CYSA CS0-003 UPDATED ACTUAL Questions and
CORRECT Answers
Consistent language to share system configuration information
Without CCE: Different tools/vendors describe the same config
issue differently
Tool A: "Disable anonymous FTP access"
Common Configuration
Tool B: "FTP anonymous login should be disabled"
Enumeration (CCE)
Tool C: "Anonymous FTP = OFF"
With CCE: Everyone uses the same CCE-ID to refer to the same
configuration issue
All tools reference: CCE-27072-8 (FTP anonymous access)
Used to control access to computers, networks, and services.
Authenticate users by requiring credentials like a username, a
AAA - Authentication, password, and possibly a biometric or token-based
Authorization, Accounting authenticator.
Once individuals have proven who they are, they are then
authorized to access or use resources or systems
What is Accounting in AAA Track user activity to prove an event
, Unused space in a disk cluster that remains after a file is written.
When a file is saved, it is stored in fixed-size clusters on the disk.
If the file doesn't completely fill the cluster, the leftover portion
of the cluster
Slack Space
Example:
If a cluster size is 4 KB and you save a 2 KB file, the remaining 2
KB in that cluster is the _________
________ can contain remnants of deleted files or random data,
making it useful in digital forensics for discovering evidence.
Active scanning interacts with the host
Active vs Passive scanning Passive scanning observes network activity and draws
conclusions.
Adverse Event Event that has negative consequences.
Malware infection A type of adverse event that compromises system integrity.
Server crash An adverse event where a server becomes non-operational.
User accessing a file they An adverse event that involves unauthorized access to sensitive
shouldn't be authorized to view information.
Installing a software or agent on a target to perform a
vulnerability scan.
Agent Based Vulnerability Agents have direct access (privileged) access to the system
Scanning Accurate
Requires maintenance
Agent can interfere with systems and cause performance issues
No Agent Installed: The system is scanned remotely without
installing any software (agent) on the target device.
Credentialed or Non-Credentialed: Can use credentials for
deeper access or perform basic scans without them.
Provides Attacker's Perspective: Non-credentialed scans mimic
Agentless Vulnerability Scan what an external attacker might see.
Easy to Set Up: No software deployment required on the target
systems.
Results Are Limited: Non-credentialed scans lack in-depth
results since there's no direct access to internal system files or
configurations.
Part of IAM; Provide information about the subject such as
Attributes Name, Address, Title, Contact info, etc.
These can be used as part of the authentication
, Reach out to remote systems and devices to gather data.
___________ ___________ are typically the data gathering location
AKA
The monitoring system itself initiates the connection to gather
data from remote systems, making it the primary location for
data collection. This means:
Active monitoring
The monitoring system ( ______________ ) reaches out to devices
or systems to collect data directly (e.g., checking availability,
latency, and packet loss).
After collecting the data, the monitoring system may forward it
to a central collector for storage or further analysis, but the
initial data is gathered by the _______________ itself.
ADFS / AD FS (Active Directory Microsoft solution to federation providing authentication and
Federation Services) identity information as claims to third party partner sites.
CORRECT Answers
Consistent language to share system configuration information
Without CCE: Different tools/vendors describe the same config
issue differently
Tool A: "Disable anonymous FTP access"
Common Configuration
Tool B: "FTP anonymous login should be disabled"
Enumeration (CCE)
Tool C: "Anonymous FTP = OFF"
With CCE: Everyone uses the same CCE-ID to refer to the same
configuration issue
All tools reference: CCE-27072-8 (FTP anonymous access)
Used to control access to computers, networks, and services.
Authenticate users by requiring credentials like a username, a
AAA - Authentication, password, and possibly a biometric or token-based
Authorization, Accounting authenticator.
Once individuals have proven who they are, they are then
authorized to access or use resources or systems
What is Accounting in AAA Track user activity to prove an event
, Unused space in a disk cluster that remains after a file is written.
When a file is saved, it is stored in fixed-size clusters on the disk.
If the file doesn't completely fill the cluster, the leftover portion
of the cluster
Slack Space
Example:
If a cluster size is 4 KB and you save a 2 KB file, the remaining 2
KB in that cluster is the _________
________ can contain remnants of deleted files or random data,
making it useful in digital forensics for discovering evidence.
Active scanning interacts with the host
Active vs Passive scanning Passive scanning observes network activity and draws
conclusions.
Adverse Event Event that has negative consequences.
Malware infection A type of adverse event that compromises system integrity.
Server crash An adverse event where a server becomes non-operational.
User accessing a file they An adverse event that involves unauthorized access to sensitive
shouldn't be authorized to view information.
Installing a software or agent on a target to perform a
vulnerability scan.
Agent Based Vulnerability Agents have direct access (privileged) access to the system
Scanning Accurate
Requires maintenance
Agent can interfere with systems and cause performance issues
No Agent Installed: The system is scanned remotely without
installing any software (agent) on the target device.
Credentialed or Non-Credentialed: Can use credentials for
deeper access or perform basic scans without them.
Provides Attacker's Perspective: Non-credentialed scans mimic
Agentless Vulnerability Scan what an external attacker might see.
Easy to Set Up: No software deployment required on the target
systems.
Results Are Limited: Non-credentialed scans lack in-depth
results since there's no direct access to internal system files or
configurations.
Part of IAM; Provide information about the subject such as
Attributes Name, Address, Title, Contact info, etc.
These can be used as part of the authentication
, Reach out to remote systems and devices to gather data.
___________ ___________ are typically the data gathering location
AKA
The monitoring system itself initiates the connection to gather
data from remote systems, making it the primary location for
data collection. This means:
Active monitoring
The monitoring system ( ______________ ) reaches out to devices
or systems to collect data directly (e.g., checking availability,
latency, and packet loss).
After collecting the data, the monitoring system may forward it
to a central collector for storage or further analysis, but the
initial data is gathered by the _______________ itself.
ADFS / AD FS (Active Directory Microsoft solution to federation providing authentication and
Federation Services) identity information as claims to third party partner sites.
