Exam (elaborations)
Comtia CYSA+ 1-299 (1).
- Course
- Institution
Comtia CYSA+ 1-299 (1).
[Show more]
Seller
Follow
modockochieng06
Content preview
Comtia CYSA+ 1-299MITRE ATT&CK - ANS-This framework provides very detailed documentation regarding threat
actor tactics, techniques, and procedures.
Avoidance - ANS-Risk ____________________ requires that activities with high levels of risk
are stopped.
Compliance - ANS-What is the name of the team that risk managers depend upon to assess
whether work is being performed in accordance to policy?
Security operations centers (SOC) - ANS-The location where security professionals monitor and
protect critical information assets in an organization.
False. Cybersecurity programs are driven by senior leadership via governance. - ANS-True or
false. Cybersecurity operations are driven by technical implementers
Risk avoidance - ANS-In risk mitigation, the practice of ceasing activity that presents risk.
Risk acceptance - ANS-The response of determining that a risk is within the organization's
appetite and no countermeasures other than ongoing monitoring is needed.
Risk mitigation - ANS-The response of reducing risk to fit within an organization's willingness to
accept risk.
Risk transference - ANS-In risk mitigation, the response of moving or sharing the responsibility
of risk to another entity, such as by purchasing cybersecurity insurance.
Threat modeling - ANS-The process of identifying and assessing the possible threat actors and
attack vectors that pose a risk to the security of an app, network, or other system.
Technical - ANS-A category of security control that is implemented as a system (hardware,
software, or firmware). Technical controls may also be described as logical controls.
Threat modeling - ANS-What activity is focused on deconstructing a system to better
understand the threats and exploits that might impact it?
Operational - ANS-A category of security control that is implemented by people.
Managerial - ANS-A category of security control that gives oversight of the information system.
,Preventative - ANS-A type of security control that acts before an incident to eliminate or reduce
the likelihood that an attack can succeed.
Detective - ANS-A type of security control that acts during an incident to identify or record that it
is happening.
Corrective - ANS-A type of security control that acts after an incident to eliminate or minimize its
impact.
Compensating - ANS-A security measure that takes on risk mitigation when a primary control
fails or cannot completely meet expectations.
Responsive - ANS-A type of security control that serves to direct corrective actions after an
incident has been confirmed.
threat actor - ANS-Person or entity responsible for an event that has been identified as a
security incident or as a risk.
attack surface - ANS-The points at which a network or application receive external connections
or inputs/outputs that are potential vectors to be exploited by a threat actor.
on-premises - ANS-Software or services installed and managed on a customer's computing
infrastructure rather than in the cloud or hosted by a third-party provider.
software as a service (SaaS) - ANS-Cloud service model that provisions fully developed
application services to users
software repository - ANS-A centralized storage location for software packages
footprint - ANS-An attack that aims to list resources on the network, host, or system as a whole
to identify potential targets for further attack
Managerial - ANS-The leadership teams would like to develop controls designed to provide
oversight of various information systems. What type of control does this describe?
Technical - ANS-A web application firewall identifies and records any attempted or successful
intrusion to a log file. What category of control does this describe?
Attack surface - ANS-What is being analyzed when all potential pathways a threat actor could
use to gain unauthorized access or control of a system are identified and documented?
Responsive - ANS-After identifying that a port scan was performed on an internal database
system, a security analyst performs a series of well-defined steps to further investigate the
issue. What type of control objective does this describe?
, Passive discovery - ANS-Systems, services, and protocols are discovered and characterized by
analyzing network packet captures. What type of discovery technique does this describe?
change management - ANS-Process through which changes to the configuration of information
systems are implemented as part of the organization's overall configuration management
efforts.
False. Patching is needed in addition to these tools. - ANS-True or False. Advanced endpoint
protection tools eliminate the need for operating system patching
False. Critical patches should be implemented immediately - ANS-True or False. Critical
security patches are best implemented during the next most convenient maintenance window.
False. Monitoring should still occur but be aware of what changes are anticipated during the
maintenance window. - ANS-True or False. Systems should not be monitored during
maintenance windows to avoid confusion.
Configuration management - ANS-What tool allows administrators to centrally create and
enforce software settings?
Change management - ANS-Which policy dictates how work is completed during a maintenance
window?
nation-states - ANS-A type of threat actor that is supported by the resources of its host country's
military and security services.
organized crime - ANS-A type of threat actor that uses hacking and computer fraud for
commercial gain.
hacktivist - ANS-A threat actor that is motivated by a social issue or political cause.
insider threat - ANS-Type of threat actor who is assigned privileges on the system and causes
an intentional or unintentional incident.
script kiddie - ANS-An inexperienced, unskilled attacker that typically uses tools or scripts
created by others.
advanced persistent threat (APT) - ANS-An attacker's ability to obtain, maintain, and diversify
access to network systems using exploits and malware.
virus - ANS-Malicious code inserted into an executable file image. The malicious code is
executed when the file is run and can deliver a payload, such as attempting to infect other files.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller modockochieng06. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
72841 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now