{"id":426,"date":"2019-02-06T10:20:09","date_gmt":"2019-02-06T16:20:09","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=426"},"modified":"2019-02-06T10:20:13","modified_gmt":"2019-02-06T16:20:13","slug":"comptia-cysa-objective-4-3","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/","title":{"rendered":"CompTIA CySA+ Objective 4.3"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Given a scenario, review security architecture and make recommendations to implement compensating controls. <\/p><cite>CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 <\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Security Data Analytics<\/h3>\n\n\n\n<p>Data analytics allows analysts to take a large data set and through software make sense of the data.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data Aggregation and Correlation<\/h4>\n\n\n\n<p>SIEM systems can help look at correlation between events in the data. An example is a spike in SYN packets happening during a DoS attack.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Trend Analysis<\/h4>\n\n\n\n<p>Risk management lends itself to trend analysis. Historical data is used to show variance from established baselines.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Historical Analysis<\/h4>\n\n\n\n<p>Shows data over time to see anomalies and other information that would be missed looking at data only at the time it happened.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Manual Review<\/h3>\n\n\n\n<p>Automation is nice, but sometimes you need to know how to look at the logs and make your own inferences. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Firewall Logs<\/h4>\n\n\n\n<p>Firewall logs can be intimidating, but generally follow a similar format across vendors.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;time> &lt;action> &lt;firewall> &lt;interface> &lt;product> &lt;source> &lt;source port> &lt;destination> &lt;destination port\/service> &lt;protocol> &lt;translation> &lt;rule><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Time:<\/strong> Local time on the monitoring station<\/li><li><strong>Action: <\/strong>Accept, deny or drop<\/li><li><strong>Firewall: <\/strong>IP or hostname of the device<\/li><li><strong>Interface:<\/strong> Interface where the packet was seen<\/li><li><strong>Product: <\/strong>Software running on the firewall.<\/li><li><strong>Source:<\/strong> Source IP of the packet<\/li><li><strong>Source Port:<\/strong> Source Port of the packet<\/li><li><strong>Destination: <\/strong>Destination IP of the packet<\/li><li><strong>Service (Destination Port):<\/strong> Destination port or service of the packet.<\/li><li><strong>Protocol:<\/strong> TCP\/UDP generally<\/li><li><strong>Translation:<\/strong> New source or destination if NAT is used<\/li><li><strong>Rule:<\/strong> The rule number that caused the log entry.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>7:33:10 deny firewall1 OUTSIDE Firewall-Prod 192.0.1.2 3473 10.44.4.4 443 TCP xlatedst 111.111.111.111 rule 6<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Syslogs<\/h4>\n\n\n\n<p>Syslog messages have a standard format. Syslog packets are limited to 1024 bytes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">May 4 13:37:01.010: %SEC-6-IPACCESSLOGP: list ACL12-IN permitted tcp 192.0.2.5(12345) -> 198.51.100.3(443), 1 packet<br><\/pre>\n\n\n\n<p>The above would be an example security related syslog message. Syslog is a very flexible format so depending on the device messages may look different. In the above example, the facility would be SEC or security and the severity (not necessarily a measure of security severity) is 6 which means Informational. Below are the various severity levels for syslog messages.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>0 Emergency: <\/strong>System is unusable or severely affected<\/li><li><strong>1 Alert:<\/strong> Immediate action is required<\/li><li><strong>2 Critical: <\/strong>Critical events<\/li><li><strong>3 Error:<\/strong> Error messages from applications or the OS<\/li><li><strong>4 Warning:<\/strong> Warning messages from applications or the OS<\/li><li><strong>5 Notice:<\/strong> Normal condition, but significant<\/li><li><strong>6 Informational:<\/strong> Informational messages for routine activities<\/li><li><strong>7 Debug:<\/strong> Debugging messages for troubleshooting.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Authentication Logs<\/h4>\n\n\n\n<p>Logs on servers and other devices keep track of authentication successes, failures and related events like lockouts. In Windows environments, event ID 4625 can be used to filter to authentication events.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Event Logs<\/h4>\n\n\n\n<p>Like authentication logs, these logs are kept on devices and can be sources of information. Often they will be shipped to a SIEM for easier review and correlation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Defense in Depth<\/h3>\n\n\n\n<p>Defense in depth refers to using multiple <a href=\"https:\/\/youtu.be\/-FtCTW2rVFM?t=45\">layers<\/a> of security. Some refer to this as belt and suspenders.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Personnel<\/h4>\n\n\n\n<p>Often security analysts refer to people as the weak link in security because they are unpredictable. There are ways to take this &#8220;weak link&#8221; and make it stronger for defense in depth.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Training:<\/strong> INFOSEC training comes in three parts and all three are important. First, there is Security Awareness, that is the what. This helps colleagues understand what the threats are. Then there is Security Training which covers how to deal with the threat. Finally, there is Security education which covers why.<\/li><li><strong>Dual Control:<\/strong> For critical functions, two people must participate. For example, one person can submit a request and another must approve it.<\/li><li><strong>Separation of Duties: <\/strong>No one person has the rights and access to do the operation alone. An example would be two employees that both know part of a code required to do a task.<\/li><li><strong>Third Party\/Consultants: <\/strong>Third-party consultants are a risk that must be accounted for in policy and contracts.<\/li><li><strong>Cross-Training:<\/strong> Training colleagues on multiple roles allows for the job to be completed if the primary colleague for a role is either unable or unwilling to complete it.<\/li><li><strong>Mandatory Vacation: <\/strong> Some companies take cross training to another level by mandating vacation. This provides an opportunity for the colleague that is cross-trained to do the role. It also may identify if any fraud is being done by changing who does the role.<\/li><li><strong>Succession Planning:<\/strong> Proper succession planning identifies candidates to succeed key employees and a plan to train these individuals in advance.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Processes<\/h4>\n\n\n\n<p>Defense in depth requires processes to be in place within an organization. There are several key areas around processes to be understood.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Continual\u00a0Improvement:<\/strong> Security never sits still and analyst must always work to improve it. A process of Plan, Do, Check and Act should be implemented.<\/li><li><strong>Scheduled Reviews\/Retirement of Processes: <\/strong><ul><li>What controls are being used?<\/li><li>How can they be improved?<\/li><li>Are they still necessary?<\/li><li>Are there new issues?<\/li><li>Which controls can be added for the new issues?<\/li><\/ul><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Technologies<\/h4>\n\n\n\n<p>Technology solutions are the back bone of defense in depth.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Automated\u00a0Reporting: <\/strong>Vulnerability scanning tools can automatically report on their findings. These can be tailored to the audience.<ul><li><strong>Technical Report:<\/strong> Comprehensive report for analysts and engineers.<\/li><li><strong>Change Report:<\/strong> Presents only changes from previous scans<\/li><li><strong>Executive Report:<\/strong> Decision making graphs and information.<\/li><li><strong>Senior Executive Report:<\/strong> Nontechnical decision making information.<\/li><\/ul><\/li><li><strong>Security Appliances: <\/strong>IPS\/IDS, Firewalls, SIEM and encryption devices<\/li><li><strong>Security Suites:<\/strong> Collection of security utilities in a single tool<\/li><li><strong>Outsourcing: <\/strong>Security as a Service through a third party might be appropriate for smaller organizations that cannot afford the expertise in house. These agreements must be thoroughly reviewed.<\/li><li><strong>Cryptography: <\/strong>Cryptography comes in many forms and strengths, these must be used to provide confidentiality and integrity of data. The cryptography used should be evaluated against current best practices for key length, encryption algorithm <g class=\"gr_ gr_435 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep\" id=\"435\" data-gr-id=\"435\">and<\/g> key management.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Other Security Considerations<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Network Design:<\/strong> Placement of security tools within the network is important. SIEMs should be central and NIDS\/NIPS should be placed at important choke points.<\/li><li><strong>Network Segmentation: <\/strong> VLANs segment at layer 2 and subnets segment at layer 3. In addition tools like private VLANs (PVLANs) can be used for further segmentation.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Given a scenario, review security architecture and make recommendations to implement compensating controls. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Security Data Analytics Data analytics allows analysts to take a large data set and through software make sense of the data. Data Aggregation and Correlation SIEM systems can help look at correlation between [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":452,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CompTIA CySA+ Objective 4.3 - Study Notes #cysa+ #comptia #ciscochampion","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,31,95],"tags":[90,91],"class_list":["post-426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-certification","category-cysa","tag-certification","tag-cysa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CompTIA CySA+ Objective 4.3 -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CompTIA CySA+ Objective 4.3 -\" \/>\n<meta property=\"og:description\" content=\"Given a scenario, review security architecture and make recommendations to implement compensating controls. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Security Data Analytics Data analytics allows analysts to take a large data set and through software make sense of the data. Data Aggregation and Correlation SIEM systems can help look at correlation between [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-06T16:20:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-02-06T16:20:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CompTIA CySA+ Objective 4.3\",\"datePublished\":\"2019-02-06T16:20:09+00:00\",\"dateModified\":\"2019-02-06T16:20:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/\"},\"wordCount\":962,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1\",\"keywords\":[\"certification\",\"cysa+\"],\"articleSection\":[\"Blog\",\"Certification\",\"CySA+\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/\",\"name\":\"CompTIA CySA+ Objective 4.3 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1\",\"datePublished\":\"2019-02-06T16:20:09+00:00\",\"dateModified\":\"2019-02-06T16:20:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/02\\\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1\",\"width\":640,\"height\":426,\"caption\":\"Photo by Lorenzo Cafaro from Pexels\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/02\\\/06\\\/comptia-cysa-objective-4-3\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CompTIA CySA+ Objective 4.3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CompTIA CySA+ Objective 4.3 -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/","og_locale":"en_US","og_type":"article","og_title":"CompTIA CySA+ Objective 4.3 -","og_description":"Given a scenario, review security architecture and make recommendations to implement compensating controls. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Security Data Analytics Data analytics allows analysts to take a large data set and through software make sense of the data. Data Aggregation and Correlation SIEM systems can help look at correlation between [&hellip;]","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-02-06T16:20:09+00:00","article_modified_time":"2019-02-06T16:20:13+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CompTIA CySA+ Objective 4.3","datePublished":"2019-02-06T16:20:09+00:00","dateModified":"2019-02-06T16:20:13+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/"},"wordCount":962,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","keywords":["certification","cysa+"],"articleSection":["Blog","Certification","CySA+"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/","name":"CompTIA CySA+ Objective 4.3 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","datePublished":"2019-02-06T16:20:09+00:00","dateModified":"2019-02-06T16:20:13+00:00","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","width":640,"height":426,"caption":"Photo by Lorenzo Cafaro from Pexels"},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/06\/comptia-cysa-objective-4-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CompTIA CySA+ Objective 4.3"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/pexels-photo-239886.jpeg?fit=640%2C426&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-6S","jetpack-related-posts":[{"id":161,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/07\/comptia-cysa-objective-1-2\/","url_meta":{"origin":426,"position":0},"title":"CompTIA CySA+ Objective 1.2","author":"Ben Story","date":"January 7, 2019","format":false,"excerpt":"Given a scenario, analyze the results of a network reconnaissance.CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 While gathering the reconnaissance about a network, the data must be turned into actionable information.\u00a0 The first type of analysis is the point in time analysis.\u00a0 Sources for such analysis may include\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by PhotoMIX Ltd. from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":165,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/14\/comptia-cysa-objective-2-2\/","url_meta":{"origin":426,"position":1},"title":"CompTIA CySA+ Objective 2.2","author":"Ben Story","date":"January 14, 2019","format":false,"excerpt":"Given a scenario, analyze the output resulting from a vulnerability scan.CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Analyze Reports from a Vulnerability Scan The data from a vulnerability scan must be interpreted and analyzed to turn it into usable and actionable information.\u00a0 One of the first parts of\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Microscope","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":465,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/26\/comptia-cysa-objective-4-5\/","url_meta":{"origin":426,"position":2},"title":"CompTIA CySA+ Objective 4.5","author":"Ben Story","date":"February 26, 2019","format":false,"excerpt":"Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 So this objective is more of a laundry list than anything else. I would suggest going through the list of tools and familiarize yourself with what\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":159,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/01\/comptia-cysa-cs0-001\/","url_meta":{"origin":426,"position":3},"title":"CompTIA CySA+ CS0-001","author":"Ben Story","date":"January 1, 2019","format":false,"excerpt":"Security has always been an important component in being a Network Engineer.\u00a0 Today's Internet of Things (IoT) and the growing number of cyber attacks has made it even more crucial.\u00a0 Because of this, I've decided to go back into the Security realm of certification coursework and exams.\u00a0 It has been\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Security","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":374,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/23\/comptia-cysa-objective-3-4\/","url_meta":{"origin":426,"position":4},"title":"CompTIA CySA+ Objective 3.4","author":"Ben Story","date":"January 23, 2019","format":false,"excerpt":"Given a scenario, analyze common symptoms to select the best course of action to support incident response. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Common Network-Related Symptoms Bandwidth consumption: It is important to have a baseline before an incident to know what is normal on the network. Deviation\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by rawpixel.com from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-905874.jpeg?fit=640%2C378&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":422,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/30\/comptia-cysa-test\/","url_meta":{"origin":426,"position":5},"title":"CompTIA CySA+ &#8211; The Test","author":"Ben Story","date":"January 30, 2019","format":false,"excerpt":"Nothing happens until something moves.Albert Einstein After studying for about 3 months, 1 month intensively, I sat for the CompTIA CySA+ exam today. For those of you going, \"Wait, he hasn't finished his blog posts on all of the objectives,\" relax, they're still in the works. So here are my\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Test Chalkboard","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=426"}],"version-history":[{"count":0,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/426\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/452"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}