CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring

Learn how to keep the security and overall health of your systems in check as you prepare for the CySA+ (CS0-002) exam.

Introduction

• Security operations and monitoring
• What you should know
• Study resources

1. Security Monitoring

• Monitoring Log Files
• Correlating security event information
• Continuous security monitoring
• Syslog
• Network traffic analysis

2. Monitoring System Components

• Endpoint monitoring
• Malware prevention
• File system integrity monitoring
• Network monitoring
• Protocol analyzers
• DNS harvesting
• Intrusion detection and prevention
• Web security tools
• Impact analysis
• Querying logs

3. Email Analysis

• Malicious email content
• Digital signatures
• DKIM, DMARC, and SPF
• Analyzing email headers

4. Network Security Techniques

• Restricting network access
• Network Access Control
• Firewall rule management
• Router configuration security
• Switch configuration security
• Data loss prevention

5. Endpoint Security

• Operating system security
• Application management
• Host-based network security
• File permissions
• Process analysis with SysInternals
• Executable analysis

6. Security Automation

• Workflow orchestration
• Automating threat intelligence
• Continuous integration and delivery

Conclusion

• What's next