CompTIA CySA+ CS0-003 Deck 3 Flashcards
Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.
(TTPs) Tactics, Techniques, and Procedures
TTPs are the methods used to conduct an action, such as performing an attack, and can be beneficial when attempting to ascertain attack patterns.
(UEBA) User and Entity Behavior Analytics
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
MITRE (ATT&CK) Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.
Reconnaissance
The actions taken to gather information about an individual or organization’s computer systems and software. This typically involves collecting information such as the types of systems and software used, user account information, data types, and network configuration.
(OSINT) Open-Source Intelligence
Publicly available information plus the tools used to aggregate and search it.
Dark Web
Resources on the Internet that are distributed between anonymized nodes and protected from general access by multiple layers of encryption and routing.
(ISACs) Information Sharing and Analysis Centers
A not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.
Threat Hunting
A cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.
Cyber Threat Intelligence
The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.
Lateral Movement
The process by which an attacker is able to move from one part of a computing environment to another.
(IoAs) Indicators Of Attack
Signs or clues indicating a malicious attack on a system or network is currently occurring. These include, but are not limited to, unusual network traffic, strange log file entries, or suspicious user account activity.
Crowdsourced
A process in which a large group of individuals, usually from the public, are asked to contribute to a project or task. It often involves the collection of ideas, information, opinions, or feedback from a wide range of people, typically through an online platform.
(MSSP) Managed Security Service Providers
A third-party provision of security configuration and monitoring as an outsourced service.
(IoCs) Indicators Of Compromise
A sign that an asset or network has been attacked or is currently under attack.
Privileged User Account
A user account with elevated access to a system and that is granted additional permissions that other user accounts do not have. These additional permissions allow privileged users to perform administrative tasks and access sensitive data.