CompTIA CSA+ Study Guide. Mike Chapple
href="http://www.pearsonvue.com/comptia/">http://www.pearsonvue.com/comptia/
Now that you know where you’d like to take the exam, simply set up a Pearson VUE testing account and schedule an exam:
https://certification.comptia.org/testing/schedule-exam
On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.
Once you have taken the exam, you will be notified of your score immediately, so you’ll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.
CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.
CompTIA provides information on renewals via their website at
https://certification.comptia.org/continuing-education/how-to-renew
When you sign up to renew your certification, you will be asked to agree to the CE program’s Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.
A full list of the industry certifications you can use to acquire CEUs toward renewing the CSA+ can be found at
https://certification.comptia.org/continuing-education/renewothers/renewing-csa
What Does This Book Cover?
This book is designed to cover the four domains included in the CSA+:
Chapter 1: Defending Against Cybersecurity Threats The book starts by teaching you how to assess cybersecurity threats, as well as how to evaluate and select controls to keep your networks and systems secure.
Chapter 2: Reconnaissance and Intelligence Gathering Gathering information about an organization and its systems is one of the things that both attackers and defenders do. In this chapter, you will learn how to acquire intelligence about an organization using popular tools and techniques. You will also learn how to limit the impact of intelligence gathering performed against your own organization.
Chapter 3: Designing a Vulnerability Management Program Managing vulnerabilities helps to keep your systems secure. In this chapter you will learn how to identify, prioritize, and remediate vulnerabilities using a well-defined workflow and continuous assessment methodologies.
Chapter 4: Analyzing Vulnerability Scans Vulnerability reports can contain huge amounts of data about potential problems with systems. In this chapter you will learn how to read and analyze a vulnerability scan report, what CVSS scoring is and what it means, as well as how to choose the appropriate actions to remediate the issues you have found. Along the way, you will explore common types of vulnerabilities and their impact on systems and networks.
Chapter 5: Building an Incident Response Program This chapter focuses on building a formal incident response handling program and team. You will learn the details of each stage of incident handling from preparation, to detection and analysis, to containment, eradication, and recovery, to the final post-incident recovery, as well as how to classify incidents and communicate about them.
Chapter 6: Analyzing Symptoms for Incident Response Responding appropriately to an incident requires understanding how incidents occur and what symptoms may indicate that an event has occurred. To do that, you also need the right tools and techniques. In this chapter, you will learn about three major categories of symptoms. First, you will learn about network events, including malware beaconing, unexpected traffic, and link failures, as well as network attacks. Next, you will explore host issues, ranging from system resource consumption issues to malware defense and unauthorized changes. Finally, you will learn about service- and application-related problems.
Chapter 7: Performing Forensic Analysis Understanding what occurred on a system, device, or network, either as part of an incident or for other purposes, frequently involves forensic analysis. In this chapter you will learn how to build a forensic capability and how the key tools in a forensic toolkit are used.
Chapter 8: Recovery and Post-Incident Analysis Once an incident has occurred and the initial phases of incident response have taken place, you will need to work on recovering from it. That process involves containing the incident to ensure no further issues occur and then working on eradicating malware, rootkits, and other elements of a compromise. Once the incident has been cleaned up, the recovery stage can start, including reporting and preparation for future issues.
Chapter 9: Policy and Compliance Policy provides the foundation of any cybersecurity program, and building an effective set of policies is critical to a successful program. In this chapter you will acquire the tools to build a standards-based set of security policies, standards, and procedures. You will also learn how to leverage industry best practices by using guidelines and benchmarks from industry experts.
Chapter 10: Defense-in-Depth Security Architectures A strong security architecture requires layered security procedures, technology, and processes to provide defense in depth, ensuring that a single failure won’t lead to a failure. In this chapter you will learn how to design a layered security architecture and how to analyze security designs for flaws, including single points of failure and gaps.
Chapter 11: Identity and Access Management Security The identities that we rely on to authenticate and authorize users, services, and systems are a critical layer in a defense-in-depth architecture. This chapter explains identity, authentication, and authorization concepts and systems. You will learn about the major threats to identity and identity systems as well as how to use identity as a defensive layer.
Chapter 12: Software Development Security Creating, testing, and maintaining secure software, from simple scripts to complex applications, is critical for security analysts. In this chapter you will learn about the software development life cycle, including different methodologies, testing and review techniques, and how secure software is created. In addition, you will learn about industry standards for secure software to provide you with the foundation you need to help keep applications and services secure.
Chapter 13: Cybersecurity Toolkit This chapter provides a survey-style view of the many tools that you may encounter while performing threat and vulnerability management as well as incident response. We review tools, what they do, and where to get them.
Practice Exam Once you have completed your studies, the practice exam will provide you with a chance to test your knowledge. Use this exam to find places where you may need to study more or to verify that you are ready to tackle the exam. We’ll be rooting for you!
Appendix A: Answers to Review Questions The appendix has answers to the review questions you will find at the end of each chapter.
The following listing shows how the four Cybersecurity Analyst Exam objectives map to the chapters in this book. If you want to study a specific domain, this mapping can help you identify where to focus your reading.
Threat Management: Chapters 1, 2
Vulnerability Management: Chapters 3, 4
Cyber Incident Response: Chapters 5, 6, 7, 8
Security Architecture and Tools Sets: Chapters 7, 9, 10, 11, 12, 13
The book is written to build your knowledge as you