IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers

Warning: Jo Reply Green hai wo correct hai but

Jo Dark-green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

Question ane)

Implementing a Security Sensation grooming programme would be an example of which type of control?

  • Authoritative control

Question 2)

Putting locks on a door is an case of which type of control?

  • Preventative

Question 3)

How would you lot allocate a piece of malicious code that can replicate itself and spread to new systems?

  • A worm

Question 4)

To appoint in packet sniffing, you must implement promiscuous fashion on which device ?

  • A network menu
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question 5)

Which mechanism would assist assure the integrity of a message, merely not do much to assure confidentiality or availability.

  • Hashing

Question six)

An arrangement wants to restrict employee after-hours access to its systems so information technology publishes a policy forbidding employees to piece of work outside of their assigned hours, so makes sure the office doors remain locked on weekends. What 2 (2) types of controls are they using? (Select two)

  • Physical
  • Administrative

Question 7)

Which two factors contribute to cryptographic force? (Select ii)

  • The utilize of cyphers that are based on circuitous mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question 8)

Trying to interruption an encryption key by trying every possible combination of characters is called what?

  • A beast force assail

Question 9)

Which of the post-obit describes the core goals of It security?

  • The Open Web Application Security Project (OWASP) Framework
  • The Concern Process Management Framework
  • The CIA Triad

Question 10)

Which 3 (3) roles are typically institute in an Information Security organization? (Select 3)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question xi)

Problem Direction, Change Management, and Incident Management are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message so forwards it on
  • Trudy deletes the message without forwarding it
  • Trudy reads the message
  • Trudy cannot read information technology because it is encrypted only allows it to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined as what?

  • Beingness able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more than one authentication method to be used earlier identity is authenticated. Which three (3) are authentication methods? (Select iii)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which iii (3) of the following are Physical Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question xvi)

If y'all are setting up a Windows 10 laptop with a 32Gb hard drive, which 2 (2) file arrangement could you select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (3) permissions can be set on a file in Linux? (Select three)

  • write
  • execute
  • read

Question 18)

If cost is the primary concern, which type of cloud should be considered first?

  • Public cloud

Question nineteen)

Consolidating and virtualizing workloads should be done when?

  • Earlier moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard prepare by the credit bill of fare industry in the US?

  • PCI-DSS

Question 21)

Which ii (ii) of the post-obit attack types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) arrangement detects that an endpoint does not have a required patch installed, which argument best characterizes the actions it is able to take automatically?

  • The endpoint tin exist quarantined from all network resource except those that allow information technology to download and install the missing patch

Question 23)

Granting access to a user based upon how high up he is in an organisation violates what basic security premise?

  • The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the post-obit protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the post-obit?

  • Integrity

Question 26)

Which of the following practices helps clinch the best results when implementing encryption?

  • Cull a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and keep them cloak-and-dagger

Question 27)

Which of these methods ensures the hallmark, non-repudiation and integrity of a digital advice?

  • Use of digital signatures

Question 28)

Which of the post-obit practices volition help assure the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept self-signed certificates
  • Implement HTTP Strict Send Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static i-to-one mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost only when they are needed
  • Allows internal IP addresses to be hidden from exterior observers

Question xxx)

Which statement all-time describes configuring a NAT router to use static mapping?

  • The organization volition need as many registered IP addresses as it has computers that demand Cyberspace admission

Question 31)

If a figurer needs to send a message to a system that is part of the local network, where does information technology ship the message?

  • To the system's MAC address

Question 32)

Which are backdrop of a highly bachelor system?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever society they are received
  • UDP is connectionless

Question 34)

What is one divergence between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really not very experienced with securing information sources. Which hosting model would crave you to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal twenty-four hour period shift from his company's headquarters in Austin, TX U.s.. Which two (two) of these activities heighten the most cause for concern? (Select 2)

  • Each night Hassan logs into his account from an Isp in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (3) of the following are considered safe coding practices? (Select iii)

  • Apply library functions in place of OS commands
  • Avert using Bone commands whenever possible
  • Avoid running commands through a shell interpreter

Question 38)

Which three (iii) items should be included in the Planning stride of a penetration test? (Select three)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would embrace the risk ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Mail service-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered constructive in solving violent crimes such as rape and murder.

