IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional person Document Assessment Exam Quiz Answers

Warning: Jo Answer Green hai wo correct hai simply

Jo Green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Question i)

Implementing a Security Sensation training plan would exist an example of which type of control?

  • Authoritative command

Question 2)

Putting locks on a door is an instance of which blazon of control?

  • Preventative

Question three)

How would you classify a piece of malicious code that can replicate itself and spread to new systems?

  • A worm

Question iv)

To appoint in bundle sniffing, you must implement promiscuous mode on which device ?

  • A network bill of fare
  • An Intrusion Detection Organization (IDS)
  • A sniffing router

Question v)

Which machinery would assistance clinch the integrity of a message, but not do much to clinch confidentiality or availability.

  • Hashing

Question 6)

An system wants to restrict employee subsequently-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours, and and so makes sure the office doors remain locked on weekends. What ii (ii) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question 7)

Which two factors contribute to cryptographic strength? (Select 2)

  • The use of cyphers that are based on circuitous mathematical algorithms
  • The employ of cyphers that accept undergone public scrutiny

Question eight)

Trying to break an encryption key past trying every possible combination of characters is called what?

  • A fauna force assault

Question nine)

Which of the following describes the core goals of IT security?

  • The Open Web Awarding Security Project (OWASP) Framework
  • The Business Process Management Framework
  • The CIA Triad

Question 10)

Which 3 (iii) roles are typically constitute in an Information Security arrangement? (Select 3)

  • Vulnerability Assessor
  • Main Data Security Officer (CISO)
  • Penetration Tester

Question xi)

Problem Management, Alter Management, and Incident Management are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a bulletin to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and so forwards it on
  • Trudy deletes the message without forwarding it
  • Trudy reads the bulletin
  • Trudy cannot read it considering it is encrypted only allows it to be delivered to Bob in its original class

Question 13)

In cybersecurity, Accountability is defined equally what?

  • Being able to map an activity to an identity

Question 14)

Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which 3 (iii) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question xv)

Which three (3) of the following are Physical Access Controls? (Select iii)

  • Door locks
  • Security guards
  • Fences

Question 16)

If you are setting up a Windows 10 laptop with a 32Gb difficult drive, which ii (ii) file organisation could y'all select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (3) permissions tin be set on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If cost is the primary concern, which type of cloud should be considered beginning?

  • Public cloud

Question 19)

Consolidating and virtualizing workloads should be done when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard gear up by the credit card manufacture in the US?

  • PCI-DSS

Question 21)

Which ii (2) of the post-obit attack types target endpoints?

  • Advertisement Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to accept automatically?

  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high up he is in an organization violates what basic security premise?

  • The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the post-obit protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the post-obit?

  • Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your system and proceed them hole-and-corner

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital advice?

  • Use of digital signatures

Question 28)

Which of the following practices will help assure the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept cocky-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits y'all can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static i-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost but when they are needed
  • Allows internal IP addresses to exist hidden from outside observers

Question 30)

Which argument best describes configuring a NAT router to use static mapping?

  • The organization volition need equally many registered IP addresses as it has computers that need Internet access

Question 31)

If a computer needs to send a bulletin to a arrangement that is part of the local network, where does it send the message?

  • To the organization'southward MAC accost

Question 32)

Which are properties of a highly available system?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are Truthful? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever order they are received
  • UDP is connectionless

Question 34)

What is ane difference between a Stateful Firewall and a Adjacent Generation Firewall?

  • A NGFW empathise which awarding sent a given packet

Question 35)

You are concerned that your organisation is really non very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX United states of america. Which two (two) of these activities heighten the nearly cause for concern? (Select 2)

  • Each night Hassan logs into his account from an ISP in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (three) of the post-obit are considered safety coding practices? (Select iii)

  • Use library functions in place of OS commands
  • Avert using OS commands whenever possible
  • Avoid running commands through a vanquish interpreter

Question 38)

Which iii (3) items should exist included in the Planning step of a penetration test? (Select three)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest study would embrace the hazard ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resources category?

  • Incident Mail service-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends because a number of items, including a high level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is constructive in solving cyber crimes simply is not considered effective in solving violent crimes such equally rape and murder.

