






















CS0-003 - CompTIA Cybersecurity Analyst+: Analyzing Malicious Activity
CS0-003 - CompTIA Cybersecurity Analyst+: Analyzing Malicious Activity
- discover the key concepts covered in this course
- configure Microsoft Windows virus and threat protection
- use the VirusTotal website for analyzing files and URLs
- determine when to use cloud-based and on-premises malware analysis solutions
- use various techniques to determine the authenticity of email messages
- create a repeatable compliant virtual cloud sandbox using Azure Blueprints
- use virtual private networks (VPNs) for anonymity and install and use the Tor browser
- recall how bug bounties offer rewards for the identification of flaws in hardware and software
- summarize the key concepts covered in this course
Malware mitigation techniques include the deployment, configuration, and ongoing management of virus and threat endpoint protection. Online tools such as VirusTotal can be used to upload suspicious files that might contain malware. Cybersecurity technicians must be able to determine the authenticity of email messages as well as create sandbox environments for testing configurations. In this course, you will begin by configuring Windows virus and threat protection and uploading a potentially infected file to VirusTotal. Next, you will determine when to use cloud-based and on-premises malware analysis solutions like Joe Sandbox and Cuckoo Sandbox. Then you will view email details in an effort to determine message authenticity and you will create a repeatable compliant environment using Azure Blueprints. Finally, you will learn how to work with user virtual private networks (VPNs) and the Tor web browser and find out how bug bounties offer rewards for the identification of flaws in hardware and software. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Authentication
CS0-003 - CompTIA Cybersecurity Analyst+: Authentication
- discover the key concepts covered in this course
- recognize various authentication methods, including passwordless login
- manage Linux users and groups
- configure SSH public key authentication on Linux
- enable a Lightweight Directory Access Protocol (LDAP) authentication server
- configure client LDAP authentication
- manage Windows users and groups
- manage cloud-based users and groups
- create a dynamic membership group
- enable MFA for cloud users
- configure password policy settings for Windows
- recognize how identity federation and SSO are configured
- summarize the key concepts covered in this course
Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources. In this course, you will explore authentication methods, including passwordless login. Then you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will install and configure a Lightweight Directory Access Protocol (LDAP) server and client, manage Windows and cloud users and groups, and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for AWS users, manage Windows password policies, and discover identity federation. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Authorization
CS0-003 - CompTIA Cybersecurity Analyst+: Authorization
- discover the key concepts covered in this course
- define authorization and describe how it differs from authentication
- describe access control models such as role-based access control (RBAC) and attribute-based access control (ABAC)
- manage Linux file system permissions
- manage Windows file system permissions
- create an attribute-based dynamic group
- limit privileged permissions on a Linux system
- configure role-based access control permissions in the Microsoft Azure cloud
- summarize the key concepts covered in this course
Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Business Continuity
CS0-003 - CompTIA Cybersecurity Analyst+: Business Continuity
- discover the key concepts covered in this course
- identify common characteristics of a business continuity plan (BCP), business impact analysis (BIA), and related insurance options
- identify common characteristics of a disaster recovery plan (DRP), including recovery time objective (RTO) and recovery point objective (RPO)
- identify common characteristics of an incident response plan (IRP), including communication plans
- determine when and how specific incidents, such as with cloud providers, are escalated
- recognize how security incidents can be eradicated through threat removal and restoration of services
- identify how security incidents can be contained to limit further damage
- recognize how you can benefit from lessons learned during incident response
- outline how to establish a security model to detect, prevent, and lessen the impact of cybersecurity events
- identify how the diamond model is used to analyze malicious IT security events
- apply incident response to a scenario
- summarize the key concepts covered in this course
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you'll begin by exploring common characteristics of a business continuity plan (BCP) and how to conduct a business impact analysis (BIA). You will then consider disaster recovery and incident response plans and focus on incident response activities such as escalation, eradication, and containment. Next, discover the importance of lessons learned from past incidents in order to make future incident response more effective. Lastly, you will explore the cyber-attack kill chain and the diamond model of intrusion analysis. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Cloud Computing & Cybersecurity
CS0-003 - CompTIA Cybersecurity Analyst+: Cloud Computing & Cybersecurity
- discover the key concepts covered in this course
- list common cloud deployment models
- provide an overview of cloud service models
- identify common cloud security solutions
- deploy a Linux virtual machine in the cloud
- deploy a Windows virtual machine in the cloud
- deploy a web application in the cloud
- recognize the role that the CCM plays in establishing cloud security controls
- configure cloud resource managed identities to control cloud resource access
- recognize the purpose of a content delivery network
- configure a content delivery network
- summarize the key concepts covered in this course
Cloud computing is an integral part of IT solutions for individuals and organizations. A knowledge of how cloud computing services are deployed and managed is a requirement for securing cloud-based resources. In this course, I will start by discussing cloud computing deployment models, such as public and private clouds, followed by discussing various cloud computing service models. Next, I will cover a variety of cloud computing security solutions, and I will deploy Linux and Windows cloud-based virtual machines. I will then deploy a web application in the cloud, cover the Cloud Controls Matrix (CCM) security controls, and work with Microsoft Azure managed identities. Lastly, I will discuss and configure a content delivery network (CDN). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Cryptography
CS0-003 - CompTIA Cybersecurity Analyst+: Cryptography
- discover the key concepts covered in this course
- identify how the CIA triad enhances IT security
- outline how cryptography protects data
- manage EFS file encryption
- configure Microsoft BitLocker to protect data at rest
- configure a Microsoft Azure storage account with a customer-managed key
- recognize how cryptography applies to data integrity
- hash files in Linux
- manage file hashing in Windows
- state how HSMs are used for encryption offloading and the storage of cryptographic secrets
- identify how TLS supersedes SSL for network security
- summarize the key concepts covered in this course
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure EFS file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Finally, learn how to hash files in Linux and Windows, about hardware security modules (HSMs), and how TLS supersedes SSL. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Data Security Standards
CS0-003 - CompTIA Cybersecurity Analyst+: Data Security Standards
- discover the key concepts covered in this course
- outline methods for securing assets using physical controls
- identify examples of personally identifiable information (PII) and how this can affect privacy impact statements
- recognize when data loss prevention (DLP) solutions should be used for data privacy
- outline how the General Data Protection Regulation (GDPR) assures data privacy
- identify how the Health Insurance Portability and Accountability Act (HIPAA) protects sensitive medical information
- recognize how the Payment Card Industry Data Security Standard (PCI DSS) protects cardholder data (CHD)
- discover and classify sensitive data in Amazon Macie
- configure data classification using Windows Server File Server Resource Manager (FSRM)
- identify the importance of service level objectives (SLOs) and service level agreements (SLAs)
- summarize the key concepts covered in this course
To remain compliant with relevant data privacy laws and regulations, organizations must have a way of identifying sensitive data and implementing security controls to protect that data. In this course, explore how physical security is related to digital data security, examples of personally identifiable information (PII), and how data loss prevention (DLP) solutions can prevent data exfiltration. Next, learn about common data privacy regulations and standards, including GDPR, HIPAA, and PCI DSS. Finally, discover how to use Amazon Macie and File Server Resource Manager to discover and classify sensitive information and learn about the importance of service level objectives (SLOs) and service level agreements (SLAs). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Firewalls & Intrusion Detection
CS0-003 - CompTIA Cybersecurity Analyst+: Firewalls & Intrusion Detection
- discover the key concepts covered in this course
- outline the different types of firewalls, including next-generation firewall (NGFW) and web application firewall (WAF), their placement, such as in the demilitarized zone (DMZ), and when they should be used
- configure Windows Defender firewall settings
- configure Linux network firewall settings
- configure firewall rules in an Azure Network Security Group
- describe the role played by forward and reverse proxy servers
- install the Squid proxy server on Linux
- provide an overview of how intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) solutions address security issues
- install and configure the Snort IDS tool
