Lesson 1: Explaining the Importance of Security Controls and Security Intelligence

Topic 1A: Identify Security Control Types

Review Activity: Security Control Types

Identify Security Control Types
CYBERSECURITY ROLES AND RESPONSIBILITIES Cybersecurity refers to the protection of personal or organizational informationor information resources from unauthorized access, attacks, theft, or datadamage over computer or electronic systems and networks. A cybersecurity analyst is a senior position…

Topic 1B: Explain the Importance of Threat Data and Intelligence

Review Activity: Threat Data and Intelligence

The Importance of Threat Data and Intelligence
SECURITY INTELLIGENCE AND THREAT INTELLIGENCE Security intelligence is the process through which data generated in the ongoinguse of information systems is collected, processed, integrated, evaluated,analyzed, and interpreted to provide insights into the security status of thosesystems. While mo…

Lesson 1: Practice Questions

The Importance of Security Controls and Security Intelligence - Practice Questions
Question 1 A security firm hires a new cybersecurity analyst. The CIO mentions that hehired the candidate due to having exceptional soft skills. Which relevant skillsto the position does the CIO refer to? Select all that apply. A.Creative thinking[https://learn.comptia.org/app/trial-course-certmaster-learn-and-certmaster-labs-for-cysa-exam-cs0-002#…

Lesson 1 PBQ: Explaining the Importance of Security Controls and Security Intelligence

The Importance of Security Controls and Security Intelligence - Performance-based Questions
An insurance firm contracted you as a security expert. The firm has changedownership many times and does not have any IT presence or systems use policiesand procedures in place. Currently, the data center is accessible to anyemployee or visitor at any time of the day. As a result, the company’s…

Lesson 2: Utilizing Threat Data and Intelligence

Topic 2A: Classify Threats and Threat Actor Types

Review Activity: Threats and Threat Actor Types

Classify Threats and Threat Actor Types
Lesson IntroductionCybersecurity is a mature discipline with well-established terminology andprocedures. Part of this terminology concerns the identification of threats andthreat actors, and of attack frameworks and indicators. You must be able to usethreat intelligence and attack frameworks to …

Topic 2B: Utilize Attack Frameworks and Indicator Management

Review Activity: Attack Frameworks and Indicator Management

Utilize Attack Frameworks and Indicator Management
EXAM OBJECTIVES COVERED 1.1 Explain the importance of threat data and intelligence. 1.2 Given a scenario, utilize threat intelligence to support organizationalsecurity. While classifying threat actor types provides basic insights into adversarymotivations and capabilities, the diversity of thre…

Topic 2C: Utilize Threat Modeling and Hunting Methodologies

Review Activity: Threat Modeling and Hunting Methodologies

Utilize Threat Modeling and Hunting Methodologies
EXAM OBJECTIVES COVERED 1.2 Given a scenario, utilize threat intelligence to support organizationalsecurity. 3.3 Explain the importance of proactive threat hunting. Intelligence-driven defense lends itself to proactive techniques for securing ITsystems. Knowledge of adversary TTPs can be used f…

Lesson 2: Practice Questions

Lesson 2 PBQ: Utilizing Threat Data and Intelligence

Utilizing Threat Data and Intelligence - Practice Questions
Question 1An engineer implements the Johari window to classify threats into quadrants.Which quadrant represents risks identified, but discarded? 1. Known unknowns 2. Known knowns 3. Unknown knowns 4. Unknown unknowns SolutionThe “unknown knowns” quadrant represents risks that are documented…

Lesson 3: Analyzing Security Monitoring Data

Topic 3A: Analyze Network Monitoring Output

Review Activity: Network Monitoring Output Analysis

Analyzing Security Monitoring Data
Lesson IntroductionSecurity information derives from network packet captures, traffic monitoring,and logs from security appliances and network application services. A monitoringtool is software that collects this data from hosts and network appliances foranalysis and is the basis for an alerting…

Topic 3B: Analyze Appliance Monitoring Output

Review Activity: Appliance Monitoring Output Analysis

Analyze Appliance Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. 3.2 Given a scenario, implement configuration changes to existing controls toimprove security. A large amount of security information derives from network security appliances,such as firewalls …

Topic 3C: Analyze Endpoint Monitoring Output

Review Activity: Endpoint Monitoring Output Analysis

Analyze Endpoint Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. 3.2 Given a scenario, implement configuration changes to existing controls toimprove security. Network-based monitoring systems can be supplemented with host-based monitoring.While host-based d…

Topic 3D: Analyze Email Monitoring Output

Review Activity: Email Monitoring Output Analysis

Analyze Email Monitoring Output
EXAM OBJECTIVES COVERED 3.1 Given a scenario, analyze data as part of security monitoring activities. Email remains one of the primary vectors for intrusion and data exfiltrationattacks. As an analyst, you should be able to validate that email systems areconfigured to be as secure as possible an…

Lesson 3: Practice Questions

Lesson 3 PBQ: Analyzing Security Monitoring Data

Analyzing Security Monitoring Data - Practice Questions
Question 1A system analyst decides to run a packet capture after reading about a securitybreach in an industry newsletter. The engineer uses tcpdump on a Linuxworkstation and requires that output written onto a file. Evaluate the availablecommand switches for the tcpdump command and determine wh…