Threat Management

Cybersecurity Analysts

• Cybersecurity roles and responsibilities
• Frameworks and security controls
• Risk evaluation
• Penetration testing processes

Reconnaissance Techniques

• The kill chain
• Open source intelligence
• Social engineering
• Topology discovery
• Service discovery
• OS fingerprinting

Threat Management

Security Appliances

• Configuring firewalls
• Intrusion detection and prevention
• Configuring IDS
• Malware threats
• Configuring anti-virus software
• Sysinternals
• Enhanced mitigation experience toolkit

Logging and Analysis
• Packet capture
• Packet capture tools
• Monitoring tools
• Log review and SIEM
• SIEM data outputs
• SIEM data analysis
• Point-in-time data analysis

Vulnerability Management

Managing vulnerabilities

• Vulnerability management requirements
• Asset inventory
• Data classification
• Vulnerability management processes
• Vulnerability scanners
• Microsoft baseline security analyzer
• Vulnerability feeds and SCAP
• Configuring vulnerability scans
• Vulnerability scanning criteria
• Exploit frameworks
• Remediating vulnerabilities

Analyzing vulnerability scans

• Remediation and change control
• Remediating host vulnerabilities
• Remediating network vulnerabilities
• Remediating virtual infrastructure vulnerabilities
• Secure software development

Software development life cycle

• Software vulnerabilities
• Software security testing
• Interception proxies
• Web application firewalls
• Source authenticity
• Reverse engineering

Cyber Incident Response

Incident Response

• Incident response processes
• Threat classification
• Incident severity and prioritization
• Types of data
• Forensics tools

Digital forensics investigations

• Documentation and forms
• Digital forensics crime scenes
• Digital forensics kits
• Image acquisition
• Password cracking
• Analysis utilities
• Incident analysis and recovery

Analysis and recovery frameworks

• Analyzing network symptoms
• Analyzing host symptoms
• Analyzing data exfiltration
• Analyzing application symptoms
• Using sysinternals
• Containment techniques
• Eradication techniques
• Validation techniques
• Corrective actions

Security Architecture

Secure network design

• Network segmentation
• Blackholes, sinkholes, and honeypots
• System hardening
• Group policies and MAC
• Endpoint security
• Managing identities and access

Network access control

• Identity management
• Identity security issues
• Identity repositories
• Context-based authentication
• Single sign on and federation
• Exploiting identities
• Exploiting web browsers and applications
• Security frameworks and policies

Frameworks and compliance

• Reviewing security architecture
• Procedures and compensating controls
• Verifications and quality control
• Security policies and procedures
• Personnel policies and training

CS0-001: Cybersecurity Analyst CySA+ Exam

• CySA+ Certification Overview
• CySA+ Exam Structure
• Exam Registration Process
• Time Management
• Topics and Concepts
• CySA+ Certification Question Structure
• Vendor Interpretation Techniques

What tools should candidates be familiar with in order to take the exam?

Candidates should know Wireshark, Bro and/or Snort at the very least.

Do I need to know a programming language for this exam, and if so, which one(s)?

It depends on your situation. XML is used to create the drivers in the AlienVault security information and event management (SIEM) platform, for example, and can be customized. However, your primary job is to identify vulnerabilities introduced on the network as a result of poor programming in languages like C and C++, which are harder to secure.

I have CompTIA A+ and CompTIA Network+. Can I go straight to CySA+ instead of getting CompTIA Security+?

You can, but it’s not recommended. Each CompTIA certification builds on the previous one, and skipping Security+ could leave a gap in your baseline cybersecurity skills. We recommend having a minimum of three to four years of hands-on information security or related experience before taking the CySA+ exam.

Why is CySA+ a separate certification rather than an enhancement of Security+?

CySA+ includes more analytics with a different focus to address the growing specialization in cybersecurity. Security+ is a baseline of general cybersecurity knowledge and skills.

How much does CySA+ overlap with CASP?

About 25 to 30 percent of the content overlaps, mainly under the topics of intrusion detection and vulnerability management.

How does CySA+ compare to other popular cybersecurity certifications?

CySA+ differs from others on the market because it’s a mid-level certification that focuses on security analytics for the security analyst job role. Many other certifications out there don't go into as much detail with analytics. CySA+ also focuses on defense, or “blue team,” cybersecurity skills rather than offense, or “red team,” skills.

I need to renew my Security+ certification. If I pass CySA+ or CompTIA Advanced Security Practitioner (CASP), will that renew it?

Yes, CySA+ and CASP both renew Security+, since they are considered higher-level certifications.

CompTIA Cybersecurity Analyst (CySA+) is for cyber security professionals that perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization.

This vendor-neutral certification is considered intermediate to mid-career and will prove to organizations that you have the knowledge and skills needed to spearhead cybersecurity operations, either as a standalone information security professional or as part of a security team.

Job roles such as Security analyst, Security operations center (SOC) analyst, Vulnerability analyst, Cybersecurity specialist, Threat intelligence analyst, Security engineer, Cybersecurity analyst and so on.

Exam:

CS0-001 CySA+

Duration:

165 minutes

Questions:

Maximum of 85 performance-based and multiple-choice questions

Skills measured:

• Threat Management 27%
• Vulnerability Management 26%
• Cyber Incident Response 23%
• Security Architecture and Tool Sets 24%

While our Training Camp boot camps were developed with the expectation that students do not have enough time to complete a rigorous self-study syllabus prior to attending class, we offer students that feel that extra preparation would be helpful a targeted list of self-study objectives that can be completed.

Candidates for this certification should have Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.