CompTIA CySA+ (CSO-003)
Host Related IOC's - ANS-Memory consumption, processor consumption, and drive
capacity consumption
Lockheed Martin Cyber Kill Chain - ANS-linear progression of an attack:
Reconnaissance - what the network looks like
o Weaponization - creating malware but not running it yet
o Delivery - how are they going to deliver the malware
o Exploitation - leverages vulnerability to execute main attack
o Installation - achieve persistence on the system
o C2 - establishes control (channel) of the network and system
o Action on objectives - accomplish their original goal
Diamond Model of Intrusion Analysis - ANS-focuses on the relationship between four
main elements of an attack: adversary, infrastructure, victim, and capability, rather than
the stages of an attack.
MITRE ATT&CK Framework - ANS-detail a variety of tactics, techniques, and
procedures used by attackers
Stages:
Initial access
Execution
Persistence
Privilege escalation
Defense evasion
Credential access
Discovery
Lateral movement
Collection and exfiltration
Command and control
Forensic analysis - ANS-involves a meticulous examination of all evidence related to an
incident to understand its origin, extent, and impact.
Root cause analysis - ANS-seeks to identify the initial cause of an issue and provide
insight into security controls' effectiveness and identify improvement areas
,Lessons Learned - ANS-involves a thorough review after an incident to identify what
happened, what was done well, and what needs to be improved to prevent similar
incidents in the future
Open IOC - ANS-depth of research on APTs but does not integrate the detections and
mitigation strategy.
SOAR - ANS-designed to collect and analyze security threat data and automate
responses, making them an effective solution for dealing with multiple, persistent
cyberattacks
Joe Sandbox - ANS-Allows a security research or cybersecurity analyst to analyze and
understand the behavior of malware samples in a safe and
controlled environment
Insecure direct object references (IDOR) - ANS-a cybersecurity issue that occurs when
a web application developer uses an identifier for direct access to an internal
implementation object but provides no additional access control and/or authorization
checks. An attacker could change the userid number and directly access any user's
profile page in this scenario.
SHA-256 - ANS-SHA-256 and other hashing algorithms are used to ensure the data
integrity of a file has not been altered
Cross-site scripting (XSS) - ANS-type of computer security vulnerability typically found
in web applications.
Inject malicious code into web pages viewed by others can be a specifically crafted URL
that includes attack code (after a ?).
focuses on user, not database or server
Network Access Control (NAC) - ANS-prevents unauthorized users from connecting to a
network
Base64 - ANS-obfuscate technique, long string A-Z, a-z, 1-9
Incident Response Plan - ANS-A plan that an organization uses to categorize a security
threat, determine the cause, preserve any evidence, and also get the systems back
online so the organization can resume business.
OWASP Testing Guide - ANS-providing framework for web application security testing
, Compensating Controls - ANS-Controls that substitute for the loss of primary controls
and mitigate risk down to an acceptable level.
Write Blocker - ANS-Forensic tool to prevent the capture or analysis device or
workstation from changing data on a target disk or media. Can be hardware or software.
SQL Injection - ANS-exploits web applications.......
requires the use of " ' " to escape built in sql query
parameterized query - ANS-A technique that defends against SQL injection by
incorporating placeholders in a SQL query.
XCCDF - ANS-language that is used in creating checklists for reporting results.
HEAD / HTTP/1.1 - ANS-Using Telnet - requests the document header from the server
and provides information such as the server software version and the server's operating
system
Vulnerability reports should include - ANS-both the physical hosts and the virtual hosts
on the target network.
Process Monitor - ANS-advanced monitoring tool for Windows that shows real-time file
system, Registry, and process/thread activity
often false positives - ANS-findings that are classified as "low" priority or "for
informational purposes only."
Acceptable Use Policy (AUP) - ANS-a policy that governs employees' use of company
equipment and internet services.
Executive Summary - ANS-A brief description of the incident, including the date, time,
and scope of the attack
Quality of Service - ANS-purposely manipulating service quality to decrease their
transfer speeds (of an attacker). Used when an attack has already been succesful
The deep web - ANS-contains information that is not indexed by standard search
engines, making it invisible to conventional searches
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.