CySA+ Flashcards
Vulnerability scan output: CVE-2011-3389
QID 42366 -SSLv3.0/TLSv1.0 Protocol weak CBC mode Server side vulnerability Check with: OpenSSL s_client-connect login.diontraining.com:443 -tls -cipher “AES:CAMELISA:SEED:3DES:DES”
What category should this be classified as?
Web application cryptography vulnerability
Your an analyst for a bank with offices in multiple states. You want to create an alert to detect if an employee from one bank office logs into a workstation in an office in another state. What type of detection and analysis are you configuring?
Behavior based
You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security software recommends you should remediate this. What should you do?
Change all devices and servers that support it to 636 because encrypted services run by default on 636
Your org has noticed an increase in the number of security incidents being detected. To better understand the situation and measure the effectiveness of your incident response process, what KPI (key performance indicator) could you use?
Alert volume: an increase may correlate with an increase of detected incidents
What tools can be used to conduct a banner grab from a web server on a remote host?
netcat, wget, and telnet
(ftp can’t do it)
A recent vulnerability scan found several vulnerabilities on an organization’s public facing IP address. To reduce the risk of a breach, which of the following vulnerabilities should be prioritized for remediation?
-A cryptographically weak cipher
-An HTTP response that reveals an internal IP address
-A website utilizing a self-signed SSL cert
*A buffer overflow that is know to allow remote code execution
An adversary compromised a web server in your network using a zero-day exploit and then uses it as a C2 server for further attacks. Which stage of the MITRE ATT&CK framework does the use of a C2 server illistrate?
Command and Control (C2)
Which analysis framework provides a graphical depiction of the attackers approach relative to a kill chain?
Diamond Model of Intrusion Analysis
Which framework provides the most explicit detail regarding how to mitigate or detect a given threat?
MITRE ATT&CK
According to the Center for Internet Securitiy’s system design recommendation, which control category would contain info on the best security practices to implement within SDLC?
Application Software Security
A cybersecurity analyst has received an alert that sensors continuously observe a well-know call home messages at their network boundary. Still, the orgs proxy firewall is properly configured to successfully drop the messages before leaving the network. What is the most likely cause of the message being sent?
An infected workstation is attempting to reach a C2 server
You’re investigating traffic involving 3 separate IP addresses (192.168.66.6, 10.66.6.10, 172.16.66.1). What REGEX expression would you use to be able to capture ONLY these 3 IP addresses?
\b(192.168.66.6)|(10.66.6.10)|(172.16.66.1)\b
You are conducting a quick nmap scan of a target network. You want to conduct a SYN scan but you don’t have the raw socket privileges on you workstation. What command should you use to conduct the SYN scan from your workstation?
nmap -sT
Nicole’s org doesn’t have the budget for 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. What service provider would be best suited for this?
MSSP: Managed Security Service Provider
A companies CIO is concerned about the liability of a security vulnerability being exploited in their self-driving car where someone may die. What methodology would provide the single greatest mitigation if successfully implimented?
Formal methods of verification
What provides a standard nomenclature for describing security-related software flaws?
CVE
You suspect a system’s firmware has been compromised. What type of firmware would provide resistance against suck attack?
Trusted Firmware
What REGEX expression would provide the appropriate output when searching logs from only the IP subnet 172.161.1.224/26
\b172.161.1.(2[0-4][0-9]|25[0-5]|19[2-9])\b
What is least likely to be included in a data retention policy?
Classification Info
As a forensic analyst, what should you collect first?
L3 Cach(CPU registry), RAM Cache(System Memory), SSD(Storage Devices), Backup drives
Your company is adopting a cloud first architecture model. Management wants to decommission the on-prem SIEM and migrate it to the cloud. What issues could arise?
Legal and regulatory issues may prevent data migration to the cloud
Diamond Model of Intrusion Analysis
Framework for understanding the 4 key elements of cyber attacks. Adversary, victim, infrastructure, capability
MITRE ATT&CK
Framework detailing tactic, techniques, and procedures.
Reconnaissance · Weaponization · Delivery · Exploitation · Installation · Command & Control (C2) · Actions on Objectives
OWASP Testing Guide
Methodology for testing web application security