100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CompTIA CySA, Top Questions and answers, 100% Accurate. VERIFIED. $8.99   Add to cart

Exam (elaborations)

CompTIA CySA, Top Questions and answers, 100% Accurate. VERIFIED.

 3 views  0 purchase
  • Course
  • Institution

CompTIA CySA, Top Questions and answers, 100% Accurate. VERIFIED. Security Content Automation Protocol (SCAP) - -Is an effort by the security community, led by the national Institute of standards and technology, to create a standardized approach for communicating security related information. ...

[Show more]

Preview 2 out of 6  pages

  • August 11, 2023
  • 6
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CompTIA CySA, Top Questions and
answers, 100% Accurate. VERIFIED.

Security Content Automation Protocol (SCAP) - ✔✔-Is an effort by the security community, led by the
national Institute of standards and technology, to create a standardized approach for communicating
security related information. This standardization is important to the automation of interactions
between security components.



CCE - Common configuration enumeration - ✔✔-Provides a standard nomenclature for discussing
system configuration issues



CPE - common platform enumeration - ✔✔-Provides a standard nomenclature for describing product
names and versions



CVE (Common Vulnerabilities and Exposures) - ✔✔-Provides a standard nomenclature for describing
security related software flaws



CVSS (Common Vulnerability Scoring System) - ✔✔-Provides a standardized approach for measuring and
describing The severity of a security related software flaw



XCCDF - Extensible configuration checklist description format - ✔✔-Language for specifying checklist and
reporting checklist results



OVAL - Open vulnerability and assessment language - ✔✔-A language for specifying a low level testing
procedures used by checklists.

Fuzz testing - ✔✔-Fuzzing is a software testing technique that feeds software many different input
values in an attempt to cause an unpredictable state or unauthorized access.



Interface Testing - ✔✔-Large software solutions are developed by different developers. Different pieces
of software is developed as different components. Some components may even be purchased from
third-party vendors and others may be developed by in-house developers. The overall system is so

, complex that no single person can know the end-to-end functioning of the system on a detailed basis.
Standard interfaces solve this problem by tying the components together. Interfaces the developers use
to tie to external systems are known as application programming interfaces or APIs. *APIs require
careful testing for two reasons. First, they are crucial to the operations of businesses. If APIs don't work
properly, they may cause disruptions to business operations. Second, APIs present unique security
issues. They often interact directly with databases and other backend systems and must be very
carefully tested to ensure that they do not introduce security vulnerabilities.*



Public APIs - ✔✔-Public APIs allow people to integrate their own applications with online services. Many
web services including LinkedIn, Twitter, Google, Facebook, Amazon, and others offer public APIs.



Term - ✔✔-Threat Management



Term - ✔✔-large dataset



Threat Indicators - ✔✔-Properties that describe a threat. For example, threat indicators might include IP
addresses, malicious file signatures, communications patterns, or other other identifiers that analysts
can use to identify a threat actor.



Frameworks used to share threat data or threat intelligence - ✔✔--The Cyber Observable eXpression, or
CybOX

-The Structured Threat Information eXpression, or STIX

- The Trusted Automated eXchange of Indicator Information, or TAXII, is a set of services that actually
share security information between systems and organizations.



What is STIX - ✔✔-The Structured Threat Information eXpression, or STIX, is a standardized language
used to communicate security information between systems and organizations.



What is - TAXII? - ✔✔-The Trusted Automated eXchange of Indicator Information, or TAXII, is a set of
services that actually share security information between systems and organizations.



OpenIOC-Mandian threat framework - ✔✔-OpenIOC, is another framework for describing and sharing
security threat information that was originally developed by FireEye's Mandiant security team.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller PassPoint02. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $8.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$8.99
  • (0)
  Add to cart