CompTIA

CYBR43XX Security Analysis and Vulnerability Assessment

(NGU-SEC-ANALYSIS.AB1) / ISBN : 978-1-64459-999-0
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Goals and Methods
  • Who Should Read This Course?
  • Strategies for Exam Preparation
  • How the Course Is Organized
  • What’s New?
2

The Importance of Threat Data and Intelligence

  • Intelligence Sources
  • Indicator Management
  • Threat Classification
  • Threat Actors
  • Intelligence Cycle
  • Commodity Malware
  • Information Sharing and Analysis Communities
  • Review All Key Topics
  • Review Questions
3

Utilizing Threat Intelligence to Support Organizational Security

  • Attack Frameworks
  • Threat Research
  • Threat Modeling Methodologies
  • Threat Intelligence Sharing with Supported Functions
  • Review All Key Topics
  • Review Questions
4

Vulnerability Management Activities

  • Vulnerability Identification
  • Validation
  • Remediation/Mitigation
  • Scanning Parameters and Criteria
  • Inhibitors to Remediation
  • Review All Key Topics
  • Review Questions
5

Analyzing Assessment Output

  • Web Application Scanner
  • Infrastructure Vulnerability Scanner
  • Software Assessment Tools and Techniques
  • Enumeration
  • Wireless Assessment Tools
  • Cloud Infrastructure Assessment Tools
  • Review All Key Topics
  • Review Questions
6

Threats and Vulnerabilities Associated with Specialized Technology

  • Mobile
  • Internet of Things (IoT)
  • Embedded Systems
  • Real-Time Operating System (RTOS)
  • System-on-Chip (SoC)
  • Field Programmable Gate Array (FPGA)
  • Physical Access Control
  • Building Automation Systems
  • Vehicles and Drones
  • Workflow and Process Automation Systems
  • Incident Command System (ICS)
  • Supervisory Control and Data Acquisition (SCADA)
  • Review All Key Topics
  • Review Questions
7

Threats and Vulnerabilities Associated with Operating in the Cloud

  • Cloud Deployment Models
  • Cloud Service Models
  • Function as a Service (FaaS)/Serverless Architecture
  • Infrastructure as Code (IaC)
  • Insecure Application Programming Interface (API)
  • Improper Key Management
  • Unprotected Storage
  • Logging and Monitoring
  • Review All Key Topics
  • Review Questions
8

Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Attack Types
  • Vulnerabilities
  • Review All Key Topics
  • Review Questions

1

Vulnerability Management Activities

  • Conducting Vulnerability Scanning Using Nessus
2

Analyzing Assessment Output

  • Using Nikto
  • Using OWASP ZAP
  • Inspecting the Vulnerability in the Echo Server's Source Code
  • Performing Reconnaissance on a Network
  • Using the hping Program
  • Identifying Search Options in Metasploit
3

Implementing Controls to Mitigate Attacks and Software Vulnerabilities

  • Scanning the Rootkit
  • Configuring DHCP Snooping
  • Performing a MITM Attack
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Detecting Rootkits
  • Performing ARP Spoofing

Related Courses

All Courses