Home > Articles

Summarizing the Techniques Used in Security Assessments

In this sample chapter from CompTIA Security+ SY0-601 Cert Guide, 5th Edition, you will learn how the threat-hunting process leverages threat intelligence.

This chapter is from the book

This chapter covers the following topics related to Objective 1.7 (Summarize the techniques used in security assessments) of the CompTIA Security+ SY0-601 certification exam:

  • Threat hunting

    • Intelligence fusion

    • Threat feeds

    • Advisories and bulletins

    • Maneuver

  • Vulnerability scans

    • False positives

    • False negatives

    • Log reviews

    • Credentialed vs. non-credentialed

    • Intrusive vs. non-intrusive

    • Application

    • Web application

    • Network

    • Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS)

    • Configuration review

  • Syslog/Security information and event management (SIEM)

    • Review reports

    • Packet capture

    • Data inputs

    • User behavior analysis

    • Sentiment analysis

    • Security monitoring

    • Log aggregation

    • Log collectors

  • Security orchestration, automation, and response (SOAR)

This chapter starts by introducing threat hunting and how the threat-hunting process leverages threat intelligence. Then you learn about vulnerability management tasks, such as keeping up with security advisories and performing vulnerability scans. You also learn about the importance of collecting logs (such as system logs [syslogs]) and analyzing those logs in a Security Information and Event Management (SIEM) system. In addition, you learn how security tools and solutions have evolved to provide Security Orchestration, Automation, and Response (SOAR) capabilities to better defend your network, your users, and your organizations overall.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Chapter Review Activities” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 7-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 7-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Threat Hunting

1–3

Vulnerability Scans

4–6

Syslog and Security Information and Event Management (SIEM)

7–8

Security Orchestration, Automation, and Response (SOAR)

9–10

  1. What is the act of proactively and iteratively looking for threats in your organization that may have bypassed your security controls and monitoring capabilities?

    1. Threat intelligence

    2. Threat hunting

    3. Threat binding

    4. None of these answers are correct.

  2. Which of the following provides a matrix of adversary tactics, techniques, and procedures that modern attackers use?

    1. ATT&CK

    2. CVSS

    3. CVE

    4. All of these answers are correct.

  3. Which identifier is assigned to disclosed vulnerabilities?

    1. CVE

    2. CVSS

    3. ATT&CK

    4. TTP

  4. Which broad term describes a situation in which a security device triggers an alarm, but no malicious activity or actual attack is taking place?

    1. False negative

    2. True negative

    3. False positive

    4. True positive

  5. Which of the following is a successful identification of a security attack or a malicious event?

    1. True positive

    2. True negative

    3. False positive

    4. False negative

  6. Which of the following occurs when a vulnerability scanner logs in to the targeted system to perform deep analysis of the operating system, running applications, and security misconfigurations?

    1. Credentialed scan

    2. Application scan

    3. Noncredentialed scan

    4. None of these answers are correct.

  7. Which of the following are functions of a SIEM?

    1. Log collection

    2. Log normalization

    3. Log correlation

    4. All of these answers are correct.

  8. Which solution allows security analysts to collect network traffic metadata?

    1. NetFlow

    2. SIEM

    3. SOAR

    4. None of these answers are correct.

  9. Which solution provides capabilities that extend beyond traditional SIEMs?

    1. SOAR

    2. CVSS

    3. CVE

    4. IPFIX

  10. Which of the following can be capabilities and benefits of a SOAR solution?

    1. Automated vulnerability assessment

    2. SOC playbooks and runbook automation

    3. Orchestration of multiple SOC tools

    4. All of these answers are correct.

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |