CompTIA CySA+ CS0-003 Deck 7 Flashcards
Learn key concepts found in the CompTIA CySA+ CS0-003 Exam.
What provides direction and focus, enabling organizations to achieve strategic goals and objectives?
Action Plans
What is released by developers and often represents the first line of defense against the exploitation of software vulnerabilities?
Security Patches
(IRP)
Incident Response Plans
(IRP) Incident Response Plans
Specific procedures that must be performed if a certain type of event is detected or reported.
Playbooks
A checklist of actions to perform to detect and respond to a specific type of incident.
Tabletop Exercise
A discussion of simulated emergency situations and security incidents.
(LLR)
Lessons Learned Report
(LLR) Lessons Learned Report
An analysis of events that can provide insight into how to improve response and support processes in the future.
(BC)
Business Continuity
(BC) Business Continuity
A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
(DR)
Disaster Recovery
(DR) Disaster Recovery
A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
What is the first step in the incident response process?
Preparation (Planning)
Digital Forensics
The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.
Chain of Custody
Record of evidence-handling from collection to presentation in court to disposal.
Legal Hold
A process designed to preserve all relevant information when litigation is reasonably expected to occur.
e-Discovery
Procedures and tools to collect, preserve, and analyze digital evidence.
What is the last step of the digital forensics process?
Reporting
This refers to direct costs incurred because of an incident, such as downtime, asset damage, fees, penalties, and other costs.
Immediate impact
Data Exfiltration
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
What describes any individual, group, or organization that can affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome relating to an incident?
Stakeholders
Executive Summary
A part of the written report that is a high-level and concise overview of the penetration test, its findings, and their impact.
Timeline
In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.
Root Cause Analysis
A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.
Lessons learned (IR)
Sessions held at the end of a project or phase in which you discuss and document areas for improvement and capture lessons learned for use in future projects.
A _________________ __________________ provides a brief overview of the document, including the purpose, key points, and conclusion.
Executive summary
The “interrogative words,” also known as the “5W’s.”
Who, what, where, when, and why
What describes the assessment of the potential impact of an incident?
Scope
A widely used protocol analyzer.
Wireshark
A command-line packet sniffing utility.
tcpdump
(EDR)
Endpoint Detection and Response
(EDR) Endpoint Detection and Response
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
Sandboxing
A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.
Kill Chain
A model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.
Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents.
Open Source Security Testing Methodology Manual
Developed by the Institute for Security and Open Methodologies (ISECOM), this manual outlines every area of an organization that needs testing and goes into details about how to conduct the relevant tests.
What is the second phase of the cyber kill chain?
Weaponization
(OS)
Operating System
What is Zero Trust?
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
What are the Core Principles of the Zero Trust Model?
The Zero Trust model (based on NIST 800-207) includes the following core principles:
1.) Continuous verification. Always verify access, all the time, for all resources.
2.) Limit the “blast radius.” Minimize impact if an external or insider breach occurs.
3.)Automate context collection and response. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload, etc..) for the most accurate
