Comptia Cysa+ 003
_____________________________A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.
Common Vulnerability Scoring System (CVSS)
____________________________ A framework for ensuring proper application of SPF and DKIM, utilizing a policy published as a DNS record.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
_______________________ A cryptographic authentication mechanism for mail, utilizing a public key published as a DNS record.
DomainKeys Identified Mail (DKIM)
_______________________ A not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.
Information Sharing and Analysis Center (ISAC)
_____________ Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27K series) and risk management (31K series).
International Organization for Standardization (ISO)
_______________________ A file format that uses attribute-value pairs to define configurations in a structure that is easy for both humans and machines to read and consume.
JavaScript Object Notation (JSON)
______________________ A platform for launching modularized attacks against known software vulnerabilities.
Metasploit Framework (MSF)
_______________ One of the best-known commercial vulnerability scanners, produced by Tenable Network Security.
Nessus
________________ Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped.
Network Separation
_____________ is a system designed to distract potential attackers away from an organization's critical systems and data. It creates a false environment that looks like a real system, complete with fake data, applications, and other elements. The system is closely monitored to detect malicious activity and provide early warning and detailed insight into an attacker's tactics and techniques.
active decoy
_____________________are Methods exposed by a script or program that allow other scripts or programs to use it. For example, an _____________enables software developers to access functions of the TCP/IP network stack under a particular operating system.
application programming interface (API)
____________________is a software delivery model where the code runs on a server and is streamed to a client.
application virtualization
__________________ are the points at which a network or application receive external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.
attack surface
_____________________ is a software vulnerability where the authentication mechanism allows an attacker to gain entry, such as displaying cleartext credentials, using weak session tokens, or permitting brute force login requests.
broken authentication
_____________________is an attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.
buffer overflow
______________________ is a collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
business continuity (BC)
_________________________is the process through which changes to the configuration of information systems are implemented as part of the organization's overall configuration management efforts.
change management
___________________ are sessions held at the end of a project or phase in which you discuss and document areas for improvement and capture lessons learned for use in future projects.
closure meetings
______________________ Enterprise management software designed to mediate access to cloud services by users across all types of devices.
cloud access security broker (CASB)
____________________Classifying the ownership and management of a cloud as public, private, community, or hybrid.
cloud deployment model
_____________________ is an Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.
command and control (C2 or C&C)
_________________________ A scheme for provisioning secure configuration checks across multiple sources developed by MITRE and adopted by NIST.
common configuration enumeration (CCE)
____________________is a scheme for identifying hardware devices, operating systems, and applications developed by MITRE.
common platform enumeration (CPE)
___________________________________ Communicating TCP/IP application traffic, such as HTTP, FTP, or DNS, over a port that is not the well-known or registered port established for that protocol.
common protocol over non-standard port
_________________________________ A scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.
common vulnerabilities and exposures (CVE)
__________________________ A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
compensating control
__________________________ Settings for services and policy configuration for a network appliance or for a server operating in a particular application role (web server, mail server, file/print server, and so on).
configuration baseline
____________________ An operating system virtualization deployment containing everything required to run a service, application, or microservice.
container
_____________________A text file used to store information about a user when they visit a website. Some sites use cookies to support user sessions.
cookie
_________________________A type of security control that acts after an incident to eliminate or minimize its impact.
corrective control
_________________________A brute force attack in which stolen user account names and passwords are tested against multiple websites.
credential stuffing
___________________ A type of threat actor that uses hacking and computer fraud for commercial gain.
criminal syndicates
________________________A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser.
cross-site request forgery (XSRF)
__________________________ A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site, designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.
cross-site scripting (XSS)
__________________ A process in which a large group of individuals, usually from the public, are asked to contribute to a project or task. It often involves the collection of ideas, information, opinions, or feedback from a wide range of people, typically through an online platform.
crowdsource
_________________ Resources on the Internet that are distributed between anonymized nodes and protected from general access by multiple layers of encryption and routing.
dark web
___________________ The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
data exfiltration
_______________________ Software that aggregates and catalogs data from multiple sources within an industrial control system.
data historian
_____________________________ A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
data loss (leak) prevention (DLP)
___________________A type of security control that acts during an incident to identify or record that it is happening.
detective control
_________________________An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.
directory traversal
___________________________ A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
disaster recovery plan (DRP)
__________________________ An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with requests or response traffic.
distributed denial of service attack (DDoS attack)
____________________ An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.
distributed denial-of-service (DDoS)
__________________ Software testing that examines code behavior during runtime. It helps identify potential security issues, potential performance issues, and other problems.
dynamic analysis
__________________________A system for structuring documents so that they are human and machine readable. Information within the document is placed within tags, which describe how information within the document is structured.
eXtensible Markup Language (XML)
____________________ A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
endpoint detection and response (EDR)
_______________________A part of the written report that is a high-level and concise overview of the penetration test, its findings, and their impact.
executive summary
__________________ A specific method by which malware code infects a target host, often via some vulnerability in a software process.
exploit
_______________ A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.
federation
____________________A web application vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor.
file inclusion
_________________________ Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.
fingerprinting
_____________________An attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack.
footprint
__________________ The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.
forensics
___________________ A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.
fuzzing
____________________A threat actor that is motivated by a social issue or political cause.
hacktivist
_______________________ A design to mimic real production systems, making it difficult for attackers to tell the difference between the honeypot and a real system. This aims to capture more detailed attack information than can be accomplished by using a low-interaction honeypot, allowing security teams to understand an attacker better.
high-interaction honeypot
______________ A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.
honeypot
______________________ Input and output controls on a PLC to allow a user to configure and monitor the system.
human-machine interface (HMI)
___________________ Cloud deployment that uses both private and public elements.
hybrid cloud
___________________ A tracking of information such as GPS address, IP address, or user's device to pinpoint a user's location and determine whether a behavior was physically possible.
impossible travel
_________________ Use of a communication channel that is the same as the one currently being used.
in-band authentication
_______________ Specific procedures that must be performed if a certain type of event is detected or reported.
incident response plan (IRP)
_________________ A sign that an asset or network has been attacked or is currently under attack.
indicator of compromise (IoC)
_____________________ Signs or clues indicating a malicious attack on a system or network is currently occurring. These include, but are not limited to, unusual network traffic, strange log file entries, or suspicious user account activity.
indicators of attack (IoA)
_______________________ Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).
industrial control system (ICS)
____________________ Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.
input validation
______________________ A coding vulnerability where unvalidated input is used to select a resource object, such as a file or database.
insecure object reference
___________________ An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.
integer overflow
_________________________ Data that is of commercial value and can be granted rights of ownership, such as copyrights, patents, and trademarks.
intellectual property (IP)
______________________ A group communications protocol that enables users to chat, send private messages, and share files.
internet relay chat (IRC)
_________________________ A security appliance or software that analyzes data from a packet sniffer to identify traffic that violates policies or rules.
intrusion detection system (IDS)
________________________A third-party provision of security configuration and monitoring as an outsourced service.
managed security service provider (MSSP)
______________________ A category of security control that gives oversight of the information system.
managerial control
______________________________ Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.
memorandum of understanding (MoU)
__________________ An independent, single-function module with well-defined and lightweight interfaces and operations. Typically, this style of architecture allows for rapid, frequent, and reliable delivery of complex applications.
microservice
_________________________Communicating non-standard traffic over a well-known or registered port.
mismatched port/application traffic
_____________________ is a open-source web application scanner.
Arachni
____________________is a tool that provides an interface into Windows Management Instrumentation for local or remote management of computers.
Windows Management Instrumentation Command-Line (WMIC)
_______________ is a widely used protocol analyzer.
Wireshark
________________is an open-source interception proxy and web application assessment tool.
Zed Attack Proxy (ZAP)
hash
______________The theoretically indecipherable fixed-length output of the hashing process.
__________________________ The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.
cyber threat intelligence (CTI)
___________________ is a computing environment where multiple independent operating systems can be installed to a single hardware platform and run simultaneously.
virtualization
_____________________ is Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.
virus
______________ is hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application.
vulnerability scanner
______________ are automated messages sent from applications to other applications containing information about an event, such as the time it occurred, the data associated with it, and any other relevant information.
webhooks
___________________ is a network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.
ARP poisoning
________________________ A proprietary interception proxy and web application assessment tool.
Burp Suite
_______________________A not-for-profit organization (founded partly by SANS). It publishes the well-known "Top 20 Critical Security Controls" (or system design recommendations).
Center for Internet Security (CIS)
_______________________ A means for a network node to advertise its presence and establish a link with other nodes, such as the beacon management frame sent by an AP. Legitimate software and appliances do this, but it is also associated with Remote Access Trojans (RAT) communicating with a Command & Control server.
beaconing
_______________________ is any type of personally identifiable information (PII) associated with a person who has a payment card, such as a credit or debit card.
cardholder data (CHD)
_______________________ A process of making a host or app configuration secure by reducing its attack surface through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.
hardening
___________________ A software vulnerability where input is allowed to overwrite memory locations within the area of a process's memory allocation used to store dynamically sized variables.
heap overflow
_______________________ A model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.
kill chain
____________________ The process by which an attacker is able to move from one part of a computing environment to another.
lateral movement
_____________________ An analysis of events that can provide insight into how to improve response and support processes in the future.
lessons learned report (LLR)
___________________ is a technique that randomizes where components in a running application are placed in memory to protect against buffer overflows.
Address SpaceLayout Randomization (ASLR)
______________________ An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.
Advanced Persistent Threat (APT)
_________________________ A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
