CySA+ Flashcards

Question 1

Q

Reaver

Answer

A

A specialized tool used to find WPA and WPA2 passphrases specifically on networks that support the Wi-Fi Protected Setup (WPS) feature.

Question 2

Q

Aircrack-ng

Answer

A

A suite of tools designed for wireless network testing. The tools in this suite can capture packets from wireless networks, conduct packet injection attacks, and crack preshared keys used on WEP, WPA, and WPA2 networks.

Question 3

Q

Hashcat

Answer

A

A general-purpose password cracking tool that may also be used on wireless networks.

Question 4

Q

CAN bus

Answer

A

Controller Area Network. A vehicle bus standard designed to allow microcontrollers and devices to communicate with each other’s applications without a host computer.

Question 5

Q

Common Platform Enumeration (CPE)

Answer

A

Provides a standard nomenclature for describing product names and versions.

Question 6

Q

Common Vulnerabilities and Exposures (CVE)

Answer

A

Provides a common nomenclature for describing security-related software flaws.

Question 7

Q

Common Vulnerability Scoring System (CVSS)

Answer

A

Provides a standardized approach for measuring and describing the severity of security-related software flaws.

Question 8

Q

FIPS 140-2

Answer

A

U.S. government standard that hardware security modules are certified against.

Question 9

Q

OpenFlow

Answer

A

Used to allow software-defined network (SDN) controllers to push changes to switches and routers, allowing flow control, network traffic partitioning, and testing of applications and configurations.

Question 10

Q

Host File

Answer

A

Used by operating systems to map a connection between an IP address and domain names before going to DNS.

Question 11

Q

Domain Generation Algorithm (DGA)

Answer

A

A program that generates a large list of domain names.

Question 12

Q

Register

Answer

A

A critical component of computer memory that stores data and instructions for quick processing. High volatility.

Question 13

Q

Cache

Answer

A

A chip-based computer component that makes retrieving data from the computer memory more efficient. High volatility.

Question 14

Q

Random Access Memory (RAM)

Answer

A

The hardware in a computing device where the operating system, application programs, and date in current use are kept so they can quickly be reached by the device’s processor.

Question 15

Q

Routing Table

Answer

A

A set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed.

Question 16

Q

ARP Cache

Answer

A

A collection of Address Resolution Protocol entries that are created when an IP address is resolved to a MAC address.

Question 17

Q

Process Table

Answer

A

Contains an entry for each process present in they system. Each entry contains several fields that stores all the information pertaining to a single process.

Question 18

Q

Temporary Swap File

Answer

A

A special type of file used by the computer’s operating system to manage memory. When the computer’s RAM is full of running programs and data, the operating system may use a portion of the computer’s storage (hard drive or SSD) as virtual memory.

Question 19

Q

Mandatory Access Control (MAC)

Answer

A

Rely on the operating system to control what subjects can access and what actions they can perform.

Question 20

Q

Virtual Private Cloud (VPC)

Answer

A

A secure, isolated cloud environment hosted within a public cloud.

Question 21

Q

Cloud Access Security Broker (CASB)

Answer

A

Software tool that serves as intermediaries between cloud services users and cloud service providers. The positioning allows them to monitor user activity and enforce policy requirements.

Question 22

Q

auth.log (Linux)

Answer

A

In Linux, serves the purpose of recording authentication-related events, including user logins, logouts, and authentication attempts, providing a centralized location for monitoring and troubleshooting security-related activities on a system.

Question 23

Q

Gramm-Leach-Billey Act (GLBA)

Answer

A

Covers financial institutions, broadly defined. It requires that those institutions have a formal security program and designate an individual as having overall responsibility for the program.

Question 24

Q

The Health Insurance Portability and Accountability Act (HIPPA)

Answer

A

Includes security and privacy rules that affect healthcare providers, health insurers, and health information clearinghouses.

Question 25

Q

The Family Educational Rights and Privacy Act (FERPA)

Answer

A

Requires the educational institutions implement security and privacy controls for student educational records.

Question 26

Q

The Sarbanes-Oxley (SOX) Act

Answer

A

Applies to the financial records of publicly traded companies and requires that those companies have a strong degree of assurance around the IT systems that store and process those records.

Question 27

Q

Payment Card Industry Data Security Standard (PCI DSS)

Answer

A

Provides detailed rules about the storage, processing, and transmission of credit and debit card information. A contractual obligation that applies to credit card merchants and service providers.

Question 28

Q

Trusted Foundry Program

Answer

A

Started by the U.S. government to validate microelectronic suppliers throughout the supply chain.

Question 29

Q

Fuzz Testing (Fuzzing)

Answer

A

Sending invalid or random data to an application to test its ability to handle unexpected data.

Question 30

Q

Fault Injection

Answer

A

Directly inserts faults into error handling paths, particularly error handling mechanisms that are rarely used or might be otherwise missed during normal testing.

Question 31

Q

Jump Box

Answer

A

A system that resides in a segmented environment and is used to access and manage the devices in the segment where it resides. Span two different security zones.

Question 32

Q

Out-of-Band (NAC)

Answer

A

Leverage existing network infrastructure to have network devices communicate with authentication servers and then reconfigure the network to grant or deny access as needed. Example 802.1x.

Question 33

Q

In-Band (NAC)

Answer

A

Use dedicated appliances that sit between devices and the resources that they wish to access. The deny or limit network access to devices that do not pass the authentication process.

Question 34

Q

Purpose Limitation

Answer

A

Information should only be used for the reason it was collected.

Question 35

Q

Information Technology Infrastructure Library (ITIL)

Answer

A

A framework that offers a comprehensive approach to IT services management (ITSM) within the modern enterprise. It covers five core activities: services strategy, service design, services transition, service operation, continual service improvement.

Question 36

Q

Control Objectives for Information and Related Technologies (COBIT)

Answer

A

A set of best practices for IT governance developed by the Information Systems Audit and Control Association (ISACA). It divides information technology into four domains: plan and organize, acquire and implement, deliver and support, monitor and evaluate.

Question 37

Q

Infrastructure as Code (IaC)

Answer

A

The process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. A major feature of all major IaaS environments (AWS, Microsoft Azure, and Google Cloud Platform).

Question 38

Q

File Transfer Protocol (FTP)

Answer

A

Provides the ability to transfer files between systems but does not incorporate security features.

Question 39

Q

Secure File Transfer Protocol (SFTP)/FTP-Secure

Answer

A

Secure methods to transfer files between systems.

Question 40

Q

-top (Linux)

Answer

A

Linux command that shows processes, their PID (process ID), the user who is executing the process, and the command used to start it. It also provides a real-time view of the memory usage for a system on a per-process basis.

Question 41

Q

-ps (Linux)

Answer

A

Linux command that provides information about processes and their CPU and memory utilization.

Question 42

Q

chmod (Linux)

Answer

A

Linux command that changes permissions of a file or directory. It allows you to control who can read, write, and execute a file.

Question 43

Q

Simple Network Management Protocol (SNMP)

Answer

A

A protocol for collecting information like status and performance about devices on a network.

Question 44

Q

-cat (Linux)

Answer

A

Linux command used to concatenate and display the contents of one or more files. It is often used to quickly view the contents of a file by printing them to the terminal.

Question 45

Q

Switched Port Analyzer (SPAN Port)

Answer

A

A dedicated port on a switch that takes a mirrored copy of network traffic from within the switch and sends it to another port for analysis.

Question 46

Q

Address Resolution Protocol (ARP)

Answer

A

The procedure for mapping a dynamic IP address to a permanent physical MAC address in a local area network (LAN).

Question 47

Q

lsof (Linux)

Answer

A

Linux command that lists open files and the processes that opened them.

Question 48

Q

The Wayback Machine

Answer

A

A digital archive of information on the internet that allows users to view historic versions of websites.

Question 49

Q

Common Platform Enumeration (CPE)

Answer

A

Provides common nomenclature for describing product names and versions.

Question 50

Q

Common Vulnerability Scoring System (CVSS)

Answer

A

Provides a standardized approach for measuring and describing the severity of security-related software flaws.

Question 51

Q

Open Vulnerability and Assessment Language (OVAL)

Answer

A

A language for specifying low-level testing procedures used by checklists.

Question 52

Q

-sV

Answer

A

A flag on Nmap used for version detection.

Question 53

Q

Banner Grabbing

Answer

A

The process of collecting information about a service by examining the details provided in its initial response, typically containing software and version information.

Question 54

Q

Border Gateway Protocol (BGP)

Answer

A

A set of rules that determines the best network routes for data transmissions on the internet.

Question 55

Q

Simple Mail Transfer Protocol (SMTP)

Answer

A

A TCP/IP protocol used in sending and receiving emails. Uses port 25.

Question 56

Q

/var

Answer

A

In Linux, a directory that is used to store variable data, such as log files, temporary files, and other data that may change during the normal operation of the system.

Question 57

Q

John the Ripper Modes

Answer

A

Incremental: The most powerful, tries all possible character combinations as defined by settings entered at the start.
Single Crack Mode: Tries to use login names with various modifications, good for initial testing.
External Mode: Relies on functions that are custom written to generate passwords. Useful in an organization has custom password policies.
Wordlist: Uses a dictionary file along with mangling rules to test for common passwords.

Question 58

Q

Acceptable Use Policy (AUP)

Answer

A

Provides network and system users with clear direction on permissible uses of information resources.

Question 59

Q

Account Management Policy

Answer

A

Describes the account life cycle from provisioning through active use and decommissioning.

Question 60

Q

SOCKS4

Answer

A

A protocol that facilitates TCP traffic between a client and server through a proxy. Supported by Nmap.

Question 61

Q

Disposition

Answer

A

A phase in the SDLC that occurs when a product or system reaches the end of its life.

Question 62

Q

Network Address Translation (NAT)

Answer

A

A method used in networking to map private IP addresses of devices within a local network to a single public IP address, allowing them to access the internet.

Question 63

Q

MITRE’s ATT&CK Framework (Adversarial Tactics, Techniques, and Common Knowledge)

Answer

A

Includes detailed descriptions, definitions, and examples for the complete threat lifecycle, from initial access through execution, persistence, privilege escalation, and exfiltration.

Question 64

Q

The Diamond Model of Intrusion Analysis

Answer

A

Describes a sequence where an adversary deploys a capability targeted at an infrastructure against a victim.

Answer 65

A

A framework that uses seven stages to describe an attack.

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control (C2)
Actions on Objectives

Answer 66

A

A method of sanitization that applies physical or logical techniques that render target data recovery infeasible using state of the art laboratory techniques.

Answer 67

A

The malicious script comes from the website database.

Answer 68

A

The malicious script comes from the current HTTP request.

Answer 69

A

The vulnerability exists in the client-side code rather than the server-side code.

Answer 70

A

A command-line network tool that provides the functionality for crafting and sending custom TCP/IP packets.

Answer 71

A

A python script that is a hybrid between passive and active reconnaissance. Initially it passively monitors the network waiting for systems to send broadcast requests out intended for devices running networked services. Once a request is passively identified, it switches to active mode and attempts to hijack the connection and gather information from the broadcasting system and its users.

Answer 72

A

Computer chips that allow the end user to reprogram their function, making them quite useful for embedded systems.

Answer 73

A

Computers integrated into the operation of another device, such as a vehicle, camera, or multifunction printer.

Answer 74

A

Slimmed-down operating systems designed to work quickly on IoT devices in a low-power environment.

Answer 75

A

An entire embedded system packaged onto a single chip, often including a processor, memory, networking interfaces, and power management on the chip.

Answer 76

A

Specialized networks designed to facilitate communication between embedded systems without the overhead of a TCP/IP network.

Answer 77

A

A type of industrial control system that monitors and manages processes in manufacturing, infrastructure, and other industries. They collect real-time data from sensors and devices, allowing operators to control and supervise industrial processes from a centralized location.

Answer 78

A

Computer-based systems that monitor and control industrial processes, machinery, and infrastructure.

Answer 79

A

Specialized hardware controllers designed to operate in an IoT environment. Often use a specialized communication protocol called Modbus to communicate with sensors and other IoT components over wired serial infrastructure.

Answer 80

A

A variant of buffer overflow where the result of an arithmetic operation attempts to store an integer that is too large to fit in the specified buffer.

Answer 81

A

A method that adds delays to a system’s retry attempts when competing for a shared resource, reducing conflicts and enhancing overall efficiency in networking and distributed systems.

Answer 82

A

A standardized language for describing and sharing information about cybersecurity threats in a structured and machine-readable format.

Answer 83

A

A protocol used for sharing cyber threat intelligence and indicators of compromises (IoCs) between different organizations and security systems in a standardized way.

Answer 84

A

Apple’s file system for its devices like macOS, iOS, watchOS and tvOS. It manages how data is stored, organized, and accessed on Apple devices, offering features such as enhanced encryption, snapshots, and improved performance.

Answer 85

A

Types of file systems used to organize and store data on computer storage devices.

Answer 86

A

A method or structure used by operating systems to organize and store data on a storage device, such as a hard drive or flash drive. It defines how files are names, accessed, and stored, providing framework for managing data on the storage medium.

Answer 87

A

A forensic technique used to recover fragmented or deleted files from storage media by identifying and extracting data based on file signatures and patterns, bypassing traditional file system structures. Its purpose is to retrieve lost or deleted information during digital forensic investigation.

Answer 88

A

Confidential, Secret, Top Secret

Answer 89

A

A hardware component, typically a circuit board or chip, which is installed on a computer so it can connect to a network.

Answer 90

A

A security process where one system remotely verifies the integrity and trustworthiness of another system, confirming that it runs the expected software without direct access. This ensures trust between networked systems.

Answer 91

A

A process that involves securely verifying and recording each set of a computer’s startup sequence. Hashing functions are utilized to generate fixed-size representations (hashes) of different components in this process, facilitating the verification of their integrity and ensuring the system has not been tampered with.

Answer 92

A

A modern firmware standard. It serves as an interface between the computer’s operating system and firmware, offering features like secure boot, faster startup, and enhanced hardware support.

Answer 93

A

A security technique that involves randomizing the memory address where system components and executables are loaded. This helps prevent attackers from predicting the location of specific functions or vulnerabilities in a computer’s memory, making it more challenging to exploit software vulnerabilities.

Answer 94

A

A security feature in computer processors that designate certain areas of memory as non-executable. It helps prevent the execution of code in specific regions, making it more difficult for malicious software to exploit vulnerabilities by executing code in data storage areas.

Answer 95

A

A Linux command used to determine and display the type of a file. It examines the file’s content and provides information about its format, helping users identify the file type, such as text, executable, or specific data format.

Answer 96

A

A security vulnerability that occurs when there’s a time gap between checking the status of a resource and using it. During this gap, the resource’s status may change, leading to potential security vulnerabilities.

Answer 97

A

In C programming, a standard library function that copies the contents for one string (source) to another (destination). It does not check if the destination string hads enough space to accommodate the source string, could cause buffer overflow.

Answer 98

A

In C programming, a special function that serves as the entry point of the program, where execution begins and ends.

Answer 99

A

In C programming, a standard library function that is primarily used to display information on the screen.

Answer 100

A

In C programming, a standard library function used for reading input from the input from the standard input, typically the keyboard. It is used to accept data form the user.

Answer 101

A

Develops virtualization software. Virtualization software creates an abstraction layer over computer hardware that allows the hardware elements of a single computer (processors, memory, storage, etc.) to be divided into multiple virtual computers, commonly called virtual machines (VMs). Each VM runs its own operating system and behaves like an independent computer.

Answer 102

A

The software component that enables virtualization, allowing multiple operating systems to run on a single physical machine concurrently. It manages and allocates the resource of the host system to create and run multiple virtual machines, each operating independently as if it were running on its own dedicated hardware.

Answer 103

A

A directory service developed by Microsoft that stores and organizes information about network resources, including users, computers, and other devices in a hierarchical database. It provides centralized authentication, authorization, and management of network resources in a Window’s domain environment, simplifying tasks such as user login, access control, and resource administration.

Answer 104

A

A U.S. government standard outlining security requirements for cryptographic modules, ensuring their effectiveness in safeguarding sensitive information. It’s widely adopted globally in government and various industries.

Answer 105

A

A network communication protocol used between controllers and forwarders in an SDN architecture.

Answer 106

A

An approach to networking that uses software controllers that can be driven by application programming interfaces (APIs) to communicate with hardware infrastructure to direct network traffic. The architecture is comprised of three layers that communicate using northbound and southbound APIs.

