Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CySA+ExamStudyGuideQuizwithCorrect Answers. DNS Sinkhole - > Provide a response to a DNS query that does not resolve the IP address.. Instead targets the addresses for known malicious domains Role-Based access control (RBAC) - > grants permissions based on a user's role or group. Reverse Engineering - > the process of decontructing something in order to discover its features and constituents Banner grabbing - > used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.
Typology: Exams
1 / 12
DNS Sinkhole - > Provide a response to a DNS query that does not resolve the IP address.. Instead targets the addresses for known malicious domains Role-Based access control (RBAC) - > grants permissions based on a user's role or group. Reverse Engineering - > the process of decontructing something in order to discover its features and constituents Banner grabbing - > used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network. Cross-site scripting XSS - > a vulnerability in a web application that allows malicious users to execute arbitrary client side scripts. Forensic Acquisition - > The process of extracting the digital contents from seized evidence so that they may be analyzed Fuzzing - > techniqued used to discover flaws and vulnerabilities in software by sending large amounts of malformed, unexpected, or random data to the target programs in order to trigger failures Netstat - > command-line interface tool that provides information on the status of network connections and listening sockets Input validation - > an approach to protecting systems from abnormal user input by testing the data provided against appropriate values. (cha p 14) Interception Proxy - > is a software tool that is inserted between two endpoints usually on the same network. to monitor traffic and help with security testing.
SQL injection - > A code injection technique that exploits security vulnerabilities in the DB layer of an application. Application Programing Interface - > a set of subroutine definitions, protocols, and tools for building software. In general terms, it is a set of clearly defined methods of communication between various components. types of NAC policy? - > 1. location based 2 time based 3 Role Based 4 rule based a padded cell - > performs intrusion isolation
Cyber-security Framework - > divided in to three components:
Three security controls according to Comptia - > 1. Administrative
FIPS 200 and NIST Special Pub 800 - 53 - > approves cryptographic modules three common SDLC Lifecycles - > 1. Waterfall
Service Level Agreement - > may specify maximum downtime periods or the minimum uptime guarantees generally for a service such as IaaS Virtual Machines Social media profiling - > A hacker could use Facebook to exploit a company or its customers, employees or followers. What is this method of hacking called? Azure - > Microsoft tool for enforcing Data Execution Protection and other anti-malware CPU features Blackhole VS. Sinkhole - > a blackhole simply drops traffic while a sinkhole routes traffic to a different network Blackhole - > Drops traffic Sinkhole - > routes traffic to a different network Dictionary attack - > attempt to match the hash to a common dictionary word Compile word lists from data known about the target Password dumps show that millions of users choose the same unsecure words or phrases (123456) Rainbow tables speed this up by precomputing hashes Schneir's Law - > A system architect is not necessarily best placed to assert the robustness of the security system they designed. Penetration is a different skillset and area of expertise to design so scrutiny that is independent of the architecture team is usually advisable. How do you run a specific Nmap script or category of scripts? - > --script argument with the script name or path or category name Dranzer - > tool that enables uses to examine effective techiques for fuzz testing ActiveX controls https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=
Packet Injection - > Using software to write packets directly to the network stream, often to spoof or disrupt legitimate traffic. Wise Betetch Device - > High-end workstation required to process image files. Connectivity for different drive adapter types plus associated cables High capacity disk or SAN for evidence storage Sanitized removable media Hardened security configuration (no or highly restricted Internet access) Image acquisition appliances. Best means of protecting session cookies - > 1. Use encrypted HTTPS only
ARP spooling , ARP cache poising routing, or ARP poison routing. - > is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. ... ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. What is the principal challenge in scanning UDP ports for vulnerabilities. - > UDP does not send ACK messages so the scan must use timeouts to interpret the port state. This makes scanning a wide range of UDP ports a lengthy process Snort - > Your company is looking for a tool that could be used for network intrusion detection. Which of the following tools is used for that purpose? Armitage - > helps security professions better understand hacking and help them realize the power and potential of Metasploit. Rooting - > the process of gaining "root access" to a device. This is generally performed on Android devices, but rooting can also occur on other devices based on Linux, such as Nokia's now-retired Symbian operating system. Horozontal brute force attack - > Selecting obvious password and attempting to crack them using multiple usernames 5 scope of impact factors governing incident prioritization - > 1. Recovery Time
Three parts of the NIST Cybersecurity Framework - > 1.Frame work profiles
Cyber Security Framework (CSF) EO 13636 - > calls for the development of a voluntary cybersecurity framework for organizations that are a part of the critical infrastructure. composed of :
site: - > this operator will restrict the search results to the specific domain or site for your target network or organization. Trusted foundry - > a hardware manufacturer that produces trusted hardware that is not considered conterfeit or has not been tampered with. Next Generation Firewall - > includes not only feature of other firewalls, but also advanced features such as AD integration, IDS/IPS functions, proxy server functions, whitelisting, and many other features. heuristic analysis - > looks at how a piece of code behaves in its environment to determine whether or not it is malicious SCAP - > the standardized format for vulnerabilities, exposures, compliance, and other security-related data. a low and slow approach - > used to ex filtrate data during periods of high bandwidth usage. TCP PORT 514 - > check to see if this is open on the firewall if you are having problems colecting logs using sysdogd. ISO/IEC 27002:2013 - > Provides guidelines for organizational information, security standards, and information security management practices, including the selection, implementation, and management of controls, taking into consideration the organization's information security risk environment. Authenticated scan - > requires credentials. you must be authenticated to a host in order for the scan to properly work.
ISO/IEC 27001 - > addresses vulnerability management under control number A.12.6. permit tcp any host 10.1.1.5 host 172.16.1.5 eq ssh - > acl entry that allows traffic from 10.1.1.5 to 172.16.1.5 on port 22 a federal statute requireing that data be protected to a certain level. - > an example of the regulatory environment affecting any information security management program.