CySA+: Compliance and Assessment Competency (Intermediate Level)

  • 30m
  • 30 questions
The CySA+: Compliance and Assessment Competency benchmark will measure your ability to recognize key terms and concepts related to compliance and assessment. You will be evaluated on business continuity, malware threats, encryption, and hashing. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key compliance and assessment terminology and concepts.

Topics covered

  • allow business continuity during unexpected disruptions
  • apply various risk treatments to risks
  • benefit from lessons learned during incident response
  • configure custom encryption keys for cloud storage
  • define how cryptography protects sensitive data
  • define which types of solutions provide IT system and data high availability
  • deploy a private CA using Amazon Web Services
  • describe common characteristics of a business continuity plan, BIA, and related insurance options
  • describe how cybersecurity insurance is a form of risk transference
  • describe the proliferation of botnets under malicious user control
  • disable SSL on web clients and servers
  • download and verify a checksum for Kali Linux
  • generate file hashes on a Linux system
  • generate file hashes on a Windows system
  • identify the steps in the PKI certificate lifecycle
  • identify the various forms of social engineering and the related security risks
  • list the components of a PKI hierarchy
  • proactively design a plan that outlines the response to disruptions
  • protect data at rest on a Linux system
  • protect data at rest using BitLocker
  • protect data at rest using EFS
  • recall how structured risk management frameworks work
  • recognize differences between malware types
  • recognize how malware and resultant botnets have become a commodity for black markets
  • recognize how SSL and TLS are used to secure network traffic
  • recognize the danger of ransomware and how to mitigate this threat
  • recognize the importance of hashing for file systems and network communications
  • recognize the relevance of a risk register
  • use the Social Engineering Toolkit to execute social engineering attacks
  • view authentic e-mail phishing messages