IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Annotator Professional person Certificate Assessment Exam Quiz Answers

Alarm: Jo Answer Green hai wo correct hai only

Jo Green Nahi hai. Usme se jo ek incorrect choice tha usko hata diya hai

Question 1)

Implementing a Security Sensation grooming program would be an example of which blazon of control?

  • Administrative command

Question two)

Putting locks on a door is an instance of which type of control?

  • Preventative

Question iii)

How would you allocate a piece of malicious lawmaking that tin replicate itself and spread to new systems?

  • A worm

Question iv)

To engage in parcel sniffing, you lot must implement promiscuous fashion on which device ?

  • A network card
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing

Question 6)

An organization wants to restrict employee after-hours admission to its systems then information technology publishes a policy forbidding employees to work outside of their assigned hours, and so makes certain the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question seven)

Which two factors contribute to cryptographic forcefulness? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question viii)

Trying to break an encryption key by trying every possible combination of characters is called what?

  • A brute forcefulness attack

Question 9)

Which of the post-obit describes the cadre goals of It security?

  • The Open up Web Awarding Security Project (OWASP) Framework
  • The Business Process Management Framework
  • The CIA Triad

Question 10)

Which three (3) roles are typically found in an Information Security organization? (Select 3)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Trouble Direction, Change Direction, and Incident Management are all central processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message so forrad it on
  • Trudy deletes the message without forwarding information technology
  • Trudy reads the message
  • Trudy cannot read it considering it is encrypted but allows it to be delivered to Bob in its original class

Question 13)

In cybersecurity, Accountability is divers equally what?

  • Being able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more than ane authentication method to be used before identity is authenticated. Which iii (3) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which three (3) of the following are Physical Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question 16)

If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you lot select? (Select two)

  • NTFS
  • FAT32

Question 17)

Which three (iii) permissions can be attack a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If cost is the primary business organization, which type of cloud should be considered offset?

  • Public deject

Question nineteen)

Consolidating and virtualizing workloads should exist done when?

  • Before moving the workloads to the cloud

Question twenty)

Which of the following is a self-regulating standard gear up by the credit menu industry in the United states of america?

  • PCI-DSS

Question 21)

Which ii (two) of the following set on types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non have a required patch installed, which argument best characterizes the actions it is able to have automatically?

  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high up he is in an organization violates what basic security premise?

  • The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the following protections?

  • Firewall and network protection
  • Family unit options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the post-obit?

  • Integrity

Question 26)

Which of the following practices helps clinch the all-time results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and keep them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Utilize of digital signatures

Question 28)

Which of the following practices will help assure the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept self-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you can realize from using a NAT (Network Accost Translation) router? (Select 3)

  • Allows static 1-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost just when they are needed
  • Allows internal IP addresses to be subconscious from outside observers

Question 30)

Which statement best describes configuring a NAT router to use static mapping?

  • The organization will need as many registered IP addresses equally it has computers that need Internet access

Question 31)

If a computer needs to send a bulletin to a system that is part of the local network, where does it ship the message?

  • To the system's MAC address

Question 32)

Which are backdrop of a highly bachelor organization?

  • Redundancy, failover and monitoring

Question 33)

Which 3 (3) of these statements almost the UDP protocol are True? (Select iii)

  • UDP is faster than TCP
  • UDP packets are reassembled past the receiving arrangement in whatever order they are received
  • UDP is connectionless

Question 34)

What is ane difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW empathize which application sent a given packet

Question 35)

You are concerned that your system is actually not very experienced with securing data sources. Which hosting model would require y'all to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX USA. Which ii (two) of these activities raise the most cause for concern? (Select two)

  • Each night Hassan logs into his account from an Internet service provider in Prc
  • I evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which three (3) of the following are considered prophylactic coding practices? (Select iii)

  • Use library functions in place of Os commands
  • Avert using OS commands whenever possible
  • Avoid running commands through a beat interpreter

Question 38)

Which three (3) items should be included in the Planning step of a penetration test? (Select three)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would comprehend the risk ranking, recommendations and roadmap?

  • Executive Summary

Question twoscore)

Spare workstations and servers, bare removable media, packet sniffers and protocol analyzers, all vest to which Incident Response resource category?

  • Incident Postal service-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is constructive in solving cyber crimes but is not considered effective in solving trigger-happy crimes such as rape and murder.

  • False

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic data? (Select three)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files among the hundreds of thousands found on most hard drives
  • Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned cake of code while a specified condition remains true?

  • Loops

Question 45)

Which two (2) statements near Python are true? (Select two)

  • Python lawmaking is considered like shooting fish in a barrel to debug compared with other popular programming languages
  • Python lawmaking is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What information blazon is the information blazon of the variable pi?

