Atnaujinkite slapukų nuostatas

CompTIA Cybersecurity Analyst (CySAplus) Cert Guide [Multiple-component retail product]

3.87/5 (26 ratings by Goodreads)
  • Formatas: Multiple-component retail product, 592 pages, aukštis x plotis x storis: 240x195x30 mm, weight: 1179 g, Contains 1 Hardback and 1 Digital product license key
  • Serija: Certification Guide
  • Išleidimo metai: 09-May-2018
  • Leidėjas: Pearson IT Certification
  • ISBN-10: 0789756951
  • ISBN-13: 9780789756954
Kitos knygos pagal šią temą:
CompTIA Cybersecurity Analyst (CySAplus) Cert GuideDidesnis paveikslėlis
  • Formatas: Multiple-component retail product, 592 pages, aukštis x plotis x storis: 240x195x30 mm, weight: 1179 g, Contains 1 Hardback and 1 Digital product license key
  • Serija: Certification Guide
  • Išleidimo metai: 09-May-2018
  • Leidėjas: Pearson IT Certification
  • ISBN-10: 0789756951
  • ISBN-13: 9780789756954
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780789756954.html

One million cybersecurity jobs will open this year, and many will require strong knowledge and skills in cybersecurity analysis. CompTIA's new vendor-neutral Cybersecurity Analyst (CSA+) IT professional validates the knowledge and skills you'll need to qualify for these opportunities. CompTIA Cybersecurity Analyst+ Cert Guide is the comprehensive self-study resource for the brand-new CSA+ (CSO-001) exam.

 

Designed for all CompTIA Cybersecurity Analyst (CSA+) candidates, this guide covers every exam objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find:

  • Pre-chapter quizzes to assess knowledge upfront and focus your study more efficiently
  • Foundation topics sections that explain concepts and configurations, and link theory to practice
  • Key topics sections calling attention to every figure, table, and list you must know
  • Exam Preparation sections with additional chapter review features
  • Final preparation chapter providing tools and a complete final study plan
  • A customizable practice test library

This guide offers comprehensive, up-to-date coverage of all CSA+ topics related to:

  • Environmental reconnaissance, response, and countermeasures
  • Securing corporate environments
  • Managing information security vulnerabilities, including detailed coverage of common vulnerabilities
  • Analyzing threat data or behavior, performing computer forensics, and responding to incidents
  • Recovering and responding to incidents
  • Using security frameworks to guide common security policies
  • Implementing identity/access management and compensating controls
  • Optimizing security throughout the Software Development Life Cycle (SDLC)
  • Choosing and applying cybersecurity tools and technologies, and more
Introduction xxvii
Chapter 1 Applying Environmental Reconnaissance Techniques 3(34)
"Do I Know This Already?" Quiz
3(2)
Foundation Topics
5(1)
Procedures/Common Tasks
5(6)
Topology Discovery
5(1)
OS Fingerprinting
5(1)
Service Discovery
6(1)
Packet Capture
6(1)
Log Review
6(1)
Router/Firewall ACLs Review
6(1)
E-mail Harvesting
7(1)
Social Media Profiling
7(1)
Social Engineering
8(1)
DNS Harvesting
8(3)
Phishing
11(5)
Variables
11(1)
Wireless vs. Wired
12(1)
Virtual vs. Physical
13(1)
Internal vs. External
14(1)
On-premises vs. Cloud
15(1)
Tools
16(15)
Nmap
16(3)
Host Scanning
19(1)
Network Mapping
20(1)
Netstat
21(2)
Packet Analyzer
23(2)
IDS/IPS
25(2)
HIDS/NIDS
27(1)
Firewall Rule-Based and Logs
27(3)
Firewall Types
27(2)
Firewall Architecture
29(1)
Syslog
30(1)
Vulnerability Scanner
30(1)
Exam Preparation Tasks
31(1)
Review All Key Topics
31(1)
Define Key Terms
32(1)
Review Questions
32(5)
Chapter 2 Analyzing the Results of Network Reconnaissance 37(32)
"Do I Know This Already?" Quiz
37(3)
Foundation Topics
40(1)
Point-in-Time Data Analysis
40(5)
Packet Analysis
40(1)
Protocol Analysis
40(1)
Traffic Analysis
40(1)
NetFlow Analysis
41(2)
Wireless Analysis
43(2)
CSMA/CA
43(2)
Data Correlation and Analytics
45(2)
Anomaly Analysis
45(1)
Trend Analysis
46(1)
Availability Analysis
46(1)
Heuristic Analysis
46(1)
Behavioral Analysis
47(1)
Data Output
47(10)
Firewall Logs
47(2)
Packet Captures
49(3)
Nmap Scan Results
52(1)
Port Scans
52(1)
Event Logs
53(2)
Syslog
55(1)
IDS Report
56(1)
Tools
57(5)
SIEM
57(2)
Packet Analyzer
59(1)
IDS
60(1)
Resource Monitoring Tool
61(1)
NetFlow Analyzer
61(1)
Exam Preparation Tasks
62(1)
Review All Key Topics
62(1)
Define Key Terms
63(1)
Review Questions
63(6)
Chapter 3 Recommending and Implementing the Appropriate Response and Countermeasure 69(26)
"Do I Know This Already?" Quiz
69(3)
Foundation Topics
72(1)
Network Segmentation
72(5)
LAN
72(1)
Intranet
72(1)
Extranet
72(1)
DMZ
73(1)
VLANs
73(2)
System Isolation
75(1)
Jump Box
76(1)
Honeypot
77(1)
Endpoint Security
77(1)
Group Policies
78(2)
ACLs
80(2)
Sinkhole
81(1)
Hardening
82(4)
Mandatory Access Control (MAC)
82(1)
Compensating Controls
83(3)
Control Categories
83(1)
Access Control Types
84(1)
Administrative (Management) Controls
85(1)
Logical (Technical) Controls
85(1)
Physical Controls
85(1)
Blocking Unused Ports/Services
86(1)
Patching
86(1)
Network Access Control
86(4)
Quarantine/Remediation
88(1)
Agent-Based vs. Agentless NAC
88(1)
802.1x
88(2)
Exam Preparation Tasks
90(1)
Review All Key Topics
90(1)
Define Key Terms
91(1)
Review Questions
91(4)
Chapter 4 Practices Used to Secure a Corporate Environment 95(18)
"Do I Know This Already?" Quiz
95(3)
Foundation Topics
98(1)
Penetration Testing
98(3)
Rules of Engagement
100(1)
Reverse Engineering
101(4)
Isolation/Sandboxing
101(2)
Hardware
103(1)
Software/Malware
104(1)
Training and Exercises
105(1)
Risk Evaluation
106(1)
Technical Impact and Likelihood
106(1)
Technical Control Review
107(1)
Operational Control Review
107(1)
Exam Preparation Tasks
107(1)
Review All Key Topics
108(1)
Define Key Terms
108(1)
Review Questions
108(5)
Chapter 5 Implementing an Information Security Vulnerability Management Process 113(28)
"Do I Know This Already?" Quiz
113(4)
Foundation Topics
117(1)
Identification of Requirements
117(3)
Regulatory Environments
117(2)
Corporate Policy
119(1)
Data Classification
119(1)
Asset Inventory
120(1)
Establish Scanning Frequency
120(2)
Risk Appetite
120(1)
Regulatory Requirements
121(1)
Technical Constraints
121(1)
Workflow
121(1)
Configure Tools to Perform Scans According to Specification
122(9)
Determine Scanning Criteria
122(6)
Sensitivity Levels
122(1)
Vulnerability Feed
123(1)
Scope
123(2)
Credentialed vs. Non-credentialed
125(1)
Types of Data
126(1)
Server-Based vs. Agent-Based
126(2)
Tool Updates/Plug-ins
128(3)
SOAP
128(3)
Permissions and Access
131(1)
Execute Scanning
131(2)
Generate Reports
132(1)
Automated vs. Manual Distribution
132(1)
Remediation
133(2)
Prioritizing
133(1)
Criticality
134(1)
Difficulty of Implementation
134(1)
Communication/Change Control
134(1)
Sandboxing/Testing
134(1)
Inhibitors to Remediation
134(9)
MOUs
134(1)
SLAB
135(1)
Organizational Governance
135(1)
Business Process Interruption
135(1)
Degrading Functionality
135(1)
Ongoing Scanning and Continuous Monitoring
135(1)
Exam Preparation Tasks
136(1)
Review All Key Topics
136(1)
Define Key Terms
136(1)
Review Questions
137(4)
Chapter 6 Analyzing Scan Output and Identifying Common Vulnerabilities 141(46)
"Do I Know This Already?" Quiz
141(2)
Foundation Topics
143(1)
Analyzing Output Resulting from a Vulnerability Scan
143(5)
Analyze Reports from a Vulnerability Scan
143(4)
Review and Interpret Scan Remits
145(2)
Validate Results and Correlate Other Data Points
147(1)
Common Vulnerabilities Found in Targets Within an Organization
148(32)
Servers
148(13)
Web Servers
149(11)
Database Servers
160(1)
Endpoints
161(1)
Network Infrastructure
162(7)
Switches
163(1)
MAC Overflow
164(1)
ARP Poisoning
164(1)
VLANs
165(3)
Routers
168(1)
Network Appliances
169(1)
Virtual Infrastructure
169(4)
Virtual Hosts
169(1)
Virtual Networks
170(1)
Management Interface
171(2)
Mobile Devices
173(1)
Interconnected Networks
174(1)
Virtual Private Networks
175(4)
Industrial Control Systems/SCADA Devices
179(1)
Exam Preparation Tasks
180(1)
Review All Key Topics
181(1)
Define Key Terms
182(1)
Review Questions
182(5)
Chapter 7 Identifying Incident Impact and Assembling a Forensic Toolkit 187(26)
"Do I Know This Already?" Quiz
187(2)
Foundation Topics
189(1)
Threat Classification
189(2)
Known Threats vs. Unknown Threats
190(1)
Zero Day
190(1)
Advanced Persistent Threat
191(1)
Factors Contributing to Incident Severity and Prioritization
191(10)
Scope of Impact
191(3)
Downtime and Recovery Time
191(2)
Data Integrity
193(1)
Economic
193(1)
System Process Criticality
193(1)
Types of Data
194(7)
Personally Identifiable Information (PII)
194(1)
Personal Health Information (PHI)
195(1)
Payment Card Information
195(2)
Intellectual Property
197(2)
Corporate Confidential
199(2)
Forensics Kit
201(5)
Digital Forensics Workstation
202(4)
Forensic Investigation Suite
206(2)
Exam Preparation Tasks
208(1)
Review All Key Topics
208(1)
Define Key Terms
208(1)
Review Questions
209(4)
