Certification     CompTIA     CompTIA Advanced Security Practitioner (CASP+)     CAS-004 CompTIA Advanced Security Practionner (CASP+)

---

Enterprise IT monitoring is crucial in detecting potential security incidents. In this course, you'll explore various monitoring methods for hosts, devices, and networks. Next, you'll learn to configure log forwarding and work with logs through PowerShell. Moving on, you'll learn to recognize when to use honeyfiles, honeypots, and honeynets, as well as SIEM and SOAR solutions. You’ll then examine intrusion detection and prevention and how they are used to secure a network. Lastly, you'll explore the use of tools such as Snort, tcpdump, nmap, and Wireshark for analyzing networks and network traffic. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

---

---

Objectives

CompTIA CASP+ (CAS-004): Monitoring & Incident Response discover the key concepts covered in this course identify the various levels of IT monitoring enable syslog forwarding in Linux manage Windows logs using the GUI manage cloud-based logging differentiate between honeynets, honeypots, and honeyfiles describe how IDS and IPS are used to secure a network install Snort IDS test Snort IDS rules recognize reasons for using SIEM and SOAR solutions use tcpdump to capture network traffic use Wireshark to filter captured network traffic use nmap to discover hosts and network services use packettotal.com to analyze packets summarize the key concepts covered in this course