Cybersecurity Analyst
Practice Test questions and
answers
Question 1 of 40
Which of the following scan types allows executable operations on a host,
and generally takes longer to run?
A. Agent scan
B. Non-credentialed scan
C. Credentialed scan
D. Domain host scan
C. Credentialed scan
Question 2 of 40
When a device is received for data examination or evidence extraction,
which of the following should occur first?
A. Connect with a tool like Cellebrite to bypass any locking mechanism
B. Create an exact bit-level image of the device or drive
C. Use a tool like ElcomSoft to ensure data is decrypted
D. View device logs or registry to confirm evidentiary data is present
B. Create an exact bit-level image of the device or drive
Which of the following are Windows event severity levels:
A. urgent, caution, notification
B. error, caution, information
C. urgent, warning, notification
D. error, warning, information
D. error, warning, information
The four phases of the NIACAP accreditation process are:
A. Requirements, Validation, Confirmation, Accreditation
B. Definition, Verification, Validation, Post Accreditation
C. Requirements, Verification, Accreditation, Post Accreditation
D. Definition, Accreditation, Validation, Post Accreditation
B. Definition, Verification, Validation, Post Accreditation
If you were setting up an IDS with the desire to detect exploits for
unknown or unreleased vulnerabilities which type of IDS would you use?
A. Anomaly detection
B. Signature detection
, C. Either would detect
D. Neither would detect
A. Anomaly detection
Which of the following assessment types is performed with the
penetration testers having zero insight into the target organization's
network topology, and the organization's security team is unaware a
penetration test is occurring?
A. Black box
B. White box
C. Grey box
D. Blue box
A. Black box
The procedure of developing controls as vulnerabilities are discovered to
keep them from being exploited is known as:
A. Change Control Management
B. Compensating Control Development
C. Vulnerability Control Patch
D. Remediation Control Development
B. Compensating Control Development
Which of the following is used for moving traffic within individual VLANs?
A. VLAN Global Positioning system
B. VLAN Access Maps
C. VLAN Operating Procedures
D. VLAN Openview
B. VLAN Access Maps
Which of the following is a protocol used to collect and send logs from
network devices to a centralized location?
A. Syslog
B. HTTPS
C. Daemon
D. Snort
A. Syslog
An NIACAP evaluation of systems or applications measuring specific tasks
or activities at a specific location is a:
A. type accreditation
B. operations accreditation
C. environmental accreditation
D. site accreditation
D. site accreditation
Practice Test questions and
answers
Question 1 of 40
Which of the following scan types allows executable operations on a host,
and generally takes longer to run?
A. Agent scan
B. Non-credentialed scan
C. Credentialed scan
D. Domain host scan
C. Credentialed scan
Question 2 of 40
When a device is received for data examination or evidence extraction,
which of the following should occur first?
A. Connect with a tool like Cellebrite to bypass any locking mechanism
B. Create an exact bit-level image of the device or drive
C. Use a tool like ElcomSoft to ensure data is decrypted
D. View device logs or registry to confirm evidentiary data is present
B. Create an exact bit-level image of the device or drive
Which of the following are Windows event severity levels:
A. urgent, caution, notification
B. error, caution, information
C. urgent, warning, notification
D. error, warning, information
D. error, warning, information
The four phases of the NIACAP accreditation process are:
A. Requirements, Validation, Confirmation, Accreditation
B. Definition, Verification, Validation, Post Accreditation
C. Requirements, Verification, Accreditation, Post Accreditation
D. Definition, Accreditation, Validation, Post Accreditation
B. Definition, Verification, Validation, Post Accreditation
If you were setting up an IDS with the desire to detect exploits for
unknown or unreleased vulnerabilities which type of IDS would you use?
A. Anomaly detection
B. Signature detection
, C. Either would detect
D. Neither would detect
A. Anomaly detection
Which of the following assessment types is performed with the
penetration testers having zero insight into the target organization's
network topology, and the organization's security team is unaware a
penetration test is occurring?
A. Black box
B. White box
C. Grey box
D. Blue box
A. Black box
The procedure of developing controls as vulnerabilities are discovered to
keep them from being exploited is known as:
A. Change Control Management
B. Compensating Control Development
C. Vulnerability Control Patch
D. Remediation Control Development
B. Compensating Control Development
Which of the following is used for moving traffic within individual VLANs?
A. VLAN Global Positioning system
B. VLAN Access Maps
C. VLAN Operating Procedures
D. VLAN Openview
B. VLAN Access Maps
Which of the following is a protocol used to collect and send logs from
network devices to a centralized location?
A. Syslog
B. HTTPS
C. Daemon
D. Snort
A. Syslog
An NIACAP evaluation of systems or applications measuring specific tasks
or activities at a specific location is a:
A. type accreditation
B. operations accreditation
C. environmental accreditation
D. site accreditation
D. site accreditation
