Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ Study Notes > CySA+ Study Notes 19 > Flashcards

CySA+ Study Notes 19 Flashcards

1
Q

provides that transmits CTI data between servers over HTTPS and a REST API.

A

TAXII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

uses XML-formatted documents; each entry has meta-info such as author, category info, confidence level, and usage license and description and a definition. Is a form of data threat sharing.

A

OpenIOC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ELK/Elastic Stack (SIEM) : comprised of Kibana, Logstash, Beats, Elasticsearch.

ArcSight : Enterprise SIEM w/ability to provide compliance reporting for HIPAA, SOX, PCI DSS.

QRadar : IBM’s SIEM Log Management etc …

Alient Vault and OSSIM (SIEM) : OSSIM has Snort / OpenVAS etc …

Graylog : open-source SIEM w/Enterprise version focused on compliance and supporting IT operations and DevOps.

A

SIEMs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Agent-based -> install agent service on each host, as events occur on host, logging data is filtered, aggregated and normalized at the host, then sent to SIEM server for analysis and storage.

Listen / Collector : rather than installing agent, hosts configured to push updates to SIEM server using syslog or SNMP.

Sensor -> SIEM might collect packet captures and traffic flow data from sniffers, SIEM can be configured in sensor mode and deployed to different parts on network, sensor then forward network traffic info back to main management instance.

A

SIEMs collect data by :

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Application -> events generated by apps and services.

Security -> audit events, such as failed log-on or access to file being denied.

System -> events generated by OS and its services such as storage volume health checks.

Setup -> events generated during installation of Windows. Forwarded

Events -> events that are sent to local host from other PCs.

A

Event Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

information -> successful events.

Warning -> events not necessarily a problem but may be in future.

Error -> events that are significant problems and may result in reduced functionality.

Audit/Success Failure.

A

Events by their severity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

provides users w/terminal interface and enables admins to run scripts to manage those PCs.

A

WMIC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

usually driven by compliance factors, the controls used in framework must be deployed by org., each org. will be audited to ensure compliance; ex : COBIT, ITIL, ISO, PCI DSS. Tier 1 : … Tier 2 : show ability to prepare to mitigate cybersecurity risks by performing risk assessments. Tier 3 : represent an org. w/defined policies and procedures driven by IT dept. Tier 4 : org. would demonstrate management oversight of risks.

A

Prescriptive Frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

consists of 3 parts ->

Framework Core : identifies 5 cybersecurity functions (Identify, Protect, Detect, Respond, and Recover).

Implementation Tiers : assesses how closely core functions are integrated w/org.’s overall risk management process.

Framework Profiles : used to supply statements of current cybersecurity outcomes and target cybersecurity outcomes.

A

Risk-Based Frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

is a compliance-testing process to ensure that the security system meets the requirements of a framework or regulatory environment, or more generally, that a product or system meets its design goals.

A

Verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ Study Notes (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions