Cybersecurity Analyst (CySA+) 

REQUEST INFORMATION

CompTIA CySA+ Program 

PROGRAM

CompTIA Cybersecurity Analyst (CySA+) 

Certification Preparation Training (Online or Oncampus)

IT CATALOG

NEW EDUCARE INSTITUTE OF HEALTHCARE

AT PROGRAM COMPLETION YOU WILL RECIEVE

CompTIA Cybersecurity Analyst (CySA+)

CERTIFICATE OF COMPLETION

  • Identify tools and techniques to use to perform an environmental reconnaissance of a target network or security system.
  • Collect, analyze, and interpret security data from multiple log and monitoring sources.
  • Use network host and web application vulnerability assessment tools and interpret the results to provide effective mitigation.
  • Understand and remediate identity management, authentication, and access control issues.
  • Participate in a senior role within an incident response team and use forensic tools to identify the source of an attack.
  • Understand the use of frameworks, policies, and procedures and report on security architecture with recommendations for effective compensating controls.

COURSE OUTCOME

PROGRAM CURRICULUM

CompTIA Cybersecurity Analyst (CySA+)

TOPICS

Module 1

Threat Management

(Part 1)

Module 5 Security Architecture

Module 2

Vulnerability Management

Module 4

Cyber Incident Response

CompTIA Cybersecurity Analyst (CySA+)


Duration: 5 to 7 Days


Program Description:  CompTIA CySA+ course is aimed at IT professionals with (or seeking) job roles such as IT Security Analyst, Security Operations Center (SOC) Analyst, Vulnerability Analyst, Cybersecurity Specialist, Threat Intelligence Analyst, and Security Engineer. This course prepares the student for the CompTIA CySA+ certification exams.

Module 3

Threat Management

(Part 2)

COMPTIA CySA+ (Cybersecurity Analyst)

COURSE OUTLINE

Module 1
Threat

Management 1
Unit 1.1

Cybersecurity Analysts

  • Cybersecurity Roles and Responsibilities
  • Frameworks and Security Controls
  • Risk Evaluation
  • Penetration Testing Processes

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.4 Explain the purpose of practices used to secure a corporate environment

  • Penetration testing (Rules of engagement [Timing, Scope, Authorization, Exploitation, Communication, Reporting]) • Training and exercises (Red team, Blue team, White team) • Risk evaluation (Technical control review, Operational control review, Technical impact and likelihood [High, Medium, Low])

4.1 Explain the relationship between frameworks, common policies, controls, and procedures

  • Controls (Control selection based on criteria, Organizationally defined parameters, Physical controls, Logical controls, Administrative controls)

Unit 1.2
Reconnaissance Techniques

  • The Kill Chain
  • Open Source Intelligence
  • Social Engineering
  • Topology Discovery
  • Service Discovery
  • OS Fingerprinting

Topics For Self-study
Live Labs

  • DNS Harvesting
  • Social Engineering Reconnaissance
  • Windows Command Line Tools
  • Topology Discovery Part 1
  • Topology Discovery Part 2

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes

  • Procedures / common tasks (Topology discovery, OS fingerprinting, Service discovery, Email harvesting, Social media profiling, Social engineering, DNS harvesting, Phishing) • Variables (Wireless vs. wired, Virtual vs. physical, Internal vs. external, On-premises vs. cloud) • Tools (Nmap, Host scanning, Network mapping, netstat)

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Network scanning (Nmap), Command line / IP utilities (netstat, ping, tracert / traceroute, ipconfig / ifconfig, nslookup / dig)


Module 2
Vulnerability Management
Unit 2.1
Managing Vulnerabilities

  • Vulnerability Management Requirements
  • Asset Inventory
  • Data Classification 
  • Vulnerability Management Processes
  • Vulnerability Scanners
  • Microsoft Baseline Security Analyzer
  • Vulnerability Feeds and SCAP 
  • Configuring Vulnerability Scans
  • Vulnerability Scanning Criteria
  • Exploit Frameworks

Topics For Self-study
Live Labs

  • Vulnerability Scanner Nessus
  • Vulnerability Scanner MBSA

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes

  • Tools (Vulnerability scanner)

2.1 Given a scenario, implement an information security vulnerability management process

  • Identification of requirements (Regulatory environments, Corporate policy, Data classification, Asset inventory [Critical, Non-critical]) • Establish scanning frequency (Risk appetite, Regulatory requirements, Technical constraints, Workflow) • Configure tools to perform scans according to specification (Determine scanning criteria [Sensitivity levels, Vulnerability feed, Scope, Credentialed vs. non-credentialed, Types of data, Server-based vs. agent-based], Tool updates / plug-ins [SCAP], Permissions and access) • Execute scanning • Generate reports (Automated vs. manual distribution) • Ongoing scanning and continuous monitoring

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Collective {Vulnerability scanning (Qualys, Nessus, OpenVAS, Nexpose, Microsoft Baseline Security Analyzer)} • Analytical {Vulnerability scanning (Qualys, Nessus, OpenVAS, Nexpose, Microsoft Baseline Security Analyzer)} • Exploit {Exploit framework (Metasploit, Nexpose)} 

Unit 2.2 

Remediating

  • Vulnerabilities
    Analyzing Vulnerability Scans
  • Remediation and Change Control
  • Remediating Host Vulnerabilities
  • Remediating Network Vulnerabilities
  • Remediating Virtual Infrastructure Vulnerabilities

Topics For Self-study
Live Labs

  • AlienVault Monitoring - Threats Vulnerabilities and Reporting

CompTIA Exam Domain Objectives

Topics For CySA+ (Cybersecurity Analyst)
2.1 Given a scenario, implement an information security vulnerability management process

  • Remediation (Prioritizing [Criticality, Difficulty of implementation], Communication / change control, Sandboxing / testing, Inhibitors to remediation [MOUs, SLAs, Organizational governance, Business process interruption, Degrading functionality])

2.2 Given a scenario, analyze the output resulting from a vulnerability scan

  • Analyze reports from a vulnerability scan (Review and interpret scan results [Identify false positives, Identify exceptions, Prioritize response actions]) • Validate results and correlate other data points (Compare to best practices or compliance, Reconcile results, Review related logs and / or other data sources, Determine trends)

2.3 Compare and contrast common vulnerabilities found in the following targets within an organization

  • Servers • Endpoints • Network infrastructure • Network appliances • Virtual infrastructure (Virtual hosts, Virtual networks, Management interface) • Mobile devices • Interconnected networks • Virtual private networks (VPNs) • Industrial Control Systems (ICS) • SCADA devices

Unit 2.3
Secure Software Development

  • Software Development Lifecycle
  • Software Vulnerabilities
  • Software Security Testing
  • Interception Proxies
  • Web Application Firewalls
  • Source Authenticity 
  • Reverse Engineering

Topics For Self-study
Live Labs

  • DVWA - Manual SQL Injection and Password Cracking

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.4 Explain the purpose of practices used to secure a corporate environment

  • Reverse engineering (Isolation / sandboxing, Hardware [Source authenticity of hardware, Trusted foundry, OEM documentation], Software / malware [Fingerprinting / hashing, Decomposition])

4.4 Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)

  • Best practices during software development (Security requirements definition, Security testing phases [Static code analysis, Web app vulnerability scanning, Fuzzing, Use interception proxy to crawl application], Manual peer reviews, User acceptance testing, Stress test application, Security regression testing, Input validation) • Secure coding best practices (OWASP, SANS, Center for Internet Security [System design recommendations, Benchmarks])

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Preventative {Web Application Firewall (WAF) (ModSecurity, NAXSI, Imperva]} • Collective {Vulnerability scanning (Nikto)} • Analytical {Vulnerability scanning (Nikto), Interception proxy (Burp Suite, Zap, Vega)} • Exploit {Interception proxy (Burp Suite, Zap, Vega), Fuzzers (Untidy, Peach Fuzzer, Microsoft SDL File / Regex Fuzzer)}


Module 3
Threat Management 2
Unit 3.1
Security Appliances 

  • Configuring Firewalls
  • Intrusion Detection and Prevention
  • Configuring IDS
  • Malware Threats
  • Configuring Anti-virus Software
  • Sysinternals 
  • Enhanced Mitigation Experience Toolkit

Topics For Self-study
Live Labs

  • Implement the Cisco Adaptive Security Appliance

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes

  • Procedures (Router / firewall ACLs review) • Tools (IDS / IPS, HIDS / NIDS, Firewall rule-based and logs)

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Preventative {IPS (Sourcefire, Snort, Bro), HIPS, Firewall (Cisco, Palo Alto, Check Point), Antivirus, Anti-malware, EMET, Web proxy} • Collective {Command line / IP utilities (Sysinternals), IDS / HIDS (Bro)}

