CYSA+ 003 UPDATED ACTUAL Questions and CORRECT Answers
ËSomething you are
ËSomething you know
ËSomething you have
2 Factor Authentication
* New and improved statement on 2 factor or multi factor
-- Location -- Behaviors (but NIST doesn't totally accept
this yet)
Corporate network
3 threat model scenarios Websites and Cloud
Internal custom apps
4 key pillars to intelligence gathering CART
Completeness - Accuracy - Relevance - Timeliness
Preparation
Detection and analysis
4 phases of the incident response cycle
Containment
Eradication and recovery
Identify
Protect
5 functions of NIST Framework Detect
Respond
Recover
ËDigital authentication is usually a user name and pass-
word
ËUser name is identifier (SID) that computers look at to
Authentication is
authenticate
ËW/passwords you are looking at shared secret.
These two items together authenticate
Ë
Authorization Based off who you are do you have rights to this resource
Best practice for where to store logs and rules around the
location
,SIEM - Security Information and event management
2 functions
- act as central local in secure way;
- apply AI/ML to correlate
*** Rules - can create own rules or do queries - interpret
the meaning behind individual points in a query to alert
(Conditions with logical expressions, full queries to extract,
sting search) - allows on command to take output and
return with specified info and can sort and do lots with it.
Goal of SW security is maintain CIA and enable successful
business operations, important to understand client side
controls don't provide a security benefit and security isn't
a focus it's usually about does it do what's intended
- input validation - output validation - authentication &
Best Practices for Securing Code should check what areas
password - session management - access control - Cryp-
tography practice - error handling and logging - data
protection - communication security - system configura-
tion - Database security - File Management - memory
management - general coding practice
ËAV - Attack vector - access required to exploit; higher ex-
ploits can be implemented remotely vs physical presence
(N-Network, Adjacent, L-Local, P-Physical)
ËAC - Attack complexity - based on what's required outside
attackers control to exploit; higher scores require addi-
tional attacker work like a shared secret key or man in the
middle (low, high)
ËPR - Privileges required - based on attackers privileges
required to exploit; something requiring admin control
will have higher score (N-None, Low, High)
ËUI - User Interaction - varies based on if the attacker
needs others willingly or not to execute; score is higher is
, you can attack autonomously, with no participation. (none,
required)
ËS - Scope - Can the vulnerability component prorogate to
other components (Unchanged, changed)
ËI - Impact - focuses on outcome you can achieve and
which CIA gets compromised. -- Confidentiality - amount
break down a cvss v 3 score what is in base
of data the attacker can gain access too; higher if all data
on systems is accessible (high, Low, none) -- Integrity -
ability of attacker to alter or change data or system; if
major modification can occur score is higher (high, Low,
none) --Availability - loss of availability of exploited system.
Higher is system no longer accessible. (high, Low, none)
Group of protocols that provide an authentication mecha-
nism to devices that want to attach to LAN or WANIt defines
the encapsulation of Extensible Authentication Protocol
(EAP) over wired(.3 ethernet, .5 token ring) and wireless
(802.11)
Break down IEEE 802.1X more what is the wired v wireless
** 3 parties involved supplicant, authenticator, authentica-
tion server
***Progression steps are
INITIALIZATION - INITIATION - NEGOTIATION - AUTHENTI-
CATION
Cert Management lifecycle tasks Deploy - Update - Remove
Common commands for HTTP Post - Put - Head - Get
- Unauthorized SW/Files
- Suspicious emails
- Suspicious registry/file system changes
Common IOCs are
- Unknown port/protocol usage
- Excessive bandwidth usage
- Rogue hardware
, - Service disruption and defacement
- Suspicious or unauthorized account usage
Masquerading - DLL injection - DLL sideloading - Process
Common methods of code injection
hallowing
Common way to secure a device .... digital cert that creates trust
SAM (Subject Alternative Name) - identifies sub domains
or emails this applies to, a lot of Co. use SAN as part of the
cert
** wildcards - helps identify that all sub domains of the
Common/Popular fields with certificates
part are accepted
** Certificate Transparency (CT) Framework - logs available
to public CA and can show information and log file will
have entry visibility
May want to look at VPC (Virtual Private cloud) - customer
is responsible for IP address and touring, all routing, host-
ed publicly but isolated from other customers May want to
Considerations for network in the cloud look at using SSH, IPSec or TLS for access to VPC '
*** May consider serverless deployments no worries
about infrastructure, but open to function injection, bro-
ken auth
Payment Card Industry - Data Security Standard - Install
and maintain a firewall configuration to protect cardholder
data - Do not use vendor-supplied defaults for system
passwords and other security parameters
- Protect stored cardholder data
Define PCI-DSS & 12 requirements
- Encrypt transmission of cardholder data across open,
public networks
- Use and regularly update anti-virus software or pro-
grams
- Develop and maintain secure systems and applications
ËSomething you are
ËSomething you know
ËSomething you have
2 Factor Authentication
* New and improved statement on 2 factor or multi factor
-- Location -- Behaviors (but NIST doesn't totally accept
this yet)
Corporate network
3 threat model scenarios Websites and Cloud
Internal custom apps
4 key pillars to intelligence gathering CART
Completeness - Accuracy - Relevance - Timeliness
Preparation
Detection and analysis
4 phases of the incident response cycle
Containment
Eradication and recovery
Identify
Protect
5 functions of NIST Framework Detect
Respond
Recover
ËDigital authentication is usually a user name and pass-
word
ËUser name is identifier (SID) that computers look at to
Authentication is
authenticate
ËW/passwords you are looking at shared secret.
These two items together authenticate
Ë
Authorization Based off who you are do you have rights to this resource
Best practice for where to store logs and rules around the
location
,SIEM - Security Information and event management
2 functions
- act as central local in secure way;
- apply AI/ML to correlate
*** Rules - can create own rules or do queries - interpret
the meaning behind individual points in a query to alert
(Conditions with logical expressions, full queries to extract,
sting search) - allows on command to take output and
return with specified info and can sort and do lots with it.
Goal of SW security is maintain CIA and enable successful
business operations, important to understand client side
controls don't provide a security benefit and security isn't
a focus it's usually about does it do what's intended
- input validation - output validation - authentication &
Best Practices for Securing Code should check what areas
password - session management - access control - Cryp-
tography practice - error handling and logging - data
protection - communication security - system configura-
tion - Database security - File Management - memory
management - general coding practice
ËAV - Attack vector - access required to exploit; higher ex-
ploits can be implemented remotely vs physical presence
(N-Network, Adjacent, L-Local, P-Physical)
ËAC - Attack complexity - based on what's required outside
attackers control to exploit; higher scores require addi-
tional attacker work like a shared secret key or man in the
middle (low, high)
ËPR - Privileges required - based on attackers privileges
required to exploit; something requiring admin control
will have higher score (N-None, Low, High)
ËUI - User Interaction - varies based on if the attacker
needs others willingly or not to execute; score is higher is
, you can attack autonomously, with no participation. (none,
required)
ËS - Scope - Can the vulnerability component prorogate to
other components (Unchanged, changed)
ËI - Impact - focuses on outcome you can achieve and
which CIA gets compromised. -- Confidentiality - amount
break down a cvss v 3 score what is in base
of data the attacker can gain access too; higher if all data
on systems is accessible (high, Low, none) -- Integrity -
ability of attacker to alter or change data or system; if
major modification can occur score is higher (high, Low,
none) --Availability - loss of availability of exploited system.
Higher is system no longer accessible. (high, Low, none)
Group of protocols that provide an authentication mecha-
nism to devices that want to attach to LAN or WANIt defines
the encapsulation of Extensible Authentication Protocol
(EAP) over wired(.3 ethernet, .5 token ring) and wireless
(802.11)
Break down IEEE 802.1X more what is the wired v wireless
** 3 parties involved supplicant, authenticator, authentica-
tion server
***Progression steps are
INITIALIZATION - INITIATION - NEGOTIATION - AUTHENTI-
CATION
Cert Management lifecycle tasks Deploy - Update - Remove
Common commands for HTTP Post - Put - Head - Get
- Unauthorized SW/Files
- Suspicious emails
- Suspicious registry/file system changes
Common IOCs are
- Unknown port/protocol usage
- Excessive bandwidth usage
- Rogue hardware
, - Service disruption and defacement
- Suspicious or unauthorized account usage
Masquerading - DLL injection - DLL sideloading - Process
Common methods of code injection
hallowing
Common way to secure a device .... digital cert that creates trust
SAM (Subject Alternative Name) - identifies sub domains
or emails this applies to, a lot of Co. use SAN as part of the
cert
** wildcards - helps identify that all sub domains of the
Common/Popular fields with certificates
part are accepted
** Certificate Transparency (CT) Framework - logs available
to public CA and can show information and log file will
have entry visibility
May want to look at VPC (Virtual Private cloud) - customer
is responsible for IP address and touring, all routing, host-
ed publicly but isolated from other customers May want to
Considerations for network in the cloud look at using SSH, IPSec or TLS for access to VPC '
*** May consider serverless deployments no worries
about infrastructure, but open to function injection, bro-
ken auth
Payment Card Industry - Data Security Standard - Install
and maintain a firewall configuration to protect cardholder
data - Do not use vendor-supplied defaults for system
passwords and other security parameters
- Protect stored cardholder data
Define PCI-DSS & 12 requirements
- Encrypt transmission of cardholder data across open,
public networks
- Use and regularly update anti-virus software or pro-
grams
- Develop and maintain secure systems and applications
