CompTIA Cybersecurity Analyst (CySA+) Cert Guide
Pearson IT Certification
978-0-7897-5695-4 (ISBN)
Designed for all CompTIA Cybersecurity Analyst (CSA+) candidates, this guide covers every exam objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find:
Pre-chapter quizzes to assess knowledge upfront and focus your study more efficiently
Foundation topics sections that explain concepts and configurations, and link theory to practice
Key topics sections calling attention to every figure, table, and list you must know
Exam Preparation sections with additional chapter review features
Final preparation chapter providing tools and a complete final study plan
A customizable practice test library
This guide offers comprehensive, up-to-date coverage of all CSA+ topics related to:
Environmental reconnaissance, response, and countermeasures
Securing corporate environments
Managing information security vulnerabilities, including detailed coverage of common vulnerabilities
Analyzing threat data or behavior, performing computer forensics, and responding to incidents
Recovering and responding to incidents
Using security frameworks to guide common security policies
Implementing identity/access management and compensating controls
Optimizing security throughout the Software Development Life Cycle (SDLC)
Choosing and applying cybersecurity tools and technologies, and more
Troy McMillan is a product developer and technical editor for Kaplan IT as well as a full-time trainer. He became a professional trainer 16 years ago, teaching Cisco, Microsoft, CompTIA, and wireless classes. He has written or contributed to more than a dozen projects, including the following recent ones: · Contributing subject matter expert for CCNA Cisco Certified Network Associate Certification Exam Preparation Guide (Kaplan) · Author of CISSP Cert Guide (Pearson) · Prep test question writer for CCNA Wireless 640-722 (Cisco Press) · Author of CASP Cert Guide(Pearson) Troy has also appeared in the following training videos for OnCourse Learning: Security+; Network+; Microsoft 70-410, 411, and 412 exam prep; ICND1; and ICND2. He delivers CISSP training classes for CyberVista, authorized online training provider for (ISC)2. Troy now creates certification practice tests and study guides for the Transcender and Self-Test brands. He lives in Pfafftown, North Carolina, with his wife, Heike
Introduction xxvii
Chapter 1 Applying Environmental Reconnaissance Techniques 3
“Do I Know This Already?” Quiz 3
Foundation Topics 5
Procedures/Common Tasks 5
Topology Discovery 5
OS Fingerprinting 5
Service Discovery 6
Packet Capture 6
Log Review 6
Router/Firewall ACLs Review 6
E-mail Harvesting 7
Social Media Profiling 7
Social Engineering 8
DNS Harvesting 8
Phishing 11
Variables 11
Wireless vs. Wired 12
Virtual vs. Physical 13
Internal vs. External 14
On-premises vs. Cloud 15
Tools 16
Nmap 16
Host Scanning 19
Network Mapping 20
Netstat 21
Packet Analyzer 23
IDS/IPS 25
HIDS/NIDS 27
Firewall Rule-Based and Logs 27
Firewall Types 27
Firewall Architecture 29
Syslog 30
Vulnerability Scanner 30
Exam Preparation Tasks 31
Review All Key Topics 31
Define Key Terms 32
Review Questions 32
Chapter 2 Analyzing the Results of Network Reconnaissance 37
“Do I Know This Already?” Quiz 37
Foundation Topics 40
Point-in-Time Data Analysis 40
Packet Analysis 40
Protocol Analysis 40
Traffic Analysis 40
NetFlow Analysis 41
Wireless Analysis 43
CSMA/CA 43
Data Correlation and Analytics 45
Anomaly Analysis 45
Trend Analysis 46
Availability Analysis 46
Heuristic Analysis 46
Behavioral Analysis 47
Data Output 47
Firewall Logs 47
Packet Captures 49
Nmap Scan Results 52
Port Scans 52
Event Logs 53
Syslog 55
IDS Report 56
Tools 57
SIEM 57
Packet Analyzer 59
IDS 60
Resource Monitoring Tool 61
NetFlow Analyzer 61
Exam Preparation Tasks 62
Review All Key Topics 62
Define Key Terms 63
Review Questions 63
Chapter 3 Recommending and Implementing the Appropriate Response and Countermeasure 69
“Do I Know This Already?” Quiz 69
Foundation Topics 72
Network Segmentation 72
LAN 72
Intranet 72
Extranet 72
DMZ 73
VLANs 73
System Isolation 75
Jump Box 76
Honeypot 77
Endpoint Security 77
Group Policies 78
ACLs 80
Sinkhole 81
Hardening 82
Mandatory Access Control (MAC) 82
Compensating Controls 83