- summarize the key concepts covered in this course
Firewall solutions control which types of network traffic are allowed into, through, or to leave a host or network. Cybersecurity analysts must know which type of firewall is needed for a given requirement as well as the placement of the firewall solution on the network. In this course, you will begin with a comparison of firewall types such as packet filtering, next-generation, and web application firewalls and learn how to determine their placement on the network. Then you will configure Windows Defender and Linux firewall settings. Next, you will configure Azure network security group firewall rules and explore the role played by forward and reverse proxy servers. Finally, you will install the Squid proxy server on Linux, find out how intrusion detection and prevention systems can address security concerns, and install and configure the Snort IDS. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Hardening Techniques
CS0-003 - CompTIA Cybersecurity Analyst+: Hardening Techniques
- discover the key concepts covered in this course
- list common cybersecurity hardening techniques
- configure Group Policy security settings
- list methods of securing a storage area network (SAN)
- enable Azure Bastion for secure remote virtual machine (VM) management
- identify the importance of hardware and software patches
- configure Windows update settings on a single host
- install and manage a Windows Server Update Services (WSUS) patching server
- ensure updates are applied to Azure VMs
- summarize the key concepts covered in this course
Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, I will begin by covering hardening techniques for a variety of IT environments, followed by using Microsoft Group Policy to configure security settings for Active Directory domain-joined computers. Next, I will discuss storage area networks and related security considerations. I will then remove the need for virtual machine (VM) public IP addresses by allowing remote access through Microsoft Azure Bastion. I will discuss the importance of applying hardware and software patches. Lastly, I will install and configure a Windows Server Update Services (WSUS) server and deploy updates to Microsoft Azure virtual machines. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Logging & Monitoring
CS0-003 - CompTIA Cybersecurity Analyst+: Logging & Monitoring
- discover the key concepts covered in this course
- identify common Linux logs
- view common Linux log files
- configure log rotation
- enable forwarding to a centralized logging host
- view, filter, and set logging levels for Event Viewer logs
- enable forwarding to a centralized logging host
- recognize where honeypots and honeynets can be used to monitor malicious traffic
- implement a honeypot
- summarize the key concepts covered in this course
Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact. In this course, learn how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, work with Windows Event Viewer logs and configure Windows log forwarding. Finally, discover how tracking malicious actor activity is possible using honeypots and honeynets and how to implement a honeypot. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Malicious Techniques & Procedures
CS0-003 - CompTIA Cybersecurity Analyst+: Malicious Techniques & Procedures
- discover the key concepts covered in this course
- outline the mechanics of a SYN flood attack
- recognize how buffer overflow attacks work and how to mitigate them
- recognize how cross-site scripting (XSS) attacks occur
- identify types of injection attacks
- run a SQL injection attack
- outline how the use of insecure XML components such as local and remote file inclusion can lead to web application compromise
- mitigate distributed denial-of-service (DDoS) attacks
- use the slowhttptest command to run a denial-of-service (DoS) attack against a website
- use the Browser Exploitation Framework (BeEF) tool to hack a web browser
- work with reverse shells and recognize how to mitigate the risks they present
- use hping3 to forge network traffic
- use the hydra tool to brute force a Windows Remote Desktop Protocol (RDP) connection
- recognize common Wi-Fi attacks
- summarize the key concepts covered in this course
Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. A knowledge of techniques and attacks such as buffer overflows and distributed denial-of-service (DDoS) attacks facilitates mitigation planning. In this course, I will begin by covering how SYN flood attacks from the 3-way Transmission Control Protocol (TCP) handshake. Next, I will detail various types of buffer overflow, cross-site scripting (XSS), and injection attacks. I will then execute a structured query language (SQL) injection attack followed by discussing potential extensible markup language (XML) vulnerabilities and DDoS attack mitigations. Moving on, I will run a denial-of-service (DoS), client web browser, and reverse shell attack. Lastly, I will spoof network traffic, crack Remote Desktop Protocol (RDP) passwords and discuss common Wi-Fi attacks. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Malware
CS0-003 - CompTIA Cybersecurity Analyst+: Malware
- discover the key concepts covered in this course
- identify different sources and motivations for IT threats
- outline how security and performance baselines facilitate threat identification
- recognize how social engineering uses deception to acquire sensitive information
- use the Social-Engineer Toolkit (SET) to execute social engineering attacks
- list the characteristics of common malware types
- name techniques used for malware analysis
- outline common languages used for scripting
- create and test a Microsoft PowerShell script
- create and test a Bash shell script that uses regular expressions
- create and test a Python script
- identify indicators of malicious network activity
- recognize indicators of malicious host activity
- outline indicators of malicious application activity
- summarize the key concepts covered in this course
Malicious actors are motivated and influenced by a variety of factors, and one of the most effective security mechanisms organizations can employ is user awareness and training on security threats. Cybersecurity analysts must be aware of various types of attacks and how scripting languages and tools are used to execute these attacks. In this course, learn about threat actor types and their motivations and how security baselines facilitate the identification of non-compliant devices. Next, explore examples of social engineering attacks and use the Social-Engineer Toolkit (SET) to execute such an attack. Finally, examine the characteristics of malware types, common scripting languages, and how to recognize potential indicators of malicious activity. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Managing Network Settings
CS0-003 - CompTIA Cybersecurity Analyst+: Managing Network Settings
- discover the key concepts covered in this course
- create a virtual network in VMware Workstation
- manage a cloud network through software-defined networking (SDN)
- configure IP addressing in Linux
- configure IP addressing in Windows
- configure cloud IP resources
- manage cloud route table entries
- harden Dynamic Host Configuration Protocol (DHCP) and domain name system (DNS) services
- harden a Wi-Fi router
- enable IPsec on Windows stations
- summarize the key concepts covered in this course
Modern IT solutions communicate over various types of networks. Cybersecurity analysts must be able to configure and secure the ways that devices communicate over these networks. In this course, I will begin by creating on-premises and cloud-based virtual networks, followed by managing IP addressing on Linux, Windows, and in the cloud. Next, I will manage routing table entries in the cloud and implement domain name system (DNS) and Dynamic Host Configuration Protocol (DHCP) security. Lastly, I will harden a Wi-Fi router and configure IPsec in Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Managing Risk
CS0-003 - CompTIA Cybersecurity Analyst+: Managing Risk
- discover the key concepts covered in this course
- outline how risk management can improve business operations including minimizing residual risk
- identify the most relevant risks and record them in a risk register
- determine when residual risk is acceptable
- determine how risk avoidance fits into the corporate risk appetite
- identify when risk should be outsourced to other parties
- recognize how risk cannot always entirely be eliminated
- outline how the annual loss expectancy (ALE) is calculated and how it compares to the cost of IT security controls
- identify the types of security control
- define enterprise configuration management procedures and terms such as configuration management system (CMS), configuration management database (CMDB), an configuration item (CI)
- recognize which factors influence the crafting of various security baselines
- enable Microsoft Azure storage account replication
- register a Windows Server with Microsoft Azure for backup
- summarize the key concepts covered in this course
Risk is inevitable when relying on IT systems to manage data. Cybersecurity analysts can apply a variety of techniques to manage risk to an acceptable level. In this course, explore how risk management can minimize the impact of IT security events and discuss the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, discover how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. Explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Network Security Concepts
CS0-003 - CompTIA Cybersecurity Analyst+: Network Security Concepts
- discover the key concepts covered in this course
- identify how network hardware and software maps to the Open Systems Interconnection (OSI) model
- outline how network switching works, including the use of virtual local area network (VLANs)
- recognize the most common TCP/IP protocols
- outline how to plan for IPv4 and IPv6 addressing
- identify network routing concepts and protocols such as RIP, BGP and OSPF
- outline the security aspect of dynamic host configuration protocol (DHCP) usage
- outline the security aspect of domain name system (DNS) usage
- list various ways of authenticating to a Wi-Fi network
- recognize how virtual private networks (VPNs) provide encrypted tunnels to remote networks
- outline how the IPsec network security protocol suite protects network traffic
- outline how network time synchronization works
- configure network time synchronization in Linux
- summarize the key concepts covered in this course
Cybersecurity policies often require detailed network configuration changes and additions. Technicians must be proficient with the configuration and management of various TCP/IP protocols. In this course, I will start by discussing the Open Systems Interconnection (OSI) model, network switching, and network access control. Next, I'll discuss the TCP/IP protocol suite as well as IPv4 and IPv6 addressing. I will then discuss network routing, dynamic host configuration protocol (DHCP), domain name system (DNS) and Wi-Fi authentication methods. Lastly, I will cover virtual private networks (VPNs), IP Security (IPsec) and network time synchronization. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: OS Process Management
CS0-003 - CompTIA Cybersecurity Analyst+: OS Process Management
- discover the key concepts covered in this course
- navigate through Windows Registry hives
- use commands to view Linux hardware devices
- use the Window device manager tool to manage hardware devices
- create disk partitions and format and mount Linux file systems
- create disk partitions and format Windows file systems
- identify how the Linux kernel interacts with processes and daemons
- use commands manage Linux processes and daemons
- manage Windows processes and services
- use a data collector set to establish a Windows performance baseline
- summarize the key concepts covered in this course
Managing the running processes on Linux and Windows hosts not only improves performance but also impacts how secure those hosts are. Determining what an abnormal performance or activity is greatly facilitates comparisons to current activity to established baselines of normal performance and behavior. In this course, I will start by navigating through the Windows registry followed by exploring Linux hardware devices using the Linux command line. I will then use the Windows Device Manager tool to manage a hardware device. Next, I will create partitions and file systems on Linux and Windows hosts followed by covering how processes and daemons interact with the Linux OS. I will manage Linux and Windows processes and daemons, or services. Lastly, I will establish a normal performance baseline on a Windows Server using a data collector set. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Public Key Infrastructure
CS0-003 - CompTIA Cybersecurity Analyst+: Public Key Infrastructure
- discover the key concepts covered in this course
- outline how public key infrastructure (PKI) certificates are issued and used
- identify the various stages of the PKI certificate life cycle
- create a Windows-based private certification authority (CA)
- manage Windows certificate templates
- acquire a PKI certificate
- configure an HTTPS binding for a web application
- configuring a web app to require client PKI certificates
- summarize the key concepts covered in this course
Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through e-mail encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used. In this course, I'll start by discussing the PKI hierarchy from certification authorities (CAs) down to issued certificates and explore the PKI certificate life cycle. Next, I will deploy a private CA on the Windows platform and demonstrate how to manage PKI certificate templates. Then, I will acquire PKI certificates and configure a web server HTTPS binding. Lastly, I will configure a website to allow access only from clients with trusted PKI certificates. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Secure Coding & Digital Forensics
CS0-003 - CompTIA Cybersecurity Analyst+: Secure Coding & Digital Forensics
- discover the key concepts covered in this course
- recognize how security applies to all SDLC phases
- define the importance of CI/CD
- recognize how Git is used for file version control
- outline how the Control Objectives for Information and Related Technologies (COBIT) framework applies to IT governance
- recognize the importance of securing evidence both during and after collection
- configure legal hold settings for a Microsoft Azure storage account
- list common digital forensic hardware and software solutions
- use the Autopsy tool for digital forensics
- summarize the key concepts covered in this course
Security must be included in all phases of IT system and software development designs. Continuous integration and continuous delivery/deployment (CI/CD) integrates development and ongoing management of IT solutions. Cybersecurity analysts must understand IT governance and digital forensics concepts. Begin this course by examining the role of security in the software development life cycle (SDLC). Then you will explore CI/CD and learn how Git is used for file version control. Next, you will discover how the Control Objectives for Information and Related Technologies (COBIT) framework applies to IT governance and you will investigate digital forensics. Finally, you will configure legal hold settings for a cloud storage account and list common digital forensics hardware and software solutions. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Security & Network Monitoring
CS0-003 - CompTIA Cybersecurity Analyst+: Security & Network Monitoring
- discover the key concepts covered in this course
- recall how a SIEM solution serves as a central ingestion point for security analysis in a security operations center (SOC)
- identify how a SOAR solution serves as a method of automating security incident remediation
- outline true positives and negatives as well as false positives and negatives
- deploy Splunk on Linux
- configure Linux log forwarding to Splunk
- query Splunk indexes
- use tcpdump to capture network traffic
- use Wireshark to capture network traffic
- analyze an ICS network traffic capture
- recognize the role that AI and ML play in threat hunting
- summarize the key concepts covered in this course
SIEM solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using SOAR solutions. In this course, discover the benefits of security information and event management (SIEM) and security orchestration, automation, and response (SOAR) security incident monitoring and response solutions. Next, explore threat positives and negatives, followed by deploying the Splunk SIEM on Linux. Finally, learn how to configure a Splunk universal forwarder and use various tools to capture and analyze network traffic. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Threat Intelligence
CS0-003 - CompTIA Cybersecurity Analyst+: Threat Intelligence
- discover the key concepts covered in this course
- identify common threat intelligence sources
- view common CVEs and incorporate them into a security program
- use the MITRE ATT&CK knowledge base
- recognize the importance of the OWASP Top 10 when hardening web applications
- identify how APTs are executed
- outline how ISO/IEC standards can result in proper IT governance
- download and analyze Center for Internet Security (CIS) benchmark documentation
- use the Common Vulnerability Scoring System (CVSS) to describe IT security threats
- list various types of security policies
- outline how to ensure effective security governance through security awareness and business executive involvement
- summarize the key concepts covered in this course
Cybersecurity analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, examine different threat intelligence sources, the common vulnerabilities and exposures (CVEs) website, and the MITRE ATT&CK knowledge base. Next, discover how the OWASP Top 10 can help harden vulnerable web applications, how advanced persistent threats (APTs) are executed, and common ISO/IEC standards. Finally, learn how to analyze CIS benchmark documents, the Common Vulnerability Scoring System (CVSS), common organization security policy structures, and how organizational culture relates to IT security. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Virtualization & Container Security
CS0-003 - CompTIA Cybersecurity Analyst+: Virtualization & Container Security
- discover the key concepts covered in this course
- define various types of virtualization
- install Microsoft Hyper-V
- outline how application containers work
- install Docker on Linux
- install Docker on Windows
- summarize the key concepts covered in this course
Virtualization comes in a variety of forms, including operating system, application, and desktop virtualization. Cybersecurity analysts regularly manage and secure application containers and virtual machines on-premises and in the cloud. In this course, I will discuss the differences between operating systems, application, and desktop virtualization. I will then configure Microsoft Hyper-V. Next, I will cover application containerization concepts, install Docker on Linux, and manage application containers on Linux. Lastly, I will install Docker on Windows and manage application containers on Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
CS0-003 - CompTIA Cybersecurity Analyst+: Vulnerability & Penetration Testing
CS0-003 - CompTIA Cybersecurity Analyst+: Vulnerability & Penetration Testing
- discover the key concepts covered in this course
- plan, schedule, and run vulnerability assessments to identify weaknesses
- identify commonly used vulnerability scanning tools
- use nmap to conduct a port scan
- use Nessus to execute a vulnerability scan
- use Zenmap to execute a scan
- use the OWASP Zed Attack Proxy (ZAP) tool to test web application security
- describe how penetration testing provides value to the security program
- navigate through the Metasploit framework console
- use the Burp Suite tool as an HTTP intermediate proxy
- use Azure Policy to view cloud resource compliance
- describe the importance of detecting anomalies and potential indicators of compromise
- recognize how IT security applies to Supervisory Control and Data Acquisition (SCADA), industrial control systems (ICSs), and operational technology (OT)
- summarize the key concepts covered in this course
Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities. In this course, you will discover how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an nmap scan. Next, you will use Nessus and Zenmap to execute security scans and text web app security using the OWASP Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will learn how to manage Azure policy, investigate potential indicators of compromise, and examine how IT security relates to industrial control systems. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.