CompTIA

CompTIA CySA+ (CS0-002)

(CS0-002.AB1) / ISBN : 978-1-64459-230-4
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Instructor-Led (Add-on)
121 Reviews
Get A Free Trial

Skills You’ll Get

The CompTIA CySA+ certification proves that the candidate has the ability required for identifying and combating malware and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. The CompTIA CySA+ CS0-002 exam enhances the intelligence and threat detection techniques required in the market along with analyzing and interpreting data and identifying and addressing vulnerabilities.

Get the support you need. Enroll in our Instructor-Led Course.

Download Course Outline

1

Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • Strategies for Exam Preparation
  • How the Course Is Organized
  • What’s New?
2

The Importance of Threat Data and Intelligence

  • Intelligence Sources
  • Indicator Management
  • Threat Classification
  • Threat Actors
  • Intelligence Cycle
  • Commodity Malware
  • Information Sharing and Analysis Communities
  • Review All Key Topics
  • Review Questions
3

Utilizing Threat Intelligence to Support Organizational Security

  • Attack Frameworks
  • Threat Research
  • Threat Modeling Methodologies
  • Threat Intelligence Sharing with Supported Functions
  • Review All Key Topics
  • Review Questions
4

Vulnerability Management Activities

  • Vulnerability Identification
  • Validation
  • Remediation/Mitigation
  • Scanning Parameters and Criteria
  • Inhibitors to Remediation
  • Review All Key Topics
  • Review Questions
5

Analyzing Assessment Output

  • Web Application Scanner
  • Infrastructure Vulnerability Scanner
  • Software Assessment Tools and Techniques
  • Enumeration
  • Wireless Assessment Tools
  • Cloud Infrastructure Assessment Tools
  • Review All Key Topics
  • Review Questions
6

Threats and Vulnerabilities Associated with Specialized Technology

  • Mobile
  • Internet of Things (IoT)
  • Embedded Systems
  • Real-Time Operating System (RTOS)
  • System-on-Chip (SoC)
  • Field Programmable Gate Array (FPGA)
  • Physical Access Control
  • Building Automation Systems
  • Vehicles and Drones
  • Workflow and Process Automation Systems
  • Incident Command System (ICS)
  • Supervisory Control and Data Acquisition (SCADA)
  • Review All Key Topics
  • Review Questions
7

Threats and Vulnerabilities Associated with Operating in the Cloud

  • Cloud Deployment Models
  • Cloud Service Models
  • Function as a Service (FaaS)/Serverless Architecture
  • Infrastructure as Code (IaC)
  • Insecure Application Programming Interface (API)
  • Improper Key Management
  • Unprotected Storage
  • Logging and Monitoring
  • Review All Key Topics
  • Review Questions
8

Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Attack Types
  • Vulnerabilities
  • Review All Key Topics
  • Review Questions
9

Security Solutions for Infrastructure Management

  • Cloud vs. On-premises
  • Asset Management
  • Segmentation
  • Network Architecture
  • Change Management
  • Virtualization
  • Containerization
  • Identity and Access Management
  • Cloud Access Security Broker (CASB)
  • Honeypot
  • Monitoring and Logging
  • Encryption
  • Certificate Management
  • Active Defense
  • Review All Key Topics
  • Review Questions
10

Software Assurance Best Practices

  • Platforms
  • Software Development Life Cycle (SDLC) Integration
  • DevSecOps
  • Software Assessment Methods
  • Secure Coding Best Practices
  • Static Analysis Tools
  • Dynamic Analysis Tools
  • Formal Methods for Verification of Critical Software
  • Service-Oriented Architecture
  • Review All Key Topics
  • Review Questions
11

Hardware Assurance Best Practices

  • Hardware Root of Trust
  • eFuse
  • Unified Extensible Firmware Interface (UEFI)
  • Trusted Foundry
  • Secure Processing
  • Anti-Tamper
  • Self-Encrypting Drives
  • Trusted Firmware Updates
  • Measured Boot and Attestation
  • Bus Encryption
  • Review All Key Topics
  • Review Questions
12

Analyzing Data as Part of Security Monitoring Activities

  • Heuristics
  • Trend Analysis
  • Endpoint
  • Network
  • Log Review
  • Impact Analysis
  • Security Information and Event Management (SIEM) Review
  • Query Writing
  • E-mail Analysis
  • Review All Key Topics
  • Review Questions
13

Implementing Configuration Changes to Existing Controls to Improve Security

  • Permissions
  • Whitelisting and Blacklisting
  • Firewall
  • Intrusion Prevention System (IPS) Rules
  • Data Loss Prevention (DLP)
  • Endpoint Detection and Response (EDR)
  • Network Access Control (NAC)
  • Sinkholing
  • Malware Signatures
  • Sandboxing
  • Port Security
  • Review All Key Topics
  • Review Questions
14

The Importance of Proactive Threat Hunting

  • Establishing a Hypothesis
  • Profiling Threat Actors and Activities
  • Threat Hunting Tactics
  • Reducing the Attack Surface Area
  • Bundling Critical Assets
  • Attack Vectors
  • Integrated Intelligence
  • Improving Detection Capabilities
  • Review All Key Topics
  • Review Questions
15

Automation Concepts and Technologies

  • Workflow Orchestration
  • Scripting
  • Application Programming Interface (API) Integration
  • Automated Malware Signature Creation
  • Data Enrichment
  • Threat Feed Combination
  • Machine Learning
  • Use of Automation Protocols and Standards
  • Continuous Integration
  • Continuous Deployment/Delivery
  • Review All Key Topics
  • Review Questions
16

The Incident Response Process

  • Communication Plan
  • Response Coordination with Relevant Entities
  • Factors Contributing to Data Criticality
  • Review All Key Topics
  • Review Questions
17

Applying the Appropriate Incident Response Procedure

  • Preparation
  • Detection and Analysis
  • Containment
  • Eradication and Recovery
  • Post-Incident Activities
  • Review All Key Topics
  • Review Questions
18

Analyzing Potential Indicators of Compromise

  • Network-Related Indicators of Compromise
  • Host-Related Indicators of Compromise
  • Application-Related Indicators of Compromise
  • Review All Key Topics
  • Review Questions
19

Utilizing Basic Digital Forensics Techniques

  • Network
  • Endpoint
  • Mobile
  • Cloud
  • Virtualization
  • Legal Hold
  • Procedures
  • Hashing
  • Carving
  • Data Acquisition
  • Review All Key Topics
  • Review Questions
20

The Importance of Data Privacy and Protection

  • Privacy vs. Security
  • Non-technical Controls
  • Technical Controls
  • Review All Key Topics
  • Review Questions
21

Applying Security Concepts in Support of Organizational Risk Mitigation

  • Business Impact Analysis
  • Risk Identification Process
  • Risk Calculation
  • Communication of Risk Factors
  • Risk Prioritization
  • Systems Assessment
  • Documented Compensating Controls
  • Training and Exercises
  • Supply Chain Assessment
  • Review All Key Topics
  • Review Questions
22

The Importance of Frameworks, Policies, Procedures, and Controls

  • Frameworks
  • Policies and Procedures
  • Category
  • Control Type
  • Audits and Assessments
  • Review All Key Topics
  • Review Questions

1

Vulnerability Management Activities

  • Conducting Vulnerability Scanning Using Nessus
2

Analyzing Assessment Output

  • Using Nikto
  • Using OWASP ZAP
  • Inspecting the Vulnerability in the Echo Server's Source Code
  • Performing Reconnaissance on a Network
  • Using the hping Program
  • Identifying Search Options in Metasploit
3

Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Scanning the Rootkit
  • Configuring DHCP Snooping
  • Performing a MITM Attack
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Detecting Rootkits
  • Performing ARP Spoofing
4

Security Solutions for Infrastructure Management

  • Configuring Remote Access with VPN
  • Configuring the SSL Port Setting
  • Attacking a Website Using XSS Injection
  • Setting up a Honeypot on Kali Linux
  • Using the MD5 Hash Algorithm
  • Encrypting and Decrypting a File Using AES Crypt
5

Analyzing Data as Part of Security Monitoring Activities

  • Performing a Memory-Based Attack
  • Using Apktool to Decode and Analyze the apk file
  • Simulating the DDoS Attack
  • Simulating a DoS Attack
  • Scanning the Website using URLVoid
  • Configuring Snort
  • Making Syslog Entries Readable
  • Examining Audited Events
  • Installing Splunk on the Server
6

Implementing Configuration Changes to Existing Controls to Improve Security

  • Using the iptables Command to Create a Personal Firewall in Linux
7

The Importance of Proactive Threat Hunting

  • Working with the Task Manager
8

Applying the Appropriate Incident Response Procedure

  • Configuring a Perimeter Firewall
9

Analyzing Potential Indicators of Compromise

  • Performing the Initial Scan
10

Utilizing Basic Digital Forensics Techniques

  • Confirming the Spoofing Attack in Wireshark
  • Capturing a Packet Using Wireshark
  • Downloading and Installing Wireshark
11

The Importance of Frameworks, Policies, Procedures, and Controls

  • Reviewing and Modifying the Policy Items

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

There is no required prerequisite for CompTIA CS0-001 certification exam, but the candidate should hold CompTIA Network+, Security+ or equivalent knowledge. He or she should have a minimum of 3-4 years of hands-on information security or related experience.

USD 370

Pricing and taxes may vary from country to country.

Pearson VUE

Multiple-choice and performance-based

The exam contains 85 questions.

165 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the CySA+ examination, CompTIA's retake policies are:

  1. CompTIA does not require a waiting period between the first and second attempt to pass such examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least 14 calendar days from the date of your last attempt before you can retake the exam.
  2. If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  3. A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  4. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.

CompTIA CySA+ certification expires after three years from the date of issue, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.

Know more about the CS0-002

CompTIA CySA+ (CS0-002)

$150.00

Buy Now

Related Courses

All Course