CompTIA CySA+ CS0-003 Deck 2

Question 1

On-Premises

Answer 1

Software or services installed and managed on a customer’s computing infrastructure rather than in the cloud or hosted by a third-party provider.

Question 2

(SaaS) Software As A Service

Answer 2

Cloud service model that provisions fully developed application services to users.

Question 3

Software Repository

Answer 3

A centralized storage location for software packages.

Question 4

Footprint

Answer 4

An attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack.

Question 5

Change Management

Answer 5

Process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.

Question 6

Nation-States

Answer 6

A type of threat actor that is supported by the resources of its host country’s military and security services.

Question 7

Organized Crime

Answer 7

A type of threat actor that uses hacking and computer fraud for commercial gain.

Question 8

Hacktivist

Answer 8

A threat actor that is motivated by a social issue or political cause.

Question 9

Insider Threat

Answer 9

Type of threat actor who is assigned privileges on the system and causes an intentional or unintentional incident.

Question 9

Script Kiddie

Answer 9

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Question 10

(APT) Advanced Persistent Threat

Answer 10

Threat actors with the ability to craft novel exploits and techniques to obtain, maintain, and diversify unauthorized access to network systems over a long period.

Question 11

Virus

Answer 11

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

Question 12

Trojan

Answer 12

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.

Question 13

(C&C or C2) Command and Control

Answer 13

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

Question 14

Exploits

Answer 14

A specific method by which malware code infects a target host, often via some vulnerability in a software process.

Question 15

Metasploit

Answer 15

A platform for launching modularized attacks against known software vulnerabilities.

Question 16

Persistence

Answer 16

In cybersecurity, the ability of a threat actor to maintain covert access to a target host or network.

Question 17

AAA

Answer 17

Authentication, Authorization, and Accounting

Question 18

Asset

Answer 18

An item of value to stakeholders/organization. An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation). The value of an asset is determined by stakeholders in consideration of loss concerns across the entire system life cycle. Such concerns include but are not limited to business or mission concerns.

Question 19

Stakeholder

Answer 19

Individual, team, organization, or classes thereof, having a right, share, claim, or interest in a system or in its possession of characteristics that meet their needs and expectations.

Question 20

SOA

Answer 20

Start of Authority

Question 21

STIX

Answer 21

(OASIS) Structured Threat Information Expression

Question 22

TAXII

Answer 22

(OASIS) Trusted Automated Exchange of Indicator Information

Question 23

DNS

Answer 23

Domain Name System

Question 24

Honeypots

Answer 24

A honeypot is a cybersecurity mechanism that uses a manufactured attack target to lure cybercriminals away from legitimate targets. They also gather intelligence about the identity, methods and motivations of adversaries.