CompTIA CySA+ Final EXAM 2022 (Complete Solution)
Despite operating a patch management program, your company has been exposed to several attacks over the
... [Show More] last few months. You have drafted a policy to require a lessons-learned incident report be created to review the historical attacks and to make this analysis a requirement following future attacks. How can this type of control be classified? - Administrative/Corrective
A bespoke application used by your company has been the target of malware. The developers have created signatures for the application's binaries, and these have been added to endpoint detection and response (EDR) scanning software running on each workstation. If a scan shows that a binary image no longer matches its signature, an administrative alert is generated. What type of security control is this? - Technical/Detective
Your company is interested in implementing routine backups of all customer databases. This will help uphold availability because you will be able to quickly and easily restore the backed-up copy, and it will also help uphold integrity in case someone tampers with the database. What controls can you implement to round out your risk mitigation strategy and uphold the components of the CIA triad? - To uphold the CIA triad, a control addressing confidentiality such as access control lists, password and data encryption, or two-factor authentication should be added.
What are your strategic, operational, and tactical requirements for threat intelligence? - Strategic requirements are related to overall themes and objectives that affect projects and business priorities. This is the information that should be shared with executives in less technical terms in order for them to make high-level decisions. This would include any large security trends and events related to the new cloud-based infrastructure, so that timely decisions can be made that keep the company in front of the quickly changing technology. Operational intelligence relates to the everyday priorities of managers and specialists. In this case, it would be necessary to understand who might be interested in compromising the system and how they might infiltrate the new cloud-based system in order to decide which steps to take in the near future. Tactical requirements relate to the actions that should taken by staff in response to specific alerts or status indicators. This type of intelligence is highly technical and would be gathered from system logs and automated feeds.
As a relatively small company, with no dedicated SOC, what is the main risk from deploying a threat intelligence feed? - The main risk of a small company deploying a threat intelligence feed is that it could provide information that isn't actionable, trigger false positives, or a false sense of security. They might not know what to do with the data.
Review the open-source feeds available at misp-project.org/feeds. What type of threat intelligence do these provide? - They provide threat intelligence for blacklisting IP addresses
Review the CTI produced by the Financial Services ISAC at fsisac.com/whatwe-do/intelligence.What additional types of information are provided? [Show Less]