Category
Security
Description
CompTIA Cybersecurity Analyst (CySA+) is a credential for the IT workforce that uses behavioral analytics on networks and devices to avoid, detect, and battle cybersecurity threats through continuous security monitoring.
Course Content
8 MODULEs • 3 months total length
Identify Security Controls Type • Cybersecurity Roles and Responsibilities • Security Operations Center (SOC) • Security Control Categories • Selecting Security Controls
Threat Intelligence Sharing (Introduction) • Security and Threat Intelligence • Intelligence Cycle • Intelligence Sources • Information Sharing and Analysis Centers (ISACS) • Threat Intelligence Sharing
Classifying Threats (Introduction) • Threat Classification • Threat Actors • Malware • Threat Research • Attack Frameworks • Indicator Management
Threat Hunting (Introduction) • Threat Modeling • Threat Hunting • Open-source Intelligence • Google Hacking • Profiling Techniques • Harvesting Techniques
Network Forensics (Introduction) • Network Forensic Tools • tcpdump • Wireshark • Flow Analysis • IP and DNS Analysis • URL Analysis • Conduct Packet Analysis
Appliance Monitoring (Introduction) • Firewall Logs • Firewall Configurations • Proxy Logs • Web Application Firewall Logs • IDS and IPS Configuration • IDS and IPS Logs • Port Security Configuration • NAC Configuration
Endpoint Monitoring (Introduction) • Endpoint Analysis • Sandboxing • Reverse Engineering • Malware Exploitation • Behavior Analysis • Malware Analysis • EDR Configuration • Blacklisting and Whitelisting
Email Monitoring (Introduction) • Email IOCs • Email Header Analysis • Email Content Analysis • Email Server Security • SMTP Log Analysis • Email Message Security • Analyzing Email Headers
Configuring Your SIEM (Introduction) • SIEM • Security Data Collection • Data Normalization • Event Log • Syslog • Configuring a SIEM Agent
Analyzing Your SIEM (Introduction) • SIEM Dashboards • Analysis and Detection • Trend Analysis • Rule and Query Writing • Searching and Piping Commands • Scripting Tools • Analyzing, Filtering, and Searching Logs
Digital Forensics (Introduction) • Digital Forensic Analysts • Forensics Procedures • Work Product Retention • Data Acquisition • Forensics Tools • Memory Acquisition • Disk Image Acquisition • Hashing • Timeline Generation • Carving • Chain of Custody • Collecting and Validating Evidence
Analyzing Network IOCs (Introduction) • Analyzing Network IOCs • Traffic Spikes • Beaconing • Irregular P2P Communications • Rogue Devices • Scans and Sweeps • Nonstandard Port Usage • TCP Ports • UDP Ports • Data Exfiltration • Covert Channels • Analysis of Network IOCs
Analyzing Host-related IOCs (Introduction) • Host-related IOCs • Malicious Processes • Memory Forensics • Consumption • Disk and File System • Unauthorized Privilege • Unauthorized Software • Unauthorized Change/Hardware • Persistence
Analyzing Application-related IOCs (Introduction) • Application-related IOCs • Anomalous Activity • Service Interruptions • Application Logs • New Accounts • Virtualization Forensics • Mobile Forensics
Analyzing Lateral Movement and Pivoting IOCs (Introduction) • Lateral Movement and Pivoting • Pass the Hash • Golden Ticket • Lateral Movement • Pivoting
Incident Response Preparation (Introduction) • Incident Response Phases • Documenting Procedures • Data Criticality • Communication Plan • Reporting Requirements • Response Coordination • Training and Testing
Detection and Containment (Introduction) • OODA Loop • Defensive Capabilities • Detection and Analysis • Impact Analysis • Incident Classification • Containment
Eradication, Recovery, and Post-incident Actions (Introduction) • Eradication • Eradication Actions • Recovery • Recovery Actions • Post-Incident Activities • Lessons Learned
