CompTIA CySA+ Study Guide : Exam CS0-001.

By: Seidl, DavidContributor(s): Chapple, MikeMaterial type: TextTextSeries: eBooks on DemandPublisher: Indianapolis : John Wiley & Sons, Incorporated, 2017Copyright date: ©2017Description: 1 online resource (555 pages)Content type: text Media type: computer Carrier type: online resourceISBN: 9781119349914Subject(s): Operating systems (Computers)--Examinations--Study guidesGenre/Form: Electronic books.Additional physical formats: Print version:: CompTIA CySA+ Study Guide : Exam CS0-001DDC classification: 5.43 LOC classification: QA76.76.O63.C437 2017Online resources: Click here to view this ebook.
Contents:
Cover -- Title Page -- Copyright -- Acknowledgments -- About the Authors -- Contents at a Glance -- Contents -- Introduction -- Assessment Test -- Answer to the Assessment Test -- Chapter 1 Defending Against Cybersecurity Threats -- Cybersecurity Objectives -- Evaluating Security Risks -- Identify Threats -- Identify Vulnerabilities -- Determine Likelihood, Impact, and Risk -- Reviewing Controls -- Building a Secure Network -- Network Access Control -- Firewalls and Network Perimeter Security -- Network Segmentation -- Defense through Deception -- Secure Endpoint Management -- Hardening System Configurations -- Patch Management -- Group Policies -- Endpoint Security Software -- Penetration Testing -- Planning a Penetration Test -- Conducting Discovery -- Executing a Penetration Test -- Communicating Penetration Test Results -- Training and Exercises -- Reverse Engineering -- Isolation and Sandboxing -- Reverse Engineering Software -- Reverse Engineering Hardware -- Summary -- Exam Essentials -- Lab Exercises -- Activity 1.1: Create an Inbound Firewall Rule -- Activity 1.2: Create a Group Policy Object -- Activity 1.3: Write a Penetration Testing Plan -- Activity 1.4: Security Tools -- Review Questions -- Chapter 2 Reconnaissance and Intelligence Gathering -- Footprinting -- Active Reconnaissance -- Mapping Networks and Discovering Topology -- Port Scanning and Service Discovery Techniques and Tools -- Passive Footprinting -- Log and Configuration Analysis -- Harvesting Data from DNS and Whois -- Information Aggregation and Analysis Tools -- Information Gathering Using Packet Capture -- Gathering Organizational Intelligence -- Organizational Data -- Electronic Document Harvesting -- Detecting, Preventing, and Responding to Reconnaissance -- Capturing and Analyzing Data to Detect Reconnaissance -- Preventing Reconnaissance -- Summary.
Exam Essentials -- Lab Exercises -- Activity 2.1: Port Scanning -- Activity 2.2: Write an Intelligence Gathering Plan -- Activity 2.3: Intelligence Gathering Techniques -- Review Questions -- Chapter 3 Designing a Vulnerability Management Program -- Identifying Vulnerability Management Requirements -- Regulatory Environment -- Corporate Policy -- Identifying Scan Targets -- Determining Scan Frequency -- Configuring and Executing Vulnerability Scans -- Scoping Vulnerability Scans -- Configuring Vulnerability Scans -- Scanner Maintenance -- Developing a Remediation Workflow -- Reporting and Communication -- Prioritizing Remediation -- Testing and Implementing Fixes -- Overcoming Barriers to Vulnerability Scanning -- Summary -- Exam Essentials -- Lab Exercises -- Activity 3.1: Installing a Vulnerability Scanner -- Activity 3.2: Running a Vulnerability Scan -- Review Questions -- Chapter 4 Analyzing Vulnerability Scans -- Reviewing and Interpreting Scan Reports -- Understanding CVSS -- Validating Scan Results -- False Positives -- Documented Exceptions -- Understanding Informational Results -- Reconciling Scan Results with Other Data Sources -- Trend Analysis -- Common Vulnerabilities -- Server and Endpoint Vulnerabilities -- Network Vulnerabilities -- Virtualization Vulnerabilities -- Internet of Things (IoT) -- Web Application Vulnerabilities -- Summary -- Exam Essentials -- Lab Exercises -- Activity 4.1: Interpreting a Vulnerability Scan -- Activity 4.2: Analyzing a CVSS Vector -- Activity 4.3: Remediating a Vulnerability -- Review Questions -- Chapter 5 Building an Incident Response Program -- Security Incidents -- Phases of Incident Response -- Preparation -- Detection and Analysis -- Containment, Eradication, and Recovery -- Post-Incident Activity -- Building the Foundation for Incident Response -- Policy -- Procedures and Playbooks.
Documenting the Incident Response Plan -- Creating an Incident Response Team -- Incident Response Providers -- CSIRT Scope of Control -- Coordination and Information Sharing -- Internal Communications -- External Communications -- Classifying Incidents -- Threat Classification -- Severity Classification -- Summary -- Exam Essentials -- Lab Exercises -- Activity 5.1: Incident Severity Classification -- Activity 5.2: Incident Response Phases -- Activity 5.3: Developing an Incident Communications Plan -- Review Questions -- Chapter 6 Analyzing Symptoms for Incident Response -- Analyzing Network Events -- Capturing Network Events -- Network Monitoring Tools -- Detecting Common Network Issues -- Handling Network Probes and Attacks -- Detecting Scans and Probes -- Detecting Denial-of-Service and Distributed Denial-of-Service Attacks -- Detecting Other Network Attacks -- Detecting and Finding Rogue Devices -- Investigating Host Issues -- System Resources -- Malware and Unauthorized Software -- Unauthorized Access, Changes, and Privileges -- Investigating Service and Application Issues -- Application and Service Monitoring -- Application and Service Issue Response and Restoration -- Detecting Attacks on Applications -- Summary -- Exam Essentials -- Lab Exercises -- Activity 6.1: Identify a Network Scan -- Activity 6.2: Write a Service Issue Response Plan -- Activity 6.3: Security Tools -- Review Questions -- Chapter 7 Performing Forensic Analysis -- Building a Forensics Capability -- Building a Forensic Toolkit -- Training and Certification -- Understanding Forensic Software -- Capabilities and Application -- Conducting a Forensic Investigation -- The Forensic Process -- Target Locations -- Acquiring and Validating Drive Images -- Imaging Live Systems -- Acquiring Other Data -- Forensic Investigation: An Example -- Importing a Forensic Image.
Analyzing the Image -- Reporting -- Summary -- Exam Essentials -- Lab Exercises -- Activity 7.1: Create a Disk Image -- Activity 7.2: Conduct the NIST Rhino Hunt -- Activity 7.3: Security Tools -- Review Questions -- Chapter 8 Recovery and Post-Incident Response -- Containing the Damage -- Segmentation -- Isolation -- Removal -- Evidence Gathering and Handling -- Identifying Attackers -- Incident Eradication and Recovery -- Reconstruction and Reimaging -- Patching Systems and Applications -- Sanitization and Secure Disposal -- Validating the Recovery Effort -- Wrapping Up the Response -- Managing Change Control Processes -- Conducting a Lessons-Learned Session -- Developing a Final Report -- Summary -- Exam Essentials -- Lab Exercises -- Activity 8.1: Incident Containment Options -- Activity 8.2: Incident Response Activities -- Activity 8.3: Sanitization and Disposal Techniques -- Review Questions -- Chapter 9 Policy and Compliance -- Understanding Policy Documents -- Policies -- Standards -- Procedures -- Guidelines -- Exceptions and Compensating Controls -- Complying with Laws and Regulations -- Adopting a Standard Framework -- NIST Cybersecurity Framework -- ISO 27001 -- Control Objectives for Information and Related Technologies (COBIT) -- Sherwood Applied Business Security Architecture (SABSA) -- The Open Group Architecture Framework (TOGAF) -- Information Technology Infrastructure Library (ITIL) -- Implementing Policy-Based Controls -- Security Control Verification and Quality Control -- Summary -- Exam Essentials -- Lab Exercises -- Activity 9.1: Policy Documents -- Activity 9.2: Using a Cybersecurity Framework -- Activity 9.3: Compliance Auditing Tools -- Review Questions -- Chapter 10 Defense-in-Depth Security Architectures -- Understanding Defense in Depth -- Layered Security -- Control Types and Classification.
Implementing Defense in Depth -- Layered Security and Network Design -- Layered Host Security -- Logging, Monitoring, and Validation -- Cryptography -- Policy, Process, and Standards -- Outsourcing and Personnel Security -- Analyzing Security Architecture -- Analyzing Security Requirements -- Reviewing Architecture -- Common Issues -- Reviewing a Security Architecture -- Maintaining a Security Design -- Summary -- Exam Essentials -- Lab Exercises -- Activity 10.1: Review an Application Using the OWASP Application Security Architecture Cheat Sheet -- Activity 10.2: Review a NIST Security Architecture -- Activity 10.3: Security Architecture Terminology -- Review Questions -- Chapter 11 Identity and Access Management Security -- Understanding Identity -- Identity Systems and Security Design -- Threats to Identity and Access -- Understanding Security Issues with Identities -- Attacking AAA Systems and Protocols -- Targeting Account Creation, Provisioning, and Deprovisioning -- Preventing Common Exploits of Identity and Authorization -- Acquiring Credentials -- Identity as a Security Layer -- Identity and Defense-in-Depth -- Securing Authentication and Authorization -- Detecting Attacks and Security Operations -- Understanding Federated Identity and Single Sign-On -- Federated Identity Security Considerations -- Federated Identity Design Choices -- Federated Identity Technologies -- Federation Incident Response -- Summary -- Exam Essentials -- Lab Exercises -- Activity 11.1: Federated Security Scenario -- Activity 11.2: Onsite Identity Issues Scenario -- Activity 11.3: Identity and Access Management Terminology -- Review Questions -- Chapter 12 Software Development Security -- Understanding the Software Development Life Cycle -- Software Development Phases -- Software Development Models -- Designing and Coding for Security.
Common Software Development Security Issues.
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.76.O63.C437 2017 (Browse shelf) https://ebookcentral.proquest.com/lib/uttyler/detail.action?docID=4841456 Available EBC4841456

