CVA Cheat Sheet 2026
The 30 highest-yield CVA facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
120 min time limit
70.00% to pass
- Which tool is specifically designed to perform automated scanning of web application vulnerabilities including SQLi, XSS, and LFI? → Nikto
- Which tool is commonly used during wireless assessments to capture WPA/WPA2 handshakes for offline password cracking? → Aircrack-ng suite (airodump-ng)
- Which tool is commonly used for network vulnerability scanning? → Nessus
- What can an open port on a network indicate? → Potential security risk
- Which method identifies vulnerabilities without disrupting services? → Non-intrusive scanning
- What is a risk mitigation strategy? → Take steps to reduce risks
- Which compliance regulation protects consumer financial information? → GLBA
- Which burp suite feature is most useful for identifying hidden parameters and endpoints during a web application assessment? → Burp Crawl and Audit (Scanner)
- What is patch management's role in vulnerability assessment? → Fix vulnerabilities by applying software updates
- Which attack exploits the multi-tenancy nature of cloud platforms to infer information about other tenants through shared hardware resources? → Side-channel attack (e.g., Spectre/Meltdown)
- What is the primary purpose of Address Space Layout Randomization (ASLR)? → To randomize memory addresses of key data areas, making exploitation harder
- What is the purpose of Windows User Account Control (UAC)? → To require explicit elevation approval before allowing administrative actions
- What is privilege escalation in the context of operating system security? → Gaining higher-level permissions than originally granted to a user or process
- Which factor is critical for evaluating risk impact? → Potential damage to assets
- What is network sniffing? → Capturing and analyzing network traffic
- What is the purpose of network segmentation? → Enhance security by isolating segments
- What helps prioritize risks during analysis? → Risk matrixes
- What is the first phase in a vulnerability assessment process? → Planning and scoping
- Which vulnerability can arise from outdated firmware? → Exploitable vulnerabilities
- What is a key attribute of an effective security report? → Clear and understandable language
- What is the role of a firewall in network infrastructure? → Block unauthorized access while permitting legitimate communication
- Which physical security control is specifically designed to prevent tailgating by allowing only one person to enter per authentication event? → Mantrap (airlock)
- Which attack involves sending fraudulent text messages to trick recipients into clicking malicious links or providing sensitive information? → Smishing
- What is a common weakness found in wireless networks? → Weak or default passwords
- What does DLL injection involve in the context of Windows host-based attacks? → Forcing a running process to load a malicious dynamic link library into its address space
- What is the Windows Security Accounts Manager (SAM) database used for? → Storing local user account credentials and password hashes
- What does kernel exploitation typically aim to achieve? → Obtaining ring-0 (kernel-level) privileges to fully control the operating system
- What does 'container image scanning' accomplish in a cloud security assessment? → Identifies known CVEs and misconfigurations within container images before deployment
- What defines a zero-day vulnerability from a host security assessment perspective? → A previously unknown flaw with no available patch at the time of discovery or exploitation
- Which physical access control provides the strongest resistance to unauthorized entry for a high-security server room? → Multi-factor physical authentication combining biometrics, PIN, and access card
Turn these facts into recall: