CompTIA CySA+

Objectives and Outcomes

CompTIA is a not-for-profit trade association with the purpose of advancing the interests of IT professionals and IT channel organizations and its industry-leading IT certifications are an important part of that mission. CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.

This CertMaster™ Learn course will prepare you to take the CompTIA CySA+ (CS0-002) exam by providing 100% coverage of the exam objectives. Study of the course can also help to prepare you make data-driven cloud recommendations for your business.

On course completion, you will be able to:

  • Collect and use cybersecurity intelligence and threat data.
  • Identify modern cybersecurity threat actors types and tactics, techniques, and procedures.
  • Analyze data collected from security and event logs and network packet captures.
  • Respond to and investigate cybersecurity incidents using forensic analysis techniques.
  • Assess information security risk in computing and network environments.
  • Implement a vulnerability management program.
  • Address security issues with an organization‘s network architecture.
  • Understand the importance of data governance controls.
  • Address security issues with an organization‘s software development life cycle.
  • Address security issues with an organization‘s use of cloud and service-oriented architecture.

Kurikulum Kursus

  • Modul 1

    Modul 01 : Menjelaskan Pentingnya Kontrol Keamanan dan Intelijen Keamanan

    • Identifikasi Jenis Kontrol Keamanan
    • Peran dan Tanggung Jawab Cybersecurity
    • Security Operations Center (SOC)
    • Kategori Kontrol Keamanan
    • Jenis Fungsi Kontrol Keamanan
    • Seleksi Kontrol Keamanan Berdasarkan Persyaratan CIA
    • Pentingnya Data dan Intelijen Ancaman
    • Intelijen Keamanan dan Intelijen Ancaman
    • Security Intelligence Cycle—Requirements and Collection
    • Sumber Intelijen Ancaman
    • Sumber-Sumber Intelijen Proprietary / Sumber Tertutup
    • Open-Source Intelligence Sources
    • Information Sharing and Analysis Centers (ISACs)
    • Threat Intelligence Sharing
    • Kuis : Explaining the Importance of Security Controls & Security Intelligence
    • Lab : Explaining the Importance of Security Controls & Security Intelligence
  • Modul 2

    Modul 02 : Memanfaatkan Data Ancaman dan Intelegensi

    • Klasifikasi Ancaman dan Tipe Pelaku Ancaman
    • Klasifikasi Ancaman
    • Tipe Pelaku Ancaman
    • Jenis Ancaman Dalam
    • Komoditas Malware dan Zero-Day
    • Advanced Persistent Threat (APT)
    • Manfaatkan Kerangka Serangan dan Manajemen Indikator
    • Penelitian Ancaman
    • Rantai Pembunuhan
    • MITRE ATT&CK Framework
    • The Diamond Model of Intrusion Analysis
    • Ekspresi Informasi Ancaman Terstruktur
    • Trusted Automated eXchange of Indicator Information (TAXII)
    • OpenIOC and MISP
    • Menggunakan Metodologi Pemodelan Ancaman dan Perburuan
    • Pemodelan Ancaman ,Kemampuan Musuh dan Permukaan Serangan
    • Dampak dan Kemungkinan Pemodelan Ancaman
    • Perburuan Ancaman Proaktif
    • Manfaat Pencarian Ancaman Proaktif
    • Intelijen Open Source ( Sumber Terbuka )
    • Google Hacking dan Alat Pencarian
    • Teknik Pembuatan Profil Email dan Media Sosial
    • Teknik Pengambilan DNS dan Situs Web
    • Kuis : Utilizing Threat Data and Intelligence
    • Lab : Utilizing Threat Data and Intelligence
  • Modul 3

    Modul 03 : Menganalisa Data Pemantauan Keamanan

    • Network Forensics Analysis Tools
    • Packet Analysis
    • Protocol Analysis
    • Flow Analysis
    • IP Address and DNS Analysis
    • Uniform Resource Locator (URL) Analysis
    • Firewall Log Review
    • Firewall Configuration Changes
    • Black Holes and Sinkholes
    • Proxy Log Review
    • Web Application Firewall Log Review
    • IDS & IPS Configuration
    • IDS and IPS Log Review
    • IDS and IPS Rule Changes
    • Port Security Configuration Changes
    • Network Access Control (NAC) Configuration Changes
    • Endpoint Data Collection and Analytics Tools
    • Sandboxing for Malware Analysis
    • Reverse Engineering Analysis Methods and Tools
    • Malware Exploit Techniques
    • Known-Good and Anomalous Behavior Analysis
    • Anomalous Behavior Analysis with Process Explorer
    • Anomalous Behavior Analysis with Process Monitor and Autoruns
    • Endpoint Detection and Response Configuration Changes
    • Blacklisting and Whitelisting
    • Email Phishing and Impersonation IoCs
    • Email Message Internet Header Analysis
    • Email Malicious Content Analysis
    • Email Server Security
    • SMTP Log Analysis
    • Email Message Security and Digital Signatures
    • Kuis : Analyzing Security Monitoring Data
    • Lab : Analyzing Security Monitoring Data
  • Modul 4