Cover -- Title Page -- Copyright -- Acknowledgments -- About the Authors -- Contents at a Glance -- Contents -- Introduction -- Assessment Test -- Answer to the Assessment Test -- Chapter 1 Defending Against Cybersecurity Threats -- Cybersecurity Objectives -- Evaluating Security Risks -- Identify Threats -- Identify Vulnerabilities -- Determine Likelihood, Impact, and Risk -- Reviewing Controls -- Building a Secure Network -- Network Access Control -- Firewalls and Network Perimeter Security -- Network Segmentation -- Defense through Deception -- Secure Endpoint Management -- Hardening System Configurations -- Patch Management -- Group Policies -- Endpoint Security Software -- Penetration Testing -- Planning a Penetration Test -- Conducting Discovery -- Executing a Penetration Test -- Communicating Penetration Test Results -- Training and Exercises -- Reverse Engineering -- Isolation and Sandboxing -- Reverse Engineering Software -- Reverse Engineering Hardware -- Summary -- Exam Essentials -- Lab Exercises -- Activity 1.1: Create an Inbound Firewall Rule -- Activity 1.2: Create a Group Policy Object -- Activity 1.3: Write a Penetration Testing Plan -- Activity 1.4: Security Tools -- Review Questions -- Chapter 2 Reconnaissance and Intelligence Gathering -- Footprinting -- Active Reconnaissance -- Mapping Networks and Discovering Topology -- Port Scanning and Service Discovery Techniques and Tools -- Passive Footprinting -- Log and Configuration Analysis -- Harvesting Data from DNS and Whois -- Information Aggregation and Analysis Tools -- Information Gathering Using Packet Capture -- Gathering Organizational Intelligence -- Organizational Data -- Electronic Document Harvesting -- Detecting, Preventing, and Responding to Reconnaissance -- Capturing and Analyzing Data to Detect Reconnaissance -- Preventing Reconnaissance -- Summary.

Exam Essentials -- Lab Exercises -- Activity 2.1: Port Scanning -- Activity 2.2: Write an Intelligence Gathering Plan -- Activity 2.3: Intelligence Gathering Techniques -- Review Questions -- Chapter 3 Designing a Vulnerability Management Program -- Identifying Vulnerability Management Requirements -- Regulatory Environment -- Corporate Policy -- Identifying Scan Targets -- Determining Scan Frequency -- Configuring and Executing Vulnerability Scans -- Scoping Vulnerability Scans -- Configuring Vulnerability Scans -- Scanner Maintenance -- Developing a Remediation Workflow -- Reporting and Communication -- Prioritizing Remediation -- Testing and Implementing Fixes -- Overcoming Barriers to Vulnerability Scanning -- Summary -- Exam Essentials -- Lab Exercises -- Activity 3.1: Installing a Vulnerability Scanner -- Activity 3.2: Running a Vulnerability Scan -- Review Questions -- Chapter 4 Analyzing Vulnerability Scans -- Reviewing and Interpreting Scan Reports -- Understanding CVSS -- Validating Scan Results -- False Positives -- Documented Exceptions -- Understanding Informational Results -- Reconciling Scan Results with Other Data Sources -- Trend Analysis -- Common Vulnerabilities -- Server and Endpoint Vulnerabilities -- Network Vulnerabilities -- Virtualization Vulnerabilities -- Internet of Things (IoT) -- Web Application Vulnerabilities -- Summary -- Exam Essentials -- Lab Exercises -- Activity 4.1: Interpreting a Vulnerability Scan -- Activity 4.2: Analyzing a CVSS Vector -- Activity 4.3: Remediating a Vulnerability -- Review Questions -- Chapter 5 Building an Incident Response Program -- Security Incidents -- Phases of Incident Response -- Preparation -- Detection and Analysis -- Containment, Eradication, and Recovery -- Post-Incident Activity -- Building the Foundation for Incident Response -- Policy -- Procedures and Playbooks.

Documenting the Incident Response Plan -- Creating an Incident Response Team -- Incident Response Providers -- CSIRT Scope of Control -- Coordination and Information Sharing -- Internal Communications -- External Communications -- Classifying Incidents -- Threat Classification -- Severity Classification -- Summary -- Exam Essentials -- Lab Exercises -- Activity 5.1: Incident Severity Classification -- Activity 5.2: Incident Response Phases -- Activity 5.3: Developing an Incident Communications Plan -- Review Questions -- Chapter 6 Analyzing Symptoms for Incident Response -- Analyzing Network Events -- Capturing Network Events -- Network Monitoring Tools -- Detecting Common Network Issues -- Handling Network Probes and Attacks -- Detecting Scans and Probes -- Detecting Denial-of-Service and Distributed Denial-of-Service Attacks -- Detecting Other Network Attacks -- Detecting and Finding Rogue Devices -- Investigating Host Issues -- System Resources -- Malware and Unauthorized Software -- Unauthorized Access, Changes, and Privileges -- Investigating Service and Application Issues -- Application and Service Monitoring -- Application and Service Issue Response and Restoration -- Detecting Attacks on Applications -- Summary -- Exam Essentials -- Lab Exercises -- Activity 6.1: Identify a Network Scan -- Activity 6.2: Write a Service Issue Response Plan -- Activity 6.3: Security Tools -- Review Questions -- Chapter 7 Performing Forensic Analysis -- Building a Forensics Capability -- Building a Forensic Toolkit -- Training and Certification -- Understanding Forensic Software -- Capabilities and Application -- Conducting a Forensic Investigation -- The Forensic Process -- Target Locations -- Acquiring and Validating Drive Images -- Imaging Live Systems -- Acquiring Other Data -- Forensic Investigation: An Example -- Importing a Forensic Image.

