Description
Review incident response concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about classifying security incidents, conducting investigations, and more.
Tags
Syllabus
Syllabus IntroductionIncident responseWhat you need to knowStudy resources1. Assessing IncidentsIdentifying and classifying security incidentsThreat classificationZero days and the advanced persistent threatDetermining incident severity2. Incident Response ProcessBuild an incident response programCreating an incident response teamIncident communications planIncident identificationEscalation and notificationMitigationContainment techniquesIncident eradication and recoveryValidationPost-incident activities3. Indicators of CompromiseNetwork symptomsRogue access points and evil twinsEndpoint symptomsApplication symptoms4. Forensic InvestigationsConducting investigations Evidence typesIntroduction to forensicsSystem and file forensics File carvingCreating forensic imagesDigital forensics toolkitOperating system analysisPassword forensicsNetwork forensicsSoftware forensicsMobile device forensicsEmbedded device forensicsChain of custodyEdiscovery and evidence productionConclusionNext steps Read more
Related Books
![](https://d3f1iyfxxz8i1e.cloudfront.net/courses/course_image/fb39d7828ca4.jpeg)
CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
-
Provider