CompTIA CySA+ Certification

Course

Intro Video

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

13:51:31

Difficulty

Intermediate

Videos

39

Hands-on Labs

12

Quizzes/Exams

1

Course Details

Welcome to the CompTIA Cybersecurity Analyst (CySA+) certification course!

Cybersecurity Analysts are the protectors of our networks. They perform many duties which include analysis of data to identify vulnerabilities, threats, and risks to an organization. Configuration and tuning of threat-detection tools, and ecuring applicaitons and systems within an orgnization.

As the skills of cyber attackers continues to grow, so should the skills of cybersecurity analysts. These attackers are finding new ways to bypass our tool sets and controls. Therefore, we must continue to adapt and advance our skills in order to combat the attackers and defent our networks.

If you're wanting to advance your cybersecurity defensive skills, the CompTIA CySA+ certificaiton is a great place to start your journey.

Syllabus

Introduction

Course Introduction

About the Author

00:01:10

Lesson Description:

In this video, you'll meet Bob Salmans, the security training architect for this course.

About the Course

00:02:35

Lesson Description:

In this video, we'll discuss the four main sections of the exam which include threat management, vulnerability management, incident response, and security architecture and tool sets. Are you ready to get started? I know I am!

About the Exam

00:02:14

Lesson Description:

In this video, we'll discuss some of the topics covered in the CySA certification exam and the exam requirements such as the number of questions, time limit, and passing score.

Connecting to a Linux Lab Server with VNC

00:00:51

Lesson Description:

In this video, I'll demonstrate how to connect to a Linux lab server using VNC.

Connecting to a Windows Lab Server with RDP

00:00:53

Lesson Description:

In this video, I'll demonstrate how to connect to a Windows lab server using RDP. NOTE: If you are using Windows 10 Home edition you are not able to use the Remote Desktop (RDP) application. However, there is a workaround to enable it which is found at the following link: https://www.thewindowsclub.com/how-to-use-windows-10-remote-desktop-in-windows-home-rdp

Threat Management

Environmental Reconnaissance

Attack Procedures and Tools

00:16:42

Lesson Description:

In this video, we'll discuss the procedures and tools attackers use to carry out attacks. By understanding how attackers think and operate, we can anticipate and prevent potential attacks on our infrastructure.

Evasion Techniques, Social Engineering, and Attack Variables

00:09:25

Lesson Description:

In this video, we'll discuss the techniques attackers use to avoid detection and the manipulation tactics attackers use to discover information they shouldn't have access to. We'll also talk about some of the variables that affect an attacker's ability to gather data. Understanding how attackers work can help us better protect our environments.

Traffic Analysis

00:03:35

Lesson Description:

In this video, we'll learn about traffic analysis: the process of monitoring and analyzing network traffic data to identify anomalies. We'll talk about how to detect traffic patterns that could indicate beaconing from command-and-control (CNC) malware and how to recognize the signs of data exfiltration.

Network Analysis

Network Data Analysis

00:07:31

Lesson Description:

In this video, we'll discuss several components of network data analysis, including packet and protocol analysis, traffic analysis, and wireless analysis. We'll take a look at some Wireshark packet captures to learn how to identify the signs of DNS tunneling and beaconing. We'll also go over how to use Netflow to analyze network traffic.

Network Data Correlation, Output, and Tools

00:12:57

Lesson Description:

In this video, we'll review several network data analysis methods and discuss network data outputs, such as firewall logs, packet captures, and Nmap scans. We'll also take a look at the tools we can use to analyze network data, such as SIEMs, packet analyzers, resource monitors, and Netflow.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Attack Responses and Countermeasures

Network Segmentation and Honeypots

00:08:39

Lesson Description:

In this video, we'll discuss network segmentation, how it's used, and why we would want to implement it. We'll also take a look at honeypots and how they can help us by acting as an early warning system.

Group Policies, ACLs, Hardening, and NAC

00:11:09

Lesson Description:

In this video, we'll discuss group policies and access control lists (ACLs) and how they can be used to keep our environments secure. We will also talk about system hardening and network access control (NAC) systems and what they can do for us.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Security Practices

Pentesting — Part 1

00:11:13

Lesson Description:

In this video, we'll start our discussion of penetration testing, or pentesting, as it's known in the InfoSec community. We'll go over several important pentesting topics, including rules of engagement, pentesting phases, different types of pentests, and common pentesting techniques.

Pentesting — Part 2

00:10:01

Lesson Description:

In this video, we'll continue our discussion of pentesting. We'll dive into some pentesting tools and briefly discuss Kali Linux. Then we'll take a look at several different password attacks that can be used during a pentest.

Reverse Engineering

00:06:51

Lesson Description:

In this video, we'll discuss reverse engineering and what it's used for. We'll go over a few guidelines for reverse engineering as well as some common techniques, such as sandboxing. Finally, we'll talk about the importance of using crowdsourced data for identifying malware.

Risk Evaluation

00:14:40

Lesson Description:

In this video, we'll review the risk equation and define some key terms related to risk. We will also discuss different ways to respond to risks. Finally, we'll take a look at an example scenario and identify the technical and business impacts of the situation.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Vulnerability Management

The Vulnerability Management Process

Vulnerability Scan Requirements and Frequency

00:14:29

Lesson Description:

In this video, we will learn about vulnerability scans. We'll discuss vulnerability scan requirements and the frequency at which to run vulnerability scans.

Vulnerability Reports, Remediation, and Continuous Monitoring

00:10:42

Lesson Description:

In this video, we'll discuss vulnerability reports and how to use them. We'll talk about how to rank vulnerabilities according to the risk they pose to an organization. Lastly, we'll learn about continuous monitoring and how to implement it.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Vulnerability Scan Results

Analyzing and Validating Vulnerability Scan Results

00:09:30

Lesson Description:

In this video, we'll discuss the process of analyzing and validating the results of a vulnerability scan. We'll talk about false positives and the need to create exceptions. We'll also review how to prioritize the remediation of vulnerabilities.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Common Vulnerabilities on Targets

Common Server, Endpoint, and Network Vulnerabilities

00:12:21

Lesson Description:

In this video, we'll discuss common vulnerabilities found on servers, endpoints, and networks, such as weak passwords, default configurations, and unpatched software/firmware.

Common Virtual Infrastructure, Mobile Device, VPN, and ICS vulnerabilities

00:09:32

Lesson Description:

In this video, we'll take a look at many common vulnerabilities found in virtual infrastructures, mobile devices, VPNs, and ICSs. These vulnerabilities include using "golden images" to deploy virtual servers from, concerns with mobile devices, poor authentication mechanisms on VPN authentication, and the world if ICS (Industrial Control Systems).

Cyber Incident Response

Determining Impact

Incident Response Process and Threat Classifications

00:08:29

Lesson Description:

In this video, we will review the process for incident response by going through each of the steps in the process and details around each of them. Then we'll look at different types of threat classifications.

Determining Impact Severity and Prioritization and Reviewing Data Classifications

00:08:24

Lesson Description:

In this video, we'll discuss determining the severity of a security incident and why it's necessary to prioritize. Then we'll review several different data classifications such as PCI, PII, and PHI.

The Incident Response Toolkit

Forensics Toolkit

00:08:10

Lesson Description:

In this video, we'll discuss several of the tools you'll need for your forensic toolkit. Some of these tools include a digital forensics workstation, write blockers, drive adapters, crime tape, and tamper-proof seals. We'll also review some of the documents you'll need during the investigation.

Forensic Investigation Suite

00:04:06

Lesson Description:

In this video, we'll discuss several utilities necessary for a forensic investigation. We'll look at tools used to perform imaging, analysis, and mobile device forensics.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Incident Response Communications

Communications Process, Stakeholders, and Responsibilities

00:07:54

Lesson Description:

In this video, we will be reviewing the purpose of having a communications process in place as well as the stakeholders and their responsibilities. We'll also identify several roles in the process and the parts they play in the process.

