Skip to main content

CompTIA CySA+ Study Guide: Exam CS0-001

CompTIA CySA+ Study Guide: Exam CS0-001

Mike Chapple, David Seidl

ISBN: 978-1-119-34988-4

Apr 2017

552 pages

$39.99

Description

Prepare yourself for the newest CompTIA certification

The CompTIA Cybersecurity Analyst+ (CySA+) Study Guide provides 100% coverage of all exam objectives for the new CySA+ certification. The CySA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations systems. Focus your review for the CySA+ with Sybex and benefit from real-world examples drawn from experts, hands-on labs, insight on how to create your own cybersecurity toolkit, and end-of-chapter review questions help you gauge your understanding each step of the way. You also gain access to the Sybex interactive learning environment that includes electronic flashcards, a searchable glossary, and hundreds of bonus practice questions.

This study guide provides the guidance and knowledge you need to demonstrate your skill set in cybersecurity. Key exam topics include:

  • Threat management
  • Vulnerability management
  • Cyber incident response
  • Security architecture and toolsets

Related Resources

Introduction xxvii

Assessment Test xxxix

Chapter 1 Defending Against Cybersecurity Threats 1

Chapter 2 Reconnaissance and Intelligence Gathering 33

Chapter 3 Designing a Vulnerability Management Program 75

Chapter 4 Analyzing Vulnerability Scans 103

Chapter 5 Building an Incident Response Program 143

Chapter 6 Analyzing Symptoms for Incident Response 169

Chapter 7 Performing Forensic Analysis 207

Chapter 8 Recovery and Post-Incident Response 245

Chapter 9 Policy and Compliance 269

Chapter 10 Defense-in-Depth Security Architectures 293

Chapter 11 Identity and Access Management Security 329

Chapter 12 Software Development Security 371

Chapter 13 Cybersecurity Toolkit 401

Appendix A Answers to the Review Questions 437

Chapter 1: Defending Against Cybersecurity Threats 438

Chapter 2: Reconnaissance and Intelligence Gathering 439

Chapter 3: Designing a Vulnerability Management Program 441

Chapter 4: Analyzing Vulnerability Scans 443

Chapter 5: Building an Incident Response Program 444

Chapter 6: Analyzing Symptoms for Incident Response 446

Chapter 7: Performing Forensic Analysis 448

Chapter 8: Recovery and Post-Incident Response 449

Chapter 9: Policy and Compliance 451

Chapter 10: Defense-in-Depth Security Architectures 453

Chapter 11: Identity and Access Management Security 456

Chapter 12: Software Development Security 458

Appendix B Answers to the Lab Exercises 461

Chapter 1: Defending Against Cybersecurity Threats 462

Chapter 2: Reconnaissance and Intelligence Gathering 462

Chapter 4: Analyzing Vulnerability Scans 463

Chapter 5: Building an Incident Response Program 464

Chapter 6: Analyzing Symptoms for Incident Response 465

Chapter 7: Performing Forensic Analysis 466

Chapter 8: Recovery and Post-Incident Response 467

Chapter 9: Policy and Compliance 470

Chapter 10: Defense-in-Depth Security Architectures 471

Chapter 11: Identity and Access Management Security 472

Chapter 12: Software Development Security 473

Index 475

Errata in text
Corrections PDF On page xxxiii in the Introduction is attached here
Download
ChapterPageDetailsDatePrint Run
xlvErrata in Text
INCORRECT:
Question 10. C is not the correct answer.

CORRECT:
Question 10. A is the correct answer.
11-May-17

xlvErrata in text
Answer to the Assessment Test
page xlv
INCORRECT:
Question 10 - C.
CORRECT:
Question 10 - A.
INCORRECT:
Question 12 - C.
CORRECT:
Question 12 - A.
11-Jan-18

xlv - FMErrata in Text
Question 11 on xli:
11. Ben's monitoring detects regular traffic sent from a system that is suspected to be compromised and participating in a botnet to a set of remote IP addresses. What is this called?
A. Anomalous pings
B. Probing
C. Zombie chatter
D. Beaconing

Answer 11 on xlv:
Incorrect text:
C. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.

Correct text:
D. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.
19-May-17

IntroxxxiiiErrata in text
On page xxxiii in the Introduction, a NOTE includes the URL www.wiley.com/go/Sybextestprep. However, if a customer types the URL exactly the way it appears in the print book, typing a capital S in Sybextestprep, the person will get a Page Not Found error message.
The S should be lowercase, not uppercase. In the eBooks that are available, clicking the URL will take a customer to the same Page Not Found page. We need to make the correction as soon as possible.
Note: Corrections PDF is uploaded in download section
21-Jul-17

6Errata in text
The last sentences of bullet #2 and bullet #3 are identical.
INCORRECT:
Bullet #3 - Last sentence:
When evaluating a structural threat, cybersecurity analysts should consider the possible range of effects that the threat might have on the organization.
CORRECT:
Bullet #3 - Last sentence:
When evaluating environmental threats, cybersecurity analysts should consider common natural environmental threats to their geographic region, as well as how to appropriately prevent or counter man-made environmental threats.
12-Jan-18

112Errata in text
Table 1.1, please correct the port for SQL Server.
It should be 1433, but the book incorrectly reads 1443.
24-Oct-17

402Errata in text
INCORRECT:
Antimalware and Antivirus Heading
Paragraph 2
.... with detection capabilities built into host-based tools, integrated into email appliances and similar products, or deployed as prat of network layer intrusion detection or prevention systems.
CORRECT:
Change prat to part
18-Aug-17

Index484Errata in text
On p. 484 in Index, insert
input validation, 132-134
between inline NAC solutions and Insecure Interaction Between Components software errors entries.
28-Sep-17

GlobalErrata in text
All references to CSA+ need to be changed to CySA+ on the following pages:
iii - 1/2 title page
v - Title page
vi - Copyright page
xi - About the Authors - 2x
xxvii - Introduction - 4x
xxviii - 3x
xxix - 4x
xxx
xxxi
xxxiv - 2x
xlvii
220
246
254
278
283
306
382
411
414 - 3x
418
432 - 4x
436
I - BoB ad page
22-Jan-18

12397Errata in text
INCORRECT: In Question #3. ??cost testing?? CORRECT: In Question #3. ?code testing?
07-Mar-2018