CompTIA CSA+ Study Guide: Exam CS0-001
The CompTIA Cybersecurity Analyst+ (CSA+) Study Guide provides 100% coverage of all exam objectives for the new CSA+ certification. The CSA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations systems. Focus your review for the CSA+ with Sybex and benefit from real-world examples drawn from experts, hands-on labs, insight on how to create your own cybersecurity toolkit, and end-of-chapter review questions help you gauge your understanding each step of the way. You also gain access to the Sybex interactive learning environment that includes electronic flashcards, a searchable glossary, and hundreds of bonus practice questions.
This study guide provides the guidance and knowledge you need to demonstrate your skill set in cybersecurity. Key exam topics include:
- Threat management
- Vulnerability management
- Cyber incident response
- Security architecture and toolsets
Assessment Test xxxix
Chapter 1 Defending Against Cybersecurity Threats 1
Chapter 2 Reconnaissance and Intelligence Gathering 33
Chapter 3 Designing a Vulnerability Management Program 75
Chapter 4 Analyzing Vulnerability Scans 103
Chapter 5 Building an Incident Response Program 143
Chapter 6 Analyzing Symptoms for Incident Response 169
Chapter 7 Performing Forensic Analysis 207
Chapter 8 Recovery and Post-Incident Response 245
Chapter 9 Policy and Compliance 269
Chapter 10 Defense-in-Depth Security Architectures 293
Chapter 11 Identity and Access Management Security 329
Chapter 12 Software Development Security 371
Chapter 13 Cybersecurity Toolkit 401
Appendix A Answers to the Review Questions 437
Chapter 1: Defending Against Cybersecurity Threats 438
Chapter 2: Reconnaissance and Intelligence Gathering 439
Chapter 3: Designing a Vulnerability Management Program 441
Chapter 4: Analyzing Vulnerability Scans 443
Chapter 5: Building an Incident Response Program 444
Chapter 6: Analyzing Symptoms for Incident Response 446
Chapter 7: Performing Forensic Analysis 448
Chapter 8: Recovery and Post-Incident Response 449
Chapter 9: Policy and Compliance 451
Chapter 10: Defense-in-Depth Security Architectures 453
Chapter 11: Identity and Access Management Security 456
Chapter 12: Software Development Security 458
Appendix B Answers to the Lab Exercises 461
Chapter 1: Defending Against Cybersecurity Threats 462
Chapter 2: Reconnaissance and Intelligence Gathering 462
Chapter 4: Analyzing Vulnerability Scans 463
Chapter 5: Building an Incident Response Program 464
Chapter 6: Analyzing Symptoms for Incident Response 465
Chapter 7: Performing Forensic Analysis 466
Chapter 8: Recovery and Post-Incident Response 467
Chapter 9: Policy and Compliance 470
Chapter 10: Defense-in-Depth Security Architectures 471
Chapter 11: Identity and Access Management Security 472
Chapter 12: Software Development Security 473
Mike Chapple, PhD, CSA+, CISSP, Security+, is Senior Director for IT Service Delivery at the University of Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security.
David Seidl, CISSP, GPEN, GCIH is the Senior Director for Campus Technology Services at Notre Dame. As Senior Director for CTS, he is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage.
Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.
|xlv||Errata in Text
Question 10. C is not the correct answer.
Question 10. A is the correct answer.
|xlv - FM||Errata in Text
Question 11 on xli:
11. Ben's monitoring detects regular traffic sent from a system that is suspected to be compromised and participating in a botnet to a set of remote IP addresses. What is this called?
A. Anomalous pings
C. Zombie chatter
Answer 11 on xlv:
C. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.
D. Regular traffic from compromised systems to command and control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases.