Cysa study guide UPDATED ACTUAL Questions and CORRECT Answers
An attack that modifies requests to a SOAP web service
Coercive Parsing in order to cause the service to parse the XML-based
requests in a harmful way
A category of security control that is implemented as a
Technical (Logical) Controls
system (hardware, software, or firmware)
A category of security control that is implemented primar-
Operational Controls ily by
people rather than systems
A category of security control that provides oversight of
Managerial Controls the
information system
A control that acts to eliminate or reduce the impact of an
Corrective Control
intrusion event
System that actively monitors for potential vulnerabilities
Responsive Control or attacks, and then takes action to mitigate them before
they can cause damage
The process where data is generated and is then collected,
processed,
Security Intelligence analyzed, and disseminated to provide insights into the
security status of
information systems
Investigation, collection, analysis, and dissemination of
information about
Cyber Threat Intelligence emerging threats and threat sources to provide data about
the external
threat landscape
ÏNarrative Reports
2 forms of cyber threat intelligence
ÏData Feeds
, You don't use narrative reports or data feeds... you use
both!
Intelligence Cycle
Requirements (Planning & Direction) ªSets out the goals for the intelligence gathering effort
ªWhat do we want to measure and collect?
Intelligence Cycle
Implemented by software tools to gather data which is
then processed
Collection (& Processing) for later analysis
ªThe processing part is where we will convert all the data
into a standard
format
Intelligence Cycle
Performed against the given use cases from the planning
Analysis
phase and may
utilize automated analysis, AI, and machine learning
Intelligence Cycle
Publishes information produced by analysts to consumers
who need to
dissemination act on the insights developed
ÏStrategic
ÏOperational
ÏTactical
Intelligence Cycle
Aims to clarify requirements and improve the collection,
analysis, and
Feedback
dissemination of information by reviewing current inputs
and outputs
ÏLessons learned
, ÏMeasurable success
ÏEvolving threat issues
Information Sharing and Analysis Center
ªA not-for-profit group set up to share sector-specific
(ISACS)
threat intelligence
and security best practices amongst its members
Cyber Security Information Sharing Partnership
(CISP)
ªSimilar to ISAC, but set up within the UK
Threat Intelligence Sharing
Risk Management Identifies, evaluates, and prioritizes threats and vulnera-
bilities to reduce their negative impact
Threat Intelligence Sharing
The practice of identifying, classifying, prioritizing, reme-
Vulnerability Management
diating, and
mitigating software vulnerabilities
Threat Classification
A piece of software, data or sequence of commands that
takes advantage
Documented Exploits
of a vulnerability to cause unintended behavior or to gain
unauthorized
access to sensitive data
Threat Classification
Unknown Threats A threat that cannot be identified using basic signature or
pattern matching.
Threat Classification
A classification of malware that contains obfuscation tech-
Known Unknowns
niques to
circumvent signature-matching and detection
Nation-State
, A group of attackers with exceptional capability and is
aflliated with the government
Not all APT are nation-states, but almost all nation-states
are
going to be considered an APT
Malicious software applications that are widely available
Commodity Malware
for sale or easily obtainable and usable.
Threat Research
Reputation Data
Blacklists of known threat sources, such as malware signa-
tures, IP address ranges, and DNS domains.
A term that refers to the correlation of IoCs into attack
Behavioral Threat Research patterns that were used in historical cyberattacks and
adversary actions.
A technique rapidly changes the IP address associated
Fast Flux DNS
with a domain
Describes the stages by which a threat actor progresses a
Lockheed Martin Kill Chain
network intrusion
The attacker determines what methods to use to com-
Reconnaissance (Kill Chain) plete
the phases of the attack
attacker couples payload code that will enable access with
Weaponization (Kill Chain) exploit code that will use a vulnerability to execute on the
target system
The attacker identifies a vector by which to transmit the
Delivery (Kill Chain)
weaponized code to the target environment
Exploitation (Kill Chain) The weaponized code is executed on the target system
An attack that modifies requests to a SOAP web service
Coercive Parsing in order to cause the service to parse the XML-based
requests in a harmful way
A category of security control that is implemented as a
Technical (Logical) Controls
system (hardware, software, or firmware)
A category of security control that is implemented primar-
Operational Controls ily by
people rather than systems
A category of security control that provides oversight of
Managerial Controls the
information system
A control that acts to eliminate or reduce the impact of an
Corrective Control
intrusion event
System that actively monitors for potential vulnerabilities
Responsive Control or attacks, and then takes action to mitigate them before
they can cause damage
The process where data is generated and is then collected,
processed,
Security Intelligence analyzed, and disseminated to provide insights into the
security status of
information systems
Investigation, collection, analysis, and dissemination of
information about
Cyber Threat Intelligence emerging threats and threat sources to provide data about
the external
threat landscape
ÏNarrative Reports
2 forms of cyber threat intelligence
ÏData Feeds
, You don't use narrative reports or data feeds... you use
both!
Intelligence Cycle
Requirements (Planning & Direction) ªSets out the goals for the intelligence gathering effort
ªWhat do we want to measure and collect?
Intelligence Cycle
Implemented by software tools to gather data which is
then processed
Collection (& Processing) for later analysis
ªThe processing part is where we will convert all the data
into a standard
format
Intelligence Cycle
Performed against the given use cases from the planning
Analysis
phase and may
utilize automated analysis, AI, and machine learning
Intelligence Cycle
Publishes information produced by analysts to consumers
who need to
dissemination act on the insights developed
ÏStrategic
ÏOperational
ÏTactical
Intelligence Cycle
Aims to clarify requirements and improve the collection,
analysis, and
Feedback
dissemination of information by reviewing current inputs
and outputs
ÏLessons learned
, ÏMeasurable success
ÏEvolving threat issues
Information Sharing and Analysis Center
ªA not-for-profit group set up to share sector-specific
(ISACS)
threat intelligence
and security best practices amongst its members
Cyber Security Information Sharing Partnership
(CISP)
ªSimilar to ISAC, but set up within the UK
Threat Intelligence Sharing
Risk Management Identifies, evaluates, and prioritizes threats and vulnera-
bilities to reduce their negative impact
Threat Intelligence Sharing
The practice of identifying, classifying, prioritizing, reme-
Vulnerability Management
diating, and
mitigating software vulnerabilities
Threat Classification
A piece of software, data or sequence of commands that
takes advantage
Documented Exploits
of a vulnerability to cause unintended behavior or to gain
unauthorized
access to sensitive data
Threat Classification
Unknown Threats A threat that cannot be identified using basic signature or
pattern matching.
Threat Classification
A classification of malware that contains obfuscation tech-
Known Unknowns
niques to
circumvent signature-matching and detection
Nation-State
, A group of attackers with exceptional capability and is
aflliated with the government
Not all APT are nation-states, but almost all nation-states
are
going to be considered an APT
Malicious software applications that are widely available
Commodity Malware
for sale or easily obtainable and usable.
Threat Research
Reputation Data
Blacklists of known threat sources, such as malware signa-
tures, IP address ranges, and DNS domains.
A term that refers to the correlation of IoCs into attack
Behavioral Threat Research patterns that were used in historical cyberattacks and
adversary actions.
A technique rapidly changes the IP address associated
Fast Flux DNS
with a domain
Describes the stages by which a threat actor progresses a
Lockheed Martin Kill Chain
network intrusion
The attacker determines what methods to use to com-
Reconnaissance (Kill Chain) plete
the phases of the attack
attacker couples payload code that will enable access with
Weaponization (Kill Chain) exploit code that will use a vulnerability to execute on the
target system
The attacker identifies a vector by which to transmit the
Delivery (Kill Chain)
weaponized code to the target environment
Exploitation (Kill Chain) The weaponized code is executed on the target system
