Practices Used to Secure a Corporate Environment

This chapter is from the book

CompTIA Cybersecurity Analyst (CySA+) Cert Guide

Learn More Buy

This chapter is from the book

This chapter is from the book 

CompTIA Cybersecurity Analyst (CySA+) Cert Guide

Learn More Buy

Securing a corporate environment is not a one-time endeavor. It should entail a set of processes that are embedded into day-to-day operations. Some of these processes, such as penetration testing, are deigned to locate weaknesses before attackers do, while other processes, such as fingerprinting and decomposition, are important to understand because they are techniques that attackers use to thwart your best efforts at preventing the delivery of malware. This chapter discusses the process of penetration testing, the value of understanding how attackers use fingerprinting and decomposition, the importance of training and exercises, and the steps in the risk management process.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. Table 4-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so you can assess your knowledge of these specific areas. The answers to the quiz appear in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.” If you miss no more than one of these self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks.”

Table 4-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

1. Which of the following is the first step in a pen test?

   1. Gather information about attack methods against the target system or device.

   2. Execute attacks against the target system or device to gain user and privileged access.

   3. Document information about the target system or device.

   4. Document the results of the penetration test.

2. In which type of tests is the testing team provided with limited knowledge of the network systems and device?

   1. Blind test

   2. Double-blind test

   3. Target test

   4. External test

3. Which of the following is also referred to as a closed, or black-box, test?

   1. Zero-knowledge test

   2. Partial-knowledge test

   3. Full-knowledge test

   4. Target test

4. Which of the following is not covered in the rules of engagement?

   1. Timing

   2. Scope

   3. Compensation

   4. Authorization

5. Which of the following acts as the network defense team?

   1. Blue team

   2. White team

   3. Purple team

   4. Red team

6. With which of the following can malware executable files be executed without allowing the files to interact with the local system?

   1. Sandboxing

   2. DMZ

   3. Trusted Foundry

   4. Decomposition

7. When performing qualitative risk evaluation, which of the following is considered in addition to the impact of the event?

   1. Attack vectors

   2. Likelihood

   3. Costs

   4. Frequency