MARCH'S BIG RELEASES TELL ME MORE

Close Notification

Your cart does not contain any items

CompTIA CySA+ Study Guide

Exam CS0-001

Mike Chapple David Seidl

$99.95

Paperback

Not in-store but you can order this
How long will it take?

QTY:

Sybex Inc.,U.S.
13 June 2017
NOTE: The name of the exam has changed from CSA+ to CySA+. However, the CS0-001 exam objectives are exactly the same. After the book was printed with CSA+ in the title, CompTIA changed the name to CySA+. We have corrected the title to CySA+ in subsequent book printings, but earlier printings that were sold may still show CSA+ in the title. Please rest assured that the book content is 100% the same.

Prepare yourself for the newest CompTIA certification The CompTIA Cybersecurity Analyst+ (CySA+) Study Guide provides 100% coverage of all exam objectives for the new CySA+ certification. The CySA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations systems. Focus your review for the CySA+ with Sybex and benefit from real-world examples drawn from experts, hands-on labs, insight on how to create your own cybersecurity toolkit, and end-of-chapter review questions help you gauge your understanding each step of the way. You also gain access to the Sybex interactive learning environment that includes electronic flashcards, a searchable glossary, and hundreds of bonus practice questions.

This study guide provides the guidance and knowledge you need to demonstrate your skill set in cybersecurity. Key exam topics include:

Threat management Vulnerability management Cyber incident response Security architecture and toolsets
By:   Mike Chapple, David Seidl
Imprint:   Sybex Inc.,U.S.
Country of Publication:   United States
Dimensions:   Height: 233mm,  Width: 188mm,  Spine: 28mm
Weight:   920g
ISBN:   9781119348979
ISBN 10:   1119348978
Pages:   560
Publication Date:   13 June 2017
Audience:   Professional and scholarly ,  Undergraduate
Format:   Paperback
Publisher's Status:   Active
Introduction xxvii Assessment Test xlv Chapter 1 Defending Against Cybersecurity Threats 1 Cybersecurity Objectives 2 Evaluating Security Risks 3 Identify Threats 5 Identify Vulnerabilities 7 Determine Likelihood, Impact, and Risk 7 Reviewing Controls 8 Building a Secure Network 8 Network Access Control 9 Firewalls and Network Perimeter Security 10 Network Segmentation 13 Defense through Deception 14 Secure Endpoint Management 15 Hardening System Configurations 15 Patch Management 15 Group Policies 16 Endpoint Security Software 17 Penetration Testing 17 Planning a Penetration Test 18 Conducting Discovery 18 Executing a Penetration Test 19 Communicating Penetration Test Results 20 Training and Exercises 20 Reverse Engineering 20 Isolation and Sandboxing 21 Reverse Engineering Software 21 Reverse Engineering Hardware 22 Summary 23 Exam Essentials 24 Lab Exercises 25 Activity 1.1: Create an Inbound Firewall Rule 25 Activity 1.2: Create a Group Policy Object 25 Activity 1.3: Write a Penetration Testing Plan 26 Activity 1.4: Security Tools 27 Review Questions 28 Chapter 2 Reconnaissance and Intelligence Gathering 33 Footprinting 34 Active Reconnaissance 35 Mapping Networks and Discovering Topology 35 Port Scanning and Service Discovery Techniques and Tools 37 Passive Footprinting 43 Log and Configuration Analysis 43 Harvesting Data from DNS and Whois 51 Information Aggregation and Analysis Tools 58 Information Gathering Using Packet Capture 58 Gathering Organizational Intelligence 59 Organizational Data 59 Electronic Document Harvesting 60 Detecting, Preventing, and Responding to Reconnaissance 63 Capturing and Analyzing Data to Detect Reconnaissance 63 Preventing Reconnaissance 65 Summary 66 Exam Essentials 67 Lab Exercises 68 Activity 2.1: Port Scanning 68 Activity 2.2: Write an Intelligence Gathering Plan 68 Activity 2.3: Intelligence Gathering Techniques 69 Review Questions 70 Chapter 3 Designing a Vulnerability Management Program 75 Identifying Vulnerability Management Requirements 76 Regulatory Environment 76 Corporate Policy 79 Identifying Scan Targets 80 Determining Scan Frequency 81 Configuring and Executing Vulnerability Scans 83 Scoping Vulnerability Scans 83 Configuring Vulnerability Scans 84 Scanner Maintenance 88 Developing a Remediation Workflow 90 Reporting and Communication 91 Prioritizing Remediation 94 Testing and Implementing Fixes 94 Overcoming Barriers to Vulnerability Scanning 95 Summary 96 Exam Essentials 97 Lab Exercises 98 Activity 3.1: Installing a Vulnerability Scanner 98 Activity 3.2: Running a Vulnerability Scan 98 Review Questions 99 Chapter 4 Analyzing Vulnerability Scans 103 Reviewing and Interpreting Scan Reports 104 Understanding CVSS 106 Validating Scan Results 111 False Positives 112 Documented Exceptions 112 Understanding Informational Results 112 Reconciling Scan Results with Other Data Sources 114 Trend Analysis 114 Common Vulnerabilities 115 Server and Endpoint Vulnerabilities 116 Network Vulnerabilities 123 Virtualization Vulnerabilities 129 Internet of Things (IoT) 130 Web Application Vulnerabilities 131 Summary 134 Exam Essentials 135 Lab Exercises 136 Activity 4.1: Interpreting a Vulnerability Scan 136 Activity 4.2: Analyzing a CVSS Vector 136 Activity 4.3: Remediating a Vulnerability 137 Review Questions 138 Chapter 5 Building an Incident Response Program 143 Security Incidents 144 Phases of Incident Response 145 Preparation 146 Detection and Analysis 146 Containment, Eradication, and Recovery 148 Post-Incident Activity 148 Building the Foundation for Incident Response 150 Policy 150 Procedures and Playbooks 151 Documenting the Incident Response Plan 151 Creating an Incident Response Team 152 Incident Response Providers 153 CSIRT Scope of Control 154 Coordination and Information Sharing 154 Internal Communications 155 External Communications 155 Classifying Incidents 155 Threat Classification 156 Severity Classification 157 Summary 160 Exam Essentials 161 Lab Exercises 162 Activity 5.1: Incident Severity Classification 162 Activity 5.2: Incident Response Phases 162 Activity 5.3: Developing an Incident Communications Plan 163 Review Questions 164 Chapter 6 Analyzing Symptoms for Incident Response 169 Analyzing Network Events 170 Capturing Network Events 170 Network Monitoring Tools 174 Detecting Common Network Issues 179 Handling Network Probes and Attacks 183 Detecting Scans and Probes 183 Detecting Denial-of-Service and Distributed Denial-of-Service Attacks 184 Detecting Other Network Attacks 186 Detecting and Finding Rogue Devices 187 Investigating Host Issues 188 System Resources 189 Malware and Unauthorized Software 192 Unauthorized Access, Changes, and Privileges 193 Investigating Service and Application Issues 194 Application and Service Monitoring 194 Application and Service Issue Response and Restoration 196 Detecting Attacks on Applications 197 Summary 198 Exam Essentials 198 Lab Exercises 199 Activity 6.1: Identify a Network Scan 199 Activity 6.2: Write a Service Issue Response Plan 200 Activity 6.3: Security Tools 201 Review Questions 202 Chapter 7 Performing Forensic Analysis 207 Building a Forensics Capability 208 Building a Forensic Toolkit 208 Training and Certification 212 Understanding Forensic Software 212 Capabilities and Application 212 Conducting a Forensic Investigation 216 The Forensic Process 216 Target Locations 218 Acquiring and Validating Drive Images 219 Imaging Live Systems 224 Acquiring Other Data 225 Forensic Investigation: An Example 229 Importing a Forensic Image 229 Analyzing the Image 231 Reporting 234 Summary 236 Exam Essentials 236 Lab Exercises 237 Activity 7.1: Create a Disk Image 237 Activity 7.2: Conduct the NIST Rhino Hunt 238 Activity 7.3: Security Tools 239 Review Questions 240 Chapter 8 Recovery and Post-Incident Response 245 Containing the Damage 246 Segmentation 248 Isolation 249 Removal 251 Evidence Gathering and Handling 252 Identifying