CySA+ 100 Flashcards
(100 cards)
1
Q
What are the three key objectives of information security?
A
Confidentiality, integrity, and availability (CIA)
2
Q
Risk exists at the intersection of _______ and _________.
A
Threats and vulnerabilities.
3
Q
What is the overall risk rating for a risk that has medium likelihood and high impact?
A
High
4
Q
What type of system controls access to a network based on criteria such as time of day, location, device type, and system health?
A
Network access control (NAC)
5
Q
What are the three networks typically connected to a triple-homed firewall?
A
The Internet, an internal network, and a DMZ
6
Q
What is the TCP port for the HTTP protocol?
A
80
7
Q
What is the TCP port for the HTTPS protocol?
A
443
8
Q
What are the four types of firewalls?
A
Packet filters, stateful inspection firewalls, next-generation firewalls, and web application firewalls.
9
Q
______ may be used to apply settings to many different Windows systems at the same time.
A
Group Policy Objects (GPOs)
10
Q
What are the four phases of penetration testing?
A
Planning, Discovery, Attack, and Reporting
11
Q
What type of software can you use to enumerate the services that are accepting network connections on a remote system without probing that system for vulnerabilities?
A
Port scanner
12
Q
What is the range of well-known ports?
A
0–1023
13
Q
What is the range of registered ports?
A
1024–49151
14
Q
What is the most commonly used port scanner?
A
nmap
15
Q
What Cisco logging level indicates a critical event?
A
2
16
Q
What service is responsible for resolving domain names to IP addresses?
A
DNS
17
Q
What tool can be used to determine the path between two systems over the Internet?
A
Traceroute or tracert, depending on the operating system
18
Q
What service allows you to look up the registered owner of a domain name?
A
whois
19
Q
What type of data analysis looks for differences from expected behaviors?
A
Anomaly analysis
20
Q
What type of data analysis predicts threats based on existing data?
A
Trend analysis
21
Q
What regulation requires vulnerability scans for organizations involved in credit card processing?
A
PCI DSS
22
Q
What regulation requires vulnerability scanning for federal government agencies?
A
FISMA
23
Q
What type of vulnerability scan leverages read-only access to the scan target?
A
Credentialed scan
24
Q
What term is used to describe an organization’s willingness to tolerate risk?
A
Risk appetite
25
What type of account should be used to perform credentialed vulnerability scans?
Read-only account
26
What function is performed by QualysGuard, Nessus, Nexpose, and OpenVAS?
Vulnerability scanning
27
What is the purpose of Nikto and Acunetix?
Web application scanning
28
What criteria should be used in prioritizing the remediation of vulnerabilities?
Criticality, difficulty, severity, and exposure
29
What industry-standard system is used to assess the severity of security vulnerabilities?
CVSS
30
What are the CVSS score ranges?
Under 4.0 is low, 4.0–5.9 is medium, 6.0–9.9 is high, and 10.0 is critical.
31
What is the term used to describe when a scanner reports a vulnerability that does not really exist?
False positive
32
What type of vulnerability allows an attacker to place more data into an area of memory than is allocated for a specific purpose?
Buffer overflow
33
What type of attack seeks to increase the level of access that an attacker has to a targeted system?
Privilege escalation
34
What type of attack allows an attacker to run software of his or her choice on the targeted system?
Arbitrary code execution
35
What is the current secure standard for providing HTTPS encryption?
TLS 1.2 or later
36
In what type of attack does the attacker sends spoofed DNS requests to a DNS server that are carefully designed to elicit responses that are much larger in size than the original requests?
DNS amplification
37
What term is used to describe any observable occurrence in a system or network that relates to a security function?
Security event
38
What term is used to describe a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices?
Security incident
39
What are the phases of incident response?
Preparation; Detection & Analysis; Containment, Eradication, & Recovery; and Post-Incident Activity
40
What type of documents provide the detailed, tactical information that CSIRT members need when responding to an incident?
Procedures
41
What document serves as the cornerstone of an organization’s incident response program?
Incident Response Policy
42
What type of threat consists of highly skilled and talented attackers focused on a specific objective?
Advanced Persistent Threat (APT)
43
What are the types of impact used to describe the scope of a security incident?
Functional impact, economic impact, and recoverability effort
44
What are the common attack vectors for security incidents?
Common attack vectors for security incidents include external/removable media, attrition, the web, email, impersonation, improper usage, loss or theft of equipment, and other/unknown sources.
45
What Linux command displays processes, memory utilization, and other detail about running programs?
top or ps
46
What term is used to describe traffic sent to a command and control system by a PC that is part of a botnet?
Beaconing
47
What Windows tool provides information on memory, CPU, and disk use?
Perfmon
48
What protocol is used to gather information about and manage network devices?
SNMP
49
What Linux command allows you to list the files that are open by processes on a system?
lsof
50
What type of information is found in network flow data?
Flow data provides information about the source and destination IP address, protocol, and total data sent.
51
What protocol is used to ensure that all security devices on a network have synchronized clocks?
NTP
52
What tool can administrators use to determine the maximum bandwidth available on a network connection?
iPerf
53
What is the purpose of FTK, EnCase, SIFT, and the Sleuth Kit (TSK)?
Forensic toolkits
54
What type of device is designed to copy drives for forensic investigation, and then provide validation that the original drive and the content of the new drive match?
Forensic drive duplicator
55
Where can forensic analysts turn to find point-in-time information from prior actions on a Windows system?
Volume shadow copies
56
Where can forensic analysts turn to find information about logins, service start/stop events, and evidence of applications being run on a Windows system?
Event logs
57
What Linux utility is commonly used to clone drives in RAW format?
dd
58
What type of device can ensure that attaching a drive to a forensic copy device or workstation does not result in modifications being made to drive, thus destroying the forensic integrity of the process?
Write blocker
59
What Linux kernel modules allow forensic access to physical memory?
fmem and LiME
60
What tool provides a list of USB devices that have been connected to a Windows system?
USB Historian
61
What is the first action that incident responders should take after identifying a potential incident?
Contain the damage
62
Network segmentation, isolation, and removal of affected systems are examples of ___________ strategies
Containment
63
Once responders have contained the damage caused by an incident they should move on to __________ and ________ steps.
Eradication and recovery
64
At the conclusion of a cybersecurity incident response effort, CSIRT members should conduct a formal ____________ session.
Lessons learned
65
What activities should always occur to validate an incident recovery effort?
Verify user accounts, verify permissions, verify logging, and conduct vulnerability scans.
66
What are the three options available for the secure disposition of media containing sensitive information?
Clear, purge, and destroy
67
What is the focus of the recovery phase of incident response?
Restoring normal operations
68
____________ is a time-consuming investigative task that often distracts incident responders and results in dead ends.
Identifying the attackers
69
________ are high-level statements of management intent.
Policies
70
_______ outline what information the organization will maintain and the length of time different categories of information will be retained prior to destruction.
Data retention policies
71
________ provide mandatory requirements describing how an organization will carry out its information security policies.
Standards
72
__________ are detailed, step-by-step processes that individuals and organizations must follow in specific circumstances.
Procedures
73
_________ provide best practices and recommendations related to a given concept, technology, or task.
Guidelines
74
Many exception processes require the use of ___________________ to mitigate the risk associated with exceptions to security standards.
Compensating controls
75
What law includes security and privacy rules for protected health information?
HIPAA
76
What law applies to the financial records of publicly traded companies?
Sarbanes–Oxley
77
__________ provides the same level of protection to all systems or networks.
Uniform protection
78
What type of controls include firewalls, intrusion detection and prevention systems, network segmentation, and authentication and authorization systems?
Technical (or logical) controls
79
What type of controls involve processes and procedures like those found in incident response plans, account creation and management, as well as awareness and training efforts?
Administrative (or managerial) controls
80
What type of controls include locks, fences, and other controls that control or limit physical access, as well as controls like fire extinguishers that can help to prevent harm to property?
Physical controls
81
_____________ are intended to stop an incident from occurring by taking proactive measures to stop the threat
Preventive controls
82
A _______ is often used when services or systems need to be exposed to lower trust areas
DMZ
83
___________ is important to ensure continuity for roles, regardless of the reason a person leaves your organization.
Succession planning
84
What are the three types of views that can commonly be taken to review a security architecture design?
Operational views, technical views, and logical views
85
What term is used to describe the set of claims made about an individual or account holder that are made about one party to another party?
Identities
86
What are the three elements of the AAA framework?
Authentication, authorization, and accounting
87
What is the purpose of TACACS+, RADIUS, and Kerberos?
Authentication
88
What authorization standard is used by many websites to allow users to share elements of their identity or account information while authenticating via the original identity provider?
OAuth
89
In Kerberos, what type of ticket allows complete access to the Kerberos connected systems, including creation of new tickets, account changes, and even falsification of accounts or services?
Ticket Granting Ticket (TGT)
90
What service is the core identity store and AAA service in most Windows-centric organizations?
Active Directory
91
__________ is the steady accrual of additional rights over time as account owners change roles, positions, or responsibilities.
Privilege creep
92
What are the steps of the account life cycle?
Create account and set password; provision services; modify and maintain account; disable account; retire and deprovision account.
93
What are the stages of the software development life cycle?
Planning, Requirements, Design, Coding, Testing, Training and Transition, Ongoing Operations and Maintenance, End-of-Life Decommissioning
94
The _______ phase of the SDLC includes actual coding of the application.
Development
95
What are the three types of system environments commonly used in organizations?
Development, Test, and Production
96
In the _______ software development model, each phase follows sequentially and phases do not overlap.
Waterfall
97
The _______ software development model is an iterative and incremental process.
Agile
98
During the _______ phase of software development, security practitioners may be asked to participate in initial assessments or cost evaluations.
Feasibility
99
____________ is a form of structured, formal code review intended to find a variety of problems during the development process.
Fagan inspection
100
What testing technique involves sending invalid or random data to an application to test its ability to handle unexpected data?
Fuzz testing or fuzzing
