CompTIA CySA, Top Questions and answers, 100% Accurate. VERIFIED.
3 views 0 purchase
Course
CompTIA CySA
Institution
CompTIA CySA
CompTIA CySA, Top Questions and answers, 100% Accurate. VERIFIED.
Security Content Automation Protocol (SCAP) - -Is an effort by the security community, led by the national Institute of standards and technology, to create a standardized approach for communicating security related information. ...
CompTIA CySA, Top Questions and
answers, 100% Accurate. VERIFIED.
Security Content Automation Protocol (SCAP) - ✔✔-Is an effort by the security community, led by the
national Institute of standards and technology, to create a standardized approach for communicating
security related information. This standardization is important to the automation of interactions
between security components.
CCE - Common configuration enumeration - ✔✔-Provides a standard nomenclature for discussing
system configuration issues
CPE - common platform enumeration - ✔✔-Provides a standard nomenclature for describing product
names and versions
CVE (Common Vulnerabilities and Exposures) - ✔✔-Provides a standard nomenclature for describing
security related software flaws
CVSS (Common Vulnerability Scoring System) - ✔✔-Provides a standardized approach for measuring and
describing The severity of a security related software flaw
XCCDF - Extensible configuration checklist description format - ✔✔-Language for specifying checklist and
reporting checklist results
OVAL - Open vulnerability and assessment language - ✔✔-A language for specifying a low level testing
procedures used by checklists.
Fuzz testing - ✔✔-Fuzzing is a software testing technique that feeds software many different input
values in an attempt to cause an unpredictable state or unauthorized access.
Interface Testing - ✔✔-Large software solutions are developed by different developers. Different pieces
of software is developed as different components. Some components may even be purchased from
third-party vendors and others may be developed by in-house developers. The overall system is so
, complex that no single person can know the end-to-end functioning of the system on a detailed basis.
Standard interfaces solve this problem by tying the components together. Interfaces the developers use
to tie to external systems are known as application programming interfaces or APIs. *APIs require
careful testing for two reasons. First, they are crucial to the operations of businesses. If APIs don't work
properly, they may cause disruptions to business operations. Second, APIs present unique security
issues. They often interact directly with databases and other backend systems and must be very
carefully tested to ensure that they do not introduce security vulnerabilities.*
Public APIs - ✔✔-Public APIs allow people to integrate their own applications with online services. Many
web services including LinkedIn, Twitter, Google, Facebook, Amazon, and others offer public APIs.
Term - ✔✔-Threat Management
Term - ✔✔-large dataset
Threat Indicators - ✔✔-Properties that describe a threat. For example, threat indicators might include IP
addresses, malicious file signatures, communications patterns, or other other identifiers that analysts
can use to identify a threat actor.
Frameworks used to share threat data or threat intelligence - ✔✔--The Cyber Observable eXpression, or
CybOX
-The Structured Threat Information eXpression, or STIX
- The Trusted Automated eXchange of Indicator Information, or TAXII, is a set of services that actually
share security information between systems and organizations.
What is STIX - ✔✔-The Structured Threat Information eXpression, or STIX, is a standardized language
used to communicate security information between systems and organizations.
What is - TAXII? - ✔✔-The Trusted Automated eXchange of Indicator Information, or TAXII, is a set of
services that actually share security information between systems and organizations.
OpenIOC-Mandian threat framework - ✔✔-OpenIOC, is another framework for describing and sharing
security threat information that was originally developed by FireEye's Mandiant security team.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller PassPoint02. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.99. You're not tied to anything after your purchase.