CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Cert Prep

A comprehensive, all-in-one resource for those preparing for the CySA+ (CS0-003) certification exam

Introduction

• About the CySA+ exam
• What's new in CS0-003?

1. The CySA+ Exam

• Careers in information security
• Value of certification
• Stackable certifications

2. Inside the CySA+ Exam

• The CySA+ exam
• The CySA+ in-person exam environment
• At-home testing
• CySA+ question types
• Passing the CySA+ exam

3. Preparing for the CySA+ Exam

• Study resources
• Exam tips
• Continuing education requirements

4. Domain 1: Security Operations

• Security Operations

5. Operating System Security

• The goals of information security
• Role of the cybersecurity analyst
• Operating system security
• Windows Registry
• Configuration files
• System processes
• Hardware architecture

6. Logging

• Logging security information
• Security information and event management
• Tuning and configuring SIEMs
• Continuous security monitoring

7. Infrastructure Concepts

• Virtualization
• Cloud infrastructure components
• Containers

8. Network Security

• Network architecture
• Security zones
• VLANs and network segmentation
• Zero-trust networking
• Secure access service edge (SASE)
• Software-defined networking (SDN)

9. Identity and Access Management

• Identification, authentication, authorization, and accounting
• Usernames and access cards
• Biometrics
• Authentication factors
• Multifactor authentication
• Something you have
• Password authentication protocols
• Single sign-on and federation
• Passwordless authentication
• Privileged access management
• Cloud access security brokers

10. Encryption

• Understanding encryption
• Symmetric and asymmetric cryptography
• Goals of cryptography
• Trust models
• PKI and digital certificates
• TLS and SSL

11. Sensitive Data Protection

• Data classification
• Data loss prevention

12. Indicators of Malicious Activity

• Network symptoms
• Rogue access points and evil twins
• Endpoint symptoms
• Application symptoms
• Obfuscated links
• Social engineering

13. Tools and Techniques

• Protocol analyzers
• DNS and IP reputation
• Endpoint monitoring
• Malware prevention
• Executable analysis
• Cuckoo and Joe Sandbox
• User account monitoring

14. Email Analysis

• Malicious email content
• Digital signatures
• DKIM, DMARC, and SPF
• Analyzing email headers

15. Programming and Scripting

• Shell and script environments
• APIs
• Querying logs

16. Understanding the Cybersecurity Threat

• Threat actors
• Zero-days and the APT
• Supply chain vulnerabilities
• Threat classification

17. Threat Intelligence

• Threat intelligence
• Managing threat indicators
• Intelligence sharing
• Threat research
• Identifying threats
• Automating threat intelligence
• Threat hunting
• Deception technologies

18. Efficiency and Process Improvement

• Standardizing processes and streamlining operations
• Technology and tool integration

19. Domain 2: Vulnerability Management

• Vulnerability Management

20. Creating a Vulnerability Management Program

• What is vulnerability management?
• Identify scan targets
• Scan frequency

21. Network Mapping

• Network scanning
• Install Nmap on Windows
• Install Nmap on macOS
• Run and interpret a simple Nmap scan
• Host discovery with Nmap
• Operate system fingerprinting
• Service version detection

22. Configuring and Executing Vulnerability Scans

• Security baseline scanning
• Scan configuration
• Scan perspective
• Scanner maintenance
• Vulnerability scanning tools
• Passive vulnerability scanning

23. Analyzing Scan Results

• SCAP
• CVSS
• Interpret CVSS scores
• Analyze scan reports
• Correlate scan results

24. Common Vulnerabilities

• Server vulnerabilities
• Endpoint vulnerabilities
• Network vulnerabilities

25. Software Security Issues

• OWASP Top 10
• Prevent SQL injection
• Understand cross-site scripting
• Request forgery
• Privilege escalation
• Directory traversal
• File inclusion
• Overflow attacks
• Cookies and attachments
• Session hijacking
• Race conditions
• Memory vulnerabilities
• Code execution attacks
• Data poisoning
• Third-party code
• Interception proxies

26. Specialized Technology Vulnerabilities

• Industrial control systems
• Internet of Things
• Embedded systems

27. More Cybersecurity Tools

• Exploitation frameworks
• Cloud auditing tools
• Debuggers
• Open-source reconnaissance
• Control frameworks

28. Software Development Lifecycle

• Software platforms
• Development methodologies
• Maturity models
• Change management

29. Secure Coding Practices

• Input validation
• Parameterized queries
• Authentication and session management issues
• Output encoding
• Error and exception handling
• Code signing
• Database security
• Data de-identification
• Data obfuscation

30. Software Quality Assurance

• Software testing
• Code security tests
• Fuzzing
• Reverse engineering software
• Reverse engineering hardware

31. Threat Modeling

• Threat research
• Identify threats
• Understand attacks
• Threat modeling
• Attack surface management
• Bug bounty

32. Security Governance

• Align security with the business
• Organizational processes
• Security roles and responsibilities
• Security control selection

33. Risk Management

• Risk assessment
• Quantitative risk assessment
• Risk treatment options
• Risk management frameworks
• Risk visibility and reporting

34. Domain 3: Incident Response and Management

• Incident Response and Management

35. Incident Response Programs

• Build an incident response program
• Creating an incident response team
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities
• Incident response exercises

36. Attack Frameworks

• MITRE ATT&CK
• Diamond model of intrusion analysis
• Cyber kill chain analysis
• Testing guides

37. Incident Investigation

• Logging security information
• Security information and event management
• Cloud audits and investigations

38. Forensic Techniques

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• File carving
• Creating forensic images
• Digital forensics toolkit
• Operating system analysis
• Password forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Ediscovery and evidence production

39. Business Continuity

• Business continuity planning
• Business continuity controls
• High availability and fault tolerance

40. Disaster Recovery

• Disaster recovery
• Backups
• Restoring backups
• Disaster recovery sites
• Testing BC/DR plans
• After-action reports

41. Domain 4: Reporting and Communication

• Reporting and Communication

42. Vulnerability Reporting and Communication

• Vulnerability communication
• Report scan results
• Prioritize remediation
• Create a remediation workflow
• Barriers to vulnerability remediation
• Vulnerability metrics

43. Incident Reporting and Communication

• Incident communications plan
• Incident identification
• Escalation and notification
• Post-incident activities
• Incident response reports
• Incident metrics and KPIs

Conclusion

• Continuing your studies