CompTIA CySA+ (Exam: CS0-003) Courseware

This courseware covers the skills needed to become a cybersecurity analyst. The student will learn threat intelligence and threat hunting concepts and techniques along with the ability to identify and analyze malicious activity.

In addition, the student will learn incident response and vulnerability management so they can properly report and communicate to all stakeholders in an organization.

Course Outline

Module 1 Security Operations

The importance of system and network architecture concepts in security operations

●        Log ingestion

●        Operating system (OS) concepts

●        Infrastructure concepts

●        Network architecture

●        Identity and access management

●        Encryption

●        Sensitive data protection

Analyze indicators of potentially malicious activity

●        Network activity

●        Host-related

●        Application-related

●        Social engineering and obfuscated links

Module 2 Threat Hunting Concepts and Tools

Use appropriate tools or techniques to determine malicious activity

●        Tools

●        Common techniques

●        Programming languages/scripting

Threat-intelligence and threat-hunting concepts

●        Threat actors

●        Tactics, techniques, and procedures (TTP)

●        Confidence levels

●        Collection methods and sources

●        Threat hunting

Module 3 Process Improvement and Vulnerability Methods

The importance of efficiency and process improvement in security operations

●        Standardize processes

●        Streamline operations

●        Technology and tool integration

●        Single pane of glass

Implement vulnerability scanning methods and concepts

●        Asset discovery

●        Special considerations

●        Internal vs. external scanning

●        Credentialed vs. non-credentialed

●        Passive vs. active

●        Static vs. dynamic

●        Critical infrastructure

●        Security baseline scanning

●        Industry frameworks

Module 4 Data and Vulnerability Prioritization

Analyze output from vulnerability assessment tools

●        Network scanning and mapping

●        Web application scanners

●        Vulnerability scanners

●        Debuggers

●        Multipurpose

●        Cloud infrastructure assessment tools

Analyze data to prioritize vulnerabilities

●        Common Vulnerability Scoring System (CVSS) interpretation

●        Validation

●        Context awareness

●        Exploitability/weaponization

●        Asset value

●        Zero-day

Module 5 Mitigation Techniques

Recommend controls to mitigate attacks and software vulnerabilities

●        Cross-site scripting

●        Overflow vulnerabilities

●        Data poisoning

●        Broken access control

●        Cryptographic failures

●        Injection flaws

●        Cross-site request forgery

●        Directory traversal

●        Insecure design

●        Security misconfiguration

●        End-of-life or outdated components

●        Identification and authentication failures

●        Server-side request forgery

●        Remote code execution

●        Privilege escalation

●        Local file inclusion (LFI)/remote file inclusion (RFI)

Module 6 Patching and Securing Data

Concepts related to vulnerability response, handling, and management

●        Compensating control

●        Control types

●        Patching and configuration management

●        Exceptions

●        Risk management principles

●        Policies, governance, and service level objectives (SLOs)

●        Prioritization and escalation

●        Attack surface management

●        Secure coding best practices

●        Secure software development life cycle (SDLC)

●        Threat modeling

Module 7 Attacks Methods and Responses

Attack methodology frameworks

●        Cyber kill chains

●        Diamond Model of Intrusion Analysis

●        MITRE ATT&CK

●        Open Source Security Testing Methodology Manual (OSSTMM)

●        OWASP Testing Guide

Perform incident response activities

●        Detection and analysis

●        Containment, eradication, and recovery

Preparation and post-incident activity phases of the incident management life cycle

●        Preparation

●        Post-incident activity

Module 8 Reporting

The importance of vulnerability management reporting

●        Vulnerability management reporting

●        Compliance reports

●        Action plans

●        Metrics and key performance indicators (KPIs)

●        Stakeholder identification and communication

Module 9 Communication

The importance of communication

●        Stakeholder identification and communication

●        Incident declaration and escalation

●        Incident response reporting

●        Communications

●        Root cause analysis

●        Lessons learned

●        Metrics and KPIs