IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Annotator Professional Certificate Assessment Examination Quiz Answers

Warning: Jo Respond Greenish hai wo right hai but

Jo Green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Question 1)

Implementing a Security Awareness training program would be an instance of which type of control?

  • Administrative control

Question ii)

Putting locks on a door is an example of which type of command?

  • Preventative

Question three)

How would you classify a slice of malicious code that tin replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in bundle sniffing, yous must implement promiscuous mode on which device ?

  • A network carte du jour
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, only not practice much to assure confidentiality or availability.

  • Hashing

Question 6)

An organisation wants to restrict employee after-hours access to its systems then it publishes a policy forbidding employees to piece of work outside of their assigned hours, and so makes certain the office doors remain locked on weekends. What 2 (2) types of controls are they using? (Select 2)

  • Physical
  • Authoritative

Question seven)

Which two factors contribute to cryptographic force? (Select ii)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that take undergone public scrutiny

Question 8)

Trying to interruption an encryption key by trying every possible combination of characters is called what?

  • A brute forcefulness attack

Question nine)

Which of the following describes the core goals of IT security?

  • The Open up Web Application Security Project (OWASP) Framework
  • The Business Process Direction Framework
  • The CIA Triad

Question x)

Which three (3) roles are typically found in an Information Security system? (Select 3)

  • Vulnerability Assessor
  • Chief Information Security Officeholder (CISO)
  • Penetration Tester

Question 11)

Problem Management, Change Management, and Incident Direction are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the bulletin and then forwards information technology on
  • Trudy deletes the bulletin without forwarding it
  • Trudy reads the message
  • Trudy cannot read it because it is encrypted merely allows it to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined equally what?

  • Being able to map an activeness to an identity

Question 14)

Multifactor hallmark (MFA) requires more than one authentication method to exist used before identity is authenticated. Which three (3) are hallmark methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question xv)

Which three (3) of the following are Physical Admission Controls? (Select iii)

  • Door locks
  • Security guards
  • Fences

Question 16)

If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could yous select? (Select ii)

  • NTFS
  • FAT32

Question 17)

Which iii (3) permissions can be attack a file in Linux? (Select three)

  • write
  • execute
  • read

Question xviii)

If cost is the principal concern, which type of cloud should be considered first?

  • Public cloud

Question nineteen)

Consolidating and virtualizing workloads should be washed when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard set up by the credit bill of fare industry in the The states?

  • PCI-DSS

Question 21)

Which 2 (2) of the following set on types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non have a required patch installed, which statement best characterizes the actions information technology is able to take automatically?

  • The endpoint can be quarantined from all network resource except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how loftier up he is in an arrangement violates what basic security premise?

  • The principle of least privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the post-obit protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps assure the all-time results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and proceed them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Use of digital signatures

Question 28)

Which of the following practices volition assist clinch the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept cocky-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static one-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost just when they are needed
  • Allows internal IP addresses to be hidden from outside observers

Question 30)

Which statement best describes configuring a NAT router to employ static mapping?

  • The arrangement will demand as many registered IP addresses as it has computers that demand Internet admission

Question 31)

If a calculator needs to send a message to a system that is part of the local network, where does information technology ship the message?

  • To the system's MAC accost

Question 32)

Which are backdrop of a highly bachelor organization?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements well-nigh the UDP protocol are Truthful? (Select iii)

  • UDP is faster than TCP
  • UDP packets are reassembled past the receiving system in whatsoever order they are received
  • UDP is connectionless

Question 34)

What is one difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW empathise which application sent a given packet

Question 35)

You are concerned that your organization is actually non very experienced with securing data sources. Which hosting model would require y'all to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal twenty-four hour period shift from his company's headquarters in Austin, TX Usa. Which ii (2) of these activities heighten the most cause for concern? (Select 2)

  • Each night Hassan logs into his account from an ISP in Mainland china
  • Ane evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which 3 (iii) of the following are considered condom coding practices? (Select three)

  • Use library functions in place of Bone commands
  • Avert using OS commands whenever possible
  • Avert running commands through a shell interpreter

Question 38)

Which iii (3) items should be included in the Planning footstep of a penetration examination? (Select three)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest written report would cover the chance ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, blank removable media, package sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Post-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.

