CompTIA CySA+ (CS0-002) Cert Prep: 3 Identity and Access Management

Learn the detailed information you need to prepare for the Security Operations domain of the Cybersecurity Analyst+ (CySA+) exam.

Introduction

• Security operations
• What you should know
• Study resources
• The goals of information security
• Role of the cybersecurity analyst

1. Operating System Security

• Operating system security
• Windows Registry
• Configuration files
• System processes
• Hardware architecture

2. Logging

• Logging security information
• Security information and event management
• Tuning and configuring SIEMs
• Continuous security monitoring

3. Infrastructure Concepts

• Virtualization
• Cloud infrastructure components
• Containers

4. Network Security

• Network architecture
• Security zones
• VLANs and network segmentation
• Zero trust networking
• Secure access service edge (SASE)
• Software-defined networking (SDN)

5. Identity and Access Management

• Identification, authentication, authorization, and accounting
• Usernames and access cards
• Biometrics
• Authentication factors
• Multifactor authentication
• Something you have
• Password authentication protocols
• Single sign-on and federation
• Passwordless authentication
• Privileged access management
• Cloud access security brokers

6. Encryption

• Understanding encryption
• Symmetric and asymmetric cryptography
• Goals of cryptography
• Trust models
• PKI and digital certificates
• TLS and SSL

7. Sensitive Data Protection

• Data classification
• Data loss prevention

8. Indicators of Malicious Activity

• Network symptoms
• Rogue access points and evil twins
• Endpoint symptoms
• Application symptoms
• Obfuscated links
• Social engineering

9. Tools and Techniques

• Protocol analyzers
• DNS and IP reputation
• Endpoint monitoring
• Malware prevention
• Executable analysis
• Cuckoo and Joe Sandbox
• User account monitoring

10. Email Analysis

• Malicious email content
• Digital signatures
• DKIM, DMARC, and SPF
• Analyzing email headers

11. Programming and Scripting

• Shell and script environments
• APIs
• Querying logs

12. Understanding the Cybersecurity Threat

• Threat actors
• Zero-days and the APT
• Supply chain vulnerabilities
• Threat classification

13. Threat Intelligence

• Threat intelligence
• Managing threat indicators
• Intelligence sharing
• Threat research
• Identifying threats
• Automating threat intelligence
• Threat hunting
• Deception technologies

14. Efficiency and Process Improvement

• Standardizing processes and streamlining operations
• Technology and tool integration

Conclusion

• Continuing your studies