Tijdens de ICT-cursus CS0-001 CompTIA Cybersecurity Analyst worden de volgende onderdelen behandeld:
Network Architecture and Reconnaissance
- start the course
- map network hardware and software to the OSI model
- identify when to use specific network hardware
- understand:
- IPv4 settings
- IPv6 settings
- transport protocols
- which Windows tools to use when configuring and troubleshooting TCP/IP
- which Linux tools to use when configuring and troubleshooting TCP/IP
- configure and scan for service ports
- configure network services securely
- explain common wired and wireless network concepts
- scan for wireless networks and understand the returned results
- determine placement of network devices
- explain the purpose of cloud computing
- recognize the use of cloud service models
- recognize the role of virtualization in cloud computing
- identify cloud security options
- explain how to discover network devices
- use logs to learn about the network environment
- use packet capturing tools for network traffic analysis
- capture and interpret FTP and HTTP traffic
- discover network configurations
- explain harvesting techniques
- recognize social engineering techniques
- identify details within acceptable use policies
- identify details within:
- data ownership and retention policies
- within data classification policies
- within a password policy
- recognize various network configurations and perform network reconnaissance
Threat Identification
- start the course
- identify assets and related threats
- recognize known, unknown persistent, and zero-day threats
- identify what constitutes PII
- explain payment card data
- identify intellectual property
- control how valuable data is used
- configure group policy to prevent data leakage
- determine the effect of negative incidents
- identify stakeholders related to incident response
- recognize incident response roles
- describe incident disclosure options
- analyze:
- host symptoms to determine the best response
- network symptoms to determine the best response
- application symptoms to determine the best response
- contain negative incidents
- thoroughly remove data
- identify positive learned outcomes resulting from incidents
- identify how OEM documentation can be used to reverse engineering products
- recognize the relevance of up-to-date network documentation
- recognize the ongoing maintenance of incident response plans
- create proper incident forms
- protect the integrity of collected evidence
- implement changes to processes resulting from lessons learned
- determine which type of report provides the best data for a specific situation
- determine if SLA details are aligned with business needs
- explain the purpose of a MOU
- use existing inventory to drive decisions related to security
- recognize threat impact and design an incident response plan
Threat Mitigation
- start the course
- identify SDLC phases
- apply secure coding practices
- properly test technology solutions for security
- reduce the attack surface of a network host
- recognize the importance of keeping hardware and software up to date
- apply patches properly to secure network hosts
- set the correct access to file systems while adhering to the principle of least privilege
- recognize the purpose of:
- controlling network access with NAC
- network segregation using VLANs
- identify various conditions that control access to resources
- recognize the purpose of:
- intentionally creating vulnerable hosts to monitor malicious use
- a jump box
- explain how proper IT governance results in secured IT resources
- recognize how regulatory compliance can influence security controls
- apply NIST’s Cybersecurity Framework to your digital assets
- apply ISO security standards to harden your environment
- recognize how:
- the TOGAF enterprise IT architecture can increase efficiency of security controls
- to assess risk and apply effective security controls to mitigate that risk
- to apply ITIL to increase the efficiency of IT service delivery
- identify:
- physical security control
- logical security controls
- configure router ACL rules to block ICMP traffic
- identify:
- administrative security controls
- compensating security controls
- recognize the importance of continuous monitoring
- explain how firmware must be accredited before universal trust is established
- identify factors related to conducting penetration tests
- list categories of security controls and threat mitigations
Reducing Vulnerabilities
- start the course
- recognize how crypto is used to secure data in the enterprise
- differentiate symmetric from asymmetric encryption
- differentiate asymmetric from symmetric encryption
- identify the PKI hierarchy
- request a security certificate from a CA
- encrypt files on a Windows system using EFS
- explain how file integrity can be maintained
- enable file integrity:
- using Linux
- using Windows
- recognize authentication methods used to prove one’s identity
- require VPN connections to use MFA
- recognize how resource access gets authorized
- configure centralized authentication using RADIUS
- describe what user provisioning entails
- describe how identity federation differs from traditional authentication
- identify security weaknesses:
- in server Oss
- on endpoint devices
- at the network level
- on mobile devices
- recognize the overall process of scanning for vulnerabilities
- configure appropriate vulnerability scanning settings
- explain how the SCAP standard is used to measure vulnerability issues and compliance
- conduct a vulnerability scan using Nessus
- distinguish various vulnerability scanning tools from one another
- conduct a vulnerability scan using MBSA
- understand vulnerability scan results
- put controls in place to mitigate threats
- reduce vulnerabilities that can be exploited
Investigate Security Incidents
- start the course
- recognize:
- the purpose of various firewall types
- how firewall rules are created based on what type of traffic should or should not be allowed
- how packet filters work
- configure a packet filtering firewall
- explain the purpose of a proxy server
- explain the purpose of a security appliance
- recognize the unique capabilities of web application firewalls
- explain the importance of intrusion detection and prevention
- recognize when to use:
- HIDS
- NIDS
- NIPS
- identify:
- different types of malware
- viruses
- worms
- spyware and adware
- explain how ransomware works
- mitigate malware using antimalware solutions
- explain why user training and awareness is one of the most important security defenses
- describe digital forensics
- determine which forensic hardware is best suited for a specific situation
- determine which forensic software is best suited for a specific situation
- explain how forensic tools can be used against data stored on media
- distinguish common forensic tools from one another
- explain the sequence of steps that should be followed when conducting mobile device forensics
- create a memory dump
- retrieve and view deleted files
- prevent threat materialization and follow proper forensic procedures
Monitoring for Security Issues
- start the course
- recognize proper hiring practices
- provision new user accounts in accordance with organizational security policies
- apply personnel management best practices
- distinguish the difference between threats, vulnerabilities, and exploits
- explain the concept of spoofing
- craft forged packets using free tools
- recognize:
- how impersonation can be used to gain unauthorized access
- CSS attacks
- root kits
- explain the concept of privilege escalation
- distinguish the difference between common exploit tools
- use Metasploit tools to further understand the attacker toolset
- use Kali Linux tools to further understand the attacker toolset
- crack passwords
- recognize the importance of continuous monitoring of various systems
- distinguish the difference between common monitoring tools
- monitor the Linux OS
- monitor the Windows OS
- configure Windows event log forwarding
- identify where:
- SIEM is used
- SCADA and ICS are used in different industries
- view network utilization
- analyze timestamped data from various sources
- identify trends in network usage
- identify events from specific types of logs
- describe the difference between vulnerabilities and exploits as well as use various reporting tools
TestPrep CS0-001 CompTIA Cybersecurity Analyst (CySA+)
- Test your knowledge on the skills and competencies measured by the vendor certification exam. TestPrep can be taken in either.
- Study or Certification mode. Study mode is designed to maximize learning by not only testing your knowledge of the material, but also by providing additional information on the topics presented.
- Certification mode is designed to test your knowledge of the material within a structured testing environment, providing valuable feedback at the end of the test.
Volg ons: