Cysa Review Activities UPDATED ACTUAL Questions and CORRECT Answers
This sets an extremely high delay between probes, which
Describe one advantage and one disadvantage of using
may help to evade detection systems but will take a very
the -T0 switch when performing an Nmap scan.
long time to return results.
UDP does not send ACK messages so the scan must use
What is the principal challenge in scanning UDP ports? timeouts to interpret the port state. This makes scanning
a wide range of UDP ports a lengthy process.
False. A closed port responds to probes with an RST be-
True or false? A port that is reported as "closed" by Nmap cause there is no service available to process the request.
is likely to be one protected by a firewall. This means that the port is accessible through the firewall.
A port blocked by a firewall is in the "filtered" state.
Performs service detection (verify that the packets deliv-
ered over a port correspond to the "well known" protocol
4.What is the function of the -A switch in Nmap?
associated with that port) and version detection (using the
scripts marked "default").
How do you run a specific Nmap script or category of Use the --script argument with the script name or path or
scripts? category name.
grep is a Linux command for running a regular expression
What is the advantage of the Nmap "grepable" output
to search for a particular string. Nmap's grepable output
format?
is easier for this tool to parse.
Despite operating a patch management program, your It is implemented as an administrative control as it is
company has been exposed to several attacks over the last procedural rather than technical in nature. Additionally, it
few months. You have drafted a policy to require a lessons- is a managerial control rather than an operational control
learned incident report be created to review the historical as it seeks oversight of day-to-day processes with a view
attacks and to make this analysis a requirement following to improving them. In terms of function, you can classify it
future attacks. How can this type of control be classified? as corrective, as it occurs after an attack has taken place.
2A bespoke application used by your company has been
This is a technical control as it is implemented in software.
the target of malware. The developers have created sig-
In functional terms, it acts as a detective control because
natures for the application's binaries, and these have
it does not stop malware from replacing the original file
been added to endpoint detection and response (EDR)
, scanning software running on each workstation. If a scan
shows that a binary image no longer matches its signa- image (preventative control) or restore the original file
ture, an administrative alert is generated. What type of automatically (corrective control).
security control is this?
Your company is interested in implementing routine back-
ups of all customer databases. This will help uphold avail- You should consider the confidentiality component. The
ability because you will be able to quickly and easily re- backups contain the same privileged information as the
store the backed-up copy, and it will also help uphold live copy and so must be protected by confidentiality
integrity in case someone tampers with the database. controls. Access controls can be used to ensure that only
What controls can you implement to round out your risk authorized backup operators have access to the data. En-
mitigation strategy and uphold the components of the CIA cryption can be used as an additional layer of protection.
triad?
Your chief information security oflcer (CISO) wants to
Yes, it is a valid concern. The requirements (or planning
develop a new collection and analysis platform that will
and direction) phase of the intelligence cycle can be used
enable the security team to extract actionable data from
to evaluate data sources and develop goals and objec-
its assets. The CISO would like your input as far as which
tives for producing actionable intelligence to support use
data sources to draw from as part of the new collection
cases demanded by intelligence consumers. You can also
platform, worrying that collecting from too many sources,
mention that the feedback phase of the cycle provides
or not enough, could impede the company's ability to
the opportunity to review sources and determine whether
analyze information. Is this a valid concern, and how can
they are delivering valuable intelligence.
it be addressed within an intelligence life-cycle model?
Firstly, you can distinguish sources as either propri-
etary/closed-source, public/open-source, or communi- ty-
What are the characteristics to use to evaluate threat data based, such as an ISAC. Within those categories, data
and intelligence sources? feeds can be assessed for timeliness, relevancy, and ac-
curacy. It is also important for analyst opinions and threat
data points to be tagged with a confidence level.
Requirements (often called planning and direction), col-
What are the phases of the intelligence cycle? lection (and processing), analysis, dissemination, and
feedback.
What are your strategic, operational, and tactical require-
ments for threat intelligence?
This sets an extremely high delay between probes, which
Describe one advantage and one disadvantage of using
may help to evade detection systems but will take a very
the -T0 switch when performing an Nmap scan.
long time to return results.
UDP does not send ACK messages so the scan must use
What is the principal challenge in scanning UDP ports? timeouts to interpret the port state. This makes scanning
a wide range of UDP ports a lengthy process.
False. A closed port responds to probes with an RST be-
True or false? A port that is reported as "closed" by Nmap cause there is no service available to process the request.
is likely to be one protected by a firewall. This means that the port is accessible through the firewall.
A port blocked by a firewall is in the "filtered" state.
Performs service detection (verify that the packets deliv-
ered over a port correspond to the "well known" protocol
4.What is the function of the -A switch in Nmap?
associated with that port) and version detection (using the
scripts marked "default").
How do you run a specific Nmap script or category of Use the --script argument with the script name or path or
scripts? category name.
grep is a Linux command for running a regular expression
What is the advantage of the Nmap "grepable" output
to search for a particular string. Nmap's grepable output
format?
is easier for this tool to parse.
Despite operating a patch management program, your It is implemented as an administrative control as it is
company has been exposed to several attacks over the last procedural rather than technical in nature. Additionally, it
few months. You have drafted a policy to require a lessons- is a managerial control rather than an operational control
learned incident report be created to review the historical as it seeks oversight of day-to-day processes with a view
attacks and to make this analysis a requirement following to improving them. In terms of function, you can classify it
future attacks. How can this type of control be classified? as corrective, as it occurs after an attack has taken place.
2A bespoke application used by your company has been
This is a technical control as it is implemented in software.
the target of malware. The developers have created sig-
In functional terms, it acts as a detective control because
natures for the application's binaries, and these have
it does not stop malware from replacing the original file
been added to endpoint detection and response (EDR)
, scanning software running on each workstation. If a scan
shows that a binary image no longer matches its signa- image (preventative control) or restore the original file
ture, an administrative alert is generated. What type of automatically (corrective control).
security control is this?
Your company is interested in implementing routine back-
ups of all customer databases. This will help uphold avail- You should consider the confidentiality component. The
ability because you will be able to quickly and easily re- backups contain the same privileged information as the
store the backed-up copy, and it will also help uphold live copy and so must be protected by confidentiality
integrity in case someone tampers with the database. controls. Access controls can be used to ensure that only
What controls can you implement to round out your risk authorized backup operators have access to the data. En-
mitigation strategy and uphold the components of the CIA cryption can be used as an additional layer of protection.
triad?
Your chief information security oflcer (CISO) wants to
Yes, it is a valid concern. The requirements (or planning
develop a new collection and analysis platform that will
and direction) phase of the intelligence cycle can be used
enable the security team to extract actionable data from
to evaluate data sources and develop goals and objec-
its assets. The CISO would like your input as far as which
tives for producing actionable intelligence to support use
data sources to draw from as part of the new collection
cases demanded by intelligence consumers. You can also
platform, worrying that collecting from too many sources,
mention that the feedback phase of the cycle provides
or not enough, could impede the company's ability to
the opportunity to review sources and determine whether
analyze information. Is this a valid concern, and how can
they are delivering valuable intelligence.
it be addressed within an intelligence life-cycle model?
Firstly, you can distinguish sources as either propri-
etary/closed-source, public/open-source, or communi- ty-
What are the characteristics to use to evaluate threat data based, such as an ISAC. Within those categories, data
and intelligence sources? feeds can be assessed for timeliness, relevancy, and ac-
curacy. It is also important for analyst opinions and threat
data points to be tagged with a confidence level.
Requirements (often called planning and direction), col-
What are the phases of the intelligence cycle? lection (and processing), analysis, dissemination, and
feedback.
What are your strategic, operational, and tactical require-
ments for threat intelligence?