    Modul 04: Mengumpulkan dan Meminta Data Pemantauan Keamanan

    • Konfigurasikan Tinjauan Log dan Alat SIEM
    • Deployment Security Information and Event Management (SIEM)
    • Pengumpulan Data Keamanan dan Kasus Penggunaan
    • Normalisasi Data Keamanan
    • Log Kejadian
    • syslog
    • Analisa dan Kueri Log dan SIEM Data
    • SIEM Dasbor
    • Metode Analisis dan Deteksi
    • Analisis Tren
    • Menulis Aturan dan Kueri
    • Pencarian String dan Perintah Piping
    • Scripting Tools (Alat Skrip)
    • Kuis : Collecting and Querying Security Monitoring Data
    • Lab : Collecting and Querying Security Monitoring Data
  • Modul 5

    Modul 05: Memanfaatkan Digital Forensik dan Teknik Analisis Indikator

    • Identifikasi Teknik Forensik Digital
    • Analis Forensik Digital
    • Prosedur Forensik Digital
    • Retensi Produk Kerja
    • Akuisisi Data
    • Alat Forensik Digital
    • Akuisisi Gambar Memori Sistem
    • Akuisisi Gambar Disk
    • Hashing
    • Pembuatan Timeline dan Analisis
    • Carving
    • Chain of Custody
    • Menganalisis IoC yang terkait dengan Jaringan
    • Lonjakan lalu lintas dan instrusi DDoS IoCs
    • Instrusi Beaconing IoCs
    • Intrusi Komunikasi Peer-to-Peer yang Tidak Teratur
    • Perangkat jahat dan instrusi Scan/Sweep IoCs
    • Protokol Umum dan Penggunaan Port IOC Nonstandar
    • Port TCP standar
    • Port UDP standar
    • IoC Exfiltration Data
    • Saluran Rahasia (Covert Channels)
    • Menganalisis IOC terkait Host
    • Proses berbahaya IoC
    • Teknik Forensik Memori Digital
    • Memori dan Konsumsi Prosesor IoC
    • Disk dan File Sistem IoC
    • Unauthorized Privilege IoC
    • Unauthorized Software IoC
    • Unauthorized Change/Hardware IoC
    • Persistence IoC
    • Menganalisis Gerakan Lateral dan Pivot IoC
    • Pass the Hash Attack
    • Golden Ticket Attack
    • Teknik Gerakan Lateral Lainnya
    • Teknik Pivoting
    • Kuis : Utilizing Digital Forensics and Indicator Analysis Techniques
    • Lab : Utilizing Digital Forensics and Indicator Analysis Techniques
  • Modul 6

    Modul 06 : Penerapan Prosedur dalam Incident Response

    • Incident Response Phases
    • Documentation of Procedures
    • Data Criticality and Prioritization
    • Communication Plan
    • Reporting Requirements
    • Response Coordination
    • Incident Response Training and Testing
    • The OODA Loop
    • Defensive Capabilities and Courses of Action
    • Incident Detection and Analysis
    • Impact Analysis
    • Incident Security Level Classification
    • Containment Techniques
    • Eradication
    • Recovery
    • Post-Incident Activities
    • Lessons Learned Report
    • Kuis : Applying Incident Response Procedures
    • Lab : Applying Incident Response Procedures
  • Modul 7

    Modul 07 : Penerapan Risk Mitigation dan Security Framework

    • Risk Identification Process
    • Systems Assessment
    • Risk Calculation
    • Business Impact Analysis
    • Risk Prioritization
    • Communication of Risk Factors
    • Training and Exercises
    • Enterprise Security Architecture (ESA)
    • Prescriptive Frameworks
    • Risk-Based Frameworks
    • Audits and Assessments
    • Continuous Monitoring
    • Kuis : Applying Risk Mitigation and Security Frameworks
    • Lab : Applying Risk Mitigation and Security Frameworks
  • Modul 8

    Modul 08 : Menerapkan Manajemen Kerentanan (vulnerability)

    • Enumeration Tools
    • Nmap Discovery Scan Output
    • Nmap Port Scans
    • Nmap Port States
    • Nmap Fingerprinting Scan Output
    • hping
    • Responder
    • Wireless Assessment Tools
    • Hashcat
    • Vulnerability Identification and Asset Criticality
    • Assessment Scan Workflow
    • Mapping/Enumeration and Assessment Scope Considerations
    • Scanner Types
    • Assessment Scan Scheduling and Constraints
    • Special Considerations for Scanning Parameters
    • Vulnerability Feed Configuration
    • Assessment Scan Sensitivity Levels
    • Assessment Scanning Risks
    • Vulnerability Scan Reports
    • Common Identifiers
    • Common Vulnerability Scoring System (CVSS) Metrics
    • Vulnerability Assessment Report Validation
    • Nessus
    • OpenVAS and Qualys
    • Remediation/Mitigation Plans and Risk Acceptance
    • Configuration Baselines
    • System Hardening and Patching
    • Inhibitors to Remediation
    • Kuis : Performing Vulnerability Management
    • Lab : Performing Vulnerability Management
  • Modul 9

    Modul 09 : Menerapkan solusi security dalam Manajemen Infrastruktur

    • Identity and Access Management (IAM) and Account Management
    • Password Policies
    • Single Sign-On (SSO) and Multifactor Authentication
    • Certificate Management
    • Federation
    • Privilege Management
    • IAM Auditing, Monitoring, and Logging
    • Conduct and Use Policies
    • Asset and Change Management
    • Network Architecture
    • Segmentation
    • Demilitarized Zones (DMZs) and Jumpboxes
    • Virtualization and Containerization
    • Virtualization Infrastructure Security Management
    • Honeypots and Active Defense
    • Supply Chain Assessment
    • Hardware Root of Trust
    • Trusted Firmware
    • Secure Processing
    • Vulnerabilities Associated with Mobile
    • Vulnerabilities Associated with Internet of Things (IoT)
    • Vulnerabilities Associated with Embedded Systems
    • Vulnerabilities Associated with Controller Systems
    • Mitigation for Vulnerabilities in Specialized Systems
    • Vulnerabilities Associated with Premises and Vehicular Systems
    • Kuis : Applying Security Solutions for Infrastructure Management
    • Lab : Applying Security Solutions for Infrastructure Management
  • Modul 10

    Modul 10 : Proteksi dan Privasi Data

    • Understanding Data Privacy and Protection
    • Data Classification and Confidentiality
    • Privacy and Legal Requirements
    • Personal Data Processing Policies
    • Data Retention
    • Data Ownership Policies and Roles
    • Data Sharing and Privacy Agreements
    • Access Controls
    • File System Permissions Configuration Changes
    • Encryption
    • Data Loss Prevention (DLP) Configuration Changes
    • DLP Data Discovery and Classification
    • Deidentification Controls
    • Digital Rights Management (DRM) and Watermarking
    • Kuis : Understanding Data Privacy and Protection
    • Lab : Understanding Data Privacy and Protection
  • Modul 11

    Modul 11 : Penerapan Solusi Security untuk Software Assurance

    • Software Development Life Cycle (SDLC) Integration
    • Execution and Escalation Attacks
    • Overflow Attack Types and Vulnerabilities
    • Race Condition Vulnerabilities
    • Improper Error Handling Vulnerabilities
    • Software Design Vulnerabilities
    • Platform-Specific Best Practices
    • Directory Traversal Attacks and Vulnerabilities
    • Cross-Site Scripting Attacks
    • SQL Injection and XML Attacks and Vulnerabilities
    • Secure Coding Best Practices
    • Authentication Attack Types and Best Practices
    • Session Hijacking Attack Types
    • Sensitive Data Exposure and Data Protection
    • Clickjacking
    • Software Assessment Methods
    • Reverse Engineering Tools and Techniques
    • Dynamic Analysis Tools and Techniques
    • Web Application Scanner Output Analysis
    • Burp Suite Output Analysis
    • OWASP Zed Attack Proxy (ZAP) Output Analysis
    • Kuis : Applying Security Solutions for Software Assurance
    • Lab : Applying Security Solutions for Software Assurance
  • Modul 12

    Modul 12 : Menerapkan Security Solution untuk Cloud dan Automation

    • Public Cloud Deployment Model Threats and Vulnerabilities
    • Private Cloud Deployment Model Threats and Vulnerabilities
    • Cloud Service Model Threats and Vulnerabilities
    • Cloud-Based Infrastructure Management
    • Cloud Access Security Broker (CASB)
    • Service-Oriented Architecture (SOA) and Microservices
    • Simple Object Access Protocol (SOAP)
    • Security Assertions Markup Language (SAML)
    • Representational State Transfer (REST)
    • Application Programming Interface (API)
    • Scripting
    • Workflow Orchestration
    • Function as a Service (FaaS)/Serverless Architecture
    • Analisis Output dari Cloud Infrastructure Assessment Tools
    • Ancaman dan Kerentanan Cloud
    • Cloud Infrastructure Assessment Tools
    • ScoutSuite Output Analysis
    • Digital Forensics for Cloud
    • Compare Automation Concepts and Technologies
    • Continuous Integration and Deployment
    • DevSecOps
    • Infrastructure as Code (IaC)
    • Machine Learning
    • Data Enrichment and Malware Signature Creation
    • Security Orchestration, Automation, and Response (SOAR)
    • Kuis : Applying Security Solutions for Cloud and Automation
    • Lab : Applying Security Solutions for Cloud and Automation

Level Menengah
B032021 Siswa
6 Sep. 2021 - 30 Sep. 2021

Kategori

advanced comptia cysa+