
165(1)
Insecure Components
165(1)
Code Reuse
166(1)
Insufficient Logging and Monitoring
166(1)
Weak or Default Configurations
167(1)
Use of Insecure Functions
168(1)
strcpy
168(1)
Exam Preparation Tasks
169(1)
Review All Key Topics
169(1)
Define Key Terms
170(1)
Review Questions
170(3)
Chapter 8 Security Solutions for Infrastructure Management
173(80)
"Do I Know This Already?" Quiz
173(4)
Foundation Topics
177(1)
Cloud vs. On-premises
177(1)
Cloud Mitigations
177(1)
Asset Management
178(2)
Asset Tagging
178(1)
Device-Tracking Technologies
178(1)
Geolocation/GPS Location
179(1)
Object-Tracking and Object-Containment Technologies
179(1)
Geotagging/Geofencing
179(1)
RFID
180(1)
Segmentation
180(5)
Physical
180(1)
LAN
181(1)
Intranet
181(1)
Extranet
181(1)
DMZ
181(1)
Virtual
182(1)
Jumpbox
183(1)
System Isolation
184(1)
Air Gap
185(1)
Network Architecture
185(16)
Physical
186(2)
Firewall Architecture
188(5)
Software-Defined Networking
193(1)
Virtual SAN
194(1)
Virtual Private Cloud (VPC)
195(1)
Virtual Private Network (VPN)
195(2)
IPsec
197(2)
SSL/TLS
199(1)
Serverless
200(1)
Change Management
201(1)
Virtualization
201(7)
Security Advantages and Disadvantages of Virtualization
201(2)
Type 1 vs. Type 2 Hypervisors
203(1)
Virtualization Attacks and Vulnerabilities
203(2)
Virtual Networks
205(1)
Management Interface
205(1)
Vulnerabilities Associated with a Single Physical Server Hosting Multiple Companies' Virtual Machines
206(1)
Vulnerabilities Associated with a Single Platform Hosting Multiple Companies' Virtual Machines
207(1)
Virtual Desktop Infrastructure (VDI)
207(1)
Terminal Services/Application Delivery Services
208(1)
Containerization
208(1)
Identity and Access Management
209(20)
Identify Resources
210(1)
Identify Users
210(1)
Identify Relationships Between Resources and Users
210(1)
Privilege Management
211(1)
Multifactor Authentication (MFA)
211(1)
Authentication
211(1)
Authentication Factors
212(1)
Knowledge Factors
213(1)
Ownership Factors
213(1)
Characteristic Factors
214(1)
Single Sign-On (SSO)
214(1)
Kerberos
215(2)
Active Directory
217(2)
SESAME
219(1)
Federation
219(1)
XACML
220(1)
SPML
220(1)
SAML
221(1)
OpenID
222(2)
Shibboleth
224(1)
Role-Based Access Control
224(1)
Attribute-Based Access Control
225(3)
Mandatory Access Control
228(1)
Manual Review
229(1)
Cloud Access Security Broker (CASB)
229(1)
Honeypot
230(1)
Monitoring and Logging
230(2)
Log Management
230(1)
Audit Reduction Tools
231(1)
NISTSP 800-137
232(1)
Encryption
232(10)
Cryptographic Types
233(1)
Symmetric Algorithms
233(3)
Asymmetric Algorithms
236(1)
Hybrid Encryption
236(2)
Hashing Functions
238(1)
One-way Hash
238(1)
Message Digest Algorithm
239(1)
Secure Hash Algorithm
240(1)
Transport Encryption
240(1)
SSL/TLS
241(1)
HTTP/HTTPS/SHTTP
241(1)
SSH
242(1)
IPsec
242(1)
Certificate Management
242(4)
Certificate Authority and Registration Authority
243(1)
Certificates
243(1)
Certificate Revocation List
244(1)
OCSP
244(1)
PKI Steps
245(1)
Cross-Certification
245(1)
Digital Signatures
245(1)
Active Defense
246(1)
Hunt Teaming
247(1)
Exam Preparation Tasks
247(1)
Review All Key Topics
247(3)
Define Key Terms
250(1)
Review Questions
250(3)
Chapter 9 Software Assurance Best Practices
253(42)
"Do I Know This Already?" Quiz
253(3)
