CYSA EXAM TEST
SOLUTION LATEST
UPDATE 2023
Describe one advantage and one disadvantage of using the -T0 switch when performing
an Nmap scan. - ANSWER This sets an extremely high delay between probes, which
may help to evade detection systems but will take a very long time to return results...
CYSA EXAM TEST SOLUTION LATEST UPDATE 2023 Describe one advantage and one disadvantage of using the -T0 switch when performing an Nmap scan. - ANSWER T his sets an extremely high delay between probes, which may help to evade detection systems but will take a very long time to return results. What is the principal challenge in scanning UDP ports? - ANSWER UDP does not send ACK messages so the scan must u se timeouts to interpret the port state. This makes scanning a wide range of UDP ports a lengthy process. True or false? A port that is reported as "closed" by Nmap is likely to be one protected by a firewall. - ANSWER False. A closed port responds to pr obes with an RST because there is no service available to process the request. This means that the port is accessible through the firewall. A port blocked by a firewall is in the "filtered" state. 4.What is the function of the -A switch in Nmap? - ANSWER Performs service detection (verify that the packets delivered over a port correspond to the "well known" protocol associated with that port) and version detection (using the scripts marked "default"). How do you run a specific Nmap script or category of scripts? - ANSWER Use the --
script argument with the script name or path or category name. What is the advantage of the Nmap "grepable" output format? - ANSWER grep is a Linux command for running a regular expression to search for a particular string. Nmap's grepable output is easier for this tool to parse. Despite operating a patch management program, your company has been exposed to several attacks over the last few months. You have drafted a policy to require a lessons - learned incident report be cre ated to review the historical attacks and to make this analysis a requirement following future attacks. How can this type of control be classified? - ANSWER It is implemented as an administrative control as it is procedural rather than technical in nature . Additionally, it is a managerial control rather than an operational control as it seeks oversight of day -to-day processes with a view to improving them. In terms of function, you can classify it as corrective, as it occurs after an attack has taken place . 2A bespoke application used by your company has been the target of malware. The developers have created signatures for the application's binaries, and these have been added to endpoint detection and response (EDR) scanning software running on each works tation. If a scan shows that a binary image no longer matches its signature, an administrative alert is generated. What type of security control is this? - ANSWER This is a technical control as it is implemented in software. In functional terms, it acts a s a detective control because it does not stop malware from replacing the original file image (preventative control) or restore the original file automatically (corrective control). Your company is interested in implementing routine backups of all custome r databases. This will help uphold availability because you will be able to quickly and easily restore the backed -up copy, and it will also help uphold integrity in case someone tampers with the database. What controls can you implement to round out your r isk mitigation strategy and uphold the components of the CIA triad? - ANSWER You should consider the confidentiality component. The backups contain the same privileged information as the live copy and so must be protected by confidentiality controls. Acce ss controls can be used to ensure that only authorized backup operators have access to the data. Encryption can be used as an additional layer of protection . Your chief information security officer (CISO) wants to develop a new collection and analysis platform that will enable the security team to extract actionable data from its assets. The CISO would like your input as far as which data sources to draw from a s part of the new collection platform, worrying that collecting from too many sources, or not enough, could impede the company's ability to analyze information. Is this a valid concern, and how can it be addressed within an intelligence life -cycle model? - ANSWER Yes, it is a valid concern. The requirements (or planning and direction) phase of the intelligence cycle can be used to evaluate data sources and develop goals and objectives for producing actionable intelligence to support use cases demanded by intelligence consumers. You can also mention that the feedback phase of the cycle provides the opportunity to review sources and determine whether they are delivering valuable intelligence . What are the characteristics to use to evaluate threat data and in telligence sources? - ANSWER Firstly, you can distinguish sources as either proprietary/closed -source, public/open -source, or community -based, such as an ISAC. Within those categories, data feeds can be assessed for timeliness, relevancy, and accuracy. It is also important for analyst opinions and threat data points to be tagged with a confidence level. What are the phases of the intelligence cycle? - ANSWER Requirements (often called planning and direction), collection (and processing), analysis, dissem ination, and feedback.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller STUDENTSCORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
