CySA+ Study for PASS Ceritifcation Exam !!!

Question 1

during drive acquisition using a ??? can ensure that attaching the drive to a forensic copy device or workstation doesnt result in the drive being altered.

Answer 1

Write Blockers

Question 2

??? : could be removal of malicious code from network, sanitization of compromised media, securing compromised user accounts, etc.

??? : focuses on restoring normal capabilities and services. Including reconstituting resources and correcting security control deficiencies that may have led to the attack, including rebuilding and patching systems, reconfiguring firewalls, updating malware sig.s’, etc also this phase is to reduce likelihood of successful future attack(s).

Answer 2

Eradication Phase / Recovery Phase

Question 3

??? : finding root cause of problem and fixing it, like attacker compromises a router and root cause analysis reveals error in devices config’s, admins can correct the error on the routers to prevent similar attacks in the future.

Answer 3

Root Cause Analysis

Question 4

??? : logical tech.’s to sanitize data in all user-addresable storage locations for protection against simple noninvasive data recovery tech.’s.

??? : applies physical or logical tech.’s that render data recovery infeasible using state-of-the-art lab tech.’s; ex’s : overwriting, block erase, cryptographic erase, and degaussing using magnets.

??? : renders target data recovery infeasible using SOTA lab tech.’s; ex:’s disintegration, pulverization, melting, and incinerating.

Answer 4

Clear / Purge / Destroy

Question 5

??? : org.’s take a formal approach to risk analysis that beings w/identifying risks, continues w/determining the severity of each risk, then results in adopting 1 or more risk management strategies to address each risk.

??? = Probability (likelihood) x Magnitude (Impact)

Answer 5

ERM / Risk Severity

Question 6

??? : collect smallest amount of info needed to meet business requirements.

??? : info should only be used for purpose that it was originally collected and was consented by data subjects.

Answer 6

Data Minimization / Purpose Limitation

Question 7

??? : where systems and admins apply electronic tags to sensitive documents and then DLP systems can monitor systems and networks for unencrypted content containing those tags.

Answer 7

Watermarking

Question 8

Plan and Organize, Acquire and Implement, Deliver and Support, Monitor and Evaluate

Answer 8

COBIT divides info tech activities into 4 domains :

Question 9

COBIT Framework, Process Descriptions, Control Objectives, Management Guidelines, Maturity Models.

Answer 9

COBIT addresses 4 domains with framework :

Question 10

Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement

ALE = SLE x ARO

SLE = AV x EF

Answer 10

ITIL covers 5 core activites : (etc)