FedVTE Cybersecurity Analyst-
Questions and Answers (Grade+)
Any changes in behavior or deviation from baselines that result in an alert is an activity
that's part of:—ANSWER--Continuous monitoring
Because virtual machines run separately from the physical host operating system, and they
are commonly leveraged for sandbox testing, security measures such as disabling
unnecessary services, and applying updates, are not applicable.—ANSWER--False
Which of the following is NOT a best practice for securing wireless environments?—
ANSWER--Broadcasting the access point SSID using proper network name only
Which of the following is an example of restricting access to files based on the identity of the
user or group?—ANSWER--Discretionary Access Control
Which of the following is a common environmental reconnaissance task that is performed to
help gain insight on how an organization's networked systems are connected, or mapping
the network?—ANSWER--Topology discovery
For most efficient logging activities and analysis, it is a best practice to only log and monitor
incoming firewall traffic.—ANSWER--False
Social engineering attacks attempt to convince a person to unwittingly take some action
which will help an attacker.—ANSWER--True
, If you were setting up an IDS with the desire to detect exploits for unknown or unreleased
vulnerabilities which type of IDS would you use?—ANSWER--Anomaly detection
The 20 critical security controls developed by the Center for Internet Security, also known as
the SANS Top 20, are constructed using a combination of information learned from:—
ANSWER--Known attacks, effective defenses, industry experts
Which of the following vulnerability scan methods uses push technology and is dependent
on network connectivity?—ANSWER--Server-based
The federal version of certification and accreditation guidance that applies to departments
and agencies within the Department of Defense is:—ANSWER--DIACAP
Which of the following assessment types is performed with the penetration testers having
zero insight into the target organization's network topology, and the organization's security
team is unaware a penetration test is occurring?—ANSWER--Black box
The Open Web Application Security Project publishes the OWASP Top 10, which summarizes
feedback from the community in order to compile the Top 10 application vulnerabilities,
including the associated risks, impacts, and mitigations for each. What is the main reason a
developer wouldn't solely rely on this guidance?—ANSWER--An organization's prioritized
threat may not be within the top 10
Which security mechanism can social engineering help bypass?—ANSWER--All of the above
Which of the following is a potential consequence of not limiting or protecting
communications during an incident?—ANSWER--All of the above
© 2026 Copyright. All Rights Reserved. This document is
protected by copyright law, Copyrighted By Brittie Donald
Questions and Answers (Grade+)
Any changes in behavior or deviation from baselines that result in an alert is an activity
that's part of:—ANSWER--Continuous monitoring
Because virtual machines run separately from the physical host operating system, and they
are commonly leveraged for sandbox testing, security measures such as disabling
unnecessary services, and applying updates, are not applicable.—ANSWER--False
Which of the following is NOT a best practice for securing wireless environments?—
ANSWER--Broadcasting the access point SSID using proper network name only
Which of the following is an example of restricting access to files based on the identity of the
user or group?—ANSWER--Discretionary Access Control
Which of the following is a common environmental reconnaissance task that is performed to
help gain insight on how an organization's networked systems are connected, or mapping
the network?—ANSWER--Topology discovery
For most efficient logging activities and analysis, it is a best practice to only log and monitor
incoming firewall traffic.—ANSWER--False
Social engineering attacks attempt to convince a person to unwittingly take some action
which will help an attacker.—ANSWER--True
, If you were setting up an IDS with the desire to detect exploits for unknown or unreleased
vulnerabilities which type of IDS would you use?—ANSWER--Anomaly detection
The 20 critical security controls developed by the Center for Internet Security, also known as
the SANS Top 20, are constructed using a combination of information learned from:—
ANSWER--Known attacks, effective defenses, industry experts
Which of the following vulnerability scan methods uses push technology and is dependent
on network connectivity?—ANSWER--Server-based
The federal version of certification and accreditation guidance that applies to departments
and agencies within the Department of Defense is:—ANSWER--DIACAP
Which of the following assessment types is performed with the penetration testers having
zero insight into the target organization's network topology, and the organization's security
team is unaware a penetration test is occurring?—ANSWER--Black box
The Open Web Application Security Project publishes the OWASP Top 10, which summarizes
feedback from the community in order to compile the Top 10 application vulnerabilities,
including the associated risks, impacts, and mitigations for each. What is the main reason a
developer wouldn't solely rely on this guidance?—ANSWER--An organization's prioritized
threat may not be within the top 10
Which security mechanism can social engineering help bypass?—ANSWER--All of the above
Which of the following is a potential consequence of not limiting or protecting
communications during an incident?—ANSWER--All of the above
© 2026 Copyright. All Rights Reserved. This document is
protected by copyright law, Copyrighted By Brittie Donald