IntroductionPart I Threat ManagementChapter 1 Applying Reconnaissance TechniquesOpen Source IntelligenceGoogleInternet RegistriesJob SitesSocial MediaActive ReconnaissanceScanningCapturing PacketsSpecial ConsiderationsWired Network ConsiderationsWireless Network ConsiderationsVirtualization TechnologiesCloud ComputingDefending Against ReconnaissanceTools of the TradenmapNiktoOWASP Zed Attack ProxyNessusnetstattcpdumpWireshark/TSharkIntrusion Detection and Prevention SystemsChapter ReviewQuestionsAnswersChapter 2 Analyzing the Results of ReconnaissanceData SourcesFirewall LogsIntrusion Detection/Prevention SystemsPacket CapturesSystem Logsnmap Scan ResultsPoint-in-Time AnalysisPacket AnalysisProtocol AnalysisTraffic AnalysisNetFlow AnalysisWireless AnalysisCorrelation AnalysisAnomaly AnalysisBehavioral AnalysisTrend AnalysisAvailability AnalysisHeuristicsTools of the TradeSecurity Information and Event Management SystemsPacket AnalyzersIntrusion Detection SystemsResource-Monitoring ToolsNetFlow AnalyzersChapter ReviewQuestionsAnswersChapter 3 Responding to Network-Based ThreatsNetwork SegmentationSystem IsolationJump BoxHoneypots and HoneynetsACLsFile System ACLsNetwork ACLsBlack HoleDNS SinkholeEndpoint SecurityDetect and BlockSandboxCloud-Connected ProtectionGroup PoliciesDevice HardeningDiscretionary Access Control (DAC)Mandatory Access Control (MAC)Role-Based Access Control (RBAC)Compensating ControlsBlocking Unused Ports/ServicesPatchingNetwork Access ControlTime BasedRule BasedRole BasedLocation BasedChapter ReviewQuestionsAnswersChapter 4 Securing a Corporate NetworkPenetration TestingRules of EngagementReverse EngineeringHardwareSoftware/MalwareIsolation/SandboxingTraining and ExercisesTypes of ExercisesRed TeamBlue TeamWhite TeamRisk EvaluationImpact and LikelihoodTechnical Control ReviewOperational Control ReviewChapter ReviewQuestionsAnswersPart II Vulnerability ManagementChapter 5 Implementing Vulnerability Management ProcessesVulnerability Management RequirementsRegulatory EnvironmentsCorporate Security PolicyData ClassificationAsset InventoryCommon VulnerabilitiesServersEndpointsNetwork InfrastructureVirtual InfrastructureMobile DevicesInterconnected NetworksVirtual Private NetworksIndustrial Control SystemsSCADA DevicesFrequency of Vulnerability ScansRisk AppetiteRegulatory RequirementsTechnical ConstraintsWorkflowTool ConfigurationScanning CriteriaTool Updates and Plug-InsSCAPPermissions and AccessChapter ReviewQuestionsAnswersChapter 6 Vulnerability ScanningExecute ScanningNessusOpenVASNiktoGenerate ReportsAutomated vs. Manual DistributionRemediationPrioritizingCommunication/Change ControlSandboxing/TestingInhibitors to RemediationOngoing Scanning and Continuous MonitoringAnalyze Reports from a Vulnerability ScanReview and Interpret Scan ResultsValidate Results and Correlate Other Data PointsCompare to Best Practices or ComplianceReconcile ResultsReview Related Logs and/or Other Data SourcesDetermine TrendsChapter ReviewQuestionsAnswersPart III Cyber Incident ResponseChapter 7 The Incident Response ProcessA Cast of CharactersKey RolesStakeholdersResponse TechniquesContainmentEradicationValidationCorrective ActionsCommunication ProcessesInternal CommunicationsExternal CommunicationsChapter ReviewQuestionsAnswersChapter 8 Determining the Impact of IncidentsThreat ClassificationKnown Threats vs. Unknown ThreatsZero DayAdvanced Persistent ThreatFactors Contributing to Incident Severity and PrioritizationScope of ImpactTypes of DataChapter ReviewQuestionsAnswersChapter 9 Preparing the Incident Response ToolkitDigital ForensicsPhases of an InvestigationForensic Investigation SuiteAcquisition UtilitiesAnalysis UtilitiesOS and Process AnalysisMobile Device ForensicsLog ViewersBuilding Your Forensic KitJump BagChapter ReviewQuestionsAnswersChapter 10 Selecting the Best Course of ActionIntroduction to DiagnosisNetwork-Related SymptomsBandwidth UtilizationBeaconingIrregular Peer-to-Peer CommunicationRogue Devices on the NetworkScan SweepsHost-Related SymptomsRunning ProcessesMemory ContentsFile SystemCapacity ConsumptionUnauthorized PrivilegesApplication-Related SymptomsAnomalous ActivityIntroduction of New AccountsUnexpected OutputUnexpected