Training Video Course

CS0-002: CompTIA CySA+ Certification Exam (CS0-002)

PDFs and exam guides are not so efficient, right? Prepare for your CompTIA examination with our training course. The CS0-002 course contains a complete batch of videos that will provide you with profound and thorough knowledge related to CompTIA certification exam. Pass the CompTIA CS0-002 test with flying colors.

Rating
4.49rating
Students
125
Duration
Incorrect value "Incorrect value """ h
$16.49
$14.99

Curriculum for CS0-002 Certification Video Course

Name of Video Time
Play Video: Identify Security Control Types (Introduction)
1. Identify Security Control Types (Introduction)
1:00
Play Video: Cybersecurity Roles and Responsibilities (OBJ 5.3)
2. Cybersecurity Roles and Responsibilities (OBJ 5.3)
7:00
Play Video: Security Operations Center (SOC) (OBJ 5.3)
3. Security Operations Center (SOC) (OBJ 5.3)
5:00
Play Video: Security Control Categories (OBJ 5.3)
4. Security Control Categories (OBJ 5.3)
15:00
Play Video: Selecting Security Controls (OBJ 5.3)
5. Selecting Security Controls (OBJ 5.3)
5:00
Name of Video Time
Play Video: Threat Intelligence Sharing (Introduction)
1. Threat Intelligence Sharing (Introduction)
1:00
Play Video: Security and Threat Intelligence (OBJ 1.1)
2. Security and Threat Intelligence (OBJ 1.1)
5:00
Play Video: Intelligence Cycle (OBJ 1.1)
3. Intelligence Cycle (OBJ 1.1)
10:00
Play Video: Intelligence Sources (OBJ 1.1)
4. Intelligence Sources (OBJ 1.1)
9:00
Play Video: Information Sharing and Analysis Centers (ISACS) (OBJ 1.1)
5. Information Sharing and Analysis Centers (ISACS) (OBJ 1.1)
4:00
Play Video: Threat Intelligence Sharing (OBJ 1.2)
6. Threat Intelligence Sharing (OBJ 1.2)
5:00
Name of Video Time
Play Video: Classifying Threats (Introduction)
1. Classifying Threats (Introduction)
1:00
Play Video: Threat Classification (OBJ 1.1)
2. Threat Classification (OBJ 1.1)
9:00
Play Video: Threat Actors (OBJ 1.1)
3. Threat Actors (OBJ 1.1)
9:00
Play Video: Malware (OBJ 1.1)
4. Malware (OBJ 1.1)
8:00
Play Video: Threat Research (OBJ 1.2)
5. Threat Research (OBJ 1.2)
11:00
Play Video: Attack Frameworks (OBJ 1.2)
6. Attack Frameworks (OBJ 1.2)
11:00
Play Video: Indicator Management (OBJ 1.1)
7. Indicator Management (OBJ 1.1)
7:00
Name of Video Time
Play Video: Threat Hunting (Introduction)
1. Threat Hunting (Introduction)
1:00
Play Video: Threat Modeling (OBJ 1.2)
2. Threat Modeling (OBJ 1.2)
8:00
Play Video: Threat Hunting (OBJ 3.3)
3. Threat Hunting (OBJ 3.3)
7:00
Play Video: Open-source Intelligence (OBJ 1.1)
4. Open-source Intelligence (OBJ 1.1)
4:00
Play Video: Google Hacking (OBJ 1.1)
5. Google Hacking (OBJ 1.1)
8:00
Play Video: Profiling Techniques (OBJ 1.1)
6. Profiling Techniques (OBJ 1.1)
5:00
Play Video: Harvesting Techniques (OBJ 1.1)
7. Harvesting Techniques (OBJ 1.1)
4:00
Name of Video Time
Play Video: Network Forensics (Introduction)
1. Network Forensics (Introduction)
2:00
Play Video: Network Forensic Tools (OBJ 3.1)
2. Network Forensic Tools (OBJ 3.1)
4:00
Play Video: tcpdump (OBJ 4.4)
3. tcpdump (OBJ 4.4)
8:00
Play Video: Wireshark (OBJ 4.4)
4. Wireshark (OBJ 4.4)
11:00
Play Video: Flow Analysis (OBJ 3.1)
5. Flow Analysis (OBJ 3.1)
6:00
Play Video: IP and DNS Analysis (OBJ 3.1)
6. IP and DNS Analysis (OBJ 3.1)
7:00
Play Video: URL Analysis (OBJ 3.1)
7. URL Analysis (OBJ 3.1)
16:00
Play Video: Conduct Packet Analysis (OBJ 4.4)
8. Conduct Packet Analysis (OBJ 4.4)
6:00
Name of Video Time
Play Video: Appliance Monitoring (Introduction)
1. Appliance Monitoring (Introduction)
1:00
Play Video: Firewall Logs (OBJ 3.1)
2. Firewall Logs (OBJ 3.1)
11:00
Play Video: Firewall Configurations (OBJ 3.2)
3. Firewall Configurations (OBJ 3.2)
19:00
Play Video: Proxy Logs (OBJ 3.1)
4. Proxy Logs (OBJ 3.1)
6:00
Play Video: Web Application Firewall Logs (OBJ 3.1)
5. Web Application Firewall Logs (OBJ 3.1)
3:00
Play Video: IDS and IPS Configuration (OBJ 3.2)
6. IDS and IPS Configuration (OBJ 3.2)
7:00
Play Video: IDS and IPS Logs (OBJ 3.1)
7. IDS and IPS Logs (OBJ 3.1)
9:00
Play Video: Port Security Configuration (OBJ 3.2)
8. Port Security Configuration (OBJ 3.2)
6:00
Play Video: NAC Configuration (OBJ 3.2)
9. NAC Configuration (OBJ 3.2)
7:00
Play Video: Analysis of Security Appliances (OBJ 3.2)
10. Analysis of Security Appliances (OBJ 3.2)
16:00
Name of Video Time
Play Video: Endpoint Monitoring (Introduction)
1. Endpoint Monitoring (Introduction)
2:00
Play Video: Endpoint Analysis (OBJ 3.1)
2. Endpoint Analysis (OBJ 3.1)
6:00
Play Video: Sandboxing (OBJ 3.2)
3. Sandboxing (OBJ 3.2)
4:00
Play Video: Reverse Engineering (OBJ 3.1)
4. Reverse Engineering (OBJ 3.1)
11:00
Play Video: Malware Exploitation (OBJ 3.1)
5. Malware Exploitation (OBJ 3.1)
8:00
Play Video: Behavior Analysis (OBJ 3.1)
6. Behavior Analysis (OBJ 3.1)
12:00
Play Video: Malware Analysis (OBJ 3.1)
7. Malware Analysis (OBJ 3.1)
26:00
Play Video: EDR Configuration (OBJ 3.2)
8. EDR Configuration (OBJ 3.2)
5:00
Play Video: Blacklisting and Whitelisting (OBJ 3.2)
9. Blacklisting and Whitelisting (OBJ 3.2)
9:00
Name of Video Time
Play Video: Email Monitoring (Introduction)
1. Email Monitoring (Introduction)
2:00
Play Video: Email IOCs (OBJ 3.1)
2. Email IOCs (OBJ 3.1)
5:00
Play Video: Email Header Analysis (OBJ 3.1)
3. Email Header Analysis (OBJ 3.1)
11:00
Play Video: Email Content Analysis (OBJ 3.1)
4. Email Content Analysis (OBJ 3.1)
4:00
Play Video: Email Server Security (OBJ 3.1)
5. Email Server Security (OBJ 3.1)
8:00
Play Video: SMTP Log Analysis (OBJ 3.1)
6. SMTP Log Analysis (OBJ 3.1)
5:00
Play Video: Email Message Security (OBJ 3.1)
7. Email Message Security (OBJ 3.1)
6:00
Play Video: Analyzing Email Headers (OBJ 4.3)
8. Analyzing Email Headers (OBJ 4.3)
4:00
Name of Video Time
Play Video: Configuring Your SIEM (Introduction)
1. Configuring Your SIEM (Introduction)
1:00
Play Video: SIEM (OBJ 3.1)
2. SIEM (OBJ 3.1)
9:00
Play Video: Security Data Collection (OBJ 3.1)
3. Security Data Collection (OBJ 3.1)
5:00
Play Video: Data Normalization (OBJ 3.1)
4. Data Normalization (OBJ 3.1)
8:00
Play Video: Event Log (OBJ 3.1)
5. Event Log (OBJ 3.1)
4:00
Play Video: Syslog (OBJ 3.1)
6. Syslog (OBJ 3.1)
6:00
Play Video: Configuring a SIEM Agent (OBJ 3.1)
7. Configuring a SIEM Agent (OBJ 3.1)
20:00
Name of Video Time
Play Video: Analyzing Your SIEM (Introduction)
1. Analyzing Your SIEM (Introduction)
1:00
Play Video: SIEM Dashboards (OBJ 3.1)
2. SIEM Dashboards (OBJ 3.1)
12:00
Play Video: Analysis and Detection (OBJ 3.1)
3. Analysis and Detection (OBJ 3.1)
7:00
Play Video: Trend Analysis (OBJ 3.1)
4. Trend Analysis (OBJ 3.1)
10:00
Play Video: Rule and Query Writing (OBJ 3.1)
5. Rule and Query Writing (OBJ 3.1)
5:00
Play Video: Searching and Piping Commands (OBJ 3.1)
6. Searching and Piping Commands (OBJ 3.1)
18:00
Play Video: Scripting Tools (OBJ 3.1)
7. Scripting Tools (OBJ 3.1)
9:00
Play Video: Analyzing, Filtering, and Searching Logs (OBJ 3.1)
8. Analyzing, Filtering, and Searching Logs (OBJ 3.1)
7:00
Name of Video Time
Play Video: Digital Forensics (Introduction)
1. Digital Forensics (Introduction)
2:00
Play Video: Digital Forensic Analysts (OBJ 4.4)
2. Digital Forensic Analysts (OBJ 4.4)
5:00
Play Video: Forensics Procedures (OBJ 4.4)
3. Forensics Procedures (OBJ 4.4)
9:00
Play Video: Work Product Retention (OBJ 4.4)
4. Work Product Retention (OBJ 4.4)
3:00
Play Video: Data Acquisition (OBJ 4.4)
5. Data Acquisition (OBJ 4.4)
5:00
Play Video: Forensics Tools (OBJ 4.4)
6. Forensics Tools (OBJ 4.4)
8:00
Play Video: Memory Acquisition (OBJ 4.4)
7. Memory Acquisition (OBJ 4.4)
5:00
Play Video: Disk Image Acquisition (OBJ 4.4)
8. Disk Image Acquisition (OBJ 4.4)
12:00
Play Video: Hashing (OBJ 4.4)
9. Hashing (OBJ 4.4)
5:00
Play Video: Timeline Generation (OBJ 4.4)
10. Timeline Generation (OBJ 4.4)
5:00
Play Video: Carving (OBJ 4.4)
11. Carving (OBJ 4.4)
6:00
Play Video: Chain of Custody (OBJ 4.4)
12. Chain of Custody (OBJ 4.4)
6:00
Play Video: Collecting and Validating Evidence (OBJ 4.4)
13. Collecting and Validating Evidence (OBJ 4.4)
9:00
Name of Video Time
Play Video: Analyzing Network IOCs (Introduction)
1. Analyzing Network IOCs (Introduction)
1:00
Play Video: Analyzing Network IOCs (OBJ 4.3)
2. Analyzing Network IOCs (OBJ 4.3)
2:00
Play Video: Traffic Spikes (OBJ 4.3)
3. Traffic Spikes (OBJ 4.3)
18:00
Play Video: Beaconing (OBJ 4.3)
4. Beaconing (OBJ 4.3)
14:00
Play Video: Irregular P2P Communications (OBJ 4.3)
5. Irregular P2P Communications (OBJ 4.3)
8:00
Play Video: Rogue Devices (OBJ 4.3)
6. Rogue Devices (OBJ 4.3)
11:00
Play Video: Scans and Sweeps (OBJ 4.3)
7. Scans and Sweeps (OBJ 4.3)
5:00
Play Video: Nonstandard Port Usage (OBJ 4.3)
8. Nonstandard Port Usage (OBJ 4.3)
11:00
Play Video: TCP Ports (OBJ 4.3)
9. TCP Ports (OBJ 4.3)
8:00
Play Video: UDP Ports (OBJ 4.3)
10. UDP Ports (OBJ 4.3)
7:00
Play Video: Data Exfiltration (OBJ 4.3)
11. Data Exfiltration (OBJ 4.3)
6:00
Play Video: Covert Channels (OBJ 4.3)
12. Covert Channels (OBJ 4.3)
8:00
Play Video: Analysis of Network IOCs (OBJ 4.3)
13. Analysis of Network IOCs (OBJ 4.3)
13:00
Name of Video Time
Play Video: Analyzing Host-related IOCs (Introduction)
1. Analyzing Host-related IOCs (Introduction)
1:00
Play Video: Host-related IOCs (OBJ 4.3)
2. Host-related IOCs (OBJ 4.3)
2:00
Play Video: Malicious Processes (OBJ 4.3)
3. Malicious Processes (OBJ 4.3)
10:00
Play Video: Memory Forensics (OBJ 4.3)
4. Memory Forensics (OBJ 4.3)
7:00
Play Video: Consumption (OBJ 4.3)
5. Consumption (OBJ 4.3)
9:00
Play Video: Disk and File System (OBJ 4.3)
6. Disk and File System (OBJ 4.3)
11:00
Play Video: Unauthorized Privilege (OBJ 4.3)
7. Unauthorized Privilege (OBJ 4.3)
5:00
Play Video: Unauthorized Software (OBJ 4.3)
8. Unauthorized Software (OBJ 4.3)
6:00
Play Video: Unauthorized Change/Hardware (OBJ 4.3)
9. Unauthorized Change/Hardware (OBJ 4.3)
3:00
Play Video: Persistence (OBJ 4.3)
10. Persistence (OBJ 4.3)
10:00
Name of Video Time
Play Video: Analyzing Application-related IOCs (Introduction)
1. Analyzing Application-related IOCs (Introduction)
2:00
Play Video: Application-related IOCs (OBJ 4.3)
2. Application-related IOCs (OBJ 4.3)
2:00
Play Video: Anomalous Activity (OBJ 4.3)
3. Anomalous Activity (OBJ 4.3)
4:00
Play Video: Service Interruptions (OBJ 4.3)
4. Service Interruptions (OBJ 4.3)
5:00
Play Video: Application Logs (OBJ 4.3)
5. Application Logs (OBJ 4.3)
13:00
Play Video: New Accounts (OBJ 4.3)
6. New Accounts (OBJ 4.3)
6:00
Play Video: Virtualization Forensics (OBJ 4.3)
7. Virtualization Forensics (OBJ 4.3)
6:00
Play Video: Mobile Forensics (OBJ 4.3)
8. Mobile Forensics (OBJ 4.3)
12:00
Name of Video Time
Play Video: Analyzing Lateral Movement and Pivoting IOCs (Introduction)
1. Analyzing Lateral Movement and Pivoting IOCs (Introduction)
1:00
Play Video: Lateral Movement and Pivoting (OBJ 4.3)
2. Lateral Movement and Pivoting (OBJ 4.3)
3:00
Play Video: Pass the Hash (OBJ 4.3)
3. Pass the Hash (OBJ 4.3)
10:00
Play Video: Golden Ticket (OBJ 4.3)
4. Golden Ticket (OBJ 4.3)
7:00
Play Video: Lateral Movement (OBJ 4.3)
5. Lateral Movement (OBJ 4.3)
7:00
Play Video: Pivoting (OBJ 4.3)
6. Pivoting (OBJ 4.3)
6:00
Name of Video Time
Play Video: Incident Response Preparation (Introduction)
1. Incident Response Preparation (Introduction)
2:00
Play Video: Incident Response Phases (OBJ 4.2)
2. Incident Response Phases (OBJ 4.2)
12:00
Play Video: Documenting Procedures (OBJ 4.2)
3. Documenting Procedures (OBJ 4.2)
7:00
Play Video: Data Criticality (OBJ 4.1)
4. Data Criticality (OBJ 4.1)
14:00
Play Video: Communication Plan (OBJ 4.1)
5. Communication Plan (OBJ 4.1)
7:00
Play Video: Reporting Requirements (OBJ 4.1)
6. Reporting Requirements (OBJ 4.1)
5:00
Play Video: Response Coordination (OBJ 4.1)
7. Response Coordination (OBJ 4.1)
8:00
Play Video: Training and Testing (OBJ 4.2)
8. Training and Testing (OBJ 4.2)
7:00
Name of Video Time
Play Video: Detection and Containment (Introduction)
1. Detection and Containment (Introduction)
2:00
Play Video: OODA Loop (OBJ 4.2)
2. OODA Loop (OBJ 4.2)
6:00
Play Video: Defensive Capabilities (OBJ 4.2)
3. Defensive Capabilities (OBJ 4.2)
5:00
Play Video: Detection and Analysis (OBJ 4.2)
4. Detection and Analysis (OBJ 4.2)
7:00
Play Video: Impact Analysis (OBJ 3.1)
5. Impact Analysis (OBJ 3.1)
8:00
Play Video: Incident Classification (OBJ 4.2)
6. Incident Classification (OBJ 4.2)
6:00
Play Video: Containment (OBJ 4.2)
7. Containment (OBJ 4.2)
6:00
Name of Video Time
Play Video: Eradication, Recovery, and Post-incident Actions (Introduction)
1. Eradication, Recovery, and Post-incident Actions (Introduction)
1:00
Play Video: Eradication (OBJ 4.2)
2. Eradication (OBJ 4.2)
6:00
Play Video: Eradication Actions (OBJ 4.2)
3. Eradication Actions (OBJ 4.2)
4:00
Play Video: Recovery (OBJ 4.2)
4. Recovery (OBJ 4.2)
3:00
Play Video: Recovery Actions (OBJ 4.2)
5. Recovery Actions (OBJ 4.2)
6:00
Play Video: Post-Incident Activities (OBJ 4.2)
6. Post-Incident Activities (OBJ 4.2)
6:00
Play Video: Lessons Learned (OBJ 4.2)
7. Lessons Learned (OBJ 4.2)
7:00
Name of Video Time
Play Video: Risk Mitigation (Introduction)
1. Risk Mitigation (Introduction)
1:00
Play Video: Risk Identification Process (OBJ 5.2)
2. Risk Identification Process (OBJ 5.2)
8:00
Play Video: Conducting an Assessment (OBJ 5.2)
3. Conducting an Assessment (OBJ 5.2)
9:00
Play Video: Risk Calculation (OBJ 5.2)
4. Risk Calculation (OBJ 5.2)
12:00
Play Video: Business Impact Analysis (OBJ 5.2)
5. Business Impact Analysis (OBJ 5.2)
12:00
Play Video: Risk Prioritization (OBJ 5.2)
6. Risk Prioritization (OBJ 5.2)
17:00
Play Video: Communicating Risk (OBJ 5.2)
7. Communicating Risk (OBJ 5.2)
8:00
Play Video: Training and Exercises (OBJ 5.2)
8. Training and Exercises (OBJ 5.2)
5:00
Name of Video Time
Play Video: Frameworks, Policies, and Procedures (Introduction)
1. Frameworks, Policies, and Procedures (Introduction)
1:00
Play Video: Enterprise Security Architecture (OBJ 5.3)
2. Enterprise Security Architecture (OBJ 5.3)
3:00
Play Video: Prescriptive Frameworks (OBJ 5.3)
3. Prescriptive Frameworks (OBJ 5.3)
4:00
Play Video: Risk-based Frameworks (OBJ 5.3)
4. Risk-based Frameworks (OBJ 5.3)
5:00
Play Video: Audits and Assessments (OBJ 5.3)
5. Audits and Assessments (OBJ 5.3)
7:00
Play Video: Continuous Monitoring (OBJ 5.3)
6. Continuous Monitoring (OBJ 5.3)
5:00
Name of Video Time
Play Video: Enumeration Tools (OBJ 1.4)
1. Enumeration Tools (OBJ 1.4)
8:00
Play Video: Nmap Discovery Scans (OBJ 1.4)
2. Nmap Discovery Scans (OBJ 1.4)
9:00
Play Video: Nmap Port Scans (OBJ 1.4)
3. Nmap Port Scans (OBJ 1.4)
6:00
Play Video: Nmap Port States (OBJ 1.4)
4. Nmap Port States (OBJ 1.4)
4:00
Play Video: Nmap Fingerprinting Scans (OBJ 1.4)
5. Nmap Fingerprinting Scans (OBJ 1.4)
4:00
Play Video: Using Nmap (OBJ 1.4)
6. Using Nmap (OBJ 1.4)
11:00
Play Video: Hping (OBJ 1.4)
7. Hping (OBJ 1.4)
6:00
Play Video: Responder (OBJ 1.4)
8. Responder (OBJ 1.4)
2:00
Play Video: Wireless Assessment Tools (OBJ 1.4)
9. Wireless Assessment Tools (OBJ 1.4)
6:00
Play Video: Hashcat (OBJ 1.4)
10. Hashcat (OBJ 1.4)
3:00
Play Video: Testing Credential Security (OBJ 1.4)
11. Testing Credential Security (OBJ 1.4)
3:00
Name of Video Time
Play Video: Identifying Vulnerabilities (OBJ 1.3)
1. Identifying Vulnerabilities (OBJ 1.3)
4:00
Play Video: Scanning Workflow (OBJ 1.3)
2. Scanning Workflow (OBJ 1.3)
7:00
Play Video: Scope Considerations (OBJ 1.3)
3. Scope Considerations (OBJ 1.3)
8:00
Play Video: Scanner Types (OBJ 1.3)
4. Scanner Types (OBJ 1.3)
9:00
Play Video: Scanning Parameters (OBJ 1.3)
5. Scanning Parameters (OBJ 1.3)
6:00
Play Video: Scheduling and Constraints (OBJ 1.3)
6. Scheduling and Constraints (OBJ 1.3)
9:00
Play Video: Vulnerability Feeds (OBJ 3.4)
7. Vulnerability Feeds (OBJ 3.4)
3:00
Play Video: Scan Sensitivity (OBJ 1.3)
8. Scan Sensitivity (OBJ 1.3)
5:00
Play Video: Scanning Risks (OBJ 1.3)
9. Scanning Risks (OBJ 1.3)
3:00
Name of Video Time
Play Video: Scan Reports (OBJ 1.4)
1. Scan Reports (OBJ 1.4)
3:00
Play Video: Common Identifiers (OBJ 1.2)
2. Common Identifiers (OBJ 1.2)
7:00
Play Video: CVSS (OBJ 1.2)
3. CVSS (OBJ 1.2)
8:00
Play Video: Vulnerability Reports (OBJ 1.3)
4. Vulnerability Reports (OBJ 1.3)
11:00
Play Video: Nessus (OBJ 1.4)
5. Nessus (OBJ 1.4)
7:00
Play Video: OpenVAS and Qualys (OBJ 1.4)
6. OpenVAS and Qualys (OBJ 1.4)
3:00
Play Video: Assessing Scan Outputs (OBJ 1.4)
7. Assessing Scan Outputs (OBJ 1.4)
14:00
Name of Video Time
Play Video: Mitigating Vulnerabilities (Introduction)
1. Mitigating Vulnerabilities (Introduction)
2:00
Play Video: Remediation and Mitigation (OBJ 1.3)
2. Remediation and Mitigation (OBJ 1.3)
6:00
Play Video: Configuration Baselines (OBJ 1.3)
3. Configuration Baselines (OBJ 1.3)
4:00
Play Video: Hardening and Patching (OBJ 1.3)
4. Hardening and Patching (OBJ 1.3)
11:00
Play Video: Remediation Issues (OBJ 1.3)
5. Remediation Issues (OBJ 1.3)
9:00
Name of Video Time
Play Video: Identity and Access Management (OBJ 2.1)
1. Identity and Access Management (OBJ 2.1)
7:00
Play Video: Password Policies (OBJ 5.3)
2. Password Policies (OBJ 5.3)
6:00
Play Video: SSO and MFA (OBJ 2.1)
3. SSO and MFA (OBJ 2.1)
6:00
Play Video: Certificate Management (OBJ 2.1)
4. Certificate Management (OBJ 2.1)
4:00
Play Video: Federation (OBJ 2.1)
5. Federation (OBJ 2.1)
5:00
Play Video: Privilege Management (OBJ 2.1)
6. Privilege Management (OBJ 2.1)
6:00
Play Video: IAM Auditing (OBJ 2.1)
7. IAM Auditing (OBJ 2.1)
6:00
Play Video: Conduct and Use Policies (OBJ 5.3)
8. Conduct and Use Policies (OBJ 5.3)
3:00
Play Video: Account and Permissions Audits (OBJ 2.1)
9. Account and Permissions Audits (OBJ 2.1)
5:00
Name of Video Time
Play Video: Asset and Change Management (OBJ 2.1)
1. Asset and Change Management (OBJ 2.1)
10:00
Play Video: Network Architecture (OBJ 2.1)
2. Network Architecture (OBJ 2.1)
9:00
Play Video: Segmentation (OBJ 2.1)
3. Segmentation (OBJ 2.1)
6:00
Play Video: Jumpbox (OBJ 2.1)
4. Jumpbox (OBJ 2.1)
5:00
Play Video: Virtualization (OBJ 2.1)
5. Virtualization (OBJ 2.1)
6:00
Play Video: Virtualized Infrastructure (OBJ 2.1)
6. Virtualized Infrastructure (OBJ 2.1)
7:00
Play Video: Honeypots (OBJ 2.1)
7. Honeypots (OBJ 2.1)
7:00
Play Video: Configuring Network Segmentation (OBJ 3.2)
8. Configuring Network Segmentation (OBJ 3.2)
10:00
Name of Video Time
Play Video: Supply Chain Assessment (OBJ 5.2)
1. Supply Chain Assessment (OBJ 5.2)
5:00
Play Video: Root of Trust (OBJ 2.3)
2. Root of Trust (OBJ 2.3)
5:00
Play Video: Trusted Firmware (OBJ 2.3)
3. Trusted Firmware (OBJ 2.3)
5:00
Play Video: Security Processing (OBJ 2.3)
4. Security Processing (OBJ 2.3)
4:00
Name of Video Time
Play Video: Mobile Vulnerabilities (OBJ 1.5)
1. Mobile Vulnerabilities (OBJ 1.5)
12:00
Play Video: IoT Vulnerabilities (OBJ 1.5)
2. IoT Vulnerabilities (OBJ 1.5)
3:00
Play Video: Embedded System Vulnerabilities (OBJ 1.5)
3. Embedded System Vulnerabilities (OBJ 1.5)
7:00
Play Video: ICS & SCADA Vulnerabilities (OBJ 1.5)
4. ICS & SCADA Vulnerabilities (OBJ 1.5)
8:00
Play Video: Mitigating Vulnerabilities (OBJ 1.5)
5. Mitigating Vulnerabilities (OBJ 1.5)
4:00
Play Video: Premise System Vulnerabilities (OBJ 1.5)
6. Premise System Vulnerabilities (OBJ 1.5)
6:00
Play Video: Vehicular Vulnerabilities (OBJ 1.5)
7. Vehicular Vulnerabilities (OBJ 1.5)
7:00
Name of Video Time
Play Video: Data Classification (OBJ 5.1)
1. Data Classification (OBJ 5.1)
9:00
Play Video: Data Types (OBJ 5.1)
2. Data Types (OBJ 5.1)
3:00
Play Video: Legal Requirements (OBJ 5.1)
3. Legal Requirements (OBJ 5.1)
9:00
Play Video: Data Policies (OBJ 5.1)
4. Data Policies (OBJ 5.1)
6:00
Play Video: Data Retention (OBJ 5.1)
5. Data Retention (OBJ 5.1)
7:00
Play Video: Data Ownership (OBJ 5.1)
6. Data Ownership (OBJ 5.1)
4:00
Play Video: Data Sharing (OBJ 5.1)
7. Data Sharing (OBJ 5.1)
6:00
Name of Video Time
Play Video: Access Controls (OBJ 5.1)
1. Access Controls (OBJ 5.1)
3:00
Play Video: File System Permissions (OBJ 3.2)
2. File System Permissions (OBJ 3.2)
10:00
Play Video: Encryption (OBJ 5.1)
3. Encryption (OBJ 5.1)
3:00
Play Video: Data Loss Prevention (OBJ 5.1)
4. Data Loss Prevention (OBJ 5.1)
4:00
Play Video: DLP Discovery and Classification (OBJ 3.2)
5. DLP Discovery and Classification (OBJ 3.2)
4:00
Play Video: Deidentification Controls (OBJ 5.1)
6. Deidentification Controls (OBJ 5.1)
7:00
Play Video: DRM and Watermarking (OBJ 5.1)
7. DRM and Watermarking (OBJ 5.1)
4:00
Play Video: Analyzing Share Permissions (OBJ 5.1)
8. Analyzing Share Permissions (OBJ 5.1)
4:00
Name of Video Time
Play Video: SDLC Integration (OBJ 2.2)
1. SDLC Integration (OBJ 2.2)
12:00
Play Video: Overflow Attacks (OBJ 1.7)
2. Overflow Attacks (OBJ 1.7)
14:00
Play Video: Race Conditions (OBJ 1.7)
3. Race Conditions (OBJ 1.7)
6:00
Play Video: Improper Error Handling (OBJ 1.7)
4. Improper Error Handling (OBJ 1.7)
5:00
Play Video: Design Vulnerabilities (OBJ 1.7)
5. Design Vulnerabilities (OBJ 1.7)
4:00
Play Video: Platform Best Practices (OBJ 2.2)
6. Platform Best Practices (OBJ 2.2)
7:00
Name of Video Time
Play Video: Directory Traversal (OBJ 1.7)
1. Directory Traversal (OBJ 1.7)
8:00
Play Video: Cross-site Scripting (OBJ 1.7
2. Cross-site Scripting (OBJ 1.7
8:00
Play Video: SQL Injection (OBJ 1.7)
3. SQL Injection (OBJ 1.7)
8:00
Play Video: XML Vulnerabilities (OBJ 1.7)
4. XML Vulnerabilities (OBJ 1.7)
5:00
Play Video: Secure Coding (OBJ 2.2)
5. Secure Coding (OBJ 2.2)
10:00
Play Video: Authentication Attacks (OBJ 1.7)
6. Authentication Attacks (OBJ 1.7)
7:00
Play Video: Session Hijacking (OBJ 1.7)
7. Session Hijacking (OBJ 1.7)
7:00
Play Video: Sensitive Data Exposure (OBJ 1.7)
8. Sensitive Data Exposure (OBJ 1.7)
3:00
Play Video: Clickjacking (OBJ 1.7)
9. Clickjacking (OBJ 1.7)
2:00
Play Video: Web Applications Vulnerabilities (OBJ 1.7)
10. Web Applications Vulnerabilities (OBJ 1.7)
9:00
Name of Video Time
Play Video: Software Assessments (OBJ 2.2)
1. Software Assessments (OBJ 2.2)
8:00
Play Video: Reverse Engineering (OBJ 1.4)
2. Reverse Engineering (OBJ 1.4)
7:00
Play Video: Dynamic Analysis (OBJ 1.4)
3. Dynamic Analysis (OBJ 1.4)
8:00
Play Video: Web Application Scanners (OBJ 1.4)
4. Web Application Scanners (OBJ 1.4)
3:00
Play Video: Burp Suite (OBJ 1.4)
5. Burp Suite (OBJ 1.4)
11:00
Play Video: OWASP ZAP (OBJ 1.4)
6. OWASP ZAP (OBJ 1.4)
3:00
Play Video: Analyzing Web Applications (OBJ 1.4)
7. Analyzing Web Applications (OBJ 1.4)
16:00
Name of Video Time
Play Video: Cloud Models (OBJ 1.6)
1. Cloud Models (OBJ 1.6)
16:00
Play Video: Service Models (OBJ 1.6)
2. Service Models (OBJ 1.6)
11:00
Play Video: Cloud-based Infrastructure (OBJ 2.1)
3. Cloud-based Infrastructure (OBJ 2.1)
7:00
Play Video: CASB (OBJ 2.1)
4. CASB (OBJ 2.1)
4:00
Name of Video Time
Play Video: SOA and Microservices (OBJ 2.2)
1. SOA and Microservices (OBJ 2.2)
6:00
Play Video: SOAP (OBJ 2.2)
2. SOAP (OBJ 2.2)
5:00
Play Video: SAML (OBJ 2.2)
3. SAML (OBJ 2.2)
7:00
Play Video: REST (OBJ 2.2)
4. REST (OBJ 2.2)
10:00
Play Video: API (OBJ 3.4)
5. API (OBJ 3.4)
6:00
Play Video: Scripting (OBJ 3.4)
6. Scripting (OBJ 3.4)
4:00
Play Video: Workflow Orchestration (OBJ 3.4)
7. Workflow Orchestration (OBJ 3.4)
6:00
Play Video: FAAS and Serverless (OBJ 1.6)
8. FAAS and Serverless (OBJ 1.6)
8:00
Name of Video Time
Play Video: Cloud Threats (OBJ 1.6)
1. Cloud Threats (OBJ 1.6)
8:00
Play Video: Cloud Tools (OBJ 1.4)
2. Cloud Tools (OBJ 1.4)
4:00
Play Video: Cloud Forensics (OBJ 4.4)
3. Cloud Forensics (OBJ 4.4)
4:00
Name of Video Time
Play Video: CI/CD (OBJ 3.4)
1. CI/CD (OBJ 3.4)
7:00
Play Video: DevSecOps (OBJ 2.2)
2. DevSecOps (OBJ 2.2)
5:00
Play Video: IAC (OBJ 1.6)
3. IAC (OBJ 1.6)
4:00
Play Video: Machine Learning (OBJ 3.4)
4. Machine Learning (OBJ 3.4)
9:00
Play Video: Data Enrichment (OBJ 3.4)
5. Data Enrichment (OBJ 3.4)
4:00
Play Video: SOAR (OBJ 3.4)
6. SOAR (OBJ 3.4)
3:00

CompTIA CySA+ CS0-002 Exam Dumps, Practice Test Questions

100% Latest & Updated CompTIA CySA+ CS0-002 Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!

CompTIA CS0-002 Premium Bundle
$69.97
$49.99

CS0-002 Premium Bundle

  • Premium File: 254 Questions & Answers. Last update: Nov 22, 2022
  • Training Course: 272 Video Lectures
  • Study Guide: 1003 Pages
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates

CS0-002 Premium Bundle

CompTIA CS0-002 Premium Bundle
  • Premium File: 254 Questions & Answers. Last update: Nov 22, 2022
  • Training Course: 272 Video Lectures
  • Study Guide: 1003 Pages
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates
$69.97
$49.99

Free CS0-002 Exam Questions & CS0-002 Dumps

File Name Size Votes
File Name
comptia.selftestengine.cs0-002.v2022-11-15.by.georgia.162q.vce
Size
6.75 MB
Votes
1
File Name
comptia.test-inside.cs0-002.v2021-12-14.by.gabriel.171q.vce
Size
5.78 MB
Votes
1
File Name
comptia.actualtests.cs0-002.v2021-09-20.by.jackson.81q.vce
Size
1.3 MB
Votes
1
File Name
comptia.selftestengine.cs0-002.v2021-05-18.by.logan.116q.vce
Size
1.33 MB
Votes
1
File Name
comptia.passcertification.cs0-002.v2021-04-26.by.heidi.87q.vce
Size
1.69 MB
Votes
2
File Name
comptia.examlabs.cs0-002.v2021-01-28.by.jack.81q.vce
Size
1.13 MB
Votes
2

CompTIA CS0-002 Training Course

Want verified and proven knowledge for CompTIA CySA+ Certification Exam (CS0-002)? Believe it's easy when you have ExamSnap's CompTIA CySA+ Certification Exam (CS0-002) certification video training course by your side which along with our CompTIA CS0-002 Exam Dumps & Practice Test questions provide a complete solution to pass your exam Read More.

Appliance Monitoring

10. Analysis of Security Appliances (OBJ 3.2)

Security appliances In this lesson, we're going to do some analysis of security appliances. Specifically, we're going to be looking at a seam known as the Security Onion. Now, we also know how to do packet analysis using things like wire shark, right? But by doing that, we spend a lot of time because we have to capture all those packets and then search through them individually line by line until we find the malicious packet that we're looking for. Well, we've also talked about IDs and IPS, which go ahead and use signatures to detect those things inside the packet. And so we can use that to then login inside of a theme, and that way we can look through it and identify what we want quicker. When we use Security Onion, it has a lot of different security tools inside of it because it is a Security Information and Event Management System or a seam.

It includes things like Snort, Circada, and Zeek, also known as Bro, to be able to be used as an ID package. Plus, we have the ability to process and analyse all these different alerts that they generate. So in this lab, we're really going to focus on learning how to use some of these tools inside a security onion. Now, the first thing we're going to do is configure sniffing. If you look at my network here, you're going to see that we have a bunch of switches and a couple of routers, and we have a Seam, a DC, and a Lamp server. Now, as we look at this network, we want to be able to deploy our IDs, and to do that, we have to make sure we have sniffing enabled and we're on a port that allows us to do that. So you can see I have that sensor line going from Vlocal into C one, and this allows us to tap into that network and be able to identify the different traffic going across it. So once I've configured that sensor and I've attached it, I'm now going to be able to start seeing all the traffic going across this part of the network. In this case, what network am I looking at? I'm looking at ten 10 00:24, which in this case is the domain controller of DC One, which is a Windows domain controller on the IP address of ten 10 One.

Now, as we go into scene one, we're going to start looking at some things, and we're going to start out by using Squeal. Now, Squeal is an application inside of Security Onion, and it's the way that we're going to be able to deal with real-time alerts. So as things are being generated by different detection systems, squeal will be able to see those and then we can view those alerts and identify different options to pivot between analysis tools to be able to look at the different indicators. So I can go from packet analysis to log entries and things like that. Now, the first thing I have to do when I start at Squeal is log in. And so I'm going to log into it using Seem and my password of password. From here, I'm going to select the network I want to monitor. In my case, it's seam ETH one. And then I'm going to click. Begin squealing. Now, once I do this, it's already going to bring some information up. Now, this isn't live information. Instead, this is just showing me what the tool will look like based on some sample packet captures it already has. Now, if you see on the left, there's a color-coded priority. This is the first field. This is going to tell us the priority for each of those alerts. "Red" is going to be the highest priority.

The yellow is going to be a little bit less, and then you can keep going down the scale from there. Now, as we start looking at all these different alerts, we can see they occurred within a very close time period because of the way these samples were replayed through the sensor. Now, if I select the first alert here, I can go to ID 3.119. Now, as I look at that, you're going to notice the event message here. The Et is going to be the rules set that produced this match. Essentially, what was that signature? So on the right-hand side, you see this was a scan that had potential SSH vulnerabilities. Now the next thing we're going to look at is in the lower right hand panel. And if you check the show rule box, you're going to be able to see the rule that created this alert. So this is basically an ID or snort rule. Notice it says alert, TCP dollar sign Home Net any to the external network over port 22. And then the message is Esan, a potential SSH scan outbound. And this tells you what this rule is looking for. This format should be familiar to you because we've gone through what an ID rule looks like. So what is this rule trying to do for us? Well, it's trying to detect any connection going from the internal network Home Net to the external network over port 22. Is somebody trying to go outbound with SSH? If so, it's going to go ahead and log this rule. Now, if we continue looking at this rule, you'll see the count says five and the seconds is 120. What does that mean?

This rule will only fire if it sees five packets going to port 22 within 120 seconds. So if they're trying to connect to port 22 five times within two minutes, then it's going to go ahead and alert us. Now note, if we go to 320, we see there's another match for the same rule. If we go down to 327, there's a match for an Nap scan. Remember, the purpose of Squeal is to manage these events as they come in. So as you get an event and you see this alert, you can right click on those fields to bring up contextual menus with different types of actions. For instance, if I right click on the value of four in the CNT field for the alert of 3.27, that N Map scan. I can then select View correlated events. This is going to show me the individual packets that were identified as that single event. And I can go through and do a really basic packet analysis here. Then I can click "close." Let's right click on the value of 327 in the Alert ID field. This way, I can view menu options without selecting anything. Now this is going to allow me to pivot to viewing other source data in a tool such as Wireshark, Network, Minor, or even Bro, which is that IDs. Alright, let's go ahead and press Escape. That will cancel the menu. Now, if I right click on the value in SourceIP, I can view menu options here as well. This allows me to pivot to information already stored about that value elsewhere in the database. So I might do a quick lookup for it using an Internet threat intelligence service.

And that way, I can say, what do I know about this IP address? Is this something that's attacked me before? Is this something that's been attacking the rest of the world? And it gives me those details. Next, I can right click on the value in the field and from here I can click Update Event Status. Cat 6 Reconnaissance Probes and scans Now if I press F six, this will categories the other scan alerts in the exact same way. This is how I can say I've seen this, I've looked at it and I know what it is. It was reconnaissance, a probe or a scan. It's a cat six vulnerability. So this is the basic way to be able to use Squeal, and there are lots of other ways to go through and learn about this. I do recommend that you download Security Onion and play with it on your network. Now let's go through and analyses and priorities some events. When we get an alert that is presented as a high priority by a rule set, you want to priorities it for investigation. Now, if I look at alert 335, we have a higher pack account as a large amount of data was being downloaded. If I right click on the value of 335 and select Bro, it's going to open up inside of that intrusion detection system. And so I can analyses that traffic content shown in the new window by going through that row alert. Now, notice the content type here. It says it's an HTML or text file. But if I look at the magic number at the beginning, those first couple of bytes are going to tell me what type of file it really is.

So even though it's labelled as a text or HTML file, That binary code is showing me it's an executable because it says MZ, and MZ is the magic number for a binary code in a Windows executable. Now I can look at this code and I can start doing reverse engineering if I copy it out. I can extract it using something like net minor or Wireshark and then run it in a sandbox and do some dynamic or static analysis on it. This is how we use these tools, and we use one tool to link to another tool to get to what we want next. Let's go ahead and close that. Let's take a look at alerts 390 and 391. Here we can detect a different kind of threat. This one's going to reference common vulnerabilities and exposure numbers. So we have a CVE number associated with it. And this signature tells us that it detected an attempt to exploit the shell shock vulnerability to run an arbitrary command through a web server shell. This again would be something we'd want to fix. So, using Squeal, we can see that an attack was taking place on this server and then determine whether or not we are vulnerable to it. Now the last set of events we want to look at are things from alert 395 and beyond. This is going to show us another Trojan that was being downloaded over port 80. This was followed up by some suspicious outbound traffic over port four four three. So this would be something like a piece of malware being downloaded and executed.

That Trojan is now executed and it's making a connection call out back over port four-three to the malicious attacker to get its command and control instructions. Now if I right click on the alert value of 3148, I can select Wireshark and I can analyses that traffic notice here with port four four three, which is HTTPS. We would expect to see an illegitimate session starting with an SSL or TLS handshake and then proceed to the exchange of encrypted packets. But these packets are using a plaintext HTTP post connection and an encrypted message. Now this tells me there is something wrong with this, so we would want to look into this further and be able to go through and do more analysis. Now let's go ahead and right click on the IP address that starts at 24. Normally, we'd want to match this IP address to a blacklist of known bad actors. But this system isn't connected to the Internet because it's isolated. Now most of your commercial sites will be able to have the ability to right click on something and immediately find out where it is based on a local database or an Internet connected database. But in my case, I'm offline, so I can't do that. Let's go ahead and hit escape. It's going to cancel that menu. Okay, next we want to develop our own custom rules for IDs. To do this, I'm going to open up a terminal and go to pseudo space, nano space, etc.

NSM rules and local rules And this is going to allow me to go into that rule set file and start making some changes. Now let's go in here and we're going to add a line that says hashtag five, one five, support space, local space, ICMP, space detection, space rules. Now, because it has a hashtag at the front, this is a comment line and it's not going to be a process rule just like the couple that you see here on the screen already. Now if I want to make an alert that's going to fire, I'm going to leave off that hashtag. all right? So I'm going to type in alert Accompany, the arrow to the right dollar sign Home Net any, and then parentheses message ICMP detected, Sid 10001 semicolon, and end the parentheses. Now this rule has a header and a body. The header is telling me what it's going to do. In any case, notify ICMP. This says anytime you see ICMP traffic going from any IP on any port to your home network, I want you to send out the body, which in this case is the message. And so the message is ICMP detected. And then we have this sid, which is a signature ID. And it has to start with the number 1 million or higher. And this tells me it's a local rule that I've created and then rev. This tells me what revision of this rule it is. This is my first revision. Each part of your body is going to be separated by semicolons, and you can have lots of different pieces of information in here. Now if I want to save that, I'm going to hit CTRL-o and then hit enter. That saves the file and then controls xand that will exit the nano program. Now if I want to update this rule, I have to run the update command and I do this by typing in pseudo rule update. And this will pull in that updated set of new rules into your intrusion detection system.

All right, if we want to see if that rule has been loaded, we can do this using the tail command. If you remember, in Linux, the tail command shows you the last thing inside of a file. So I'm going to type tail, etc. NSM rules, download the rules, and hit enter here. We should see at the end of that file our rule that we just entered. That's awesome. That means it worked. All right, so we've made a rule. We updated it. But this rule is not a very good rule. Why? Because this rule is going to create so much noise in our sensor, anytime somebody pings into your intral network, it's going to create a huge number of false positives. So we want to tune that rule and make it more specific. To do this, we're going to go back into nano by going pseudo nano, etc. NSM rules and local rules And then we're going to edit that rule that we just made. Let's go ahead and edit it. So it says alert, ICMP, dollar sign, external net to HomeNet, and the message of an external ICMP probe detected. And then we're going to keep the rule number two and we're going to make this revision number two.

This way, we're only going to log things that go from the external network to the internal network. This will solve a lot of the false positives because I'm really not worried if somebody internal to my network is pinging things on the network because we do that all the time for troubleshooting. But I am worried if somebody is doing it from the external network to my internal network because that means they might be doing reconnaissance and scanning me. All right, let's go ahead and hit CTRL O and then Enter to save the file, and then control X to exit again. We need to update the rule. So we use a pseudo rule update and hit enter. We're going to go back into the terminal. I'm going to change another rule. So we're going to go back into the NSM rule set. And this time I want to edit the existing line so it looks like this. I'd like to say alert, ICMP dollar sign, any external net to Home Net. And then I want to type eight semicolon message colon, external ICMP probe detected, semicolon detection underscore filter, colon track by source, comma count20 comma seconds, 30 semicolon priority four semicolon class type ICMP event semicolon Sid 1,000,001 semicolon rev three semicolon.

Wow, that is a much more complex rule. Let's see if we can look at it and see what it does. When I started out, I used I type eight. What is that? Well, I type eight says it should only match ping echo requests. Not any ICMP, but just pings. And that's what an I type eight is. Now the detection filter here is also going to set a threshold for this alert. That's what a detection filter does. And the track method means it's going to keep track over a certain amount of time. So what we're trying to find is, do we find a count of 20 within 30 seconds? So if I do 20 pings within 30 seconds, that is going to classify as an alert. If I do ten pings within 30 seconds, it’s not going to fire this alert. That's what we're trying to do. So if I perform a basic connection test by pinging a server four times, I'm not going to trigger the alert this time. So let's go ahead and save this CRLO. Enter and then control to exit. Now we're going to update our rules again by typing "pseudo-rule update" and hitting enter. So I hope you've enjoyed this lesson as we went through the security onion and started playing with some of these tools. I do highly recommend downloading Security Onion. With Security Onion, you can actually download existing malware samples and different traffic that's already been captured for you to play with. You can do this by going online and downloading them from security onion's website. Or if you have one of these security onion Visit’s already located in there for you under the opt samples directory, and you can use TCP replay to actually play back that PCAP file through your Ethernet connection. As a result, squeeze bill will notice and be alerted.

Endpoint Monitoring

1. Endpoint Monitoring (Introduction)

In this section of the course, we’re going to cover COVID endpoint monitoring. Our focus in this section is going to continue to be in domain three with objectives three one and three two. Now, objective three states that, given an scenario, you must be able to analyses data as part of security monitoring activities. In this particular section, we're going to focus on the security monitoring activities that are associated with endpoint devices. We'll also cover objective three, which states that given a scenario, you must implement configuration changes to existing controls to improve security. This will include things like sandboxing, endpoint Detection, Response, or EDR and creating whitelists and blacklists to control access and permissions to execute various files. As we move through this section, we're going to start with a discussion of the different methods of endpoint data collection and analysis that we can use within our organizations. After that, we're going to explore the concept of sandboxing and how it's used in malware analysis. Speaking of malware analysis, we're also going to briefly cover the idea of reverse engineering, where an analyst tries to take a compiled malicious piece of software and determine how it really operates. We're also going to discuss the different types of malware exploitation techniques such as droppers, downloaders, shellcode code injection, and living off the land. After all that, we're going to utilize the use of behavioral analysis to identify good and anomalous behaviors. And then I'm going to perform a hands-on demonstration to show you how to conduct malware analysis using things like Process Explorer, Net stat, Process Monitor, System Monitor, Auto Runs, and much more. Finally, we're going to discuss the configuration changes that are used with endpoint detection, response, or EDR to increase the security of your endpoints and how you can use blacklisting and whitelisting inside your configurations to better protect those devices. It really is going to be a busy semester with a lot of important subjects. So let's go ahead and jump right in.

2. Endpoint Analysis (OBJ 3.1)

Endpoint analysis Now, endpoint analysis is used when we are conducting monitoring, logging, and analysis of our endpoints. An endpoint is simply any device that we may use to connect to our network. Now, for example, your desktop or your laptop at the office is considered an endpoint. So is your smartphone or your tablet. As a cyber security analyst, you must be able to use tools to identify behavioural anomalies and then identify the techniques used by malware to achieve privilege escalation and persistence on your host. Now, there are lots of different endpoint protection tools out there, and in this lesson we're going to cover five different endpoint security capabilities that we can use for analysis. These are antivirus host intrusion detection systems, host intrusion prevention systems, endpoint protection platforms, endpoint detection response platforms, and user and entity behavioural analytics. Let's talk about each of these in this lesson.

First, antivirus. It's capable of detecting and removing virus infections and, in most cases,other types of malware such as worms, Trojans, root kits, adware, spyware, passwords, crackers, network mappers,denial of service tools, and others. This is frequently referred to as "anti-virus" or "anti-malware." At this point in your career, you should be pretty familiar with what antivirus and antimalware are. The next one we're going to talk about is host-based IDs and IPS, which is HIDs or hips. This is a type of ID or IPS that monitors a computer system for unexpected behaviour and drastic changes in system state on a given end point. Most of these will now use signature-based detection via log or file monitoring systems to determine if something bad is attempting to happen to your end point.

They may use file system integrity monitoring too, to see if your operating system files have been changed, drivers have been changed, or an application has been changed. All of these things are things that a host-based intrusion detection system or intrusionprevention system can help you with. That's what a network-based intrusion detection or intrusion prevention system really can't see. Now the next one we have is an endpoint protection platform, or EPP. This is a software agent and monitoring system that performs multiple security tasks. It can do things like antivirus, and it can host intrusion detection or prevention systems. It can have a firewall, it can have data loss prevention, or DLP, and it can have file encryption. All of this in a single product. Essentially, it's your Swiss Army knife of security tools. We call this an EPP. Now there are a lot of epps on the market, and every year there's a thing called the Magic Quadrant that's put out by Gartner. Gartner goes and rates all the different systems to see who's the best, which ones are the leaders, who are the challengers, which of them are niche players, and which of them are visionaries. And you can see that here on the screen. As you can see, the top three are Microsoft, Crowd Strike, and Semantic, and all three of them have great endpoint protection platforms that you can choose from. The next one we're going to talk about is EDR, which is endpoint detection and response. EPP is mostly based on signature detection now, where EDR is focused more on behavioral and anomaly analysis. It starts logging the endpoints, observables, and indicators and combines that with analysis to try to figure out what's wrong.

So this is a software agent that's going to collect system data and logs for analysis by monitoring the system to provide early detection of threats. Now, because of that, the aim of EDR is not to prevent an initial execution but instead to provide runtime and historical visibility into a compromise. And once you've been detected, it can start responding to that, and it helps you as an incident responder to gather more information and facilitate your remediation to get it back to its original state. The final one we want to talk about here is UEBA, which is User and Entity Behavior Analytics. This is a system that can provide automated identification of suspicious activity by user accounts and computer hosts. Now this solution is less about endpoint data collection and more about the actual process of analyzing the data you're getting. The idea here is to have a baseline of good knowledge and then we're going to compare anything that goes outside that baseline to start thinking that it might be suspicious and look into it further. Now a lot of UEBA is focused on analytics, and because of that, there's a lot of data that has to be processed. So UEBA solutions are heavily dependent on advanced computing techniques — things like artificial intelligence and machine learning. There are a lot of these different players in the marketplace that are doing UEBA. Two of the big ones out there right now are Microsoft and Spelunk. Microsoft has Microsoft Advanced Threat Analytics. You can see this diagram here on the screen. Essentially, we have some unknown threat that comes in. It goes into some sort of sandbox environment for detonation.

Based on that, it creates a heuristic-based behavioral model of what it saw. It passes that into machine learning and, based on machine learning models, it will decide whether or not this is really a threat or not a threat. And based on that, it will let that message go through. Now, on the other hand, Spelunk is another one out there, and it's called Spelunk User Behavior Analytics. This tool will allow you to get all that data into a nice dashboard so your analysts can go through it and see what threats there are, what anomalies there are, how many users you have, how many devices you have, and all the different statistics. And you can drill down into each area of that and look at all the analytics and make your decisions based on that. Now I know we have just covered these five different technologies. And we try to keep it very clear-cut and say, "This one does this and that one does that." But as with everything in security, things evolve and things merge together. As a result, many companies are now beginning to market advanced threat protection (ATP), advanced endpoint protection (AEP), and Neaten AV (NGAV). And all of this becomes essentially a hybrid of the various technologies we discussed previously, such as the end point protection platform, end point detection response, or user and entity behavioral analytics.

Prepared by Top Experts, the top IT Trainers ensure that when it comes to your IT exam prep and you can count on ExamSnap CompTIA CySA+ Certification Exam (CS0-002) certification video training course that goes in line with the corresponding CompTIA CS0-002 exam dumps, study guide, and practice test questions & answers.

Comments (0)

Add Comment

Please post your comments about CS0-002 Exams. Don't share your email address asking for CS0-002 braindumps or CS0-002 exam pdf files.

Add Comment

Only Registered Members can View Training Courses

Please fill out your email address below in order to view Training Courses. Registration is Free and Easy, You Simply need to provide an email address.

  • Trusted by 1.2M IT Certification Candidates Every Month
  • Hundreds Hours of Videos
  • Instant download After Registration

Already Member? Click here to Login

A confirmation link will be sent to this email address to verify your login

UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.