From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Network symptoms
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Network symptoms
- [Instructor] As a cybersecurity analyst, you need to be familiar with many of the signs and symptoms of a security incident. This information can help you identify that an incident is taking place, and also point you down the right avenues of investigation during incident analysis. Just like a physician takes a patient's vital signs and asks about physical symptoms when trying to diagnose a disease, security professionals must look at the signs and symptoms on their networks when diagnosing a security incident. Network traffic is a common source of valuable information about security incidents. Firewall logs, net flow records, and data from network performance monitoring tools may play a valuable role in diagnosing a security incident. As a cybersecurity analyst, you should practice reviewing these logs. Make sure that you don't only look at summaries of logs. You should also be capable of digging in to the records…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.