CompTIA is a not-for-profit trade association with the purpose of advancing the interests of IT professionals and IT channel organizations, and its industry-leading IT certifications are an important part of that mission.
Course overview:
CompTIA CyberSecurity Analyst (CySA+) certification is an intermediate-level certification designed to demonstrate the knowledge and competencies of a security analyst or specialist with four years' experience in the field. This course covers the duties of cybersecurity analysts who are responsible for monitoring and detecting security incidents in information systems and networks, and for executing a proper response to such incidents.
The course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur. The course will also prepare you for the CompTIA CySA+ (Exam CS0-002) certification examination.
Course objectives:
After you complete this course you will be able to:
• Assess and respond to security threats and operate a systems and network security analysis platform
• Collect and use cybersecurity intelligence and threat data
• Identify modern cybersecurity threat actors types and tactics, techniques and procedures
• Analyze data collected from security and event logs and network packet captures
• Respond to and investigate cybersecurity incidents using forensic analysis techniques
• Assess information security risk in computing and network environments
• Implement a vulnerability management program
• Address security issues with an organization‘s network architecture
• Understand the importance of data governance controls
• Address security issues with an organization‘s software development life cycle
• Address security issues with an organization‘s use of cloud and service-oriented architecture
Course content:
Lesson 1 - Explaining the Importance of Security Controls and Security Intelligence:
• Topic 1A: Identify Security Control Types
• Topic 1B: Explain the Importance of Threat Data and Intelligence
Lesson 2 - Utilizing Threat Data and Intelligence:
• Topic 2A: Classify Threats and Threat Actor Types
• Topic 2B: Utilize Attack Frameworks and Indicator Management
• Topic 2C: Utilize Threat Modeling and Hunting Methodologies
Lesson 3 - Analyzing Security Monitoring Data:
• Topic 3A: Analyze Network Monitoring Output
• Topic 3B: Analyze Appliance Monitoring Output
• Topic 3C: Analyze Endpoint Monitoring Output
• Topic 3D: Analyze Email Monitoring Output
Lesson 4 - Collecting and Querying Security Monitoring Data:
• Topic 4A: Configure Log Review and SIEM Tools
• Topic 4B: Analyze and Query Logs and SIEM Data
Lesson 5 - Utilizing Digital Forensics and Indicator Analysis Techniques:
• Topic 5A: Identify Digital Forensics Techniques
• Topic 5B: Analyze Network-related IoCs
• Topic 5C: Analyze Host-related IoCs
• Topic 5D: Analyze Application-Related IoCs
• Topic 5E: Analyze Lateral Movement and Pivot IoCs
Lesson 6 - Applying Incident Response Procedures:
• Topic 6A: Explain Incident Response Processes
• Topic 6B: Apply Detection and Containment Processes
• Topic 6C: Apply Eradication, Recovery, and Post Incident Processes
Lesson 7 - Applying Risk Mitigation and Security Frameworks:
• Topic 7A: Apply Risk Identification, Calculation, and Prioritization Processes
• Topic 7B: Explain Frameworks, Policies, and Procedures
Lesson 8 - Performing Vulnerability Management:
• Topic 8A: Analyze Output from Enumeration Tools
• Topic 8B: Configure Infrastructure Vulnerability Scanning Parameters
• Topic 8C: Analyze Output from Infrastructure Vulnerability Scanners
• Topic 8D: Mitigate Vulnerability Issues
Lesson 9 - Applying Security Solutions for Infrastructure Management:
• Topic 9A: Apply Identity and Access Management Security Solutions
• Topic 9B: Apply Network Architecture and Segmentation Security Solutions
• Topic 9C: Explain Hardware Assurance Best Practices
• Topic 9D: Explain Vulnerabilities Associated with Specialized Technology
Lesson 10 - Understanding Data Privacy and Protection:
• Topic 10A: Identify Non-Technical Data and Privacy Controls
• Topic 10B: Identify Technical Data and Privacy Controls
Lesson 11 - Applying Security Solutions for Software Assurance:
• Topic 11A: Mitigate Software Vulnerabilities and Attacks
• Topic 11B: Mitigate Web Application Vulnerabilities and Attacks
• Topic 11C: Analyze Output from Application Assessments
Lesson 12 - Applying Security Solutions for Cloud and Automation:
• Topic 12A: Identify Cloud Service and Deployment Model Vulnerabilities
• Topic 12B: Explain Service-Oriented Architecture
• Topic 12C: Analyze Output from Cloud Infrastructure Assessment Tools
• Topic 12D: Compare Automation Concepts and Technologies
Target audience:
This course is aimed at students who are seeking the CompTIA CySA+ certification and who want to prepare for the CompTIA CySA+ CS0-002 certification exam. The course more generally supports candidates working in or aiming for job roles such as security operations center (SOC) analyst, vulnerability analyst, cybersecurity specialist, threat intelligence analyst, security engineer, and cybersecurity analyst.
Prerequisites:
Attendees should meet the following prerequisites:
• At least two years‘ experience in computer network security technology or a related field.
• The ability to recognize information security vulnerabilities and threats in the context of risk management.
• Foundation-level operational skills with the common operating systems for PCs, mobile devices, and servers.
• Foundation-level understanding of some of the common concepts for network environments, such as routing and switching.
• Foundational knowledge of TCP/IP networking protocols, including IP, ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP/HTTPS, SMTP, and POP3/IMAP.
• Foundational knowledge of the concepts and operational framework of common assurance safeguards in computing environments. Safeguards include authentication and authorization, resource permissions, and antimalware mechanisms.
• Foundational knowledge of the concepts and operational framework of common assurance safeguards in network environments, such as firewalls, IPS, NAC, and VPNs.
Recommended prerequisites:
• G005 - CompTIA Network+
• G013 - CompTIA Security+
Test certification:
Recommended preparation for exam(s):
• CS0-002 CompTIA CySA+ Exam
This is exam consists of a maximum of 85 multiple choice and performance-based questions to be completed in 165 minutes. To pass, you need to score a minimum of 750 (on a scale of 100 - 900).