CompTIA CySA+ CS0-003 Deck 1

Question 1

Security Operations Centers (SOC)

Answer 1

The location where security professionals monitor and protect critical information assets in an organization.

Question 2

Risk avoidance

Answer 2

In risk mitigation, the practice of ceasing activity that presents risk.

Question 3

Risk acceptance

Answer 3

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

Question 4

Risk mitigation

Answer 4

The response of reducing risk to fit within an organization’s willingness to accept risk.

Question 5

Risk transference

Answer 5

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Question 6

Threat modeling

Answer 6

The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system.

Question 7

Technical Control

Answer 7

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Question 8

Operational Control

Answer 8

A category of security control that is implemented by people.

Question 9

Managerial Control

Answer 9

A category of security control that gives oversight of the information system.

Question 10

Preventative Control

Answer 10

A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.

Question 11

Detective Control

Answer 11

A type of security control that acts during an incident to identify or record that it is happening.

Question 12

Corrective Control

Answer 12

A type of security control that acts after an incident to eliminate or minimize its impact.

Question 13

Compensating Control

Answer 13

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Question 14

Responsive Control

Answer 14

A type of security control that serves to direct corrective actions after an incident has been confirmed.

Question 15

Threat Actor

Answer 15

Person or entity responsible for an event that has been identified as a security incident or as a risk.

Question 16

Attack Surface

Answer 16

The points at which a network or application receive external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Question 17

(NOC)

Answer 17

Network Operations Center

Question 18

What Is a Red Team?

Answer 18

A red team serves as the attacker in this simulation, using the same techniques and tools of hackers to evade detection and test the defense readiness of the internal security team.

Question 19

Cryptography

Answer 19

Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it.

Question 19

What is a blue team?

Answer 19

Blue teams are defensive security professionals responsible for maintaining internal network defenses against all cyber attacks and threats.

Question 20

Secret Key Cryptography

Answer 20

Secret key cryptography, also known as symmetric encryption, uses a single key to encrypt and decrypt a message. The sender encrypts the plaintext message using the key and sends it to the recipient who then uses the same key to decrypt it and unlock the original plaintext message.

Question 21

Public Key Cryptography

Answer 21

Public key cryptography (PKC), or asymmetric cryptography, uses mathematical functions to create codes that are exceptionally difficult to crack. It enables people to communicate securely over a non-secure communications channel without the need for a secret key. For example, proxy re-encryption enables a proxy entity to re-encrypt data from one public key to another without requiring access to the plaintext or private keys.

Question 22

Name the common (PKC) Public Key Cryptography?

Answer 22

1.) (RSA)
2.) (ECC)
3.) (DSA)
4.) (IBE)
5.) (PKCS)
6.) Diffie-Hellman and Key Exchange Algorithm

Question 23

How can you Minimize the risks associated with cryptography?

Answer 23

Organizations and individuals can minimize and mitigate cryptography-related threats with a dedicated electronic key management system from a reputable provider. The solution must use a hardware security module to generate and protect keys, and underpin the entire system’s security.

It needs to include features like full key management life cycle, strong key generation, strict policy-based controls, swift compromise detection, secure key destruction, strong user authentication, secure workflow management, and a secure audit and usage log. This will protect the organization’s keys, enhance efficiency, and ensure compliance with data and privacy regulations.

Another potential solution is cryptography quantum, whereby it is impossible to copy data encoded in a quantum state.

Question 24

What are the three types of cryptography?

Answer 24

1.) Secret key cryptography
2.) Public key cryptography
3.) Hash function cryptography

Question 25

What is an example of cryptography?

Answer 25

The Rivest-Shamir-Adleman (RSA) algorithm is widely used on the Internet. RSA uses a pair of keys to encrypt and decrypt information.