It is crucial to understand what is happening behind the scenes in your company’s network and computer systems when it comes to security. This information provides valuable insights into the threats that you face and the information you need in order to quickly and efficiently address security issues as they arise. It is vital to be proactive when it comes down to protecting your assets. Cybersecurity Analysts must be vigilant and perform security operations to prevent data breaches and cyber-attacks.
CompTIA Cybersecurity Analyst+ certification (CySA+), requires that you know how to use tools to monitor activities. This will allow you to observe what’s happening and what apps and users are doing. There are many tools available to help you do this.
Domains of CySA+
Domain 1: Threat and vulnerability management (22%)
Domain 2: Software and Systems Security (18%)
Domain 3: Security Operations and Monitoring (25%).
Domain 4: Incident Response (22%)
Domain 5: Compliance Assessment and Assessment (13%)
This article provides an overview of CompTIA CySA+ Domain 3 Security Operations and Monitoring.
CompTIA CySA+ Domain 3. Security Operations and Monitoring
Security Operations and Monitoring is the third domain of CompTIA CySA+ certification exam. The domain has 25% weightage. The domain contains 25% weightage. You will learn the basics of security monitoring, how you can set up and monitor different types of nodes/systems on your network, as well as how to configure multiple security technologies that will help protect your system, devices and applications from attackers. The third domain of the CySA+ certificate will teach you how to effectively protect your resources through configuring them and monitoring Indicators of Compromise. You will be able to use this domain to learn how to better protect your resources and what Indicators should you be monitoring.
The following subtopics are covered in the third domain of CompTIA CySA+ certification exam:
Analyze the data to determine if security monitoring activities are being carried out in this scenario
To improve security, make configuration changes to existing controls in the given scenario.
Explain the importance of proactive threat hunting
Compare and contrast different automation concepts and technologies
1. This section explains how to analyze data in security monitoring activities. Security monitoring activities generate a lot of data. Understanding the data formats you see is important to recognize data types and actions that indicate malicious activity. This will help you determine what is significant and what not. This section will discuss heuristics and trend analysis, impact analysis and Security Information and Event Management, (SIEM), review, email analysis and query writing as part security monitoring tasks.
2. Implement configuration changes to existing controls in order to improve security. This section will cover concepts such as firewall setup, data loss prevention and endpoint detection and response. It will also discuss how to modify existing controls to improve security. All aspects of permissions, allow lists and blocklists, firewalls and Intrusion Prevention System rules (IPS), Data Loss Prevention and Response (EDR), sinkholing and malware signatures, sandboxing and port security will be covered.
3. This section will explain the importance of proactive threat hunting. Threat hunting is a proactive security check of networks, endpoints and datasets for suspicious or malicious actions that have evaded detection systems. This method will instruct your security team about where to look and what you should be looking for. They can spot emerging issues and make recommendations.