{"id":380,"date":"2019-01-24T08:00:35","date_gmt":"2019-01-24T14:00:35","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=380"},"modified":"2019-01-19T10:15:00","modified_gmt":"2019-01-19T16:15:00","slug":"comptia-cysa-objective-3-5","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/","title":{"rendered":"CompTIA CySA+ Objective 3.5"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Summarize the incident recovery and post-incident response process. <\/p><cite>CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 <\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Containment Techniques<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Segmentation<\/h4>\n\n\n\n<p>Segmentation involves limiting the scope of an incident by instituting barriers to prevent it from spreading to other parts of the network. At Layer 3, ACLs and shutting down interfaces may be an option. At Layer 2 VLANs and PVLANs along with port security can isolate the event. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Isolation<\/h4>\n\n\n\n<p>Isolation is implemented by blocking traffic to a device. Usually this involves shutting down interfaces. This may not scale if multiple hosts are involved, but is very effective for a few devices.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Removal<\/h4>\n\n\n\n<p>Another option is to shut down the affected devices. This is not always advisable as digital forensics in RAM may be lost.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Reverse Engineering<\/h4>\n\n\n\n<p>Reverse engineering can be used to retrace what happened during an incident. Logs and other clues can help figure out what the malware did. <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Disassembly:<\/strong> Using specialized tools and knowledge the malware can be analyzed operation by operation.<\/li><li><strong>Decompiling:<\/strong> Attempt at reconstructing the high-level code for the application.<\/li><li><strong>Debugging:<\/strong> Step through the code interactively using either a kernel debugger (driver level with direct kernel access) or a <g class=\"gr_ gr_7 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace\" id=\"7\" data-gr-id=\"7\">usermode<\/g> debugger.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Eradication Techniques<\/h3>\n\n\n\n<p>After the threat is contained, it must be removed or eradicated. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Sanitization<\/h4>\n\n\n\n<p>Remove all traces of the threat by overwriting the drive multiple times. With solid state drives, vendors often provide commands to erase the drive data, but security analysts should research to make sure they are effective.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Reconstruction\/Reimage<\/h4>\n\n\n\n<p>After a device is sanitized, the system must be rebuilt. This can either be done by reinstallation of the OS and applications or by using a backup image of the device. Imaging is faster because all of the configuration work is already done.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Secure Disposal<\/h4>\n\n\n\n<p>Sometimes it may be decided to dispose of a device or its storage instead of sanitizing and reusing the device. Disposal needs to be done in a secure manner.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Clearing: <\/strong>Remove the data from the device in a way that cannot be reconstructed using normal file recovery techniques.<\/li><li><strong>Purging:<\/strong> Make the data unreadable even with advanced techniques.<\/li><li><strong>Destruction:<\/strong> Destroy the media using degaussing and physical destruction.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Once a threat is contained and remediated steps must be taken to ensure that the systems are back to a normal secure state.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Patching<\/h4>\n\n\n\n<p>Any missing security patches found during the incident need to be implemented. This includes OS patches, application patches and infrastructure firmware patches.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Permissions<\/h4>\n\n\n\n<p>All permissions that may have been changed by the attacker must be reviewed. In addition the attack may indicate a need to change some permissions as well to prevent a future attack.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Scanning<\/h4>\n\n\n\n<p>An updated vulnerability scan after the event should be made to ensure that everything has been patched and mitigated.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Verify Logging\/Communication to Security Monitoring<\/h4>\n\n\n\n<p>Make sure that all logs and telemetry data is properly going to a central SIEM or other system. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Corrective Actions<\/h3>\n\n\n\n<p>Lessons learned during the security incident might require changes to the environment.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Lessons Learned Report<\/h4>\n\n\n\n<p>The first step to corrective actions is to create a lessons learned report. This report lists and discusses what is known about the attack or the environment that was not known before. The report should answer the questions below.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>What went right and what went wrong?<\/li><li>How can we improve?<\/li><li>What needs to be changed?<\/li><li>What was the cost of the incident?<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Change Control Process<\/h4>\n\n\n\n<p>Changes that are indicated by the Lessons Learned Report still should be put through standard change control. A corporation may determine a &#8220;fast-track&#8221; within their process for time sensitive changes.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Update Incident Response Plan<\/h4>\n\n\n\n<p>The lessons learned may also uncover issues with the IR plan. If found, the plan should be updated with any needed changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Incident Summary Report<\/h3>\n\n\n\n<p>All stakeholders should receive a document summarizing the event. It should not be technical, and should include the following highlights.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>When the problem was detected and by whom.<\/li><li>The scope of the incident.<\/li><li>How it was contained and eradicated.<\/li><li>What work was performed during the recovery phase?<\/li><li>What areas did the Cyber Incident Response Team (CIRT) prove effective.<\/li><li>What areas need improvement.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Summarize the incident recovery and post-incident response process. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Containment Techniques Segmentation Segmentation involves limiting the scope of an incident by instituting barriers to prevent it from spreading to other parts of the network. At Layer 3, ACLs and shutting down interfaces may be an option. At [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":381,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CompTIA CySA+ Objective 3.5 Study Notes #comptia #cysa+ #ciscochampion","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,31,95],"tags":[90,91],"class_list":["post-380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-certification","category-cysa","tag-certification","tag-cysa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CompTIA CySA+ Objective 3.5 -<\/title>\n<meta name=\"description\" content=\"Incident response planning and execution is a key part of keeping an enterprise secure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CompTIA CySA+ Objective 3.5 -\" \/>\n<meta property=\"og:description\" content=\"Incident response planning and execution is a key part of keeping an enterprise secure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-24T14:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i2.