Outbound CommunicationService InterruptionMemory OverflowsChapter ReviewQuestionsAnswersPart IV Security ArchitecturesChapter 11 Frameworks, Policies, Controls, and ProceduresSecurity FrameworksNISTISOCOBITSABSATOGAFITILPolicies and ProceduresSecurity PoliciesProceduresControlsPhysical ControlsLogical ControlsAdministrative ControlsControl SelectionRegulatory ComplianceVerification and Quality ControlAuditsAssessmentsCertificationMaturity ModelsChapter ReviewQuestionsAnswersChapter 12 Identity and Access ManagementSecurity Issues Associated with Context-Based AuthenticationTimeLocationFrequencyBehavioralSecurity Issues Associated with IdentitiesPersonnelEndpointsServersServicesRolesApplicationsSecurity Issues Associated with Identity RepositoriesDirectory ServicesTACACS+RADIUSSecurity Issues Associated with Federation and Single Sign-OnManual vs. Automatic Provisioning/DeprovisioningSelf-Service Password ResetExploitsImpersonationMan in the MiddleSession HijackCross-Site ScriptingPrivilege EscalationRootkitsChapter ReviewQuestionsAnswersChapter 13 Putting in Compensating ControlsSecurity Data AnalyticsData Aggregation and CorrelationTrend AnalysisHistorical AnalysisManual ReviewFirewall LogSyslogAuthentication LogsEvent LogsDefense in DepthPersonnelProcessesOther Security ConceptsChapter ReviewQuestionsAnswersChapter 14 Secure Software DevelopmentThe Software Development LifecycleRequirementsDevelopmentImplementationOperation and MaintenanceSecure Software DevelopmentSecure CodingSecurity TestingBest PracticesSoftware Engineering InstituteOWASPSANSCenter for Internet SecurityChapter ReviewQuestionsAnswersChapter 15 Tool SetsPreventative ToolsFirewallsIDS and IPSHost-Based Intrusion Prevention SystemsAntimalwareEnhanced Mitigation Experience ToolkitWeb ProxiesWeb Application FirewallsCollective ToolsSecurity Information and Event ManagementNetwork ScanningPacket CaptureCommand-line UtilitiesAnalytical ToolsVulnerability ScanningMonitoring ToolsInterception ProxyExploitative ToolsExploitation FrameworksFuzzersForensic ToolsForensic SuitesHashingPassword CrackingImagingChapter ReviewQuestionsAnswersPart V Appendixes and GlossaryAppendix A Objectives MapAppendix B About the DownloadSystem RequirementsInstalling and Running Total TesterAbout Total TesterPre-assessment TestPerformance-Based QuestionsMcGraw-Hill Professional Media Center DownloadTechnical SupportGlossaryIndexCompTIA CySA+ (R) Cybersecurity Analyst Certification Practice Exams (Exam CS0-001)CoverTitle PageCopyright PageDedicationAbout the AuthorContentsAcknowledgmentsIntroductionObjective Map: Exam CS0-001Part I Threat ManagementChapter 1 Applying Reconnaissance TechniquesQuestionsQuick Answer KeyIn-Depth AnswersChapter 2 Analyzing the Results of ReconnaissanceQuestionsQuick Answer KeyIn-Depth AnswersChapter 3 Responding to Network-Based ThreatsQuestionsQuick Answer KeyIn-Depth AnswersChapter 4 Securing a Corporate NetworkQuestionsQuick Answer KeyIn-Depth AnswersPart II Vulnerability ManagementChapter 5 Implementing Vulnerability Management ProcessesQuestionsQuick Answer KeyIn-Depth AnswersChapter 6 Vulnerability ScanningQuestionsQuick Answer KeyIn-Depth AnswersPart III Cyber Incident ResponseChapter 7 The Incident Response ProcessQuestionsQuick Answer KeyIn-Depth AnswersChapter 8 Determining the Impact of IncidentsQuestionsQuick Answer KeyIn-Depth AnswersChapter 9 Preparing the Incident Response ToolkitQuestionsQuick Answer KeyIn-Depth AnswersChapter 10 Selecting the Best Course of ActionQuestionsQuick Answer KeyIn-Depth AnswersPart IV Security Architecture and Tool SetsChapter 11 Frameworks, Policies, Controls, and ProceduresQuestionsQuick Answer KeyIn-Depth AnswersChapter 12 Identit y and Access ManagementQuestionsQuick Answer KeyIn-Depth AnswersChapter 13 Putting in Compensating ControlsQuestionsQuick Answer KeyIn-Depth AnswersChapter 14 Secure Software DevelopmentQuestionsQuick Answer KeyIn-Depth AnswersChapter 15 Tool SetsQuestionsQuick Answer KeyIn-Depth AnswersAppendix About the Digital ContentCD-ROMYour Total Seminars Training Hub AccountSingle User License Terms and ConditionsUsing the TotalTester Online ContentPre-Assessment TestPerformance-Based QuestionsTechnical Support