Chapter
Answer to the Assessment Test
Chapter 1 Defending Against Cybersecurity Threats
Evaluating Security Risks
Determine Likelihood, Impact, and Risk
Building a Secure Network
Firewalls and Network Perimeter Security
Defense through Deception
Secure Endpoint Management
Hardening System Configurations
Endpoint Security Software
Planning a Penetration Test
Executing a Penetration Test
Communicating Penetration Test Results
Reverse Engineering Software
Reverse Engineering Hardware
Activity 1.1: Create an Inbound Firewall Rule
Activity 1.2: Create a Group Policy Object
Activity 1.3: Write a Penetration Testing Plan
Activity 1.4: Security Tools
Chapter 2 Reconnaissance and Intelligence Gathering
Mapping Networks and Discovering Topology
Port Scanning and Service Discovery Techniques and Tools
Log and Configuration Analysis
Harvesting Data from DNS and Whois
Information Aggregation and Analysis Tools
Information Gathering Using Packet Capture
Gathering Organizational Intelligence
Electronic Document Harvesting
Detecting, Preventing, and Responding to Reconnaissance
Capturing and Analyzing Data to Detect Reconnaissance
Preventing Reconnaissance
Activity 2.1: Port Scanning
Activity 2.2: Write an Intelligence Gathering Plan
Activity 2.3: Intelligence Gathering Techniques
Chapter 3 Designing a Vulnerability Management Program
Identifying Vulnerability Management Requirements
Determining Scan Frequency
Configuring and Executing Vulnerability Scans
Scoping Vulnerability Scans
Configuring Vulnerability Scans
Developing a Remediation Workflow
Reporting and Communication
Testing and Implementing Fixes
Overcoming Barriers to Vulnerability Scanning
Activity 3.1: Installing a Vulnerability Scanner
Activity 3.2: Running a Vulnerability Scan
Chapter 4 Analyzing Vulnerability Scans
Reviewing and Interpreting Scan Reports
Understanding Informational Results
Reconciling Scan Results with Other Data Sources
Server and Endpoint Vulnerabilities
Virtualization Vulnerabilities
Web Application Vulnerabilities
Activity 4.1: Interpreting a Vulnerability Scan
Activity 4.2: Analyzing a CVSS Vector
Activity 4.3: Remediating a Vulnerability
Chapter 5 Building an Incident Response Program
Phases of Incident Response
Containment, Eradication, and Recovery
Building the Foundation for Incident Response
Documenting the Incident Response Plan
Creating an Incident Response Team
Incident Response Providers
Coordination and Information Sharing
Activity 5.1: Incident Severity Classification
Activity 5.2: Incident Response Phases
Activity 5.3: Developing an Incident Communications Plan
Chapter 6 Analyzing Symptoms for Incident Response
Detecting Common Network Issues
Handling Network Probes and Attacks
Detecting Scans and Probes
Detecting Denial-of-Service and Distributed Denial-of-Service Attacks
Detecting Other Network Attacks
Detecting and Finding Rogue Devices
Investigating Host Issues
Malware and Unauthorized Software
Unauthorized Access, Changes, and Privileges
Investigating Service and Application Issues
Application and Service Monitoring
Application and Service Issue Response and Restoration
Detecting Attacks on Applications
Activity 6.1: Identify a Network Scan
Activity 6.2: Write a Service Issue Response Plan
Activity 6.3: Security Tools
Chapter 7 Performing Forensic Analysis
Building a Forensics Capability
Building a Forensic Toolkit
Training and Certification
Understanding Forensic Software
Capabilities and Application
Conducting a Forensic Investigation
Acquiring and Validating Drive Images
Forensic Investigation: An Example
Importing a Forensic Image
Activity 7.1: Create a Disk Image
Activity 7.2: Conduct the NIST Rhino Hunt
Activity 7.3: Security Tools
Chapter 8 Recovery and Post-Incident Response
Evidence Gathering and Handling
Incident Eradication and Recovery
Reconstruction and Reimaging
Patching Systems and Applications
Sanitization and Secure Disposal
Validating the Recovery Effort
Managing Change Control Processes
Conducting a Lessons-Learned Session
Developing a Final Report
Activity 8.1: Incident Containment Options
Activity 8.2: Incident Response Activities
Activity 8.3: Sanitization and Disposal Techniques
Chapter 9 Policy and Compliance
Understanding Policy Documents
Exceptions and Compensating Controls
Complying with Laws and Regulations
Adopting a Standard Framework
NIST Cybersecurity Framework
Control Objectives for Information and Related Technologies (COBIT)
Sherwood Applied Business Security Architecture (SABSA)
The Open Group Architecture Framework (TOGAF)
Information Technology Infrastructure Library (ITIL)
Implementing Policy-Based Controls
Security Control Verification and Quality Control
Activity 9.1: Policy Documents
Activity 9.2: Using a Cybersecurity Framework
Activity 9.3: Compliance Auditing Tools
Chapter 10 Defense-in-Depth Security Architectures
Understanding Defense in Depth
Control Types and Classification
Implementing Defense in Depth
Layered Security and Network Design
Logging, Monitoring, and Validation
Policy, Process, and Standards
Outsourcing and Personnel Security
Analyzing Security Architecture
Analyzing Security Requirements
Reviewing a Security Architecture
Maintaining a Security Design
Activity 10.1: Review an Application Using the OWASP Application Security Architecture Cheat Sheet
Activity 10.2: Review a NIST Security Architecture
Activity 10.3: Security Architecture Terminology
Chapter 11 Identity and Access Management Security
Identity Systems and Security Design
Threats to Identity and Access
Understanding Security Issues with Identities
Attacking AAA Systems and Protocols
Targeting Account Creation, Provisioning, and Deprovisioning
Preventing Common Exploits of Identity and Authorization
Identity as a Security Layer
Identity and Defense-in-Depth
Securing Authentication and Authorization
Detecting Attacks and Security Operations
Understanding Federated Identity and Single Sign-On
Federated Identity Security Considerations
Federated Identity Design Choices
Federated Identity Technologies
Federation Incident Response
Activity 11.1: Federated Security Scenario
Activity 11.2: Onsite Identity Issues Scenario
Activity 11.3: Identity and Access Management Terminology
Chapter 12 Software Development Security
Understanding the Software Development Life Cycle
Software Development Phases
Software Development Models
Designing and Coding for Security
Common Software Development Security Issues
Secure Coding Best Practices
Information Security and the SDLC
Software Security Testing
Analyzing and Testing Code
Web Application Vulnerability Scanning
Activity 12.1: Review an Application Using the Owasp Application Security Architecture Cheat Sheet
Activity 12.2: Learn about Web Application Exploits from WebGoat
Activity 12.3: SDLC Terminology
Chapter 13 Cybersecurity Toolkit
Antimalware and Antivirus
Monitoring and Analysis Tools
Security Information and Event Management (SIEM)
Scanning and Testing Tools
Password Cracking and Recovery
Network Intrusion Detection and Prevention
Host Intrusion Prevention
Command-Line Network Tools
Web Application Security Tools
Web Application Firewalls
Appendix A Answers to the Review Questions
Chapter 1: Defending Against Cybersecurity Threats
Chapter 2: Reconnaissance and Intelligence Gathering
Chapter 3: Designing a Vulnerability Management Program
Chapter 4: Analyzing Vulnerability Scans
Chapter 5: Building an Incident Response Program
Chapter 6: Analyzing Symptoms for Incident Response
Chapter 7: Performing Forensic Analysis
Chapter 8: Recovery and Post-Incident Response
Chapter 9: Policy and Compliance
Chapter 10: Defense-in-Depth Security Architectures
Chapter 11: Identity and Access Management Security
Chapter 12: Software Development Security
Appendix B Answers to the Lab Exercises
Chapter 1: Defending Against Cybersecurity Threats
Chapter 2: Reconnaissance and Intelligence Gathering
Chapter 4: Analyzing Vulnerability Scans
Chapter 5: Building an Incident Response Program
Chapter 6: Analyzing Symptoms for Incident Response
Chapter 7: Performing Forensic Analysis
Chapter 8: Recovery and Post-Incident Response
Chapter 9: Policy and Compliance
Chapter 10: Defense-in-Depth Security Architectures
Chapter 11: Identity and Access Management Security
Chapter 12: Software Development Security
CompTIA Cybersecurity Analyst (CSA+) Study Guide
:Exam CS0-001
Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.
