CySA+ Study for PASS Certification Exam !!!

Question 1

This stage is planning for your intelligence requirements; you may assess what security breaches or compromises you have faced, assess what info could have prevented or limited impact of breach, assess what controls and security measures were not in place that would have mitigated the breach.

Answer 1

The Threat Intelligence Cycle (Phase 1 - Requirements Gathering)

Question 2

once info requirements are gained, you can collect data from threat intelligence sources to meet those requirements. This phase may repeat as extra requirements are added etc …

Answer 2

The Threat Intelligence Cycle (Phase 2 - Data Collection)

Question 3

first process data to allow it to be consumed by whatever tools or processes you use then analyze data itself. Output of this stage could be data fed into automated systems or tools, or written reports to distribute to leadership etc …

Answer 3

The Threat Intelligence Cycle (Phase 3 - Data Processing and Analysis)

Question 4

data is distributed to leadership and operational personnel who will use the data as part of their security operations role.

Answer 4

The Threat Intelligence Cycle (Phase 4 - Intelligence Dissemination)

Question 5

gathering feedback about reports and data you have gathered. Use continuous improvement.

Answer 5

The Threat Intelligence Cycle (Phase 5 - Feedback)

Question 6

forensic evidence or data that can help to identify an attack, used after an attack has started and attack may still be happening.

Answer 6

IOCs

Question 7

Est. a Hypothesis : needed to test and should have actionable results based on threat that the hypothesis considers.

Profiling Threat Actors and Activities : helps ensure who you have considered may be a threat and why, as well as what their typical actions and processes are.

Threat Hunting Tactics : skills, techniques, and procedures are where action meets analysis, this step includes executable process analysis.

Reducing attack surface area

Bundling Critical Assets into Groups and Protection Zones

Attack Vectors must be understood, assessed and addressed based on analysis of threat actors and their techniques as well as surface area threat actors can target.

Integrated intelligence combines multiple intelligence sources to provide better view of threats.
Improving detection capabilities.

Answer 7

Proactive Threat Hunting

Question 8

used to create a map of an org.’s networks, systems, and other infrastructure; usually done by combining info-gathering tools w/manual research to identify networks and systems the org. uses.

Answer 8

Host Enumeration

Question 9

Passive fingerprinting : relies on info that is available about org.’s, systems, or network w/o performing your own probes.

Network Devices can log own activities, status, and events including traffic patterns and usage, info includes network device logs, network device config files, and network flows.

Many networks use SNMP to send device info to a central control system and most managed networks send network logs to a central log server using syslog utility.

Answer 9

info

Question 10

??? often include details of network, routes, systems that devices interact with, etc … and they can provide info about syslog and SNMP servers, admin and user account info, and other info useful for info gathering.

Answer 10

Config Files