CompTIA CySA+ WGU (D483) Actual Test Questions
& Answers/ Already Graded A+/ 2025.
Terms in this set (186)
Security Content A suite of interoperable specifications designed to
Automation Protocol standardize the formatting and naming conventions used to
identify and report on the presence of software flaws, such
(SCAP)
as misconfigurations and/or vulnerabilities.
SCAP Languages * Open Vulnerability and Assessment Language
(OVAL)
* Asset Reporting Format (ARF)
* Extensible Configuration Checklist Description
Format (XCCDF)
Nikto Command line web server scanner that the security
analyst can use to specifically identify vulnerabilities in
web servers. It can quickly scan multiple web servers and
provide comprehensive information on any detected
vulnerabilities.
Objectives that help measure and assess the effectiveness of
security operations.
Cybersecurity
servicelevel objectives Include:
(SLOs)
* Mean Time to Detect (MTTD) *
Mean time to Recover (MTTR) *
Time to Patch.
,Threat modeling The process of identifying and assessing the possible threat
actors and attack vectors that pose a risk to the security of
an app, network, or other system.
It is typically a collaborative process
Technical Security A category of security control that is implemented as a
Controls system (hardware, software, or firmware). Examples include
firewalls, antivirus software, and OS access control. Also
called logical controls.
Managerial Security Managerial controls focus on evaluating and managing risks
Controls at a broader organizational level.
A category of security control that gives oversight of the
information system.
Operational Security Day-to-day procedures and guidelines implemented and
Controls followed by employees and IT staff. A category of security
control that is implemented by people.
Examples, security guards and training programs are
operational controls rather than technical controls.
Preventative Security A type of security control that acts before an incident to
Controls eliminate or reduce the likelihood that an attack can
succeed.
Detective Security A type of security control that acts during an incident to
Controls identify or record that it is happening.
Corrective Security A type of security control that acts after an incident to
Controls eliminate or minimize its impact.
Responsive Security A type of security control that serves to direct corrective
Controls actions after an incident has been confirmed.
Attack Surface All potential pathways a threat actor could use
Edge discovery Composed of every device with Internet connectivity.
,Adversary emulation Involves simulating a real-world cyber attack by an actual
adversary to assess an organization's defenses. This technique
involves a more comprehensive and realistic simulation of a
targeted attack.
Methods of Reducing · Asset inventory
Attack Surface · Access control
· Patching and updating
· Network segmentation
· Removing unnecessary components
· Employee training
Configuration · Puppet
Management Tools · Ansible
· Chef
· Terraform
Sources of OSINT · Publicly available information
· Social Media
· HTML Code
· Metadata
Sources of Defensive · CERT
OSINT · CSIRT
· Deep/Dark Web
· Internal Sources
· Government Bulletins
· Active Defense - Using offensive actions to outmaneuver
an adversary to make an attack harder to execute.
Decoy Methods
· Honeypots - A host, network, or file set up with the purpose of
luring attackers away from assets of actual value and/or
discovering attack strategies and weaknesses in the security
configuration.
, Indicators of Attack (IoT) Signs or clues indicating a malicious attack on a system or
network is currently occurring. These include, but are not
limited to, unusual network traffic, strange log file entries,
or suspicious user account activity.
Indicators of Compromise Suggest that a security incident may have occurred, such as
(IoC) traffic from an IP or domain associated with malicious
activity. Identified in system and applications logs, network
monitoring software, endpoint protection tools, and
security information and event management (SIEM)
platforms. Do not prove a successful attack or breach has
occurred.
JavaScript Object An ideal choice for web applications due to its lightweight
Notation (JSON) nature, ease of parsing in JavaScript environments, and
efficient client-server communication over networks.
Good for large data sets
Secure Access Service A networking and security architecture that provides secure
Edge (SASE) access to cloud applications and services while reducing
complexity. It combines security services like firewalls,
identity and access management, and secure web gateway
with networking services such as SD-WAN.
Provides Better:
· Security
Benefits of a Zero Trust
· Access controls
Architecture
· Compliance
· Granularity
& Answers/ Already Graded A+/ 2025.
Terms in this set (186)
Security Content A suite of interoperable specifications designed to
Automation Protocol standardize the formatting and naming conventions used to
identify and report on the presence of software flaws, such
(SCAP)
as misconfigurations and/or vulnerabilities.
SCAP Languages * Open Vulnerability and Assessment Language
(OVAL)
* Asset Reporting Format (ARF)
* Extensible Configuration Checklist Description
Format (XCCDF)
Nikto Command line web server scanner that the security
analyst can use to specifically identify vulnerabilities in
web servers. It can quickly scan multiple web servers and
provide comprehensive information on any detected
vulnerabilities.
Objectives that help measure and assess the effectiveness of
security operations.
Cybersecurity
servicelevel objectives Include:
(SLOs)
* Mean Time to Detect (MTTD) *
Mean time to Recover (MTTR) *
Time to Patch.
,Threat modeling The process of identifying and assessing the possible threat
actors and attack vectors that pose a risk to the security of
an app, network, or other system.
It is typically a collaborative process
Technical Security A category of security control that is implemented as a
Controls system (hardware, software, or firmware). Examples include
firewalls, antivirus software, and OS access control. Also
called logical controls.
Managerial Security Managerial controls focus on evaluating and managing risks
Controls at a broader organizational level.
A category of security control that gives oversight of the
information system.
Operational Security Day-to-day procedures and guidelines implemented and
Controls followed by employees and IT staff. A category of security
control that is implemented by people.
Examples, security guards and training programs are
operational controls rather than technical controls.
Preventative Security A type of security control that acts before an incident to
Controls eliminate or reduce the likelihood that an attack can
succeed.
Detective Security A type of security control that acts during an incident to
Controls identify or record that it is happening.
Corrective Security A type of security control that acts after an incident to
Controls eliminate or minimize its impact.
Responsive Security A type of security control that serves to direct corrective
Controls actions after an incident has been confirmed.
Attack Surface All potential pathways a threat actor could use
Edge discovery Composed of every device with Internet connectivity.
,Adversary emulation Involves simulating a real-world cyber attack by an actual
adversary to assess an organization's defenses. This technique
involves a more comprehensive and realistic simulation of a
targeted attack.
Methods of Reducing · Asset inventory
Attack Surface · Access control
· Patching and updating
· Network segmentation
· Removing unnecessary components
· Employee training
Configuration · Puppet
Management Tools · Ansible
· Chef
· Terraform
Sources of OSINT · Publicly available information
· Social Media
· HTML Code
· Metadata
Sources of Defensive · CERT
OSINT · CSIRT
· Deep/Dark Web
· Internal Sources
· Government Bulletins
· Active Defense - Using offensive actions to outmaneuver
an adversary to make an attack harder to execute.
Decoy Methods
· Honeypots - A host, network, or file set up with the purpose of
luring attackers away from assets of actual value and/or
discovering attack strategies and weaknesses in the security
configuration.
, Indicators of Attack (IoT) Signs or clues indicating a malicious attack on a system or
network is currently occurring. These include, but are not
limited to, unusual network traffic, strange log file entries,
or suspicious user account activity.
Indicators of Compromise Suggest that a security incident may have occurred, such as
(IoC) traffic from an IP or domain associated with malicious
activity. Identified in system and applications logs, network
monitoring software, endpoint protection tools, and
security information and event management (SIEM)
platforms. Do not prove a successful attack or breach has
occurred.
JavaScript Object An ideal choice for web applications due to its lightweight
Notation (JSON) nature, ease of parsing in JavaScript environments, and
efficient client-server communication over networks.
Good for large data sets
Secure Access Service A networking and security architecture that provides secure
Edge (SASE) access to cloud applications and services while reducing
complexity. It combines security services like firewalls,
identity and access management, and secure web gateway
with networking services such as SD-WAN.
Provides Better:
· Security
Benefits of a Zero Trust
· Access controls
Architecture
· Compliance
· Granularity
