Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CySA+ Weak Areas

Weak Areas to fine tune before the test

QuestionAnswer
The four different phases of incident response are Preparation, Detection and analysis, containment eradication and recovery, post incident activity
Makes the system resilient to attacks by hardening systems, writing policies and procedures, and setting up confidential lines of communication Preparation
Testing and exercises, preparing kits and training staff are examples of the _____phase Preparation
Determines if an incident has taken place, triage it, and notify the relevant stakeholders Detection and analysis
Limits the scope and magnitude of the incident by securing data and limiting impact to business operations and your customers Containment
The cyber kill chain consists of 1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. Command and Control 7. Actions and objectives
Review examples of the phases of the cyber kill chain. Review examples of the phases of the cyber kill chain.
This is a process that destroys data by using a powerful magnet to disrupt a device’s magnetic field, rendering data unreachable. The problem is that you have no way of knowing if data has actually been destroyed because the device becomes inoperable Degaussing
www.dion.com/.../.../.../ is an example of a directory transversal attack
To protect yourself from cross-site scripting (XSS) you should conduct input validation
_______is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. Cross-site scripting (XSS)
is when an attacker takes control of someone’s online activity by stealing or guessing the information that lets the website know the person is still logged in. Session hijacking
works by exploiting the trust that a web application has in a user's browser. Attackers craft a malicious URL or script designed to perform an unwanted action on behalf of the victim. Cross-Site Request Forgery (CSRF)
Concept of order of votality is ... how long is the data going to stick around before it is not available anymore.
Most volatile data = data that has the potential to disappear the most.
Order of volatility from most volatile to least volatile numbered ... 1. CPU registries, CPU cache 2. Router table, ARP cache, kernel stats, memory 3. temporary file systems 4. Disk 5.Remote logging data 6. Physical config. data, network topology 7.Archival media
is a way for a domain to list all the servers they send emails from. Sender Policy Framework (SPF)
enables domain owners to automatically "sign" emails from their domain, just as the signature on a check helps confirm who wrote the check. DomainKeys Identified Mail (DKIM)
tells a receiving email server what to do given the results after checking SPF and DKIM. A domain's DMARC policy can be set in a variety of ways — it can instruct mail servers to quarantine emails that fail SPF or DKIM (or both), to reject such emails,. Domain-based Message Authentication Reporting and Conformance (DMARC)
Port 21 & 20 FTP, File Transfer Protocol command control
Port 22 SSH/SCP/SFTP, Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding
Port 23 Telnet, Telnet protocol, for unencrypted text communications
Port 25 SMTP, Simple Mail Transfer Protocol, used for email routing between mail servers
Port 53 DNS, Domain Name System name resolver
Port 80 HTTP, Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP
Port 110 POP3, Post Office Protocol, version 3 (POP3)
Port 123 NTP, Network Time Protocol
Port 143 IMAP, Internet Message Access Protocol (IMAP), management of electronic mail messages on a server
Port 443 HTTPS (HTTP over SSL), Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP.
This tool is designed to identify files in a partition or volume that is missing it's index or file allocation table. File carving tool
If a system is infected with a memory resident malware package what is the best means of finding the malware? search the core dump or hibernation file
The <SCRIPT> tag is used to mark the beginning of a code and its use is indicative of a _________ cross site scripting attack
PCI DSS requirements for vulnerability scan frequency is... on at least a quarterly basis.
Community-driven database that keeps track of IP addresses reported for abusive behavior AbuseIPDB
is a command-line utility that you can use to capture and inspect network traffic going to and from your system. Tcpdump
is a vulnerability that can be used to manipulate the application to redirect users to a different URL other than the one that's intended. T Open redirect
is a nonprofit organization that works with a global community to develop best practices for cybersecurity. The Center for Internet Security
True or False? Network segmentation involves dividing a network into subnets to control access and traffic flow. Network isolation is more severe, creating a standalone network with no connectivity to other parts of the network. True
________also known as a man-in-the-middle (MitM) attack, is a cyberattack where an attacker intercepts or alters communication between two parties. on-path attack
True or False? Write Zero, also known as Single Overwrite, zero fill erase or zero-fill, is one of the most popular methods. The Write Zero data sanitization method replaces your regular, readable data with zeros, True
_____________a firmware-based command that overwrites a drive's media with zeros or ones to permanently erase all user data: It completely destroys all user data and the management table, making it unrecoverable. ATC secure erase
{"Geeks":[ { "firstName":"Vivek", "lastName":"Kothari" }, { "firstName":"Suraj", "lastName":"Kumar" }, { "firstName":"John", "lastName":"Smith" }, { "firstName":"Peter", "lastName":"Gregory" } ]} JSON
<Geeks> <Geek> <firstName>Vivek</firstName> <lastName>Kothari</lastName> </Geek> <Geek> <firstName>Suraj</firstName> <lastName>Kumar</lastName> </Geek> <Geek> <firstName>John</firstName> <lastNam XML
<!DOCTYPE html> <html> <head> <title>GeeksforGeeks</title> </head> <body> <h1 style="color: green;"> GeeksforGeeks </h1> <p> A Computer Science portal for geeks </p> </body> </html> HTML
sequence in cybersecurity typically involves: identifying problems, gathering data including logs and timelines, analyzing the data, pinpointing the root cause through techniques & finally, developing remediation and prevention strategies Root cause analysis
Port 3306 MySQL
Port 1521 Oracle
Port 5432 Postgres
Port 1433/1434 Microsoft SQL
Assessing application security by supplying it with invalid inputs. Fuzzing
CVSS base metrics consist of AV, AC, PR, UI, S, C, I, A which are Attack vector, attack complexity, privileges required, user interaction, scope, confidentiality, integrity, and availability
Access Vector (AV) AV can be P(physical), L(local), A(adjacent) or N(network)
User Interaction (UI) N(None), R (Required)
Scope(S) can be U or S... Changed or Unchanged
Unchanged(U).... affects only the local security context
Changed(C) affects the entire security context
This is another term for virtual machine hypervisor
HTTP Status codes 100-199 Informational Responses
HTTP Status codes 200-209 Successful Responses
HTTP Status codes 300-399 Redirects
HTTP Status codes 400-499 Client Errors
HTTP Status codes 500-599 Server Errors
In Linux systems, /var/log is a directory that contains log files from the system and various programs/services.
SCADA (Supervisory Control and Data Acquistion) is a form of industrial control system (ICS) that is used to maintain sensors and control systems over a large geographic area.
DNS Sinkholes redirects Internet traffic to change the flow to malicious URLs, and prevents devices from connecting to these dodgy domains. With a DNS sinkhole, organizations can restrict access to malicious websites (where bad URLs go to die)
Created by: mkaila
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards