20 hours of deep-dive training covering every objective in the CompTIA Cybersecurity Analyst CySA+ (CS0-002) exam.

Overview:

The CompTIA Cybersecurity Analyst (CySA+) CS0-002 Complete Video Course is a full and complete resource to successfully study for the CompTIA CySA+ exam. With 20 hours of video training this course provides learners with topic-focused coverage on key exam topics, deep-dive demos and examples, and an exploration of relevant cybersecurity foundations and principles to help you gain an in-depth understanding of each objective in the CompTIA CySA+ certification, as well as a deeper understanding of cyber security.

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Complete Video Course contains 20 hours of training with content divided into 7 modules with 33 content targeted lessons. This title will surpass the traditional “test prep” training by providing an in-depth analysis of core concepts so that students understand all objectives in the CySA+ exam and will learn the fundamentals of preventing, detecting, and combatting cybersecurity threats. Taught by expert trainer, author, and cybersecurity expert Aamir Lakhani, this course uses trainer discussions, hands-on demos, and lightboard work to teach cyber security fundamentals in a way that is easy to access and implement in real world situations.

About the Instructor

Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions, and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement.

Topics include:

• CompTIA Cybersecurity Analyst (CySA+) CS0-002 Objectives
• Threat and Vulnerability Management
• Software and Systems Security
• Security Operations and Monitoring
• Incident Response
• Compliance and Assessment
• Malware and Incident Response

• Intermediate

• Prepare for every objective on the CompTIA Cybersecurity Analyst CySA+ exam
• Leverage intelligence and threat detection techniques
• Analyze and interpret data
• Identify and address vulnerabilities
• Suggest preventative measures
• Effectively respond to and recover from incidents
• Real-world cyber security configuration and detection skills
• How to perform data analysis and interpret results to identify vulnerabilities, threats, and risks

• Anyone preparing for the CompTIA Cybersecurity Analyst CySA+ examination
• Anyone interested in learning cyber security fundamentals

Although there is no required prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

About Pearson Video Training:

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video .

