CompTIA Cybersecurity Analyst (CySA+)

(CS0-001-complete)/ISBN:978-1-61691-969-6

This course includes
Lessons
TestPrep
Hand-on Lab

We have a course on the latest CySA+ exam, please check out the latest CompTIA Cybersecurity Analyst (CySA+) course!

Gain the skills required to pass the CompTIA CySA certification exam with the CompTIA Cybersecurity Analyst (CySA+) course and lab. The lab simulates real-world, hardware, software, and command-line interface environments and can be mapped to any text-book, course or training. The CySA+ study guide focuses on all the objectives of the CS0-001 exam and is designed for IT security analysts, vulnerability analysts, or threat intelligence analysts to configure and use threat detection tools, and perform data analysis.

Here's what you will get

The CompTIA Cybersecurity Analyst (CySA+) certification is an international, vendor-neutral credential that covers applying behavioral analytics to improve the overall state of IT security. The CompTIA CySA+ certification validates the critical knowledge and skills that are required to prevent, detect, and combat cybersecurity threats. It also teaches you how to interpret the reports to protect an organization by identifying vulnerabilities, threats, and risks.

Lessons

17+ Lessons | 65+ Quizzes | 456+ Flashcards | 456+ Glossary of terms

TestPrep

36+ Pre Assessment Questions | 2+ Full Length Tests | 75+ Post Assessment Questions | 150+ Practice Test Questions

Hand on lab

40+ LiveLab | 00+ Minutes

Here's what you will learn

Download Course Outline

Lessons 1: Assessing Information Security Risk

  • TOPIC A: Identify the Importance of Risk Management
  • TOPIC B: Assess Risk
  • TOPIC C: Mitigate Risk
  • TOPIC D: Integrate Documentation into Risk Management
  • Summary

Lessons 2: Analyzing the Threat Landscape

  • TOPIC A: Classify Threats and Threat Profiles
  • TOPIC B: Perform Ongoing Threat Research
  • Summary

Lessons 3: Analyzing Reconnaissance Threats to Computing and Network Environments

  • TOPIC A: Implement Threat Modeling
  • TOPIC B: Assess the Impact of Reconnaissance Incidents
  • TOPIC C: Assess the Impact of Social Engineering
  • Summary

Lessons 4: Analyzing Attacks on Computing and Network Environments

  • TOPIC A: Assess the Impact of System Hacking Attacks
  • TOPIC B: Assess the Impact of Web-Based Attacks
  • TOPIC C: Assess the Impact of Malware
  • TOPIC D: Assess the Impact of Hijacking and Impersonation Attacks
  • TOPIC E: Assess the Impact of DoS Incidents
  • TOPIC F: Assess the Impact of Threats to Mobile Security
  • TOPIC G: Assess the Impact of Threats to Cloud Security
  • Summary

Lessons 5: Analyzing Post-Attack Techniques

  • TOPIC A: Assess Command and Control Techniques
  • TOPIC B: Assess Persistence Techniques
  • TOPIC C: Assess Lateral Movement and Pivoting Techniques
  • TOPIC D: Assess Data Exfiltration Techniques
  • TOPIC E: Assess Anti-Forensics Techniques
  • Summary

Lessons 6: Managing Vulnerabilities in the Organization

  • TOPIC A: Implement a Vulnerability Management Plan
  • TOPIC B: Assess Common Vulnerabilities
  • TOPIC C: Conduct Vulnerability Scans
  • Summary

Lessons 7: Implementing Penetration Testing to Evaluate Security

  • TOPIC A: Conduct Penetration Tests on Network Assets
  • TOPIC B: Follow Up on Penetration Testing
  • Summary

Lessons 8: Collecting Cybersecurity Intelligence

  • TOPIC A: Deploy a Security Intelligence Collection and Analysis Platform
  • TOPIC B: Collect Data from Network-Based Intelligence Sources
  • TOPIC C: Collect Data from Host-Based Intelligence Sources
  • Summary

Lessons 9: Analyzing Log Data

  • TOPIC A: Use Common Tools to Analyze Logs
  • TOPIC B: Use SIEM Tools for Analysis
  • TOPIC C: Parse Log Files with Regular Expressions
  • Summary

Lessons 10: Performing Active Asset and Network Analysis

  • TOPIC A: Analyze Incidents with Windows-Based Tools
  • TOPIC B: Analyze Incidents with Linux-Based Tools
  • TOPIC C: Analyze Malware
  • TOPIC D: Analyze Indicators of Compromise
  • Summary

Lessons 11: Responding to Cybersecurity Incidents

  • TOPIC A: Deploy an Incident Handling and Response Architecture
  • TOPIC B: Mitigate Incidents
  • TOPIC C: Prepare for Forensic Investigation as a CSIRT
  • Summary

Lessons 12: Investigating Cybersecurity Incidents

  • TOPIC A: Apply a Forensic Investigation Plan
  • TOPIC B: Securely Collect and Analyze Electronic Evidence
  • TOPIC C: Follow Up on the Results of an Investigation
  • Summary

Lessons 13: Addressing Security Architecture Issues

  • TOPIC A: Remediate Identity and Access Management Issues
  • TOPIC B: Implement Security During the SDLC
  • Summary

Appendix A: Mapping Course Content to CyberSec First Responder (Exam CFR-210)

Appendix B: Mapping Course Content to CompTIA® CyberSecurity Analyst+ (Exam CS0-001)

Appendix C: Security Resources

  • TOPIC A: List of Security Resources

Appendix D: U.S. Department of Defense Operational Security

  • TOPIC A: Summary of U.S. Department of Defense Operational Security Practices

Hands-on LAB Activities

Assessing Information Security Risk

  • Adding Revision to the Revision History
  • Viewing and Downloading the Policy Templates
  • Opening the Policy Template and Setting the Company Name
  • Reviewing and Modifying the Policy Items

Analyzing the Threat Landscape

  • Identifying the most significant emerging technologies of 2016
  • Consulting a Vulnerability Database
  • Finding information security blogs

Analyzing Reconnaissance Threats to Computing and Network Environments

  • Performing Reconnaissance on a Network
  • Downloading and Installing Wireshark and WinPcap
  • Working with Wireshark's Interface
  • Analyzing the Capture File to Find the Attack(s)
  • Generating Network Traffic and Using Filters
  • Examining the traffic between client and server
  • Assessing the impact of malware

Analyzing Attacks on Computing and Network Environments

  • Confirming the Spoofing Attack in Wireshark
  • Identifying security apps available for Android
  • Examining the DDOS_Attack.pcap File

Analyzing Post-Attack Techniques

  • Scanning the Rootkit

Managing Vulnerabilities in the Organization

  • Conducting Vulnerability Scans

Implementing Penetration Testing to Evaluate Security

  • Identifying Search Options in Metasploit
  • Performing the Initial Scan

Collecting Cybersecurity Intelligence

  • Collecting network-based security intelligence
  • Exporting your Windows logs

Analyzing Log Data

  • Making Syslog Entries Readable
  • Installing Splunk on the Server

Performing Active Asset and Network Analysis

  • Manipulating Kali Linux VM's network interfaces
  • Retrieving a Real-Time List of Running Processes
  • Starting a Live Packet Capture
  • Examining the ipconfig options and creating the activity log
  • Initiating an SSH Session from your Windows 10 Client to your Windows Server
  • Using the Process Explorer to View Specific Details About Running Processes on the System
  • Acquiring the Trojan horse simulator
  • Accessing remotely the DT_Watch folder to generate audit logs
  • Uploading the Trojan horse simulator to VirusTotal
  • Uploading the Trojan horse simulator to Malware
  • Identifying a suspicious account on the System User Groups
  • Enabling auditing of the DT_Watch folder
  • Examining the Audited Events
  • Enabling logging for audited objects

Addressing Security Architecture Issues

  • Inspecting the Vulnerability in the echo Server's Source Code

Exam FAQs

There is no required prerequisite for CompTIA CS0-001 certification exam, but the candidate should hold CompTIA Network+, Security+ or equivalent knowledge. He or she should have a minimum of 3-4 years of hands-on information security or related experience.

USD 359

Pricing and taxes may vary from country to country.

Multiple-choice and performance-based

The exam contains 85 questions.

165 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the CySA+ examination, CompTIA's retake policies are:

  1. CompTIA does not require a waiting period between the first and second attempt to pass such examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least 14 calendar days from the date of your last attempt before you can retake the exam.
  2. If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  3. A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  4. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

CompTIA CySA+ certification expires after three years from the date of issue, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.