The CompTIA CySA+ Boot Camp is a comprehensive five-day training that teaches you the knowledge and skills required to configure and use the latest industry-standard threat detection tools. Throughout the cybersecurity program, you will learn how to perform data analysis to identify vulnerabilities and expose cyber threats — with the ultimate goal of helping organizations protect and secure their applications and systems.
You will leave with the required knowledge to pass your CySA+ exam, including its five domains: threat and vulnerability management, software and systems security, security operations and monitoring, incident response, and compliance and assessment. You will also possess the behavioral analytics skills needed to provide increased visibility into cyber threats and stand out as a cybersecurity analyst.
You will receive an exam voucher for the CompTIA CySA+ certification exam with your enrollment.
Our Certification Success Program, paired with our provided prep materials, boot camp sessions, and post-work, is designed to ease any concerns you may have when taking the certification exam. If your first attempt is unsuccessful, this program provides peace of mind that you may be eligible to take the certification exam a second time (if needed) at no additional fee.
*To qualify for a second certification exam voucher, students must:
- Attend at least 85% of each day of class
- Score a 90% or higher on their final practice exam
- Take the first exam within 90 days of class completion
- Upload your exam failure notice from your first exam attempt
Instructor(s):Boot camps are led by instructors that have years of industry experience and are recognized as subject matter experts
Requirements:
Hardware Requirements:
- This course can be taken on either a PC, Mac, or Chromebook.
- A microphone.
- Speakers.
- Webcam.
Software Requirements:
- PC: Windows 7 or later.
- Mac: macOS 10.7 or later.
- Browser: The latest version of Google Chrome or Mozilla Firefox is preferred. Microsoft Edge and Safari are also compatible.
- Microsoft Word Online.
- Adobe Acrobat Reader.
- Zoom Meetings.
- Software must be installed and fully operational before the course begins.
Other:
- Email capabilities and access to a personal email account.
Instructional Material Requirements:
The student materials required for this course are included in enrollment and will be available online.
Hide Syllabus
Lesson 1
- Threat and Vulnerability Management
- Explain the importance of threat data and intelligence
- Intelligence sources
- Confidence levels
- Indicator management
- Threat classification
- Threat actors
- Intelligence cycle
- Commodity malware
- Information sharing and analysis communities
- Given a scenario, utilize threat intelligence to support organizational security
- Attack frameworks
- Threat research
- Threat modeling methodologies
- Threat intelligence sharing with supported functions
- Given a scenario, perform vulnerability management activities
- Vulnerability identification
- Validation
- Remediation/Mitigation
- Scanning parameters and criteria
- Given a scenario, analyze the output from common vulnerability assessment tools
- Web application scanner
- Infrastructure vulnerability scanner
- Software assessment tools and techniques
- Enumeration
- Wireless assessment tools
- Cloud infrastructure assessment tools
- Explain the threats and vulnerabilities associated with specialized technology
- Mobile
- Internet of Things (IoT)
- Embedded
- Real-time operating system (RTOS)
- System-on-Chip (SoC)
- Field programmable gate array (FPGA)
- Physical access control
- Building automation systems
- Vehicles and drones
- Workflow and process automation systems
- Industrial control system
- Supervisory control and data acquisition (SCADA)
- Explain the threats and vulnerabilities associated with operating in the cloud
- Cloud service models
- Cloud deployment models
- Function as a Service (FaaS)/serverless architecture
- Infrastructure as code (IaC)
- Insecure application programming interface (API)
- Improper key management
- Unprotected storage
- Logging and monitoring
- Given a scenario, implement controls to mitigate attacks and software vulnerabilities
- Attack types
- Vulnerabilities
- Software and Systems Security
- Given a scenario, apply security solutions for infrastructure management
- Cloud vs. on-premises
- Asset management
- Segmentation
- Network architecture
- Change management
- Virtualization
- Containerization
- Identity and access management
- Cloud access security broker (CASB)
- Honeypot
- Monitoring and logging
- Encryption
- Certificate management
- Active defense
- Explain software assurance best practices
- Platforms
- Software development life cycle (SDLC) integration
- DevSecOps
- Software assessment methods
- Secure coding best practices
- Static analysis tools
- Dynamic analysis tools
- Formal methods for verification of critical software
- Service-oriented architecture
- Markup Language (SAML)
- Explain hardware assurance best practices
- Hardware root of trust
- Unified Extensible Firmware Interface (UEFI)
- Trusted foundry
- Secure processing
- Anti-tamper
- Self-encrypting drive
- Trusted firmware updates
- Measured boot and attestation
- Bus encryption
- Security Operations and Monitoring
- Given a scenario, analyze data as part of security monitoring activities
- Heuristics
- Trend analysis
- Endpoint
- Network
- Log review
- Impact analysis
- Security information and event management (SIEM) review
- Query writing
- Email analysis
- Given a scenario, implement configuration changes to existing controls to improve security
- Permissions
- Allowlisting
- Denylisting
- Firewall
- Intrusion prevention system (IPS) rules
- Data loss prevention (DLP)
- Endpoint detection and response (EDR)
- Network access control (NAC)
- Sinkholing
- Malware signatures
- Sandboxing
- Port security
- Explain the importance of proactive threat hunting
- Establishing a hypothesis
- Profiling threat actors and activities
- Threat hunting tactics
- Reducing the attack surface area
- Bundling critical assets
- Attack vectors
- Integrated intelligence
- Improving detection capabilities
- Compare and contrast automation concepts and technologies
- Workflow orchestration
- Scripting
- Application programming interface (API) integration
- Automated malware signature creation
- Data enrichment
- Threat feed combination
- Machine learning
- Use of automation protocols and standards
- Continuous integration
- Continuous deployment/delivery
- Incident Response
- Explain the importance of the incident response process
- Communication plan
- Response coordination with relevant entities
- Factors contributing to data criticality
- Given a scenario, apply the appropriate incident response procedure
- Preparation
- Detection and analysis
- Containment
- Eradication and recovery
- Post-incident activities
- Given an incident, analyze potential indicators of compromisee
- Network-related
- Host-related
- Application-related
- Given a scenario, utilize basic digital forensics techniques
- Network
- Endpoint
- Mobile
- Cloud
- Virtualization
- Legal hold
- Procedures
- Hashing
- Carving
- Data acquisition
- Compliance and Assessment
- Understand the importance of data privacy and protection
- Privacy vs. security
- Non-technical controls
- Technical controls
- Given a scenario, apply security concepts in support of organizational risk mitigation
- Business impact analysis
- Risk identification process
- Risk calculation
- Communication of risk factors
- Risk prioritization
- Systems assessment
- Documented compensating controls
- Training and exercises
- Supply chain assessment
- Explain the importance of frameworks, policies, procedures and controls
- Frameworks
- Policies and procedures
- Category
- Control type
- Audits and assessments
Hide Syllabus