Description

• Cybersecurity Roles and Responsibilities
• Frameworks and Security Controls
• Risk Evaluation
• Penetration Testing Processes

• The Kill Chain
• Open Source Intelligence
• Social Engineering
• Topology Discovery
• Service Discovery
• OS Fingerprinting

• Configuring Firewalls
• Intrusion Detection and Prevention
• Configuring IDS
• Malware Threats
• Configuring Anti-virus Software
• Sysinternals
• Enhanced Mitigation Experience Toolkit

• Packet Capture
• Packet Capture Tools
• Monitoring Tools
• Log Review and SIEM
• SIEM Data Outputs
• SIEM Data Analysis
• Point-in-Time Data Analysis

• Vulnerability Management Requirements • Asset Inventory
• Data Classification
• Vulnerability Management Processes
• Vulnerability Scanners
• Microsoft Baseline Security Analyzer
• Vulnerability Feeds and SCAP
• Configuring Vulnerability Scans
• Vulnerability Scanning Criteria
• Exploit Frameworks

• Analyzing Vulnerability Scans
• Remediation and Change Control
• Remediating Host Vulnerabilities
• Remediating Network Vulnerabilities
• Remediating Virtual Infrastructure Vulnerabilities Secure

• Software Development Lifecycle
• Software Vulnerabilities
• Software Security Testing
• Interception Proxies
• Web Application Firewalls
• Source Authenticity
• Reverse Engineering

• Incident Response Processes
• Threat Classification
• Incident Severity and Prioritization
• Types of Data

• Digital Forensics Investigations
• Documentation and Forms
• Digital Forensics Crime Scene
• Digital Forensics Kits
• Image Acquisition
• Password Cracking
• Analysis Utilities

• Analysis and Recovery Frameworks
• Analyzing Network Symptoms
• Analyzing Host Symptoms
• Analyzing Data Exfiltration
• Analyzing Application Symptoms
• Using Sysinternals
• Containment Techniques
• Eradication Techniques
• Validation Techniques
• Corrective Actions

• Network Segmentation
• Blackholes, Sinkholes, and Honeypots
• System Hardening
• Group Policies and MAC
• Endpoint Security

• Network Access Control
• Identity Management
• Identity Security Issues
• Identity Repositories
• Context-based Authentication
• Single Sign On and Federations
• Exploiting Identities
• Exploiting Web Browsers and Applications

• Frameworks and Compliance
• Reviewing Security Architecture
• Procedures and Compensating Controls
• Verifications and Quality Control
• Security Policies and Procedures
• Personnel Policies and Training

Learning Outcomes

• Apply environmental reconnaissance techniques using appropriate tools and processes.
• Analyze the results of a network reconnaissance.
• Given a network-based threat, implement or recommend the appropriate response and countermeasure.
• Explain the purpose of practices used to secure a corporate environment.
• Implement an information security vulnerability management process.
• Analyze the output resulting from a vulnerability scan.
• Compare and contrast common vulnerabilities found in the various targets within an organization.
• Distinguish threat data or behavior to determine the impact of an incident.
• Prepare a toolkit and use appropriate forensics tools during an investigation.
• Explain the importance of communication during the incident response process.
• Analyze common symptoms to select the best course of action to support incident response.
• Summarize the incident recovery and post-incident response process.
• Explain the relationship between frameworks, common policies, controls, and procedures.
• Use data to recommend remediation of security issues related to identity and access management.
• Review security architecture and make recommendations to implement compensating controls.
• Use application security best practices while participating in the Software Development Life Cycle (SDLC).
• Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

Audience Profile

The CompTIA CySA+ is designed for IT security analysts, vulnerability analysts, or threat intelligence analysts.

Prerequisites

• 3-4 years of hands-on information security or related experience
• Network+, Security+, or equivalent knowledge