CySA+: Threat and Vulnerability Management Competency (Intermediate Level)

  • 30m
  • 30 questions
The CySA+: Threat and Vulnerability Management Competency benchmark will measure your ability to recognize key terms and concepts related to threat and vulnerability management concepts. You will be evaluated on threat intelligence, attack types, hardware and security, cloud computing, and network infrastructure. A learner who scores high on this benchmark demonstrates that they have the skills related to threat and vulnerability management terminology and concepts.

Topics covered

  • configure an Amazon Web Services Network Security Group
  • configure an Amazon Workspaces VDI environment
  • configure a Windows host firewall
  • connect a client device to an Amazon Workspace VDI
  • deploy cloud resources using a JSON template
  • describe ARP poisoning attacks
  • describe how the use of insecure XML components can lead to web application compromise
  • describe the role NAC plays in securing a network environment
  • discuss true positives and negatives as well as false positives and negatives
  • explore CVSS severity levels
  • identify and prioritize risk mitigation techniques
  • identify commonalities shared amongst bug bounties
  • identify how ITIL influences efficient service delivery, including change management implementation
  • list common web application vulnerabilities
  • list different types of cross-site scripting attacks
  • list how different types of firewalls protect digital assets
  • manage threat indicators
  • provide examples of PaaS
  • provide examples of SaaS
  • recall how overflow attacks work
  • recognize how HSMs are used for encryption offloading and the storage of cryptographic secrets
  • recognize how malicious users use a variety of password attacks to compromise user accounts
  • recognize how SEDs provide protection for data at rest
  • recognize the benefits of VDI
  • use John the Ripper to crack user passwords
  • use Kali Linux to execute an ARP poisoning MiTM attack
  • use the BeEF tool to hack a web browser
  • use the hydra tool to brute force a Windows RDP connection
  • use the OWASP ZAP tool to test web application security
  • use the slowhttptest command to run a DoS attack against an HTTP web site