CompTIA CySA+ Study Guide: Exam CS0-001

Cybersecurity Analyst (CySA+™)

Study Guide

Exam CS0-001

Mike Chapple

David Seidl

Senior Acquisitions Editor: Kenyon Brown

Development Editor: David Clark

Technical Editor: Robin Abernathy

Production Editor: Rebecca Anderson

Copy Editor: Elizabeth Welch

Editorial Manager: Mary Beth Wakefield

Production Manager: Kathleen Wisor

Executive Editor: Jim Minatel

Book Designers: Judy Fung and Bill Gibson

Proofreader: Kim Wimpsett

Indexer: Ted Laux

Project Coordinator, Cover: Brent Savage

Cover Designer: Wiley

Cover Image: ©Getty Images Inc./Jeremy Woodhouse

Copyright © 2017 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-34897-9

ISBN: 978-1-119-34991-4 (ebk.)

ISBN: 978-1-119-34988-4 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2017935704

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and CySA+ are trademarks or registered trademarks of CompTIA Properties, LLC. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

I dedicate this book to my father, who was a role model of the value of hard work, commitment to family, and the importance of doing the right thing. Rest in peace, Dad.

—Mike Chapple

This book is dedicated to Ric Williams, my friend, mentor, and partner in crime through my first forays into the commercial IT world. Thanks for making my job as a network janitor one of the best experiences of my life.

—David Seidl

Acknowledgments

Books like this involve work from many people, and as authors, we truly appreciate the hard work and dedication that the team at Wiley shows. We would especially like to thank senior acquisitions editor Kenyon Brown. We have worked with Ken on multiple projects and consistently enjoy our work with him.

We also greatly appreciated the editing and production team for the book, including David Clark, our developmental editor, who brought years of experience and great talent to the project, Robin Abernathy, our technical editor, who provided insightful advice and gave wonderful feedback throughout the book, and Becca Anderson, our production editor, who guided us through layouts, formatting, and final cleanup to produce a great book. We would also like to thank the many behind-the-scenes contributors, including the graphics, production, and technical teams who make the book and companion materials into a finished product.

Our agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful opportunities, advice, and assistance throughout our writing careers.

Finally, we would like to thank our families and significant others who support us through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press.

About the Authors

Mike Chapple, Ph.D., CySA+, is author of the best-selling CISSP (ISC)² Certified Information Systems Security Professional Official Study Guide (Sybex, 2015) and the CISSP (ISC)² Official Practice Tests (Sybex 2016). He is an information security professional with two decades of experience in higher education, the private sector, and government.

Mike currently serves as senior director for IT Service Delivery at the University of Notre Dame. In this role, he oversees the information security, data governance, IT architecture, project management, strategic planning, and product management functions for Notre Dame. Mike also serves as Associate Teaching Professor in the university’s IT, Analytics, and Operations department, where he teaches undergraduate and graduate courses on cybersecurity, data management, and business analytics.

Before returning to Notre Dame, Mike served as executive vice president and chief information officer of the Brand Institute, a Miami-based marketing consultancy. Mike also spent four years in the information security research group at the National Security Agency and served as an active duty intelligence officer in the U.S. Air Force.

Mike is technical editor for Information Security Magazine and has written more than 25 books. He earned both his B.S. and Ph.D. degrees from Notre Dame in computer science and engineering. Mike also holds an M.S. in computer science from the University of Idaho and an MBA from Auburn University. Mike holds the Cybersecurity Analyst+ (CySA+), Security+, and Certified Information Systems Security Professional (CISSP) certifications.

David Seidl is the senior director for Campus Technology Services at the University of Notre Dame. As the senior director for CTS, David is responsible for central platform and operating system support, database administration and services, identity and access management, application services, email and digital signage, and document management.

During his over 20 years in information technology, he has served in a variety of leadership, technical, and information security roles, including leading Notre Dame’s information security team as Notre Dame’s director of information security. He currently teaches a popular course on networking and security for Notre Dame’s Mendoza College of Business and has written books on security certification and cyberwarfare, including co-authoring CISSP (ISC)² Official Practice Tests (Sybex 2016).

David holds a bachelor’s degree in communication technology and a master’s degree in information security from Eastern Michigan University, as well as CISSP, GPEN, and GCIH certifications.

CONTENTS

Acknowledgments

About the Authors

Introduction

What Does This Book Cover?

Setting Up a Kali and Metasploitable Learning Environment

Setting Up Your Environment

Objectives Map for CompTIA Cybersecurity Analyst (CySA+) Exam CS0-001

Objectives Map

Assessment Test

Answer to the Assessment Test

Chapter 1 Defending Against Cybersecurity Threats

Cybersecurity Objectives

Evaluating Security Risks

Building a Secure Network

Secure Endpoint Management

Penetration Testing

Reverse Engineering

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 2 Reconnaissance and Intelligence Gathering

Footprinting

Passive Footprinting

Gathering Organizational Intelligence

Detecting, Preventing, and Responding to Reconnaissance

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 3 Designing a Vulnerability Management Program

Identifying Vulnerability Management Requirements

Configuring and Executing Vulnerability Scans

Developing a Remediation Workflow

Overcoming Barriers to Vulnerability Scanning

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 4 Analyzing Vulnerability Scans

Reviewing and Interpreting Scan Reports

Validating Scan Results

Common Vulnerabilities

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 5 Building an Incident Response Program

Security Incidents

Phases of Incident Response

Building the Foundation for Incident Response

Creating an Incident Response Team

Coordination and Information Sharing

Classifying Incidents

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 6 Analyzing Symptoms for Incident Response

Analyzing Network Events

Handling Network Probes and Attacks

Investigating Host Issues

Investigating Service and Application Issues

Summary

Exam Essentials

Lab Exercises

Review Questions

Chapter 7 Performing Forensic Analysis

Building a Forensics Capability

Understanding Forensic Software