Inhoud ICT-cursus CS0-001 CompTIA Cybersecurity Analyst

Inhoud van de ICT-cursus CS0-001 CompTIA Cybersecurity Analyst | De Kantooropleider

Tijdens de ICT-cursus CS0-001 CompTIA Cybersecurity Analyst worden de volgende onderdelen behandeld:

Network Architecture and Reconnaissance

  • start the course
  • map network hardware and software to the OSI model
  • identify when to use specific network hardware
  • understand:
    • IPv4 settings
    • IPv6 settings
    • transport protocols
    • which Windows tools to use when configuring and troubleshooting TCP/IP
    • which Linux tools to use when configuring and troubleshooting TCP/IP
  • configure and scan for service ports
  • configure network services securely
  • explain common wired and wireless network concepts
  • scan for wireless networks and understand the returned results
  • determine placement of network devices
  • explain the purpose of cloud computing
  • recognize the use of cloud service models
  • recognize the role of virtualization in cloud computing
  • identify cloud security options
  • explain how to discover network devices
  • use logs to learn about the network environment
  • use packet capturing tools for network traffic analysis
  • capture and interpret FTP and HTTP traffic
  • discover network configurations
  • explain harvesting techniques
  • recognize social engineering techniques
  • identify details within acceptable use policies
  • identify details within:
    • data ownership and retention policies
    • within data classification policies
    • within a password policy
  • recognize various network configurations and perform network reconnaissance

Threat Identification

  • start the course
  • identify assets and related threats
  • recognize known, unknown persistent, and zero-day threats
  • identify what constitutes PII
  • explain payment card data
  • identify intellectual property
  • control how valuable data is used
  • configure group policy to prevent data leakage
  • determine the effect of negative incidents
  • identify stakeholders related to incident response
  • recognize incident response roles
  • describe incident disclosure options
  • analyze:
    • host symptoms to determine the best response
    • network symptoms to determine the best response
    • application symptoms to determine the best response
  • contain negative incidents
  • thoroughly remove data
  • identify positive learned outcomes resulting from incidents
  • identify how OEM documentation can be used to reverse engineering products
  • recognize the relevance of up-to-date network documentation
  • recognize the ongoing maintenance of incident response plans
  • create proper incident forms
  • protect the integrity of collected evidence
  • implement changes to processes resulting from lessons learned
  • determine which type of report provides the best data for a specific situation
  • determine if SLA details are aligned with business needs
  • explain the purpose of a MOU
  • use existing inventory to drive decisions related to security
  • recognize threat impact and design an incident response plan

Threat Mitigation

  • start the course
  • identify SDLC phases
  • apply secure coding practices
  • properly test technology solutions for security
  • reduce the attack surface of a network host
  • recognize the importance of keeping hardware and software up to date
  • apply patches properly to secure network hosts
  • set the correct access to file systems while adhering to the principle of least privilege
  • recognize the purpose of:
    • controlling network access with NAC
    • network segregation using VLANs
  • identify various conditions that control access to resources
  • recognize the purpose of:
    • intentionally creating vulnerable hosts to monitor malicious use
    • a jump box
  • explain how proper IT governance results in secured IT resources
  • recognize how regulatory compliance can influence security controls
  • apply NIST’s Cybersecurity Framework to your digital assets
  • apply ISO security standards to harden your environment
  • recognize how:
    • the TOGAF enterprise IT architecture can increase efficiency of security controls
    • to assess risk and apply effective security controls to mitigate that risk
    • to apply ITIL to increase the efficiency of IT service delivery
  • identify:
    • physical security control
    • logical security controls
  • configure router ACL rules to block ICMP traffic
  • identify:
    • administrative security controls
    • compensating security controls
  • recognize the importance of continuous monitoring
  • explain how firmware must be accredited before universal trust is established
  • identify factors related to conducting penetration tests
  • list categories of security controls and threat mitigations

Reducing Vulnerabilities

  • start the course
  • recognize how crypto is used to secure data in the enterprise
  • differentiate symmetric from asymmetric encryption
  • differentiate asymmetric from symmetric encryption
  • identify the PKI hierarchy
  • request a security certificate from a CA
  • encrypt files on a Windows system using EFS
  • explain how file integrity can be maintained
  • enable file integrity:
    • using Linux
    • using Windows
  • recognize authentication methods used to prove one’s identity
  • require VPN connections to use MFA
  • recognize how resource access gets authorized
  • configure centralized authentication using RADIUS
  • describe what user provisioning entails
  • describe how identity federation differs from traditional authentication
  • identify security weaknesses:
    • in server Oss
    • on endpoint devices
    • at the network level
    • on mobile devices
  • recognize the overall process of scanning for vulnerabilities
  • configure appropriate vulnerability scanning settings
  • explain how the SCAP standard is used to measure vulnerability issues and compliance
  • conduct a vulnerability scan using Nessus
  • distinguish various vulnerability scanning tools from one another
  • conduct a vulnerability scan using MBSA
  • understand vulnerability scan results
  • put controls in place to mitigate threats
  • reduce vulnerabilities that can be exploited

Investigate Security Incidents

  • start the course
  • recognize:
    • the purpose of various firewall types
    • how firewall rules are created based on what type of traffic should or should not be allowed
    • how packet filters work
  • configure a packet filtering firewall
  • explain the purpose of a proxy server
  • explain the purpose of a security appliance
  • recognize the unique capabilities of web application firewalls
  • explain the importance of intrusion detection and prevention
  • recognize when to use:
    • HIDS
    • NIDS
    • NIPS
  • identify:
    • different types of malware
    • viruses
    • worms
    • spyware and adware
  • explain how ransomware works
  • mitigate malware using antimalware solutions
  • explain why user training and awareness is one of the most important security defenses
  • describe digital forensics
  • determine which forensic hardware is best suited for a specific situation
  • determine which forensic software is best suited for a specific situation
  • explain how forensic tools can be used against data stored on media
  • distinguish common forensic tools from one another
  • explain the sequence of steps that should be followed when conducting mobile device forensics
  • create a memory dump
  • retrieve and view deleted files
  • prevent threat materialization and follow proper forensic procedures

Monitoring for Security Issues

  • start the course
  • recognize proper hiring practices
  • provision new user accounts in accordance with organizational security policies
  • apply personnel management best practices
  • distinguish the difference between threats, vulnerabilities, and exploits
  • explain the concept of spoofing
  • craft forged packets using free tools
  • recognize:
    • how impersonation can be used to gain unauthorized access
    • CSS attacks
    • root kits
  • explain the concept of privilege escalation
  • distinguish the difference between common exploit tools
  • use Metasploit tools to further understand the attacker toolset
  • use Kali Linux tools to further understand the attacker toolset
  • crack passwords
  • recognize the importance of continuous monitoring of various systems
  • distinguish the difference between common monitoring tools
  • monitor the Linux OS
  • monitor the Windows OS
  • configure Windows event log forwarding
  • identify where:
    • SIEM is used
    • SCADA and ICS are used in different industries
  • view network utilization
  • analyze timestamped data from various sources
  • identify trends in network usage
  • identify events from specific types of logs
  • describe the difference between vulnerabilities and exploits as well as use various reporting tools

TestPrep CS0-001 CompTIA Cybersecurity Analyst (CySA+)

  • Test your knowledge on the skills and competencies measured by the vendor certification exam. TestPrep can be taken in either.
  • Study or Certification mode. Study mode is designed to maximize learning by not only testing your knowledge of the material, but also by providing additional information on the topics presented.
  • Certification mode is designed to test your knowledge of the material within a structured testing environment, providing valuable feedback at the end of the test.
Print pagina