CompTIA CySA+ CS0-003 Deck 7 Flashcards

Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.

1
Q

What provides direction and focus, enabling organizations to achieve strategic goals and objectives?

A

Action Plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is released by developers and often represents the first line of defense against the exploitation of software vulnerabilities?

A

Security Patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(IRP)

A

Incident Response Plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(IRP) Incident Response Plans

A

Specific procedures that must be performed if a certain type of event is detected or reported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Playbooks

A

A checklist of actions to perform to detect and respond to a specific type of incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tabletop Exercise

A

A discussion of simulated emergency situations and security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

(LLR)

A

Lessons Learned Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(LLR) Lessons Learned Report

A

An analysis of events that can provide insight into how to improve response and support processes in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(BC)

A

Business Continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

(BC) Business Continuity

A

A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

(DR)

A

Disaster Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

(DR) Disaster Recovery

A

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the first step in the incident response process?

A

Preparation (Planning)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Digital Forensics

A

The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Chain of Custody

A

Record of evidence-handling from collection to presentation in court to disposal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Legal Hold

A

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

e-Discovery

A

Procedures and tools to collect, preserve, and analyze digital evidence.

18
Q

What is the last step of the digital forensics process?

A

Reporting

19
Q

This refers to direct costs incurred because of an incident, such as downtime, asset damage, fees, penalties, and other costs.

A

Immediate impact

20
Q

Data Exfiltration

A

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

21
Q

What describes any individual, group, or organization that can affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome relating to an incident?

A

Stakeholders

22
Q

Executive Summary

A

A part of the written report that is a high-level and concise overview of the penetration test, its findings, and their impact.

23
Q

Timeline

A

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

24
Q

Root Cause Analysis

A

A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.

25
Q

Lessons learned (IR)

A

Sessions held at the end of a project or phase in which you discuss and document areas for improvement and capture lessons learned for use in future projects.

26
Q

A _________________ __________________ provides a brief overview of the document, including the purpose, key points, and conclusion.

A

Executive summary

27
Q

The “interrogative words,” also known as the “5W’s.”

A

Who, what, where, when, and why

28
Q

What describes the assessment of the potential impact of an incident?

A

Scope

29
Q

A widely used protocol analyzer.

A

Wireshark

30
Q

A command-line packet sniffing utility.

A

tcpdump

31
Q

(EDR)

A

Endpoint Detection and Response

32
Q

(EDR) Endpoint Detection and Response

A

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

33
Q

Sandboxing

A

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.

34
Q

Kill Chain

A

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.

35
Q

Diamond Model of Intrusion Analysis

A

A framework for analyzing cybersecurity incidents.

36
Q

Open Source Security Testing Methodology Manual

A

Developed by the Institute for Security and Open Methodologies (ISECOM), this manual outlines every area of an organization that needs testing and goes into details about how to conduct the relevant tests.

37
Q

What is the second phase of the cyber kill chain?

A

Weaponization

38
Q

(OS)

A

Operating System

39
Q

What is Zero Trust?

A

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

40
Q

What are the Core Principles of the Zero Trust Model?

A

The Zero Trust model (based on NIST 800-207) includes the following core principles:

1.) Continuous verification. Always verify access, all the time, for all resources.

2.) Limit the “blast radius.” Minimize impact if an external or insider breach occurs.

3.)Automate context collection and response. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload, etc..) for the most accurate