CySA+
  • Introduction
  • Exam Objectives
    • Quiz
      • Threat and Vulnerability Management Competency
        • Questions
  • 1.0 Threat and Vulnerability Management
    • 1.1 Explain the importance of threat data and intelligence
      • Page 1
      • Intelligence Sources
      • Confidence Levels
      • Indicator Management
        • Trusted Automated eXchange of Indicator Information (TAXII)
        • OpenIoC
      • Threat classification
        • Known threat vs. unknown threat
        • Zero-day
        • Advanced persistent threat
      • Open-source intelligence
      • Proprietary / closed-source intelligence
      • Timeliness, Relevancy, Accuracy
    • 1.2 Given a scenario, utilise threat intelligence to support organisational security
    • 1.3 Given a scenario, perform vulnerability management activities
    • 1.4 Given a scenario, analyse the output from common vulnerability assessment tools
    • 1.5 Explain the threats and vulnerabilities associated with specialised technology
    • 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
    • 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
  • 2.0 Software and Systems Security
    • 2.2 Explain software assurance best practices
    • 2.1 Given a scenario, apply security solutions for infrastructure management
    • 2.3 Explain hardware assurance best practices
Powered by GitBook
On this page
  1. Exam Objectives
  2. Quiz

Threat and Vulnerability Management Competency

Topics covered:

  • discuss true positives and negatives as well as false positives and negatives

  • manage threat indicators

  • identify and prioritize risk mitigation techniques

  • explore CVSS severity levels

  • identify commonalities shared amongst bug bounties

  • recall how overflow attacks work

  • list different types of cross-site scripting attacks

  • use the BeEF tool to hack a web browser

  • describe how the use of insecure XML components can lead to web application compromise

  • list common web application vulnerabilities

  • use the OWASP ZAP tool to test web application security

  • use the slowhttptest command to run a DoS attack against an HTTP web site

  • describe ARP poisoning attacks

  • use Kali Linux to execute an ARP poisoning MiTM attack

  • recognize how malicious users use a variety of password attacks to compromise user accounts

  • use the hydra tool to brute force a Windows RDP connection

  • use John the Ripper to crack user passwords

  • recognize how SEDs provide protection for data at rest

  • recognize how HSMs are used for encryption offloading and the storage of cryptographic secrets

  • provide examples of PaaS

  • provide examples of SaaS

  • deploy cloud resources using a JSON template

  • identify how ITIL influences efficient service delivery, including change management implementation

  • recognize the benefits of VDI

  • configure an Amazon Workspaces VDI environment

  • connect a client device to an Amazon Workspace VDI

  • list how different types of firewalls protect digital assets

  • configure a Windows host firewall

  • configure an Amazon Web Services Network Security Group

  • describe the role NAC plays in securing a network environment

PreviousQuizNextQuestions

Last updated 2 years ago