CySA+ Study for PASS Certification Exam !!! Flashcards
is cisco network protocol and collects IP traffic info, for network traffic monitoring. Flow data is used to provide view of traffic flow and volume; typical flow capture includes IP and port source/dest. for traffic and class of service. Netflow and netflow analyzer can help identify service problems and baseline typical network behavior and useful in identifying unexpected behaviors.
Netflow
DHCP logs in Linux typically found in : /var/log/dhcp.log –> and can use journalctl command to view logs.
ACL’s for firewalls can show where/which traffic is allowed/blocked - pen tester can also reverse-engineer firewall rules based on log contents. Firewalls use log levels to separate informational and debugging from more important log levels.
info
??? gathering data through reviewing websites, searching databases like EDGAR financial database, social networks, social engineering staff members. Pen testers look info such as : locations including where buildings are, how they are secured, business hours and workflow of org. Relationship between dept.’s, individuals, and other org.’s. Organizational charts, document analysis - metadata and marketing, financial data, individuals.
Organizational Data
??? often includes info like author’s name and info about software used to create the ??? and also can include revisions, edits; cell phone photos may have location data, allowing one to know when and where photo was taken.
Document Metadata
??? can be used to search lifestyles and how behaviors are which can be helpful for social engineering/password guessing. Who the person is connected to, how much metadata their profiles contain, and what their tone and posting behaviors are, etc …
Social Media
???
What is the Data Classification of the info stored, processed, or transmitted by the system?
Is the system exposed to the internet or other public or semi-public networks?
What services are offered by the system?
Is the system a production, test, or development system?
Identify Systems that will be covered by vulnerability scans
??? helps make decisions about types of scans performed, frequency of scans, and priority admins make on remediating vulnerabilities detected by those scans.
Asset inventory and asset criticality info
???
What systems and networks will be included in vulnerability scan?
What technical measures will be used to test if systems are present on network?
What tests are performed against systems discovered by vulnerability scan?
Scope Vulnerability Scans
If vulnerability is not able to be solved, then use compensating control, which are additional security measures that you take to address vuln. w/o remediating that problem itself. Ex : have web app that vulnerable to SQL injection but not able to correct web app itself, you might use web app firewall to block SQL injection attack attempts. WAF serves as compensating control. Or you may just decide to live with the risk and not do anything.
info
web app scanning combine traditional network scans of web servers w/detailed probing of web apps using techniques as sending known malicious input sequences and fuzzing in attempts to break the app. Nikto is a web app scanning tool (open source).
Interception Proxies : run on testers system and intercept requests being sent from web browser to the web server before they are released on the network. This allows the tester to manually manipulate request to attempt injection of an attack. One tool is called ZAP. And also Burp Suite.
info
