CompTIA CySA+ Practice Tests. Mike Chapple
Читать онлайн книгу.infrastructure management.
Chapter 1 Domain 1.0: Threat and Vulnerability Management
EXAM OBJECTIVES COVERED IN THIS CHAPTER:
1.1 Explain the importance of threat data and intelligence.Intelligence sourcesConfidence levelsIndicator managementThreat classificationThreat actorsIntelligence cycleCommodity malwareInformation sharing and analysis communities
1.2 Given a scenario, utilize threat intelligence to support organizational security.Attack frameworksThreat researchThreat modeling methodologiesThreat intelligence sharing with supported functions
1.3 Given a scenario, perform vulnerability management activities.Vulnerability identificationValidationRemediation/mitigationScanning parameters and criteriaInhibitors to remediation
1.4 Given a scenario, analyze the output from common vulnerability assessment tools.Web application scannerInfrastructure vulnerability scannerSoftware assessment tools and techniquesEnumerationWireless assessment toolsCloud infrastructure assessment tools
1.5 Explain the threats and vulnerabilities associated with specialized technology.MobileInternet of Things (IoT)EmbeddedReal-time operating system (RTOS)System-on-Chip (SoC)Field programmable gate array (FPGA)Physical access controlBuilding automation systemsVehicles and dronesWorkflow and process automation systemsIndustrial control systems (ICS)Supervisory control and data acquisition (SCADA)
1.6 Explain the threats and vulnerabilities associated with operating in the cloud.Cloud service modelsCloud deployment modelsFunction as a service (FaaS)/serverless architectureInfrastructure as code (IaC)Insecure application programming interface (API)Improper key managementUnprotected storageLogging and monitoring
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.Attack typesVulnerabilities
1 Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which one of the following sources is most likely to be available without a subscription fee?Vulnerability feedsOpen sourceClosed sourceProprietary
2 During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?Perform a DNS brute-force attack.Use an nmap ping sweep.Perform a DNS zone transfer.Use an nmap stealth scan.
3 Roger is evaluating threat intelligence information sources and finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?TimelinessExpenseRelevanceAccuracy
4 What markup language provides a standard mechanism for describing attack patterns, malware, threat actors, and tools?STIXTAXIIXMLOpenIOC
5 A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?OraclePostgresMySQLMicrosoft SQL
6 Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)?HacktivistNation-stateInsiderOrganized crime
7 During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?Determine the reason for the ports being open.Investigate the potentially compromised workstation.Run a vulnerability scan to identify vulnerable services.Reenable the workstation's local host firewall.
8 Charles is working with leaders of his organization to determine the types of information that should be gathered in his new threat intelligence program. In what phase of the intelligence cycle is he participating?DisseminationFeedbackAnalysisRequirements
9 As Charles develops his threat intelligence program, he creates and shares threat reports with relevant technologists and leaders. What phase of the intelligence cycle is now occurring?DisseminationFeedbackCollectionRequirements
10 What