CompTIA CySA - CS0-002 (Personal),
Questions and answers, 100% Accurate.
Graded A+
Proprietary Intelligence - ✔✔-Threat intelligence that is widely provided as a commercial service
offering.
Closed-Source Intelligence - ✔✔-Data that is derived from the provider's own research and analysis
efforts, such as data from honeynets that they operate.
Open-Sourced Intelligence - ✔✔-Methods of obtaining information about a person or organization
through public records, websites, and social media.
Information Sharing and Analysis Centers (ISACS) - ✔✔-A not-for-profit group set up to share sector-
specific threat intelligence and security best practices amongst its members.
Includes individual sectors for...
Government
Healthcare
Financial
Aviation
Critical Infrastructure - ✔✔-Any physical or virtual system whose incapacity or destruction would have a
debilitating impact on the economic security of an organization, community, nation, etc.
Data Enrichment - ✔✔-Automatically combines multiple disparate sources of information together to
form a complete picture of events for analysts to use during an incident response or when conducting
proactive threat hunting
,The process of incorporating new updates and information to an organizations existing database to
improve accuracy.
Requirements (Planning & Direction) - ✔✔-This phase in the Intelligence Cycle sets out goals for the
intelligence-gathering effort.
Collection (& Processing) - ✔✔-This phase in the Intelligence Cycle uses software tools, such as SIEMs,
and then is processed for later analysis.
Analysis - ✔✔-This phase in the Intelligence Cycle is performed against the given use cases from the
planning phase and may utilize automated analysis, artificial intelligence, and machine learning.
Dissemination - ✔✔-This phase in the Intelligence Cycle refers to publishing information produced by
analysis to consumers who need to act on the insights developed.
Feedback - ✔✔-This phase in the Intelligence Cycle aims to clarify requirements and improve the
collection, analysis, and dissemination of information by reviewing current inputs and outputs.
Examples of Open-Source Intelligence Feed - ✔✔-• Malware Information Sharing Project (MISP)
• Alien Vault Open threat Exchange
• Spamhaus
• SANS ISC Suspicious Domains
• VirusTotal
• NCAS
,Examples of Closed-source or proprietary Intelligence Feed - ✔✔-• IBM X-Force Exchange
• Record Future
• FireEye
Known Threat vs. Unknown Threat - ✔✔-A threat that can or cannot be identified using basic signature
or pattern matching.
Obfuscated Malware Code - ✔✔-Malicious code whose execution the malware author has attempted to
hide through carious techniques such as compression, encryption, or encoding.
Behavior-based Detection - ✔✔-A malware detection method that evaluates an object based on its
intended actions before it can actually execute that behavior.
Recycled Threats - ✔✔-The process of combining and modifying parts of existing exploit code to create
new threats that are not as easily identified by automated scanning.
Known Unknowns - ✔✔-A classification of malware that contains obfuscation techniques to circumvent
signature-matching and detection.
Unknown Unknowns - ✔✔-A classification of malware that contains completely new attack vectors and
exploits.
Commodity Malware - ✔✔-Malicious software applications that are widely available for sale or easily
obtainable and usable.
Command and Control (C2) - ✔✔-An infrastructure of hosts and services with which attackers direct,
distribute, and control malware over botnets.
, Risk Management - ✔✔-Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their
negative impact.
Incident Response - ✔✔-An organized approach to addressing and managing the aftermath of a
cybersecurity breach or attack.
1. Preparation
2. Detection and analysis
3 Containment
4. Eradication and recovery
5. Post-incident activities.
Vulnerability Management - ✔✔-The practice of identifying, classifying, prioritizing, remediating, and
mitigating software vulnerabilities.
Detection and Monitoring - ✔✔-The practice of observing activity and identify anomalous patterns for
further analysis.
Security Engineering - ✔✔-the process of incorporating security controls, tools, techniques, and
methods to support the development and maintenance of systems that can resist malicious attacks that
are intended to damage a computer-based system or its data.
Reputational Data - ✔✔-Blacklists of known threat sources, such as malware signatures, IP Address
ranges, and DNS Domains
Indicator of Compromise (IOC) - ✔✔-A residual sign that an asset or network has been successfully
attacked or is continuing to be attacked.
Behavioral Threat Research - ✔✔-A term that refers to the correlation of IoCs into attack patterns.
Examples of Attack Frameworks - ✔✔-• Lockheed Martin Kill Chain
Questions and answers, 100% Accurate.
Graded A+
Proprietary Intelligence - ✔✔-Threat intelligence that is widely provided as a commercial service
offering.
Closed-Source Intelligence - ✔✔-Data that is derived from the provider's own research and analysis
efforts, such as data from honeynets that they operate.
Open-Sourced Intelligence - ✔✔-Methods of obtaining information about a person or organization
through public records, websites, and social media.
Information Sharing and Analysis Centers (ISACS) - ✔✔-A not-for-profit group set up to share sector-
specific threat intelligence and security best practices amongst its members.
Includes individual sectors for...
Government
Healthcare
Financial
Aviation
Critical Infrastructure - ✔✔-Any physical or virtual system whose incapacity or destruction would have a
debilitating impact on the economic security of an organization, community, nation, etc.
Data Enrichment - ✔✔-Automatically combines multiple disparate sources of information together to
form a complete picture of events for analysts to use during an incident response or when conducting
proactive threat hunting
,The process of incorporating new updates and information to an organizations existing database to
improve accuracy.
Requirements (Planning & Direction) - ✔✔-This phase in the Intelligence Cycle sets out goals for the
intelligence-gathering effort.
Collection (& Processing) - ✔✔-This phase in the Intelligence Cycle uses software tools, such as SIEMs,
and then is processed for later analysis.
Analysis - ✔✔-This phase in the Intelligence Cycle is performed against the given use cases from the
planning phase and may utilize automated analysis, artificial intelligence, and machine learning.
Dissemination - ✔✔-This phase in the Intelligence Cycle refers to publishing information produced by
analysis to consumers who need to act on the insights developed.
Feedback - ✔✔-This phase in the Intelligence Cycle aims to clarify requirements and improve the
collection, analysis, and dissemination of information by reviewing current inputs and outputs.
Examples of Open-Source Intelligence Feed - ✔✔-• Malware Information Sharing Project (MISP)
• Alien Vault Open threat Exchange
• Spamhaus
• SANS ISC Suspicious Domains
• VirusTotal
• NCAS
,Examples of Closed-source or proprietary Intelligence Feed - ✔✔-• IBM X-Force Exchange
• Record Future
• FireEye
Known Threat vs. Unknown Threat - ✔✔-A threat that can or cannot be identified using basic signature
or pattern matching.
Obfuscated Malware Code - ✔✔-Malicious code whose execution the malware author has attempted to
hide through carious techniques such as compression, encryption, or encoding.
Behavior-based Detection - ✔✔-A malware detection method that evaluates an object based on its
intended actions before it can actually execute that behavior.
Recycled Threats - ✔✔-The process of combining and modifying parts of existing exploit code to create
new threats that are not as easily identified by automated scanning.
Known Unknowns - ✔✔-A classification of malware that contains obfuscation techniques to circumvent
signature-matching and detection.
Unknown Unknowns - ✔✔-A classification of malware that contains completely new attack vectors and
exploits.
Commodity Malware - ✔✔-Malicious software applications that are widely available for sale or easily
obtainable and usable.
Command and Control (C2) - ✔✔-An infrastructure of hosts and services with which attackers direct,
distribute, and control malware over botnets.
, Risk Management - ✔✔-Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their
negative impact.
Incident Response - ✔✔-An organized approach to addressing and managing the aftermath of a
cybersecurity breach or attack.
1. Preparation
2. Detection and analysis
3 Containment
4. Eradication and recovery
5. Post-incident activities.
Vulnerability Management - ✔✔-The practice of identifying, classifying, prioritizing, remediating, and
mitigating software vulnerabilities.
Detection and Monitoring - ✔✔-The practice of observing activity and identify anomalous patterns for
further analysis.
Security Engineering - ✔✔-the process of incorporating security controls, tools, techniques, and
methods to support the development and maintenance of systems that can resist malicious attacks that
are intended to damage a computer-based system or its data.
Reputational Data - ✔✔-Blacklists of known threat sources, such as malware signatures, IP Address
ranges, and DNS Domains
Indicator of Compromise (IOC) - ✔✔-A residual sign that an asset or network has been successfully
attacked or is continuing to be attacked.
Behavioral Threat Research - ✔✔-A term that refers to the correlation of IoCs into attack patterns.
Examples of Attack Frameworks - ✔✔-• Lockheed Martin Kill Chain