  • str

Question 47)

What will be printed by the following block of Python code?

def Add5(in)

 out=in+5

 return out

 impress(Add5(10))

  • xv

Question 48)

Which threat intelligence framework was developed past the US Regime to enable consequent label and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

Truthful or Faux. An organization's security immune organisation should exist integrated with outside organizations, including vendors and other third-parties.

  • True

Question l)

Which three (iii) of these are among the top 12 capabilities that a good information security and protection solution should provide? (Select 3)

  • Vulnerability assessment
  • Real-time alerting
  • Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must collaborate with the operating arrangement just through a serial of applications, only not directly.

  • True

Question 52)

All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have admission to payment card data?

  • Retail

Question 53)

True or Imitation. WireShark has an impressive array of features and is distributed free of charge.

  • True

Question 54)

In which component of a Mutual Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission pace in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

  • IAM controls to regulate say-so

Question 56)

You summate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which volition result in $10M in losses to your company. What have yous just determined?

  • A risk

Question 57)

Which ane of the OWASP Top x Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which 3 (3) of these are Solution Building Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Awarding Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense force includes contributions from three areas, human expertise, security analytics and bogus intelligence. Apace analyzing large quantities of unstructured data lends itself all-time to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Applied science. Which role of the triad would network monitoring belong?

  • Applied science

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries equally early on equally possible in the cyber kill chain

Question 62)

There is value brought past each of the IBM i2 EIA utilize cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are of import to accept in an organization's incident response team? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Critical thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (3) of these statistics about phishing attacks are real? (Select three)

  • Effectually fifteen million new phishing sites are created each month
  • Phishing accounts for nigh 20% of data breaches
  • thirty% of phishing messages are opened by their targeted users

Question 66)

Which three (3) of these command processes are included in the PCI-DSS standard? (Select three)

  • Implement potent admission control measures
  • Regularly monitor and test networks
  • Maintain an data security policy

Question 67)

Which three (three) are malware types unremarkably used in PoS attacks to steal credit carte data? (Select iii)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

  • 52%

Question 69)

You get a phone call from a technician at the "Windows visitor" who tells you that they have detected a problem with your system and would similar to help y'all resolve it. In society to help, they demand you to go to a web site and download a simple utility that will allow them to gear up the settings on your estimator. Since you simply ain an Apple tree Mac, you are suspicious of this caller and hang upwards. What would the attack vector accept been if you lot had downloaded the "simple utility" equally asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automatic fashion to forestall malware from entering your system as an email attachment?

  • Anti-virus software

 Question 71)

Truthful or False. The big bulk of stolen credit card numbers are used chop-chop by the thief or a member of his/her family unit.

  • False

Question 72)

Which three (3) of these are PCI-DSS requirements for whatever visitor handling, processing or transmitting credit card data? (Select iii)

  • Restrict admission to cardholder data by business need-to-know
  • Assign a unique ID to each person with reckoner admission
  • Restrict physical access to cardholder data

Question 73)

True or False. Communications of a data breach should be handled by a team composed of members of the IR squad, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response team model is characterized past which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their country or department
  • Multiple incident response teams inside an organization simply one with authority to assure consequent policies and practices are followed across all teams
  • This term refers to a structure that assures the incident response team's activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to equally the ____ and ____ teams, respectively.

  • Blue Red
  • Carmine, Blue

Question 76)

The partnership betwixt security analysts and technology tin can be said to exist grouped into three domains, human expertise, security analytics and artificial intelligence. The man expertise domain would contain which iii (iii) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram show?

<<Solution Compages Data Flow.png>>

  • Functional components and data menstruum

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Data Link

Question fourscore)

True or Imitation. Internal attacks from trusted employees represents as equally significant a threat every bit external attacks from professional cyber criminals.

  • True

Question 81)

Co-ordinate to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest average price per breach in 2018 at $8.19M

  • United States

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What will impress out when this cake of Python lawmaking is run?

i=1

#i=i+i

#i=i+2

#i=i+3

print(i)

  • 1

Question 85)

Which 3 (3) statements about Python variables are truthful? (Select 3)

  • A variable proper noun must start with a letter or the underscore "_" graphic symbol
  • Variables can modify blazon after they have been ready
  • Variables do not have to be alleged in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of bear witness is critical. Which of these should exist included in your chain of custody log?

  • All of the in a higher place

Question 88)

Forensic analysis should always exist conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you lot suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the following would be considered an incident precursor?

  • An alert from your antivirus software indicating information technology had detected malware on your system
  • An announced threat against your organization past a hactivist group

Question ninety)

If a penetration examination calls for you to create a diagram of the target network including the identity of hosts and servers likewise every bit a list of open ports and published services, which tool would exist the all-time fit for this job?

  • Nmap

Question 91)

Which blazon of list is considered best for safe coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a company'south headquarters in New York City, which of these activities should not heighten much of a security concern?

