Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

LinkedIn Learning

CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

via LinkedIn Learning


Review incident response concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about classifying security incidents, conducting investigations, and more.


  • Incident response
  • What you need to know
  • Study resources
1. Assessing Incidents
  • Identifying and classifying security incidents
  • Threat classification
  • Zero days and the advanced persistent threat
  • Determining incident severity
2. Incident Response Process
  • Build an incident response program
  • Creating an incident response team
  • Incident communications plan
  • Incident identification
  • Escalation and notification
  • Mitigation
  • Containment techniques
  • Incident eradication and recovery
  • Validation
  • Post-incident activities
3. Indicators of Compromise
  • Network symptoms
  • Rogue access points and evil twins
  • Endpoint symptoms
  • Application symptoms
4. Forensic Investigations
  • Conducting investigations
  • Evidence types
  • Introduction to forensics
  • System and file forensics
  • File carving
  • Creating forensic images
  • Digital forensics toolkit
  • Operating system analysis
  • Password forensics
  • Network forensics
  • Software forensics
  • Mobile device forensics
  • Embedded device forensics
  • Chain of custody
  • Ediscovery and evidence production
  • Next steps

Taught by

Mike Chapple


Start your review of CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.