CompTIA CySA+ (D483) Questions and
Complete Solutions Graded A+
Security Content Automation Protocol (SCAP) - Answer: A suite of interoperable specifications
designed to standardize the formatting and naming conventions used to identify and report on
the presence of software flaws, such as misconfigurations and/or vulnerabilities.
SCAP Languages - Answer: * Open Vulnerability and Assessment Language (OVAL)
* Asset Reporting Format (ARF)
* Extensible Configuration Checklist Description Format (XCCDF)
Nikto - Answer: Command line web server scanner that the security analyst can use to
specifically identify vulnerabilities in web servers. It can quickly scan multiple web servers and
provide comprehensive information on any detected vulnerabilities.
Cybersecurity service-level objectives (SLOs) - Answer: Objectives that help measure and assess
the effectiveness of security operations.
Include:
* Mean Time to Detect (MTTD)
* Mean time to Recover (MTTR)
* Time to Patch.
Threat modeling - Answer: The process of identifying and assessing the possible threat actors
and attack vectors that pose a risk to the security of an app, network, or other system.
,It is typically a collaborative process
Technical Security Controls - Answer: A category of security control that is implemented as a
system (hardware, software, or firmware). Examples include firewalls, antivirus software, and
OS access control. Also called logical controls.
Managerial Security Controls - Answer: Managerial controls focus on evaluating and managing
risks at a broader organizational level.
A category of security control that gives oversight of the information system.
Operational Security Controls - Answer: Day-to-day procedures and guidelines implemented and
followed by employees and IT staff. A category of security control that is implemented by
people.
Examples, security guards and training programs are operational controls rather than technical
controls.
Preventative Security Controls - Answer: A type of security control that acts before an incident
to eliminate or reduce the likelihood that an attack can succeed.
Detective Security Controls - Answer: A type of security control that acts during an incident to
identify or record that it is happening.
Corrective Security Controls - Answer: A type of security control that acts after an incident to
eliminate or minimize its impact.
Responsive Security Controls - Answer: A type of security control that serves to direct corrective
actions after an incident has been confirmed.
,Attack Surface - Answer: All potential pathways a threat actor could use
Edge discovery - Answer: Composed of every device with Internet connectivity.
Adversary emulation - Answer: Involves simulating a real-world cyber attack by an actual
adversary to assess an organization's defenses. This technique involves a more comprehensive
and realistic simulation of a targeted attack.
Methods of Reducing Attack Surface - Answer: · Asset inventory
· Access control
· Patching and updating
· Network segmentation
· Removing unnecessary components
· Employee training
Configuration Management Tools - Answer: · Puppet
· Ansible
· Chef
· Terraform
Sources of OSINT - Answer: · Publicly available information
· Social Media
· HTML Code
· Metadata
Sources of Defensive OSINT - Answer: · CERT
, · CSIRT
· Deep/Dark Web
· Internal Sources
· Government Bulletins
Decoy Methods - Answer: · Active Defense - Using offensive actions to outmaneuver an
adversary to make an attack harder to execute.
· Honeypots - A host, network, or file set up with the purpose of luring attackers away from
assets of actual value and/or discovering attack strategies and weaknesses in the security
configuration.
Indicators of Attack (IoT) - Answer: Signs or clues indicating a malicious attack on a system or
network is currently occurring. These include, but are not limited to, unusual network traffic,
strange log file entries, or suspicious user account activity.
Indicators of Compromise (IoC) - Answer: Suggest that a security incident may have occurred,
such as traffic from an IP or domain associated with malicious activity. Identified in system and
applications logs, network monitoring software, endpoint protection tools, and security
information and event management (SIEM) platforms. Do not prove a successful attack or
breach has occurred.
JavaScript Object Notation (JSON) - Answer: An ideal choice for web applications due to its
lightweight nature, ease of parsing in JavaScript environments, and efficient client-server
communication over networks.
Good for large data sets
Secure Access Service Edge (SASE) - Answer: A networking and security architecture that
provides secure access to cloud applications and services while reducing complexity. It
Complete Solutions Graded A+
Security Content Automation Protocol (SCAP) - Answer: A suite of interoperable specifications
designed to standardize the formatting and naming conventions used to identify and report on
the presence of software flaws, such as misconfigurations and/or vulnerabilities.
SCAP Languages - Answer: * Open Vulnerability and Assessment Language (OVAL)
* Asset Reporting Format (ARF)
* Extensible Configuration Checklist Description Format (XCCDF)
Nikto - Answer: Command line web server scanner that the security analyst can use to
specifically identify vulnerabilities in web servers. It can quickly scan multiple web servers and
provide comprehensive information on any detected vulnerabilities.
Cybersecurity service-level objectives (SLOs) - Answer: Objectives that help measure and assess
the effectiveness of security operations.
Include:
* Mean Time to Detect (MTTD)
* Mean time to Recover (MTTR)
* Time to Patch.
Threat modeling - Answer: The process of identifying and assessing the possible threat actors
and attack vectors that pose a risk to the security of an app, network, or other system.
,It is typically a collaborative process
Technical Security Controls - Answer: A category of security control that is implemented as a
system (hardware, software, or firmware). Examples include firewalls, antivirus software, and
OS access control. Also called logical controls.
Managerial Security Controls - Answer: Managerial controls focus on evaluating and managing
risks at a broader organizational level.
A category of security control that gives oversight of the information system.
Operational Security Controls - Answer: Day-to-day procedures and guidelines implemented and
followed by employees and IT staff. A category of security control that is implemented by
people.
Examples, security guards and training programs are operational controls rather than technical
controls.
Preventative Security Controls - Answer: A type of security control that acts before an incident
to eliminate or reduce the likelihood that an attack can succeed.
Detective Security Controls - Answer: A type of security control that acts during an incident to
identify or record that it is happening.
Corrective Security Controls - Answer: A type of security control that acts after an incident to
eliminate or minimize its impact.
Responsive Security Controls - Answer: A type of security control that serves to direct corrective
actions after an incident has been confirmed.
,Attack Surface - Answer: All potential pathways a threat actor could use
Edge discovery - Answer: Composed of every device with Internet connectivity.
Adversary emulation - Answer: Involves simulating a real-world cyber attack by an actual
adversary to assess an organization's defenses. This technique involves a more comprehensive
and realistic simulation of a targeted attack.
Methods of Reducing Attack Surface - Answer: · Asset inventory
· Access control
· Patching and updating
· Network segmentation
· Removing unnecessary components
· Employee training
Configuration Management Tools - Answer: · Puppet
· Ansible
· Chef
· Terraform
Sources of OSINT - Answer: · Publicly available information
· Social Media
· HTML Code
· Metadata
Sources of Defensive OSINT - Answer: · CERT
, · CSIRT
· Deep/Dark Web
· Internal Sources
· Government Bulletins
Decoy Methods - Answer: · Active Defense - Using offensive actions to outmaneuver an
adversary to make an attack harder to execute.
· Honeypots - A host, network, or file set up with the purpose of luring attackers away from
assets of actual value and/or discovering attack strategies and weaknesses in the security
configuration.
Indicators of Attack (IoT) - Answer: Signs or clues indicating a malicious attack on a system or
network is currently occurring. These include, but are not limited to, unusual network traffic,
strange log file entries, or suspicious user account activity.
Indicators of Compromise (IoC) - Answer: Suggest that a security incident may have occurred,
such as traffic from an IP or domain associated with malicious activity. Identified in system and
applications logs, network monitoring software, endpoint protection tools, and security
information and event management (SIEM) platforms. Do not prove a successful attack or
breach has occurred.
JavaScript Object Notation (JSON) - Answer: An ideal choice for web applications due to its
lightweight nature, ease of parsing in JavaScript environments, and efficient client-server
communication over networks.
Good for large data sets
Secure Access Service Edge (SASE) - Answer: A networking and security architecture that
provides secure access to cloud applications and services while reducing complexity. It