Attackers 253 Incident Eradication and Recovery 253 Reconstruction and Reimaging 255 Patching Systems and Applications 255 Sanitization and Secure Disposal 256 Validating the Recovery Effort 258 Wrapping Up the Response 258 Managing Change Control Processes 258 Conducting a Lessons-Learned Session 259 Developing a Final Report 259 Summary 260 Exam Essentials 260 Lab Exercises 261 Activity 8.1: Incident Containment Options 261 Activity 8.2: Incident Response Activities 263 Activity 8.3: Sanitization and Disposal Techniques 263 Review Questions 265 Chapter 9 Policy and Compliance 269 Understanding Policy Documents 270 Policies 270 Standards 273 Procedures 274 Guidelines 275 Exceptions and Compensating Controls 276 Complying with Laws and Regulations 277 Adopting a Standard Framework 278 NIST Cybersecurity Framework 279 ISO 27001 282 Control Objectives for Information and Related Technologies (COBIT) 282 Sherwood Applied Business Security Architecture (SABSA) 283 The Open Group Architecture Framework (TOGAF) 283 Information Technology Infrastructure Library (ITIL) 285 Implementing Policy-Based Controls 285 Security Control Verification and Quality Control 286 Summary 287 Exam Essentials 287 Lab Exercises 288 Activity 9.1: Policy Documents 288 Activity 9.2: Using a Cybersecurity Framework 288 Activity 9.3: Compliance Auditing Tools 288 Review Questions 289 Chapter 10 Defense-in-Depth Security Architectures 293 Understanding Defense in Depth 294 Layered Security 294 Control Types and Classification 298 Implementing Defense in Depth 299 Layered Security and Network Design 299 Layered Host Security 305 Logging, Monitoring, and Validation 306 Cryptography 307 Policy, Process, and Standards 308 Outsourcing and Personnel Security 310 Analyzing Security Architecture 311 Analyzing Security Requirements 312 Reviewing Architecture 312 Common Issues 313 Reviewing a Security Architecture 317 Maintaining a Security Design 319 Summary 320 Exam Essentials 320 Lab Exercises 321 Activity 10.1: Review an Application Using the OWASP Application Security Architecture Cheat Sheet 321 Activity 10.2: Review a NIST Security Architecture 322 Activity 10.3: Security Architecture Terminology 323 Review Questions 324 Chapter 11 Identity and Access Management Security 329 Understanding Identity 330 Identity Systems and Security Design 332 Threats to Identity and Access 335 Understanding Security Issues with Identities 336 Attacking AAA Systems and Protocols 336 Targeting Account Creation, Provisioning, and Deprovisioning 341 Preventing Common Exploits of Identity and Authorization 343 Acquiring Credentials 343 Identity as a Security Layer 345 Identity and Defense-in-Depth 346 Securing Authentication and Authorization 346 Detecting Attacks and Security Operations 352 Understanding Federated Identity and Single Sign-On 353 Federated Identity Security Considerations 354 Federated Identity Design Choices 355 Federated Identity Technologies 357 Federation Incident Response 361 Summary 362 Exam Essentials 362 Lab Exercises 363 Activity 11.1: Federated Security Scenario 363 Activity 11.2: Onsite Identity Issues Scenario 364 Activity 11.3: Identity and Access Management Terminology 365 Review Questions 366 Chapter 12 Software Development Security 371 Understanding the Software Development Life Cycle 372 Software Development Phases 373 Software Development Models 375 Designing and Coding for Security 380 Common Software Development Security Issues 381 Secure Coding Best Practices 381 Application Testing 384 Information Security and the SDLC 384 Code Review Models 385 Formal Code Review 387 Software Security Testing 388 Analyzing and Testing Code 389 Web Application Vulnerability Scanning 391 Summary 394 Exam Essentials 394 Lab Exercises 395 Activity 12.1: Review an Application Using the Owasp Application Security Architecture Cheat Sheet 395 Activity 12.2: Learn about Web Application Exploits from WebGoat 396 Activity 12.3: SDLC Terminology 396 Review Questions 397 Chapter 13 Cybersecurity Toolkit 401 Host Security Tools 402 Antimalware and Antivirus 402 EMET 403 Sysinternals 404 Monitoring and Analysis Tools 405 Syslog 406 Security Information and Event Management (SIEM) 407 Network Monitoring 409 Scanning and Testing Tools 411 Network Scanning 412 Vulnerability Scanning 412 Exploit Frameworks 415 Password Cracking and Recovery 416 Network Security Tools 418 Firewalls 418 Network Intrusion Detection and Prevention 418 Host Intrusion Prevention 420 Packet Capture 421 Command-Line Network Tools 423 Web Proxies 426 OpenSSL 428 Web Application Security Tools 429 Web Application Firewalls 429 Interception Proxies 430 Fuzzers 431 Forensics Tools 433 Hashing 433 Imaging 434 Forensic Suites 435 Mobile Forensics 436 Summary 436 Appendix A Answers to the Review Questions 437 Chapter 1: Defending Against Cybersecurity Threats 438 Chapter 2: Reconnaissance and Intelligence Gathering 439 Chapter 3: Designing a Vulnerability Management Program 441 Chapter 4: Analyzing Vulnerability Scans 443 Chapter 5: Building an Incident Response Program 444 Chapter 6: Analyzing Symptoms for Incident Response 446 Chapter 7: Performing Forensic Analysis 448 Chapter 8: Recovery and Post-Incident Response 449 Chapter 9: Policy and Compliance 451 Chapter 10: Defense-in-Depth Security Architectures 453 Chapter 11: Identity and Access Management Security 456 Chapter 12: Software Development Security 458 Appendix B Answers to the Lab Exercises 461 Chapter 1: Defending Against Cybersecurity Threats 462 Chapter 2: Reconnaissance and Intelligence Gathering 462 Chapter 4: Analyzing Vulnerability Scans 463 Chapter 5: Building an Incident Response Program 464 Chapter 6: Analyzing Symptoms for Incident Response 465 Chapter 7: Performing Forensic Analysis 466 Chapter 8: Recovery and Post-Incident Response 467 Chapter 9: Policy and Compliance 470 Chapter 10: Defense-in-Depth Security Architectures 471 Chapter 11: Identity and Access Management Security 472 Chapter 12: Software Development Security 473 Index 475

Mike Chapple, PhD, CySA+, CISSP, Security+, is Senior Director for IT Service Delivery at the University of Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security. David Seidl, CISSP, GPEN, GCIH is the Senior Director for Campus Technology Services at Notre Dame. As Senior Director for CTS, he is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage.

See Also