CompTIA Cybersecurity Analyst+ CS0-001: Investigate Security Incidents

CompTIA Cybersecurity Analyst+ CS0-001: Investigate Security Incidents

• start the course
• recognize the purpose of various firewall types
• recognize how firewall rules are created based on what type of traffic should or should not be allowed
• recognize how packet filters work
• configure a packet filtering firewall
• explain the purpose of a proxy server
• explain the purpose of a security appliance
• recognize the unique capabilities of web application firewalls
• explain the importance of intrusion detection and prevention
• recognize when to use HIDS
• recognize when to use NIDS
• recognize when to use NIPS
• identify different types of malware
• identify viruses
• identify worms
• identity spyware and adware
• explain how ransomware works
• mitigate malware using antimalware solutions
• explain why user training and awareness is one of the most important security defenses
• describe digital forensics
• determine which forensic hardware is best suited for a specific situation
• determine which forensic software is best suited for a specific situation
• explain how forensic tools can be used against data stored on media
• distinguish common forensic tools from one another
• explain the sequence of steps that should be followed when conducting mobile device forensics
• create a memory dump
• retrieve and view deleted files
• prevent threat materialization and follow proper forensic procedures

CompTIA Cybersecurity Analyst+ CS0-001: Monitoring for Security Issues

CompTIA Cybersecurity Analyst+ CS0-001: Monitoring for Security Issues

• start the course
• recognize proper hiring practices
• provision new user accounts in accordance with organizational security policies
• apply personnel management best practices
• distinguish the difference between threats, vulnerabilities, and exploits
• explain the concept of spoofing
• craft forged packets using free tools
• recognize how impersonation can be used to gain unauthorized access
• recognize CSS attacks
• recognize root kits
• explain the concept of privilege escalation
• distinguish the difference between common exploit tools
• use Metasploit tools to further understand the attacker toolset
• use Kali Linux tools to further understand the attacker toolset
• crack passwords
• recognize the importance of continuous monitoring of various systems
• distinguish the difference between common monitoring tools
• monitor the Linux OS
• monitor the Windows OS
• configure Windows event log forwarding
• identify where SIEM is used
• identify where SCADA and ICS are used in different industries
• view network utilization
• analyze timestamped data from various sources
• identify trends in network usage
• identify events from specific types of logs
• describe the difference between vulnerabilities and exploits as well as use various reporting tools

CompTIA Cybersecurity Analyst+ CS0-001: Network Architecture and Reconnaissance

CompTIA Cybersecurity Analyst+ CS0-001: Network Architecture and Reconnaissance

• start the course
• map network hardware and software to the OSI model
• identify when to use specific network hardware
• understand IPv4 settings
• understand IPv6 settings
• understand transport protocols
• understand which Windows tools to use when configuring and troubleshooting TCP/IP
• understand which Linux tools to use when configuring and troubleshooting TCP/IP
• configure and scan for service ports
• configure network services securely
• explain common wired and wireless network concepts
• scan for wireless networks and understand the returned results
• determine placement of network devices
• explain the purpose of cloud computing
• recognize the use of cloud service models
• recognize the role of virtualization in cloud computing
• identify cloud security options
• explain how to discover network devices
• use logs to learn about the network environment
• use packet capturing tools for network traffic analysis
• capture and interpret FTP and HTTP traffic
• discover network configurations
• explain harvesting techniques
• recognize social engineering techniques
• identify details within acceptable use policies
• identify details within data ownership and retention policies
• identify details within data classification policies
• identify details within a password policy
• recognize various network configurations and perform network reconnaissance

CompTIA Cybersecurity Analyst+ CS0-001: Reducing Vulnerabilities

CompTIA Cybersecurity Analyst+ CS0-001: Reducing Vulnerabilities

• start the course
• recognize how crypto is used to secure data in the enterprise
• differentiate symmetric from asymmetric encryption
• differentiate asymmetric from symmetric encryption
• identify the PKI hierarchy
• request a security certificate from a CA
• encrypt files on a Windows system using EFS
• explain how file integrity can be maintained
• enable file integrity using Linux
• enable file integrity using Windows
• recognize authentication methods used to prove one's identity
• require VPN connections to use MFA
• recognize how resource access gets authorized
• configure centralized authentication using RADIUS
• describe what user provisioning entails
• describe how identity federation differs from traditional authentication
• identify security weaknesses in server OSs
• identify security weaknesses on endpoint devices
• identify security weaknesses at the network level
• identify security weaknesses on mobile devices
• recognize the overall process of scanning for vulnerabilities
• configure appropriate vulnerability scanning settings
• explain how the SCAP standard is used to measure vulnerability issues and compliance
• conduct a vulnerability scan using Nessus
• distinguish various vulnerability scanning tools from one another
• conduct a vulnerability scan using MBSA
• understand vulnerability scan results
• put controls in place to mitigate threats
• reduce vulnerabilities that can be exploited

CompTIA Cybersecurity Analyst+ CS0-001: Threat Identification

CompTIA Cybersecurity Analyst+ CS0-001: Threat Identification

• start the course
• identify assets and related threats
• recognize known, unknown persistent, and zero-day threats
• identify what constitutes PII
• explain payment card data
• identify intellectual property
• control how valuable data is used
• configure group policy to prevent data leakage
• determine the effect of negative incidents
• identify stakeholders related to incident response
• recognize incident response roles
• describe incident disclosure options
• analyze host symptoms to determine the best response
• analyze network symptoms to determine the best response
• analyze application symptoms to determine the best response
• contain negative incidents
• thoroughly remove data
• identify positive learned outcomes resulting from incidents
• identify how OEM documentation can be used to reverse engineering products
• recognize the relevance of up-to-date network documentation
• recognize the ongoing maintenance of incident response plans
• create proper incident forms
• protect the integrity of collected evidence
• implement changes to processes resulting from lessons learned
• determine which type of report provides the best data for a specific situation
• determine if SLA details are aligned with business needs
• explain the purpose of a MOU
• use existing inventory to drive decisions related to security
• recognize threat impact and design an incident response plan

CompTIA Cybersecurity Analyst+ CS0-001: Threat Mitigation

CompTIA Cybersecurity Analyst+ CS0-001: Threat Mitigation

• start the course
• identify SDLC phases
• apply secure coding practices
• properly test technology solutions for security
• reduce the attack surface of a network host
• recognize the importance of keeping hardware and software up to date
• apply patches properly to secure network hosts
• set the correct access to file systems while adhering to the principle of least privilege
• recognize the purpose of controlling network access with NAC
• recognize the purpose of network segregation using VLANs
• identify various conditions that control access to resources
• recognize the purpose of intentionally creating vulnerable hosts to monitor malicious use
• recognize the purpose of a jump box
• explain how proper IT governance results in secured IT resources
• recognize how regulatory compliance can influence security controls
• apply NIST's Cybersecurity Framework to your digital assets
• apply ISO security standards to harden your environment
• recognize how the TOGAF enterprise IT architecture can increase efficiency of security controls
• recognize how to assess risk and apply effective security controls to mitigate that risk
• recognize how to apply ITIL to increase the efficiency of IT service delivery
• identify physical security controls
• identify logical security controls
• configure router ACL rules to block ICMP traffic
• identify administrative security controls
• identify compensating security controls
• recognize the importance of continuous monitoring
• explain how firmware must be accredited before universal trust is established
• identify factors related to conducting penetration tests
• list categories of security controls and threat mitigations

Mentoring CS0-001 CompTIA Cybersecurity Analyst+

Mentoring CS0-001 CompTIA Cybersecurity Analyst+

• Threat Management
• Vulnerability Management
• Cyber Incident Response
• Security Architecture and Tool Sets

TestPrep CS0-001 CompTIA Cybersecurity Analyst (CySA+)