Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Cyber security Services Chapter 6 EXAMINATION., Exams of Computer Science

Texas State UniversityComputer Science

Cyber security Services Chapter 6 EXAMINATION. Cyber security Services Chapter 6 EXAMINATION.

Typology: Exams

2024/2025

Available from 07/20/2025

Martin-Ray-1
Martin-Ray-1 🇺🇸

4.7

(12)

9.8K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cyber security Services Chapter 6
EXAMINATION.
Page 1 of 10
This broad spectrum of services is what comprised Advanced Threat Protection: (5)
- URL Security Categories
- Content Types
- Reputation
- Signatures & IPS
- ML and Adv. Analysis
URL Security Categories
Reduce the attack surface with policy to control access to sanctioned, sanctioned SaaS
applications URL and categories.
Content Types
Identify and prevent access to potentially dangerous content, such as dangerous file
types.
Reputation
Block known malicious sites, IPs, URLs through IOC exchange with industry peers, Cloud
Effect, Threat Research, and PageRisk
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Cyber security Services Chapter 6 EXAMINATION. and more Exams Computer Science in PDF only on Docsity!

EXAMINATION.

This broad spectrum of services is what comprised Advanced Threat Protection: (5)

  • URL Security Categories
  • Content Types
  • Reputation
  • Signatures & IPS
  • ML and Adv. Analysis URL Security Categories Reduce the attack surface with policy to control access to sanctioned, sanctioned SaaS applications URL and categories. Content Types Identify and prevent access to potentially dangerous content, such as dangerous file types. Reputation Block known malicious sites, IPs, URLs through IOC exchange with industry peers, Cloud Effect, Threat Research, and PageRisk

EXAMINATION.

Signatures & IPS Signatures based protection in Advanced Threat Protection, Cloud IPS and multi-scan AV engines. ML and Adv. Analysis Machine Learning based analysis of page content and transactions to detect anomalies and new attacks. There are three domain approaches to implement when it comes to domain defense, they are:

  • Newly Registered domains
  • Newly Observed domains
  • Newly revived domains Newly Registered domains are domains that were registered within the last 24 hours. Newly Observed domains covers where domains are brought up for an attack and actually closed within a few hours. So, 24 hours is not short enough for us to capture those domains, which is why we

EXAMINATION.

is essentially command and control. Any infrastructure that an adversary sets up to serve command and control is called a botnet. You can block command and controlled servers and you can block command and control traffic. With the command and control server, it blocks connections to known command and controlled servers. Zscaler ThreatLabz where they're constantly analyzing malware and how it is communicating. Cloud Sandbox where these malicious files are detonated in a sandbox environment. Here they are closely observed for what kind of servers they're establishing command and control channels to and then using the Cloud Effect, we deliver all of that intelligence through Advanced Threat Protection to all customers instantaneously (even a customer who does not have advanced Cloud Sandbox still gets this intelligence via another customer who may have actually downloaded a sample in advanced Cloud Sandbox) Phishing protection could be for known or suspected phishing sites, where unknown phishing sites are blocked using AI / ML. Malicious active content and server-side vulnerabilities. These could be: (4)

EXAMINATION.

● Malicious content and sites. ● Malicious ActiveX controls ● Browser exploits ● File format vulnerabilities. Cross-site scripting protection Where we can block a web server that has vulnerabilities that allow malicious threat actors to inject code into the site Anonymizer Sites that allow users to surf the internet or send email anonymously by providing proxy bypass functionality or information or instructions P2P Many very resourceful users can also use P2P anonymizers like Tor and file sharing like (BitTorrent). These are all very evasive software connections where users even attempting to use without approval are heavily and quite appropriately scrutinized by security operations teams.

EXAMINATION.

  1. Attack surface
  2. Initial compromise
  3. Lateral movement
  4. Stop data loss What framework breaks down 12 different stages of an attack? MITRA ATT&CK framework To prevent initial compromise we have a lot of our ZIA capabilities around: (4)
  • secure web gateway
  • IPS
  • Cloud Sandbox
  • Cloud Browser Isolation. To stop data loss, we have our data protection capabilities around: (3)
  • cloud DLP
  • cloud CASB
  • Workload protection

EXAMINATION.

3 elements to mapping out the right approach to stopping attacks: *

  1. platform approach/adaptive platform
  2. automated and integrated platform
  3. layered defense platform approach It means a platform that is scalable, that can inspect SSL at scale for all your users, without you having to worry about how much of the traffic can you decrypt. It has to be a platform that supports APIs where you can signal into the platform and signal out of the platform PageRisk is a proprietary technology that we have built, which dynamically in-line calculates different risk attributes of any given website on the world wide web Zero Trust Exchange prevents cyber attacks by doing the following: (4)
  4. Reduce attack surface
  5. Stop initial compromise
  6. Stop lateral movement

EXAMINATION.

Prevent data loss

  • cloud sandbox
  • secure web gateway
  • browser isolation
  • DLP (data at rest AND in motion) Advanced Threat Protection Ad vanced Threat Protection is one of the key capabilities of Zscaler’s Secure Web Gateway portfolio within ZscalerInternet Access (ZIA). It protects users going out to the internet against common attacks such as phishing. Cobalt Strike a common open-source tool called Cobalt Strike which has often been used by adversaries to create different levels of command and control traffic. Advanced threat protection can block this command