Test your knowledge of CySA+ topics, Part 4
Posted on
August 16, 2018
by
CompTIA's new(ish) CySA+ credential can be your point of entry to a lucrative cybersecurity niche.

Over the past few months, we have had 25 questions based on each of the first three domains associated with CompTIA’s CySA+ (Cybersecurity analyst) certification exam.  This exam, number CS0-001, consists of 85 questions and must be completed in a 165-minute window.

What follows is a self-test of 25 questions all based on the last of the CySA+ domains, Security Architecture and Tool Sets. The answers appear at the end of the questions. In all cases, pick the best answer(s) to each question. Good luck!

1. Which of the following regulatory compliance acts was superseded by the Federal Information Security Management Act in 2002?
A. Computer Security Acts of 1987
B. Economic Espionage Act of 1996
C. USA PATRIOT ACT of 2001
D. Federal Intelligence Surveillance Acts of 1978

2. Which NIST framework divides controls in three classes: Management, Operational, and Technical?
A. 800-86
B. 800-41
C. 800-171
D. 800-53

3. Which ISO standard provides best practice recommendations on information security controls?
A. 27001
B. 27002
C. 27011
D. 27031

4. Which of the following is NOT one of the six layers in the SABSA framework?
A. Operational
B. Component
C. Tangible
D. Conceptual
E. Contextual
F. Physical

5. Which of the following hashes are used by Windows Server and known to be susceptible to a “pass the hash” attack?
A. SAM
B. NTLM
C. MS-CRAM
D. SCRAM

6. An Acceptable Use Policy (AUP) would be classified as which of the following types of controls?
A. Corrective
B. Detective
C. Deterrent
D. Directive

7. Which acronym is commonly used with remediation plans?
A. RADIUS (reduce exposure, archive findings, deduct problems, indicate changes, utilize assistance, solve problems)
B. ABC (always be correcting)
C. SMART (specific, measurable, achievable, realistic, time-based)
D. AIDA (attention, interest, desire, action)

8. Which type of SOC (Service Organization Control) report focuses on controls at the organization that would be useful to user entities and their auditors?
A. SOC 0
B. SOC 1
C. SOC 2
D. SOC 3

9. Which of the following is NOT a common example of a directory service in terms of identity management?
A. DNS
B. LDAP
C. Active Directory
D. SAM

10. With syslog, which severity level is associated with critical conditions?
A. 0
B. 2
C. 4
D. 6

11. Which of the following involves an approach to security in which a single hardware- or software-installation provides multiple security function?
A. UTM
B. HIDS
C. OWASP
D. SANS

12. A Nondisclosure Agreement (NDA) would be classified as which of the following types of controls?
A. Corrective
B. Detective
C. Deterrent
D. Directive

13. Which ISO standard provides guidelines focused on technology readiness for business continuity?
A. 27006
B. 27015
C. 27017
D. 27031

14. While some Linux-based systems store passwords in the /etc/passwd file, it is recommended that they instead be stored in which file?
A. /etc/root
B. /etc/encrypt
C. /etc/shadow
D. /etc/groups

15. Which of the following standards is LDAP based on?
A. X.500
B. SSL
C. TLS
D. TACACS+

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

1. A
2. D
3. B
4. C
5. B
6. D
7. C
8. B
9. D
10. B
11. A
12. C
13. D
14. C
15. A

About the Author

Emmett Dulaney is a professor at Anderson University and the author of several books including Linux All-in-One For Dummies and the CompTIA Network+ N10-008 Exam Cram, Seventh Edition.

Posted to topic:
Certification

Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)

CompTIA IT Project Management - Project+ - Advance Your IT Career by adding IT Project Manager to your resume - Learn More