Over the last two months, we first had 25 questions based on the first of the four objectives associated with CompTIA’s CySA+ (Cybersecurity Analyst) certification exam, and then 25 questions based on the second.  As noted before, the CySA+ exam, number CS0-001, consists of 85 questions covering four subject areas, or domains.

What follows is a self-test of 25 questions all based on the third of those domains, Cyber Incident Response. We’ll close out the series next month with another set of questions on the final domain, Security Architecture and Tool Sets. The answers appear at the end of the questions.

In all cases, pick the best answer(s) to each question. Good luck!

1. Which of the following is a set of continuous computer hacking processes targeting a specific entity?
A. Zero day
B. Advanced persistent threat
C. Kill chain
D. Shady RAT

2. A security audit shows a regular interval in which data from a particular host is leaving the network. What might this be a symptom of?
A. Diffusion
B. Broadcasting
C. Beaconing
D. Propagation

3. Which of the following could be an indication that a workstation is unwittingly participating in a DDoS attack (choose the best answer)?
A. Network traffic is unusually high
B. Memory consumption is unusually high
C. Processor consumption is unusually high
D. Hard drive usage is unusually high

4. You suspect a particular workstation on the network has been remotely accessed by unauthorized users and immediately take actions to block traffic to and from the host. What is this action known as?
A. Reverse engineering
B. Removal
C. Segmentation
D. Isolation

5. At which of the following rings does a kernel debugger operate?
A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 1+0

6. Which of the following is an exploit that is unknown to those who would be interested in mitigating the vulnerability?
A. Zero day
B. Worm
C. Vault 0
D. Bug bounty

7. What type of device could collect information and transmit it to a miscreant via Bluetooth?
A. Ping sweeper
B. Rogue switch
C. Rogue access point
D. Wireless key logger

8. Which of the following Windows-based tools can be used to look for a CPU-related bottleneck?
A. Task Manager
B. IOStat
C. VMtat
D. MPStat

9. In which of the following do you leverage existing network barriers to contain the spread of a suspected infection?
A. Reverse engineering
B. Removal
C. Segmentation
D. Isolation

10. Which of the following data erasure techniques makes the data unavailable/unrecoverable even with advanced forensic techniques?
A. Scanning
B. Clearing
C. Purging
D. Slicing

11. Which of the following does NIST define as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information”?
A. PHI
B. PII
C. PCI
D. DSS

12. Which of the following uses ICMP to identify all running host on a network?
A. Ping sweep
B. Port scan
C. Holler back
D. Listening bus

13. Which of the following is the term for the theft of data from a device?
A. Appropriation
B. Pilfering
C. Covfefe
D. Exfiltration

14. In which of the following containment methods do you simply shut down a workstation if you suspect it has been remotely accessed by unauthorized users and possibly corrupted?
A. Reverse engineering
B. Removal
C. Segmentation
D. Isolation

15. You have been asked to get rid of some old hard drives and want to make sure the data on them cannot be recovered. Which of the following includes overwriting the drives multiple times before disposing of them?
A. Sanitization
B. Sterilizing
C. Disinfecting
D. Distilling

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

1. B
2. C
3. A
4. D
5. A
6. B
7. D
8. A
9. C
10. C
11. B
12. A
13. D
14. B
15. A