CompTIA CySA+ CS0-003 Deck 6 Flashcards
Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.
(ISO)
International Organization for Standardization
(ISO) International Organization for Standardization
Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27K series) and risk management (31K series).
(OWASP)
Open Web Application Security Project
(OWASP) Open Web Application Security Project
A charity and community publishing a number of secure application development resources.
(CIS)
Center for Internet Security
(CIS) Center for Internet Security
A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations).
(PCI DSS)
Payment Card Industry Data Security Standard
(PCI DSS) Payment Card Industry Data Security Standard
Information security standard for organizations that process credit or bank card payments.
What is the name of the document designed to demonstrate an organization’s compliance with PCI DSS requirements?
Attestation of Compliance
Vulnerability Scanner
Hardware or software configured with a list of known weaknesses and exploits and can scan for their presence in a host OS or particular application.
Fingerprinting
Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.
Static Analysis
The process of reviewing uncompiled source code either manually or using automated tools.
Dynamic Analysis
Software testing that examines code behavior during runtime. It helps identify potential security issues, potential performance issues, and other problems.
Fuzzing
A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.
Reverse Engineering
The process of analyzing the structure of hardware or software to reveal more about how it functions.
What type of scanning describes indirect methods of assessment, such as inspecting traffic flows and protocols?
Passive Scanning
______________describes the effort taken to more specifically identify details about a device.
Fingerprinting
A configuration ____________details the recommended settings for services and policy configuration for a device or software operating in a specific role.
Baseline
Segmentation
Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped.
(OT)
Operational technology
(OT) Operational technology
Communications network designed to implement an industrial control system rather than data networking.