CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
2h 8mAdvanced2020-11-23
Authors

Mike Chapple
Teaching Professor at the University of Notre Dame
Course details
Review essential incident response concepts and best practices as you study for the CompTIA Cybersecurity Analyst (CySA+) (CS0-002) exam. In this installment of the CySA+ (CS0-002) Cert Prep series, instructor Mike Chapple discusses how to classify threats and assess the impact of cybersecurity incidents as he prepares you for the exam. Mike covers the importance of communication during a cybersecurity incident response effort, the symptoms of an incident in progress, the use of forensic tools, and the incident recovery process. After completing this course, you'll be prepared to tackle the Incident Response domain of the CySA+ (CS0-002) exam.
Skills covered
Incident ResponseCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Incident response
- 02 - What you need to know
- 03 - Study resources
1. Assessing Incidents
- 04 - Identifying and classifying security incidents
- 05 - Threat classification
- 06 - Zero days and the advanced persistent threat
- 07 - Determining incident severity
2. Incident Response Process
- 08 - Build an incident response program
- 09 - Creating an incident response team
- 10 - Incident communications plan
- 11 - Incident identification
- 12 - Escalation and notification
- 13 - Mitigation
- 14 - Containment techniques
- 15 - Incident eradication and recovery
- 16 - Validation
- 17 - Post-incident activities
3. Indicators of Compromise
- 18 - Network symptoms
- 19 - Rogue access points and evil twins
- 20 - Endpoint symptoms
- 21 - Application symptoms
4. Forensic Investigations
- 22 - Conducting investigations
- 23 - Evidence types
- 24 - Introduction to forensics
- 25 - System and file forensics
- 26 - File carving
- 27 - Creating forensic images
- 28 - Digital forensics toolkit
- 29 - Operating system analysis
- 30 - Password forensics
- 31 - Network forensics
- 32 - Software forensics
- 33 - Mobile device forensics
- 34 - Embedded device forensics
- 35 - Chain of custody
- 36 - Ediscovery and evidence production
Conclusion
- 37 - Next steps
Related courses
- CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management
- CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
- CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment
- CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
- CompTIA CySA+ (CS0-002) Cert Prep: 3 Identity and Access Management
- CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
- Exam Tips: CompTIA CySA+ (CS0-002)
- CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003): 4 Reporting and Communication
Related learn paths
- Prepare for the CompTIA Cybersecurity Analyst + (CySA+) (CS0-002) Certification Exam
- Prepare for the CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Certification
- Prepare for the CompTIA Data+ (DA0-001) Exam
- Prepare for the CompTIA IT Fundamentals+ (ITF+) (FC0-U61) Exam
- Prepare for the CompTIA Cloud+ (CV0-002) Exam
- Prepare for the CompTIA A+ (220-1001 and 220-1002) Exams
- Prepare for the CompTIA Network+ (N10-007) Exam
- Prepare for the CompTIA Security+ (SY0-601) Certification Exam