Lesson 1: Explaining the Importance of Security Controls and Security Intelligence
Topic 1A: Identify Security Control Types
Review Activity: Security Control Types
Identify Security Control Types
CYBERSECURITY ROLES AND RESPONSIBILITIES Cybersecurity refers to the protection of personal or organizational informationor information resources from unauthorized access, attacks, theft, or datadamage over computer or electronic systems and networks. A cybersecurity analyst is a senior position…
Andrew Herd
Topic 1B: Explain the Importance of Threat Data and Intelligence
Review Activity: Threat Data and Intelligence
The Importance of Threat Data and Intelligence
SECURITY INTELLIGENCE AND THREAT INTELLIGENCE Security intelligence is the process through which data generated in the ongoinguse of information systems is collected, processed, integrated, evaluated,analyzed, and interpreted to provide insights into the security status of thosesystems. While mo…
Andrew HerdLesson 1: Practice Questions
The Importance of Security Controls and Security Intelligence - Practice Questions
Question 1 A security firm hires a new cybersecurity analyst. The CIO mentions that hehired the candidate due to having exceptional soft skills. Which relevant skillsto the position does the CIO refer to? Select all that apply. A.Creative thinking[https://learn.comptia.org/app/trial-course-certmaster-learn-and-certmaster-labs-for-cysa-exam-cs0-002#…
Andrew HerdLesson 1 PBQ: Explaining the Importance of Security Controls and Security Intelligence
The Importance of Security Controls and Security Intelligence - Performance-based Questions
An insurance firm contracted you as a security expert. The firm has changedownership many times and does not have any IT presence or systems use policiesand procedures in place. Currently, the data center is accessible to anyemployee or visitor at any time of the day. As a result, the company’s…
Andrew HerdLesson 2: Utilizing Threat Data and Intelligence
Topic 2A: Classify Threats and Threat Actor Types
Review Activity: Threats and Threat Actor Types
Classify Threats and Threat Actor Types
Lesson IntroductionCybersecurity is a mature discipline with well-established terminology andprocedures. Part of this terminology concerns the identification of threats andthreat actors, and of attack frameworks and indicators. You must be able to usethreat intelligence and attack frameworks to …
Andrew HerdTopic 2B: Utilize Attack Frameworks and Indicator Management
Review Activity: Attack Frameworks and Indicator Management
Utilize Attack Frameworks and Indicator Management
EXAM OBJECTIVES COVERED 1.1 Explain the importance of threat data and intelligence. 1.2 Given a scenario, utilize threat intelligence to support organizationalsecurity. While classifying threat actor types provides basic insights into adversarymotivations and capabilities, the diversity of thre…
Andrew HerdTopic 2C: Utilize Threat Modeling and Hunting Methodologies
Review Activity: Threat Modeling and Hunting Methodologies
Utilize Threat Modeling and Hunting Methodologies
EXAM OBJECTIVES COVERED 1.2 Given a scenario, utilize threat intelligence to support organizationalsecurity. 3.3 Explain the importance of proactive threat hunting. Intelligence-driven defense lends itself to proactive techniques for securing ITsystems. Knowledge of adversary TTPs can be used f…
Andrew HerdLesson 2: Practice Questions
Lesson 2 PBQ: Utilizing Threat Data and Intelligence
Utilizing Threat Data and Intelligence - Practice Questions
Question 1An engineer implements the Johari window to classify threats into quadrants.Which quadrant represents risks identified, but discarded? 1. Known unknowns 2. Known knowns 3. Unknown knowns 4. Unknown unknowns SolutionThe “unknown knowns” quadrant represents risks that are documented…
Andrew HerdLesson 3: Analyzing Security Monitoring Data
Topic 3A: Analyze Network Monitoring Output
Review Activity: Network Monitoring Output Analysis
Analyzing Security Monitoring Data
Lesson IntroductionSecurity information derives from network packet captures, traffic monitoring,and logs from security appliances and network application services. A monitoringtool is software that collects this data from hosts and network appliances foranalysis and is the basis for an alerting…
Andrew HerdTopic 3B: Analyze Appliance Monitoring Output
Review Activity: Appliance Monitoring Output Analysis
Analyze Appliance Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. 3.2 Given a scenario, implement configuration changes to existing controls toimprove security. A large amount of security information derives from network security appliances,such as firewalls …
Andrew HerdTopic 3C: Analyze Endpoint Monitoring Output
Review Activity: Endpoint Monitoring Output Analysis
Analyze Endpoint Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. 3.2 Given a scenario, implement configuration changes to existing controls toimprove security. Network-based monitoring systems can be supplemented with host-based monitoring.While host-based d…
Andrew HerdTopic 3D: Analyze Email Monitoring Output
Review Activity: Email Monitoring Output Analysis
Analyze Email Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. Email remains one of the primary vectors for intrusion and data exfiltrationattacks. As an analyst, you should be able to validate that email systems areconfigured to be as secure as possible an…
Andrew HerdLesson 3: Practice Questions
Lesson 3 PBQ: Analyzing Security Monitoring Data
Analyzing Security Monitoring Data - Practice Questions
Question 1A system analyst decides to run a packet capture after reading about a securitybreach in an industry newsletter. The engineer uses tcpdump on a Linuxworkstation and requires that output written onto a file. Evaluate the availablecommand switches for the tcpdump command and determine wh…
Andrew Herd