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CompTIA CySA+ Objective 3.5\",\"datePublished\":\"2019-01-24T14:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/\"},\"wordCount\":685,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1\",\"keywords\":[\"certification\",\"cysa+\"],\"articleSection\":[\"Blog\",\"Certification\",\"CySA+\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/\",\"name\":\"CompTIA CySA+ Objective 3.5 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1\",\"datePublished\":\"2019-01-24T14:00:35+00:00\",\"description\":\"Incident response planning and execution is a key part of keeping an enterprise secure.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1\",\"width\":640,\"height\":426,\"caption\":\"Photo by kat wilcox from Pexels\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/24\\\/comptia-cysa-objective-3-5\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CompTIA CySA+ Objective 3.5\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CompTIA CySA+ Objective 3.5 -","description":"Incident response planning and execution is a key part of keeping an enterprise secure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/","og_locale":"en_US","og_type":"article","og_title":"CompTIA CySA+ Objective 3.5 -","og_description":"Incident response planning and execution is a key part of keeping an enterprise secure.","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-01-24T14:00:35+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/i2.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CompTIA CySA+ Objective 3.5","datePublished":"2019-01-24T14:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/"},"wordCount":685,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","keywords":["certification","cysa+"],"articleSection":["Blog","Certification","CySA+"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/","name":"CompTIA CySA+ Objective 3.5 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","datePublished":"2019-01-24T14:00:35+00:00","description":"Incident response planning and execution is a key part of keeping an enterprise secure.","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","width":640,"height":426,"caption":"Photo by kat wilcox from Pexels"},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/24\/comptia-cysa-objective-3-5\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CompTIA CySA+ Objective 3.5"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-923681.jpeg?fit=640%2C426&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-68","jetpack-related-posts":[{"id":371,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/22\/comptia-cysa-objective-3-3\/","url_meta":{"origin":380,"position":0},"title":"CompTIA CySA+ Objective 3.3","author":"Ben Story","date":"January 22, 2019","format":false,"excerpt":"Explain the importance of communication during the incident response process. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Communication is important during an incident response. The stakeholders and types of communication need to be defined before an incident. Stakeholders Human Resources HR should provide the following responsibilities in reference\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"communication","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":465,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/26\/comptia-cysa-objective-4-5\/","url_meta":{"origin":380,"position":1},"title":"CompTIA CySA+ Objective 4.5","author":"Ben Story","date":"February 26, 2019","format":false,"excerpt":"Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 So this objective is more of a laundry list than anything else. I would suggest going through the list of tools and familiarize yourself with what\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":374,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/23\/comptia-cysa-objective-3-4\/","url_meta":{"origin":380,"position":2},"title":"CompTIA CySA+ Objective 3.4","author":"Ben Story","date":"January 23, 2019","format":false,"excerpt":"Given a scenario, analyze common symptoms to select the best course of action to support incident response. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Common Network-Related Symptoms Bandwidth consumption: It is important to have a baseline before an incident to know what is normal on the network. Deviation\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by rawpixel.com from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":159,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/01\/comptia-cysa-cs0-001\/","url_meta":{"origin":380,"position":3},"title":"CompTIA CySA+ CS0-001","author":"Ben Story","date":"January 1, 2019","format":false,"excerpt":"Security has always been an important component in being a Network Engineer.\u00a0 Today's Internet of Things (IoT) and the growing number of cyber attacks has made it even more crucial.\u00a0 Because of this, I've decided to go back into the Security realm of certification coursework and exams.\u00a0 It has been\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Security","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":165,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/14\/comptia-cysa-objective-2-2\/","url_meta":{"origin":380,"position":4},"title":"CompTIA CySA+ Objective 2.2","author":"Ben Story","date":"January 14, 2019","format":false,"excerpt":"Given a scenario, analyze the output resulting from a vulnerability scan.CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Analyze Reports from a Vulnerability Scan The data from a vulnerability scan must be interpreted and analyzed to turn it into usable and actionable information.\u00a0 One of the first parts of\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Microscope","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":422,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/30\/comptia-cysa-test\/","url_meta":{"origin":380,"position":5},"title":"CompTIA CySA+ &#8211; The Test","author":"Ben Story","date":"January 30, 2019","format":false,"excerpt":"Nothing happens until something moves.Albert Einstein After studying for about 3 months, 1 month intensively, I sat for the CompTIA CySA+ exam today. For those of you going, \"Wait, he hasn't finished his blog posts on all of the objectives,\" relax, they're still in the works. So here are my\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Test Chalkboard","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=380"}],"version-history":[{"count":0,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/380\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/381"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}