CYSA+ UPDATED ACTUAL Questions and CORRECT Answers
1. Shodan Shodan is a search engine for finding specific devices, and device types, that exist
online.
2. Cybersecurity Framework core: 5 functions, 22 categories, 98 subcategories
Framework
Implementation tier:
Partial, Risk informed, repeatable, adaptive
3. DNS Reverse Active reconnaissance technique.
Lookup
4. Honeypot A honey is a system designed to attract attackers.
5. Microsoft Securi- Checks for microsoft windows updates.
ty Baseline Analy-
izer It is now outdates, and does not fully support windows 10.
The Microsoft Baseline Security Analyzer (MBSA) works only with Microsoft oper-
ating systems.
6. Nexpose A Vulnerability Scanner
7. NIST National Institute Of Standards and Technology.
Controls to be compliant with federal information processing standards. (FIPS)
NIST has four phases. Planning, Discovery, Attack and Reporting.
, Life Cycle: preparation; detection and analysis; containment, eradication, and
recovery; and post-incident activity. Notification and communication may occur in
multiple phases.
Discovery and attack is often replayed during a pen test.
Legal counsel is a group will not come in contact with for IR
NIST 800-53 Guide For Risk Assessments.
NIST SP800-88, along with many forensic manuals, requires a complete zero
wipe of the drive but does not require multiple rounds of wiping. Degaussing
is primarily used for magnetic media-like tapes and may not completely wipe a
hard drive (and may, in fact, damage it). Using the ATA Secure Erase command is
commonly used for SSDs.
NIST SP-800-88 recommends clearing media and then validating and docu-
menting that it was cleared. Clearing uses logical techniques to sanitize data in
user-addressable storage locations and protects against noninvasive data recov-
ery techniques. This level of security is appropriate to moderately sensitive data
contained on media that will remain in an organization.
8. Honeynet A honeynet is a simulated network of honeypots.
9. IPS Intrustion Prevention System
TippingPoint is an intrusion prevention system.
10. Analysis Availability analysis targets whether a system or service is working as expected.
Availability based
11. bcrypt Strong password hashing algorithm stronger than MD5 and SHA-1
,12. Jump Host Allows for easier administrative access and can serve as additional Security be-
tween the administrative workstations and the protected network.
13. Trusted Foundry Works to ensure the integrity of confidentiality of integrated circuit design and
manufacturing.
14. netstat Provides information about other systems on a network. As well as open ports and
systems it is connected to.
A Passive Technique
Can find active TCP connections, list of executables by connection, and route table
information
netstat -pe: P flag provides process details and the E flag will show extended
information that includes usernames.
15. nMap nMap is used to actively build a network map.
nMap SYN scan is the default scan with no options.
nMap -O: Common Platform Enumeration data when the -O (OS fingerprinting)
and verbose flags are used.
-A also enables OS identification and other features.
-A also enables OS identification and other features.
nMap -T: changes speed of the scan
nMap -sP: flag for nmap indicates a ping scan, and /24 indicates a range of 255
addresses.
By default nmap scans 1,000 of the most common TCP ports.
, nmap provides multiple scan modes, including a TCP SYN scan, denoted by the
-sS flag. This is far stealthier than the full TCP connect scan, which uses the -sT
flag. Turning off pings with the -P0 flag helps with stealth, and setting the scan
speed using the -T flag to either a 0 for paranoid or a 1 for sneaky will help bypass
many IDSs
nmap's Common Platform Enumeration is a standardized way to name applica-
tions, operating systems, and hardware.
actively scans a network
cpe:/o indicates operating system identification,
nmap can combine operating system identification and time to live to take a
reasonable guess at the number of hops in the network path between the scanner
and a remote system.
nmap with no flags: By default, nmap scans all of the low-numbered ports
(1-1024) and those that are specifically listed in the nmap-services file.
16. Banner Grabbing A method used to gain information about a remote system. It identifies the
operating system and other details on the remote system. This is also a active
reconnaissance technique.
Tools for grabber banning
wget, telnet, and netcat.
FTP does not grab banners.
17. wget wget command is a command line utility for downloading files from the Internet.
It grabs banners.
18. nbtstat
1. Shodan Shodan is a search engine for finding specific devices, and device types, that exist
online.
2. Cybersecurity Framework core: 5 functions, 22 categories, 98 subcategories
Framework
Implementation tier:
Partial, Risk informed, repeatable, adaptive
3. DNS Reverse Active reconnaissance technique.
Lookup
4. Honeypot A honey is a system designed to attract attackers.
5. Microsoft Securi- Checks for microsoft windows updates.
ty Baseline Analy-
izer It is now outdates, and does not fully support windows 10.
The Microsoft Baseline Security Analyzer (MBSA) works only with Microsoft oper-
ating systems.
6. Nexpose A Vulnerability Scanner
7. NIST National Institute Of Standards and Technology.
Controls to be compliant with federal information processing standards. (FIPS)
NIST has four phases. Planning, Discovery, Attack and Reporting.
, Life Cycle: preparation; detection and analysis; containment, eradication, and
recovery; and post-incident activity. Notification and communication may occur in
multiple phases.
Discovery and attack is often replayed during a pen test.
Legal counsel is a group will not come in contact with for IR
NIST 800-53 Guide For Risk Assessments.
NIST SP800-88, along with many forensic manuals, requires a complete zero
wipe of the drive but does not require multiple rounds of wiping. Degaussing
is primarily used for magnetic media-like tapes and may not completely wipe a
hard drive (and may, in fact, damage it). Using the ATA Secure Erase command is
commonly used for SSDs.
NIST SP-800-88 recommends clearing media and then validating and docu-
menting that it was cleared. Clearing uses logical techniques to sanitize data in
user-addressable storage locations and protects against noninvasive data recov-
ery techniques. This level of security is appropriate to moderately sensitive data
contained on media that will remain in an organization.
8. Honeynet A honeynet is a simulated network of honeypots.
9. IPS Intrustion Prevention System
TippingPoint is an intrusion prevention system.
10. Analysis Availability analysis targets whether a system or service is working as expected.
Availability based
11. bcrypt Strong password hashing algorithm stronger than MD5 and SHA-1
,12. Jump Host Allows for easier administrative access and can serve as additional Security be-
tween the administrative workstations and the protected network.
13. Trusted Foundry Works to ensure the integrity of confidentiality of integrated circuit design and
manufacturing.
14. netstat Provides information about other systems on a network. As well as open ports and
systems it is connected to.
A Passive Technique
Can find active TCP connections, list of executables by connection, and route table
information
netstat -pe: P flag provides process details and the E flag will show extended
information that includes usernames.
15. nMap nMap is used to actively build a network map.
nMap SYN scan is the default scan with no options.
nMap -O: Common Platform Enumeration data when the -O (OS fingerprinting)
and verbose flags are used.
-A also enables OS identification and other features.
-A also enables OS identification and other features.
nMap -T: changes speed of the scan
nMap -sP: flag for nmap indicates a ping scan, and /24 indicates a range of 255
addresses.
By default nmap scans 1,000 of the most common TCP ports.
, nmap provides multiple scan modes, including a TCP SYN scan, denoted by the
-sS flag. This is far stealthier than the full TCP connect scan, which uses the -sT
flag. Turning off pings with the -P0 flag helps with stealth, and setting the scan
speed using the -T flag to either a 0 for paranoid or a 1 for sneaky will help bypass
many IDSs
nmap's Common Platform Enumeration is a standardized way to name applica-
tions, operating systems, and hardware.
actively scans a network
cpe:/o indicates operating system identification,
nmap can combine operating system identification and time to live to take a
reasonable guess at the number of hops in the network path between the scanner
and a remote system.
nmap with no flags: By default, nmap scans all of the low-numbered ports
(1-1024) and those that are specifically listed in the nmap-services file.
16. Banner Grabbing A method used to gain information about a remote system. It identifies the
operating system and other details on the remote system. This is also a active
reconnaissance technique.
Tools for grabber banning
wget, telnet, and netcat.
FTP does not grab banners.
17. wget wget command is a command line utility for downloading files from the Internet.
It grabs banners.
18. nbtstat
