You're reading from CompTIA CySA+ (CS0-003) Certification Guide Pass the CySA+ exam on your first attempt with complete topic coverage, expert tips, and practice resources

Product type Paperback

Published in Apr 2025

Publisher Packt

ISBN-13 9781835468920

Length 742 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Jonathan Isley

View More author details

Table of Contents (19) Chapters

Preface

1. Chapter 1: IAM, Logging, and Security Architecture

2. Chapter 2: Attack Frameworks FREE CHAPTER

3. Chapter 3: Incident Response Preparation and Detection

4. Chapter 4: Incident Response – Containment, Eradication, Recovery, and Post-Incident Activities

5. Chapter 5: Efficiency in Security Operations

6. Chapter 6: Threat Intelligence and Threat Hunting

7. Chapter 7: Indicators of Malicious Activity

8. Chapter 8: Tools and Techniques for Malicious Activity Analysis

9. Chapter 9: Attack Mitigations

10. Chapter 10: Risk Control and Analysis

11. Chapter 11: Vulnerability Management Program

12. Chapter 12: Vulnerability Assessment Tools

13. Chapter 13: Vulnerability Prioritization

14. Chapter 14: Incident Reporting and Communication

15. Chapter 15: Vulnerability Management Reporting and Communication

16. Chapter 16: Accessing the Online Practice Resources

17. Index

Why Subscribe?

18. Other Books You May Enjoy

Activity 8.2: tcpdump – Capture and Analysis Practice

This activity will go through the usage of the tcpdump Linux network utility. You will use your Kali machine, with internet access, for this exercise. You will practice with the tcpdump tool and gain skills for basic network traffic analysis.

Scenario: Your organization has noticed unusual activity on the network, particularly involving HTTP traffic. Your task is to capture this traffic and analyze it to identify any suspicious activity by following these steps:

Open a terminal on your Kali machine.
Use tcpdump to capture HTTP traffic and save it to a file. You will need to navigate to some websites to generate traffic.
After you have started the capture, open Firefox and navigate around to a few different sites to generate HTTP traffic.
Let the capture run for a few minutes to gather sufficient data, then stop it (Ctrl + C).
Analyze the captured data with tcpdump.
Identify the IP addresses...