CySA+: Incident Response Competency (Intermediate Level)

Topics covered

• compare baseline and current scans to identify changes
• describe how an incident response plan is created and what to include in it, including planning scenarios and recovery objectives
• describe how incident response is managed across various enterprise organizations, providing examples of cases where incident response policies are managed
• describe the incident phases that an incident policy must address and the six stages in an incident response policy
• describe the tools available in incident response strategies including the three As in incident response and the OODA Loop
• describe what is meant by each one of the 'three Cs' of incident management (coordinate, communicate, and control)
• download and install an exploitable VM
• explore the metasploit framework
• recognize how Metasploit fits into penetration testing
• recognize how pen testing identifies and exploits security weaknesses
• recognize how vulnerability scanning identifies security weaknesses
• recognize the best practices for handling managed incidents
• recognize the importance of incident response planning and the characteristics of incidence response plans
• restate the duties of the prominent job roles involved in incident response (Incident Commander, Communications Lead, and Operations Lead) as well as those of other, supporting roles
• run a Nessus vulnerability scan
• run an Nmap network scan
• summarize the requirements, goals, best practices, job roles, and tools involved in managing and responding to incidents
• use a variety of metasploit scanning and exploit techniques
• use the hping tool to generate network SYN flood traffic
• view vulnerability scan results