A comprehensive, all-in-one resource for those preparing for the CySA+ (CS0-003) certification exam
Overview
Syllabus
Introduction
- About the CySA+ exam
- What's new in CS0-003?
- Careers in information security
- Value of certification
- Stackable certifications
- The CySA+ exam
- The CySA+ in-person exam environment
- At-home testing
- CySA+ question types
- Passing the CySA+ exam
- Study resources
- Exam tips
- Continuing education requirements
- Security Operations
- The goals of information security
- Role of the cybersecurity analyst
- Operating system security
- Windows Registry
- Configuration files
- System processes
- Hardware architecture
- Logging security information
- Security information and event management
- Tuning and configuring SIEMs
- Continuous security monitoring
- Virtualization
- Cloud infrastructure components
- Containers
- Network architecture
- Security zones
- VLANs and network segmentation
- Zero-trust networking
- Secure access service edge (SASE)
- Software-defined networking (SDN)
- Identification, authentication, authorization, and accounting
- Usernames and access cards
- Biometrics
- Authentication factors
- Multifactor authentication
- Something you have
- Password authentication protocols
- Single sign-on and federation
- Passwordless authentication
- Privileged access management
- Cloud access security brokers
- Understanding encryption
- Symmetric and asymmetric cryptography
- Goals of cryptography
- Trust models
- PKI and digital certificates
- TLS and SSL
- Data classification
- Data loss prevention
- Network symptoms
- Rogue access points and evil twins
- Endpoint symptoms
- Application symptoms
- Obfuscated links
- Social engineering
- Protocol analyzers
- DNS and IP reputation
- Endpoint monitoring
- Malware prevention
- Executable analysis
- Cuckoo and Joe Sandbox
- User account monitoring
- Malicious email content
- Digital signatures
- DKIM, DMARC, and SPF
- Analyzing email headers
- Shell and script environments
- APIs
- Querying logs
- Threat actors
- Zero-days and the APT
- Supply chain vulnerabilities
- Threat classification
- Threat intelligence
- Managing threat indicators
- Intelligence sharing
- Threat research
- Identifying threats
- Automating threat intelligence
- Threat hunting
- Deception technologies
- Standardizing processes and streamlining operations
- Technology and tool integration
- Vulnerability Management
- What is vulnerability management?
- Identify scan targets
- Scan frequency
- Network scanning
- Install Nmap on Windows
- Install Nmap on macOS
- Run and interpret a simple Nmap scan
- Host discovery with Nmap
- Operate system fingerprinting
- Service version detection
- Security baseline scanning
- Scan configuration
- Scan perspective
- Scanner maintenance
- Vulnerability scanning tools
- Passive vulnerability scanning
- SCAP
- CVSS
- Interpret CVSS scores
- Analyze scan reports
- Correlate scan results
- Server vulnerabilities
- Endpoint vulnerabilities
- Network vulnerabilities
- OWASP Top 10
- Prevent SQL injection
- Understand cross-site scripting
- Request forgery
- Privilege escalation
- Directory traversal
- File inclusion
- Overflow attacks
- Cookies and attachments
- Session hijacking
- Race conditions
- Memory vulnerabilities
- Code execution attacks
- Data poisoning
- Third-party code
- Interception proxies
- Industrial control systems
- Internet of Things
- Embedded systems
- Exploitation frameworks
- Cloud auditing tools
- Debuggers
- Open-source reconnaissance
- Control frameworks
- Software platforms
- Development methodologies
- Maturity models
- Change management
- Input validation
- Parameterized queries
- Authentication and session management issues
- Output encoding
- Error and exception handling
- Code signing
- Database security
- Data de-identification
- Data obfuscation
- Software testing
- Code security tests
- Fuzzing
- Reverse engineering software
- Reverse engineering hardware
- Threat research
- Identify threats
- Understand attacks
- Threat modeling
- Attack surface management
- Bug bounty
- Align security with the business
- Organizational processes
- Security roles and responsibilities
- Security control selection
- Risk assessment
- Quantitative risk assessment
- Risk treatment options
- Risk management frameworks
- Risk visibility and reporting
- Incident Response and Management
- Build an incident response program
- Creating an incident response team
- Incident communications plan
- Incident identification
- Escalation and notification
- Mitigation
- Containment techniques
- Incident eradication and recovery
- Validation
- Post-incident activities
- Incident response exercises
- MITRE ATT&CK
- Diamond model of intrusion analysis
- Cyber kill chain analysis
- Testing guides
- Logging security information
- Security information and event management
- Cloud audits and investigations
- Conducting investigations
- Evidence types
- Introduction to forensics
- System and file forensics
- File carving
- Creating forensic images
- Digital forensics toolkit
- Operating system analysis
- Password forensics
- Network forensics
- Software forensics
- Mobile device forensics
- Embedded device forensics
- Chain of custody
- Ediscovery and evidence production
- Business continuity planning
- Business continuity controls
- High availability and fault tolerance
- Disaster recovery
- Backups
- Restoring backups
- Disaster recovery sites
- Testing BC/DR plans
- After-action reports
- Reporting and Communication
- Vulnerability communication
- Report scan results
- Prioritize remediation
- Create a remediation workflow
- Barriers to vulnerability remediation
- Vulnerability metrics
- Incident communications plan
- Incident identification
- Escalation and notification
- Post-incident activities
- Incident response reports
- Incident metrics and KPIs
- Continuing your studies
Taught by
Mike Chapple