Menu

Threat and Vulnerability Management

  1. Explain the importance of threat data and intelligence

    • Intelligence sources

      • Open-source intelligence
      • Proprietary/closed-source intelligence
      • Timeliness
      • Relevancy
      • Accuracy

    • Confidence Levels

    • Indicator management

      • Structured Threat Information eXpression (STIX)
      • Trusted Automated eXchange of Indicator Information (TAXII)
      • OpenIoC

    • Threat Classification

      • Known threat vs. unknown threat
      • Zero-day
      • Advanced persistent threat

    • Threat actors

      • Nation-state
      • Hacktivist
      • Organized crime
      • Insider threat
        • Intentional
        • Unintentional

    • Intelligence cycle

      • Requirements
      • Collection
      • Analysis
      • Dissemination
      • Feedback

    • Commodity malware

    • Information sharing and analysis communities

      • Healthcare
      • Financial
      • Aviation
      • Government
      • Critical infrastructure

  2. Given a scenario, utilize threat intelligence to support organizational security.

    • Attack frameworks

      • MITRE ATT&CK
      • The Diamond Model of Intrusion Analysis
      • Kill chain

    • Threat research

      • Reputational
      • Behavioral
      • Indicator of compromise (IoC)
      • Common vulnerability scoring system (CVSS)

    • Threat modeling methodologies

      • Adversary capability
      • Total attack surface
      • Attack vector
      • Impact
      • Likelihood

    • Threat intelligence sharing with supported functions

      • Incident response
      • Vulnerability management
      • Risk management
      • Security engineering
      • Detection and monitoring

  3. Given a scenario, perform vulnerability management activities.

    • Vulnerability identification

      • Asset criticality
      • Active vs. passive scanning
      • Mapping/enumeration

    • Validation

      • True positive
      • False positive
      • True negative
      • False negative

    • Remediation/mitigation

      • Configuration baseline
      • Patching
      • Hardening
      • Compensating controls
      • Risk acceptance
      • Verification of mitigation

    • Scanning parameters and criteria

      • Risks associated with scanning activities
      • Vulnerability feed
      • Scope
      • Credentialed vs. non-credentialed
      • Server-based vs. agent-based
      • Internal vs. external
      • Special considerations
        • Types of data
        • Technical constraints
        • Workflow
        • Sensitivity levels
        • Regulatory requirements
        • Segmentation
        • Intrusion prevention system (IPS), intrusion detection system (IDS), and firewall settings

    • Inhibitors to remediation

      • Memorandum of understanding (MOU)
      • Service-level agreement (SLA)
      • Organizational governance
      • Business process interruption
      • Degrading functionality
      • Legacy systems
      • Proprietary systems

  4. Given a scenario, analyze the output from common vulnerability assessment tools.

    • Web application scanner

      • OWASP Zed Attack Proxy (ZAP)
      • Burp suite
      • Nikto
      • Arachni

    • Infrastructure vulnerability scanner

      • Nessus
      • OpenVAS
      • Qualys

    • Software assessment tools and techniques

      • Static analysis
      • Dynamic analysis
      • Reverse engineering
      • Fuzzing

    • Enumeration

      • Nmap
      • hping
      • Active vs. passive
      • Responder

    • Wireless assessment tools

      • Aircrack-ng
      • Reaver
      • oclHashcat

    • Cloud infrastructure assessment tools

      • ScoutSuite
      • Prowler
      • Pacu

  5. Explain the threats and vulnerabilities associated with specialized technology.

    • Mobile

    • Internet of Things (IoT)

    • Embedded

    • Real-time operating system (RTOS)

    • System-on-Chip (SoC)

    • Field programmable gate array (FPGA)

    • Physical access control

    • Building automation systems

    • Vehicles and drones

      • CAN bus

    • Workflow and process automation systems

    • Industrial control system

    • Supervisory control and data acquisition (SCADA)

      • Modbus

  6. Explain the threats and vulnerabilities associated with operating in the cloud.

    • Cloud service models

      • Software as a Service (SaaS)
      • Platform as a Service (PaaS)
      • Infrastructure as a Service (IaaS)

    • Cloud deployment models

      • Public
      • Private
      • Community
      • Hybrid

    • Function as a Service (FaaS)/serverless architecture

    • Infrastructure as code (IaC)

    • Insecure application programming interface (API)

    • Improper key management

    • Unprotected storage

    • Logging and monitoring

      • Insufficient logging and monitoring
      • Inability to access

  7. Given a scenario, implement controls to mitigate attacks and software vulnerabilities.

      8. Attack types

    • Extensible markup language (XML) attack
    • Structured query language (SQL) injection
    • Overflow attack
      • Buffer
      • Integer
      • Heap
    • Remote code execution
    • Directory traversal
    • Privilege escalation
    • Password spraying
    • Credential stuffing
    • Impersonation
    • On-path attack (previously known as man-in-the-middle attack)
    • Session hijacking
    • Rootkit
    • Cross-site scripting
      • Reflected
      • Persistent
      • Document object model (DOM)

      Vulnerabilities

    • Improper error handling
    • Dereferencing
    • Insecure object reference
    • Race condition
    • Broken authentication
    • Sensitive data exposure
    • Insecure components
    • Insufficient logging and monitoring
    • Weak or default configurations
    • Use of insecure functions
      • strcpy

CySA

  1. Threat and Vulnerability Management
  2. Software and Systems Security
  3. Security Operations and Monitoring
  4. Incident Response
  5. Compliance and Assessment