  • Fake

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic data? (Select iii)

  • Selecting the correct tools to help filter and exclude irrelevant data
  • Finding the relevant files amidst the hundreds of thousands found on most hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

  • Loops

Question 45)

Which two (2) statements about Python are truthful? (Select two)

  • Python code is considered easy to debug compared with other pop programming languages
  • Python lawmaking is considered very readable past novice programmers

Question 46)

In the Python argument

pi="3"

What data type is the information type of the variable pi?

  • str

Question 47)

What will exist printed past the following block of Python code?

def Add5(in)

 out=in+v

 return out

 impress(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was developed by the U.s. Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or False. An organization's security immune organization should be integrated with outside organizations, including vendors and other third-parties.

  • Truthful

Question 50)

Which three (3) of these are amid the meridian 12 capabilities that a good information security and protection solution should provide? (Select 3)

  • Vulnerability assessment
  • Real-fourth dimension alerting
  • Tokenization

Question 51)

Truthful or Simulated. For iOS and Android mobile devices, users must interact with the operating system only through a serial of applications, merely not directly.

  • True

Question 52)

All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a big number of admission points staffed by low-level employees who take access to payment card data?

  • Retail

Question 53)

True or False. WireShark has an impressive array of features and is distributed gratis of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base of operations-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

Y'all calculate that there is a two% probability that a cybercriminal volition be able to steal credit carte numbers from your online storefront which volition upshot in $10M in losses to your company. What have you just determined?

  • A hazard

Question 57)

Which ane of the OWASP Top 10 Awarding Security Risks would exist occur when an application's API exposes financial, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which 3 (3) of these are Solution Building Blocks (SBBs)? (Select iii)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from 3 areas, homo expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself all-time to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Engineering. Which role of the triad would network monitoring belong?

  • Applied science

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early equally possible in the cyber kill concatenation

Question 62)

There is value brought past each of the IBM i2 Eia utilise cases. Which 1 of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which 3 (3) soft skills are important to take in an organization'southward incident response team? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which stage of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (iii) of these statistics about phishing attacks are real? (Select 3)

  • Around 15 million new phishing sites are created each month
  • Phishing accounts for near 20% of information breaches
  • 30% of phishing messages are opened past their targeted users

Question 66)

Which three (iii) of these control processes are included in the PCI-DSS standard? (Select three)

  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (3) are malware types ordinarily used in PoS attacks to steal credit menu data? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon study, what percentage of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

  • 52%

Question 69)

You get a phone phone call from a technician at the "Windows company" who tells y'all that they have detected a trouble with your system and would similar to help you resolve information technology. In order to assistance, they need you to go to a web site and download a simple utility that will allow them to ready the settings on your figurer. Since yous only own an Apple Mac, you are suspicious of this caller and hang upwards. What would the attack vector have been if you had downloaded the "simple utility" every bit asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an constructive fully automatic way to forbid malware from entering your arrangement as an email zipper?

  • Anti-virus software

 Question 71)

True or False. The large majority of stolen credit carte du jour numbers are used quickly past the thief or a member of his/her family.

  • False

Question 72)

Which 3 (3) of these are PCI-DSS requirements for any visitor handling, processing or transmitting credit card information? (Select 3)

  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer admission
  • Restrict physical access to cardholder data

Question 73)

True or False. Communications of a data breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response team model is characterized by which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their land or department
  • Multiple incident response teams within an organization but 1 with authority to assure consequent policies and practices are followed beyond all teams
  • This term refers to a structure that assures the incident response team'south activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to every bit the ____ and ____ teams, respectively.

  • Blueish Reddish
  • Crimson, Bluish

Question 76)

The partnership between security analysts and technology tin exist said to be grouped into three domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (iii) of these topics?

  • Brainchild
  • Dilemmas
  • Morals

Question 77)

Solution architectures frequently incorporate diagrams like the ane beneath. What does this diagram evidence?

<<Solution Compages Data Menses.png>>

  • Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Information Link

Question eighty)

Truthful or False. Internal attacks from trusted employees represents as as meaning a threat as external attacks from professional cyber criminals.

  • Truthful

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest average cost per breach in 2018 at $eight.19M

  • United States

Question 83)

Which two (two) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What will print out when this cake of Python code is run?

i=1

#i=i+i

#i=i+ii

#i=i+three

impress(i)

  • 1

Question 85)

Which iii (3) statements well-nigh Python variables are truthful? (Select 3)

  • A variable name must outset with a letter or the underscore "_" graphic symbol
  • Variables can change type after they have been set
  • Variables do non have to be declared in accelerate of their use

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the concatenation of custody of evidence is disquisitional. Which of these should exist included in your chain of custody log?

  • All of the above

Question 88)

Forensic analysis should ever be conducted on a copy of the original information. Which two (2) types of copying are advisable for getting information from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the post-obit would exist considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An announced threat against your organization past a hactivist group

Question ninety)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers equally well every bit a list of open up ports and published services, which tool would exist the best fit for this job?

  • Nmap

Question 91)

Which type of list is considered best for safe coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a company'southward headquarters in New York Metropolis, which of these activities should not raise much of a security business concern?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from home for an hour or and so during the terminal 2 weeks of each quarter

Question 93)

Data sources such equally newspapers, books and web pages are considered which type of data?

  • Unstructured data
  • Semi-structured information
  • Structured information

Question 94)

Which three (iii) of these statements about the TCP protocol are Truthful? (Select 3)

  • TCP packets are reassembled by the receiving arrangement in the order in which they were sent
  • TCP is more than reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

  • 2

Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this company need to assure all 25 computers tin can communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • 1

Question 97)

Why is symmetric fundamental encryption the nigh common option of methods to encryptic data at balance?

  • There are far more keys available for use
  • It is much faster than asymmetric fundamental encryption

Question 98)

Which of the following statements about hashing is Truthful?

  • Hashing uses algorithms that are known equally "one-way" functions

Question 99)

Why is hashing not a common method used for encrypting information?

  • Hashing is a one-way process so the original information cannot be reconstructed from a hash value

Question 100)

Public fundamental encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the chief hallmark protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting access to a user account only those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the about mutual patch remediation frequency for about organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an set on method usually used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for IT staff is what type of control?

  • Virtual
  • Operational
  • Concrete

Question 106)

Which security concerns follow your workload even afterwards it is successfully moved to the cloud?

  • All of the above

Question 107)

Which form of Cloud calculating combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your figurer'due south hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is divers as what?

  • The property of being genuine and verifiable

Question 111)

ITIL is all-time described as what?

  • A collection of Information technology Service Management best practices

Question 112)

Which position is in accuse of testing the security and effectiveness of computer information systems?

  • Information Security Accountant

Question 113)

A company wants to forestall employees from wasting time on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company merely implemented? (Select 2)

  • Authoritative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would accost which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a reckoner and reports back to the controller your keystrokes and other data it tin can gather from your arrangement be called?

  • Spyware

Question 116)

Fancy Bears and Bearding are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a arrangement is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked past a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, run a risk
  • threat thespian, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

  • A Deprival of Service (DoS) attack

Question 119)

Trudy intercepts a romantic apparently-text bulletin from Alice to her beau Sam. The bulletin upsets Trudy so she forrard it to Bob, making information technology wait like Alice intended it for Bob from the beginning. Which attribute of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which factor contributes nearly to the strength of an encryption system?

  • How many people have access to your public fundamental
  • The length of the encryption key used
  • The number of private keys used by the system

Question 121)

What is an advantage asymmetric key encryption has over symmetric primal encryption?

  • Asymmetric keys can be exchanged more than deeply than symmetric keys
  • Asymmetric key encryption is harder to interruption than symmetric key encryption
  • Asymmetric key encryption is faster than symmetric primal encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select iii)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

  • Availability

Question 125)

Which type of access control is based upon the subject's clearance level and the objects classification?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Office Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the cloud's supervisory system
  • Betwixt the hardware and operating organisation
  • Between the operating arrangement and applications

Question 128)

An identical e-mail sent to millions of addresses at random would be classified as which type of assail?

  • A Shark assault
  • A Phishing attack

Question 129)

Which statement most drivers running in Windows kernel mode is truthful?

  • Merely critical processes are permitted to run in kernel mode since at that place is nothing to prevent a

Question 130)

Symmetric key encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality but
  • Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to employ dynamic mapping?

  • The organization will demand as many registered IP addresses every bit it has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP address using dissimilar port numbers
  • Unregistered IP addresses are mapped to registered IP addresses equally they are needed
  • The NAT router uses each computer'due south IP address for both internal and external communication

Question 132)

Which address type does a computer utilize to get a new IP accost when information technology boots up?

  • The network's DHCP server address

Question 133)

What is the master divergence between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a bundle belongs to and analyzes it appropriately?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that perhaps, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first matter you should tell the employee to practise?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems equally if she were an external hacker with no within knowled

Question 137)

Which Postal service Incident activity would exist concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Bear witness retention
  • Documentation review & update
  • Utilizing collected data

Question 138)

In digital forensics, which 3 (3) steps are involved in the collection of data? (Select iii)

  • Develop a plan to acquire the data
  • Verify the integrity of the data
  • Acquire the information

Question 139)

Which three (three) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+1

  • nine

Question 141)

Activities performed as a part of security intelligence tin be divided into pre-exploit and post-exploit activities. Which 2 (2) of these are post-exploit activities? (Select ii)

  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted past an organization'south backup practices?

  • Availability
  • Integrity
  • Authorisation

Question 143)

Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Code & build
  • Operate & monitor
  • Programme

Question 144)

Which i of the OWASP Top ten Awarding Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which ii (2) factors? (Select 2)

  • Flows per infinitesimal (FPM)
  • Events per second (EPS)

Question 146)

Truthful or Imitation. If you have no better place to start hunting threats, first with a view of the global threat landscape and so drill down to a regional view, manufacture view and finally a view of the threats specific to your own organization.

  • True

Question 147)

True or Fake. Cloud-based storage or hosting providers are among the acme sources of 3rd-party breaches

  • True

Question 148)

You are looking very difficult on the web for the lowest mortgage interest load you lot can find and you come across a rate that is and so low information technology could not possibly exist true. Y'all check out the site to see that the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used past the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come upward in news feeds or Google searches are sometimes called "click-bait". These manufactures oft tempt you lot to link to other sites that can exist infected with malware. What attack vector is used by these click-bait sites to get you to become to the really bad sites?

  • Malicious Links

More than New Questions

Question 150)

Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a organisation
  • The likelihood that the weakness in a system will be exploited
  • One instance of a weakness being exploited
  • A weakness in a arrangement that could be exploited by a bad role player

Question 151)

Suspicious action, like IP addresses or ports existence scanned sequentially, is a sign of which type of attack?

  • A mapping assault
  • A denial of service (DoS) assail
  • A phishing attack
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding information technology
  • Trudy cannot read it considering it is encrypted but allows information technology to exist delivered to Bob in its original form
  • Trudy changes the message and and so frontwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate authoritative, technical, and physical safeguards for protecting electronic protected health information (eastward-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response arrangement (EDR) should have which three (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which argument about encryption is True about data in apply.

  • Data should always be kept encrypted since modernistic CPUs are fully capable of operating directly on encrypted data
  • Information technology is vulnerable to theft and should exist decrypted simply for the briefest possible fourth dimension while it is being operated on
  • Curt of orchestrating a memory dump from a organization crash, there is no practical way for malware to become at the data being candy, so dump logs are your only real business concern
  • Data in agile retention registers are not at hazard of being stolen

Question 156)

For added security y'all decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this exist done?

  • This cannot exist done The network administrator must choose to run a given network segment in either stateful or stateless style, and so select the corresponding firewall blazon
  • Install a unmarried firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These avant-garde devices inspect everything a stateless firewall inspects in add-on to state related factors
  • Y'all must install two firewalls in serial, then all packets pass through the stateless firewall beginning then the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Grade A network?

  • two
  • 1
  • 4
  • 3

Question 158)

If you have to rely upon metadata to piece of work with the data at paw, you lot are probably working with which type of data?

  • Meta-structured data
  • Semi-structured data
  • Structured information
  • Unstructured data

Question 159)

Which two (ii) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Central
  • Analogous
  • Control

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

  • Information chance analysis
  • Data classification
  • Information discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Red Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application attack would include User denies performing an operation, attacker exploits an awarding without trace, and aggressor covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or Imitation. Thorough reconnaissance is an important pace in developing an effective cyber kill chain.

  • True
  • Fake

Question 165)

True or False. One of the main challenges in cyber threat hunting is a lack of useful tools sold by also few vendors.

  • True
  • False

Question 166)

Truthful or False. A big company has a data breach involving the theft of employee personnel records but no client data of any kind. Since no external data was involved, the visitor does non have to study the breach to law enforcement.

  • Truthful
  • False

Question 167)

Y'all are the CEO of a large tech company and take just received an angry email that looks like information technology came from one of your biggest customers. The email says your company is overbilling the customer and asks that you lot examine the attached invoice. You exercise but find information technology blank, so you answer politely to the sender request for more than details. You never hear dorsum, but a week later your security team tells yous that your credentials have been used to access and exfiltrate large amounts of visitor financial data. What kind of attack did you fall victim to?

  • As a phishing attack
  • Equally a whale attack
  • A shark assail
  • A fly phishing assail

Question 168)

Which of these statements nearly the PCI-DSS requirements for any company handling, processing or transmitting credit card information is truthful?

  • Muti-factor hallmark is required for all new card holders
  • Some form of mobile device direction (MDM) must be used on all mobile credit card processing devices
  • All employees with direct access to cardholder data must be bonded
  • Cardholder information must be encrypted if it is sent across open or public networks

Which Incident Response Team model describes a squad that acts as consulting experts to advise local IR teams?

  • Command
  • Coordinating
  • Distributed
  • O Central

In a Linux file system, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such every bit grep and ping
  • Configuration files such equally fstab and inittab
  • Directories such as /home and /usr

If a computer needs to transport a message to a system that is not part of the local network, where does information technology send the bulletin?

  • To the system'southward domain proper noun
  • To the system's IP address
  • The network's DNS server address
  • To the system's MAC address
  • The network'southward default gateway accost
  • The network's DHCP server accost

Which three (3) of these statements about the TCP protocol are True? (Select three)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving arrangement in the order in which they were sent
  • TCP is more reliable than UDP

A professor is non allowed to alter a student's final grade subsequently she submits it without completing a special form to explicate the circumstances that necessitated the modify. This boosted step supports which attribute of the CIA Triad?

  • Dominance
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security risk?

  • An example of being exposed to losses
  • Any potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a organization
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a evidently text message sent by Alice to Bob, but in no way interferes with its delivery. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the to a higher place

What is an advantage symmetric central encryption has over disproportionate key encryption?

  • Symmetric key encryption provides better security against Human-in-the-middle attacks than is possible with asymmetric key encryption
  • Symmetric key encryption is faster than asymmetric key encryption
  • Symmetric keys can exist exchanged more than securely than asymmetric keys
  • Symmetric key encryption is harder to break than disproportionate key encryption

Which blazon of application attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorization
  • Exception management

Why should you ever expect for common patterns before starting a new security architecture design?

  • They tin assist place best practices
  • They can shorten the development lifecycle
  • Some document consummate tested solutions
  • All of the above

Last Update: 09/12/2021

Warning: Jo Answer Light-green hai wo correct hai just

Jo Green Nahi hai. Usme se jo ek wrong pick tha usko hata diya hai

PLEASE WAIT I WILL ADD More NEW QUETIONS..

Also if y'all accept Questions with correct answer  Send me on my E-mail i volition update on my weblog..

niyander111@gmail.com

Thank you...