Table of Contents

Introduction

CompTIA Cybersecurity Analyst (CySA+) CS0-002: Introduction

Module 1: Threat and Vulnerability Management

Module introduction

Lesson 1: Importance of Threat Data and Intelligence

Learning objectives

1.1 What is Threat Intelligence

1.2 Threat Sources - Part 1

1.3 Threat Sources - Part 2

1.4 Threat Classifications

1.5 Cyber Threat Investigation - Part 1

1.6 Cyber Threat Investigation - Part 2

1.7 Social Media Graphs - Part 1

1.8 Social Media Graphs - Part 2

1.9 Log Challenges - Part 1

1.10 Log Challenges - Part 2

1.11 Advanced Threat Hunting - Part 1

1.12 Advanced Threat Hunting - Part 2

1.13 Endpoint Detection

Lesson 2: Utilizing Threat Intelligence to Support Organization Security

Learning objectives

2.1 Attack Frameworks - Part 1

2.2 Attack Frameworks - Part 2

2.3 Threat Research

2.4 Threat Modeling Methodologies and Threat Intelligence Sharing with Support Functions

2.5 Wireless Analysis Techniques

Lesson 3: Vulnerability Management Activities

Learning objectives

3.1 Vulnerability Identification - Part 1

3.2 Vulnerability Identification - Part 2

3.3 Validation

3.4 Remediation and Mitigation and Inhibitors

3.5 Scanning Parameters and Criteria

3.6 Vulnerability Scanning - Part 1

3.7 Vulnerability Scanning - Part 2

3.8 Enumeration

Lesson 4: Analyze Output from Common Vulnerability Assessment Tools

Learning objectives

4.1 Understanding Results

4.2 Web Application Scanners

4.3 Infrastructure Vulnerability Scanner

4.4 Software Assessment Tools and Techniques

4.5 Wireless Assessment

4.6 Cloud Infrastructure Assessment

Lesson 5: Threats and Vulnerabilities Associated with Specialized Technology

Learning objectives

5.1 Mobile

5.2 Internet of Things (IoT) and Embedded Devices - Part 1

5.3 Internet of Things (IoT) and Embedded Devices - Part 2

5.4 APTs

5.5 Embedded and Real-Time Operating Systems (RTOS)

5.6 SOC and FPGA

5.7 Physical Access Control

5.8 Building Automation Systems, Vehicles, and Drones

5.9 Industrial Control Systems (ICS) and Process Automation

5.10 Defending Critical Infrastructure

5.11 Supervisory Control and Data Acquisition (SCADA) - Part 1

5.12 Supervisory Control and Data Acquisition (SCADA) - Part 2

5.13 Verifications and Quality Controls

Lesson 6: Threats Associated with the Cloud

Learning objectives

6.1 Cloud Service, FaaS, and Deployment Models

6.2 IaC, Insecure Applications

6.3 Application Programming Interface

6.4 Improper Key Management

6.5 Logging and Monitoring

Lesson 7: Implement Controls to Mitigate Attacks

Learning objectives

7.1 Attack Types and XML Types

7.2 SQL Attacks

7.3 Overflow Attacks

7.4 Cross-Site Scripting

7.5 Remote Code Execution

7.6 Directory Traversal

7.7 Privilege Escalation

7.8 Password Spraying

7.9 Credential Stuffing

7.10 Impersonation

7.11 On-path and Man-in-the-Middle

7.12 Session Hijacking

Lesson 8: Implement Controls for Software Vulnerabilities

Learning objectives

8.1 Vulnerabilities Improper Error Handling

8.2 Dereferencing

8.3 Insecure Object Reference

8.4 Race Condition

8.5 Broker Authentication

8.6 Sensitive Data Exposure

8.7 Insecure Components

8.8 Insufficient Logging and Monitoring

8.9 Weak or Default Configurations

Module 2: Software and Systems Security

Module introduction

Lesson 9: Security Solutions for Infrastructure Management

Learning objectives

9.1 Cloud vs. On-premises - Part 1

9.2 Cloud vs. On-premises - Part 2

9.3 Asset Management

9.4 Segmentation

9.5 Network Architecture

9.6 Change Management

9.7 Containerization

9.8 Identity and Access Management

9.9 Cloud Access Security Broker (CASB)

9.10 Honeypots and Breach Detection

9.11 Encryption and Certificate Management

Lesson 10: Software Assurance Best Practices

Learning objectives

10.1 SDLC Platforms

10.2 DevSecOps

10.3 Software Assessment Methods

10.4 User Acceptance Training and Stress Test

10.5 Security Regression Training

10.6 Code Review

10.7 Secure Coding Best Practices

10.8 Input Validation

10.9 Output Encoding

10.10 Session Management

10.11 Authentication

10.12 Data Protection

10.13 Paramaterized Queries

Lesson 11: Hardware Assurance Best Practices

Learning objectives

11.1 Hardware Root of Trust

11.2 Trusted Platform Module (TPM) and Hardware Security Module (HSM)

11.3 Unified Extensible Firmware Interface (UEFI)

Module 3: Security Operations and Monitoring

Module introduction

Lesson 12: Analyzing Logs and Impact Analysis

Learning objectives

12.1 Event Logs

12.2 Syslogs

12.3 Firewall Logs

12.4 Web Application Firewall (WAF)

12.5 Proxy

12.6 Intrusion Detection and Prevention (IDS/IPS)

12.7 Impact Analysis

12.8 Organizations Impact vs. Localized Impact

12.9 Immediate vs. Total

Lesson 13: SIEMs and Query Writing

Learning objectives

13.1 Security Information and Event Management (SIEM) - Part 1

13.2 Security Information and Event Management (SIEM) - Part 2

13.3 Rule Writing

13.4 Known-bad Internet Protocol (IP)

Lesson 14: E-Mail Analysis

Learning objectives

14.1 Malicious Payload

14.2 Domain Keys Identified Mail (DKIM)

14.3 Domain-based Message

14.4 Embedded Links

14.5 Impersonation

14.6 Header

Lesson 15: Change Control

Learning objectives

15.1 Change Control

15.2 Allow List

15.3 Blocklist

15.4 Firewall

15.5 Intrusion Prevention System (IPS) Rules

15.6 Data Loss Prevention (DLP)

15.7 Endpoint Detection and Response (EDR)

15.8 Network Access Control (NAC)

15.9 Sinkholing

15.10 Malware Signature Rule Writing

15.11 Sandboxing

15.12 Port Security

Lesson 16: Proactive Threat Hunting

Learning objectives

16.1 Establishing a Hypothesis

16.2 Profiling Threat Actors and Activities

16.3 Reducing the Attack Surface Area

16.4 Bundling Critical Assets

16.5 Attack Vectors

16.6 Integrated Intelligence

16.7 Improving Detection Capabilities

Lesson 17: Automation

Learning objectives

17.1 Workflow Orchestration

17.2 Security Orchestration

17.3 Security Orchestration, Automation, and Response (SOAR)

17.4 Scripting

17.5 Application Programming Interface (API) Integration

17.6 Automated Malware Signature Creation

17.7 Data Encrichment

17.8 Threat Feed Combination

17.9 Machine Learning

17.10 Security Content Automation Protocol (SCAP)

17.11 Continuous Integration

17.12 Continuous Deployment and Delivery

Module 4: Incident Response

Module introduction

Lesson 18: Communications Process

Learning objectives

18.1 What is a Cyber Incident

18.2 Communication Plan

18.3 Trusted Parties

18.4 Regulatory and Legislative Requirements

18.5 Preventing Inadvertent Release of Information

Lesson 19: Response Coordination Process

Learning objectives

19.1 Legal

19.2 Human Resources

19.3 Public Relations

19.4 Senior Leadership

19.5 Regulatory Bodies

Lesson 20: Data Criticality Process

Learning objectives

20.1 Personal Identifiable Information (PII)

20.2 Personal Health Information (PHI)

20.3 Sensitive Personal Information (SPI) and High Value Assets

20.4 Intellectual Property

Lesson 21: Responding to an Incident

Learning objectives

21.1 Preparation

21.2 Training

21.3 Testing

21.4 Document Procedures

21.5 Detection and Analysis

21.6 Severity Level Classification

21.7 Downtime

21.8 Recovery Time

21.9 Reverse Engineering

21.10 Containment and Isolation

Module 5: Compliance and Assessment

Module introduction

Lesson 22: Data Privacy and Protection

Learning objectives

22.1 Privacy vs. Security

22.2 Non-technical Controls

22.3 Classification, Ownership, Retention, and Data Types

22.4 Confidentiality, Legal Requirements, and Data Sovereignty

22.5 Data Minimization, Purpose Limitation, and NDA

22.6 Technical Controls

22.7 Encryption

22.8 Data Loss Prevention (DLP)

22.9 Data Masking and Deidentification

22.10 Tokenization

22.11 Digital Rights Management (DRM) and Watermarking

22.12 Geographic Access Requirements

22.13 Access Controls

Lesson 23: Risk Mitigation

Learning objectives

23.1 Business Impact and Risk Calculation

23.2 Communication Risk Factors and Risk Prioritization

23.3 System Assessments

23.4 Compensating Controls and Training - Part 1

23.5 Compensating Controls and Training - Part 2

23.6 Supply Chain Assessment

Lesson 24: Importance of Policies, Procedures, and Controls

Learning objectives

24.1 Frameworks

24.2 AUP, Password Policies, Data Ownership, and Other Procedures

24.3 Control Types

24.4 Audits and Assessments

Module 6: Malware and Incident Response

Module introduction

Lesson 25: Threat Landscape

Learning objectives

25.1 Malware Threat Landscape

25.2 Malware Analysis

25.3 Malware Analysis Overview

Lesson 26: Malware Labs

Learning objectives

26.1 Why Set Up a Malware Lab

26.2 How to Correctly Set Up a Lab

Lesson 27: Dynamic Analysis

Learning objectives

27.1 Cuckoo Sandbox

27.2 Other Sandbox Systems

27.3 Networking and Internet Connections

27.4 Sandbox and Network

Lesson 28: Malware Packet Analysis

Learning objectives

28.1 Wireshark

28.2 Column Setup

Lesson 29: PE File Identification

Learning objectives

29.1 PE File Format

29.2 Image Header

29.3 Entry Points

Lesson 30: File Persistence

Learning objectives

30.1 Registry Persistence

30.2 Analyzing for Persistence

30.3 Other Techniques

Lesson 31: String Analysis

Learning objectives

31.1 What to Look for

Module 7: Certification Exam

Module introduction

Lesson 32: Preparing and Taking the CySA+

Learning objectives

32.1 Understanding the Test

32.2 Type of Test Questions

32.3 Increasing Your Chances for Passing the Test

32.4 Certification Review

Lesson 33: Next Steps

Learning objectives

33.1 What I Learned

Summary

CompTIA Cybersecurity Analyst (CySA+) CS0-002: Summary