Answer 107

A

A critical component of computer memory that stores data and instructions for quick processing. It serves as an efficient temporary storage area where information can be accessed and manipulated quickly in order to carry out complex tasks. Highly volatile.

Answer 108

A

A chip-based computer component that makes retrieving data from the computer’s memory more efficient. It stores program instructions and data that are used repeatedly in the operations of programs or information the CPU is likely to need next. Highly volatile. Has three levels.

Answer 109

A

The hardware in a computing device where the operating system (OS), application programs, and data in current use are kept so they can quickly be reached by the device’s processor. Highly volatile.

Answer 110

A

A set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed.

Answer 111

A

A collection of Address Resolution Protocols entries that are created when an IP address is resolved to a MAC address.

Answer 112

A

Contains an entry for each process present in the system. The entry is created when the process is created by a fork system call. Each entry contains several fields that stores all the information pertaining to a single process.

Answer 113

A

A special type of file used by the computer’s operating system (OS) to manage memory. When a computer’s physical RAM is filled up with running programs and data, the operating system may use a portion of the computer’s storage (like hard drive or SSD) as virtual memory.

Answer 114

A

Refers to non-volatile storage that retains data even when the computer is powered off.

Answer 115

A

An electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly routing platters coated with magnetic material. Non-volatile.

Answer 116

A

A solid storage device that uses integrated circuit assemblers to store data persistently, typically in flash memory. Non-volatile.

Answer 117

A

A digital forensics case management product created by Guidance Software with built-in pathways or workflow templates that show the key steps in many types of investigations.

Answer 118

A

A digital forensics investigation suite by AccessData that runs on a Window’s server or server clusters for faster searching and analysis due to data indexing when importing evidence.

Answer 119

A

An open-source digital forensics collection of command line tools and programming libraries for disk imaging and file analysis that interfaces with Autopsy as a graphical user front-end interface.

Answer 120

A

Capture the contents of memory while the computer is running using a specialist hardware or software tool. Must be installed on system prior. Examples are Memoryze and TACTICAL.

Answer 121

A

The contents of memory are written to a dump file when Windows encounters an unrecoverable Kernel error.

Answer 122

A

A file that is written to the disk when the workstation is put into a sleep state. Some malware can detect the use of a sleep state and perform anti-forensics.

Answer 123

A

A file that stores pages of memory in use that exceed the capacity of the host’s physical RAM modules. It is written on the hard drive, so it stays on the hard drive when the computer is turned off.

Answer 124

A

Capture the contents of the disk drive while the computer is still running. Contents of the drive could be changed during acquisition.

Answer 125

A

The computer is shut down through the operating system properly, and the disk is acquired. Malware may detect the shutdown and perform anti-forensics.

Answer 126

A

The system’s power is disconnected by removing the power plug from the wall socket. Files can’t be changed, and anti-forensics can’t be done. Captures disk in state it’s in.

Answer 127

A

Bit-by-bit copy of a disk that includes every non-bad sector on the target disk including deleted or hidden data. Takes time.

Answer 128

A

Copies files and folders from partitions using the file system table stored on the media. Fast but will miss files marked as deleted.

Answer 129

A

Forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media. Can be hardware or software.

Answer 130

A

A software utility that conducts the disk imaging of a target. May will perform cryptographic hashing of data during acquisition.

Answer 131

A

A Unix/Linux/macOS command that can perform disk image acquisition.

Answer 132

A

A function that converts an arbitrary length string input into a fixed length string output.

Answer 133

A

A cryptographic hashing algorithm created to address possible weaknesses in the older MD5 hashing algorithm. The first version uses 160-bit hash digest and the second version uses a 256-bit or 512-bit hash digest.

Answer 134

A

A cryptographic algorithm created in 1990 with the most commonly used variant being MD5 which uses a 128-bit hash digest. No longer widely used.

Answer 135

A

In Windows, a command-line program installed as part of Certificate Services. It is used to display certificate authority (CA) configuration information, configure Certificate Services, and back-up and restore CA components. Also can be used to hash files.

Answer 136

A

A unique alphanumeric value generated by a mathematical algorithm, such as MD5 or SHA-256, to represent the content of a file.

Answer 137

A

A type of software that reviews system files to ensure they have not been tampered with.

Answer 138

A

A tool that shows the sequence of file system events within a source image in a graphical format.

Answer 139

A

A fixed-size group of consecutive data storage units on a storage device, such as HDDs and SDDs. It serves as the basic unit for storing and managing data. The default size is 4096 bytes.

Answer 140

A

A table that contains metadata with the location of each file in terms of blocks/clusters for disks formatted as New Technology File System (NTFS).

Answer 141

A

A file system used by Windows operating systems to organize and store files on a storage device. It provides features such as support for larger file sizes, file and folder permissions, encryption, and improved reliability compared to systems like FAT32.

Answer 142

A

The process of extracting data from a computer when that data has no associated file system metadata. It attempts to piece together data fragments from unallocated and slack space to reconstruct deleted files, or parts of them.

Answer 143

A

An open-source Windows and Linux command that is used to conduct file carving.

Answer 144

A

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with requests or response traffic.

Answer 145

A

Refers to efficiently distributing incoming network traffic across a group of backend servers.

Answer 146

A

A list or record that keeps track of the current status and interactions with clients (like web browsers) that are communicating with a web server.

Answer 147

A

A network-based attack where the attacker dramatically increases the bandwidth sent to a victim during a DDoS attack by implementing an amplification factor.

Answer 148

A

An internet protocol used to synchronize with computer clock time sources in a network.

Answer 149

A

Enterprise DDoS protection services.

Answer 150

A

Activity sent to a C&C system as part of a botnet or malware remote control system and is typically sent as either HTTP or HTTPS traffic.

Answer 151

A

Associating multiple IP addresses with a single domain name and changing out those IP addresses rapidly.

Answer 152

A

An adversary’s use of random delay to frustrate indicators based on regular connection attempt intervals.

Answer 153

A

Attack indicator where hosts within a network establish connections over unauthorized ports or data transfers.

Answer 154

A

A network protocol used for sharing files, printers, and other resources between devices on a local network or over the internet.

Answer 155

A

Occurs when an attacker redirects an IP address to a MAC address that was not the intended destination.

Answer 156

A

A secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.

Answer 157

A

An unauthorized device or service, such as a wireless access point, DHCP server, or DNS server, on a corporate or private network that allows unauthorized individuals to connect to the network.

Answer 158

A

A network device that transmits and revives data over a wireless local area network (WLAN). Relays over 802.11.

Answer 159

A

A network protocol that automatically assigns and manages IP addresses and other network configuration information to devices within a network.

Answer 160

A

The process of discovering unknown or unidentifiable service set identifiers (SSIDs) showing up within range of an office.

Answer 161

A

Processes used to identify the use of unauthorized protocols on the network and unusual peer-to-peer communication flows.

Answer 162

A

Enumerating the states of TCP and UDP ports on a target system using software tools.

Answer 163

A

Identifying they type and version of an operating system (or service application) by analyzing its response to network scans.

Answer 164

A

A scan directed at multiple IP addresses to discover whether a host responds to connection requests for particular ports.

Answer 165

A

The phase of an attack or penetration test in which the attacker or tester gathers information about the target before attacking it.

Answer 166

A

1024-49151

Answer 167

A

49152-65535

Answer 168

A

Communicating TCP/IP application traffic, such as HTTP (80), FTP (21), or DNS (53), over a port that is not the registered or well-known port established for the protocol.

Answer 169

A

A command-line interface or a program that allows users to interact with the operating system by entering commands.

Answer 170

A

An attacker opens a listening port on the remote host and causes the infected host to connect to it. A way to work around firewalls.

Answer 171

A

A versatile networking utility tool that operates at the command line. It can establish and manage network connections making it useful for a variety of tasks such as transferring files, port scanning, banner grabbing, and acting as a simple network server or client.

Answer 172

A

File Transfer Protocol (FTP)

Answer 173

A

Secure Shell/FTP over SSH (SSH/SFTP)

Answer 174

A

Simple Mail Transfer Protocol (SMTP)

Answer 175

A

Domain Name System (DNS) used for zone transfers.

Answer 176

A

Copies the DNS data from one DNS server to another.

Answer 177

A

POP3 (Post Office Protocol)

Answer 178

A

NetBIOS-SSN

Answer 179

A

A Microsoft protocol that facilitates communication between processes on a Windows network, enabling remote execution of procedures and facilitating distributed computing.

Answer 180

A

A networking protocol used for communication between computers on a local network. Replaces by SMB.

Answer 181

A

Internet Mail Access Protocol (IMAP)

Answer 182

A

An internet standard protocol used by email clients to retrieve email messages from a mail server. Replaced POP3.

Answer 183

A

MICROSOFT-DS

Answer 184

A

The SMB protocol over port 445 on TCP/IP networks commonly used for file and printer sharing, as well as other networking functionalities in Windows environment.

Answer 185

A

Internet Mail Access Protocol Secure (IMAPS)

Answer 186

A

POP3S (Post Office Protocol Secure)

Answer 187

A

Point-to-Point Tunneling Protocol

Answer 188

A

Remote Desktop Access Protocol (RDAP)

Answer 189

A

Virtual Network Computing (VNC)

Answer 190

A

HTTP-PROXY

Answer 191

A

Domain Name System (DNS) used for queries

Answer 192

A

Dynamic Host Configuration Protocol (DHCP), server port

Answer 193

A

Dynamic Host Configuration Protocol (DHCP), client port

Answer 194

A

Trivial File Transfer Protocol (TFTP)

Answer 195

A

Network Time Protocol (NTP)

Answer 196

A

NetBIOS-Name Service (NS)

Answer 197

A

NetBIOS-Datagram Service (DGM)

Answer 198

A

NetBIOS-Session Service (SSN)

Answer 199

A

Simple Network Management Protocol (SNMP)

Answer 200

A

Internet Security Association and Key Management Protocol (ISAKMP)

Answer 201

A

Routing Information Protocol (RIP)

Answer 202

A

Internet Printing Protocol (IPP)

Answer 203

A

Microsoft SQL

Answer 204

A

Universal Plug and Play (UPNP)

Answer 205

A

NAT-T-IKE

Answer 206

A

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Answer 207

A

Contains textual information associated with a domain, often used for verification, configuration, or storing additional data for various online services and protocols.

Answer 208

A

DNS record that resolves a domain or subdomain to another domain name (example.com, www.example.com)

Answer 209

A

Points to the server where emails should be delivered for that domain.

Answer 210

A

The use of SSH or VPNs to create a tunnel to transmit the data across a given network.

Answer 211

A

Communication path that allows data to be sent outside of the network without alerting any intrusion detection or data loss countermeasures.

Answer 212

A

The practice of concealing data within another file, message, or video.

Answer 213

A

A library that contains code and data that can be used by more than one program at the same time.

Answer 214

A

A Windows tool that monitors a wide range of devices and services, including energy, USB, and disk usage.

Answer 215

A

A Windows tool that monitors memory, CPU, and disk usage.

Answer 216

A

A Window’s tool focused on monitoring and maintaining the health, performance, and availability of computer systems, applications, and devices within an enterprise network.

Answer 217

A

A Windows command-line utility used to display lists all running processes or tasks on a computer. When executed, it provides information such as the process name, PID, memory usage, process trees, and individual operations for each process.

Answer 218

A

A Window’s proprietary software that has the ability to browse the structure of executable Windows files. It’s useful to dig into processes and what they’re calling.

Answer 219

A

In Linux, are background processes that quietly handle tasks like providing services (e.g., network or printing), run independently of user sessions, and ensure system functionality without needing constant support. Has the letter ‘d’ after it (hpptd, sshd, ftpd).

Answer 220

A

The initial deamon in Linux that is the first executed by the kernel during the boot up process and always has the PID of 1.

Answer 221

A

A Linux command that provides the parent/child relationship of the process on a given system.

Answer 222

A

Command in Linux that is used to display information about currently running processes. Information includes CPU and memory utilization, the time the process was started, how long the process has run, and the command that started the process. Point in time.

Answer 223

A

An open-source memory forensics tool that has many different modules for analyzing specific elements of memory such as a web browser module, command prompt history module, and others.

Answer 224

A

A component in the Window’s operating system (OS) that help administrators and end users monitor, manage, and trouble shoot tasks. It provides information about running processes, performance metrics, and allows users to manage applications. You can see a list of all running programs, their resource usage (CPU and memory), and perform actions like ending tasks or launching new applications.

Answer 225

A

A Linux command that outputs the amount of used and freely available memory on the computer.

Answer 226

A

A Linux command that provides CPU utilization under CPU stats and also shows memory usage as well as other details about running processes. It also provides interaction via hotkeys, including allowing quick identification of top consumers by entering A. Dynamic.

Answer 227

A

A Linux command that indicates which accounts are logged in.

Answer 228

A

A Linux command that displays a report of the system’s disk usage and available space, with various flags providing additional or formatting.

Answer 229

A

A Linux DNS lookup tool that provides detailed information about DNS queries, including domain name resolution, IP addresses, and other related DNS records.

Answer 230

A

A Windows command-line utility used to display a list of files and directories within a specific directory. It provides information such as file names, sizes, and modification dates.

Filters all file/folder types that match the given parameter (x).

Displays who owns each file, along with the standard information.

Answer 231

A

A Linux utility that provides detailed information about files and processes that are currently opened or in a Unix-like system. I can reveal which processes have a particular file open, the type of access they have, and other related details.

Answer 232

A

An individual or entity responsible for making decisions regarding the use, and protection of a dataset, typically holding legal or organizational authority over the data.

Answer 233

A

A person or team responsible for managing and ensuring the quality, integrity, and compliance of data throughout its lifecycle, often acting as a liaison between data owners and users.

Answer 234

A

The role or entity responsible for the physical storage, maintenance, and security of data, ensuring that it is stored and processed in accordance with established policies and procedures.

Answer 235

A

Replaces sensitive values with a unique identifier using a lookup table.

Answer 236

A

Partially redacts sensitive information by replacing some or all sensitive fields with blank characters.

Answer 237

A

A type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information.

Answer 238

A

A network protocol that allows users to access and manage remote computer systems over a network, providing a text-based interface for command-line interaction.

Answer 239

A

An application model that is an iterative process and relies on building prototypes. There is no planning phase; instead planning is done as the software is written. It involves five phases: business modeling, data modeling, process modeling, application generation, testing and turnover.

Answer 240

A

A widely accepted protocol for sending digitally signed and encrypted messages. It provides encryption and digital signatures for email messages.

Answer 241

A

An email authentication method that adds a digital signature to email messages, allowing the recipient to verify that the message was sent by the claimed sender and that it has not been altered in transit.

Answer 242

A

An email authentication method that allows the owner of a domain to specify which mail servers are authorized to send emails on behalf of that domain.

Answer 243

A

A Linux command that displays information about the network interfaces on your system. It typically shows details such as the IP address, MAC address, networks status, and other related information for each active network interface on your machine.

Answer 244

A

Identify, Protect, Detect, Respond, Recover

Answer 245

A

An open authorization standard that allows users to share elements of their identity or account information while authenticating via the original identity provider. Relies on access tokens, which are issued are an authorization server and then presented to resource servers like third-party web applications by clients.

Answer 246

A

A system that allows users to access multiple applications or services with a single set of longin credentials.

Answer 247

A

An XML-based standard for exchanging authentication and authorization data between parties, typically used in SSO.

Answer 248

A

A security model where access permissions are assigned based on roles, and individuals are assigned to those roles, simplifying the management of permissions by grouping users with similar responsibilities.

Answer 249

A

A security model that determines access permissions based on a set of attributes with the user, the resource, and the environment.

Answer 250

A

Command used to end a process in Linux.

Answer 251

A

An interactive user-friendly process viewer for Unix-like systems, offering a color-coded and feature-rich interface to monitor and manage system resources and processes.

Answer 252

A

A Linux command-line tool used to interact with the Linux Audit Framework, allowing users to configure rules for auditing system events and monitoring activities for security and compliance purposes.

Answer 253

A

A security control designed to create a pool of reserve candidates ready to step into positions when a vacancy occurs. It is an important continuity control.

Answer 254

A

The process of copying or replicating DNS data (such as domain records) from one DNS server to another, facilitating the synchronization of information across multiple servers.

Brainscape's Knowledge GenomeTM

CySA+ Flashcards

Brainscape's Knowledge Genome^TM