Unit 3.2
Logging and Analysis

  • Packet Capture
  • Packet Capture Tools
  • Monitoring Tools
  • Log Review and SIEM
  • SIEM Data Outputs
  • SIEM Data Analysis
  • Point-in-Time Data Analysis

Topics For Self-study
Live Labs

  • Passive Topology Discovery
  • Packet Sniffing
  • Introduction to Syslog
  • Monitoring Servers
  • AlienVault Monitoring - SIEM and Netflow

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.1 Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes

  • Procedures / common tasks (Packet capture, Log review) • Tools (Packet analyzer, Syslog)

1.2 Given a scenario, analyze the results of a network reconnaissance

  • Point-in-time data analysis (Packet analysis, Protocol analysis, Traffic analysis, NetFlow analysis, Wireless analysis) • Data correlation and analytics (Anomaly analysis, Trend analysis, Availability analysis, Heuristic analysis, Behavioral analysis) • Data output (Firewall logs, Packet captures, Nmap scan results, Event logs, Syslogs, IDS report) • Tools (SIEM, Packet analyzer, IDS, Resource monitoring tool, NetFlow analyzer)

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Collective {SIEM (ArcSight, QRadar, Splunk, Alien Vault OSSIM, Kiwi Syslog), Packet capture (Wireshark, tcpdump, Network General, Aircrack-ng)} • Analytical {Monitoring tools (MRTG, Nagios, SolarWinds, Cacti, NetFlow Analyzer)}


Module 4
Cyber Incident Response
Unit 4.1
Incident Response

  • Incident Response Processes
  • Threat Classification
  • Incident Severity and Prioritization 
  • Types of Data

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
3.1 Given a scenario, distinguish threat data or behavior to determine the impact of an incident

  • Threat classification (Known threats vs. unknown threats, Zero-day, Advanced Persistent Threat) • Factors contributing to incident severity and prioritization • Scope of impact (Downtime, Recovery time, Data integrity, Economic, System process criticality) • Types of data (Personally Identifiable Information [PII], Personal Health Information (PHI), Payment card information, Intellectual property, Corporate confidential [Accounting data, Mergers and acquisitions])

3.3 Explain the importance of communication during the incident response process

  • Stakeholders (HR, Legal, Marketing, Management) • Purpose of communication processes (Limit communication to trusted parties, Disclosure based on regulatory / legislative requirements, Prevent inadvertent release of information, Secure method of communication) • Role-based responsibilities (Technical, Management, Law enforcement, Retain incident response provider)

Unit 4.2 

Forensics Tools

  • Digital Forensics Investigations
  • Documentation and Forms
  • Digital Forensics Crime Scenes
  • Digital Forensics Kits
  • Image Acquisition
  • Password Cracking
  • Analysis Utilities

Topics For Self-study
Live Labs

  • Encryption and Hashing
  • Forensics – Understanding the Digital Forensics Profession and Investigations

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation

  • Forensics kit (Digital forensics workstation, Write blockers, Cables, Drive adapters, Wiped removable media, Cameras, Crime tape, Tamper-proof seals, Documentation / forms [Chain of custody form, Incident response plan, Incident form, Call list / escalation list]) • Forensic investigation suite (Imaging utilities, Analysis utilities, Chain of custody, Hashing utilities, OS and process analysis, Mobile device forensics, Password crackers, Cryptography tools, Log viewers)

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Forensics {Forensic suites (EnCase, FTK, Helix, Sysinternals, Cellebrite), Hashing (MD5sum, SHAsum), Password cracking (John the Ripper, Cain & Abel), Imaging (dd)}

Unit 4.3

Incident Analysis and Recovery

  • Analysis and Recovery Frameworks
  • Analyzing Network Symptoms
  • Analyzing Host Symptoms
  • Analyzing Data Exfiltration
  • Analyzing Application Symptoms
  • Using Sysinternals
  • Containment Techniques 
  • Eradication Techniques
  • Validation Techniques
  • Corrective Actions

Topics For Self-study
Live Labs

  • Forensics - E-mail and Social Media Investigations

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
3.4 Given a scenario, analyze common symptoms to select the best course of action to support incident response

  • Common network-related symptoms (Bandwidth consumption, Beaconing, Irregular peer-to-peer communication, Rogue devices on the network, Scan sweeps, Unusual traffic spikes) • Common host-related symptoms (Processor consumption, Memory consumption, Drive capacity consumption, Unauthorized software, Malicious processes, Unauthorized changes, Unauthorized privileges, Data exfiltration) • Common application-related symptoms (Anomalous activity, Introduction of new accounts, Unexpected output, Unexpected outbound communication, Service interruption, Memory overflows)

3.5 Summarize the incident recovery and post-incident response process

  • Containment techniques (Segmentation, Isolation, Removal, Reverse engineering) • Eradication techniques (Sanitization, Reconstruction / reimage, Secure disposal) • Validation (Patching, Permissions, Scanning, Verify logging / communication to security monitoring) • Corrective actions (Lessons learned report, Change control process, Update incident response plan) • Incident summary report


Module 5
Security Architecture
Unit 5.1
Secure Network Design

  • Network Segmentation
  • Blackholes, Sinkholes, and Honeypots
  • System Hardening
  • Group Policies and MAC
  • Endpoint Security

Topics For Self-study
Live Labs

  • Implement IOS Features to Mitigate Threats
  • IPv4 and IPv6 Access Lists for Traffic Filtering
  • Configure Verify and Troubleshoot Port Security
  • Securing the Management Plane on Cisco Routers
  • Compliance Patching

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.3 Given a network-based threat, implement or recommend the appropriate response and countermeasure

  • Network segmentation (System isolation, Jump box) • Honeypot • Endpoint security • Group policies • ACLs (Sinkhole) • Hardening (Mandatory Access Control (MAC), Compensating controls, Blocking unused ports / services, Patching)

4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls

  • Defense in depth (Other security concepts [Network design, Network segmentation])

Unit 5.2
Managing Identities and Access

  • Network Access Control
  • Identity Management
  • Identity Security Issues
  • Identity Repositories
  • Context-based Authentication
  • Single Sign On and Federation
  • Exploiting Identities
  • Exploiting Web Browsers and Applications

Topics For Self-study
Live Labs

  • Configure Verify and Troubleshoot GRE Tunnel Connectivity 
  • Implement SSL VPN using ASA Device Manager

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
1.3 Given a network-based threat, implement or recommend the appropriate response and countermeasure

  • Network Access Control (NAC) (Time-based, Rule-based, Role-based, Location-based)

4.2 Given a scenario, use data to recommend remediation of security issues related to identity and access management

  • Security issues associated with context-based authentication (Time, Location, Frequency, Behavioral) • Security issues associated with identities (Personnel, Endpoints, Servers, Services, Roles, Applications) • Security issues associated with identity repositories (Directory services, TACACS+, RADIUS) • Security issues associated with federation and single sign-on (Manual vs. automatic provisioning / deprovisioning, Self-service password reset) • Exploits (Impersonation, Man-in-the-middle, Session hijack, Cross-site scripting, Privilege escalation, Rootkit)


4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

  • Collective {Command line / IP utilities (OpenSSL)}


Unit 5.3
Security Frameworks and Policies 

  • Frameworks and Compliance
  • Reviewing Security Architecture
  • Procedures and Compensating Controls
  • Verifications and Quality Control
  • Security Policies and Procedures
  • Personnel Policies and Training

CompTIA Exam Domain Objectives
Topics For CySA+ (Cybersecurity Analyst)
4.1 Explain the relationship between frameworks, common policies, controls, and procedures

  • Regulatory compliance • Frameworks (NIST, ISO, COBIT, SABSA, TOGAF, ITIL) • Policies (Password policy, Acceptable use policy, Data ownership policy, Data retention policy, Account management policy, Data classification policy) • Procedures (Continuous monitoring, Evidence production, Patching, Compensating control development, Control testing procedures, Manage exceptions, Remediation plans) • Verifications and quality control (Audits, Evaluations, Assessments, Maturity model, Certification)
    4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls
  • Security data analytics (Data aggregation and correlation, Trend analysis, Historical analysis) • Manual review (Firewall log, Syslogs, Authentication logs, Event logs) • Defense in depth (Personnel [Training, Dual control, Separation of duties, Third party / consultants, Cross training, Mandatory vacation, Succession planning], Processes [Continual improvement, Scheduled reviews, Retirement of processes], Technologies [Automated reporting, Security appliances, Security suites, Outsourcing / Security as a Service, Cryptography])



Payment Plans Available

Learn Online or Campus