  • False

Question 43)

Which three (three) are common obstacles faced when trying to examine forensic data? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files amongst the hundreds of thousands institute on most hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

  • Loops

Question 45)

Which two (ii) statements about Python are true? (Select 2)

  • Python lawmaking is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable past novice programmers

Question 46)

In the Python statement

pi="3"

What data type is the information type of the variable pi?

  • str

Question 47)

What will exist printed by the following block of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was adult past the US Government to enable consequent label and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or Faux. An organization's security immune organization should exist integrated with exterior organizations, including vendors and other tertiary-parties.

  • True

Question 50)

Which three (3) of these are among the tiptop 12 capabilities that a good data security and protection solution should provide? (Select three)

  • Vulnerability cess
  • Existent-time alerting
  • Tokenization

Question 51)

Truthful or Simulated. For iOS and Android mobile devices, users must interact with the operating organization only through a series of applications, merely not directly.

  • True

Question 52)

All industries accept their own unique data security challenges. Which of these industries has a detail concern with PCI-DSS compliance while having a large number of access points staffed by depression-level employees who take access to payment card data?

  • Retail

Question 53)

True or False. WireShark has an impressive array of features and is distributed free of accuse.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authority

Question 56)

Y'all calculate that there is a two% probability that a cybercriminal volition be able to steal credit menu numbers from your online storefront which volition consequence in $10M in losses to your company. What have you just determined?

  • A risk

Question 57)

Which one of the OWASP Height 10 Application Security Risks would exist occur when an awarding's API exposes financial, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Awarding Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense force includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Chop-chop analyzing large quantities of unstructured data lends itself best to which of these areas?

  • Bogus intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

  • Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The human activity of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 Environmental impact assessment use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (three) soft skills are of import to have in an arrangement'south incident response squad? (Select 3)

  • Advice
  • Teamwork
  • Problem solving and Critical thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (three) of these statistics near phishing attacks are real? (Select 3)

  • Effectually 15 1000000 new phishing sites are created each month
  • Phishing accounts for nigh 20% of data breaches
  • thirty% of phishing messages are opened by their targeted users

Question 66)

Which three (three) of these control processes are included in the PCI-DSS standard? (Select iii)

  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which iii (3) are malware types commonly used in PoS attacks to steal credit menu data? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

Co-ordinate to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a production or service from a provider with meliorate security?

  • 52%

Question 69)

You become a phone call from a technician at the "Windows company" who tells you that they take detected a problem with your organisation and would similar to help you resolve it. In order to help, they need you lot to get to a web site and download a elementary utility that will allow them to fix the settings on your computer. Since yous simply own an Apple Mac, you are suspicious of this caller and hang upwardly. What would the attack vector have been if you had downloaded the "simple utility" every bit asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated way to forestall malware from inbound your system as an email attachment?

  • Anti-virus software

 Question 71)

True or Faux. The large majority of stolen credit carte numbers are used chop-chop past the thief or a member of his/her family.

  • Imitation

Question 72)

Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit carte du jour data? (Select 3)

  • Restrict access to cardholder information by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict concrete access to cardholder data

Question 73)

True or Imitation. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response squad model is characterized past which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their land or section
  • Multiple incident response teams within an organisation but 1 with authorisation to assure consistent policies and practices are followed across all teams
  • This term refers to a structure that assures the incident response team's activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to equally the ____ and ____ teams, respectively.

  • Blueish Cherry
  • Cerise, Blue

Question 76)

The partnership between security analysts and engineering can exist said to be grouped into 3 domains, homo expertise, security analytics and bogus intelligence. The human expertise domain would contain which three (iii) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often comprise diagrams similar the one below. What does this diagram show?

<<Solution Architecture Information Flow.png>>

  • Functional components and information menstruum

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Information Link

Question 80)

True or Simulated. Internal attacks from trusted employees represents every bit as significant a threat every bit external attacks from professional cyber criminals.

  • Truthful

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • eighty%

Question 82)

Which state had the highest average price per breach in 2018 at $8.19M

  • Us

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What will impress out when this block of Python code is run?

i=1

#i=i+1

#i=i+ii

#i=i+three

print(i)

  • i

Question 85)

Which iii (3) statements about Python variables are true? (Select three)

  • A variable proper name must start with a letter or the underscore "_" character
  • Variables can change blazon afterward they take been set
  • Variables exercise not take to be alleged in advance of their apply

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should exist included in your chain of custody log?

  • All of the above

Question 88)

Forensic analysis should always be conducted on a re-create of the original data. Which two (2) types of copying are appropriate for getting data from a laptop caused from a terminated employee, if you suspect he has deleted incriminating files? (Select two)

  • An incremental backup
  • A logical backup

Question 89)

Which of the post-obit would be considered an incident precursor?

  • An alert from your antivirus software indicating information technology had detected malware on your system
  • An announced threat against your organization by a hactivist group

Question xc)

If a penetration examination calls for you to create a diagram of the target network including the identity of hosts and servers as well as a listing of open ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which blazon of list is considered best for prophylactic coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should non enhance much of a security business organisation?

  • A recently hired data scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from domicile for an hour or and then during the terminal 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and spider web pages are considered which type of data?

  • Unstructured information
  • Semi-structured data
  • Structured data

Question 94)

Which three (3) of these statements well-nigh the TCP protocol are True? (Select three)

  • TCP packets are reassembled by the receiving system in the social club in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Course B network?

  • 2

Question 96)

A modest company with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this company demand to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • 1

Question 97)

Why is symmetric key encryption the most common choice of methods to encryptic information at balance?

  • At that place are far more than keys bachelor for use
  • Information technology is much faster than disproportionate key encryption

Question 98)

Which of the following statements nigh hashing is True?

  • Hashing uses algorithms that are known as "one-style" functions

Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a one-way process and then the original data cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting admission to a user account only those privileges necessary to perform its intended functions is known every bit what?

  • The principle of to the lowest degree privileges

Question 103)

What is the most common patch remediation frequency for nearly organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method ordinarily used in which scenario?

  • Supply Chain Infiltration
  • Blocking admission to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for It staff is what blazon of control?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload even afterward it is successfully moved to the cloud?

  • All of the above

Question 107)

Which form of Cloud computing combines both public and individual clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your reckoner's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to information are examples of which blazon of access control?

  • Technical

Question 110)

In cybersecurity, Actuality is defined as what?

  • The holding of beingness 18-carat and verifiable

Question 111)

ITIL is all-time described as what?

  • A collection of It Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of calculator data systems?

  • Information Security Auditor

Question 113)

A visitor wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding utilize of these sites while at work is written and circulated so the firewalls are updated to block admission to Facebook, Twitter and other pop sites. Which two (2) types of security controls has the visitor just implemented? (Select 2)

  • Administrative
  • Technical

Question 114)

An email bulletin that is encrypted, uses a digital signature and carries a hash value would accost which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a slice of malicious code that gets installed on a reckoner and reports back to the controller your keystrokes and other data it can get together from your arrangement be chosen?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a organisation is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of assail?

  • A Deprival of Service (DoS) set on

Question 119)

Trudy intercepts a romantic plain-text message from Alice to her beau Sam. The message upsets Trudy so she frontwards it to Bob, making it expect similar Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the in a higher place

Question 120)

Which factor contributes most to the strength of an encryption system?

  • How many people have access to your public central
  • The length of the encryption key used
  • The number of individual keys used by the system

Question 121)

What is an advantage asymmetric key encryption has over symmetric key encryption?

  • Asymmetric keys can be exchanged more securely than symmetric keys
  • Asymmetric fundamental encryption is harder to break than symmetric fundamental encryption
  • Asymmetric cardinal encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "upstanding hacking" of an organizations figurer systems?

  • A Penetration Tester

Question 123)

Which 3 (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 serial
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

  • Availability

Question 125)

Which type of access control is based upon the subject'south clearance level and the objects classification?

  • Hierarchical Access Command (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Admission Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Betwixt the applications and the data sources
  • On the cloud'due south supervisory arrangement
  • Between the hardware and operating system
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of attack?

  • A Shark attack
  • A Phishing attack

Question 129)

Which statement about drivers running in Windows kernel manner is true?

  • Only disquisitional processes are permitted to run in kernel mode since there is zilch to forestall a

Question 130)

Symmetric key encryption past itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality just
  • Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to utilise dynamic mapping?

  • The organization will demand equally many registered IP addresses as information technology has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP accost using dissimilar port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer's IP address for both internal and external communication

Question 132)

Which accost type does a computer use to get a new IP address when it boots up?

  • The network'south DHCP server accost

Question 133)

What is the main difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times equally many possible IP addresses

Question 134)

Which type of firewall understands which session a bundle belongs to and analyzes information technology accordingly?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that maybe, just perchance, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the commencement thing y'all should tell the employee to do?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would exist doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled

Question 137)

Which Post Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned coming together
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data

Question 138)

In digital forensics, which iii (iii) steps are involved in the drove of data? (Select iii)

  • Develop a programme to acquire the data
  • Verify the integrity of the data
  • Acquire the data

Question 139)

Which three (3) of the following are considered scripting languages? (Select iii)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<ten):

 print(i)

 i=i+i

  • ix

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select two)

  • Get together full situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

There are many proficient reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is most impacted by an organization's fill-in practices?

  • Availability
  • Integrity
  • Authorization

Question 143)

Which stage of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Code & build
  • Operate & monitor
  • Plan

Question 144)

Which i of the OWASP Top ten Application Security Risks would be occur when at that place are no safeguards against a user beingness immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

Truthful or False. If y'all accept no meliorate place to start hunting threats, beginning with a view of the global threat landscape and and then drill downward to a regional view, industry view and finally a view of the threats specific to your ain organisation.

  • True

Question 147)

True or False. Cloud-based storage or hosting providers are among the top sources of tertiary-political party breaches

  • True

Question 148)

You are looking very hard on the web for the lowest mortgage interest load you tin can find and you come up across a rate that is so depression it could not mayhap exist true. You bank check out the site to see that the terms are and rapidly find you are the victim of a ransomware attack. What was the probable assail vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come upward in news feeds or Google searches are sometimes called "click-allurement". These articles often tempt you to link to other sites that tin can be infected with malware. What attack vector is used past these click-bait sites to go you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a organisation volition be exploited
  • One case of a weakness being exploited
  • A weakness in a system that could be exploited by a bad thespian

Question 151)

Suspicious activity, like IP addresses or ports beingness scanned sequentially, is a sign of which type of assail?

  • A mapping assail
  • A denial of service (DoS) assault
  • A phishing attack
  • An IP spoofing assail

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the bulletin without forwarding it
  • Trudy cannot read it because it is encrypted simply allows it to be delivered to Bob in its original form
  • Trudy changes the bulletin and then forwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and concrete safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 serial
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response organisation (EDR) should accept which three (3) of these capabilities? (Select iii)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which statement about encryption is Truthful almost data in use.

  • Information should always be kept encrypted since mod CPUs are fully capable of operating direct on encrypted data
  • Information technology is vulnerable to theft and should exist decrypted but for the briefest possible time while information technology is being operated on
  • Brusk of orchestrating a memory dump from a system crash, in that location is no practical mode for malware to become at the data existence processed, so dump logs are your only real business organisation
  • Data in active memory registers are not at hazard of beingness stolen

Question 156)

For added security you determine to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network ambassador must choose to run a given network segment in either stateful or stateless mode, and and so select the respective firewall type
  • Install a unmarried firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These avant-garde devices inspect everything a stateless firewall inspects in addition to land related factors
  • Y'all must install 2 firewalls in series, so all packets laissez passer through the stateless firewall first and then the stateless firewall

Question 157)

In IPv4, how many of the iv octets are used to define the network portion of the address in a Grade A network?

  • ii
  • i
  • 4
  • 3

Question 158)

If y'all have to rely upon metadata to work with the data at hand, you are probably working with which type of data?

  • Meta-structured information
  • Semi-structured data
  • Structured data
  • Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering science
  • Packet sniffing

Question 160)

Which Incident Response Squad model describes a squad that runs all incident response activities for a company?

  • Distributed
  • Primal
  • Coordinating
  • Control

Question 161)

Which is the information protection process that prevents a suspicious data asking from existence completed?

  • Data risk analysis
  • Data classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which grade of penetration testing allows the testers partial noesis of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Red Box Testing
  • Grey Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application set on would include User denies performing an operation, assaulter exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Hallmark
  • Authority
  • Input validation

Question 164)

True or Faux. Thorough reconnaissance is an important pace in developing an effective cyber kill chain.

  • Truthful
  • False

Question 165)

Truthful or False. One of the primary challenges in cyber threat hunting is a lack of useful tools sold by as well few vendors.

  • True
  • Simulated

Question 166)

True or False. A large company has a information alienation involving the theft of employee personnel records but no client data of any kind. Since no external data was involved, the company does not have to written report the breach to police enforcement.

  • True
  • Faux

Question 167)

You are the CEO of a large tech company and accept just received an angry electronic mail that looks similar it came from i of your biggest customers. The electronic mail says your company is overbilling the customer and asks that yous examine the attached invoice. You do just find it blank, so you respond politely to the sender request for more details. You lot never hear dorsum, but a week after your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial information. What kind of attack did yous autumn victim to?

  • As a phishing assail
  • Every bit a whale attack
  • A shark assail
  • A wing phishing attack

Question 168)

Which of these statements nigh the PCI-DSS requirements for any company treatment, processing or transmitting credit carte data is truthful?

  • Muti-factor authentication is required for all new card holders
  • Some course of mobile device direction (MDM) must exist used on all mobile credit menu processing devices
  • All employees with direct access to cardholder data must be bonded
  • Cardholder data must be encrypted if it is sent beyond open or public networks

Which Incident Response Squad model describes a squad that acts as consulting experts to propose local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Central

In a Linux file system, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such equally fstab and inittab
  • Directories such as /home and /usr

If a calculator needs to transport a message to a system that is not role of the local network, where does it send the message?

  • To the organization's domain proper name
  • To the system'due south IP address
  • The network's DNS server accost
  • To the system's MAC address
  • The network'south default gateway address
  • The network'due south DHCP server accost

Which 3 (iii) of these statements virtually the TCP protocol are True? (Select iii)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving organisation in the social club in which they were sent
  • TCP is more reliable than UDP

A professor is not immune to change a student's final grade later she submits it without completing a special class to explicate the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security hazard?

  • An instance of existence exposed to losses
  • Whatsoever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a system
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text bulletin sent by Alice to Bob, just in no way interferes with its delivery. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an advantage symmetric key encryption has over asymmetric key encryption?

  • Symmetric key encryption provides improve security against Human-in-the-centre attacks than is possible with asymmetric central encryption
  • Symmetric key encryption is faster than disproportionate key encryption
  • Symmetric keys tin be exchanged more securely than asymmetric keys
  • Symmetric cardinal encryption is harder to pause than asymmetric key encryption

Which type of awarding attack would include network eavesdropping, lexicon attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorization
  • Exception management

Why should you ever await for common patterns before starting a new security architecture design?

  • They can assistance identify best practices
  • They can shorten the development lifecycle
  • Some document consummate tested solutions
  • All of the above

Last Update: 09/12/2021

Warning: Jo Answer Light-green hai wo correct hai but

Jo Light-green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

PLEASE WAIT I Volition Add More NEW QUETIONS..

Besides if you have Questions with right reply  Transport me on my Electronic mail i volition update on my weblog..

niyander111@gmail.com

Thank you...