CySA+: Incident Response Competency (Intermediate Level)

  • 20m
  • 20 questions
The CySA+: Incident Response Competency benchmark will measure your ability to recognize key terms and concepts related to incident response. You will be evaluated on network scanning, traffic analysis, emergency incident response, and policy and governance. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key incident response terminology and concepts.

Topics covered

  • compare baseline and current scans to identify changes
  • describe how an incident response plan is created and what to include in it, including planning scenarios and recovery objectives
  • describe how incident response is managed across various enterprise organizations, providing examples of cases where incident response policies are managed
  • describe the incident phases that an incident policy must address and the six stages in an incident response policy
  • describe the tools available in incident response strategies including the three As in incident response and the OODA Loop
  • describe what is meant by each one of the 'three Cs' of incident management (coordinate, communicate, and control)
  • download and install an exploitable VM
  • explore the metasploit framework
  • recognize how Metasploit fits into penetration testing
  • recognize how pen testing identifies and exploits security weaknesses
  • recognize how vulnerability scanning identifies security weaknesses
  • recognize the best practices for handling managed incidents
  • recognize the importance of incident response planning and the characteristics of incidence response plans
  • restate the duties of the prominent job roles involved in incident response (Incident Commander, Communications Lead, and Operations Lead) as well as those of other, supporting roles
  • run a Nessus vulnerability scan
  • run an Nmap network scan
  • summarize the requirements, goals, best practices, job roles, and tools involved in managing and responding to incidents
  • use a variety of metasploit scanning and exploit techniques
  • use the hping tool to generate network SYN flood traffic
  • view vulnerability scan results