Last month, we took a look at the objectives for CompTIA’s CySA+ (Cybersecurity Analyst) certification exam — formerly known as CSA+.  This exam, number CS0-001, consists of 85 questions and tests your knowledge of four domain areas.

What follows is a self-test of 25 questions all based on the first of those domains, Threat Management. Next week, we will have an additional set of questions covering the second domain, Vulnerability Management, with the remaining two domains to be addressed in July and August. The answers appear at the end of the questions.

In all cases, pick the best answer(s) to each question. Good luck!

1. Which of the following involves identifying the operating system running on a server, usually along with build number and other OS-related variables?
A. Host capture
B. Byte harvesting
C. Service discovery
D. OS fingerprinting

2. Karl is determined to find a way to gain access to the XYZ network. He begins his ill-intentioned quest by documenting everything posted on Facebook by known employees of the XYZ Company. He is looking for any clues these individuals may include in their postings that might indicate password values or network configuration. What are his actions known as?
A. Phishing
B. Social media profiling
C. Social engineering
D. Service review

3. Which of the following DNS record types map a single device to an IPv6 address?
A. AAAA
B. AAA
C. AA
D. A

4. Which of the following DNS record types are used for an IPv4 alias?
A. SOA
B. A
C. NS
D. CNAME

5. Which of the following types of encryption is WPA Enterprise?
A. AES
B. CCMP
C. TKIP
D. Blowfish

6. Which type of vulnerability can become possible when the number of virtual machines increases to a point where an administrator’s ability to properly administer them all is weakened?
A. VM sprawl
B. VM escape
C. VM mitigation
D. VM isolation

7. Which of the following is NOT one of the scan types used by Nmap to exploit weaknesses?
A. Null scan
B. Fin scan
C. Trace scan
D. Xmas scan

8. What type of server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded?
A. ACK
B. SYN
C. SOCKS
D. MBSA

9. Which of the following options can be used in Linux-based versions of netstat to view network interfaces and their related statistics?
A. -i
B. -e
C. -n
D. -P

10. Which of the following options can be used in Linux-based versions of netstat to view which processes are using which sockets?
A. -s
B. -o
C. -p
D. -S

11. Which two of the following are the primary types of signature-based Intrusion Detection Systems?
A. Anomaly based and pattern matching
B. Rule based and heuristic based
C. Anomaly based and heuristic based
D. Pattern matching and stateful matching

12. What command line utility was used to create the following output (portions of which have been obscured to prevent telegraphing the answer)?

A. traceroute
B. netstat
C. arp
D. nmap

13. NetfFlow technology can be used to collect and export IP traffic accounting information. Which company/organization developed this?
A. Cisco
B. Apache
C. Microsoft
D. IBM

14. Which of the following types of analysis is used to determine the susceptibility of a system to a particular threat using a weighting method?
A. Behavioral
B. Trend
C. Heuristic
D. Prospect

15. Which two ways of collecting logs from lot generators are supported by SIEM (security information and event management)?
A. Agent-based and agentless
B. Requested and required
C. Packet and protocol
D. Timed and desired

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

1. D
2. B
3. A
4. D
5. C
6. A
7. C
8. B
9. A
10. C
11. D
12. C
13. A
14. C
15. A