CompTIA Cybersecurity Analyst CySA+ Certification Exam Preparation Tips and TricksNov 06, 2022
So what is a Cybersecurity Analyst?
A Cybersecurity Analyst is a professional who helps design and implement security systems to protect an organization's computer networks from cyber attacks.
The CompTIA Cybersecurity Analyst (CySA+) certification is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
What does the exam help you validate for skillsets?
The CySA+ is for IT professionals looking to gain the following security analyst skills:
- Configure and use threat detection tools.
- Perform data analysis.
- Interpret the results to identify vulnerabilities, threats and risks to an organization.
- Identify tools and techniques to use to perform an environmental reconnaissance of a target network or security system.
- Collect, analyze, and interpret security data from multiple log and monitoring sources.
- Use network host and web application vulnerability assessment tools and interpret the results to provide effective mitigation.
- Understand and remediate identity management, authentication, and access control issues.
- Participate in a senior role within an incident response team and use forensic tools to identify the source of an attack.
- Understand the use of frameworks, policies, and procedures and report on security architecture with recommendations for effective compensating controls
Tips and Trick to know before taking the exam!
Tip # 1 GET TO KNOW NIST FRAMEWORK
Guide for Assessing the Security Controls in Federal Information Systems and Organizations
The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal information systems, specifically those controls listed in NIST Special Publication 800-53 (as amended),
Tip # 2 GET TO KNOW FIPS 200 FRAMEWORK
- ESSENCE OF FIPS 200 - MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS
- FIPS 200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems.
- For the actual requirements, it refers to NIST Special Publication 800-53 and says that federal agencies must meet its requirements. https://doi.org/10.6028/NIST.FIPS.200
Tip # 3 GET TO KNOW The Federal Information Security Management Act of 2002
This act was updated in Public Law 113 to Federal Information Security Modernization Act of 2014. For more information, see http://csrc.nist.gov/groups/SMA/fisma/overview.html.
- Protecting the Nation's Critical Information Infrastructure
Tip # 4 GET TO KNOW SNORT
Snort is a packet sniffer that monitors network traffic, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.
Snort is one of the leading tools among enterprise intrusion prevention and detection tools, users can compile Snort on most Linux operating systems (OSes) or Unix.
Tip # 5 GET TO KNOW Wireshark
Wireshark is an open-source and free network analyzer. It’s a piece of software that allows you to capture data packets from a private or public network connection. Wireshark also gives you the freedom to browse the data traffic going through the network and interact with it in real-time.
Tip # 6 GET TO KNOW Solarwinds
SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months.
Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department.
Tip # 7 GET TO KNOW SPLUNK
Splunk is an analytics-driven SIEM tool that collects, analyzes, and correlates high volumes of network and other machine data in real-time.
Tip # 8 GET TO NAGIOS
Nagios is a widely used open source monitoring system for computer systems. It was designed to run on the Linux operating system and can monitor devices running Linux, Windows and Unix operating systems (OSes). Nagios software runs periodic checks on critical parameters of application, network and server resources.
Tip # 9 GET TO BRO
Tip # 10 GET TO LEARN NMAP Commands
Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
TCP SYN (-sS) - half-open scanning
TCP connect (-sT) - if privileged driver access is not available, Nmap has to use the OS to attempt a full TCP connection
TCP flags - set TCP headers in unusual ways
Xmas scan (-sX)
UDP scans (-sU)
Port range (-p)
IDS Intrusion Detection Systems
Open-source with binaries for most OS
Subscription-based or community-authored ruleset updates
- Bro Network Security Monitor
- Using regular expressions (regex
Types of IDS
- Behavior-based (baseline and heuristics)
Comparing Analysis Methods
- Signature-based detection
Only as good as last update
Malware can use code obfuscation / encryption to evade detection
Signatures do not identify every tool available to adversaries
- Behavior-based detection
More comprehensive response
Difficult to tune (eliminate false positives)
- Know what are the basics of Firewall Configurations
- Types of firewall to deploy (perimeter, LAN segment, host, application)
- Ruleset (tuples) and implicit deny (drop / reject)
Know the Firewall Protocols
- IP (Internet Protocol) - the main delivery system for information over the Internet
- TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
- HTTP (Hyper Text Transfer Protocol) - used for Web pages
- FTP (File Transfer Protocol) - used to download and upload files
- UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
- ICMP (Internet Control Message Protocol) - exchange the information with other routers
- SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
- SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
- Telnet - used to perform commands on a remote computer
- Incoming and outgoing logging review
- What do you log.. Do you Log everything?
- Events per second
- Storage capacity
- Denied incoming – identify attempted scans and intrusions
- Accepted incoming – identify suspicious traffic patterns
- Accepted outgoing – identify malware operating on the local network / data breach, …
- Denied outgoing – identify malware attempting to connect to the Internet
- Check Resources, filter verbose events (debug, informational, notifications)
- PIX (Private Internet eXchange)
- Adaptive Security Appliance (ASA)
- Juniper Networks (SRX)
- Vendors (IBM, HP, Dell)
- Check Point
- Palo Alto
- Outbound proxy
- Force clients to connect to web / mail services via the proxy
- Proxy can filter traffic and strip out malformed packets
- Transparent or non-transparent (client must be configured with proxy IP and port)
- Inbound (reverse) proxy
- Publishes content from a protected private server to a public (internet-facing) server
- Again, can filter requests for malicious content
DOD and ISO
- CySA+ is ISO/ANSI 17024 accredited and is approved by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements.
- The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals.
- Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification.
- What are the six rules of engagement for pen testing?
--- Timing, scope, authorization, exploitation, communication, and reporting
- What classes of security control are identified by the CSA+ syllabus? ------
--- Physical, logical, and administrative
- What is firewalking in the security industry?
--- Its a technique for probing the rules configured on a firewall.
- What are the TWO principal factors involved in calculating risk?
- What type of policy might include or supplement a BYOD policy?
---- AUP Acceptable Use Policy
- What part of the NIST Cybersecurity Framework is used to provide a statement of current cybersecurity outcomes?
---- Framework Profile
Know the correct flow of the Kill Chain.
- Planning, reconnaissance, weaponization / exploit, lateral discovery, data exfiltration, retreat
Know the function –A in NMAP.
- Performs service detection (verify that the packets delivered over a port correspond to the "well known" protocol associated with that port) and version detection (using the scripts marked "default").
Know the tools for passive social recon
- Web search ("Google Hacking"), email harvesting, social media harvesting, DNS harvesting, and website ripping
Know the Security Controls
- Physical, Logical and administrative
Know the Security Controls defined as:
- Terms of their function (preventive, detective, deterring, and so on). A Course of Action matrix maps the controls available for each type of function to adversary tools and tactics.
What are the three main types of fuzzer?
- Application UI, protocol, and file format.
What type of reverse engineering tool recovers the programming language source code from a binary file?
What is Firewalking
- A technique for probing the rules configured on a firewall
Know about why to use Sysinternals.
- Sysinternals Suite contains a number of tools for investigating the properties of Windows hosts. You can use the tools to investigate processes, autoruns, access permissions, and so on.
END comptia cybersecurity analyst (cysa+) exam cost comptia cysa+ exam objectives
Join TechCommanders Today.
Over 60 Courses and Practice Questions!
Coaching and CloudINterviewACE
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.