This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.
This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.
This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.
If you're considering taking the Cybersecurity Analyst+ exam, you
should have already taken and passed the CompTIA Security+ and Network+ exams and should have four years of experience in the field. You may also already hold other equivalent certifications. The following assessment test help to make sure that you have the knowledge that you should have before you tackle the Cybersecurity Analyst+ certification and will help you determine where you may want to spend the most time with this book.
1. After running an nmap scan of a system, you receive scan data
that indicates the following three ports are open: 22/TCP 443/TCP 1521/TCP What services commonly run on these ports? A. SMTP, NetBIOS, MySQL B. SSH, Microsoft DS, WINS C. SSH, HTTPS, Oracle D. FTP, HTTPS, MS-SQL
2. Which of the following tools is best suited to querying data
provided by organizations like the American Registry for Internet Numbers (ARIN) as part of a footprinting or reconnaissance exercise? A. nmap B. traceroute C. regmon D. whois 3. What type of system allows attackers to believe they have succeeded with their attack, thus providing defenders with information about their attack methods and tools? A. A honeypot B. A sinkhole C. A crackpot D. A darknet
4. What cybersecurity objective could be achieved by running your
organization's web servers in redundant, geographically separate datacenters? A. Confidentiality B. Integrity C. Immutability D. Availability
5. Which of the following vulnerability scanning methods will
provide the most accurate detail during a scan? A. Black box B. Authenticated C. Internal view D. External view
6. Security researchers recently discovered a flaw in the Chakra
JavaScript scripting engine in Microsoft's Edge browser that could allow remote execution or denial of service via a specifically crafted website. The CVSS 3.0 score for this vulnerability reads CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H What is the attack vector and the impact to integrity based on this rating? A. System, 9, 8 B. Browser, High C. Network, High D. None, High 7. Alice is a security engineer tasked with performing vulnerability scans for her organization. She encounters a false positive error in one of her scans. What should she do about this? A. Verify that it is a false positive, and then document the exception. B. Implement a workaround. C. Update the vulnerability scanner. D. Use an authenticated scan, and then document the vulnerability.
8. Which phase of the incident response process is most likely to
include gathering additional evidence such as information that would support legal action? A. Preparation B. Detection and Analysis C. Containment, Eradication, and Recovery D. Postincident Activity and Reporting
9. Which of the following descriptions explains an integrity loss?
A. Systems were taken offline, resulting in a loss of business income. B. Sensitive or proprietary information was changed or deleted. C. Protected information was accessed or exfiltrated. D. Sensitive personally identifiable information was accessed or exfiltrated.
10. Which of the following techniques is an example of active
monitoring? A. Ping B. RMON C. NetFlows D. A network tap 11. Abdul's monitoring detects regular traffic sent from a system that is suspected to be compromised and participating in a botnet to a set of remote IP addresses. What is this called? A. Anomalous pings B. Probing C. Zombie chatter D. Beaconing
12. Which of the following tools is not useful for monitoring
memory usage in Linux? A. df B. top C. ps D. free
13. Which of the following tools cannot be used to make a forensic
disk image? A. xcopy B. FTK C. dd D. EnCase
14. During a forensic investigation, Maria is told to look for
information in slack space on the drive. Where should she look, and what is she likely to find? A. She should look at unallocated space, and she is likely to find file fragments from deleted files. B. She should look at unused space where files were deleted, and she is likely to find complete files hidden there by the individual being investigated. C. She should look in the space reserved on the drive for spare blocks, and she is likely to find complete files duplicated there. D. She should look at unused space left when a file is written, and she is likely to find file fragments from deleted files. 15. What type of system is used to contain an attacker to allow them to be monitored? A. A white box B. A sandbox C. A network jail D. A VLAN
16. Oscar's manager has asked him to ensure that a compromised
system has been completely purged of the compromise. What is Oscar's best course of action? A. Use an antivirus tool to remove any associated malware B. Use an antimalware tool to completely scan and clean the system C. Wipe and rebuild the system D. Restore a recent backup
17. What level of secure media disposition as defined by NIST SP
800-88 is best suited to a hard drive from a high-security system that will be reused in the same company by an employee of a different level or job type? A. Clear B. Purge C. Destroy D. Reinstall
18. Which of the following actions is not a common activity during
the recovery phase of an incident response process? A. Reviewing accounts and adding new privileges B. Validating that only authorized user accounts are on the systems C. Verifying that all systems are logging properly D. Performing vulnerability scans of all systems
19. A statement like “Windows workstations must have the current
security configuration template applied to them before being deployed” is most likely to be part of which document? A. Policies B. Standards C. Procedures D. Guidelines
20. Jamal is concerned with complying with the U.S. federal law covering student educational records. Which of the following laws is he attempting to comply with? A. HIPAA B. GLBA C. SOX D. FERPA
21. A fire suppression system is an example of what type of control?
A. Logical B. Physical C. Administrative D. Operational
22. Suki is concerned that a user might abuse their privileges to
create a new vendor in the accounting system and then issue that vendor a check. What security control would best protect against this risk? A. Dual control B. Separation of duties C. Background checks D. Cross training
23. Joe wants to implement an authentication protocol that is well
suited to untrusted networks. Which of the following options is best suited to his needs in its default state? A. Kerberos B. RADIUS C. LDAP D. TACACS+
24. Which software development life cycle model uses linear
development concepts in an iterative, four-phase process? A. Waterfall B. Agile C. RAD D. Spiral