Common Symptoms

Network Related Symptoms

00:15:37

Lesson Description:

In this video, we will be reviewing common symptoms found at the network level associated with security incidents and how we respond to them. This includes identifying data exfiltrations, DNS tunneling, and beaconing. We'll also review creating access lists (ACL's) and how network address translation (NAT) plays into creating firewall rules.

Host Related Symptoms

00:11:48

Lesson Description:

In this video, we'll take a look at common symptoms found on hosts in relation to security incidents. We'll review how to identify malware on Windows hosts, including how to look for oddities in system processes and services as well as looking for scheduled tasks and changes to the registry.

Netcat and Application Related Symptoms

00:07:56

Lesson Description:

In this video, we'll review the netcat utility and how attackers use it, so you'll know what to look for. Then we'll take a look at application related symptoms to include odd activity, unexpected output, and service interruptions.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

The Incident Response Process

Containment, Eradication, Validation, and Corrective Actions

00:10:22

Lesson Description:

In this video, we'll discuss how to contain and eradicate an infection. Then we'll review validation options and the necessity to validate a clean host. Lastly, we'll identify some corrective actions that may help prevent further incidents.

Setting Up Arpwatch to Identify New Devices on a Network

00:20:57

Lesson Description:

In this video, we'll take a look at what ARPwatch is and how to set it up. We'll be using the new Linux Academy Cloud Playground to host the servers and a Gmail account to relay our email alert messages.

Security Architecture and Tool Sets

Frameworks, Policies, Controls, and Procedures

Regulatory Compliance, Frameworks, Policies, and Procedures

00:17:55

Lesson Description:

In this video, we will review regulatory compliances and learn about different types of security frameworks. We'll also discover policies and procedures, what they are, and how they relate. Then we'll discuss security controls, what they are, different types, and how we use them.

Identity and Access Management (IAM)

Identities, Repositories, Federation, SSO, and Exploits

00:11:02

Lesson Description:

In this video, we'll cover identified and identity repositories, such as LDAP. Then we'll review the use of federations and single sign-on (SSO). We'll then wrap up with a review of common exploits and what we can do to prevent them.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Compensating Controls

Defense in Depth for Personnel, Processes, and Technologies

00:12:28

Lesson Description:

In this video, we're going to cover various types of compensating controls. We'll discuss compensation controls for dealing with personnel, processes, and technologies and how we use these controls to protect our organizations.

Application Security

SDLC and Software Development Best Practice

00:09:11

Lesson Description:

In this video, we're going to dive into the world of software development and discuss best practices. You'll learn what the Software Development Life Cycle (SDLC) is and the phases in the process. Then we'll take a look at some additional resources for secure coding best practices.

Tools and Technologies

Preventative and Collective Tools

00:09:28

Lesson Description:

In this video, we'll review some preventative tools including IPS, HIPS, Web proxies, and Web Application Firewalls (WAF's). Then we'll move onto collective tools such as SIEM's NMAP, vulnerability scanners, and packet capture and analysis tools.

Analytical, Exploit, and Forensic tools

00:07:29

Lesson Description:

In this video, we'll take a look at some analytical tools used to monitor networks and devices. Then we'll discuss a few exploit frameworks and some fuzzing utilities. Finally, we'll wrap up with reviewing forensic tools used during incident response.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Conclusion

Next Steps

Taking the CySA+ Certification Exam

00:02:10

Lesson Description:

In this video, we'll take a look at how to sign up to take the CompTIA CySA+ certification exam. All CompTIA exams are given at and proctored by PearsonVue testing centers. You'll need to sign up for a PearsonVue account if you don't already have one. Then you'll schedule the exam, and you're ready to go!

Get Recognized

00:00:46

Lesson Description:

Here at Linux Academy, we want to provide you with the recognition you deserve when passing your certifications. Let us know so we can celebrate with you! Plus, you'll get 100 gems !!!

CySA+

02:00:00