Control Categories 83
Access Control Types 84
Administrative (Management) Controls 85
Logical (Technical) Controls 85
Physical Controls 85
Blocking Unused Ports/Services 86
Patching 86
Network Access Control 86
Quarantine/Remediation 88
Agent-Based vs. Agentless NAC 88
802.1x 88
Exam Preparation Tasks 90
Review All Key Topics 90
Define Key Terms 91
Review Questions 91
Chapter 4 Practices Used to Secure a Corporate Environment 95
“Do I Know This Already?” Quiz 95
Foundation Topics 98
Penetration Testing 98
Rules of Engagement 100
Reverse Engineering 101
Isolation/Sandboxing 101
Hardware 103
Software/Malware 104
Training and Exercises 105
Risk Evaluation 106
Technical Impact and Likelihood 106
Technical Control Review 107
Operational Control Review 107
Exam Preparation Tasks 107
Review All Key Topics 108
Define Key Terms 108
Review Questions 108
Chapter 5 Implementing an Information Security Vulnerability Management Process 113
“Do I Know This Already?” Quiz 113
Foundation Topics 117
Identification of Requirements 117
Regulatory Environments 117
Corporate Policy 119
Data Classification 119
Asset Inventory 120
Establish Scanning Frequency 120
Risk Appetite 120
Regulatory Requirements 121
Technical Constraints 121
Workflow 121
Configure Tools to Perform Scans According to Specification 122
Determine Scanning Criteria 122
Sensitivity Levels 122
Vulnerability Feed 123
Scope 123
Credentialed vs. Non-credentialed 125
Types of Data 126
Server-Based vs. Agent-Based 126
Tool Updates/Plug-ins 128
SCAP 128
Permissions and Access 131
Execute Scanning 131
Generate Reports 132
Automated vs. Manual Distribution 132
Remediation 133
Prioritizing 133
Criticality 134
Difficulty of Implementation 134
Communication/Change Control 134
Sandboxing/Testing 134
Inhibitors to Remediation 134
MOUs 134
SLAs 135
Organizational Governance 135
Business Process Interruption 135
Degrading Functionality 135
Ongoing Scanning and Continuous Monitoring 135
Exam Preparation Tasks 136
Review All Key Topics 136
Define Key Terms 136
Review Questions 137
Chapter 6 Analyzing Scan Output and Identifying Common Vulnerabilities 141
“Do I Know This Already?” Quiz 141
Foundation Topics 143
Analyzing Output Resulting from a Vulnerability Scan 143
Analyze Reports from a Vulnerability Scan 143
Review and Interpret Scan Results 145
Validate Results and Correlate Other Data Points 147
Common Vulnerabilities Found in Targets Within an Organization 148
Servers 148
Web Servers 149
Database Servers 160
Endpoints 161
Network Infrastructure 162
Switches 163
MAC Overflow 164
ARP Poisoning 164
VLANs 165
Routers 168
Network Appliances 169
Virtual Infrastructure 169
Virtual Hosts 169
Virtual Networks 170
Management Interface 171
Mobile Devices 173
Interconnected Networks 174
Virtual Private Networks 175
Industrial Control Systems/SCADA Devices 179
Exam Preparation Tasks 180
Review All Key Topics 181
Define Key Terms 182
Review Questions 182
Chapter 7 Identifying Incident Impact and Assembling a Forensic Toolkit 187
“Do I Know This Already?” Quiz 187
Foundation Topics 189
Threat Classification 189
Known Threats vs. Unknown Threats 190
Zero Day 190
Advanced Persistent Threat 191
Factors Contributing to Incident Severity and Prioritization 191
Scope of Impact 191
Downtime and Recovery Time 191
Data Integrity 193
Economic 193
System Process Criticality 193
Types of Data 194
Personally Identifiable Information (PII) 194
Personal Health Information (PHI) 195
Payment Card Information 195
Intellectual Property 197
Corporate Confidential 199
Forensics Kit 201
Digital Forensics Workstation 202
Forensic Investigation Suite 206
Exam Preparation Tasks 208
Review All Key Topics 208
Define Key Terms 208
Review Questions 209
Chapter 8 The Incident Response Process 213
“Do I Know This Already?” Quiz 213
Foundation Topics 216
Stakeholders 216
HR 216
Legal 217
Marketing 217
Management 217
Purpose of Communication Processes 217
Limit Communication to Trusted Parties 218
Disclosure Based on Regulatory/Legislative Requirements 218
Prevent Inadvertent Release of Information 218
Secure Method of Communication 218
Role-Based Responsibilities 218
Technical 219
Management 219
Law Enforcement 219
Retain Incident Response Provider 220
