CompTIA Cybersecurity Analyst (CySA+) Cert Guide

About

Features

• Complete assessment, review, and practice for CompTIA's new Cybersecurity Analyst+ exam (CSO-001)
• Authoritative coverage of every CompTIA CSA+ exam topic, with all the context and practical examples students need to succeed
• Logical, well-organized, and practical coverage of environmental reconnaissance, response, countermeasures, vulnerability management, forensics, security frameworks, policies, identity and access management, SDLCs, cybersecurity tools, and more



Description

• Copyright 2017
• Dimensions: 7-3/8" x 9-1/8"
• Pages: 592
• Edition: 1st

• Book
• ISBN-10: 0-7897-5695-1
• ISBN-13: 978-0-7897-5695-4

One million cybersecurity jobs will open this year, and many will require strong knowledge and skills in cybersecurity analysis. CompTIA's new vendor-neutral Cybersecurity Analyst (CSA+) IT professional validates the knowledge and skills you'll need to qualify for these opportunities. CompTIA Cybersecurity Analyst+ Cert Guide is the comprehensive self-study resource for the brand-new CSA+ (CSO-001) exam.

Designed for all CompTIA Cybersecurity Analyst (CSA+) candidates, this guide covers every exam objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find:

• Pre-chapter quizzes to assess knowledge upfront and focus your study more efficiently
• Foundation topics sections that explain concepts and configurations, and link theory to practice
• Key topics sections calling attention to every figure, table, and list you must know
• Exam Preparation sections with additional chapter review features
• Final preparation chapter providing tools and a complete final study plan
• A customizable practice test library

This guide offers comprehensive, up-to-date coverage of all CSA+ topics related to:

• Environmental reconnaissance, response, and countermeasures
• Securing corporate environments
• Managing information security vulnerabilities, including detailed coverage of common vulnerabilities
• Analyzing threat data or behavior, performing computer forensics, and responding to incidents
• Recovering and responding to incidents
• Using security frameworks to guide common security policies
• Implementing identity/access management and compensating controls
• Optimizing security throughout the Software Development Life Cycle (SDLC)
• Choosing and applying cybersecurity tools and technologies, and more



Premium Edition

The exciting new CompTIA Cybersecurity Analyst (CSA+) Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

·         The Cybersecurity Analyst (CSA+) Premium Edition Practice Test, including four full practice exams and enhanced practice test features

·         PDF and EPUB formats of CompTIA Cybersecurity Analyst (CSA+) Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

·         Enables you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson Test Prep online system requirements:

Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1, Windows 7, or Vista (SP2); Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

About the Premium Edition eBook

Learn, prepare, and practice for CompTIA Cybersecurity Analyst (CSA+) exam success with this CompTIA Authorized Cert Guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner.

·         Master CompTIA Cybersecurity Analyst (CSA+) exam topics

·         Assess your knowledge with chapter-ending quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions

CompTIA Cybersecurity Analyst (CSA+) Cert Guide is a best-of-breed exam study guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner. Expert technology instructor and certification author Troy McMillan shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CompTIA Cybersecurity Analyst (CSA+) Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA authorized study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

·         The CompTIA approved study guide helps you master all the topics on the CSA+ exam, including

·         Applying environmental reconnaissance

·         Analyzing results of network reconnaissance

·         Implementing responses and countermeasures

·         Implementing vulnerability management processes

·         Analyzing scan output and identifying common vulnerabilities

·         Identifying incident impact and assembling a forensic toolkit

·         Utilizing effective incident response processes

·         Performing incident recovery and post-incident response

·         Establishing frameworks, policies, controls, and procedures

·         Remediating identity- and access-related security issues

·         Architecting security and implementing compensating controls

·         Implementing application security best practices

·         Using cybersecurity tools and technologies



Sample Content

Sample Pages

Download the sample pages (includes Chapter 4 and index)