Foundation Topics
256(1)
Platforms
256(11)
Mobile
256(1)
Containerization
256(1)
Configuration Profiles and Payloads
256(1)
Personally Owned, Corporate Enabled
256(1)
Corporate-Owned, Personally Enabled
257(1)
Application Wrapping
257(1)
Application, Content, and Data Management
257(1)
Remote Wiping
257(1)
SCEP
258(1)
NIST SP 800-163 Rev 1
258(2)
Web Application
260(1)
Maintenance Hooks
260(1)
Time-of-Check/Time-of- Use Attacks
260(1)
Cross-Site Request Forgery (CSRF)
261(1)
Click-Jacking
262(1)
Client/Server
263(1)
Embedded
263(1)
Hardware/Embedded Device Analysis
264(1)
System-on-Chip (SoC)
265(1)
Secure Booting
265(1)
Central Security Breach Response
265(1)
Firmware
266(1)
Software Development Life Cycle (SDLC) Integration
267(3)
Step 1 Plan/Initiate Project
267(1)
Step 2 Gather Requirements
268(1)
Step 3 Design
268(1)
Step 4 Develop
269(1)
Step 5 Test/Validate
269(1)
Step 6 Release/Maintain
269(1)
Step 7 Certify/Accredit
270(1)
Step 8 Change Management and Configuration Management/Replacement
270(1)
DevSecOps
270(2)
DevOps
270(2)
Software Assessment Methods
272(3)
User Acceptance Testing
272(1)
Stress Test Application
272(1)
Security Regression Testing
273(1)
Code Review
273(1)
Security Testing
274(1)
Code Review Process
275(1)
Secure Coding Best Practices
275(11)
Input Validation
275(1)
Output Encoding
276(1)
Session Management
276(1)
Authentication
277(1)
Context-based Authentication
277(2)
Network Authentication Methods
279(2)
IEEE
802. IX
281(1)
Biometric Considerations
282(2)
Certificate-Based Authentication
284(1)
Data Protection
285(1)
Parameterized Queries
285(1)
Static Analysis Tools
286(1)
Dynamic Analysis Tools
286(1)
Formal Methods for Verification of Critical Software
286(1)
Service-Oriented Architecture
287(2)
Security Assertions Markup Language (SAML)
287(1)
Simple Object Access Protocol (SOAP)
287(1)
Representational State Transfer (REST)
288(1)
Microservices
288(1)
Exam Preparation Tasks
289(1)
Review All Key Topics
289(1)
Define Key Terms
290(1)
Review Questions
291(4)
Chapter 10 Hardware Assurance Best Practices
295(22)
"Do I Know This Already?" Quiz
295(3)
Foundation Topics
298(1)
Hardware Root of Trust
298(5)
Trusted Platform Module (TPM)
299(1)
Virtual TPM
300(2)
Hardware Security Module (HSM)
302(1)
MicroSD HSM
302(1)
eFuse
303(1)
Unified Extensible Firmware Interface (UEFI)
303(1)
Trusted Foundry
304(1)
Secure Processing
305(3)
Trusted Execution
305(2)
Secure Enclave
307(1)
Processor Security Extensions
307(1)
Atomic Execution
307(1)
Anti-Tamper
308(1)
Self-Encrypting Drives
308(1)
Trusted Firmware Updates
308(2)
Measured Boot and Attestation
310(1)
Measured Launch
311(1)
Integrity Measurement Architecture
311(1)
Bus Encryption
311(1)
Exam Preparation Tasks
312(1)
Review All Key Topics
312(1)
Define Key Terms
312(1)
Review Questions
313(4)
Chapter 11 Analyzing Data as Part of Security Monitoring Activities
317(60)
"Do I Know This Already?" Quiz
317(3)
Foundation Topics
320(1)
Heuristics
320(1)
Trend Analysis
320(1)
Endpoint
321(21)
Malware
323(1)
Virus
323(1)
Worm
324(1)
Trojan Horse
325(1)
Logic Bomb
325(1)
Spyware/Adware
325(1)
Botnet
325(1)
Rootkit
326(1)
Ransomware
326(1)
Reverse Engineering
327(2)
Memory
329(1)
Memory Protection
329(1)
Secured Memory
330(1)
Runtime Data Integrity Check
330(2)
Memory Dumping, Runtime Debugging
332(1)
System and Application Behavior
333(1)
Known-good Behavior
333(1)
Anomalous Behavior
334(1)
Exploit Techniques
335(4)
File System
339(1)
File Integrity Monitoring
340(1)
User and Entity Behavior Analytics (UEBA)
341(1)
Network
342(6)
Uniform Resource Locator (URL) and Domain Name System (DNS) Analysis
342(1)
DNS Analysis
342(1)
Domain Generation Algorithm
343(2)
Flow Analysis
345(1)
NetFlow Analysis
346(2)
Packet and Protocol Analysis
348(1)
Packet Analysis
348(1)
Protocol Analysis
348(1)
Malware
348(1)
Log Review
348(13)
Event Logs
349(1)
Syslog
350(2)
Kiwi Syslog Server
352(1)
Firewall Logs
353(1)
Windows Defender
353(1)
Cisco Check Point
353(2)
Web Application Firewall (WAF)
355(1)
Proxy
356(1)
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
357(1)
Sourcefire
358(1)
Snort
359(1)
Zeek
360(1)
HIPS
360(1)
Impact Analysis
361(1)
Organization Impact vs. Localized Impact
361(1)
Immediate Impact vs. Total Impact
361(1)
Security Information and Event Management (SIEM) Review
361(5)
Rule Writing
362(1)
Known-Bad Internet Protocol (IP)
363(1)
Dashboard
363(3)
Query Writing
366(1)
String Search
366(1)
Script
366(1)
Piping
367(1)
E-mail Analysis
367(5)
E-mail Spoofing
368(1)
Malicious Payload
368(1)
DomainKeys Identified Mail (DKIM)
368(1)
Sender Policy Framework (SPF)
369(1)
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
369(1)
Phishing
369(1)
Spear Phishing
369(1)
Whaling
370(1)
Forwarding
370(1)
Digital Signature
371(1)
E-mail Signature Block
372(1)
Embedded Links
372(1)
Impersonation
372(1)
Exam Preparation Tasks
372(1)
Review All Key Topics
372(2)
Define Key Terms
374(1)
Review Questions
374(3)
Chapter 12 Implementing Configuration Changes to Existing Controls to Improve Security
377(24)
"Do I Know This Already?" Quiz
377(4)
Foundation Topics
381(1)
Permissions
381(1)
Whitelisting and Blacklisting
381(2)
Application Whitelisting and Blacklisting
382(1)
Input Validation
382(1)
Firewall
383(3)
NextGen Firewalls
383(1)
Host-Based Firewalls
384(2)
Intrusion Prevention System (IPS) Rules
386(1)
Data Loss Prevention (DLP)
386(1)
Endpoint Detection and Response (EDR)
387(1)
Network Access Control (NAC)
387(4)
Quarantine/Remediation
389(1)
Agent-Based vs. Agentless NAC
389(1)
802.IX
389(2)
Sinkholing
391(1)
Malware Signatures
391(1)
Development/Rule Writing
392(1)
Sandboxing
392(2)
Port Security
394(2)
Limiting MAC Addresses
395(1)
Implementing Sticky MAC
395(1)
Exam Preparation Tasks
396(1)
Review All Key Topics
396(1)
Define Key Terms
396(1)
Review Questions
397(4)
Chapter 13 The Importance of Proactive Threat Hunting
401(18)
"Do I Know This Already?" Quiz
401(3)
Foundation Topics
404(1)
Establishing a Hypothesis
404(1)
Profiling Threat Actors and Activities
405(1)
Threat Hunting Tactics
406(3)
Hunt Teaming
406(1)
Threat Model
406(1)
Executable Process Analysis
407(2)
Memory Consumption
409(1)
Reducing the Attack Surface Area
409(2)
System Hardening
410(1)
Configuration Lockdown
410(1)
Bundling Critical Assets
411(1)
Commercial Business Classifications
411(1)
Military and Government Classifications
412(1)
Distribution of Critical Assets
412(1)
Attack Vectors
412(1)
Integrated Intelligence
413(1)
Improving Detection Capabilities
413(1)
Continuous Improvement
413(1)
Continuous Monitoring
414(1)
Exam Preparation Tasks
414(1)
Review All Key Topics
414(1)
Define Key Terms
415(1)
Review Questions
415(4)
Chapter 14 Automation Concepts and Technologies
419(14)
"Do I Know This Already?" Quiz
419(3)
Foundation Topics
422(1)
Workflow Orchestration
422(1)
Scripting
423(1)
Application Programming Interface (API) Integration
424(1)
Automated Malware Signature Creation
424(1)
Data Enrichment
425(1)
Threat Feed Combination
426(1)
Machine Learning
426(1)
Use of Automation Protocols and Standards
427(1)
Security Content Automation Protocol (SCAP)
427(1)
Continuous Integration
428(1)
Continuous Deployment/Delivery
428(1)
Exam Preparation Tasks
429(1)
Review All Key Topics
429(1)
Define Key Terms
430(1)
Review Questions
430(3)
Chapter 15 The Incident Response Process
433(16)
"Do I Know This Already?" Quiz
433(2)
Foundation Topics
435(1)
Communication Plan
435(1)
Limiting Communication to Trusted Parties
435(1)
Disclosing Based on Regulatory/Legislative Requirements
435(1)
Preventing Inadvertent Release of Information
435(1)
Using a Secure Method of Communication
435(1)
Reporting Requirements
436(1)
Response Coordination with Relevant Entities
436(3)
Legal
436(1)
Human Resources
437(1)
Public Relations
437(1)
Internal and External
437(1)
Law Enforcement
437(1)
Senior Leadership
438(1)
Regulatory Bodies
438(1)
Factors Contributing to Data Criticality
439(6)
Personally Identifiable Information (PII)
439(1)
Personal Health Information (PHI)
440(1)
Sensitive Personal Information (SPI)
441(1)
High Value Assets
441(1)
Financial Information
441(1)
Intellectual Property
442(1)
Patent
442(1)
Trade Secret
443(1)
Trademark
443(1)
Copyright
444(1)
Securing Intellectual Property
444(1)
Corporate Information
444(1)
Exam Preparation Tasks
445(1)
Review All Key Topics
445(1)
Define Key Terms
446(1)
Review Questions
446(3)
Chapter 16 Applying the Appropriate Incident Response Procedure
449(20)
"Do I Know This Already?" Quiz
449(3)
Foundation Topics
452(1)
Preparation
452(2)
Training
452(1)
Testing
453(1)
Documentation of Procedures
453(1)
Detection and Analysis
454(4)
Characteristics Contributing to Severity Level Classification
455(1)
Downtime and Recovery Time
455(1)
Data Integrity
456(1)
Economic
456(1)
System Process Criticality
457(1)
Reverse Engineering
457(1)
Data Correlation
458(1)
Containment
458(1)
Segmentation
458(1)
Isolation
459(1)
Eradication and Recovery
459(4)
Vulnerability Mitigation
459(1)
Sanitization
460(1)
Reconstruction/Reimaging
460(1)
Secure Disposal
460(1)
Patching
461(1)
Restoration of Permissions
461(1)
Reconstitution of Resources
462(1)
Restoration of Capabilities and Services
462(1)
Verification of Logging/Communication to Security Monitoring
462(1)
Post-Incident Activities
463(2)
Evidence Retention
463(1)
Lessons Learned Report
463(1)
Change Control Process
464(1)
Incident Response Plan Update
464(1)
Incident Summary Report
464(1)
Indicator of Compromise (IoC) Generation
465(1)
Monitoring
465(1)
Exam Preparation Tasks
465(1)
Review All Key Topics
465(1)
Define Key Terms
466(1)
Review Questions
466(3)
Chapter 17 Analyzing Potential Indicators of Compromise
469(16)
"Do I Know This Already?" Quiz
469(3)
Foundation Topics
472(1)
Network-Related Indicators of Compromise
472(5)
Bandwidth Consumption
472(1)
Beaconing
473(1)
Irregular Peer-to-Peer Communication
473(2)
Rogue Device on the Network
475(1)
Scan/Sweep
476(1)
Unusual Traffic Spike
476(1)
Common Protocol over Non-standard Port
476(1)
Host-Related Indicators of Compromise
477(3)
Processor Consumption
477(1)
Memory Consumption
477(1)
Drive Capacity Consumption
477(1)
Unauthorized Software
477(1)
Malicious Process
478(1)
Unauthorized Change
479(1)
Unauthorized Privilege
479(1)
Data Exfiltration
479(1)
Abnormal OS Process Behavior
479(1)
File System Change or Anomaly
479(1)
Registry Change or Anomaly
480(1)
Unauthorized Scheduled Task
480(1)
Application-Related Indicators of Compromise
480(2)
Anomalous Activity
480(1)
Introduction of New Accounts
480(1)
Unexpected Output
480(1)
Unexpected Outbound Communication
481(1)
Service Interruption
481(1)
Application Log
481(1)
Exam Preparation Tasks
482(1)
Review All Key Topics
482(1)
Define Key Terms
482(1)
Review Questions
482(3)
Chapter 18 Utilizing Basic Digital Forensics Techniques
485(20)
"Do I Know This Already?" Quiz
485(3)
Foundation Topics
488(1)
Network
488(2)
Wireshark
488(2)
tcpdump
490(1)
Endpoint
490(4)
Disk
491(1)
FIX
491(1)
Helix3
491(1)
Password Cracking
491(1)
Imaging
492(1)
Memory
493(1)
Mobile
494(1)
Cloud
495(2)
Virtualization
497(1)
Legal Hold
497(1)
Procedures
497(2)
EnCase Forensic
498(1)
Sysinternals
498(1)
Forensic Investigation Suite
498(1)
Hashing
499(1)
Hashing Utilities
499(1)
Changes to Binaries
500(1)
Carving
500(1)
Data Acquisition
501(1)
Exam Preparation Tasks
501(1)
Review All Key Topics
501(1)
Define Key Terms
501(1)
Review Questions
502(3)
Chapter 19 The Importance of Data Privacy and Protection
505(22)
"Do I Know This Already?" Quiz
505(3)
Foundation Topics
508(1)
Privacy vs. Security
508(1)
Non-technical Controls
508(8)
Classification
508(1)
Ownership
508(1)
Retention
509(1)
Data Types
509(1)
Personally Identifiable Information (PII)
509(1)
Personal Health Information (PHI)
510(1)
Payment Card Information
510(1)
Retention Standards
510(1)
Confidentiality
510(1)
Legal Requirements
510(4)
Data Sovereignty
514(1)
Data Minimization
515(1)
Purpose Limitation
515(1)
Non-disclosure agreement (NDA)
516(1)
Technical Controls
516(5)
Encryption
516(1)
Data Loss Prevention (DLP)
516(1)
Data Masking
516(1)
Deidentification
517(1)
Tokenization
517(1)
Digital Rights Management (DRM)
517(3)
Document DRM
520(1)
Music DRM
520(1)
Movie DRM
520(1)
Video Game DRM
520(1)
E-Book DRM
521(1)
Watermarking
521(1)
Geographic Access Requirements
521(1)
Access Controls
521(1)
Exam Preparation Tasks
521(1)
Review All Key Topics
522(1)
Define Key Terms
522(1)
Review Questions
523(4)
Chapter 20 Applying Security Concepts in Support of Organizational Risk Mitigation
527(22)
"Do I Know This Already?" Quiz
527(3)
Foundation Topics
530(1)
Business Impact Analysis
530(2)
Identify Critical Processes and Resources
530(1)
Identify Outage Impacts and Estimate Downtime
531(1)
Identify Resource Requirements
531(1)
Identify Recovery Priorities
531(1)
Recoverability
532(1)
Fault Tolerance
532(1)
Risk Identification Process
532(2)
Make Risk Determination Based upon Known Metrics
533(1)
Qualitative Risk Analysis
533(1)
Quantitative Risk Analysis
534(1)
Risk Calculation
534(2)
Probability
535(1)
Magnitude
535(1)
Communication of Risk Factors
536(1)
Risk Prioritization
537(2)
Security Controls
538(1)
Engineering Tradeoffs
538(1)
MOUs
538(1)
SLAs
538(1)
Organizational Governance
539(1)
Business Process Interruption
539(1)
Degrading Functionality
539(1)
Systems Assessment
539(2)
ISO/IEC 27001
539(2)
ISO/TEC 27002
541(1)
Documented Compensating Controls
541(1)
Training and Exercises
542(1)
Red Team
542(1)
Blue Team
542(1)
White Team
543(1)
Tabletop Exercise
543(1)
Supply Chain Assessment
543(1)
Vendor Due Diligence
543(1)
OEM Documentation
543(1)
Hardware Source Authenticity
544(1)
Trusted Foundry
544(1)
Exam Preparation Tasks
544(1)
Review All Key Topics
544(1)
Define Key Terms
545(1)
Review Questions
545(4)
Chapter 21 The Importance of Frameworks, Policies, Procedures, and Controls
549(30)
"Do I Know This Already?" Quiz
549(3)
Foundation Topics
552(1)
Frameworks
552(10)
Risk-Based Frameworks
552(1)
National Institute of Standards and Technology (NIST)
552(1)
COBIT
553(1)
The Open Group Architecture Framework (TOGAF)
554(1)
Prescriptive Frameworks
555(1)
NIST Cybersecurity Framework Version 1.1
555(1)
ISO 21000 Series
556(3)
SABSA
559(1)
ITIL
559(1)
Maturity Models
559(3)
ISO/IEC 21001
562(1)
Policies and Procedures
562(8)
Code of Conduct/Ethics
563(1)
Acceptable Use Policy (AUP)
563(1)
Password Policy
564(3)
Data Ownership
567(1)
Data Retention
567(1)
Account Management
568(1)
Continuous Monitoring
569(1)
Work Product Retention
570(1)
Category
570(1)
Managerial
570(1)
Operational
571(1)
Technical
571(1)
Control Type
571(2)
Preventative
572(1)
Detective
572(1)
Corrective
572(1)
Deterrent
572(1)
Directive
572(1)
Physical
572(1)
Audits and Assessments
573(2)
Regulatory
573(2)
Compliance
575(1)
Exam Preparation Tasks
575(1)
Review All Key Topics
575(1)
Define Key Terms
576(1)
Review Questions
576(3)
Chapter 22 Final Preparation
579(6)
Exam Information
579(1)
Getting Ready
580(2)
Tools for Final Preparation
582(1)
Pearson Test Prep Practice Test Software and Questions on the Website
582(1)
Memory Tables
582(1)
Chapter-Ending Review Tools
582(1)
Suggested Plan for Final Review/Study
583(1)
Summary
583(2)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 585(66)
Appendix B CompTIA Cybersecurity Analyst (CySA+) CSO-002 Cert Guide Exam Updates 651(2)
Glossary of Key Terms 653(36)
Index 689
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary of Key Terms
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 20 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones:







·        Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)

·        Author of CISSP Cert Guide (Pearson)

·        Prep test question writer for CCNA Wireless 640-722 Official Cert Guide (Cisco Press)

·        Author of CompTIA Advanced Security Practitioner (CASP) Cert Guide (Pearson)







Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2.







He delivers CISSP training classes for CyberVista, and is an authorized online training provider for (ISC)2.







Troy also creates certification practice tests and study guides for CyberVista. He lives in Asheville, North Carolina, with his wife, Heike.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97801367471852e.html
Raktažodžiai: