Scribd Logo
Upload

Welcome to Scribd!

  • Pre Assessment Test CySA+

    Uploaded by

    sergio aguero
    126 views7 pages
    This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    126 views7 pages

    Pre Assessment Test CySA+

    Uploaded by

    sergio aguero
    This document is an assessment test to help determine if a candidate has the necessary knowledge to take the Cybersecurity Analyst+ certification exam. It consists of 24 multiple choice questions covering topics like networking, security tools, vulnerability scanning, incident response, forensics, and security controls. Correct answers will help identify areas for the candidate to focus their studies from the certification guidebook.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Assessment Test

    If you're considering taking the Cybersecurity Analyst+ exam, you


    should have already taken and passed the CompTIA Security+ and
    Network+ exams and should have four years of experience in the
    field. You may also already hold other equivalent certifications. The
    following assessment test help to make sure that you have the
    knowledge that you should have before you tackle the Cybersecurity
    Analyst+ certification and will help you determine where you may
    want to spend the most time with this book.

    1. After running an nmap scan of a system, you receive scan data


    that indicates the following three ports are open:
    22/TCP
    443/TCP
    1521/TCP
    What services commonly run on these ports?
    A. SMTP, NetBIOS, MySQL
    B. SSH, Microsoft DS, WINS
    C. SSH, HTTPS, Oracle
    D. FTP, HTTPS, MS-SQL

    2. Which of the following tools is best suited to querying data


    provided by organizations like the American Registry for
    Internet Numbers (ARIN) as part of a footprinting or
    reconnaissance exercise?
    A. nmap
    B. traceroute
    C. regmon
    D. whois
    3. What type of system allows attackers to believe they have
    succeeded with their attack, thus providing defenders with
    information about their attack methods and tools?
    A. A honeypot
    B. A sinkhole
    C. A crackpot
    D. A darknet

    4. What cybersecurity objective could be achieved by running your


    organization's web servers in redundant, geographically
    separate datacenters?
    A. Confidentiality
    B. Integrity
    C. Immutability
    D. Availability

    5. Which of the following vulnerability scanning methods will


    provide the most accurate detail during a scan?
    A. Black box
    B. Authenticated
    C. Internal view
    D. External view

    6. Security researchers recently discovered a flaw in the Chakra


    JavaScript scripting engine in Microsoft's Edge browser that
    could allow remote execution or denial of service via a
    specifically crafted website. The CVSS 3.0 score for this
    vulnerability reads
    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
    What is the attack vector and the impact to integrity based on
    this rating?
    A. System, 9, 8
    B. Browser, High
    C. Network, High
    D. None, High
    7. Alice is a security engineer tasked with performing vulnerability
    scans for her organization. She encounters a false positive error
    in one of her scans. What should she do about this?
    A. Verify that it is a false positive, and then document the
    exception.
    B. Implement a workaround.
    C. Update the vulnerability scanner.
    D. Use an authenticated scan, and then document the
    vulnerability.

    8. Which phase of the incident response process is most likely to


    include gathering additional evidence such as information that
    would support legal action?
    A. Preparation
    B. Detection and Analysis
    C. Containment, Eradication, and Recovery
    D. Postincident Activity and Reporting

    9. Which of the following descriptions explains an integrity loss?


    A. Systems were taken offline, resulting in a loss of business
    income.
    B. Sensitive or proprietary information was changed or
    deleted.
    C. Protected information was accessed or exfiltrated.
    D. Sensitive personally identifiable information was accessed
    or exfiltrated.

    10. Which of the following techniques is an example of active


    monitoring?
    A. Ping
    B. RMON
    C. NetFlows
    D. A network tap
    11. Abdul's monitoring detects regular traffic sent from a system
    that is suspected to be compromised and participating in a
    botnet to a set of remote IP addresses. What is this called?
    A. Anomalous pings
    B. Probing
    C. Zombie chatter
    D. Beaconing

    12. Which of the following tools is not useful for monitoring


    memory usage in Linux?
    A. df
    B. top
    C. ps
    D. free

    13. Which of the following tools cannot be used to make a forensic


    disk image?
    A. xcopy
    B. FTK
    C. dd
    D. EnCase

    14. During a forensic investigation, Maria is told to look for


    information in slack space on the drive. Where should she look,
    and what is she likely to find?
    A. She should look at unallocated space, and she is likely to
    find file fragments from deleted files.
    B. She should look at unused space where files were deleted,
    and she is likely to find complete files hidden there by the
    individual being investigated.
    C. She should look in the space reserved on the drive for spare
    blocks, and she is likely to find complete files duplicated
    there.
    D. She should look at unused space left when a file is written,
    and she is likely to find file fragments from deleted files.
    15. What type of system is used to contain an attacker to allow them
    to be monitored?
    A. A white box
    B. A sandbox
    C. A network jail
    D. A VLAN

    16. Oscar's manager has asked him to ensure that a compromised


    system has been completely purged of the compromise. What is
    Oscar's best course of action?
    A. Use an antivirus tool to remove any associated malware
    B. Use an antimalware tool to completely scan and clean the
    system
    C. Wipe and rebuild the system
    D. Restore a recent backup

    17. What level of secure media disposition as defined by NIST SP


    800-88 is best suited to a hard drive from a high-security
    system that will be reused in the same company by an employee
    of a different level or job type?
    A. Clear
    B. Purge
    C. Destroy
    D. Reinstall

    18. Which of the following actions is not a common activity during


    the recovery phase of an incident response process?
    A. Reviewing accounts and adding new privileges
    B. Validating that only authorized user accounts are on the
    systems
    C. Verifying that all systems are logging properly
    D. Performing vulnerability scans of all systems

    19. A statement like “Windows workstations must have the current


    security configuration template applied to them before being
    deployed” is most likely to be part of which document?
    A. Policies
    B. Standards
    C. Procedures
    D. Guidelines

    20. Jamal is concerned with complying with the U.S. federal law
    covering student educational records. Which of the following
    laws is he attempting to comply with?
    A. HIPAA
    B. GLBA
    C. SOX
    D. FERPA

    21. A fire suppression system is an example of what type of control?


    A. Logical
    B. Physical
    C. Administrative
    D. Operational

    22. Suki is concerned that a user might abuse their privileges to


    create a new vendor in the accounting system and then issue
    that vendor a check. What security control would best protect
    against this risk?
    A. Dual control
    B. Separation of duties
    C. Background checks
    D. Cross training

    23. Joe wants to implement an authentication protocol that is well


    suited to untrusted networks. Which of the following options is
    best suited to his needs in its default state?
    A. Kerberos
    B. RADIUS
    C. LDAP
    D. TACACS+

    24. Which software development life cycle model uses linear


    development concepts in an iterative, four-phase process?
    A. Waterfall
    B. Agile
    C. RAD
    D. Spiral

    You might also like