DescriptionPrepare yourself for the newest CompTIA certification
The CompTIA Cybersecurity Analyst+ (CySA+) Study Guide provides 100% coverage of all exam objectives for the new CySA+ certification. The CySA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations systems. Focus your review for the CySA+ with Sybex and benefit from real-world examples drawn from experts, hands-on labs, insight on how to create your own cybersecurity toolkit, and end-of-chapter review questions help you gauge your understanding each step of the way. You also gain access to the Sybex interactive learning environment that includes electronic flashcards, a searchable glossary, and hundreds of bonus practice questions.
This study guide provides the guidance and knowledge you need to demonstrate your skill set in cybersecurity. Key exam topics include:
- Threat management
- Vulnerability management
- Cyber incident response
- Security architecture and toolsets
This item: CompTIA CySA+ Study Guide: Exam CS0-001
Assessment Test xxxix
Chapter 1 Defending Against Cybersecurity Threats 1
Chapter 2 Reconnaissance and Intelligence Gathering 33
Chapter 3 Designing a Vulnerability Management Program 75
Chapter 4 Analyzing Vulnerability Scans 103
Chapter 5 Building an Incident Response Program 143
Chapter 6 Analyzing Symptoms for Incident Response 169
Chapter 7 Performing Forensic Analysis 207
Chapter 8 Recovery and Post-Incident Response 245
Chapter 9 Policy and Compliance 269
Chapter 10 Defense-in-Depth Security Architectures 293
Chapter 11 Identity and Access Management Security 329
Chapter 12 Software Development Security 371
Chapter 13 Cybersecurity Toolkit 401
Appendix A Answers to the Review Questions 437
Chapter 1: Defending Against Cybersecurity Threats 438
Chapter 2: Reconnaissance and Intelligence Gathering 439
Chapter 3: Designing a Vulnerability Management Program 441
Chapter 4: Analyzing Vulnerability Scans 443
Chapter 5: Building an Incident Response Program 444
Chapter 6: Analyzing Symptoms for Incident Response 446
Chapter 7: Performing Forensic Analysis 448
Chapter 8: Recovery and Post-Incident Response 449
Chapter 9: Policy and Compliance 451
Chapter 10: Defense-in-Depth Security Architectures 453
Chapter 11: Identity and Access Management Security 456
Chapter 12: Software Development Security 458
Appendix B Answers to the Lab Exercises 461
Chapter 1: Defending Against Cybersecurity Threats 462
Chapter 2: Reconnaissance and Intelligence Gathering 462
Chapter 4: Analyzing Vulnerability Scans 463
Chapter 5: Building an Incident Response Program 464
Chapter 6: Analyzing Symptoms for Incident Response 465
Chapter 7: Performing Forensic Analysis 466
Chapter 8: Recovery and Post-Incident Response 467
Chapter 9: Policy and Compliance 470
Chapter 10: Defense-in-Depth Security Architectures 471
Chapter 11: Identity and Access Management Security 472
Chapter 12: Software Development Security 473
|xlv||Errata in Text,INCORRECT:|
Question 10. C is not the correct answer.
Question 10. A is the correct answer.
|xlv||Errata in text,Answer to the Assessment Test|
Question 10 - C.
Question 10 - A.
Question 12 - C.
Question 12 - A.
|xlv - FM||Errata in Text,Question 11 on xli:|
11. Ben's monitoring detects regular traffic sent from a system that is suspected to be compromised and participating in a botnet to a set of remote IP addresses. What is this called?
A. Anomalous pings
C. Zombie chatter
Answer 11 on xlv:
C. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.
D. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.
|Intro||xxxiii||Errata in text,On page xxxiii in the Introduction, a NOTE includes the URL www.wiley.com/go/Sybextestprep. However, if a customer types the URL exactly the way it appears in the print book, typing a capital S in Sybextestprep, the person will get a Page Not Found error message. |
The S should be lowercase, not uppercase. In the eBooks that are available, clicking the URL will take a customer to the same Page Not Found page. We need to make the correction as soon as possible.
Note: Corrections PDF is uploaded in download section
|6||Errata in text,The last sentences of bullet #2 and bullet #3 are identical.|
Bullet #3 - Last sentence:
When evaluating a structural threat, cybersecurity analysts should consider the possible range of effects that the threat might have on the organization.
Bullet #3 - Last sentence:
When evaluating environmental threats, cybersecurity analysts should consider common natural environmental threats to their geographic region, as well as how to appropriately prevent or counter man-made environmental threats.
|1||12||Errata in text,Table 1.1, please correct the port for SQL Server.|
It should be 1433, but the book incorrectly reads 1443.
|402||Errata in text,INCORRECT: |
Antimalware and Antivirus Heading
.... with detection capabilities built into host-based tools, integrated into email appliances and similar products, or deployed as prat of network layer intrusion detection or prevention systems.
Change prat to part
|Index||484||Errata in text,On p. 484 in Index, insert|
input validation, 132-134
between inline NAC solutions and Insecure Interaction Between Components software errors entries.
|Global||Errata in text,All references to CSA+ need to be changed to CySA+ on the following pages:|
iii - 1/2 title page
v - Title page
vi - Copyright page
xi - About the Authors - 2x
xxvii - Introduction - 4x
xxviii - 3x
xxix - 4x
xxxiv - 2x