EC-Council Certified SOC Analyst

The CSA exam is designed to test and validate a candidate’s comprehensive understanding of the job tasks required as a SOC analyst. Thereby, validating their comprehensive understanding of a complete SOC workflow.

Exam Topics:

Security operations and management

• Understand the SOC Fundamentals

• Discuss the components of SOC: People, processes and technology

• Understand the implementation of SOC

Understanding cyber threats, IoCs, and attack methodology

• Describe the term cyber threats and attacks

• Understand the Network Level attacks

• Understand the Host Level attacks

• Understand the Application Level attacks

• Understand the Indicators of Compromise (IoCs)

• Discuss the attacker’s Hacking Methodology

Incidents, events and logging

• Understand the fundamentals of incidents, events, and logging

• Explain the concepts of local logging

• Explain the concepts of centralised logging

Incident detection with Security Information and Event Management (SIEM)

• Understand the basic concepts of Security Information and Event Management (SIEM)

• Discuss the different SIEM Solutions

• Understand the SIEM Deployment

• Learn different use case examples for Application Level Incident Detection

• Learn different use case examples for Insider Incident Detection

• Learn different use case examples for Network Level Incident Detection

• Learn different use case examples for Host Level Incident Detection

• Learn different use case examples for Compliance

• Understand the concept of handling alert triaging and analysis

Enhanced incident detection with threat intelligence

• Learn fundamental concepts on threat intelligence

• Learn different types of threat intelligence

• Understand how threat intelligence strategy is developed

• Learn different threat intelligence sources from which intelligence can be obtained

• Learn different Threat Intelligence Platform (TIP)

• Understand the need of threat intelligence-driven SOC

Incident response

• Understand the fundamental concepts of incident response

• Learn various phases in Incident Response Process

• Learn how to respond to Network Security Incidents

• Learn how to respond to Application Security Incidents

• Learn how to respond to Email Security Incidents

• Learn how to respond to Insider Incidents

• Learn how to respond to Malware Incidents