CYSA+ 002 UPDATED ACTUAL Questions and CORRECT Answers
A category of security control that is implemented as a
Technical (logical) controls
system (hardware, software, or firmware)
A category of security control that is implemented primar-
Operational Controls
ily by people rather than systems
A category of security control that provides oversight of the
Managerial Controls
information system
A control that acts to eliminate or reduce the likelihood that
Preventative Controls
an attack can succeed
A control may not prevent or deter access, but it will iden-
Detective Control
tify and record any attempted or successful intrusion
A control acts to eliminate or reduce the impact of an
Corrective Control
intrusion event
A type of security control that acts against in-person intru-
Physical Control
sion attempts
A type of security control that discourages intrusion at-
Deterrent Control
tempts
A type of security control that acts as a substitute for a
Compensating Controls
principal control
The process through which data generated in the ongo-
ing use of information systems is collected, processed,
Security Intelligence
analyzed, and disseminated to provide insights into the
security status of those systems
The process of investigating, collecting, analyzing, and
disseminating information about emerging threats and
Cyber Threat Intelligence threat sources to provide data about the external threat
landscape ªNarrative reports ªData Feeds You don't use
narrative reports or data feeds... you use both!
, Most security companies like McAfee, FireEye, Red Canary,
Threat Intelligence Reports
and numerous others produce these reports
Intelligence Cycle
1. Requirements Planning and Direction
2. Collection & Processing
Intelligence Cycle Steps 3. Analysis
4. Dissemination
5. Feedback
The Intelligence cycle phase that sets out the goals for the
Requirements (Planning & Direction)
intelligence gathering effort
The Intelligence cycle phase that is implemented by soft-
Collection (& Processing) ware tools, such as SIEMs, and then processed for later
analysis
The intelligence phase that performed against the giv-
en use cases from the planning phase and may utilize
Analysis
automated analysis, artificial intelligence, and machine
learning
The Intelligence cycle phase that refers to publishing in-
formation produced by analysis to consumers who need
to act on the insights developed
Dissemination
ªStrategic
ªOperational
ªTactical
The phase that aims to clarify requirements and improve
the collection, analysis, and dissemination of information
by reviewing current inputs and outputs
, ªLessons learned
Feedback ªMeasurable success
ªEvolving threat issues
Property of an intelligence source that ensures it is
Timeliness
up-to-date
Property of an intelligence source that ensures it matches
Relevancy
the use cases intended for it
Property of an intelligence source that ensures it produces
Accuracy
effective results
Property of an intelligence source that ensures it produces
Confidence Levels
qualified statements about reliability
Threat intelligence that is very widely provided as a com-
Proprietary mercial service offering, where access to updates and
research is subject to a subscription fee
Data that is derived from the provider's own research and
analysis efforts, such as data from honeynets that they op-
Closed-Source
erate, plus information mined from its customers' systems,
suitably anonymized
Data that available to use without subscription, may in-
clude threat feeds similar to the commercial providers,
and may contain reputation lists and malware signature
databases
ªUS-CERT
Open-Source ªUK's NCSC
ªAT&T Security (OTX)
ªMISP
ªVirusTotal
ªSpamhaus
ªSANS ISC Suspicious Domains
A category of security control that is implemented as a
Technical (logical) controls
system (hardware, software, or firmware)
A category of security control that is implemented primar-
Operational Controls
ily by people rather than systems
A category of security control that provides oversight of the
Managerial Controls
information system
A control that acts to eliminate or reduce the likelihood that
Preventative Controls
an attack can succeed
A control may not prevent or deter access, but it will iden-
Detective Control
tify and record any attempted or successful intrusion
A control acts to eliminate or reduce the impact of an
Corrective Control
intrusion event
A type of security control that acts against in-person intru-
Physical Control
sion attempts
A type of security control that discourages intrusion at-
Deterrent Control
tempts
A type of security control that acts as a substitute for a
Compensating Controls
principal control
The process through which data generated in the ongo-
ing use of information systems is collected, processed,
Security Intelligence
analyzed, and disseminated to provide insights into the
security status of those systems
The process of investigating, collecting, analyzing, and
disseminating information about emerging threats and
Cyber Threat Intelligence threat sources to provide data about the external threat
landscape ªNarrative reports ªData Feeds You don't use
narrative reports or data feeds... you use both!
, Most security companies like McAfee, FireEye, Red Canary,
Threat Intelligence Reports
and numerous others produce these reports
Intelligence Cycle
1. Requirements Planning and Direction
2. Collection & Processing
Intelligence Cycle Steps 3. Analysis
4. Dissemination
5. Feedback
The Intelligence cycle phase that sets out the goals for the
Requirements (Planning & Direction)
intelligence gathering effort
The Intelligence cycle phase that is implemented by soft-
Collection (& Processing) ware tools, such as SIEMs, and then processed for later
analysis
The intelligence phase that performed against the giv-
en use cases from the planning phase and may utilize
Analysis
automated analysis, artificial intelligence, and machine
learning
The Intelligence cycle phase that refers to publishing in-
formation produced by analysis to consumers who need
to act on the insights developed
Dissemination
ªStrategic
ªOperational
ªTactical
The phase that aims to clarify requirements and improve
the collection, analysis, and dissemination of information
by reviewing current inputs and outputs
, ªLessons learned
Feedback ªMeasurable success
ªEvolving threat issues
Property of an intelligence source that ensures it is
Timeliness
up-to-date
Property of an intelligence source that ensures it matches
Relevancy
the use cases intended for it
Property of an intelligence source that ensures it produces
Accuracy
effective results
Property of an intelligence source that ensures it produces
Confidence Levels
qualified statements about reliability
Threat intelligence that is very widely provided as a com-
Proprietary mercial service offering, where access to updates and
research is subject to a subscription fee
Data that is derived from the provider's own research and
analysis efforts, such as data from honeynets that they op-
Closed-Source
erate, plus information mined from its customers' systems,
suitably anonymized
Data that available to use without subscription, may in-
clude threat feeds similar to the commercial providers,
and may contain reputation lists and malware signature
databases
ªUS-CERT
Open-Source ªUK's NCSC
ªAT&T Security (OTX)
ªMISP
ªVirusTotal
ªSpamhaus
ªSANS ISC Suspicious Domains