Chapter 8 The Incident Response Process 213(24)
"Do I Know This Already?" Quiz
213(3)
Foundation Topics
216(1)
Stakeholders
216(1)
HR
216(1)
Legal
217(1)
Marketing
217(1)
Management
217(1)
Purpose of Communication Processes
217(1)
Limit Communication to Trusted Parties
218(1)
Disclosure Based on Regulatory/Legislative Requirements
218(1)
Prevent Inadvertent Release of Information
218(1)
Secure Method of Communication
218(1)
Role-Based Responsibilities
218(2)
Technical
219(1)
Management
219(1)
Law Enforcement
219(1)
Retain Incident Response Provider
220(1)
Using Common Symptoms to Select the Best Course of Action to Support Incident Response
220(12)
Common Network-Related Symptoms
220(5)
Bandwidth Consumption
221(1)
Beaconing
221(1)
Irregular Peer-to-Peer Communication
222(1)
Rogue Devices on the Network
223(1)
Scan Sweeps
224(1)
Unusual Traffic Spikes
225(1)
Common Host-Related Symptoms
225(5)
Processor Consumption
226(1)
Memory Consumption
227(1)
Drive Capacity Consumption
227(1)
Unauthorized Software
228(1)
Malicious Processes
229(1)
Unauthorized Changes
229(1)
Unauthorized Privileges
229(1)
Data Exfiltration
229(1)
Common Application-Related Symptoms
230(10)
Anomalous Activity
230(1)
Introduction of New Accounts
231(1)
Unexpected Output
231(1)
Unexpected Outbound Communication
231(1)
Service Interruption
231(1)
Memory Overflows
231(1)
Exam Preparation Tasks
232(1)
Review All Key Topics
232(1)
Define Key Terms
232(1)
Review Questions
233(4)
Chapter 9 Incident Recovery and Post-Incident Response 237(14)
"Do I Know This Already?" Quiz
237(3)
Foundation Topics
240(1)
Containment Techniques
240(2)
Segmentation
240(1)
Isolation
240(1)
Removal
241(1)
Reverse Engineering
241(1)
Eradication Techniques
242(1)
Sanitization
242(1)
Reconstruction/Reimage
242(1)
Secure Disposal
242(1)
Validation
243(2)
Patching
243(1)
Permissions
244(1)
Scanning
244(1)
Verify Logging/Communication to Security Monitoring
244(1)
Corrective Actions
245(1)
Lessons Learned Report
245(1)
Change Control Process
245(1)
Update Incident Response Plan
245(1)
Incident Summary Report
246(1)
Exam Preparation Tasks
246(1)
Review All Key Topics
246(1)
Define Key Terms
247(1)
Review Questions
247(4)
Chapter 10 Frameworks, Policies, Controls, and Procedures 251(50)
"Do I Know This Already?" Quiz
251(3)
Foundation Topics
254(1)
Regulatory Compliance
254(4)
Frameworks
258(10)
National Institute of Standards and Technology (NIST)
258(2)
Framework for Improving Critical Infrastructure Cybersecurity 259 ISO
260(3)
Control Objectives for Information and Related Technology (COBIT)
263(2)
Sherwood Applied Business Security Architecture (SABSA)
265(1)
The Open Group Architecture Framework (TOGAF)
265(2)
Information Technology Infrastructure Library (ITIL)
267(1)
Policies
268(9)
Password Policy
268(3)
Acceptable Use Policy (AUP)
271(1)
Data Ownership Policy
272(1)
Data Retention Policy
272(1)
Account Management Policy
273(1)
Data Classification Policy
274(3)
Sensitivity and Criticality
275(1)
Commercial Business Classifications
276(1)
Military and Government Classifications
276(1)
Controls
277(7)
Control Selection Based on Criteria
278(3)
Handling Risk
278(3)
Organizationally Defined Parameters
281(1)
Access Control Types
282(2)
Procedures
284(4)
Continuous Monitoring
284(1)
Evidence Production
285(1)
Patching
285(1)
Compensating Control Development
286(1)
Control Testing Procedures
286(1)
Manage Exceptions
287(1)
Remediation Plans
287(1)
Verifications and Quality Control
288(13)
Audits
288(2)
Evaluations
290(1)
Assessments
290(1)
Maturity Model
291(1)
CMMI
291(1)
Certification
291(1)
NIACAP
292(1)
ISO/IEC 27001
292(2)
ISO/IEC 27002
294(1)
Exam Preparation Tasks
294(1)
Review All Key Topics
294(1)
Define Key Terms
295(1)
Review Questions
296(5)
Chapter 11 Remediating Security Issues Related to Identity and Access Management 301(42)
"Do I Know This Already?" Quiz
301(3)
Foundation Topics
304(1)
Security Issues Associated with Context-Based Authentication
304(1)
Time
304(1)
Location
304(1)
Frequency
305(1)
Behavioral
305(1)
Security Issues Associated with Identities
305(14)
Personnel
306(4)
Employment Candidate Screening
306(2)
Employment Agreement and Policies
308(1)
Periodic Review
308(1)
Proper Credential Management
308(1)
Creating Accountability
309(1)
Maintaining a Secure Provisioning Life Cycle
309(1)
Endpoints
310(2)
Social Engineering Threats
310(1)
Malicious Software
311(1)
Rogue Endpoints
311(1)
Rogue Access Points
312(1)
Servers
312(1)
Services
313(2)
Roles
315(1)
Applications
316(3)
JAM Software
316(1)
Applications as Identities
317(1)
OAuth
318(1)
OpenSSL
319(1)
Security Issues Associated with Identity Repositories
319(6)
Directory Services
319(4)
LDAP
319(1)
Active Directory (AD)
320(1)
SESAME
321(1)
DNS
322(1)
TACACS+ and RADIUS
323(2)
Security Issues Associated with Federation and Single Sign-on
325(9)
Identity Propagation
326(1)
Federations
327(1)
XACML
327(2)
SPML
329(1)
SAML
330(1)
OpenID
331(1)
Shibboleth
332(1)
Manual vs. Automatic Provisioning/Deprovisioning
333(1)
Self-Service Password Reset
334(1)
Exploits
334(2)
Impersonation
334(1)
Man-in-the-Middle
334(1)
Session Hijack
335(1)
Cross-Site Scripting
335(1)
Privilege Escalation
335(1)
Rootkit
335(1)
Exam Preparation Tasks
336(1)
Review All Key Topics
336(1)
Define Key Terms
337(1)
Review Questions
338(5)
Chapter 12 Security Architecture and Implementing Compensating Controls 343(42)
Do I Know This Already?" Quiz
343(3)
Foundation Topics
346(1)
Security Data Analytics
346(2)
Data Aggregation and Correlation
346(1)
Trend Analysis
346(1)
Historical Analysis
347(1)
Manual Review
348(5)
Firewall Log
348(2)
Syslogs
350(1)
Authentication Logs
351(1)
Event Logs
352(1)
Defense in Depth
353(26)
Personnel
354(2)
Training
354(1)
Dual Control
355(1)
Separation of Duties
355(1)
Split Knowledge
355(1)
Third Party/Consultants
355(1)
Cross-Training/Mandatory Vacations
356(1)
Succession Planning
356(1)
Processes
356(2)
Continual Improvement
356(1)
Scheduled Reviews/Retirement of Processes
357(1)
Technologies
358(15)
Automated Reporting
358(1)
Security Appliances
358(1)
Security Suites
359(1)
Outsourcing
360(2)
Cryptography
362(11)
Other Security Concepts
373(14)
Network Design
374(5)
Exam Preparation Tasks
379(1)
Review All Key Topics
379(1)
Define Key Terms
380(1)
Review Questions
380(5)
Chapter 13 Application Security Best Practices 385(18)
"Do I Know This Already?" Quiz
385(2)
Foundation Topics
387(1)
Best Practices During Software Development
387(9)
Plan/Initiate Project
387(1)
Gather Requirements (Security Requirements Definition)
388(1)
Design
388(1)
Develop
389(1)
Test/Validate
389(1)
Security Testing Phases
390(3)
Static Code Analysis
390(1)
Web App Vulnerability Scanning
391(1)
Fuzzing
391(1)
Use Interception Proxy to Crawl Application
392(1)
Manual Peer Reviews
393(1)
User Acceptance Testing
393(1)
Stress Test Application
393(1)
Security Regression Testing
394(1)
Input Validation
394(1)
Release/Maintain
395(1)
Certify/Accredit
395(1)
Change Management and Configuration Management/Replacement
395(1)
Secure Coding Best Practices
396(2)
OWASP
396(1)
SANS
396(1)
Center for Internet Security
397(8)
System Design Recommendations
397(1)
Benchmarks
398(1)
Exam Preparation Tasks
398(1)
Review All Key Topics
398(1)
Define Key Terms
399(1)
Review Questions
399(4)
Chapter 14 Using Cybersecurity Tools and Technologies 403(50)
"Do I Know This Already?" Quiz
403(2)
Foundation Topics
405(1)
Preventative Tools
405(16)
IPS
405(1)
IDS
405(3)
Sourcefire
405(1)
Snort
406(1)
Bro
407(1)
HIPS
408(1)
Firewall
408(7)
Firewall Architecture
410(5)
Cisco
415(1)
Palo Alto
415(1)
Check Point
415(1)
Antivirus
415(1)
Anti-malware
416(2)
Anti-spyware
416(1)
Cloud Antivirus Services
417(1)
EMET
418(1)
Web Proxy
418(3)
Web Application Firewall
418(2)
ModSecurity
420(1)
NAXSI
420(1)
Imperva
421(1)
Collective Tools
421(15)
SIEM
421(2)
ArcSight
421(1)
QRadar
422(1)
Splunk
422(1)
AlienVault/OSSIM
422(1)
Kiwi Syslog
423(1)
Network Scanning
423(1)
Nmap
423(1)
Vulnerability Scanning
423(5)
Qualys
425(1)
Nessus
425(1)
Open VAS
426(1)
Nexpose
426(1)
Nikto
427(1)
Microsoft Baseline Security Analyzer
427(1)
Packet Capture
428(2)
Wireshark
428(1)
tcpdump
429(1)
Network General
429(1)
Aircrack-ng
429(1)
Command Line/IP Utilities
430(6)
Netstat
430(1)
ping
431(1)
tracert/traceroute
432(1)
ipconfig/iftonfig
433(1)
nslookup/dig
434(1)
Sysinternals
435(1)
OpenSSL
436(1)
IDS/HIDS
436(1)
Analytical Tools
436(4)
Vulnerability Scanning
437(1)
Monitoring Tools
437(2)
MRTG
437(1)
Nagios
438(1)
Solar Winds
438(1)
Cacti
439(1)
NetFlow Analyzer
439(1)
Interception Proxy
439(1)
Burp Suite
440(1)
Zap
440(1)
Vega
440(1)
Exploit Tools
440(3)
Interception Proxy
440(1)
Exploit Framework
441(1)
Metasploit
441(1)
Nexpose
442(1)
Fuzzers
442(1)
Untidy/Peach Fuzzer
442(1)
Microsoft SDL File/Regex Fuzzer
442(1)
Forensics Tools
443(4)
Forensic Suites
443(2)
EnCase
444(1)
FTK
444(1)
Helix
444(1)
Sysinternals
444(1)
Cellebrite
445(1)
Hashing
445(1)
MD5sum
445(1)
SHAsum
445(1)
Password Cracking
445(2)
John the Ripper
445(1)
Cain & Abel
446(1)
Imaging
447(6)
DD
447(1)
Exam Preparation Tasks
447(1)
Review All Key Topics
447(1)
Define Key Terms
448(1)
Review Questions
448(5)
Chapter 15 Final Preparation 453(6)
Tools for Final Preparation
453(4)
Pearson Test Prep Practice Test Software and Questions on the Website
453(2)
Accessing the Pearson Test Prep Software Online
454(1)
Accessing the Pearson Test Prep Practice Test Software Offline
454(1)
Customizing Your Exams
455(1)
Updating Your Exams
456(1)
Premium Edition
456(1)
Chapter-Ending Review Tools
457(1)
Suggested Plan for Final Review/Study
457(1)
Summary
457(2)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 459(32)
Glossary 491(35)
Index 526
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 16 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones:

·         Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan)

·         Author of CISSP Cert Guide (Pearson)

·         Prep test question writer for CCNA Wireless 640-722 (Cisco Press)

·         Author of CASP Cert Guide(Pearson)







Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2.







He delivers CISSP training classes for CyberVista, authorized online training provider for (ISC)2.







Troy now creates certification practice tests and study guides for the Transcender and Self-Test brands. He lives in Pfafftown, North Carolina, with his wife, Heike