Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2 > CySA+ Study Notes 5 > Flashcards

CySA+ Study Notes 5 Flashcards

1
Q

AV = Attack Vector (this describes type of access attacker must have to exploit a vuln.) Can be (P) Physical == physical touch or manipulation required to target system. (L) Local == physical or logical console access required. (A) Adjacent Network == local network access required.

A

CVSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Attack Complexity (AC) (metric is for how difficult it is to exploit a vulnerability). Can be (H) High == requires specialized conditions. (L) Low == easy to exploit.

A

CVSS (AC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CVSS : PR = Privileges Required. (H) High == requires admin control. (L) Low == requires basic user privileges. (N) None == requires no prior privileges.

A

CVSS (PR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CVSS : UI = User Interaction. (R) Required == requires user take some action. (N) None == doesnt require user interaction.

A

CVSS (UI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CVSS : (C) Confidentiality. (N) None == no confidentiality impact. (L) Low == access to some info possible. (H) High == all info compromised.

CVSS : (I) Integrity. (N) None == no intergrity impact. (L) Low == modification of some info possible. (H) High == all info compromised.

CVSS : (A) Availability. (N) None == no availability impact. (L) Low == performance degraded. (H) High == system shut down.

A

CVSS (CIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CVSS : (S) = Scope (determines whether vuln. can affect components other than the components with the vuln.) Can be (C) Changed == exploiting vuln. can affect other components. (U) Unchanged == exploiting vuln. only affects resources managed by same security authority.

A

CVSS (S)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

??? when vuln. exists BUT scanner misses it.

??? if no finding by scan AND no vuln.

??? if vuln. scan reports finding AND vuln. really exists.

A

False Negative / True Negative / True Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

buffer overflows can lead to priv. elevation.

Parameterized SQL : precompiles SQL code on database server to prevent user input from altering query structure.

XSS : attacker tricks a user’s browser into downloading script from one site and executing it on another site. 2 points for it to work : Reflected Input == input provided by user is later displayed to other users; Unvalidated Input.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Password Spraying : attacker takes list of commonly used passwords and and uses them to attack many different accounts at the same time.

Credential Stuffing : when users reuse same password across multiple sites.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the ??? of an access control request is the user, device, or app that is requesting access to a resource. ex.’s : user accessing files, digital signs of accessing networks, app’s accessing databases etc …

the ??? of an access control request is the resource that the subject wishes to access. ex.’s : files, networks, databases, etc …

A

Subject / Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2 (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions