CompTIA CySA+ (CS0-002)

(CS0-002.AB1)/ISBN:978-1-64459-230-4

This course includes
Lessons
TestPrep
LiveLab
Mentoring (Add-on)

Get certified for the CySA+ CS0-002 exam with the CompTIA Cybersecurity Analyst (CySA+) course and lab. The lab provides a hands-on learning experience in a safe, online environment. The CySA+ study guide covers the CS0-002 exam objectives and provides an understanding of the topics such as firewalls and anti-virus software. The CySA+ practice test will provide you an analytics-based approach within the IT security industry that is increasingly important for organizations.

Here's what you will get

The CompTIA CySA+ certification proves that the candidate has the ability required for identifying and combating malware and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. The CompTIA CySA+ CS0-002 exam enhances the intelligence and threat detection techniques required in the market along with analyzing and interpreting data and identifying and addressing vulnerabilities.

Lessons

22+ Lessons | 180+ Quizzes | 522+ Flashcards | 522+ Glossary of terms

TestPrep

84+ Pre Assessment Questions | 2+ Full Length Tests | 90+ Post Assessment Questions | 173+ Practice Test Questions

Hand on lab

37+ LiveLab | 37+ Video tutorials | 01:43+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • Strategies for Exam Preparation
  • How the Course Is Organized
  • What’s New?

Lessons 2: The Importance of Threat Data and Intelligence

  • Intelligence Sources
  • Indicator Management
  • Threat Classification
  • Threat Actors
  • Intelligence Cycle
  • Commodity Malware
  • Information Sharing and Analysis Communities
  • Review All Key Topics
  • Review Questions

Lessons 3: Utilizing Threat Intelligence to Support Organizational Security

  • Attack Frameworks
  • Threat Research
  • Threat Modeling Methodologies
  • Threat Intelligence Sharing with Supported Functions
  • Review All Key Topics
  • Review Questions

Lessons 4: Vulnerability Management Activities

  • Vulnerability Identification
  • Validation
  • Remediation/Mitigation
  • Scanning Parameters and Criteria
  • Inhibitors to Remediation
  • Review All Key Topics
  • Review Questions

Lessons 5: Analyzing Assessment Output

  • Web Application Scanner
  • Infrastructure Vulnerability Scanner
  • Software Assessment Tools and Techniques
  • Enumeration
  • Wireless Assessment Tools
  • Cloud Infrastructure Assessment Tools
  • Review All Key Topics
  • Review Questions

Lessons 6: Threats and Vulnerabilities Associated with Specialized Technology

  • Mobile
  • Internet of Things (IoT)
  • Embedded Systems
  • Real-Time Operating System (RTOS)
  • System-on-Chip (SoC)
  • Field Programmable Gate Array (FPGA)
  • Physical Access Control
  • Building Automation Systems
  • Vehicles and Drones
  • Workflow and Process Automation Systems
  • Incident Command System (ICS)
  • Supervisory Control and Data Acquisition (SCADA)
  • Review All Key Topics
  • Review Questions

Lessons 7: Threats and Vulnerabilities Associated with Operating in the Cloud

  • Cloud Deployment Models
  • Cloud Service Models
  • Function as a Service (FaaS)/Serverless Architecture
  • Infrastructure as Code (IaC)
  • Insecure Application Programming Interface (API)
  • Improper Key Management
  • Unprotected Storage
  • Logging and Monitoring
  • Review All Key Topics
  • Review Questions

Lessons 8: Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Attack Types
  • Vulnerabilities
  • Review All Key Topics
  • Review Questions

Lessons 9: Security Solutions for Infrastructure Management

  • Cloud vs. On-premises
  • Asset Management
  • Segmentation
  • Network Architecture
  • Change Management
  • Virtualization
  • Containerization
  • Identity and Access Management
  • Cloud Access Security Broker (CASB)
  • Honeypot
  • Monitoring and Logging
  • Encryption
  • Certificate Management
  • Active Defense
  • Review All Key Topics
  • Review Questions

Lessons 10: Software Assurance Best Practices

  • Platforms
  • Software Development Life Cycle (SDLC) Integration
  • DevSecOps
  • Software Assessment Methods
  • Secure Coding Best Practices
  • Static Analysis Tools
  • Dynamic Analysis Tools
  • Formal Methods for Verification of Critical Software
  • Service-Oriented Architecture
  • Review All Key Topics
  • Review Questions

Lessons 11: Hardware Assurance Best Practices

  • Hardware Root of Trust
  • eFuse
  • Unified Extensible Firmware Interface (UEFI)
  • Trusted Foundry
  • Secure Processing
  • Anti-Tamper
  • Self-Encrypting Drives
  • Trusted Firmware Updates
  • Measured Boot and Attestation
  • Bus Encryption
  • Review All Key Topics
  • Review Questions

Lessons 12: Analyzing Data as Part of Security Monitoring Activities

  • Heuristics
  • Trend Analysis
  • Endpoint
  • Network
  • Log Review
  • Impact Analysis
  • Security Information and Event Management (SIEM) Review
  • Query Writing
  • E-mail Analysis
  • Review All Key Topics
  • Review Questions

Lessons 13: Implementing Configuration Changes to Existing Controls to Improve Security

  • Permissions
  • Whitelisting and Blacklisting
  • Firewall
  • Intrusion Prevention System (IPS) Rules
  • Data Loss Prevention (DLP)
  • Endpoint Detection and Response (EDR)
  • Network Access Control (NAC)
  • Sinkholing
  • Malware Signatures
  • Sandboxing
  • Port Security
  • Review All Key Topics
  • Review Questions

Lessons 14: The Importance of Proactive Threat Hunting

  • Establishing a Hypothesis
  • Profiling Threat Actors and Activities
  • Threat Hunting Tactics
  • Reducing the Attack Surface Area
  • Bundling Critical Assets
  • Attack Vectors
  • Integrated Intelligence
  • Improving Detection Capabilities
  • Review All Key Topics
  • Review Questions

Lessons 15: Automation Concepts and Technologies

  • Workflow Orchestration
  • Scripting
  • Application Programming Interface (API) Integration
  • Automated Malware Signature Creation
  • Data Enrichment
  • Threat Feed Combination
  • Machine Learning
  • Use of Automation Protocols and Standards
  • Continuous Integration
  • Continuous Deployment/Delivery
  • Review All Key Topics
  • Review Questions

Lessons 16: The Incident Response Process

  • Communication Plan
  • Response Coordination with Relevant Entities
  • Factors Contributing to Data Criticality
  • Review All Key Topics
  • Review Questions

Lessons 17: Applying the Appropriate Incident Response Procedure

  • Preparation
  • Detection and Analysis
  • Containment
  • Eradication and Recovery
  • Post-Incident Activities
  • Review All Key Topics
  • Review Questions

Lessons 18: Analyzing Potential Indicators of Compromise

  • Network-Related Indicators of Compromise
  • Host-Related Indicators of Compromise
  • Application-Related Indicators of Compromise
  • Review All Key Topics
  • Review Questions

Lessons 19: Utilizing Basic Digital Forensics Techniques

  • Network
  • Endpoint
  • Mobile
  • Cloud
  • Virtualization
  • Legal Hold
  • Procedures
  • Hashing
  • Carving
  • Data Acquisition
  • Review All Key Topics
  • Review Questions

Lessons 20: The Importance of Data Privacy and Protection

  • Privacy vs. Security
  • Non-technical Controls
  • Technical Controls
  • Review All Key Topics
  • Review Questions

Lessons 21: Applying Security Concepts in Support of Organizational Risk Mitigation

  • Business Impact Analysis
  • Risk Identification Process
  • Risk Calculation
  • Communication of Risk Factors
  • Risk Prioritization
  • Systems Assessment
  • Documented Compensating Controls
  • Training and Exercises
  • Supply Chain Assessment
  • Review All Key Topics
  • Review Questions

Lessons 22: The Importance of Frameworks, Policies, Procedures, and Controls

  • Frameworks
  • Policies and Procedures
  • Category
  • Control Type
  • Audits and Assessments
  • Review All Key Topics
  • Review Questions

Hands-on LAB Activities

Vulnerability Management Activities

  • Conducting Vulnerability Scanning Using Nessus

Analyzing Assessment Output

  • Using Nikto
  • Using OWASP ZAP
  • Inspecting the Vulnerability in the Echo Server's Source Code
  • Performing Reconnaissance on a Network
  • Using the hping Program
  • Identifying Search Options in Metasploit

Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Scanning the Rootkit
  • Configuring DHCP Snooping
  • Performing a MITM Attack
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Detecting Rootkits
  • Using Ettercap for ARP Spoofing

Security Solutions for Infrastructure Management

  • Configuring Remote Access VPN
  • Configuring the SSL Port Setting
  • Attacking a Website Using XSS Injection
  • Setting up a Honeypot on Kali Linux
  • Using the MD5 Hash Algorithm
  • Encrypting and Decrypting a File Using AES Crypt

Analyzing Data as Part of Security Monitoring Activities

  • Performing a Memory-Based Attack
  • Using Apktool to Decode and Analyze the apk file
  • Simulating the DDoS Attack
  • Simulating a DoS Attack
  • Scanning the Website using URLVoid
  • Configuring Snort
  • Making Syslog Entries Readable
  • Examining Audited Events
  • Installing Splunk on the Server

Implementing Configuration Changes to Existing Controls to Improve Security

  • Using the iptables Command to Create a Personal Firewall in Linux

The Importance of Proactive Threat Hunting

  • Working with Task Manager

Applying the Appropriate Incident Response Procedure

  • Configuring a Perimeter Firewall

Analyzing Potential Indicators of Compromise

  • Performing the Initial Scan

Utilizing Basic Digital Forensics Techniques

  • Confirming the Spoofing Attack in Wireshark
  • Capturing a Packet Using Wireshark
  • Downloading and Installing Wireshark

The Importance of Frameworks, Policies, Procedures, and Controls

  • Reviewing and Modifying the Policy Items

Exam FAQs

There is no required prerequisite for CompTIA CS0-001 certification exam, but the candidate should hold CompTIA Network+, Security+ or equivalent knowledge. He or she should have a minimum of 3-4 years of hands-on information security or related experience.

USD 370

Pricing and taxes may vary from country to country.

Multiple-choice and performance-based

The exam contains 85 questions.

165 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the CySA+ examination, CompTIA's retake policies are:

  1. CompTIA does not require a waiting period between the first and second attempt to pass such examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least 14 calendar days from the date of your last attempt before you can retake the exam.
  2. If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  3. A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  4. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

CompTIA CySA+ certification expires after three years from the date of issue, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.