Risk Mitigation (Introduction) • Risk Identification Process • Conducting an Assessment • Risk Calculation • Business Impact Analysis • Risk Prioritization • Communicating Risk • Training and exercise
Frameworks, Policies, and Procedures (Introduction) • Enterprise Security Architecture • Prescriptive Frameworks • Risk-based Frameworks • Audits and Assessments • Continuous Monitoring
Enumeration Tools (Introduction) • Enumeration Tools • Nmap Discovery Scans • Nmap Port Scans • Nmap Port States • Nmap Fingerprinting Scans • Using Nmap • Hping • Responder • Wireless Assessment Tools • Hashcat • Testing Credential Security
Vulnerability Scanning (Introduction)Identifying Vulnerabilities •Scanning Workflow • Scope Considerations • Scanner Types • Scanning Parameters • Scheduling and Constraints • Vulnerability Feeds • Scan Sensitivity • Scanning Risks • Conducting Scans
Analyzing Output from Vulnerability Scanners (Introduction) • Scan Reports • Common Identifiers • CVSS • Vulnerability Reports • Nessus • OpenVAS and Qualys
Mitigating Vulnerabilities (Introduction) • Remediation and Mitigation • Configuration Baselines • Hardening and Patching • Remediation Issues
Identity and Access Management Solutions (Introduction) • Identity and Access Management • Password Policies • SSO and MFA • Certificate Management • Federation • Privilege Management • IAM Auditing • Conduct and Use Policies • Account and Permissions Audits
Network Architecture and Segmentation (Introduction) • Asset and Change Management • Network Architecture • Segmentation • Jumpbox • Virtualization • Virtualized Infrastructure • Honeypots • Configuring Network Segmentation
Hardware Assurance Best Practices (Introduction) • Supply Chain Assessment • Root of Trust • Trusted Firmware • Security Processing
Specialized Technology (Introdu ction) • Mobile Vulnerabilities • IoT Vulnerabilities • Embedded System Vulnerabilities • ICS & SCADA Vulnerabilities • Mitigating Vulnerabilities • Premise System Vulnerabilities • Vehicular Vulnerabilities
Non-technical Data and Privacy Controls (Introduction) • Data Classification • Data Types • Legal Requirements • Data Policies • Data Retention • Data Ownership • Data Sharing
Technical Data and Privacy Controls (Introduction) • Access Controls • File System Permissions • Encryption • Data Loss Prevention • DLP Discovery and Classification • Deidentification Controls • DRM and Watermarking • Analyzing Share Permissions
Mitigate Software Vulnerabilities and Attacks (Introduction) • SDLC Integration • Execution and Escalation • Overflow Attacks • Race Conditions • Improper Error Handling • Design Vulnerabilities • Platform Best Practices
Mitigate Web Application Vulnerabilities and Attacks (Introduction) • Directory Traversal • Cross-site Scripting • SQL Injection • XML Vulnerabilities • Secure Coding • Authentication Attacks • Session Hijacking • Sensitive Data Exposure • Clickjacking • Web Applications Vulnerabilities
Analyzing Application Assessments (Introduction) • Software Assessments • Reverse Engineering • Dynamic Analysis • Web Application Scanners • Burp Suite • OWASP ZAP • Analyzing Web Applications
Cloud and Automation (Introduction) • Cloud Models • Service Models • Cloud-based Infrastructure
Service-Oriented Architecture (Introduction) • SOA and Microservices • SOAP • SAML • REST • API • Scripting • Workflow Orchestration • FAAS and Serverless
Cloud Infrastructure Assessments (Introduction) • Cloud Threats • Cloud Tools • Cloud Forensics • AUTOMATION CONCEPTS AND TECHNOLOGIES • Automation Concepts and Technologies (Introduction) • CI/CD •
DevSecOps • IAC • Machine Learning • Data Enrichment • SOAR
