CS0-002 - CompTIA Cybersecurity Analyst+: Threat Monitoring


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

In this course, you'll learn about centralized monitoring for on-premises and cloud solutions and how this results in the timely response to business disruptions and highlights indicators of compromise. You'll examine continuous monitoring, log types, cloud logging and auditing, centralized Linux logging, Windows event log filtering, and cloud alarms. You'll also learn about the OSI model, network traffic analysis, filtering captured network traffic, e-mail monitoring, honeypots, and SIEM. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) certification exam CS0-002.



Expected Duration (hours)
1.2

Lesson Objectives

CS0-002 - CompTIA Cybersecurity Analyst+: Threat Monitoring

  • discover the key concepts covered in this course
  • link continuous monitoring with quick security incident response times
  • describe the relevance of common log types
  • view cloud-based audit events
  • send Linux log events to a centralized logging host
  • filter Windows logs to show only relevant log entries
  • configure a cloud-based alarm when a VM CPU usage threshold is exceeded
  • list how the 7 layers of the OSI model relate to communications hardware and software
  • describe common items to look out for when analyzing network traffic
  • filter captured network traffic
  • list common items to look out for when monitoring an e-mail ecosystem
  • recognize where honeypots can be used to monitor malicious activity
  • recognize how SIEM provides centralized security event monitoring and management
  • recognize how to filter out noise to identify suspicious activity
  • summarize the key concepts covered in this course

    • Course Number:
    it_cscysa20_08_enus

    Expertise Level
    Intermediate