Facebook Pixel
Microsoft Certification Training
Search classes by keyword:
Search classes by category:
Microsoft Certification and Microsoft Training, Cisco Certification and MCSE Certification
CompTIA CySA+ CASP space



CompTIA CySA+ / CASP Certification Training

CompTIA CySA+ / CASP

Course Number: #CED-1387
Course Length: 12 days
Number of Exams: 2
Certifications: CompTIA Cybersecurity Analyst (CySA+)
CompTIA Advanced Security Practitioner (CASP)

Grants (discounts) are available for multiple students for the same or different courses.

Upcoming Dates Class Times Class Format Quote
Call (800) 611-1840 for Class Schedule


CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus at the enterprise level.


CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

Overview

As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics-based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. CompTIA CySA+ is for IT professionals looking to gain the following security analyst skills:

  • Configure and use threat detection tools.
  • Perform data analysis.
  • Interpret the results to identify vulnerabilities, threats and risks to an organization.
CySA+ certified skills are in-demand

Properly trained IT security staff who can analyze, monitor and protect cybersecurity resources are in high demand. The U.S. Bureau of Labor Statistics (BLS) predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.

CySA+ is globally recognized

CompTIA CySA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements.

CySA+ provides substantial earnings potential

A career in information security analysis ranked seventh on U.S. News and World Report's list of the 100 best technology jobs for 2017. According to the Bureau of Labor Statistics, the median pay for an information security analyst is $90,120 per year.

Target Student

The CompTIA CySA+ examination is designed for IT security analysts, vulnerability analysts or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization with the end goal of securing and protecting applications and systems within an organization.

Prerequisite

The CompTIA CySA+ exam is an internationally targeted validation of intermediate-level security skills and knowledge. While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus on IT security analytics.

It is recommended for CompTIA CySA+ certification candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+ or equivalent knowledge

Course Content

Threat Management
  • Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
  • Given a scenario, analyze the results of a network reconnaissance.
  • Given a network-based threat, implement or recommend the appropriate response and countermeasure.
  • Explain the purpose of practices used to secure a corporate environment.
Vulnerability Management
  • Given a scenario, implement an information security vulnerability management process.
  • Given a scenario, analyze the output resulting from a vulnerability scan.
  • Compare and contrast common vulnerabilities found in the following targets within an organization.
Cyber Incident Response
  • Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
  • Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
  • Explain the importance of communication during the incident response process.
  • Given a scenario, analyze common symptoms to select the best course of action to support incident response.
  • Summarize the incident recovery and post-incident response process.
Security Architecture and Tool Sets
  • Explain the relationship between frameworks, common policies, controls, and procedures.
  • Given a scenario, use data to recommend remediation of security issues related to identity and access management.
  • Given a scenario, review security architecture and make recommendations to implement compensating controls.
  • Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
  • Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

[ back to top ]

CompTIA Advanced Security Practitioner (CASP)

The CompTIA Advanced Security Practitioner (CASP) CAS-003 certification is a vendor-neutral credential.

The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge.

The CASP exam will certify the successful candidate has the technical knowledge and skills required to:

  • Conceptualize, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise
  • Apply critical thinking and judgment across a broad spectrum of security disciplines to propose, implement and advocate sustainable security solutions that map to organizational strategies, balance security requirements with business/regulatory requirements, analyze risk impact and respond to security incidents

The CASP certification is aimed at IT security professionals who have:

  • A minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience
  • The following recommended prerequisites: CompTIA Network+, Security+, CySA+ or equivalent experience

1.0 Risk Management

Summarize business and industry influences and associated security risks.
  • Risk management of new products, new technologies and user behaviors
  • New or changing business models/strategies
  • Security concerns of integrating diverse industries
  • Internal and external influences
  • Impact of de-perimeterization (e.g., constantly changing network boundary
Compare and contrast security, privacy policies and procedures based on organizational requirements.
  • Policy and process life cycle management
  • Support legal compliance and advocacy by partnering with human resources, legal, management and other entities
  • Understand common business documents to support security
  • Research security requirements for contracts
  • Understand general privacy principles for sensitive information
  • Support the development of policies containing standard security practices
Given a scenario, execute risk mitigation strategies and controls.
  • Categorize data types by impact levels based on CIA
  • Incorporate stakeholder input into CIA impact-level decisions
  • Determine minimum-required security controls based on aggregate score
  • Select and implement controls based on CIA requirements and organizational policies
  • Extreme scenario planning/ worst-case scenario
  • Conduct system-specific risk analysis
  • Make risk determination based upon known metrics
  • Translate technical risks in business terms
  • Recommend which strategy should be applied based on risk appetite
  • Risk management processes
  • Continuous improvement/monitoring
  • Business continuity planning
  • IT governance
  • Enterprise resilience
Analyze risk metric scenarios to secure the enterprise.
  • Review effectiveness of existing security controls
  • Reverse engineer/deconstruct existing solutions
  • Creation, collection and analysis of metrics
  • Prototype and test multiple solutions
  • Create benchmarks and compare to baselines
  • Analyze and interpret trend data to anticipate cyber defense needs
  • Analyze security solution metrics and attributes to ensure they meet business needs
  • Use judgment to solve problems where the most secure solution is not feasible

2.0 Enterprise Security Architecture

Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
  • Physical and virtual network and security devices
  • Application and protocol-aware technologies
  • Advanced network design (wired/wireless)
  • Complex network security solutions for data flow
  • Secure configuration and baselining of networking and security components
  • Software-defined networking
  • Network management and monitoring tools
  • Advanced configuration of routers, switches and other network devices
  • Security zones
  • Network access control
  • Network-enabled devices
  • Critical infrastructure
Analyze a scenario to integrate security controls for host devices to meet security requirements.
  • Trusted OS (e.g., how and when to use it)
  • Endpoint security software
  • Host hardening
  • Boot loader protections
  • Vulnerabilities associated with hardware
  • Terminal services/application delivery services
Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
  • Enterprise mobility management
  • Security implications/privacy concerns
  • Wearable technology
Given software vulnerability scenarios, select appropriate security controls.
  • Application security design considerations
  • Specific application issues
  • Application sandboxing
  • Secure encrypted enclaves
  • Database activity monitor
  • Web application firewalls
  • Client-side processing vs. server-side processing
  • Operating system vulnerabilities
  • Firmware vulnerabilities

3.0 Enterprise Security Operations

Given a scenario, conduct a security assessment using the appropriate methods.
  • Methods
  • Types
Analyze a scenario or output, and select the appropriate tool for a security assessment.
  • Network tool types
  • Host tool types
  • Physical security tools
Given a scenario, implement incident response and recovery procedures.
  • E-discovery
  • Data breach
  • Facilitate incident detection and response
  • Incident and emergency response
  • Incident response support tools
  • Severity of incident or breach
  • Post-incident response

4.0 Technical Integration of Enterprise Security

Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
  • Adapt data flow security to meet changing business needs
  • Standards
  • Interoperability issues
  • Resilience issues
  • Data security considerations
  • Resources provisioning and deprovisioning
  • Design considerations during mergers, acquisitions and demergers/divestitures
  • Network secure segmentation and delegation
  • Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
  • Security and privacy considerations of storage integration
  • Security implications of integrating enterprise applications
Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
  • Technical deployment models (outsourcing/insourcing/ managed services/partnership)
  • Security advantages and disadvantages of virtualization
  • Cloud augmented security services
  • Vulnerabilities associated with comingling of hosts with different security requirements
  • Data security considerations
  • Resources provisioning and deprovisioning
Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
  • Authentication
  • Authorization
  • Attestation
  • Identity proofing
  • Identity propagation
  • Federation
  • Trust models
Given a scenario, implement cryptographic techniques.
  • Techniques
  • Implementations
Given a scenario, select the appropriate control to secure communications and collaboration solutions.
  • Remote access
  • Unified collaboration tools

5.0 Research, Development and Collaboration

Given a scenario, apply research methods to determine industry trends and their impact to the enterprise.
  • Perform ongoing research
  • Threat intelligence
  • Research security implications of emerging business tools
  • Global IA industry/community
Given a scenario, implement security activities across the technology life cycle.
  • Systems development life cycle
  • Software development life cycle
  • Adapt solutions to address
  • Asset management (inventory control)
Explain the importance of interaction across diverse business units to achieve security goals.
  • Interpreting security requirements and goals to communicate with stakeholders from other disciplines
  • Provide objective guidance and impartial recommendations to staff and senior management on security processes and controls
  • Establish effective collaboration within teams to implement secure solutions
  • Governance, risk and compliance committee

[ back to top ]


CED Solutions is your best choice for CompTIA CySA+ CASP, CompTIA CySA+ CASP training, CompTIA CySA+ CASP certification, CompTIA CySA+ CASP boot camp, CompTIA CySA+ CASP certification training, CompTIA CySA+ CASP certification course, CompTIA CySA+ CASP course, CompTIA CySA+ CASP class.



CompTIA CySA+ CASP space
Search classes by keyword:
Search classes by category:


Copyright © 2018 CED Solutions. CED Solutions Refund Policy. All Rights Reserved.