CompTIA CySA+ CS0-003 Deck 7

Question 1

What provides direction and focus, enabling organizations to achieve strategic goals and objectives?

Answer 1

Action Plans

Question 2

What is released by developers and often represents the first line of defense against the exploitation of software vulnerabilities?

Answer 2

Security Patches

Question 3

(IRP)

Answer 3

Incident Response Plans

Question 4

(IRP) Incident Response Plans

Answer 4

Specific procedures that must be performed if a certain type of event is detected or reported.

Question 5

Playbooks

Answer 5

A checklist of actions to perform to detect and respond to a specific type of incident.

Question 6

Tabletop Exercise

Answer 6

A discussion of simulated emergency situations and security incidents.

Question 7

(LLR)

Answer 7

Lessons Learned Report

Question 8

(LLR) Lessons Learned Report

Answer 8

An analysis of events that can provide insight into how to improve response and support processes in the future.

Question 9

(BC)

Answer 9

Business Continuity

Question 10

(BC) Business Continuity

Answer 10

A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.

Question 11

(DR)

Answer 11

Disaster Recovery

Question 12

(DR) Disaster Recovery

Answer 12

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Question 13

What is the first step in the incident response process?

Answer 13

Preparation (Planning)

Question 14

Digital Forensics

Answer 14

The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

Question 15

Chain of Custody

Answer 15

Record of evidence-handling from collection to presentation in court to disposal.

Question 16

Legal Hold

Answer 16

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

Question 17

e-Discovery

Answer 17

Procedures and tools to collect, preserve, and analyze digital evidence.

Question 18

What is the last step of the digital forensics process?

Answer 18

Reporting

Question 19

This refers to direct costs incurred because of an incident, such as downtime, asset damage, fees, penalties, and other costs.

Answer 19

Immediate impact

Question 20

Data Exfiltration

Answer 20

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Question 21

What describes any individual, group, or organization that can affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome relating to an incident?

Answer 21

Stakeholders

Question 22

Executive Summary

Answer 22

A part of the written report that is a high-level and concise overview of the penetration test, its findings, and their impact.

Question 23

Timeline

Answer 23

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Question 24

Root Cause Analysis

Answer 24

A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.

Question 25

Lessons learned (IR)

Answer 25

Sessions held at the end of a project or phase in which you discuss and document areas for improvement and capture lessons learned for use in future projects.

Question 26

A _________________ __________________ provides a brief overview of the document, including the purpose, key points, and conclusion.

Answer 26

Executive summary

Question 27

The “interrogative words,” also known as the “5W’s.”

Answer 27

Who, what, where, when, and why

Question 28

What describes the assessment of the potential impact of an incident?

Answer 28

Scope

Question 29

A widely used protocol analyzer.

Answer 29

Wireshark

Question 30

A command-line packet sniffing utility.

Answer 30

tcpdump

Question 31

(EDR)

Answer 31

Endpoint Detection and Response

Question 32

(EDR) Endpoint Detection and Response

Answer 32

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Question 33

Sandboxing

Answer 33

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.

Question 34

Kill Chain

Answer 34

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.

Question 35

Diamond Model of Intrusion Analysis

Answer 35

A framework for analyzing cybersecurity incidents.

Question 36

Open Source Security Testing Methodology Manual

Answer 36

Developed by the Institute for Security and Open Methodologies (ISECOM), this manual outlines every area of an organization that needs testing and goes into details about how to conduct the relevant tests.

Question 37

What is the second phase of the cyber kill chain?

Answer 37

Weaponization

Question 38

(OS)

Answer 38

Operating System

Question 39

What is Zero Trust?

Answer 39

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Question 40

What are the Core Principles of the Zero Trust Model?

Answer 40

The Zero Trust model (based on NIST 800-207) includes the following core principles:

1.) Continuous verification. Always verify access, all the time, for all resources.

2.) Limit the “blast radius.” Minimize impact if an external or insider breach occurs.

3.)Automate context collection and response. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload, etc..) for the most accurate