Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2 > CySA+ 1 Study Notes > Flashcards

CySA+ 1 Study Notes Flashcards

1
Q

1) Notify vendor of vulnerability
2) Provide vendor reasonable time to create patch
3) Disclose vulnerability publicly

A

Process when discovering new vulnerabilties :

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1) Develop list of threats
2) Assess threats based on likelihood
3) Assess threats based on impact
4) Create Threat register

A

Threat Analysis :

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

set of activities an org. takes to educate itself about changes in cybersecurity threat landscape and adapt security controls based on that info.

security websites, news media, social media, govt. sponsored security analysis centers, security researchers, etc …

A

Threat Intelligence / Open-Source intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

search web for valid email addresses at targets domain and use those addresses to send out phishing attacks …

A

Email Harvesting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

??? how promptly is threat intelligence delivered?

??? is data correct?

??? is the provider consistent ?

A

Timeliness / Accuracy / Reliability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(1) Requirements : determines needed info.
(2) Collection : gathers info meetings requirements.
(3) Analysis : Creates intelligence from info.
(4) Dissemination : shares analyzed intelligence.
(5) Feedback : identifies improvements.

A

Intelligence Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

??? standard language used to communicate security info between systems and org.’s.

??? set of services that share security info between systems and org.’s, provides technical framework for providing messages written in STIX language.

??? describes and shares security threat info.

A

STIX / TAXII / OpenIOC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

bring together cybersecurity teams from competing org.’s to help share industry info in a confidential way.

A

ISAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

??? identify potentially malicious actors based on their use of IP address, email address, domains, etc that were previously used in attacks.

??? identify potentially malicious actors based upon similarity of their behaviors to past attackers.

A

Reputational Threat Research / Behavioral Threat Research

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

??? use asset inventory as basis for analysis.

??? identify how specific threats may affect each info system.

??? identify impact of various threats on a specific service.

A

Asset Focus / Threat Focus / Service Focus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2 (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions