CompTIA CySA+ Certification
Security Training Architect I in Content
Welcome to the CompTIA Cybersecurity Analyst (CySA+) certification course!
Cybersecurity Analysts are the protectors of our networks. They perform many duties which include analysis of data to identify vulnerabilities, threats, and risks to an organization. Configuration and tuning of threat-detection tools, and ecuring applicaitons and systems within an orgnization.
As the skills of cyber attackers continues to grow, so should the skills of cybersecurity analysts. These attackers are finding new ways to bypass our tool sets and controls. Therefore, we must continue to adapt and advance our skills in order to combat the attackers and defent our networks.
If you're wanting to advance your cybersecurity defensive skills, the CompTIA CySA+ certificaiton is a great place to start your journey.
About the Author
In this video, you'll meet Bob Salmans, the security training architect for this course.
About the Course
In this video, we'll discuss the four main sections of the exam which include threat management, vulnerability management, incident response, and security architecture and tool sets. Are you ready to get started? I know I am!
About the Exam
In this video, we'll discuss some of the topics covered in the CySA certification exam and the exam requirements such as the number of questions, time limit, and passing score.
Connecting to a Linux Lab Server with VNC
In this video, I'll demonstrate how to connect to a Linux lab server using VNC.
Connecting to a Windows Lab Server with RDP
In this video, I'll demonstrate how to connect to a Windows lab server using RDP. NOTE: If you are using Windows 10 Home edition you are not able to use the Remote Desktop (RDP) application. However, there is a workaround to enable it which is found at the following link: https://www.thewindowsclub.com/how-to-use-windows-10-remote-desktop-in-windows-home-rdp
Attack Procedures and Tools
In this video, we'll discuss the procedures and tools attackers use to carry out attacks. By understanding how attackers think and operate, we can anticipate and prevent potential attacks on our infrastructure.
Evasion Techniques, Social Engineering, and Attack Variables
In this video, we'll discuss the techniques attackers use to avoid detection and the manipulation tactics attackers use to discover information they shouldn't have access to. We'll also talk about some of the variables that affect an attacker's ability to gather data. Understanding how attackers work can help us better protect our environments.
In this video, we'll learn about traffic analysis: the process of monitoring and analyzing network traffic data to identify anomalies. We'll talk about how to detect traffic patterns that could indicate beaconing from command-and-control (CNC) malware and how to recognize the signs of data exfiltration.
Network Data Analysis
In this video, we'll discuss several components of network data analysis, including packet and protocol analysis, traffic analysis, and wireless analysis. We'll take a look at some Wireshark packet captures to learn how to identify the signs of DNS tunneling and beaconing. We'll also go over how to use Netflow to analyze network traffic.
Network Data Correlation, Output, and Tools
In this video, we'll review several network data analysis methods and discuss network data outputs, such as firewall logs, packet captures, and Nmap scans. We'll also take a look at the tools we can use to analyze network data, such as SIEMs, packet analyzers, resource monitors, and Netflow.
Attack Responses and Countermeasures
Network Segmentation and Honeypots
In this video, we'll discuss network segmentation, how it's used, and why we would want to implement it. We'll also take a look at honeypots and how they can help us by acting as an early warning system.
Group Policies, ACLs, Hardening, and NAC
In this video, we'll discuss group policies and access control lists (ACLs) and how they can be used to keep our environments secure. We will also talk about system hardening and network access control (NAC) systems and what they can do for us.
Pentesting — Part 1
In this video, we'll start our discussion of penetration testing, or pentesting, as it's known in the InfoSec community. We'll go over several important pentesting topics, including rules of engagement, pentesting phases, different types of pentests, and common pentesting techniques.
Pentesting — Part 2
In this video, we'll continue our discussion of pentesting. We'll dive into some pentesting tools and briefly discuss Kali Linux. Then we'll take a look at several different password attacks that can be used during a pentest.
In this video, we'll discuss reverse engineering and what it's used for. We'll go over a few guidelines for reverse engineering as well as some common techniques, such as sandboxing. Finally, we'll talk about the importance of using crowdsourced data for identifying malware.
In this video, we'll review the risk equation and define some key terms related to risk. We will also discuss different ways to respond to risks. Finally, we'll take a look at an example scenario and identify the technical and business impacts of the situation.
The Vulnerability Management Process
Vulnerability Scan Requirements and Frequency
In this video, we will learn about vulnerability scans. We'll discuss vulnerability scan requirements and the frequency at which to run vulnerability scans.
Vulnerability Reports, Remediation, and Continuous Monitoring
In this video, we'll discuss vulnerability reports and how to use them. We'll talk about how to rank vulnerabilities according to the risk they pose to an organization. Lastly, we'll learn about continuous monitoring and how to implement it.
Vulnerability Scan Results
Analyzing and Validating Vulnerability Scan Results
In this video, we'll discuss the process of analyzing and validating the results of a vulnerability scan. We'll talk about false positives and the need to create exceptions. We'll also review how to prioritize the remediation of vulnerabilities.
Common Vulnerabilities on Targets
Common Server, Endpoint, and Network Vulnerabilities
In this video, we'll discuss common vulnerabilities found on servers, endpoints, and networks, such as weak passwords, default configurations, and unpatched software/firmware.
Common Virtual Infrastructure, Mobile Device, VPN, and ICS vulnerabilities
In this video, we'll take a look at many common vulnerabilities found in virtual infrastructures, mobile devices, VPNs, and ICSs. These vulnerabilities include using "golden images" to deploy virtual servers from, concerns with mobile devices, poor authentication mechanisms on VPN authentication, and the world if ICS (Industrial Control Systems).
Cyber Incident Response
Incident Response Process and Threat Classifications
In this video, we will review the process for incident response by going through each of the steps in the process and details around each of them. Then we'll look at different types of threat classifications.
Determining Impact Severity and Prioritization and Reviewing Data Classifications
In this video, we'll discuss determining the severity of a security incident and why it's necessary to prioritize. Then we'll review several different data classifications such as PCI, PII, and PHI.
The Incident Response Toolkit
In this video, we'll discuss several of the tools you'll need for your forensic toolkit. Some of these tools include a digital forensics workstation, write blockers, drive adapters, crime tape, and tamper-proof seals. We'll also review some of the documents you'll need during the investigation.
Forensic Investigation Suite
In this video, we'll discuss several utilities necessary for a forensic investigation. We'll look at tools used to perform imaging, analysis, and mobile device forensics.
Incident Response Communications
Communications Process, Stakeholders, and Responsibilities
In this video, we will be reviewing the purpose of having a communications process in place as well as the stakeholders and their responsibilities. We'll also identify several roles in the process and the parts they play in the process.
Network Related Symptoms
In this video, we will be reviewing common symptoms found at the network level associated with security incidents and how we respond to them. This includes identifying data exfiltrations, DNS tunneling, and beaconing. We'll also review creating access lists (ACL's) and how network address translation (NAT) plays into creating firewall rules.
Host Related Symptoms
In this video, we'll take a look at common symptoms found on hosts in relation to security incidents. We'll review how to identify malware on Windows hosts, including how to look for oddities in system processes and services as well as looking for scheduled tasks and changes to the registry.
Netcat and Application Related Symptoms
In this video, we'll review the netcat utility and how attackers use it, so you'll know what to look for. Then we'll take a look at application related symptoms to include odd activity, unexpected output, and service interruptions.
The Incident Response Process
Containment, Eradication, Validation, and Corrective Actions
In this video, we'll discuss how to contain and eradicate an infection. Then we'll review validation options and the necessity to validate a clean host. Lastly, we'll identify some corrective actions that may help prevent further incidents.
Setting Up Arpwatch to Identify New Devices on a Network
In this video, we'll take a look at what ARPwatch is and how to set it up. We'll be using the new Linux Academy Cloud Playground to host the servers and a Gmail account to relay our email alert messages.
Security Architecture and Tool Sets
Frameworks, Policies, Controls, and Procedures
Regulatory Compliance, Frameworks, Policies, and Procedures
In this video, we will review regulatory compliances and learn about different types of security frameworks. We'll also discover policies and procedures, what they are, and how they relate. Then we'll discuss security controls, what they are, different types, and how we use them.
Identity and Access Management (IAM)
Identities, Repositories, Federation, SSO, and Exploits
In this video, we'll cover identified and identity repositories, such as LDAP. Then we'll review the use of federations and single sign-on (SSO). We'll then wrap up with a review of common exploits and what we can do to prevent them.
Defense in Depth for Personnel, Processes, and Technologies
In this video, we're going to cover various types of compensating controls. We'll discuss compensation controls for dealing with personnel, processes, and technologies and how we use these controls to protect our organizations.
SDLC and Software Development Best Practice
In this video, we're going to dive into the world of software development and discuss best practices. You'll learn what the Software Development Life Cycle (SDLC) is and the phases in the process. Then we'll take a look at some additional resources for secure coding best practices.
Tools and Technologies
Preventative and Collective Tools
In this video, we'll review some preventative tools including IPS, HIPS, Web proxies, and Web Application Firewalls (WAF's). Then we'll move onto collective tools such as SIEM's NMAP, vulnerability scanners, and packet capture and analysis tools.
Analytical, Exploit, and Forensic tools
In this video, we'll take a look at some analytical tools used to monitor networks and devices. Then we'll discuss a few exploit frameworks and some fuzzing utilities. Finally, we'll wrap up with reviewing forensic tools used during incident response.
Taking the CySA+ Certification Exam
In this video, we'll take a look at how to sign up to take the CompTIA CySA+ certification exam. All CompTIA exams are given at and proctored by PearsonVue testing centers. You'll need to sign up for a PearsonVue account if you don't already have one. Then you'll schedule the exam, and you're ready to go!
Here at Linux Academy, we want to provide you with the recognition you deserve when passing your certifications. Let us know so we can celebrate with you! Plus, you'll get 100 gems !!!