Over the past few months, we have had 25 questions based on each of the first three domains associated with CompTIA’s CySA+ (Cybersecurity analyst) certification exam.  This exam, number CS0-001, consists of 85 questions and must be completed in a 165-minute window.

What follows is a self-test of 25 questions all based on the last of the CySA+ domains, Security Architecture and Tool Sets. The answers appear at the end of the questions. In all cases, pick the best answer(s) to each question. Good luck!

1. Which of the following regulatory compliance acts was superseded by the Federal Information Security Management Act in 2002?
A. Computer Security Acts of 1987
B. Economic Espionage Act of 1996
C. USA PATRIOT ACT of 2001
D. Federal Intelligence Surveillance Acts of 1978

2. Which NIST framework divides controls in three classes: Management, Operational, and Technical?
A. 800-86
B. 800-41
C. 800-171
D. 800-53

3. Which ISO standard provides best practice recommendations on information security controls?
A. 27001
B. 27002
C. 27011
D. 27031

4. Which of the following is NOT one of the six layers in the SABSA framework?
A. Operational
B. Component
C. Tangible
D. Conceptual
E. Contextual
F. Physical

5. Which of the following hashes are used by Windows Server and known to be susceptible to a “pass the hash” attack?
A. SAM
B. NTLM
C. MS-CRAM
D. SCRAM

6. An Acceptable Use Policy (AUP) would be classified as which of the following types of controls?
A. Corrective
B. Detective
C. Deterrent
D. Directive

7. Which acronym is commonly used with remediation plans?
A. RADIUS (reduce exposure, archive findings, deduct problems, indicate changes, utilize assistance, solve problems)
B. ABC (always be correcting)
C. SMART (specific, measurable, achievable, realistic, time-based)
D. AIDA (attention, interest, desire, action)

8. Which type of SOC (Service Organization Control) report focuses on controls at the organization that would be useful to user entities and their auditors?
A. SOC 0
B. SOC 1
C. SOC 2
D. SOC 3

9. Which of the following is NOT a common example of a directory service in terms of identity management?
A. DNS
B. LDAP
C. Active Directory
D. SAM

10. With syslog, which severity level is associated with critical conditions?
A. 0
B. 2
C. 4
D. 6

11. Which of the following involves an approach to security in which a single hardware- or software-installation provides multiple security function?
A. UTM
B. HIDS
C. OWASP
D. SANS

12. A Nondisclosure Agreement (NDA) would be classified as which of the following types of controls?
A. Corrective
B. Detective
C. Deterrent
D. Directive

13. Which ISO standard provides guidelines focused on technology readiness for business continuity?
A. 27006
B. 27015
C. 27017
D. 27031

14. While some Linux-based systems store passwords in the /etc/passwd file, it is recommended that they instead be stored in which file?
A. /etc/root
B. /etc/encrypt
C. /etc/shadow
D. /etc/groups

15. Which of the following standards is LDAP based on?
A. X.500
B. SSL
C. TLS
D. TACACS+

Please visit GoCertify to attempt the remaining 10 questions of this quiz.

ANSWERS

1. A
2. D
3. B
4. C
5. B
6. D
7. C
8. B
9. D
10. B
11. A
12. C
13. D
14. C
15. A