CySA+ Exam guide |181 Questions and Answers
DNS Sinkhole - -Provide a response to a DNS query that does not resolve the IP address..
Instead targets the addresses for known malicious domains
-Role-Based access control (RBAC) - -grants permissions based on a user's role or group.
-Reverse Engineering - -the process of decontructing something in order to discover its
features and constituents
-Banner grabbing - -used to gain information about a computer system on a network and
the services running on its open ports. Administrators can use this to take inventory of the
systems and services on their network.
-Cross-site scripting XSS - -a vulnerability in a web application that allows malicious users
to execute arbitrary client side scripts.
-Forensic Acquisition - -The process of extracting the digital contents from seized
evidence so that they may be analyzed
-Fuzzing - -techniqued used to discover flaws and vulnerabilities in software by sending
large amounts of malformed, unexpected, or random data to the target programs in order
to trigger failures
-Netstat - -command-line interface tool that provides information on the status of network
connections and listening sockets
-Input validation - -an approach to protecting systems from abnormal user input by
testing the data provided against appropriate values. (cha p 14)
-Interception Proxy - -is a software tool that is inserted between two endpoints usually on
the same network. to monitor traffic and help with security testing.
-SQL injection - -A code injection technique that exploits security vulnerabilities in the DB
layer of an application.
-Application Programing Interface - -a set of subroutine definitions, protocols, and tools
for building software. In general terms, it is a set of clearly defined methods of
communication between various components.
-types of NAC policy? - -1. location based
2 time based
3 Role Based
4 rule based
, -a padded cell - -performs intrusion isolation
-after detection, intruder is automatically transferred here, which resembles a real
environment but is fake and attacker cannot perform any dangerous activities
-admin's can gather evidence here
A system that waits for an IDS to detect an attacker and then transfers the attacker to a
special host where he or she cannot do any damage to the production environment.
-firewalking - -The concept of walking a firewall ACL or ruleset to determine what it filters
and how.
-Armitage - -gives you the users interface
-ARP Spoofing - -Forging a MAC address in ARP messages. An attacker sends false ARP
information that contains the MAC address of the attacker's computer mapped to the IP of a
legitimate server, causing client to connect to attacker's PC.
or ARP poisoning, is a technique used by an attacker to,inject the wrong MAC address
association into a network by issuing fake ARP requests. An attacker forges the MAC
address of a device and then frames can be sent to the wrong destination.
-brute force attack - -An attack on passwords or encryption that tries every possible
password or encryption key.
-NIST - -National Institute of Standards and Technology
-Cyber-security Framework - -divided in to three components:
- Frame work Core
- Implementation Tiers
- Frame Work Profile
-Methods to validate a vulnerabilty scan - -1. repeat the scan with a different scanner
2. Review logs
3. compare to the base line
4. repeat the scan with the same scanner
-MAC Limiting mitigates - -1. Flooding attacks
2. ARP spoofing
-Sanitize the Media - -prep step before writing to the suspect drive
-Untidy aka Peach - -Fuzzer solutions ideal for XML appls
-Easier to filter - -Advantage of NMAP 'grepable" output format
-Grep - -command for running a regular expression to search for a particular string.
-ways to perform DNS Harvesting - -Whois
DNS Sinkhole - -Provide a response to a DNS query that does not resolve the IP address..
Instead targets the addresses for known malicious domains
-Role-Based access control (RBAC) - -grants permissions based on a user's role or group.
-Reverse Engineering - -the process of decontructing something in order to discover its
features and constituents
-Banner grabbing - -used to gain information about a computer system on a network and
the services running on its open ports. Administrators can use this to take inventory of the
systems and services on their network.
-Cross-site scripting XSS - -a vulnerability in a web application that allows malicious users
to execute arbitrary client side scripts.
-Forensic Acquisition - -The process of extracting the digital contents from seized
evidence so that they may be analyzed
-Fuzzing - -techniqued used to discover flaws and vulnerabilities in software by sending
large amounts of malformed, unexpected, or random data to the target programs in order
to trigger failures
-Netstat - -command-line interface tool that provides information on the status of network
connections and listening sockets
-Input validation - -an approach to protecting systems from abnormal user input by
testing the data provided against appropriate values. (cha p 14)
-Interception Proxy - -is a software tool that is inserted between two endpoints usually on
the same network. to monitor traffic and help with security testing.
-SQL injection - -A code injection technique that exploits security vulnerabilities in the DB
layer of an application.
-Application Programing Interface - -a set of subroutine definitions, protocols, and tools
for building software. In general terms, it is a set of clearly defined methods of
communication between various components.
-types of NAC policy? - -1. location based
2 time based
3 Role Based
4 rule based
, -a padded cell - -performs intrusion isolation
-after detection, intruder is automatically transferred here, which resembles a real
environment but is fake and attacker cannot perform any dangerous activities
-admin's can gather evidence here
A system that waits for an IDS to detect an attacker and then transfers the attacker to a
special host where he or she cannot do any damage to the production environment.
-firewalking - -The concept of walking a firewall ACL or ruleset to determine what it filters
and how.
-Armitage - -gives you the users interface
-ARP Spoofing - -Forging a MAC address in ARP messages. An attacker sends false ARP
information that contains the MAC address of the attacker's computer mapped to the IP of a
legitimate server, causing client to connect to attacker's PC.
or ARP poisoning, is a technique used by an attacker to,inject the wrong MAC address
association into a network by issuing fake ARP requests. An attacker forges the MAC
address of a device and then frames can be sent to the wrong destination.
-brute force attack - -An attack on passwords or encryption that tries every possible
password or encryption key.
-NIST - -National Institute of Standards and Technology
-Cyber-security Framework - -divided in to three components:
- Frame work Core
- Implementation Tiers
- Frame Work Profile
-Methods to validate a vulnerabilty scan - -1. repeat the scan with a different scanner
2. Review logs
3. compare to the base line
4. repeat the scan with the same scanner
-MAC Limiting mitigates - -1. Flooding attacks
2. ARP spoofing
-Sanitize the Media - -prep step before writing to the suspect drive
-Untidy aka Peach - -Fuzzer solutions ideal for XML appls
-Easier to filter - -Advantage of NMAP 'grepable" output format
-Grep - -command for running a regular expression to search for a particular string.
-ways to perform DNS Harvesting - -Whois
