Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2 > CySA+ Study Notes 8 > Flashcards

CySA+ Study Notes 8 Flashcards

1
Q

attackers do recon against systems and think of ways to exploit, when they find path of potential vulnerability they move into attack phase.

A

Discovery Phase (Penetration Testing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(1) seek to gain access to target system, (2) escalate privileges, (3) and browse network for new systems that they can access, (4) then they install additional tools on compromised systems in efforts to gain deeper access to the network.

*** Proxies : ZAP, burp suite, Vega, etc …

*** Air Gapping : completely removing system from the network.

** Always-On Vpn : connect automatically.

A

Attack Phase (Penetration Testing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

makes the network programmable, separate data plane and control plane, allows granular network configuration, facilitates faster response to security incidents …

A

SDN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

when systems are compromised by malware and joined to a botnet, they configured with the server names of C2 servers they contact to receive further instructions, then security analyst(s) alter DNS records to reroute botnet traffic.

A

DNS Sinkhole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

monitors user behavior, and flags any deviations from those patterns of the normal behavior.

*** Digital Signing of a message does not provide confidentiality.

A

UEBA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

??? provides domain owner ability to list server that are authorized to send mail from the domain.

??? provides email authentication by allowing mail servers to digitally sign legitimate outbound email message; uses public/private key pairs. Public keys are published through DNS.

??? provides domain owners ability to specify SPF and DKIM policies for their domains.

A

SPF / DKIM / DMARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

detect security incidents, contain detected incidents, investigate contained incidents, remediate endpoints.

A

EDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Event : any activity that takes place on a system, network, or application that may have security implications.

Security Incident : any adverse security event that either caused or threatened to cause a violation of org.’s security policy.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

develop list of threats, assess threat based on likelihood, access threats based on impact, create a threat register.

*** Highest priority of Incident response team is to first isolate systems.

A

Threat Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

??? have minimal potential to affect security, are normally handled by first responders, dont require after-hours response.

??? have significant potential to affect security, trigger incident response team activation, require prompt notification to management.

??? may cause critical damage to information or systems, justify an immediate full response, require immediate notification to senior management, demand full mobilization of incident response team.

A

Low Impact / Moderate Impact / High Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2 (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions