Cysa Study Prep UPDATED ACTUAL Questions and CORRECT Answers
Provides operational information and detects compromise
Endpoint monitoring
indicators.
Provide insight into endpoint behavior and compromise
Endpoint detection and response (EDR) systems
indicators.
User and entity behavior analytics (UEBA) solutions Allow deeper inspection of endpoint behavior.
Anomaly detection techniques Monitor for deviations from normal baselines.
Network monitoring Determines systems' communication with each other.
Full packet capture Stores entire contents of network communication.
Record information about communication nature and
Netflow records
length.
Help understand connection attempts made from the or-
Domain name system (DNS) queries
ganization.
Content filters Capture full URLs of webpages requested by end users.
Provides insight into user, system, and network device
Log review
behavior.
Syslog protocol Sends logs to a centralized log repository.
Simple Network Management Protocol (SNMP) Used for network device log retrieval.
Cisco devices Report log events using a standard system of log levels.
Views information about network connections on Win-
Netstat command
dows or Linux.
Nslookup and dig commands Perform DNS lookups.
Traceroute and tracert commands Discover network path between devices.
Security information and event management (SIEM) sys- Aggregate and correlate log entries to identify security
tems issues.
Security orchestration, automation, and response (SOAR) Incorporate automation and coordination between secu-
platforms rity solutions.
, Security Content Automation Protocol (SCAP) Facilitates interconnectivity in SOAR platforms.
Provide information about the path of email messages
Email headers
across the network.
Allows signing of email message body and header ele-
DomainKeys Identified Mail (DKIM)
ments for authenticity.
Sender Protection Framework (SPF) Publishes authorized mail servers for domains.
Domain-based Message Authentication, Reporting, and
Uses SPF and DKIM to determine message authenticity.
Conformance (DMARC)
Monitors for signs of intrusion and reports to administra-
Intrusion Detection System
tors.
Monitors for signs of intrusion and blocks malicious traflc
Intrusion Prevention System
automatically.
Firewall Restricts network traflc to authorized connections.
Application Allow listing Limits applications to an approved list.
Application Block listing Blocks applications on an unapproved list.
Sandbox Provides a safe space to run potentially malicious code.
Honeypot System that serves as a decoy to attract attackers.
Honeynet Unused network designed to capture probing traflc.
Uses false DNS replies to block access to known malicious
DNS Sinkhole
sites.
VPN Concentrator Provides a central aggregation point for VPN connections.
Proxy Server Makes requests to other servers on behalf of an end user.
Blocks exfiltration of sensitive information from an organi-
Data Loss Prevention
zation.
Mail Gateway Screens inbound messages for malicious content.
Provides operational information and detects compromise
Endpoint monitoring
indicators.
Provide insight into endpoint behavior and compromise
Endpoint detection and response (EDR) systems
indicators.
User and entity behavior analytics (UEBA) solutions Allow deeper inspection of endpoint behavior.
Anomaly detection techniques Monitor for deviations from normal baselines.
Network monitoring Determines systems' communication with each other.
Full packet capture Stores entire contents of network communication.
Record information about communication nature and
Netflow records
length.
Help understand connection attempts made from the or-
Domain name system (DNS) queries
ganization.
Content filters Capture full URLs of webpages requested by end users.
Provides insight into user, system, and network device
Log review
behavior.
Syslog protocol Sends logs to a centralized log repository.
Simple Network Management Protocol (SNMP) Used for network device log retrieval.
Cisco devices Report log events using a standard system of log levels.
Views information about network connections on Win-
Netstat command
dows or Linux.
Nslookup and dig commands Perform DNS lookups.
Traceroute and tracert commands Discover network path between devices.
Security information and event management (SIEM) sys- Aggregate and correlate log entries to identify security
tems issues.
Security orchestration, automation, and response (SOAR) Incorporate automation and coordination between secu-
platforms rity solutions.
, Security Content Automation Protocol (SCAP) Facilitates interconnectivity in SOAR platforms.
Provide information about the path of email messages
Email headers
across the network.
Allows signing of email message body and header ele-
DomainKeys Identified Mail (DKIM)
ments for authenticity.
Sender Protection Framework (SPF) Publishes authorized mail servers for domains.
Domain-based Message Authentication, Reporting, and
Uses SPF and DKIM to determine message authenticity.
Conformance (DMARC)
Monitors for signs of intrusion and reports to administra-
Intrusion Detection System
tors.
Monitors for signs of intrusion and blocks malicious traflc
Intrusion Prevention System
automatically.
Firewall Restricts network traflc to authorized connections.
Application Allow listing Limits applications to an approved list.
Application Block listing Blocks applications on an unapproved list.
Sandbox Provides a safe space to run potentially malicious code.
Honeypot System that serves as a decoy to attract attackers.
Honeynet Unused network designed to capture probing traflc.
Uses false DNS replies to block access to known malicious
DNS Sinkhole
sites.
VPN Concentrator Provides a central aggregation point for VPN connections.
Proxy Server Makes requests to other servers on behalf of an end user.
Blocks exfiltration of sensitive information from an organi-
Data Loss Prevention
zation.
Mail Gateway Screens inbound messages for malicious content.
