Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ Study for Pass Certification Exam !!! > CySA+ Study for PASS Certification Exam !!! > Flashcards

CySA+ Study for PASS Certification Exam !!! Flashcards

1
Q

??? are desktops to laptops to mobile devices, IoT sensors, and all gather data including logs and other info. Security Analysts should see what data exists on ??? device, how access it, if data be sent to central log collection and analysis point, etc …

A

Endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

??? these tools are used as part of malware packages to generate domain names from a known seed. The bot infrastructure can then dynamically generate domain names knowing that bots will use the same seed to know where to send their traffic; feed DNS query info into SIEM that uses IP/domain reputation data and correlation capabilities can help detect these behaviors.

A

Dynamically Generated Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

??? auto register/deregister DNS entries as part of botnets. Single Flux : continuously registers addresses as part of DNS address A record for a DNS entry; this can help disguise malicious systems. Double Flux : uses similar tech. to register/deregister DNS servers for DNS zone, adding another layer of confusion when attempting to pin down malicious systems.

A

Fast Flux DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A Security Event : any observable occurence in system or network that relates to security function.

Security Incident : infringement or imminent threat of breach of computer security policies, AUP’s, or standard security practices.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

??? : Preparation Phase 1 = ??? has proper policy foundation, operating procedures that will be effective in org.’s computing environ., training, prepared to respond to an incident. Also build strong cybersecurity defenses reducing likelihood and impact of future incidents. Should also assemble hardware, software, and info required to conduct an incident investigation. Detection and Analysis 2 = (4 Major security event indicators 1 = alerts that originate from IDS/IPS, SIEM, anti-virus software, 3rd party monitoring services, etc… 2 = logs generated by OS’s, services, apps, network devices, network flows… 3 = Publicly available info about new vulnerabilities … 4 = insiders or externals that report suspicious things…) Containment, Eradication, Recovery 3 = Select containment strategy appropriate to incident situations. Implement selected containment strategy to limit damage caused by incident. Gather extra evidence to support response effort and potential legal action. Identify attackers and attacking systems. Eradicate effects of incident and recover normal business operations. Post-Incident Activity 4 = team members conduct a lessons learned review and ensure they meet internal/external evidence retention requirements.

A

CSIRT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

??? you can see the source, its IP address, the destination, its IP address, how many packets were sent, how much data was sent, and the port and protocol used; for a good guess on what app was used.

A

Flow Info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

??? : reach out to remote systems and devices to gather data; typically gather data about availability, routes, packet delay or loss, and bandwidth. ex : Pings, and IPerf : tool that measures max bandwidth and IP network can handle.

??? : capturing info about network as traffic passes a location on a network link.

A

Active Monitoring / Passive Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

??? : gathering info from multiple network devices and combining that data into useful views for analysis and reporting.

??? : monitoring bandwidth usage tool which combines packet sniffing, flows, SNMP, and WMI (allows script and app access for automation and admin tasks and accessing management data for OS, etc …).

A

Network Monitoring / PRTG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SolarWinds : network monitoring tools that address multiple types of data gathering for ability identify network issues and network bandwidth and flows.

Nagios : system log monitoring tool.

Cacti : opensource SNMP.

Slack space is space left when a file is written, this space contains fragments of files previously written to the space or files that are intentionally hidden.

Unallocated Space : space not partitioned.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

File carving tools look at data on block-by-block basis, looking for info like file headers and other indicators of the file structure. When they find them they attempt to recover complete or partial files.

Legal Hold : conducted when info must be retained for a legal case.

Wireshark : packet sniffer/sniffer

Order of Volatility : CPU Cache, registers, running processes, RAM -> Network Traffic -> Disk Drives -> Backups, printouts, optical media.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ Study for Pass Certification Exam !!! (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions