CompTIA CSA+ Study Guide. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ online capture-the-flag activities with bounties for written explanations of successful hacks at http://ctf.infosecinstitute.com/.

      Since the exam uses scenario-based learning, expect the questions to involve analysis and thought, rather than relying on simple memorization. As you might expect, it is impossible to replicate that experience in a book, so the questions here are intended to help you be confident that you know the topic well enough to think through hands-on exercises.

Taking the Exam

      Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:

      www.comptiastore.com/Articles.asp?ID=265&category=vouchers

      CompTIA partners with Pearson VUE’s testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to “Find a test center.”

      http://www.pearsonvue.com/comptia/

      Now that you know where you’d like to take the exam, simply set up a Pearson VUE testing account and schedule an exam:

      https://certification.comptia.org/testing/schedule-exam

      On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.

After the Cybersecurity Analyst+ Exam

      Once you have taken the exam, you will be notified of your score immediately, so you’ll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.

Maintaining Your Certification

      CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.

      CompTIA provides information on renewals via their website at

      https://certification.comptia.org/continuing-education/how-to-renew

      When you sign up to renew your certification, you will be asked to agree to the CE program’s Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.

      A full list of the industry certifications you can use to acquire CEUs toward renewing the CSA+ can be found at

      https://certification.comptia.org/continuing-education/renewothers/renewing-csa

      What Does This Book Cover?

      This book is designed to cover the four domains included in the CSA+:

      Chapter 1: Defending Against Cybersecurity Threats The book starts by teaching you how to assess cybersecurity threats, as well as how to evaluate and select controls to keep your networks and systems secure.

      Chapter 2: Reconnaissance and Intelligence Gathering Gathering information about an organization and its systems is one of the things that both attackers and defenders do. In this chapter, you will learn how to acquire intelligence about an organization using popular tools and techniques. You will also learn how to limit the impact of intelligence gathering performed against your own organization.

      Chapter 3: Designing a Vulnerability Management Program Managing vulnerabilities helps to keep your systems secure. In this chapter you will learn how to identify, prioritize, and remediate vulnerabilities using a well-defined workflow and continuous assessment methodologies.

      Chapter 4: Analyzing Vulnerability Scans Vulnerability reports can contain huge amounts of data about potential problems with systems. In this chapter you will learn how to read and analyze a vulnerability scan report, what CVSS scoring is and what it means, as well as how to choose the appropriate actions to remediate the issues you have found. Along the way, you will explore common types of vulnerabilities and their impact on systems and networks.

      Chapter 5: Building an Incident Response Program This chapter focuses on building a formal incident response handling program and team. You will learn the details of each stage of incident handling from preparation, to detection and analysis, to containment, eradication, and recovery, to the final post-incident recovery, as well as how to classify incidents and communicate about them.

      Chapter 6: Analyzing Symptoms for Incident Response Responding appropriately to an incident requires understanding how incidents occur and what symptoms may indicate that an event has occurred. To do that, you also need the right tools and techniques. In this chapter, you will learn about three major categories of symptoms. First, you will learn about network events, including malware beaconing, unexpected traffic, and link failures, as well as network attacks. Next, you will explore host issues, ranging from system resource consumption issues to malware defense and unauthorized changes. Finally, you will learn about service- and application-related problems.

      Chapter 7: Performing Forensic Analysis Understanding what occurred on a system, device, or network, either as part of an incident or for other purposes, frequently involves forensic analysis. In this chapter you will learn how to build a forensic capability and how the key tools in a forensic toolkit are used.

      Chapter 8: Recovery and Post-Incident Analysis Once an incident has occurred and the initial phases of incident response have taken place, you will need to work on recovering from it. That process involves containing the incident to ensure no further issues occur and then working on eradicating malware, rootkits, and other elements of a compromise. Once the incident has been cleaned up, the recovery stage can start, including reporting and preparation for future issues.

      Chapter 9: Policy and Compliance Policy provides the foundation of any cybersecurity program, and building an effective set of policies is critical to a successful program. In this chapter you will acquire the tools to build a standards-based set of security policies, standards, and procedures. You will also learn how to leverage industry best practices by using guidelines and benchmarks from industry experts.

      Chapter 10: Defense-in-Depth Security Architectures A strong security architecture requires layered security procedures, technology, and processes to provide defense in depth, ensuring that a single failure won’t lead to a failure. In this chapter you will learn how to design a layered security architecture and how to analyze security designs for flaws, including single points of failure and gaps.

      Chapter 11: Identity and Access Management Security The identities that we rely on to authenticate and authorize users, services, and systems are a critical layer in a defense-in-depth architecture. This chapter explains identity, authentication, and authorization concepts and systems. You will learn about the major threats to identity and identity systems as well as how СКАЧАТЬ