  • Fake

Question 43)

Which three (3) are mutual obstacles faced when trying to examine forensic data? (Select 3)

  • Selecting the right tools to assistance filter and exclude irrelevant data
  • Finding the relevant files among the hundreds of thousands found on most hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

  • Loops

Question 45)

Which ii (ii) statements about Python are true? (Select 2)

  • Python code is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="iii"

What data type is the data blazon of the variable pi?

  • str

Question 47)

What volition be printed by the following block of Python lawmaking?

def Add5(in)

 out=in+5

 return out

 impress(Add5(10))

  • xv

Question 48)

Which threat intelligence framework was adult past the Usa Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or Simulated. An organization's security allowed organization should be integrated with outside organizations, including vendors and other third-parties.

  • True

Question 50)

Which iii (iii) of these are among the tiptop 12 capabilities that a expert data security and protection solution should provide? (Select three)

  • Vulnerability assessment
  • Existent-time alerting
  • Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must interact with the operating system simply through a serial of applications, but not directly.

  • True

Question 52)

All industries have their ain unique data security challenges. Which of these industries has a particular business organization with PCI-DSS compliance while having a large number of access points staffed by low-level employees who take access to payment bill of fare data?

  • Retail

Question 53)

True or False. WireShark has an impressive array of features and is distributed free of charge.

  • Truthful

Question 54)

In which component of a Mutual Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission footstep in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

You summate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What have yous only adamant?

  • A adventure

Question 57)

Which 1 of the OWASP Top 10 Application Security Risks would be occur when an awarding's API exposes financial, healthcare or other PII information?

  • Sensitive data exposure

Question 58)

Which three (3) of these are Solution Edifice Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense force includes contributions from three areas, man expertise, security analytics and artificial intelligence. Chop-chop analyzing big quantities of unstructured data lends itself best to which of these areas?

  • Bogus intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Engineering science. Which role of the triad would network monitoring belong?

  • Technology

Question 61)

Which of these is a skilful definition for cyber threat hunting?

  • The human action of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early on as possible in the cyber impale concatenation

Question 62)

There is value brought past each of the IBM i2 Environmental impact assessment use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are of import to have in an system'due south incident response team? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Disquisitional thinking

Question 64)

Implementing stiff endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Assay

Question 65)

Which three (three) of these statistics nigh phishing attacks are existent? (Select three)

  • Around 15 million new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing letters are opened by their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

  • Implement strong admission command measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (3) are malware types usually used in PoS attacks to steal credit card data? (Select iii)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with amend security?

  • 52%

Question 69)

You get a phone call from a technician at the "Windows company" who tells you that they take detected a problem with your arrangement and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will let them to set the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang upwards. What would the attack vector have been if you lot had downloaded the "uncomplicated utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated way to prevent malware from entering your organization as an email attachment?

  • Anti-virus software

 Question 71)

True or Faux. The big majority of stolen credit card numbers are used chop-chop by the thief or a member of his/her family.

  • Imitation

Question 72)

Which three (three) of these are PCI-DSS requirements for any company treatment, processing or transmitting credit card information? (Select 3)

  • Restrict access to cardholder data past business demand-to-know
  • Assign a unique ID to each person with figurer access
  • Restrict physical access to cardholder data

Question 73)

True or Imitation. Communications of a information breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.

  • Truthful

Question 74)

A Analogous incident response squad model is characterized by which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their country or section
  • Multiple incident response teams within an organization but one with authority to assure consistent policies and practices are followed across all teams
  • This term refers to a construction that assures the incident response team'southward activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blueish Red
  • Ruby-red, Blue

Question 76)

The partnership betwixt security analysts and technology tin be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams like the one beneath. What does this diagram prove?

<<Solution Architecture Data Flow.png>>

  • Functional components and data menstruation

Question 78)

Port numbers 1024 through 49151 are known every bit what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Information Link

Question 80)

True or False. Internal attacks from trusted employees represents equally as significant a threat as external attacks from professional person cyber criminals.

