CompTIA

CYB-400 Cybersecurity Operations Incident Response & Digital Forensics

(AIUS-CYB-400-V2.AE2)
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Security Operations 

  • Cybersecurity Objectives
  • Privacy vs. Security
  • Evaluating Security Risks
  • Building a Secure Network
  • Secure Endpoint Management
  • Penetration Testing
  • Reverse Engineering
  • Efficiency and Process Improvement
  • The Future of Cybersecurity Analytics
  • Infrastructure Concepts and Design
  • Operating System Concepts
  • Logging, Logs, and Log Ingestion
  • Network Architecture
  • Identity and Access Management
  • Federation
  • Encryption and Sensitive Data Protection
  • Analyzing Network Events
  • Investigating Host-Related Issues
  • Investigating Service- and Application-Related Issues
  • Determining Malicious Activity Using Tools and Techniques
2

Threat Intelligence, Reconnaissance and Intelligence Gathering

  • Threat Data and Intelligence
  • Threat Classification
  • Applying Threat Intelligence Organizationwide
  • Mapping, Enumeration, and Asset Discovery
  • Passive Discovery
3

Vulnerability Scans Management

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Developing a Remediation Workflow
  • Overcoming Risks of Vulnerability Scanning
  • Vulnerability Assessment Tools
  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
4

Incident Response and Management

  • Analyzing Risk
  • Managing Risk
  • Implementing Security Controls
  • Threat Classification
  • Managing the Computing Environment
  • Software Assurance Best Practices
  • Designing and Coding for Security
  • Software Security Testing
  • Policies, Governance, and Service Level Objectives
  • Security Incidents
  • Phases of Incident Response
  • Building the Foundation for Incident Response
  • Creating an Incident Response Team
  • Classifying Incidents
  • Attack Frameworks
  • Indicators of Compromise
  • Investigating IoCs
  • Evidence Acquisition and Preservation
5

Reporting and Communication

  • Containing the Damage
  • Incident Eradication and Recovery
  • Validating Data Integrity
  • Wrapping Up the Response
  • Vulnerability Management Reporting and Communication
  • Incident Response Reporting and Communication
  • Building a Forensics Capability
  • Understanding Forensic Software
  • Conducting Endpoint Forensics
  • Network Forensics
  • Cloud, Virtual, and Container Forensics
  • Post-Incident Activity and Evidence Acquisition
  • Forensic Investigation: An Example

1

Security Operations 

  • Creating a Firewall Rule
  • Setting Up a Honeypot on Kali Linux
  • Enforcing Password Policies
  • Installing Docker
  • Exporting the Windows File Registry
  • Installing the AD FS Role
  • Examining PKI Certificates
  • Performing a DoS Attack with the SYN Flood
  • Confirming the Spoofing Attack in Wireshark
  • Using Performance Monitor
  • Performing a Memory-Based Attack
  • Using Social Engineering Techniques to Plan an Attack
  • Capturing a Packet Using Wireshark
  • Examining Audited Events
  • Enabling Logging for Audited Objects
  • Using TCPdump to Capture Packets
  • Analyzing Malware Using VirusTotal
  • Using Command-line Tools
2

Threat Intelligence, Reconnaissance and Intelligence Gathering

  • Using the hping Program
  • Scanning the Local Network
  • Performing an Intense Scan in Zenmap
  • Using Shodan to Find Webcams
  • Using Recon-ng to Gather Information
  • Identifying Search Options in Metasploit
  • Performing Reconnaissance on a Network
  • Footprinting a Website
  • Using the whois Program
  • Using nslookup for Passive Reconnaissance
  • Making Syslog Entries Readable
  • Using the netstat Command
  • Performing Zone Transfer Using dig
3

Vulnerability Scans Management

  • Using OWASP ZAP
  • Consulting a Vulnerability Database
  • Conducting Vulnerability Scanning Using Nessus
  • Using Nikto
  • Performing Vulnerability Scanning Using OpenVAS
  • Performing Session Hijacking Using Burp Suite
  • Detecting Rootkits
  • Exploiting LFI and RFI Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Conducting CSRF Attacks
  • Defending Against a Buffer Overflow Attack
  • Understanding Local Privilege Escalation
  • Performing a MITM Attack
  • Attacking a Website Using XSS Injection
4

Incident Response and Management

  • Examining MITRE ATT&CK
  • Creating a Forensic Image with FTK Imager
5

Reporting and Communication

  • Using EnCase Imager
  • Observing an MD5-Generated Hash Value
  • Observing a SHA256-Generated Hash Value
  • Analyzing Forensics with Autopsy
  • Cracking Passwords Using Cain and Abel
  • Finding Hard Drives on the System
  • Completing the Chain of Custody

Related Courses

All Courses