Cyber security Analyst Quiz FedVTE 40 Questions with Verified Answers
Which of the following is a common environmental reconnaissance task that is
... [Show More] performed to help gain insight on how an organization's networked systems are connected, or mapping the network? - CORRECT ANSWER Topology Discovery
If an unexpected issue occurred during an application installation on a Windows system, which of the following event log categories would be best to reference for troubleshooting? - CORRECT ANSWER Not System or Security. Maybe Setup
The federal version of certification and accreditation guidance that applies to departments and agencies within the Department of Defense is: - CORRECT ANSWER DIACAP
Which security mechanism can social engineering help bypass? - CORRECT ANSWER A. Intrusion Detection Systems
B. Firewalls
C. Domain Security Policies (No)
D. All of the Above
E. None of the Above
Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion? - CORRECT ANSWER Active
Which of the following is a potential consequence of not limiting or protecting communications during an incident? - CORRECT ANSWER All of the Above (Customer confidence may be negatively impacted, Competitors may recognize weakness or advantage, Media may include information not intended for release)
Which one of the following can be managed through group policies (GPO)? - CORRECT ANSWER All the Above (Authentication settings, Software installation and update, IPsec connections)
What is used to record the order in which evidence was handled, by whom, and the nature of the evidence handling? - CORRECT ANSWER Chain of custody
The procedure of developing controls as vulnerabilities are discovered to keep them from being exploited is known as: - CORRECT ANSWER A. Change Control Management
B. Compensating Control Development
C. Vulnerability Control Patch
D. Remediation Control Development (No)
Which of the following are Windows event severity levels: - CORRECT ANSWER error, warning, information
Which of the following intrusion detection systems uses statistical analysis to detect intrusions? - CORRECT ANSWER Anomaly
Which one of the following is a use for Network Flow Data? - CORRECT ANSWER All of the Above (Attack identification and attribution such as DoS detection, Traffic engineering such as a host analysis, Accounting to cross verify other sources)
Which of the following is an attacker most likely to use to attempt to view packets containing data in clear text? - CORRECT ANSWER Wireshark
Packets from a computer outside the network are being dropped on the way to a computer inside the network. Which of the following would be MOST useful to determine the cause of this? - CORRECT ANSWER Firewall log
Using the Common Vulnerability Scoring System, CVSS, which of the following indicators would be the most critical or severe finding? - CORRECT ANSWER 10
Which of the following is used for moving traffic within individual VLANs? - CORRECT ANSWER VLAN Access Maps
The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs? - CORRECT ANSWER DHCP logs
Which type of analysis method combines machine learning algorithms and statistical analyses to identify deviations from normal baseline user, system, or network activities? - CORRECT ANSWER User and Entity Behavior Analytics
A high tolerance for risk requires higher, more frequent, vulnerability scanning. - CORRECT ANSWER False
At what layer of the TCP/IP model do devices such as ATM, switches, and bridges operate, as well as protocols PPP and ARP? - CORRECT ANSWER Data-link
Which of the following describes when the claimed identity of a user is validated? - CORRECT ANSWER Authentication
Which of the following is an example of the security mitigation technique of changing roles every couple of months? - CORRECT ANSWER Job rotation
Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the OSI model? - CORRECT ANSWER Application
Which of the following are the six steps of an incident response plan?
A. Detect, Respond, Report, Recover, Remediate, Review
B. Discover, Review, Respond, Recover, Rectify, Report
C. Detect, Respond, Remediate, Recover, Review, Report
D. Detect, Respond, Report, Recover, Remediate, Review - CORRECT ANSWER Not A or C
The Open Web Application Security Project publishes the OWASP Top 10, which summarizes feedback from the community in order to compile the Top 10 application vulnerabilities, including the associated risks, impacts, and mitigations for each. What is the main reason a developer wouldn't solely rely on this guidance? - CORRECT ANSWER An organization's prioritized threat may not be withing the top 10
When the number of virtual machines on a network reaches a point where it's too much for an administrator to effectively manage, is known as:
A. VM Sprawl
B. VM Escape
C. VM Gorge
D. VM Discourse - CORRECT ANSWER VM Sprawl
Which of the following define requirements to support a policy?
A. Procedures
B. Standards
C. Guidance
D. Practices - CORRECT ANSWER Standards
Ideally, a forensics workstation:
A. is isolated to prevent contaminating
B. has support for removable storage devices
C. is not used for day-to-day operations
D. All of the above
E. None of the above - CORRECT ANSWER All of the Above
Network flows are difficult to track large amounts of traffic with and cannot view a consolidated picture of what is happening on your network.
A. True
B. False - CORRECT ANSWER False
Which of the following is NOT a best practice for securing wireless environments?
A. Broadcasting the access point SSID using proper network name only
B. Using protocols such as WPA2 or WPA3 to authenticate users
C. Implementing 802.1x port security
D. Managing access by device MAC address - CORRECT ANSWER Broadcasting the access point SSID using proper network name only
Which of the following scan types allows executable operations on a host, and generally takes longer to run?
A. Agent scan
B. Non-credentialed scan
C. Credentialed scan
D. Domain host scan - CORRECT ANSWER Credentialed scan
The amount of risk that an organization can accept and still achieve business objectives is its:
A. Risk appetite
B. Risk deterrence
C. Risk avoidance
D. Risk indicator - CORRECT ANSWER Risk appetite
Which of the activity would NOT be considered passive footprinting?
A. Scan the range of IP addresses found in the target's DNS database
B. Look through the trash to find out any information that might have been discarded
C. Perform multiple searches through a search engine
D. Search on a financial site such as Yahoo Financial - CORRECT ANSWER Not A
When implementing a vulnerability management process, which of the following is the logical order of activities?
A. Establish scan frequency, configure scan tools, remediation, requirements identification
B. Requirements identification, configure scan tools, establish scan frequency, remediation
C. Establish scan frequency, requirements identification, configure scan tools, remediation
D. Requirements identification, establish scan frequency, configure scan tools, remediation - CORRECT ANSWER Requirements identification, establish scan frequency, configure scan tools, remediation
The requirements identified for a vulnerability management process many times drive the vulnerability scanning frequency.
A. True
B. False - CORRECT ANSWER True
Which of the following vulnerability scan methods uses push technology and is dependent on network connectivity?
A. Credential
B. Server-based
C. Agent-based
D. Discover - CORRECT ANSWER Server-based
To test and confirm security settings and configurations in a networked environment, and find any further vulnerabilities and details on how they may be leveraged in an attack, which of the following cyber tool types would be most useful?
A. Discovery
B. Exploit
C. Forensic
D. Recovery - CORRECT ANSWER Exploit
Tools like Encase and FTK can be used for imaging, mounting, and analyzing hard drives. What category of cyber tools would they be considered?
A. Exploit
B. Forensic
C. Backup
D. Recovery - CORRECT ANSWER Forensic
Which of the following would NOT typically be part of an incident response plan?
A. Outline restoration of normal operations
B. Determine party at fault for the adverse event
C. Describe fast and efficient responses
D. Strategies to limit damage to an acceptable level - CORRECT ANSWER Not D [Show Less]