  • True

Question 81)

According to the FireEye Mandiant'southward Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • fourscore%

Question 82)

Which country had the highest average cost per breach in 2018 at $viii.19M

  • United States

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What will impress out when this block of Python lawmaking is run?

i=1

#i=i+one

#i=i+ii

#i=i+3

print(i)

  • one

Question 85)

Which three (3) statements nearly Python variables are true? (Select three)

  • A variable name must start with a letter of the alphabet or the underscore "_" character
  • Variables can modify type after they have been set
  • Variables practice non have to be alleged in accelerate of their use

Question 86)

PowerShell is a configuration direction framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

  • All of the to a higher place

Question 88)

Forensic analysis should always exist conducted on a copy of the original data. Which 2 (2) types of copying are appropriate for getting information from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select ii)

  • An incremental backup
  • A logical fill-in

Question 89)

Which of the following would be considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An announced threat confronting your organization by a hactivist grouping

Question 90)

If a penetration test calls for y'all to create a diagram of the target network including the identity of hosts and servers besides equally a list of open ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which type of list is considered best for prophylactic coding exercise?

  • Whitelist

Question 92)

In reviewing the security logs for a company'due south headquarters in New York Urban center, which of these activities should not raise much of a security concern?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to admission the corporate fiscal database
  • An employee has started logging in from dwelling house for an hr or so during the last 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and spider web pages are considered which blazon of information?

  • Unstructured data
  • Semi-structured information
  • Structured data

Question 94)

Which three (3) of these statements virtually the TCP protocol are True? (Select 3)

  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the iv octets are used to define the network portion of the accost in a Class B network?

  • two

Question 96)

A small visitor with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this company need to assure all 25 computers tin communicate with each other and other systems on the Internet if they implement Port Accost Translations?

  • 1

Question 97)

Why is symmetric key encryption the most common option of methods to encryptic data at residual?

  • There are far more than keys available for use
  • It is much faster than asymmetric key encryption

Question 98)

Which of the post-obit statements nigh hashing is Truthful?

  • Hashing uses algorithms that are known as "1-way" functions

Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a one-way procedure then the original information cannot exist reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the main authentication protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting admission to a user account simply those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the almost mutual patch remediation frequency for most organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

  • Supply Chain Infiltration
  • Blocking admission to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for It staff is what type of control?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload fifty-fifty after it is successfully moved to the cloud?

  • All of the in a higher place

Question 107)

Which form of Cloud computing combines both public and private clouds?

  • Hybrid deject

Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The property of existence genuine and verifiable

Question 111)

ITIL is best described every bit what?

  • A collection of Information technology Service Direction best practices

Question 112)

Which position is in charge of testing the security and effectiveness of reckoner information systems?

  • Information Security Auditor

Question 113)

A company wants to forestall employees from wasting time on social media sites. To accomplish this, a document forbidding apply of these sites while at work is written and circulated then the firewalls are updated to block admission to Facebook, Twitter and other popular sites. Which ii (2) types of security controls has the company simply implemented? (Select 2)

  • Administrative
  • Technical

Question 114)

An e-mail bulletin that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can assemble from your arrangement be called?

  • Spyware

Question 116)

Fancy Bears and Bearding are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct society.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad player.

  • vulnerability, threat, exploit
  • threat, exposure, adventure
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets earlier they reach the host is a countermeasure to which form of assail?

  • A Denial of Service (DoS) assault

Question 119)

Trudy intercepts a romantic plainly-text bulletin from Alice to her boyfriend Sam. The message upsets Trudy then she forrard it to Bob, making it wait like Alice intended it for Bob from the offset. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which cistron contributes most to the forcefulness of an encryption organisation?

  • How many people take access to your public key
  • The length of the encryption key used
  • The number of individual keys used past the organisation

Question 121)

What is an advantage asymmetric key encryption has over symmetric key encryption?

  • Asymmetric keys can be exchanged more than securely than symmetric keys
  • Asymmetric central encryption is harder to break than symmetric key encryption
  • Disproportionate key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations calculator systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

  • Availability

Question 125)

Which type of access command is based upon the subject's clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Admission Command (DAC)
  • Mandatory Access Control (MAC)
  • Part Based Access Command (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Plan Files

Question 127)

To build a virtual computing environs, where is the hypervisor installed?

