CySA+ Study Notes 1

Question 1

cybersecurity analyst is a senior position within an organization‘s security team with direct responsibility for protecting sensitive information and preventing unauthorized access to electronic data and the systems that process it. A cybersecurity team may contain junior and senior analyst levels, and an enterprise may develop specialized roles in different sectors of information assurance. Senior analysts are likely to report directly to the chief information security officer (CISO).

Answer 1

info

Question 2

location where security professionals monitor and protect critical info assets in org. They centralize/streamline and are usually employed by larger org,’s like govt. agency or healthcare dealing w/PII. ??? should be : supported by org. policies, giving authority needed to be effective, equipped to perform incident response duties, able to protect ??? systems/infrastructure from attack, able to collaborate w/other ??? to share valuable info on threat intelligence and mitigation techniques.

Answer 2

SOCs

Question 3

A security control is something designed to give a particular asset or information system the properties of confidentiality, integrity, availability, and non-repudiation.

Answer 3

info

Question 4

The control is implemented as a system (hardware, software, or firmware). For example, firewalls, anti-virus software, and OS access control models are ??? controls. ??? controls may also be described as logical controls.

Answer 4

Technical Controls

Question 5

The control is implemented primarily by people rather than systems. For example, security guards and training programs are ??? controls rather than technical controls.

Answer 5

Operational Controls

Question 6

The control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.

Answer 6

Managerial Controls

Question 7

The control acts to eliminate or reduce the impact of an intrusion event. A ??? control is used after an attack. A good example is a backup system that can restore data that was damaged during an intrusion. Another example is a patch management system that acts to eliminate the vulnerability exploited during the attack.

Answer 7

Corrective Controls

Question 8

is the process through which data generated in the ongoing use of information systems is collected, processed, integrated, evaluated, analyzed, and interpreted to provide insights into the security status of those systems.

Answer 8

Security Intelligence

Question 9

provides data about the external threat landscape, such as active hacker groups, malware outbreaks, zero-day exploits, etc …

Answer 9

cyber threat intelligence (CTI)

Question 10

Narrative Reports : Analysis of certain adversary groups or a malware sample provided as a written document in a format able to be read by analysts; useful for strategic intell. to influence security control selection and configuration.

Data Feeds : Lists of known bad indicators, such as domain names or IP addresses associated with spam or distributed denial of service (DDoS) attacks, or hashes of exploit code. This provides tactical or operational intelligence that can be used within an automated system to inform real-time decisions and analysis as part of incident response or digital forensics.

Answer 10

CTI’s 2 Forms (usually)