CySA+ Exam guide verified 2022

CySA+ Exam guide verified 2022DNS Sinkhole Provide a response to a DNS query that does not resolve the IP address.. Instead targets the addresses for known malicious domains Role-Based access control (RBAC) grants permissions based on a user's role or group. Reverse Engineering the process of decontructing something in order to discover its features and constituents Banner grabbing used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network. Cross-site scripting XSS a vulnerability in a web application that allows malicious users to execute arbitrary client side scripts. Forensic Acquisition The process of extracting the digital contents from seized evidence so that they may be analyzed Fuzzing techniqued used to discover flaws and vulnerabilities in software by sending large amounts of malformed, unexpected, or random data to the target programs in order to trigger failures Netstat command-line interface tool that provides information on the status of network connections and listening sockets Input validation an approach to protecting systems from abnormal user input by testing the data provided against appropriate values. (cha p 14) Interception Proxy is a software tool that is inserted between two endpoints usually on the same network. to monitor traffic and help with security testing. SQL injection A code injection technique that exploits security vulnerabilities in the DB layer of an application. Application Programing Interface a set of subroutine definitions, protocols, and tools for building software. In general terms, it is a set of clearly defined methods of communication between various components. types of NAC policy? 1. location based 2 time based 3 Role Based 4 rule based a padded cell performs intrusion isolation -after detection, intruder is automatically transferred here, which resembles a real environment but is fake and attacker cannot perform any dangerous activities -admin's can gather evidence here A system that waits for an IDS to detect an attacker and then transfers the attacker to a special host where he or she cannot do any damage to the production environment. firewalking The concept of walking a firewall ACL or ruleset to determine what it filters and how. Armitage gives you the users interface ARP Spoofing Forging a MAC address in ARP messages. An attacker sends false ARP information that contains the MAC address of the attacker's computer mapped to the IP of a legitimate server, causing client to connect to attacker's PC. or ARP poisoning, is a technique used by an attacker to,inject the wrong MAC address association into a network by issuing fake ARP requests. An attacker forges the MAC address of a device and then frames can be sent to the wrong destination. brute force attack An attack on passwords or encryption that tries every possible password or encryption key. NIST National Institute of Standards and Technology Cyber-security Framework divided in to three components: - Frame work Core - Implementation Tiers - Frame Work Profile Methods to validate a vulnerabilty scan 1. repeat the scan with a different scanner 2. Review logs 3. compare to the base line 4. repeat the scan with the same scanner MAC Limiting mitigates 1. Flooding attacks 2. ARP spoofing Sanitize the Media prep step before writing to the suspect drive Untidy aka Peach Fuzzer solutions ideal for XML appls Easier to filter Advantage of NMAP 'grepable" output format Grep command for running a regular expression to search for a particular string. ways to perform DNS Harvesting Whois