IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional Certificate Cess Exam Quiz Answers

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

Question i)

Implementing a Security Awareness training programme would be an example of which blazon of control?

  • Administrative control

Question 2)

Putting locks on a door is an example of which type of control?

  • Preventative

Question iii)

How would you allocate a piece of malicious code that can replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

  • A network card
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question 5)

Which mechanism would assistance assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing

Question six)

An organisation wants to restrict employee later-hours access to its systems so information technology publishes a policy forbidding employees to work exterior of their assigned hours, and and so makes certain the office doors remain locked on weekends. What ii (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question vii)

Which two factors contribute to cryptographic forcefulness? (Select two)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question 8)

Trying to break an encryption fundamental by trying every possible combination of characters is chosen what?

  • A brute force set on

Question ix)

Which of the post-obit describes the core goals of IT security?

  • The Open Web Application Security Project (OWASP) Framework
  • The Business Procedure Management Framework
  • The CIA Triad

Question ten)

Which three (3) roles are typically found in an Data Security organization? (Select 3)

  • Vulnerability Assessor
  • Chief Data Security Officeholder (CISO)
  • Penetration Tester

Question 11)

Problem Direction, Modify Management, and Incident Direction are all primal processes of which framework?

  • ITIL

Question 12)

Alice sends a bulletin to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and then forwards it on
  • Trudy deletes the message without forwarding it
  • Trudy reads the message
  • Trudy cannot read it because it is encrypted only allows information technology to be delivered to Bob in its original class

Question 13)

In cybersecurity, Accountability is defined as what?

  • Being able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more one authentication method to exist used before identity is authenticated. Which iii (three) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which three (3) of the following are Physical Access Controls? (Select iii)

  • Door locks
  • Security guards
  • Fences

Question 16)

If you lot are setting up a Windows 10 laptop with a 32Gb hard bulldoze, which two (2) file system could you select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (3) permissions tin be set on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If price is the primary business organisation, which type of cloud should be considered first?

  • Public cloud

Question nineteen)

Consolidating and virtualizing workloads should be done when?

  • Before moving the workloads to the deject

Question xx)

Which of the post-obit is a self-regulating standard set up by the credit carte industry in the U.s.a.?

  • PCI-DSS

Question 21)

Which ii (2) of the following assail types target endpoints?

  • Advertisement Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not accept a required patch installed, which statement best characterizes the actions it is able to take automatically?

  • The endpoint can be quarantined from all network resources except those that permit it to download and install the missing patch

Question 23)

Granting access to a user based upon how loftier up he is in an organization violates what bones security premise?

  • The principle of least privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the following protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

  • Cull a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and keep them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Use of digital signatures

Question 28)

Which of the following practices volition help assure the confidentiality of data in transit?

  • Disable document pinning
  • Take self-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits yous can realize from using a NAT (Network Accost Translation) router? (Select 3)

  • Allows static 1-to-i mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost simply when they are needed
  • Allows internal IP addresses to be subconscious from outside observers

Question 30)

Which argument all-time describes configuring a NAT router to use static mapping?

  • The arrangement will demand as many registered IP addresses as it has computers that demand Net admission

Question 31)

If a computer needs to send a message to a arrangement that is part of the local network, where does it send the bulletin?

  • To the system'due south MAC address

Question 32)

Which are backdrop of a highly bachelor organisation?

  • Redundancy, failover and monitoring

Question 33)

Which iii (3) of these statements well-nigh the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled past the receiving organisation in whatever gild they are received
  • UDP is connectionless

Question 34)

What is 1 difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which awarding sent a given packet

Question 35)

You lot are concerned that your arrangement is actually not very experienced with securing information sources. Which hosting model would require you to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company'south headquarters in Austin, TX USA. Which two (two) of these activities heighten the most cause for concern? (Select two)

  • Each night Hassan logs into his account from an Isp in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which iii (3) of the following are considered safe coding practices? (Select 3)

  • Use library functions in place of Bone commands
  • Avoid using Bone commands whenever possible
  • Avoid running commands through a trounce interpreter

Question 38)

Which three (iii) items should be included in the Planning step of a penetration test? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest study would cover the take chances ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all vest to which Incident Response resource category?

  • Incident Post-Analysis Resource
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends because a number of items, including a high level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.

  • False

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files amongst the hundreds of thousands found on most hard drives
  • Bypassing controls such equally passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains truthful?

  • Loops

Question 45)

Which ii (two) statements well-nigh Python are true? (Select 2)

  • Python code is considered easy to debug compared with other pop programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What data type is the data type of the variable pi?

  • str

Question 47)

What volition be printed by the post-obit block of Python code?

def Add5(in)

 out=in+5

 return out

 impress(Add5(ten))

  • 15

Question 48)

Which threat intelligence framework was adult by the Usa Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or Imitation. An organization's security allowed system should be integrated with outside organizations, including vendors and other third-parties.

  • True

Question 50)

Which 3 (3) of these are among the top 12 capabilities that a good information security and protection solution should provide? (Select three)

  • Vulnerability assessment
  • Existent-fourth dimension alerting
  • Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must collaborate with the operating organization merely through a series of applications, but not straight.

  • True

Question 52)

All industries accept their own unique data security challenges. Which of these industries has a particular business organisation with PCI-DSS compliance while having a large number of admission points staffed by depression-level employees who take access to payment menu information?

  • Retail

Question 53)

Truthful or False. WireShark has an impressive assortment of features and is distributed free of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

You calculate that there is a 2% probability that a cybercriminal will be able to steal credit carte du jour numbers from your online storefront which will issue in $10M in losses to your company. What take y'all but determined?

  • A take a chance

Question 57)

Which ane of the OWASP Top 10 Application Security Risks would be occur when an application'south API exposes fiscal, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which 3 (3) of these are Solution Edifice Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defence includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing big quantities of unstructured information lends itself best to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which office of the triad would network monitoring belong?

  • Engineering science

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The deed of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

At that place is value brought past each of the IBM i2 EIA employ cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark spider web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to accept in an organization'southward incident response squad? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Critical thinking

Question 64)

Implementing potent endpoint detection and mitigation strategies falls into which stage of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (3) of these statistics nigh phishing attacks are real? (Select 3)

  • Around fifteen million new phishing sites are created each month
  • Phishing accounts for nearly xx% of data breaches
  • thirty% of phishing messages are opened by their targeted users

Question 66)

Which iii (3) of these control processes are included in the PCI-DSS standard? (Select 3)

  • Implement stiff access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which iii (3) are malware types commonly used in PoS attacks to steal credit card information? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2022 Ponemon report, what per centum of consumers indicated they would exist willing to pay more for a production or service from a provider with better security?

  • 52%

Question 69)

Yous get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your system and would like to assist you resolve it. In club to help, they need you to go to a spider web site and download a uncomplicated utility that volition permit them to prepare the settings on your computer. Since you lot only ain an Apple tree Mac, you lot are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated way to foreclose malware from entering your system equally an email attachment?

  • Anti-virus software

 Question 71)

True or False. The big majority of stolen credit card numbers are used quickly past the thief or a member of his/her family unit.

  • False

Question 72)

Which 3 (three) of these are PCI-DSS requirements for any company treatment, processing or transmitting credit bill of fare data? (Select 3)

  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer admission
  • Restrict physical admission to cardholder data

Question 73)

True or Imitation. Communications of a data breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response team model is characterized by which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities but within their country or section
  • Multiple incident response teams within an organisation but one with authority to assure consistent policies and practices are followed across all teams
  • This term refers to a structure that assures the incident response squad's activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blue Ruby
  • Red, Blue

Question 76)

The partnership between security analysts and technology tin can be said to exist grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human being expertise domain would comprise which three (3) of these topics?

  • Brainchild
  • Dilemmas
  • Morals

Question 77)

Solution architectures often incorporate diagrams like the 1 below. What does this diagram bear witness?

<<Solution Architecture Data Flow.png>>

  • Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to parcel sniffers operate on?

  • Information Link

Question 80)

True or Fake. Internal attacks from trusted employees represents equally every bit significant a threat equally external attacks from professional cyber criminals.

  • True

Question 81)

Co-ordinate to the FireEye Mandiant's Security Effectiveness Study 2022, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest boilerplate cost per breach in 2022 at $8.19M

  • United States

Question 83)

Which ii (2) of these Python libraries provides useful statistical functions? (Select two)

  • StatsModels
  • Scikit-acquire

Question 84)

What will print out when this block of Python lawmaking is run?

i=1

#i=i+i

#i=i+2

#i=i+3

print(i)

  • 1

Question 85)

Which three (three) statements almost Python variables are true? (Select iii)

  • A variable proper noun must commencement with a alphabetic character or the underscore "_" grapheme
  • Variables can change type after they accept been set
  • Variables do not accept to exist declared in accelerate of their utilize

Question 86)

PowerShell is a configuration direction framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

  • All of the to a higher place

Question 88)

Forensic analysis should e'er be conducted on a copy of the original information. Which two (two) types of copying are appropriate for getting information from a laptop caused from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical fill-in

Question 89)

Which of the following would exist considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your organisation
  • An appear threat against your organization past a hactivist grouping

Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers equally well as a list of open ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which blazon of list is considered best for safe coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a company'south headquarters in New York City, which of these activities should non heighten much of a security concern?

  • A recently hired information scientist in the Medical Analytics section has repeatedly attempted to access the corporate fiscal database
  • An employee has started logging in from home for an hour or so during the final ii weeks of each quarter

Question 93)

Information sources such as newspapers, books and web pages are considered which type of data?

  • Unstructured data
  • Semi-structured data
  • Structured data

Question 94)

Which 3 (three) of these statements about the TCP protocol are True? (Select three)

  • TCP packets are reassembled by the receiving system in the society in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to ascertain the network portion of the accost in a Class B network?

  • two

Question 96)

A small company with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this company need to assure all 25 computers tin communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • ane

Question 97)

Why is symmetric key encryption the most common option of methods to encryptic information at rest?

  • There are far more keys bachelor for use
  • It is much faster than asymmetric central encryption

Question 98)

Which of the following statements about hashing is Truthful?

  • Hashing uses algorithms that are known every bit "ane-way" functions

Question 99)

Why is hashing non a common method used for encrypting data?

  • Hashing is a one-way process so the original data cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting admission to a user business relationship only those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the about common patch remediation frequency for nigh organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an assault method unremarkably used in which scenario?

  • Supply Concatenation Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security grooming for Information technology staff is what type of command?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload even later on it is successfully moved to the cloud?

  • All of the above

Question 107)

Which course of Cloud computing combines both public and private clouds?

  • Hybrid deject

Question 108)

Which component of the Linux operating system interacts with your reckoner's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to information are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is divers as what?

  • The property of beingness 18-carat and verifiable

Question 111)

ITIL is all-time described as what?

  • A collection of IT Service Management best practices

Question 112)

Which position is in accuse of testing the security and effectiveness of computer information systems?

  • Data Security Accountant

Question 113)

A company wants to prevent employees from wasting time on social media sites. To achieve this, a certificate forbidding use of these sites while at work is written and circulated and so the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the visitor just implemented? (Select 2)

  • Administrative
  • Technical

Question 114)

An electronic mail message that is encrypted, uses a digital signature and carries a hash value would accost which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can get together from your organisation exist chosen?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the respond the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked past a bad role player.

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic obviously-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it wait like Alice intended it for Bob from the starting time. Which aspect of the CIA Triad has Trudy violated ?

  • All of the higher up

Question 120)

Which factor contributes most to the strength of an encryption system?

  • How many people have access to your public key
  • The length of the encryption central used
  • The number of private keys used by the system

Question 121)

What is an advantage disproportionate key encryption has over symmetric primal encryption?

  • Asymmetric keys can exist exchanged more than securely than symmetric keys
  • Asymmetric key encryption is harder to break than symmetric key encryption
  • Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations estimator systems?

  • A Penetration Tester

Question 123)

Which three (three) are considered all-time practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

  • Availability

Question 125)

Which blazon of access control is based upon the field of study's clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Admission Control (MAC)
  • Role Based Access Control (RBAC)

Question 126)

Windows ten stores 64-scrap applications in which directory?

  • \Programme Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the deject's supervisory system
  • Between the hardware and operating system
  • Betwixt the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified every bit which type of attack?

  • A Shark attack
  • A Phishing assail

Question 129)

Which argument most drivers running in Windows kernel mode is true?

  • Only critical processes are permitted to run in kernel mode since there is zippo to forbid a

Question 130)

Symmetric primal encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to use dynamic mapping?

  • The organization will demand every bit many registered IP addresses as it has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP accost using different port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer'due south IP accost for both internal and external communication

Question 132)

Which accost type does a computer use to get a new IP address when information technology boots up?

  • The network's DHCP server address

Question 133)

What is the primary divergence betwixt the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times every bit many possible IP addresses

Question 134)

Which blazon of firewall understands which session a packet belongs to and analyzes it accordingly?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that possibly, just possibly, the links in the e-mail he clicked on this morning time were not from the real Lottery Commission. What is the first thing y'all should tell the employee to do?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled

Question 137)

Which Mail service Incident activeness would exist concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Bear witness retention
  • Documentation review & update
  • Utilizing collected information

Question 138)

In digital forensics, which iii (three) steps are involved in the collection of data? (Select 3)

  • Develop a program to acquire the data
  • Verify the integrity of the data
  • Larn the data

Question 139)

Which 3 (three) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 impress(i)

 i=i+1

  • nine

Question 141)

Activities performed as a function of security intelligence can be divided into pre-exploit and postal service-exploit activities. Which two (2) of these are post-exploit activities? (Select ii)

  • Assemble full situational awareness through avant-garde security analytics
  • Perform forensic investigation

Question 142)

At that place are many practiced reasons for maintaining comprehensive backups of disquisitional information. Which aspect of the CIA Triad is most impacted past an organization's backup practices?

  • Availability
  • Integrity
  • Say-so

Question 143)

Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous balls, and Compliance checking?

  • Exam
  • Code & build
  • Operate & monitor
  • Plan

Question 144)

Which 1 of the OWASP Tiptop 10 Application Security Risks would be occur when there are no safeguards confronting a user being immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select ii)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and and so drill down to a regional view, industry view and finally a view of the threats specific to your own organisation.

  • True

Question 147)

True or Simulated. Cloud-based storage or hosting providers are amid the meridian sources of tertiary-party breaches

  • True

Question 148)

You are looking very hard on the web for the lowest mortgage interest load you tin can find and you come across a rate that is so low it could non possibly be true. You check out the site to run across that the terms are and speedily find you lot are the victim of a ransomware assail. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative manufactures that come up upwards in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can exist infected with malware. What set on vector is used by these click-allurement sites to go you lot to go to the actually bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the post-obit defines a security threat?

  • Any potential danger capable of exploiting a weakness in a organization
  • The likelihood that the weakness in a system will be exploited
  • 1 instance of a weakness being exploited
  • A weakness in a system that could be exploited by a bad actor

Question 151)

Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of assault?

  • A mapping attack
  • A denial of service (DoS) attack
  • A phishing attack
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding information technology
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
  • Trudy changes the message and then forwards it on
  • Trudy reads the bulletin

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate authoritative, technical, and physical safeguards for protecting electronic protected health data (eastward-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A skilful Endpoint Detection and Response organisation (EDR) should have which three (3) of these capabilities? (Select iii)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which argument about encryption is True virtually data in apply.

  • Information should always be kept encrypted since modern CPUs are fully capable of operating straight on encrypted data
  • It is vulnerable to theft and should exist decrypted but for the briefest possible time while it is being operated on
  • Short of orchestrating a memory dump from a system crash, there is no applied manner for malware to become at the data being processed, so dump logs are your but real concern
  • Data in active retentivity registers are non at risk of beingness stolen

Question 156)

For added security yous decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless manner, so select the corresponding firewall blazon
  • Install a unmarried firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These advanced devices audit everything a stateless firewall inspects in add-on to land related factors
  • Y'all must install 2 firewalls in series, so all packets laissez passer through the stateless firewall showtime and then the stateless firewall

Question 157)

In IPv4, how many of the iv octets are used to ascertain the network portion of the accost in a Course A network?

  • 2
  • 1
  • 4
  • 3

Question 158)

If you lot take to rely upon metadata to work with the data at manus, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured data
  • Structured data
  • Unstructured data

Question 159)

Which ii (two) forms of discovery must exist conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social applied science
  • Packet sniffing

Question 160)

Which Incident Response Squad model describes a squad that runs all incident response activities for a company?

  • Distributed
  • Central
  • Coordinating
  • Control

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

  • Data chance analysis
  • Data nomenclature
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which course of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in accelerate of their attack to streamline costs and focus efforts?

  • Ruby Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application assail would include User denies performing an performance, assailant exploits an application without trace, and assaulter covers her tracks?

  • Auditing and logging
  • Authentication
  • Say-so
  • Input validation

Question 164)

True or False. Thorough reconnaissance is an important step in developing an constructive cyber kill chain.

  • Truthful
  • Imitation

Question 165)

True or False. One of the principal challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • True
  • False

Question 166)

True or False. A big company has a data breach involving the theft of employee personnel records but no customer data of whatsoever kind. Since no external information was involved, the visitor does non have to report the alienation to law enforcement.

  • True
  • Simulated

Question 167)

You are the CEO of a big tech company and accept just received an angry e-mail that looks similar it came from i of your biggest customers. The email says your company is overbilling the customer and asks that you examine the fastened invoice. You practice merely find it blank, then yous answer politely to the sender asking for more details. You lot never hear back, only a calendar week later your security team tells y'all that your credentials take been used to access and exfiltrate large amounts of visitor financial data. What kind of attack did you fall victim to?

  • Equally a phishing assail
  • As a whale attack
  • A shark attack
  • A wing phishing attack

Question 168)

Which of these statements nearly the PCI-DSS requirements for whatever visitor treatment, processing or transmitting credit carte data is true?

  • Muti-factor authentication is required for all new card holders
  • Some form of mobile device direction (MDM) must be used on all mobile credit card processing devices
  • All employees with directly access to cardholder information must be bonded
  • Cardholder information must be encrypted if it is sent across open up or public networks

Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?

  • Control
  • Analogous
  • Distributed
  • O Key

In a Linux file system, which files are independent in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /home and /usr

If a computer needs to ship a message to a system that is not office of the local network, where does it send the message?

  • To the system's domain proper noun
  • To the organisation'south IP address
  • The network's DNS server accost
  • To the organisation'south MAC address
  • The network's default gateway accost
  • The network's DHCP server accost

Which three (three) of these statements about the TCP protocol are True? (Select three)

  • TCP is faster than UDP
  • TCP is connexion-oriented
  • TCP packets are reassembled by the receiving arrangement in the guild in which they were sent
  • TCP is more reliable than UDP

A professor is non allowed to change a pupil's final grade after she submits information technology without completing a special class to explicate the circumstances that necessitated the alter. This additional step supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security gamble?

  • An example of being exposed to losses
  • Whatever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a arrangement
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text message sent by Alice to Bob, simply in no way interferes with its commitment. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the higher up

What is an reward symmetric primal encryption has over asymmetric primal encryption?

  • Symmetric key encryption provides better security against Man-in-the-eye attacks than is possible with asymmetric key encryption
  • Symmetric central encryption is faster than disproportionate key encryption
  • Symmetric keys tin can be exchanged more than securely than asymmetric keys
  • Symmetric fundamental encryption is harder to break than disproportionate cardinal encryption

Which type of application attack would include network eavesdropping, lexicon attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorization
  • Exception management

Why should you e'er look for common patterns earlier starting a new security architecture design?

  • They tin help place best practices
  • They can shorten the evolution lifecycle
  • Some document complete tested solutions
  • All of the to a higher place

Last Update: 09/12/2021

Warning: Jo Answer Dark-green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Delight WAIT I WILL Add More NEW QUETIONS..

Also if you have Questions with correct answer  Ship me on my Email i will update on my weblog..

niyander111@gmail.com

Thanks...