Sybex cysa+ study UPDATED ACTUAL Questions and CORRECT Answers
Preparation
Name the four phases of cybersecurity incident response detection and analysis
process containment, eradication, and recovery
and post incident activities
What NIST publication contains guidance on cybersecurity
incident handling?
A. SP 800-53 SP 800-61
B. SP 800-88
C. SP 800-18
D. SP 800-61
FTP (File Transfer Protocol) Port 20-21
SSH (Secure Shell) Port 22
Telnet Port 23
SMTP(Simple Message Transfer Protocol) Port 25
DNS(Domain Name System) UDP Port 53
HTTP(Hypertext transfer protocol) port 80
POP3 (Post Oflce Protocol version 3) Port 110
NTP (Network Time Protocol) UDP Port 123
IMAP (Internet Message Access Protocol) 143
LDAP (Lightweight Directory Access Protocol) Port 389 TCP/UDP
HTTPS(Hypertext transfer protocol Secure) Port 443
LDAPS(Lightweight Directory Access Protocol Secure) Port 636
- Port 1433
SQL Server -Microsoft SQL Database
-helps with database administration
Oracle Port 1521
, PPTP(Point to Point Tunneling protocol) Port 1723
RDP(Remote Desktop Protocol) Port 3389
When Technical, operational, or financially a application
Compensating Controls cannot be updated so other changes are done to negate
the vulnerability.
- Planning; scope, timing, authorization
- Discovery; OSINT, reconnaissance
Phases to a penetration Test - Attack Phase; gain access, escalation privileges
- Reporting; detailed reporting communicating the access
they achieved
Hashing Mathematical fingerprint of file
Standardized Process and carry out the steps you've al-
Playbook
ready thought through
allow us to send a signal from one application to another
Webhooks
using a web request
single pane of glass approach integrate all tools into a single platform
designed to automatically extract knowledge from volumi-
Machine Learning nous quantity of information generated by security sys-
tems
Threat an outside force that may exploit a vulnerability
XCCDF (Extensible Configuration Checklist description for- a language that is used in creating checklists for reporting
mat) results
System provides a reference method for publicly known
CVE (Common Vulnerabilities and Exposures )
information- security vulnerabilities and exposures
Provides unique identifiers to system configuration issues
(CCE)Common Configuration Enumeration to facilitate fast and accurate correlation of configuration
data across multiple information sources and tools
CPE (Common Platform Enumeration)
,A standardized method of describing and identifying
classes of applications, operating systems and hardware
devices present among an enterprise computing assets
special purpose computer on a network specifically de-
signed and configured to withstand attacks. Computer
Bastion hosts
generally hosts a single application, ie; proxy server with
other services removed or limited to reduce the threat.
A database used for managing entities in a communica-
MIB (Management Information Base)
tion network
The penetration tester takes an average hacker's role with
Black box
no internal knowledge of the target's system
is explicitly designed to authorize claims and not to au-
OAuth2
thenticate users
Reconnaissance; gather info about a target
Weaponization; create malicious payload tailored to tar-
get
Delivery; transmit malicious payload
Cyber Kill chain phases Exploitation; exploit vulnerabilities to gain access
Installation; install malware on target system
Command-and-control; establish communication channel
between attacker and compromised
Actions on objectives; achieve the attacker's ultimate goal
Registered Ports 1024-49151
Process Monitor
, Advanced monitoring tool for windows that shows
real-time file system, registry, and process/thread activity
Command line utility whose primary purpose is monitor-
ProcDump ing an application for CPU spikes and generating crash
dumps
Serverless computing, when a action needs performed,
FaaS(Function as a service)
the function is run-thus "a function call"
-Updating and patching the system
-removing unnecessary software and services
System Hardening -restricting and logging administrative access
-disk encryption
-enabling logging and using appropriate monitoring
Provides range of hardening guides and configuration
CIS(Center for Internet Security)
benchmarks for common operating systems
HKEY_Classes_Root(HKCR) - Association file types with
programs
HKEY_Local_MACHINE(HKLM)- Scheduled task & Services,
sys info
Registry
HKEY_USERS(HKU) - info about user accounts
HKEY_CURRENT_USR(HKCU)-info about current user
HKEY_CURRENT_CONFIG(HKCC)- current local hardware
profile information storage
C:\Program data|
Windows Storage
C:\ProgramFiles\
Linux /etc/directory
MacOS ~/library/Preferences and /library/Preferences
Wininit.exe (Windows Initialization Process)
Winlogon.exe (Windows logon process)
Preparation
Name the four phases of cybersecurity incident response detection and analysis
process containment, eradication, and recovery
and post incident activities
What NIST publication contains guidance on cybersecurity
incident handling?
A. SP 800-53 SP 800-61
B. SP 800-88
C. SP 800-18
D. SP 800-61
FTP (File Transfer Protocol) Port 20-21
SSH (Secure Shell) Port 22
Telnet Port 23
SMTP(Simple Message Transfer Protocol) Port 25
DNS(Domain Name System) UDP Port 53
HTTP(Hypertext transfer protocol) port 80
POP3 (Post Oflce Protocol version 3) Port 110
NTP (Network Time Protocol) UDP Port 123
IMAP (Internet Message Access Protocol) 143
LDAP (Lightweight Directory Access Protocol) Port 389 TCP/UDP
HTTPS(Hypertext transfer protocol Secure) Port 443
LDAPS(Lightweight Directory Access Protocol Secure) Port 636
- Port 1433
SQL Server -Microsoft SQL Database
-helps with database administration
Oracle Port 1521
, PPTP(Point to Point Tunneling protocol) Port 1723
RDP(Remote Desktop Protocol) Port 3389
When Technical, operational, or financially a application
Compensating Controls cannot be updated so other changes are done to negate
the vulnerability.
- Planning; scope, timing, authorization
- Discovery; OSINT, reconnaissance
Phases to a penetration Test - Attack Phase; gain access, escalation privileges
- Reporting; detailed reporting communicating the access
they achieved
Hashing Mathematical fingerprint of file
Standardized Process and carry out the steps you've al-
Playbook
ready thought through
allow us to send a signal from one application to another
Webhooks
using a web request
single pane of glass approach integrate all tools into a single platform
designed to automatically extract knowledge from volumi-
Machine Learning nous quantity of information generated by security sys-
tems
Threat an outside force that may exploit a vulnerability
XCCDF (Extensible Configuration Checklist description for- a language that is used in creating checklists for reporting
mat) results
System provides a reference method for publicly known
CVE (Common Vulnerabilities and Exposures )
information- security vulnerabilities and exposures
Provides unique identifiers to system configuration issues
(CCE)Common Configuration Enumeration to facilitate fast and accurate correlation of configuration
data across multiple information sources and tools
CPE (Common Platform Enumeration)
,A standardized method of describing and identifying
classes of applications, operating systems and hardware
devices present among an enterprise computing assets
special purpose computer on a network specifically de-
signed and configured to withstand attacks. Computer
Bastion hosts
generally hosts a single application, ie; proxy server with
other services removed or limited to reduce the threat.
A database used for managing entities in a communica-
MIB (Management Information Base)
tion network
The penetration tester takes an average hacker's role with
Black box
no internal knowledge of the target's system
is explicitly designed to authorize claims and not to au-
OAuth2
thenticate users
Reconnaissance; gather info about a target
Weaponization; create malicious payload tailored to tar-
get
Delivery; transmit malicious payload
Cyber Kill chain phases Exploitation; exploit vulnerabilities to gain access
Installation; install malware on target system
Command-and-control; establish communication channel
between attacker and compromised
Actions on objectives; achieve the attacker's ultimate goal
Registered Ports 1024-49151
Process Monitor
, Advanced monitoring tool for windows that shows
real-time file system, registry, and process/thread activity
Command line utility whose primary purpose is monitor-
ProcDump ing an application for CPU spikes and generating crash
dumps
Serverless computing, when a action needs performed,
FaaS(Function as a service)
the function is run-thus "a function call"
-Updating and patching the system
-removing unnecessary software and services
System Hardening -restricting and logging administrative access
-disk encryption
-enabling logging and using appropriate monitoring
Provides range of hardening guides and configuration
CIS(Center for Internet Security)
benchmarks for common operating systems
HKEY_Classes_Root(HKCR) - Association file types with
programs
HKEY_Local_MACHINE(HKLM)- Scheduled task & Services,
sys info
Registry
HKEY_USERS(HKU) - info about user accounts
HKEY_CURRENT_USR(HKCU)-info about current user
HKEY_CURRENT_CONFIG(HKCC)- current local hardware
profile information storage
C:\Program data|
Windows Storage
C:\ProgramFiles\
Linux /etc/directory
MacOS ~/library/Preferences and /library/Preferences
Wininit.exe (Windows Initialization Process)
Winlogon.exe (Windows logon process)