Analyzing the Image -- Reporting -- Summary -- Exam Essentials -- Lab Exercises -- Activity 7.1: Create a Disk Image -- Activity 7.2: Conduct the NIST Rhino Hunt -- Activity 7.3: Security Tools -- Review Questions -- Chapter 8 Recovery and Post-Incident Response -- Containing the Damage -- Segmentation -- Isolation -- Removal -- Evidence Gathering and Handling -- Identifying Attackers -- Incident Eradication and Recovery -- Reconstruction and Reimaging -- Patching Systems and Applications -- Sanitization and Secure Disposal -- Validating the Recovery Effort -- Wrapping Up the Response -- Managing Change Control Processes -- Conducting a Lessons-Learned Session -- Developing a Final Report -- Summary -- Exam Essentials -- Lab Exercises -- Activity 8.1: Incident Containment Options -- Activity 8.2: Incident Response Activities -- Activity 8.3: Sanitization and Disposal Techniques -- Review Questions -- Chapter 9 Policy and Compliance -- Understanding Policy Documents -- Policies -- Standards -- Procedures -- Guidelines -- Exceptions and Compensating Controls -- Complying with Laws and Regulations -- Adopting a Standard Framework -- NIST Cybersecurity Framework -- ISO 27001 -- Control Objectives for Information and Related Technologies (COBIT) -- Sherwood Applied Business Security Architecture (SABSA) -- The Open Group Architecture Framework (TOGAF) -- Information Technology Infrastructure Library (ITIL) -- Implementing Policy-Based Controls -- Security Control Verification and Quality Control -- Summary -- Exam Essentials -- Lab Exercises -- Activity 9.1: Policy Documents -- Activity 9.2: Using a Cybersecurity Framework -- Activity 9.3: Compliance Auditing Tools -- Review Questions -- Chapter 10 Defense-in-Depth Security Architectures -- Understanding Defense in Depth -- Layered Security -- Control Types and Classification.

Implementing Defense in Depth -- Layered Security and Network Design -- Layered Host Security -- Logging, Monitoring, and Validation -- Cryptography -- Policy, Process, and Standards -- Outsourcing and Personnel Security -- Analyzing Security Architecture -- Analyzing Security Requirements -- Reviewing Architecture -- Common Issues -- Reviewing a Security Architecture -- Maintaining a Security Design -- Summary -- Exam Essentials -- Lab Exercises -- Activity 10.1: Review an Application Using the OWASP Application Security Architecture Cheat Sheet -- Activity 10.2: Review a NIST Security Architecture -- Activity 10.3: Security Architecture Terminology -- Review Questions -- Chapter 11 Identity and Access Management Security -- Understanding Identity -- Identity Systems and Security Design -- Threats to Identity and Access -- Understanding Security Issues with Identities -- Attacking AAA Systems and Protocols -- Targeting Account Creation, Provisioning, and Deprovisioning -- Preventing Common Exploits of Identity and Authorization -- Acquiring Credentials -- Identity as a Security Layer -- Identity and Defense-in-Depth -- Securing Authentication and Authorization -- Detecting Attacks and Security Operations -- Understanding Federated Identity and Single Sign-On -- Federated Identity Security Considerations -- Federated Identity Design Choices -- Federated Identity Technologies -- Federation Incident Response -- Summary -- Exam Essentials -- Lab Exercises -- Activity 11.1: Federated Security Scenario -- Activity 11.2: Onsite Identity Issues Scenario -- Activity 11.3: Identity and Access Management Terminology -- Review Questions -- Chapter 12 Software Development Security -- Understanding the Software Development Life Cycle -- Software Development Phases -- Software Development Models -- Designing and Coding for Security.

Common Software Development Security Issues.

Description based on publisher supplied metadata and other sources.

Author notes provided by Syndetics

Mike Chapple, PhD, CySA+, CISSP, Security+, is Senior Director for IT Service Delivery at the University of Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security.

David Seidl, CISSP, GPEN, GCIH is the Senior Director for Campus Technology Services at Notre Dame. As Senior Director for CTS, he is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage.

There are no comments on this title.

to post a comment.