Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CySA+ Domain 3

CompTIA CySA+ Domain 3: Incident Response and Management Q&As

QuestionAnswer
What is the purpose of the Cyber Kill Chain framework? To understand the stages of a cyber attack and develop defensive strategies at each stage.
What is the first stage of the Cyber Kill Chain? Reconnaissance.
What happens during the reconnaissance phase? Attackers gather information about the target using OSINT, network scanning, and social engineering.
What is weaponization in the Cyber Kill Chain? Creating malicious payloads or exploits to use against the target.
What is the delivery phase in the Cyber Kill Chain? Transmitting the weaponized payload to the target, often via phishing, drive-by downloads, or USB devices.
What is exploitation in the Cyber Kill Chain? Triggering the malicious code to exploit a vulnerability on the target system.
What is installation in the Cyber Kill Chain? Installing malware or backdoors to maintain persistence on the target system.
What is command and control (C2) in the Cyber Kill Chain? Establishing communication channels for remote control of compromised systems.
What are actions and objectives in the Cyber Kill Chain? The attacker achieves their goals, such as data exfiltration, destruction, or lateral movement.
What is the Diamond Model of Intrusion Analysis? A framework that analyzes intrusions based on adversary, victim, infrastructure, and capability.
In the Diamond Model, what does 'adversary' refer to? The attacker or threat actor, including their motivation and capabilities.
In the Diamond Model, what does 'victim' refer to? The target of the attack, including assets affected and vulnerabilities exploited.
In the Diamond Model, what does 'infrastructure' refer to? Systems and resources used to deliver the attack, such as C2 servers or malware delivery networks.
In the Diamond Model, what does 'capability' refer to? The tools, techniques, and procedures used by the adversary.
What is the MITRE ATT&CK framework? A knowledge base of adversary tactics and techniques based on real-world observations.
How is MITRE ATT&CK organized? By tactics (the 'why'), techniques (the 'how'), sub-techniques, and procedures.
What are some tactical categories in MITRE ATT&CK? Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.
What is the Open Source Security Testing Methodology Manual (OSSTMM)? A methodology for security testing and analysis, covering metrics, workflow, and verification.
What are the main testing channels in OSSTMM? Human Security, Physical Security, Wireless Communications, Telecommunications, Data Networks.
What is the OWASP Testing Guide? A framework for web application security testing, covering areas like authentication, input validation, and session management.
What are common approaches in the OWASP Testing Guide? Black box, white box, and gray box testing.
What is an Indicator of Compromise (IoC)? Evidence that suggests a security incident has occurred, such as suspicious IPs, file hashes, or behaviors.
What are the main types of IoCs? Network indicators, host-based indicators, email indicators, and behavioral indicators.
What is chain of custody in evidence acquisition? Documenting the handling of evidence from collection to presentation to maintain integrity.
How is data integrity validated during evidence acquisition? Using cryptographic hashes, digital signatures, and checksums.
What is preservation in incident response? Ensuring evidence is not altered or destroyed, using techniques like forensic imaging and memory dumps.
What is a legal hold? A process to preserve all relevant information when litigation is anticipated.
What is data and log analysis in incident response? Reviewing logs and data sources to detect, investigate, and understand security incidents.
What is the purpose of containment in incident response? To limit the spread and impact of an incident.
What is eradication in incident response? Removing the root cause of the incident, such as deleting malware or closing vulnerabilities.
What is recovery in incident response? Restoring systems and operations to normal after an incident.
What is the scope in incident response? Determining the extent and boundaries of the incident.
What is impact assessment in incident response? Evaluating the operational, financial, reputational, and regulatory consequences of an incident.
What is isolation in incident response? Separating affected systems to prevent further damage or spread.
What is remediation in incident response? Applying fixes, patches, or configuration changes to eliminate vulnerabilities.
What is re-imaging in incident response? Restoring affected systems from clean backups or images.
What are compensating controls? Alternative security measures when primary controls cannot be implemented.
What is the preparation phase in incident management? Establishing plans, tools, playbooks, and training to ensure readiness for incidents.
What is an incident response plan? A documented strategy outlining roles, responsibilities, and procedures for responding to incidents.
What are playbooks in incident response? Step-by-step guides for handling specific types of incidents.
What are tabletop exercises? Discussion-based simulations to practice and evaluate incident response plans.
Why is training important in incident response? To ensure team members understand their roles and can respond effectively to incidents.
What is business continuity (BC) and disaster recovery (DR)? Plans and processes to maintain or restore business operations after a disruption or disaster.
What is forensic analysis in post-incident activity? In-depth examination of evidence to understand the incident and support legal proceedings.
What is root cause analysis? Identifying the underlying cause of an incident to prevent recurrence.
What is the purpose of lessons learned in incident response? To review the incident, identify improvements, and update plans and procedures for future incidents.
Created by: anapaulaseidel
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards