Skip survey header

CySA+ Practice Quiz: C00-003 Quiz 1

Enjoy the following 10 question quiz from TestOut.

1. A compliance team keeps a record of the time between issuing and applying a security patch. Which of the following would MOST likely be interested in analyzing this type of information on a regular basis?
2. As a security analyst for a U.S. federal agency, you have been asked by management to make sure that the company meets all requirements for FISMA (Federal Information Security Modernization Act) in a practical and applicable way for your organization.

At the moment, these requirements are not focused on personal data and privacy. Which of the following resources would MOST likely provide the guidance that you need to meet the FISMA regulations?
3. An HVAC company's cybersecurity department has discovered a critical security vulnerability in their host devices and has received a patch from the vendor.

What is the BEST way to ensure the cybersecurity department addresses and fixes the vulnerability?

4. A tire sales and servicing company has implemented a security patch to fix a known vulnerability in their ordering system on their web server. But shortly after implementation, the company receives calls from customers that the ordering system is no longer functioning as intended.

What is the BEST course of action?
5. A company implements a new security protocol that requires employees to use a two-factor authentication process to log into the system. However, one employee frequently forgets their password and shares it with colleagues.

Which type of threat does this employee pose to the company's cybersecurity?
6. A large company has just undergone a series of layoffs, and several employees have lost their jobs. One of the disgruntled laid-off employees feels the company treated those who were laid off unfairly.

Which threat is this disgruntled employee MOST likely to pose to the company's cybersecurity?
7. A security administrator is reviewing the latest vulnerability report for their organization and notices that several high-risk vulnerabilities are on the company's website. The administrator is to prioritize the vulnerabilities for remediation, but they are unsure which metric to use.

What metric could the administrator use to help prioritize the vulnerabilities for remediation?
8. A security engineer is looking to improve the security of their email system. The system has a built-in reporting mechanism showing what can improve overall security and rates the current setup.

What component of vulnerability reporting does this feature relate to?
9. A security analyst reviews logs from a compromised system and needs to extract relevant information efficiently and process large volumes of text data. Which programming language or technique is the BEST option for the analyst to use?
10. A security analyst is investigating a recent cyberattack on their organization's web applications. The investigation must assess the web application vulnerabilities while considering special considerations in vulnerability scanning.

Which framework should the analyst utilize to achieve this objective?
This free quiz was provided by:



 
0%