CompTIA CySA+ (CS0-002)

Name: CompTIA CySA+ (CS0-002)
Rating: 4.6 (11 reviews)

Exam Preparatory course

Created byStone River eLearning

Last updated 4/2023

English

What you'll learn

Analyze and interpret data to identify cybersecurity threats and vulnerabilities.
Implement various tools and techniques to prevent cybersecurity incidents from occurring.
Respond to cybersecurity incidents and implement improvements to prevent future incidents.
Monitor security operations and conduct threat hunting activities.
Ensure compliance with regulations and assess security risks.
Understand and apply security frameworks and principles.
Develop and implement security policies and procedures.
Communicate effectively with stakeholders about cybersecurity issues.

Course content

5 sections • 83 lectures • 25h 6m total length

Overview5:20
Intelligence Sources15:44
Learn open source intelligence (osint) to map your threat surface using websites, job listings, and LinkedIn; use harvester and showdown to gather emails, subdomains, and technologies.
Indicator Management18:33
Confidence Levels8:17
Explore confidence levels and standardized threat language to improve threat modeling and risk assessment. Learn the admiralty scale, information reliability, and estimative language for clear, interoperable communication.
Threat Classification18:54
Threat Actors18:16
Intelligence Cycle17:01
Commodity Malware13:02
Define commodity malware as off-the-shelf, widely available malicious software used for opportunistic, untargeted attacks, contrasted with advanced, targeted malware used by APT groups.
Information Sharing and Analysis Centers18:58
Attack Frameworks18:51
Threat Research19:17
Threat Modeling Methodologies18:01
Threat Intelligence Sharing, Supported Functions12:27
Vulnerability Identification and Validation20:00
Identify and validate vulnerabilities by assessing asset criticality, performing active and passive scans, enumerating services and versions, and validating findings to prioritize risk.
Vulnerability Remediation and Mitigation21:14
Vulnerability Scanning Parameters and Criteria19:37
Inhibitors to Remediation18:48
Web App Scanners21:25
Infrastructure Vulnerability Scanners19:38
Software Assessment Tools and Techniques18:16
Vulnerability Enumeration17:36
Wireless Assessment Tools22:31
Cloud Infrastructure Assessment Tools16:58
Explore open source tools for assessing cloud security and security posture, including ScoutSuite, Prowler, and Pacu, to audit multi-cloud and AWS configurations, report findings, and spot misconfigurations.
Mobile Technology Threats18:11
Premises and Vehicle Systems Threats17:29
Learn threats to building automation and vehicle systems, including PLC vulnerabilities, buffer overflows, hardcoded credentials and cryptographic keys, web-based interfaces, and CAN bus risks via OBD-II ports and wireless access.
Controller System Threats16:35
Explore controller systems, including ICS/SCADA, PLCs, MODBUS, HMIs, and DCS, and their security threats. Examine web app risks like injection and DoS, Stuxnet-style attacks, with TLS as a mitigation.
IoT and Embedded System Threats18:32
Explore IoT and embedded systems threats, including embedded operating systems, real-time OS, and FPGA risks. Learn how CVEs, remote access, and supply-chain attacks compromise devices and how to mitigate.
CVSS Metrics19:45
Explore CVSS metrics from base through temporal and environmental metrics, and learn how access vector, complexity, privileges, user interaction, scope, and confidentiality, integrity, availability drive severity for prioritization.
Cloud Deployment Model Threats18:17
Explore threats across cloud deployment models—public, private, hybrid, and community—including multi-tenancy, encryption, and compliance. Learn how identity authentication, authorization, and accounting, redundancy, and defined roles help secure these environments.
Cloud Service Model Threats16:37
Other Cloud Service Threats21:37
Mitigate Specific Attack Types31:35
Mitigate Vulnerability Types24:58
Explore vulnerability types such as improper error handling, insecure direct object references, SQL injection, and race conditions, and learn mitigations through secure coding, authentication controls, and patching.

Asset Tagging and Change Management17:22
Network Architecture and Segmentation25:16
Identity and Access Management21:48
Explore identity and access management fundamentals, including privileged management and DAC, MAC, RBAC, ABAC, MFA, SSO, federation, and manual review.
Virtual Desktop Infrastructure, Containerization12:50
Honeypots and Active Defense15:45
Cloud Access Security Broker11:29
Certificate Management17:48
Hardware Assurance20:13
Explore hardware assurance fundamentals, including the trusted platform module, hardware security modules, anti-tamper, and secure firmware updates to protect data at rest and in transit.
Software Assurance and Secure Coding21:37

Trend Analysis16:48
Explore the components of trend analysis to predict security outcomes, using frequency, volume, and deviation against baselines, and apply metrics like alerts, incidents, response times, and compliance.
URL Analysis20:26
DNS Analysis13:46
Packet and Protocol Analysis13:24
Identify security events by analyzing packets and protocols with Wireshark, spot unrecognized connections and beaconing, and inspect DNS, Telnet, and FTP traffic for forensics.
Flow Analysis17:17
Explore flow analysis to inspect network traffic, identify protocols and ports, and detect anomalies with alerts. Use NetFlow, Argus, and Zeke for visualization and reporting.
Endpoint Behavior Analysis20:11
Malware Analysis19:18
Explore malware analysis techniques, including fileless malware, droppers, and living off the land with PowerShell and Python, then learn reverse engineering using strings and decompilers.
Log Review23:47
Impact Analysis11:35
SIEM Review15:34
Email Analysis20:08
File System Permissions17:32
Blacklisting and Whitelisting12:59
Firewall Configurations19:03
Data Loss Prevention15:39
Network Access Control16:15
Blackholes and Sinkholes11:03
Malware Signatures16:24
Threat Hunting16:02
Scripting17:23
AI and Machine Learning12:13
Explore the differences between artificial intelligence, machine learning, and deep learning, including expert systems, data requirements, and how each powers end-point protection and large data sets.
Continuous Integration and Deployment11:22

Incident Response Communication18:03
Learn how to communicate security incidents securely and methodically using out-of-band channels, identify who must be informed, comply with GDPR, and prioritize high-value data in incident response.
Incident Response Phases18:33
Explore the six incident response phases from preparation to lessons learned, including identification, containment, eradication, and recovery, with practical planning, escalation, and playbooks.
Indicators of Compromise18:11
Digital Forensics23:29

Privacy vs. Security16:02
Non-Technical Controls - The Basics21:08
Explore non-technical controls basics, including data governance, the data life cycle, and data classification to uphold confidentiality and integrity through purpose limitation, data minimization, and sovereignty.
Non-Technical Controls - The Rest22:26
Technical Controls - The Basics24:05
Technical Controls - The Rest17:25
Explore advanced technical controls for de-identification, data masking, tokenization, and digital rights management. Learn how re-identification risks and data roles protect PII and PHI in large data sets.
What is Risk21:04
How do we Calculate Risk19:50
How do we Analyze Risk24:28
Explore how business impact analysis informs risk decisions by assessing system importance, potential losses, and recovery metrics like MTD, RTO, WRT, and RPO.
How do we Prioritize, Communicate Risk24:28
How do we Document and Train for Risk21:41
Apply Risk Management to our Supply Chains12:29
Controls18:44
Policies and Procedures17:42
Define the four phases of digital forensics: identification, collection, analysis, and reporting, through policies, procedures, and a code of ethics; emphasize chain of custody and work product retention.
Frameworks, Audits and Policy21:13
IAM Policies and Procedures20:25

Requirements

While there are no formal prerequisites for the CompTIA Cybersecurity Analyst (CySA+) (CS0-002) certification exam, CompTIA recommends that candidates have at least 3-4 years of experience in information technology or cybersecurity, as well as CompTIA Security+ or equivalent knowledge.

Description

This course is designed for cybersecurity professionals who want to further their knowledge and skills in detecting and preventing cybersecurity threats.

In this course, you will learn how to perform data analysis and interpret the results to identify and respond to cybersecurity threats. You will also learn how to use various tools and techniques to prevent cybersecurity incidents from occurring.

The course covers the following topics:

1. Threat and Vulnerability Management: This topic covers the identification and mitigation of vulnerabilities and threats, including assessing risk and conducting vulnerability scans.

2. Software and Systems Security: This topic covers the security of software and systems, including secure coding practices, software security testing, and secure network protocols.

3. Security Operations and Monitoring: This topic covers security operations and monitoring, including incident response, threat hunting, and security information and event management (SIEM).

4. Incident Response: This topic covers the steps involved in responding to security incidents, including identifying and containing the incident, analyzing and remediating the impact, and implementing improvements to prevent future incidents.

5. Compliance and Assessment: This topic covers compliance and assessment, including regulatory compliance, risk management, and security audits.

Whether you are new to the cybersecurity field or an experienced professional looking to enhance your skills, this course will provide you with the knowledge and skills you need to succeed. So, let's get started!

"This course qualifies for CompTIA continuing education units (CEUs)."

Available CEUs* for this Course Series : 25

By completing this course series, you can earn up to 25 CEUs.

(*CEUs are entirely dependent on the organization you are applying)

Who this course is for:

Cybersecurity analysts who want to advance their careers and obtain the CySA+ certification.
IT professionals who want to specialize in cybersecurity and develop skills in threat detection and response.
Security operations center (SOC) analysts who want to learn advanced techniques for monitoring and responding to security incidents.
Security consultants who want to advise clients on cybersecurity risks and implement security solutions.
Network and system administrators who want to improve their understanding of cybersecurity threats and implement security measures.

CompTIA CySA+ (CS0-002)

What you'll learn

Explore related topics

Course content

Threat and Vulnerability Management33 lectures • 10hr 2min

Software and Systems Security9 lectures • 2hr 44min

Security Operations and Monitoring22 lectures • 5hr 58min

Incident Response4 lectures • 1hr 18min

Compliance and Assessment15 lectures • 5hr 3min

Requirements

Description

Who this course is for: