Automation, Scripting, and System Hardening Flashcards
CompTIA CySA+ CS0-003 (V3) Flashcards
| Front | Back |
| How does scripting support incident response? | It automates data collection for faster analysis |
| How does version control improve security scripting? | By tracking changes and enabling audit trails |
| Name a static analysis tool for shell scripts. | shellcheck |
| What does patch management prevent? | Exploitation of known vulnerabilities |
| What does SELinux stand for? | Security-Enhanced Linux |
| What does SSH hardening entail? | Strengthening SSH configurations to prevent unauthorized access |
| What file permissions should /etc/shadow have? | Read and write by root only (400 or 600) |
| What is a CI/CD pipeline? | An automated workflow for building, testing, and deploying code |
| What is a common method for hardening remote access? | Limiting open ports and using secure tunnels |
| What is a security playbook? | A predefined set of automated steps for incident response |
| What is idempotence in configuration management? | Ensuring repeated runs yield the same system state |
| What is immutable infrastructure? | Replacing servers rather than modifying them |
| What is system hardening? | The process of minimizing a system's vulnerabilities |
| What is the benefit of infrastructure as code? | It ensures repeatable secure deployments |
| What is the principle of least privilege? | Assigning users only the permissions they need |
| What is the purpose of a bastion host? | To act as a secure gateway to internal systems |
| What is the purpose of security automation? | It reduces manual effort and speeds up tasks |
| Which Python library is commonly used for AWS automation? | boto3 |
| Which scripting language is commonly used for security automation? | Python |
| Which tool automates system configuration hardening? | Ansible |
| Why are configuration baselines important? | They help maintain consistent security settings |
| Why is logging essential in system hardening? | It provides visibility for detecting anomalies |
About the Flashcards
Flashcards for the CompTIA CySA+ exam guide you through essential security automation practices, from Python-driven scripting and Ansible playbooks to infrastructure as code techniques that deliver repeatable, hardened builds. Each card distills complex ideas-idempotent configuration management, immutable infrastructure, and secure CI/CD pipelines-into quick-reference facts that mirror real exam tasks.
The deck also sharpens your grasp of operational safeguards such as patch management, logging, and the principle of least privilege. By actively recalling definitions and use-case details, you'll be prepared to tighten SSH settings, deploy bastion hosts, and automate incident response with confidence under exam conditions.
Topics covered in this flashcard deck:
- Security automation & playbooks
- System hardening techniques
- Scripting languages & tools
- Infrastructure as Code & CI/CD
- Access control & least privilege
- Patch and log management