SY0-701 - CompTIA Security+: Automation, Orchestration, & Incident Response
Automation offers many advantages to information technology including higher production rates and increased productivity, more efficient use of resources, both physical and logical, better product/service quality, and improved security and safety. In this course, the learner will tackle concepts such as automation and scripting use cases, continuous integration and testing, application programming interfaces (APIs), the benefits of automation, automation considerations, the incident response process, training, testing, tabletop exercises, simulations, threat hunting, root cause analysis, digital forensics, and investigation data sources. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
0.82
SY0-701 - CompTIA Security+: Automation, Orchestration, & Incident Response
identify various automation and scripting use cases
recognize the benefits of automation, including efficiency/time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, and workforce multiplier
provide an overview of automation considerations such as complexity, cost, single point of failure, technical debt, and ongoing supportability
outline the incident response process, including preparation, detection, analysis, containment, eradication, recovery, and lessons learned
define training and testing of incident response (IR) with techniques like tabletop exercises and simulations
provide an overview of threat hunting and root cause analysis
outline the digital forensics process with legal hold, chain of custody, acquisition, reporting, preservation, and e-discovery
outline the process of investigating data sources with firewall logs, application logs, endpoint logs, OS-specific security logs, IPS/IDS logs, network logs, metadata, vulnerability scans, automated reports, dashboards, and packet captures
it_cssecp23_16_enus