Last week, we had 25 questions based on the first of the four objectives associated with CompTIA’s CySA+ (Cybersecurity analyst) certification exam — formerly known as CSA+.

This exam, number CS0-001, consists of 85 questions and what follows is a self-test of 25 questions all based on the second of those domains: Vulnerability Management. In July, we’ll have another set of questions on the third domain: Cyber Incident Response.

The answers appear at the end of the questions. In all cases, pick the best answer(s) to each question. Good luck!

1. Which of the following regulations affects the accounting methods and financial reporting requirements for any publicly traded U.S. organization?
A. Gramm-Leach-Biley
B. HIPAA
C. Sarbanes-Oxley
D. FERPA

2. Which data classification level is appropriate for data that could lessen a company’s competitive advantage?
A. Public
B. Proprietary
C. Private
D. Confidential

3. Which type of scan is performed by someone with administrative rights to the target server?
A. Critical
B. Credentialed
C. Unfettered
D. Unrestrained

4. Which of the following types of vulnerability scans utilizes pull-based technology?
A. Agent-based
B. Server-based
C. Host-based
D. Free-based

5. Which of the following government/military classifications would be appropriate for any patents a particular agency may own?
A. Top secret
B. Secret
C. Confidential
D. Sensitive
E. Unclassified

6. Which of the following is a method for using standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization?
A. SPWL
B. VMES
C. MOUS
D. SCAP

7. A recent scan shows there is a vulnerability on your server which does not really exist. What is this known as?
A. False negative
B. False positive
C. Errors of the third kind
D. Screamers

8. A company you depend on for a plug-in to your database has left a backdoor in their code allowing them to edit code, as needed, without going through typical authentication steps. What category of vulnerability does this qualify as?
A. SSO
B. Weak link
C. Trojan horse
D. maintenance hook

9. Working with SCAP, you discover that a particular vulnerability on your network has been ranked 8.7 on the CVSS scale. What rank is associated with this score?
A. Low
B. Medium
C. High
D. Critical

10. What type of exploit occurs when an attacker injects malicious code into a web application?
A. XSS
B. SIEM
C. CSRF
D. X-FRAME

11. Which of the following regulations provides guidelines for securing financial information (and prohibits sharing with third parties) for U.S. organizations?
A. Gramm-Leach-Biley
B. HIPAA
C. Sarbanes-Oxley
D. FERPA

12. What type of exploit places a transparent image over all, or a portion of, a webpage and activates when the user clicks?
A. Baiting
B. Click-jacking
C. Pharming
D. Drive-by

13. Which of the following is a code injection exploit used to attack data-driven applications by inserting database commands into an entry field for execution?
A. Screen Scraping
B. SQL Injection
C. RASP
D. XSS/TABLE

14. Which data classification level is appropriate for data that could damage a company if exposed to those outside the company?
A. Public
B. Proprietary
C. Private
D. Confidential

15. Which of the following is NOT a common component of SCADA?
A. Sensors
B. Remote Terminal Units
C. Packet Agents
D. Programmable Logic Controllers
E. Telemetry Systems
F. Human Interface

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

1. C
2. B
3. B
4. A
5. C
6. D
7. B
8. D
9. C
10. A
11. A
12. B
13. B
14. D
15. C