  • Between the applications and the information sources
  • On the cloud's supervisory system
  • Between the hardware and operating organisation
  • Betwixt the operating arrangement and applications

Question 128)

An identical e-mail sent to millions of addresses at random would be classified as which type of set on?

  • A Shark assault
  • A Phishing assail

Question 129)

Which statement most drivers running in Windows kernel mode is true?

  • Only critical processes are permitted to run in kernel mode since in that location is aught to forbid a

Question 130)

Symmetric key encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to utilise dynamic mapping?

  • The organization will demand as many registered IP addresses equally it has computers that need Internet access
  • Many registered IP addresses are mapped to a unmarried registered IP accost using unlike port numbers
  • Unregistered IP addresses are mapped to registered IP addresses equally they are needed
  • The NAT router uses each estimator's IP accost for both internal and external communication

Question 132)

Which address type does a computer utilise to go a new IP accost when it boots up?

  • The network's DHCP server address

Question 133)

What is the primary divergence between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times equally many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it accordingly?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the It Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the outset matter you lot should tell the employee to do?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Blackness box" attack would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no within knowled

Question 137)

Which Postal service Incident action would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing nerveless data

Question 138)

In digital forensics, which three (3) steps are involved in the drove of data? (Select 3)

  • Develop a program to larn the data
  • Verify the integrity of the data
  • Acquire the data

Question 139)

Which three (3) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<ten):

 print(i)

 i=i+one

  • nine

Question 141)

Activities performed equally a function of security intelligence tin can be divided into pre-exploit and mail service-exploit activities. Which 2 (ii) of these are mail-exploit activities? (Select 2)

  • Gather full situational awareness through avant-garde security analytics
  • Perform forensic investigation

Question 142)

At that place are many adept reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is near impacted past an arrangement's fill-in practices?

  • Availability
  • Integrity
  • Authority

Question 143)

Which phase of DevSecOps would incorporate the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Lawmaking & build
  • Operate & monitor
  • Plan

Question 144)

Which one of the OWASP Top x Awarding Security Risks would be occur when there are no safeguards against a user beingness allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

  • Flows per minute (FPM)
  • Events per 2d (EPS)

Question 146)

Truthful or False. If you accept no better place to start hunting threats, offset with a view of the global threat mural and so drill down to a regional view, industry view and finally a view of the threats specific to your own arrangement.

  • True

Question 147)

True or False. Deject-based storage or hosting providers are among the top sources of third-party breaches

  • True

Question 148)

Y'all are looking very hard on the web for the lowest mortgage interest load you tin can find and you lot see a rate that is and so low it could not possibly be true. You check out the site to encounter that the terms are and quickly find you are the victim of a ransomware attack. What was the probable attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come up upward in news feeds or Google searches are sometimes called "click-bait". These articles ofttimes tempt you to link to other sites that can exist infected with malware. What assail vector is used by these click-bait sites to get you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Whatever potential danger capable of exploiting a weakness in a organization
  • The likelihood that the weakness in a system will exist exploited
  • One instance of a weakness being exploited
  • A weakness in a system that could be exploited past a bad actor

Question 151)

Suspicious activity, like IP addresses or ports existence scanned sequentially, is a sign of which type of attack?

  • A mapping attack
  • A denial of service (DoS) set on
  • A phishing attack
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read information technology because information technology is encrypted only allows it to be delivered to Bob in its original form
  • Trudy changes the message and then frontward information technology on
  • Trudy reads the message

Question 153)

Which regulation contains the security dominion that requires all covered entities to maintain reasonable and advisable administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 serial
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should have which three (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which argument about encryption is True about data in utilize.

  • Data should ever be kept encrypted since modern CPUs are fully capable of operating straight on encrypted data
  • It is vulnerable to theft and should exist decrypted only for the briefest possible time while it is being operated on
  • Short of orchestrating a retention dump from a organization crash, there is no applied way for malware to get at the information being processed, then dump logs are your just real concern
  • Data in active memory registers are not at risk of being stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How tin can this exist done?

  • This cannot be done The network ambassador must cull to run a given network segment in either stateful or stateless mode, and then select the corresponding firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall merely These avant-garde devices audit everything a stateless firewall inspects in addition to state related factors
  • You must install ii firewalls in series, and then all packets pass through the stateless firewall outset and and so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

  • 2
  • 1
  • 4
  • 3

Question 158)

If you have to rely upon metadata to work with the data at mitt, you lot are probably working with which type of data?

  • Meta-structured information
  • Semi-structured data
  • Structured data
  • Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social technology
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Primal
  • Coordinating
  • Command

Question 161)

Which is the data protection process that prevents a suspicious information request from beingness completed?

  • Data risk analysis
  • Information classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which course of penetration testing allows the testers partial noesis of the systems they are trying to penetrate in advance of their assail to streamline costs and focus efforts?

  • Red Box Testing
  • Grey Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application attack would include User denies performing an operation, attacker exploits an application without trace, and assaulter covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

Truthful or Simulated. Thorough reconnaissance is an of import step in developing an effective cyber kill chain.

  • True
  • Imitation

Question 165)

True or False. 1 of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • True
  • False

Question 166)

True or Imitation. A large company has a data breach involving the theft of employee personnel records but no client information of any kind. Since no external data was involved, the company does non take to written report the alienation to law enforcement.

  • True
  • False

Question 167)

You lot are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the client and asks that you examine the attached invoice. Y'all practise but find information technology blank, and then you reply politely to the sender asking for more details. Yous never hear dorsum, only a calendar week later your security team tells you that your credentials take been used to access and exfiltrate large amounts of company fiscal data. What kind of attack did you fall victim to?

  • As a phishing attack
  • As a whale attack
  • A shark attack
  • A fly phishing assail

Question 168)

Which of these statements about the PCI-DSS requirements for whatever company handling, processing or transmitting credit card data is true?

  • Muti-gene authentication is required for all new card holders
  • Some class of mobile device direction (MDM) must be used on all mobile credit carte du jour processing devices
  • All employees with directly access to cardholder information must be bonded
  • Cardholder information must exist encrypted if it is sent across open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to suggest local IR teams?

  • Command
  • Coordinating
  • Distributed
  • O Central

In a Linux file organisation, which files are contained in the \bin binder?

  • All user binary files, their libraries and headers
  • Executable files such equally grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /home and /usr

If a reckoner needs to ship a message to a organization that is not role of the local network, where does it send the message?

  • To the organization's domain proper name
  • To the system's IP accost
  • The network's DNS server address
  • To the system's MAC accost
  • The network'due south default gateway address
  • The network'southward DHCP server address

Which three (3) of these statements about the TCP protocol are True? (Select 3)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving arrangement in the order in which they were sent
  • TCP is more reliable than UDP

A professor is not allowed to alter a student's final grade later she submits it without completing a special form to explain the circumstances that necessitated the alter. This additional stride supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security adventure?

  • An example of being exposed to losses
  • Whatsoever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a system
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text message sent by Alice to Bob, simply in no mode interferes with its delivery. Which attribute of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the in a higher place

What is an advantage symmetric key encryption has over asymmetric key encryption?

  • Symmetric primal encryption provides better security against Man-in-the-middle attacks than is possible with disproportionate primal encryption
  • Symmetric key encryption is faster than asymmetric fundamental encryption
  • Symmetric keys can be exchanged more deeply than asymmetric keys
  • Symmetric key encryption is harder to intermission than asymmetric primal encryption

Which blazon of application attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorization
  • Exception management

Why should you ever look for common patterns before starting a new security architecture pattern?

  • They can help place best practices
  • They can shorten the development lifecycle
  • Some document complete tested solutions
  • All of the above

Last Update: 09/12/2021

Warning: Jo Reply Green hai wo right hai but

Jo Green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Please WAIT I WILL Add together MORE NEW QUETIONS..

Also if you have Questions with correct answer  Send me on my Electronic mail i will update on my blog..

niyander111@gmail.com

Thanks...