The NDG CySA+ labs provide hands-on practice in behavioral analytics skills to identify vulnerabilities, threats, and risks to an organization. Learners gain the skills needed to identify and combat malware, configure and use threat-detection tools, and secure and protect the applications and systems within an organization.
See the Supported Labs table below.
NDG CySA+ labs are supported in NETLAB+ using the CySA+ Pod.
Certification Resources: Please see the table below for details on how the labs map to the CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives and the CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002).
| Lab | Title | CompTIA CySA+ (CS0-002) Exam Objectives |
All-In-One CompTIA CySA+ Second Edition ISBN-13: 978-1260464306 Chapters |
|---|---|---|---|
| 1 | Network Enumeration |
1.0 - Threat and Vulnerability Management 1.2 - Given a scenario, utilize threat intelligence to support organizational security 1.3 - Given a scenario, perform vulnerability managemenactivitieses 1.4 - Given a scenario, analyze the output from commvulnerabilitylty tools 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities |
Chapter 2,3,4,7 |
| 2 | Web Application Scanning |
1.0 - Threat and Vulnerability Management 1.2 - Given a scenario, utilize threat intelligence to support organizational security 1.3 - Given a scenario, perform vulnerability managemenactivitieses 1.6 - Explain the threats and vulnerabilities associated with operating in the cloud 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 2.0 - Software and Systems Security 2.1 - Given a scenario, apply security solutions for infrastructure management 4.0 - Incident Response 4.1 - Explain the importance of the incident response process 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques |
Chapter 2,3,6,7,8,15,17,18 |
| 3 | Windows CLI Tools |
1.0 - Threat and Vulnerability Management 1.4 - Given a scenario, analyze the output from common vulnerability tools 2.0 - Software and Systems Security 2.1 - Explain software assurance best practices |
Chapter 4,9 |
| 4 | Linux Command Line Tools |
1.0 - Threat and Vulnerability Management 1.4 - Given a scenario, analyze the output from commonn vulnerabilityy tools 2.0 - Software and Systems Security 2.1 - Explain software assurance best practices |
Chapter 4,9 |
| 5 | Vulnerability Scanning |
1.0 - Threat and Vulnerability Management 1.1 - Explain the importance of threat data and intelligence 1.2 - Given a scenario, utilize threat intelligence to support organizational security 1.3 - Given a scenario, perform vulnerability managemeactivitiesies 1.4 - Given a scenario, analyze the output from comvulnerabilityilty tools 1.6 - Explain the threats and vulnerabilities associated with operating in the cloud 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 3.0 - Security Operations and Monitoring 3.3 - Explain the importance of proactive threat hunting |
Chapter 1,2.3,4,6,7,13 |
| 6 | Packet Analysis |
1.0 - Threat and Vulnerability Management 1.2 - Given a scenario, utilize threat intelligence to support organizational security 1.3 - Given a scenario, perform vulnerability managemenactivitieses 1.4 - Given a scenario, analyze the output from common vulnerability tools 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.2 - Given a scenario, implement configuration changes to existing controls to improve security 3.3 - Explain the importance of proactive threat hunting 4.0 - Incident Response 4.4 - Given a scenario, utilize basic digital forensics techniques |
Chapter 2,3,4,11,12,13,18 |
| 7 | Host Hardening |
1.0 - Threat and Vulnerability Management 1.3 - Given a scenario, perform vulnerability management activities 1.4 - Given a scenario, analyze the output from common vulnerability tools 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 2.0 - Software and Systems Security 2.1 - Explain software assurance best practices 3.0 - Security Operations and Monitoring 3.2 - Given a scenario, implement configuration changes to existing controls to improve security |
Chapter 3,4,7,8,12 |
| 8 | Understanding ACL's and Host-Based Firewalls |
1.0 - Threat and Vulnerability Management 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 2.0 - Software and Systems Security 2.1 - Explain software assurance best practices 3.0 - Security Operations and Monitoring 3.2 - Given a scenario, implement configuration changes to existing controls to improve security |
Chapter 7,8,12 |
| 9 | Working with Log Data |
1.0 - Threat and Vulnerability Management 1.6 - Explain the threats and vulnerabilities associated with operating in the cloud 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 4.0 - Incident Response 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques |
Chapter 6,11,17,18 |
| 10 | Memory Forensic Analysis |
1.0 - Threat and Vulnerability Management 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 4.0 - Incident Response 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques |
Chapter 7,17,18 |
| 11 | Digital Forensic Analysis |
4.0 - Incident Response 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques 5.0 - Compliance and Assessment 5.2 - Given a scenario, apply security concepts in support of organizational risk mitigation |
Chapter 17,18,20 |
| 12 | Extracting Data from a Compromised Machine |
1.0 - Threat and Vulnerability Management 1.1 - Explain the importance of threat data and intelligence 4.0 - Incident Response 4.1 - Explain the importance of the incident response process 4.2 - Given a scenario, apply the appropriate incident response procedure 4.3 - Given an incident, analyze potential indicators of compromise |
Chapter 1,15,16,17 |
| 13 | Password Cracking |
1.0 - Threat and Vulnerability Management 1.4 - Given a scenario, analyze the output from common vulnerability tools 2.0 - Security and Systems Security 2.1 - Explain software assurance best practices 4.0 - Incident Response 4.4 - Given a scenario, utilize basic digital forensics techniques 5.0 - Compliance and Assessment 5.3 - Explain the importance of frameworks, policies, procedures and controls |
Chapter 4,8,18,21 |
| 14 | Packet Crafting |
2.0 - Security and Systems Security 2.1 - Explain software assurance best practices 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.3 - Explain the importance of proactive threat hunting 3.4 - Compare and Contrast automation concepts and technologies |
Chapter 8,11,13,14 |
| 15 | Log Analysis with Bash Scripting | 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.4 - Compare and Contrast automation concepts and technologies 4.0 - Incident Response 4.3 - Given an incident, analyze potential indicators of compromise | Chapter 11,14,17 |
| 16 | Configuring a Firewall |
1.0 - Threat and Vulnerability Management 1.3 - Given a scenario, perform vulnerability management activities 2.0 - Software and Systems Security 2.1 - Explain software assurance best practices 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.2 - Given a scenario, implement configuration changes to existing controls to improve security 3.3 - Explain the importance of proactive threat hunting |
Chapter 3,8,11,12,13 |
| 17 | Incident Response Procedures |
1.0 - Threat and Vulnerability Management 1.2 - Given a scenario, utilize threat intelligence to support organizational security 4.0 - Incident Response 4.2 - Given a scenario, apply the appropriate incident response procedure 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques 5.0 - Compliance and Acceptance 5.2 - Given a scenario, apply security concepts in support of organizational risk mitigation |
Chapter 2,16,17,18,20 |
| 18 | Securing Data Using Encryption Software |
2.0 - Software and Systems Security 2.1 - Explain software assurance best practices 5.0 - Compliance and Acceptance 5.1 - Understand the importance of data privacy and protection |
Chapter 8,19 |
| 19 | Creating Rules and Testing Snort IDS |
1.0 - Threat and Vulnerability Management 1.3 - Given a scenario, perform vulnerability management activities 1.4 - Given a scenario, analyze the output from common vulnerability tools 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.2 - Given a scenario, implement configuration changes to existing controls to improve security 3.4 - Compare and Contrast automation concepts and technologies 4.0 - Incident Response 4.2 - Given a scenario, apply the appropriate incident response procedure 4.3 - Given an incident, analyze potential indicators of compromise 4.4 - Given a scenario, utilize basic digital forensics techniques 5.0 - Compliance and Acceptance 5.2 - Given a scenario, apply security concepts in support of organizational risk mitigation |
Chapter 3,4,7,11,12,14,16,17,18,20 |
| 20 | Network Intrusion Detection with OSSIM |
1.0 - Threat and Vulnerability Management 1.3 - Given a scenario, perform vulnerability management activities 1.4 - Given a scenario, analyze the output from common vulnerability tools 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.2 - Given a scenario, implement configuration changes to existing controls to improve security 3.4 - Compare and Contrast automation concepts and technologies 4.0 - Incident Response 4.2 - Given a scenario, apply the appropriate incident response procedure 4.3 - Given an incident, analyze potential indicators of compromise 5.0 - Compliance and Acceptance 5.2 - Given a scenario, apply security concepts in support of organizational risk mitigation |
Chapter 3,4,7,11,12,14,16,17,20 |
| 21 | Host Intrusion Detection with OSSIM |
1.0 - Threat and Vulnerability Management 1.3 - Given a scenario, perform vulnerability management activities 1.4 - Given a scenario, analyze the output from common vulnerability tools 1.7 - Given a scenario, implement controls to mitigate attacks and software vulnerabilities 3.0 - Security Operations and Monitoring 3.1 - Given a scenario, analyze data as part of security monitoring activities 3.2 - Given a scenario, implement configuration changes to existing controls to improve security 3.4 - Compare and Contrast automation concepts and technologies 4.0 - Incident Response 4.2 - Given a scenario, apply the appropriate incident response procedure 4.3 - Given an incident, analyze potential indicators of compromise 5.0 - Compliance and Acceptance 5.2 - Given a scenario, apply security concepts in support of organizational risk mitigation |
Chapter 3,4,7,11,12,14,16,17,20 |
The book listed below is a recommended resource to accompany the NDG CySA+ labs.
CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide Second Edition (Exam CS0-002) 2nd Edition by Brent Chapman (Author), Fernando Maymi (Author) ISBN-13: 978-1260464306 ISBN-10: 126046430X
To enable the NDG CySA+ labs, install the CySA+ course using the Course Manager. See the Course Manager section of the NETLAB+ VE Admin Guide for details. The course content will then be available to be added to classes.
Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.
