Level

Operations and Incident Response for CompTIA Security+

By Christopher Rees

Experiencing a cyber event is not a question of if, but of when. This course will teach you the skills necessary to assess organizational security and respond to various cyber-related incidents.

See Pricing

4 hours

108 Lessons

About the course

Proper and timely incident response including gathering data and preservation of evidence is critical to a successful response and investigation. In this course, Operations and Incident Response for CompTIA Security+, you’ll learn to how to assess your organizational security and respond to cyber-related incidents. First, you’ll explore the tools and techniques associated with network reconnaissance and discovery. Next, you’ll learn the steps in the incident response process along with the various attack frameworks and testing methodologies. From there, you’ll learn the components of a proper communication plan, business continuity and disaster recovery plan to help prepare for, and respond to, a cyber event. Finally, you’ll learn key aspects of digital forensics. When you’re finished with this course, you’ll have the skills and knowledge necessary to not only plan and prepare for cyber events, but to respond and investigate when they do.

Recommended order of completion:

Attacks, Threats, and Vulnerabilities for CompTIA Security+
Architecture and Design for CompTIA Security+
Implementation of Secure Solutions for CompTIA Security+
Operations and Incident Response for CompTIA Security+
Governance, Risk, and Compliance for CompTIA Security+
CompTIA Security+: Exam Briefing

Contact Sales See Pricing

Chapter 1 1 Lesson Course Overview 1:57

Course Overview
1:57
Chapter 2 26 Lessons Implementing Appropriate Tools to Assess Organizational Security 51:39

Module Overview
0:52

Traceroute/tracert
1:53

nslookup/dig
1:32

ipconfig/ifconfig
0:56

nmap and nmap demo
3:09

Ping and Pathping
2:32

hping and hping demo
2:37

Netstat
1:18

netcat
1:59

IP Scanners
0:53

ARP
0:47

Route
0:33

Curl and Curl Demo
1:37

TheHarvester and Demo
1:45

Sn1per and Demo
3:58

Scanless and Demo
1:45

DNSenum
0:39

Nessus and Cuckoo
2:32

File Manipulation (Head, Tail, Cat, GREP and Logger)
2:33

CHMOD
1:06

Shell and Script Environments (SSH, PowerShell, Python and OpenSSL)
1:24

Packet Capture and TCPDump Demo
2:32

Forensics
5:07

Exploitation Frameworks
2:04

Data Sanitization Tools
5:00

Module Review
0:36
Chapter 3 33 Lessons Applying Policies, Processes and Procedures for Incident Response 55:47

Module Intro
0:51

Who Should Watch this Course?
2:50

Team Models
1:15

Incident Response Process
1:45

Preparation
1:32

Detection and Analysis
3:06

Stopping the Spread
2:38

Defining Goals and Expected Outcomes
3:47

Test the Plan
0:55

Walkthrough Tests
1:56

Communication Tests
1:08

Simulation (Tabletop) Tests
0:59

Partial Exercise
0:56

Full Exercise
0:43

Overall Cost and Complexity of Testing
0:59

Plan Review and Maintenance
1:47

Review Process Outcomes
0:51

Wired Brain Coffee's Testing
1:55

Intelligence Lifecycle
0:30

Threat Intelligence Lifecycle
1:25

Cyberthreat Intelligence Frameworks
1:25

Cyber Kill Chain
1:52

Diamond Model
1:55

MITRE Attack Framework
2:27

Key Points to Remember
2:01

Types of Plans
0:44

Disaster Recovery Plan
0:58

Business Continuity Plan
0:52

Business Resumption Plan
0:52

Incident Management Plan
1:13

Data Retention
2:46

Putting It All Together
2:27

Example Process
4:27
Chapter 4 14 Lessons Implementing Appropriate Data Sources to Support an Investigation 42:35

Module Intro
1:14

Filtering Through the Noise
3:32

Vulnerability Scanner Demo
3:37

SIEM
3:13

Log Files
4:03

Log Management, Syslog, Rsyslog, and Syslog-ng
3:21

Journalctl
3:24

NXLOG
0:43

Retention (Auditing, Compliance and Investigations)
2:02

Bandwidth Monitors
1:22

Metadata
3:19

Netflow, sFlow, and IPFIX
4:55

Detecting an Amplification Attack (ICMP echo)
2:18

Protocol Analyzer Output
5:32
Chapter 5 13 Lessons Implementing Mitigation Techniques to Secure an Environment 36:47

Module Intro
0:50

Application Whitelisting/Blacklisting
1:17

Quarantine
2:24

Firewalls
6:04

Demo: Configuring Firewall Rules
3:54

Mobile Device Management
4:41

Using MDM to Locate and Secure and Lost Device
1:06

DLP, Content Filters/URL Filters and Updating/Revoking Certificates
3:08

Segregation, Segmentation and Isolation
2:52

Virtualization
1:11

Air Gaps
1:56

Securing the Environment using Isolation, Containment and Segmentation
1:56

SOAR and Runbooks/Playbooks
5:28
Chapter 6 21 Lessons Understanding the Key Aspects of Digital Forensics 48:37

Module Overview
1:14

Computer Forensics
2:30

Order of Volatility
5:06

Chain of Custody
2:36

Legal Hold
1:21

First Responder Best Practices
4:58

Capture a System Image
3:34

Network Traffic and Logs
3:56

Capturing Video
0:58

Record Time Offset
2:29

Taking Hashes
1:57

Screenshots
1:03

Witnesses
1:57

Preservation of Evidence
1:32

Recovery
1:26

Strategic Intelligence / Counterintelligence Gathering
1:28

Data Integrity
2:00

Non-repudiation
0:54

On-prem vs. Cloud Challenges and Right to Audit
3:27

Regulatory / Jurisdictional Issues
1:56

Data Breach Notification Laws
2:15

Practice alongside courses in Cloud Playground

What is Cloud Playground? Cloud Playground lets you build skills in real-world AWS, Google Cloud, and Azure environments. Spin up risk-free Sandboxes, Servers and Terminals and follow along with courses, test a new idea or prepare for exams.

Operations and Incident Response for CompTIA Security+

About the course

Course Overview

Module Overview

Traceroute/tracert

nslookup/dig

ipconfig/ifconfig

nmap and nmap demo

Ping and Pathping

hping and hping demo

Netstat

netcat

IP Scanners

ARP

Route

Curl and Curl Demo

TheHarvester and Demo

Sn1per and Demo

Scanless and Demo

DNSenum

Nessus and Cuckoo

File Manipulation (Head, Tail, Cat, GREP and Logger)

CHMOD

Shell and Script Environments (SSH, PowerShell, Python and OpenSSL)

Packet Capture and TCPDump Demo

Forensics

Exploitation Frameworks

Data Sanitization Tools

Module Review

Module Intro

Who Should Watch this Course?

Team Models

Incident Response Process

Preparation

Detection and Analysis

Stopping the Spread

Defining Goals and Expected Outcomes

Test the Plan

Walkthrough Tests

Communication Tests

Simulation (Tabletop) Tests

Partial Exercise

Full Exercise

Overall Cost and Complexity of Testing

Plan Review and Maintenance

Review Process Outcomes

Wired Brain Coffee's Testing

Intelligence Lifecycle

Threat Intelligence Lifecycle

Cyberthreat Intelligence Frameworks

Cyber Kill Chain

Diamond Model

MITRE Attack Framework

Key Points to Remember

Types of Plans

Disaster Recovery Plan

Business Continuity Plan

Business Resumption Plan

Incident Management Plan

Data Retention

Putting It All Together

Example Process

Module Intro

Filtering Through the Noise

Vulnerability Scanner Demo

SIEM

Log Files

Log Management, Syslog, Rsyslog, and Syslog-ng

Journalctl

NXLOG

Retention (Auditing, Compliance and Investigations)

Bandwidth Monitors

Metadata

Netflow, sFlow, and IPFIX

Detecting an Amplification Attack (ICMP echo)

Protocol Analyzer Output

Module Intro

Application Whitelisting/Blacklisting

Quarantine

Firewalls