Using Common Symptoms to Select the Best Course of Action to Support Incident Response 220
Common Network-Related Symptoms 220
Bandwidth Consumption 221
Beaconing 221
Irregular Peer-to-Peer Communication 222
Rogue Devices on the Network 223
Scan Sweeps 224
Unusual Traffic Spikes 225
Common Host-Related Symptoms 225
Processor Consumption 226
Memory Consumption 227
Drive Capacity Consumption 227
Unauthorized Software 228
Malicious Processes 229
Unauthorized Changes 229
Unauthorized Privileges 229
Data Exfiltration 229
Common Application-Related Symptoms 230
Anomalous Activity 230
Introduction of New Accounts 231
Unexpected Output 231
Unexpected Outbound Communication 231
Service Interruption 231
Memory Overflows 231
Exam Preparation Tasks 232
Review All Key Topics 232
Define Key Terms 232
Review Questions 233
Chapter 9 Incident Recovery and Post-Incident Response 237
“Do I Know This Already?” Quiz 237
Foundation Topics 240
Containment Techniques 240
Segmentation 240
Isolation 240
Removal 241
Reverse Engineering 241
Eradication Techniques 242
Sanitization 242
Reconstruction/Reimage 242
Secure Disposal 242
Validation 243
Patching 243
Permissions 244
Scanning 244
Verify Logging/Communication to Security Monitoring 244
Corrective Actions 245
Lessons Learned Report 245
Change Control Process 245
Update Incident Response Plan 245
Incident Summary Report 246
Exam Preparation Tasks 246
Review All Key Topics 246
Define Key Terms 247
Review Questions 247
Chapter 10 Frameworks, Policies, Controls, and Procedures 251
“Do I Know This Already?” Quiz 251
Foundation Topics 254
Regulatory Compliance 254
Frameworks 258
National Institute of Standards and Technology (NIST) 258
Framework for Improving Critical Infrastructure Cybersecurity 259 ISO 260
Control Objectives for Information and Related Technology (COBIT) 263
Sherwood Applied Business Security Architecture (SABSA) 265
The Open Group Architecture Framework (TOGAF) 265
Information Technology Infrastructure Library (ITIL) 267
Policies 268
Password Policy 268
Acceptable Use Policy (AUP) 271
Data Ownership Policy 272
Data Retention Policy 272
Account Management Policy 273
Data Classification Policy 274
Sensitivity and Criticality 275
Commercial Business Classifications 276
Military and Government Classifications 276
Controls 277
Control Selection Based on Criteria 278
Handling Risk 278
Organizationally Defined Parameters 281
Access Control Types 282
Procedures 284
Continuous Monitoring 284
Evidence Production 285
Patching 285
Compensating Control Development 286
Control Testing Procedures 286
Manage Exceptions 287
Remediation Plans 287
Verifications and Quality Control 288
Audits 288
Evaluations 290
Assessments 290
Maturity Model 291
CMMI 291
Certification 291
NIACAP 292
ISO/IEC 27001 292
ISO/IEC 27002 294
Exam Preparation Tasks 294
Review All Key Topics 294
Define Key Terms 295
Review Questions 296
Chapter 11 Remediating Security Issues Related to Identity and Access Management 301
“Do I Know This Already?” Quiz 301
Foundation Topics 304
Security Issues Associated with Context-Based Authentication 304
Time 304
Location 304
Frequency 305
Behavioral 305
Security Issues Associated with Identities 305
Personnel 306
Employment Candidate Screening 306
Employment Agreement and Policies 308
Periodic Review 308
Proper Credential Management 308
Creating Accountability 309
Maintaining a Secure Provisioning Life Cycle 309
Endpoints 310
Social Engineering Threats 310
Malicious Software 311
Rogue Endpoints 311
Rogue Access Points 312
Servers 312
Services 313
Roles 315
Applications 316
IAM Software 316
Applications as Identities 317
OAuth 318
OpenSSL 319
Security Issues Associated with Identity Repositories 319
Directory Services 319
LDAP 319
Active Directory (AD) 320
SESAME 321
DNS 322
TACACS+ and RADIUS 323
Security Issues Associated with Federation and Single Sign-on 325
Identity Propagation 326
Federations 327
XACML 327
SPML 329
SAML 330
OpenID 331
Shibboleth 332
Manual vs. Automatic Provisioning/Deprovisioning 333
Self-Service Password Reset 334
Exploits 334
Impersonation 334
Man-in-the-Middle 334
Session Hijack 335
Cross-Site Scripting 335
Privilege Escalation 335
Rootkit 335
Exam Preparation Tasks 336
Review All Key Topics 336
Define Key Terms 337
Review Questions 338