Table of Contents

Introduction xxvii

Chapter 1 Applying Environmental Reconnaissance Techniques 3

“Do I Know This Already?” Quiz 3

Foundation Topics 5

Procedures/Common Tasks 5

    Topology Discovery 5

    OS Fingerprinting 5

    Service Discovery 6

    Packet Capture 6

    Log Review 6

    Router/Firewall ACLs Review 6

    E-mail Harvesting 7

    Social Media Profiling 7

    Social Engineering 8

    DNS Harvesting 8

    Phishing 11

Variables 11

    Wireless vs. Wired 12

    Virtual vs. Physical 13

    Internal vs. External 14

    On-premises vs. Cloud 15

Tools 16

    Nmap 16

    Host Scanning 19

    Network Mapping 20

    Netstat 21

    Packet Analyzer 23

    IDS/IPS 25

    HIDS/NIDS 27

    Firewall Rule-Based and Logs 27

        Firewall Types 27

        Firewall Architecture 29

    Syslog 30

    Vulnerability Scanner 30

Exam Preparation Tasks 31

Review All Key Topics 31

Define Key Terms 32

Review Questions 32

Chapter 2 Analyzing the Results of Network Reconnaissance 37

“Do I Know This Already?” Quiz 37

Foundation Topics 40

Point-in-Time Data Analysis 40

    Packet Analysis 40

    Protocol Analysis 40

    Traffic Analysis 40

    NetFlow Analysis 41

    Wireless Analysis 43

        CSMA/CA 43

Data Correlation and Analytics 45

    Anomaly Analysis 45

    Trend Analysis 46

    Availability Analysis 46

    Heuristic Analysis 46

    Behavioral Analysis 47

Data Output 47

    Firewall Logs 47

    Packet Captures 49

    Nmap Scan Results 52

        Port Scans 52

    Event Logs 53

    Syslog 55

    IDS Report 56

Tools 57

    SIEM 57

    Packet Analyzer 59

    IDS 60

    Resource Monitoring Tool 61

    NetFlow Analyzer 61

Exam Preparation Tasks 62

Review All Key Topics 62

Define Key Terms 63

Review Questions 63

Chapter 3 Recommending and Implementing the Appropriate Response and Countermeasure 69

“Do I Know This Already?” Quiz 69

Foundation Topics 72

Network Segmentation 72

    LAN 72

    Intranet 72

    Extranet 72

    DMZ 73

    VLANs 73

    System Isolation 75

    Jump Box 76

Honeypot 77

Endpoint Security 77

Group Policies 78

ACLs 80

    Sinkhole 81

Hardening 82

    Mandatory Access Control (MAC) 82

    Compensating Controls 83

        Control Categories 83

        Access Control Types 84

        Administrative (Management) Controls 85

        Logical (Technical) Controls 85

        Physical Controls 85

    Blocking Unused Ports/Services 86

    Patching 86

Network Access Control 86

    Quarantine/Remediation 88

    Agent-Based vs. Agentless NAC 88

    802.1x 88

Exam Preparation Tasks 90

Review All Key Topics 90

Define Key Terms 91

Review Questions 91

Chapter 4 Practices Used to Secure a Corporate Environment 95

“Do I Know This Already?” Quiz 95

Foundation Topics 98

Penetration Testing 98

    Rules of Engagement 100

Reverse Engineering 101

    Isolation/Sandboxing 101

    Hardware 103

    Software/Malware 104

Training and Exercises 105

Risk Evaluation 106

    Technical Impact and Likelihood 106

    Technical Control Review 107

    Operational Control Review 107

Exam Preparation Tasks 107

Review All Key Topics 108

Define Key Terms 108

Review Questions 108

Chapter 5 Implementing an Information Security Vulnerability Management Process 113

“Do I Know This Already?” Quiz 113

Foundation Topics 117

Identification of Requirements 117

    Regulatory Environments 117

    Corporate Policy 119

    Data Classification 119

    Asset Inventory 120

Establish Scanning Frequency 120

    Risk Appetite 120

    Regulatory Requirements 121

    Technical Constraints 121

    Workflow 121

Configure Tools to Perform Scans According to Specification 122

    Determine Scanning Criteria 122

        Sensitivity Levels 122

        Vulnerability Feed 123

        Scope 123

        Credentialed vs. Non-credentialed 125

        Types of Data 126

        Server-Based vs. Agent-Based 126

    Tool Updates/Plug-ins 128

        SCAP 128

    Permissions and Access 131

Execute Scanning 131

Generate Reports 132

    Automated vs. Manual Distribution 132

Remediation 133

    Prioritizing 133

        Criticality 134

        Difficulty of Implementation 134

    Communication/Change Control 134

    Sandboxing/Testing 134

    Inhibitors to Remediation 134

        MOUs 134

        SLAs 135

        Organizational Governance 135

        Business Process Interruption 135

        Degrading Functionality 135

Ongoing Scanning and Continuous Monitoring 135

Exam Preparation Tasks 136

Review All Key Topics 136

Define Key Terms 136

Review Questions 137

Chapter 6 Analyzing Scan Output and Identifying Common Vulnerabilities 141

“Do I Know This Already?” Quiz 141

Foundation Topics 143

Analyzing Output Resulting from a Vulnerability Scan 143

    Analyze Reports from a Vulnerability Scan 143

        Review and Interpret Scan Results 145

    Validate Results and Correlate Other Data Points 147

Common Vulnerabilities Found in Targets Within an Organization 148

    Servers 148

        Web Servers 149

        Database Servers 160

    Endpoints 161

    Network Infrastructure 162

        Switches 163

        MAC Overflow 164

        ARP Poisoning 164

        VLANs 165

        Routers 168

    Network Appliances 169

    Virtual Infrastructure 169

        Virtual Hosts 169

        Virtual Networks 170

        Management Interface 171

    Mobile Devices 173

    Interconnected Networks 174

    Virtual Private Networks 175

    Industrial Control Systems/SCADA Devices 179

Exam Preparation Tasks 180

Review All Key Topics 181

Define Key Terms 182

Review Questions 182

Chapter 7 Identifying Incident Impact and Assembling a Forensic Toolkit 187

“Do I Know This Already?” Quiz 187

Foundation Topics 189

Threat Classification 189

    Known Threats vs. Unknown Threats 190

    Zero Day 190

    Advanced Persistent Threat 191

Factors Contributing to Incident Severity and Prioritization 191

    Scope of Impact 191

        Downtime and Recovery Time 191

        Data Integrity 193

        Economic 193

        System Process Criticality 193

    Types of Data 194

        Personally Identifiable Information (PII) 194

        Personal Health Information (PHI) 195

        Payment Card Information 195

        Intellectual Property 197

        Corporate Confidential 199

Forensics Kit 201

    Digital Forensics Workstation 202

Forensic Investigation Suite 206

Exam Preparation Tasks 208

Review All Key Topics 208

Define Key Terms 208

Review Questions 209

Chapter 8 The Incident Response Process 213

“Do I Know This Already?” Quiz 213

Foundation Topics 216

Stakeholders 216

    HR 216

    Legal 217

    Marketing 217

    Management 217

Purpose of Communication Processes 217

    Limit Communication to Trusted Parties 218

    Disclosure Based on Regulatory/Legislative Requirements 218

    Prevent Inadvertent Release of Information 218

    Secure Method of Communication 218

Role-Based Responsibilities 218

    Technical 219

    Management 219

    Law Enforcement 219

    Retain Incident Response Provider 220

Using Common Symptoms to Select the Best Course of Action to Support Incident Response 220

    Common Network-Related Symptoms 220

        Bandwidth Consumption 221

        Beaconing 221

        Irregular Peer-to-Peer Communication 222

        Rogue Devices on the Network 223

        Scan Sweeps 224

        Unusual Traffic Spikes 225

    Common Host-Related Symptoms 225

        Processor Consumption 226

        Memory Consumption 227

        Drive Capacity Consumption 227

        Unauthorized Software 228

        Malicious Processes 229

        Unauthorized Changes 229

        Unauthorized Privileges 229

        Data Exfiltration 229

    Common Application-Related Symptoms 230

        Anomalous Activity 230

        Introduction of New Accounts 231

        Unexpected Output 231

        Unexpected Outbound Communication 231

        Service Interruption 231

        Memory Overflows 231

Exam Preparation Tasks 232

Review All Key Topics 232

Define Key Terms 232

Review Questions 233

Chapter 9 Incident Recovery and Post-Incident Response 237

“Do I Know This Already?” Quiz 237

Foundation Topics 240

Containment Techniques 240

    Segmentation 240

    Isolation 240

    Removal 241

    Reverse Engineering 241

Eradication Techniques 242

    Sanitization 242

    Reconstruction/Reimage 242

    Secure Disposal 242

Validation 243

    Patching 243

    Permissions 244

    Scanning 244

    Verify Logging/Communication to Security Monitoring 244

Corrective Actions 245

    Lessons Learned Report 245

    Change Control Process 245

    Update Incident Response Plan 245

Incident Summary Report 246

Exam Preparation Tasks 246

Review All Key Topics 246

Define Key Terms 247

Review Questions 247

Chapter 10 Frameworks, Policies, Controls, and Procedures 251

“Do I Know This Already?” Quiz 251

Foundation Topics 254

Regulatory Compliance 254

Frameworks 258

    National Institute of Standards and Technology (NIST) 258

    Framework for Improving Critical Infrastructure Cybersecurity 259 ISO 260

    Control Objectives for Information and Related Technology (COBIT) 263

    Sherwood Applied Business Security Architecture (SABSA) 265

    The Open Group Architecture Framework (TOGAF) 265

    Information Technology Infrastructure Library (ITIL) 267

Policies 268

    Password Policy 268

    Acceptable Use Policy (AUP) 271

    Data Ownership Policy 272

    Data Retention Policy 272

    Account Management Policy 273

    Data Classification Policy 274

        Sensitivity and Criticality 275

        Commercial Business Classifications 276

        Military and Government Classifications 276

Controls 277

    Control Selection Based on Criteria 278

        Handling Risk 278

    Organizationally Defined Parameters 281

    Access Control Types 282

Procedures 284

    Continuous Monitoring 284

    Evidence Production 285

    Patching 285

    Compensating Control Development 286

    Control Testing Procedures 286

    Manage Exceptions 287

    Remediation Plans 287

Verifications and Quality Control 288

    Audits 288

    Evaluations 290

    Assessments 290

    Maturity Model 291

        CMMI 291

    Certification 291

        NIACAP 292

        ISO/IEC 27001 292

        ISO/IEC 27002 294

Exam Preparation Tasks 294

Review All Key Topics 294

Define Key Terms 295

Review Questions 296

Chapter 11 Remediating Security Issues Related to Identity and Access Management 301

“Do I Know This Already?” Quiz 301

Foundation Topics 304

Security Issues Associated with Context-Based Authentication 304

    Time 304

    Location 304

    Frequency 305

    Behavioral 305

Security Issues Associated with Identities 305

    Personnel 306

        Employment Candidate Screening 306

        Employment Agreement and Policies 308

        Periodic Review 308

        Proper Credential Management 308

        Creating Accountability 309

        Maintaining a Secure Provisioning Life Cycle 309

    Endpoints 310

        Social Engineering Threats 310

        Malicious Software 311

        Rogue Endpoints 311

        Rogue Access Points 312

    Servers 312

    Services 313

    Roles 315

    Applications 316

        IAM Software 316

        Applications as Identities 317

        OAuth 318

        OpenSSL 319

Security Issues Associated with Identity Repositories 319

    Directory Services 319

        LDAP 319

        Active Directory (AD) 320

        SESAME 321

        DNS 322

    TACACS+ and RADIUS 323

Security Issues Associated with Federation and Single Sign-on 325

    Identity Propagation 326

    Federations 327

    XACML 327

    SPML 329

    SAML 330

    OpenID 331

    Shibboleth 332

    Manual vs. Automatic Provisioning/Deprovisioning 333

    Self-Service Password Reset 334

    Exploits 334

    Impersonation 334

    Man-in-the-Middle 334

    Session Hijack 335

    Cross-Site Scripting 335

    Privilege Escalation 335

    Rootkit 335

Exam Preparation Tasks 336

Review All Key Topics 336

Define Key Terms 337

Review Questions 338

Chapter 12 Security Architecture and Implementing Compensating Controls 343

“Do I Know This Already?” Quiz 343

Foundation Topics 346

Security Data Analytics 346

    Data Aggregation and Correlation 346

    Trend Analysis 346

    Historical Analysis 347

Manual Review 348

    Firewall Log 348

    Syslogs 350

    Authentication Logs 351

    Event Logs 352

Defense in Depth 353

    Personnel 354

        Training 354

        Dual Control 355

        Separation of Duties 355

        Split Knowledge 355

        Third Party/Consultants 355

        Cross-Training/Mandatory Vacations 356

        Succession Planning 356

    Processes 356

        Continual Improvement 356

        Scheduled Reviews/Retirement of Processes 357

    Technologies 358

        Automated Reporting 358

        Security Appliances 358

        Security Suites 359

        Outsourcing 360

        Cryptography 362

    Other Security Concepts 373

        Network Design 374

Exam Preparation Tasks 379

Review All Key Topics 379

Define Key Terms 380

Review Questions 380

Chapter 13 Application Security Best Practices 385

“Do I Know This Already?” Quiz 385

Foundation Topics 387

Best Practices During Software Development 387

    Plan/Initiate Project 387

    Gather Requirements (Security Requirements Definition) 388

    Design 388

    Develop 389

    Test/Validate 389

    Security Testing Phases 390

        Static Code Analysis 390

        Web App Vulnerability Scanning 391

        Fuzzing 391

        Use Interception Proxy to Crawl Application 392

    Manual Peer Reviews 393

    User Acceptance Testing 393

    Stress Test Application 393

    Security Regression Testing 394

    Input Validation 394

    Release/Maintain 395

    Certify/Accredit 395

    Change Management and Configuration Management/Replacement 395

Secure Coding Best Practices 396

    OWASP 396

    SANS 396

    Center for Internet Security 397

        System Design Recommendations 397

        Benchmarks 398

Exam Preparation Tasks 398

Review All Key Topics 398

Define Key Terms 399

Review Questions 399

Chapter 14 Using Cybersecurity Tools and Technologies 403

“Do I Know This Already?” Quiz 403

Foundation Topics 405

Preventative Tools 405

    IPS 405

    IDS 405

        Sourcefire 405

        Snort 406

        Bro 407

    HIPS 408

    Firewall 408

        Firewall Architecture 410

        Cisco 415

        Palo Alto 415

        Check Point 415

    Antivirus 415

    Anti-malware 416

        Anti-spyware 416

        Cloud Antivirus Services 417

    EMET 418

    Web Proxy 418

        Web Application Firewall 418

        ModSecurity 420

        NAXSI 420

        Imperva 421

Collective Tools 421

    SIEM 421

        ArcSight 421

        QRadar 422

        Splunk 422

        AlienVault/OSSIM 422

        Kiwi Syslog 423

    Network Scanning 423

    Nmap 423

    Vulnerability Scanning 423

        Qualys 425

        Nessus 425

        OpenVAS 426

        Nexpose 426

        Nikto 427

        Microsoft Baseline Security Analyzer 427

    Packet Capture 428

        Wireshark 428

        tcpdump 429

        Network General 429

        Aircrack-ng 429

    Command Line/IP Utilities 430

        Netstat 430

        ping 431

        tracert/traceroute 432

        ipconfig/ifconfig 433

        nslookup/dig 434

        Sysinternals 435

        OpenSSL 436

    IDS/HIDS 436

Analytical Tools 436

    Vulnerability Scanning 437

    Monitoring Tools 437

        MRTG 437

        Nagios 438

        SolarWinds 438

        Cacti 439

        NetFlow Analyzer 439

    Interception Proxy 439

        Burp Suite 440

        Zap 440

        Vega 440

Exploit Tools 440

    Interception Proxy 440

    Exploit Framework 441

        Metasploit 441

        Nexpose 442

    Fuzzers 442

        Untidy/Peach Fuzzer 442

        Microsoft SDL File/Regex Fuzzer 442

Forensics Tools 443

    Forensic Suites 443

        EnCase 444

        FTK 444

        Helix 444

        Sysinternals 444

        Cellebrite 445

    Hashing 445

        MD5sum 445

        SHAsum 445

    Password Cracking 445

        John the Ripper 445

        Cain & Abel 446

        Imaging 447

        DD 447

Exam Preparation Tasks 447

Review All Key Topics 447

Define Key Terms 448

Review Questions 448

Chapter 15 Final Preparation 453

Tools for Final Preparation 453

    Pearson Test Prep Practice Test Software and Questions on the Website 453

        Accessing the Pearson Test Prep Software Online 454

        Accessing the Pearson Test Prep Practice Test Software Offline 454

    Customizing Your Exams 455

    Updating Your Exams 456

        Premium Edition 456

    Chapter-Ending Review Tools 457

Suggested Plan for Final Review/Study 457

Summary 457

Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 459

Glossary 491

9780789756954    TOC    5/22/2017



Updates

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata

