CySA+ Practice Exam Textbook

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Roger is evaluating threat intelligence information sources adn finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?

Accuracy. An intelligence soure that results in false positive errors is lacking in accuracy because it is providing incorrect results to the organization. Those results may still be timely and relevant, but they are not correct. Expense is not one of the three intelligence criteria.

During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be? A. Determine the reason for the ports being open. B. Investigate the potentially compromised workstation. C. Run a vulnerability scan to identify vulnerable services. D. Reenable the workstation's local host firewall

Determine whether there is a legitimate reason for the workstatiion to hve the listed ports open.

Consider the threat modeling analysis shown here. What attack framework was used to develop this analysis? Adversary Infrastructure Capability Victim

Diamond

A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?

MySQL. My SQL uses port 3306 as its default port. Oracle uses 1521, Postgres uses port 5432, and Microsoft SQL uses 1433/1434.

Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)? A. Hacktivist B. Nation-state C. Insider D. Organized crime

Nation-state. It is possible for any of these threat actors to be affiliated with an APT, but the highest likelihood is that a sophisticated APT threat would be associated with a nationstate, rather than a less-resourced alternative.

Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which of the following sources is most likely to be available without a subscription fee? Vulnerability feeds Open source Closed Source Proprietary

Open source Open source intelligence is freely available information that does not require a subscription fee. Closed source and proprietry intelligence are synonyms and do not involve payments to the providers. Vulnerability feed may be considered threat intelligence, but they normally come with subscription fees.

During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering? What is her best option?

Perform a DNS brute-force attack. While it may seem strange, a DNS brute-force attack that queries a list of IPs, common subdomains, or other lists of targets will often bypass intrusion detection and prevention systems that do not pay particular attention to DNS queries. Cynthia may even be able to find a DNS server that is not protected by the organization's IPS!nmap scans are commonly used during reconnaissance, and Cynthia can expect them to be detected since they are harder to conceal. Cynthia shouldn't expect to be able to perform a zone transfer, and if she can, a well-configured IPS should immediately flag the event.

What markup language provides a standard mechanism for describing attack patterns, malware, threat actors, and tools?

STIX. Structured Threat Information eXpression is an XML language orignally sponsored by the U.S. department of Homeland Security. In its current version, STIX 2.0 defines 12 STIX domain objects, including things like attack patterns, identities, malware, threat actors, and tools. TAXII is designed to support STIX data exchange between security components over HTTPS. OpenIOC is an XML framework for the exchange of indicators of compromise (IOCs). STIX uses XML, but XML itself does not provide a mechanism for describing security infomraiotn until used as a vehicle for expressing STIX objects.


Ensembles d'études connexes

English as a New Language - Knowledge of the English Language

View Set

Research Methods & Statistics Midterm #3

View Set

Unit 3 Level H Choosing the Right Word

View Set

Carmen Homework 12 - CI and HT for Means

View Set

CSE 643 - Computer Security - Format String

View Set

Chapter 38 The Obstetric Patient

View Set

NURS 212 Professional and therapeutic communication first exam

View Set

Chapter 8 - TCP / IP Internetworking I

View Set