Chapter 12 Security Architecture and Implementing Compensating Controls 343
“Do I Know This Already?” Quiz 343
Foundation Topics 346
Security Data Analytics 346
Data Aggregation and Correlation 346
Trend Analysis 346
Historical Analysis 347
Manual Review 348
Firewall Log 348
Syslogs 350
Authentication Logs 351
Event Logs 352
Defense in Depth 353
Personnel 354
Training 354
Dual Control 355
Separation of Duties 355
Split Knowledge 355
Third Party/Consultants 355
Cross-Training/Mandatory Vacations 356
Succession Planning 356
Processes 356
Continual Improvement 356
Scheduled Reviews/Retirement of Processes 357
Technologies 358
Automated Reporting 358
Security Appliances 358
Security Suites 359
Outsourcing 360
Cryptography 362
Other Security Concepts 373
Network Design 374
Exam Preparation Tasks 379
Review All Key Topics 379
Define Key Terms 380
Review Questions 380
Chapter 13 Application Security Best Practices 385
“Do I Know This Already?” Quiz 385
Foundation Topics 387
Best Practices During Software Development 387
Plan/Initiate Project 387
Gather Requirements (Security Requirements Definition) 388
Design 388
Develop 389
Test/Validate 389
Security Testing Phases 390
Static Code Analysis 390
Web App Vulnerability Scanning 391
Fuzzing 391
Use Interception Proxy to Crawl Application 392
Manual Peer Reviews 393
User Acceptance Testing 393
Stress Test Application 393
Security Regression Testing 394
Input Validation 394
Release/Maintain 395
Certify/Accredit 395
Change Management and Configuration Management/Replacement 395
Secure Coding Best Practices 396
OWASP 396
SANS 396
Center for Internet Security 397
System Design Recommendations 397
Benchmarks 398
Exam Preparation Tasks 398
Review All Key Topics 398
Define Key Terms 399
Review Questions 399
Chapter 14 Using Cybersecurity Tools and Technologies 403
“Do I Know This Already?” Quiz 403
Foundation Topics 405
Preventative Tools 405
IPS 405
IDS 405
Sourcefire 405
Snort 406
Bro 407
HIPS 408
Firewall 408
Firewall Architecture 410
Cisco 415
Palo Alto 415
Check Point 415
Antivirus 415
Anti-malware 416
Anti-spyware 416
Cloud Antivirus Services 417
EMET 418
Web Proxy 418
Web Application Firewall 418
ModSecurity 420
NAXSI 420
Imperva 421
Collective Tools 421
SIEM 421
ArcSight 421
QRadar 422
Splunk 422
AlienVault/OSSIM 422
Kiwi Syslog 423
Network Scanning 423
Nmap 423
Vulnerability Scanning 423
Qualys 425
Nessus 425
OpenVAS 426
Nexpose 426
Nikto 427
Microsoft Baseline Security Analyzer 427
Packet Capture 428
Wireshark 428
tcpdump 429
Network General 429
Aircrack-ng 429
Command Line/IP Utilities 430
Netstat 430
ping 431
tracert/traceroute 432
ipconfig/ifconfig 433
nslookup/dig 434
Sysinternals 435
OpenSSL 436
IDS/HIDS 436
Analytical Tools 436
Vulnerability Scanning 437
Monitoring Tools 437
MRTG 437
Nagios 438
SolarWinds 438
Cacti 439
NetFlow Analyzer 439
Interception Proxy 439
Burp Suite 440
Zap 440
Vega 440
Exploit Tools 440
Interception Proxy 440
Exploit Framework 441
Metasploit 441
Nexpose 442
Fuzzers 442
Untidy/Peach Fuzzer 442
Microsoft SDL File/Regex Fuzzer 442
Forensics Tools 443
Forensic Suites 443
EnCase 444
FTK 444
Helix 444
Sysinternals 444
Cellebrite 445
Hashing 445
MD5sum 445
SHAsum 445
Password Cracking 445
John the Ripper 445
Cain & Abel 446
Imaging 447
DD 447
Exam Preparation Tasks 447
Review All Key Topics 447
Define Key Terms 448
Review Questions 448
Chapter 15 Final Preparation 453
Tools for Final Preparation 453
Pearson Test Prep Practice Test Software and Questions on the Website 453
Accessing the Pearson Test Prep Software Online 454
Accessing the Pearson Test Prep Practice Test Software Offline 454
Customizing Your Exams 455
Updating Your Exams 456
Premium Edition 456
Chapter-Ending Review Tools 457
Suggested Plan for Final Review/Study 457
Summary 457
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 459
Glossary 491
9780789756954 TOC 5/22/2017
Erscheint lt. Verlag | 9.5.2018 |
---|---|
Reihe/Serie | Certification Guide |
Verlagsort | Upper Saddle River |
Sprache | englisch |
Maße | 195 x 240 mm |
Gewicht | 1179 g |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Weitere Themen ► Zertifizierung | |
ISBN-10 | 0-7897-5695-1 / 0789756951 |
ISBN-13 | 978-0-7897-5695-4 / 9780789756954 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich