🃏 CySA+ Flashcards

Q: What is STIX?

A: Structured Threat Information eXpression — standardized language for sharing cyber threat intelligence (JSON format).

Q: What is TAXII?

A: Trusted Automated eXchange of Intelligence Information — transport protocol for sharing threat intelligence (STIX data).

Q: What is CVSS?

A: Common Vulnerability Scoring System — 0-10 scale rating severity. Base (intrinsic), Temporal (time-based), Environmental (organizational context).

Q: What is the IR lifecycle?

A: Preparation → Detection & Analysis → Containment → Eradication → Recovery → Post-Incident Activity (Lessons Learned).

Q: What is threat hunting?

A: Proactive search for threats not detected by automated tools. Hypothesis-driven, uses IOCs and TTPs.

Q: What is chain of custody?

A: Documentation tracking evidence handling from collection to court. Who had it, when, what was done. Essential for legal proceedings.

Q: What is a false positive?

A: An alert that incorrectly identifies benign activity as malicious. High false positives cause alert fatigue.

Q: What is SOAR?

A: Security Orchestration, Automation, and Response — automates repetitive security tasks and incident response workflows.

Q: What is an IOC?

A: Indicator of Compromise — artifact (IP, hash, domain, pattern) suggesting a system may be compromised.

Q: What is MITRE ATT&CK?

A: Knowledge base of adversary tactics, techniques, and procedures (TTPs). Organized by attack phases. Used for threat modeling and detection.