  • A recently hired data scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from abode for an hr or so during the concluding 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which type of information?

  • Unstructured data
  • Semi-structured data
  • Structured data

Question 94)

Which three (iii) of these statements most the TCP protocol are True? (Select three)

  • TCP packets are reassembled by the receiving organisation in the club in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

  • 2

Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this visitor need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Accost Translations?

  • 1

Question 97)

Why is symmetric key encryption the most common choice of methods to encryptic data at residuum?

  • At that place are far more than keys bachelor for use
  • It is much faster than asymmetric key encryption

Question 98)

Which of the following statements about hashing is True?

  • Hashing uses algorithms that are known as "ane-way" functions

Question 99)

Why is hashing not a common method used for encrypting information?

  • Hashing is a one-way process then the original data cannot be reconstructed from a hash value

Question 100)

Public cardinal encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used past Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting admission to a user business relationship only those privileges necessary to perform its intended functions is known as what?

  • The principle of to the lowest degree privileges

Question 103)

What is the most common patch remediation frequency for most organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

  • Supply Concatenation Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for Information technology staff is what type of command?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload fifty-fifty after information technology is successfully moved to the cloud?

  • All of the above

Question 107)

Which form of Cloud computing combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your estimator's hardware?

  • The kernel

Question 109)

The encryption and protocols used to preclude unauthorized admission to data are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The property of being genuine and verifiable

Question 111)

ITIL is best described every bit what?

  • A drove of It Service Direction all-time practices

Question 112)

Which position is in charge of testing the security and effectiveness of estimator information systems?

  • Information Security Auditor

Question 113)

A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding apply of these sites while at work is written and circulated and then the firewalls are updated to cake access to Facebook, Twitter and other popular sites. Which 2 (2) types of security controls has the visitor only implemented? (Select ii)

  • Authoritative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information information technology can gather from your organisation be called?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the right order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat player, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forrard it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which factor contributes nearly to the forcefulness of an encryption organization?

  • How many people have admission to your public fundamental
  • The length of the encryption key used
  • The number of private keys used past the system

Question 121)

What is an advantage asymmetric key encryption has over symmetric key encryption?

  • Disproportionate keys tin can be exchanged more securely than symmetric keys
  • Asymmetric central encryption is harder to interruption than symmetric key encryption
  • Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "upstanding hacking" of an organizations computer systems?

  • A Penetration Tester

Question 123)

Which iii (three) are considered all-time practices, baselines or frameworks? (Select three)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

  • Availability

Question 125)

Which type of admission control is based upon the subject's clearance level and the objects classification?

  • Hierarchical Admission Command (HAC)
  • Discretionary Access Command (DAC)
  • Mandatory Access Control (MAC)
  • Office Based Access Control (RBAC)

Question 126)

Windows x stores 64-bit applications in which directory?

  • \Programme Files

Question 127)

To build a virtual calculating environment, where is the hypervisor installed?

  • Between the applications and the information sources
  • On the cloud'due south supervisory system
  • Between the hardware and operating system
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of attack?

  • A Shark attack
  • A Phishing attack

Question 129)

Which argument about drivers running in Windows kernel manner is true?

  • Merely disquisitional processes are permitted to run in kernel mode since in that location is nix to prevent a

Question 130)

Symmetric fundamental encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which statement all-time describes configuring a NAT router to utilize dynamic mapping?

  • The organization volition need equally many registered IP addresses as it has computers that need Net access
  • Many registered IP addresses are mapped to a unmarried registered IP address using dissimilar port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each figurer's IP accost for both internal and external communication

Question 132)

Which address type does a computer utilize to get a new IP address when it boots upwards?

  • The network's DHCP server address

Question 133)

What is the primary difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which blazon of firewall understands which session a packet belongs to and analyzes it accordingly?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the It Helpdesk and admits that perchance, just possibly, the links in the email he clicked on this morn were not from the existent Lottery Commission. What is the beginning thing yous should tell the employee to exercise?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems equally if she were an external hacker with no inside knowled

Question 137)

Which Post Incident activeness would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned coming together
  • Show retention
  • Documentation review & update
  • Utilizing collected information

Question 138)

In digital forensics, which three (3) steps are involved in the collection of information? (Select 3)

  • Develop a plan to acquire the data
  • Verify the integrity of the data
  • Acquire the data

Question 139)

Which 3 (iii) of the following are considered scripting languages? (Select 3)

  • Perl
  • Fustigate
  • Python

Question 140)

What is the largest number that will exist printed during the execution of this Python while loop?

i=0

while (i<10):

 impress(i)

 i=i+1

  • 9

Question 141)

Activities performed equally a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which ii (2) of these are post-exploit activities? (Select 2)

  • Gather full situational awareness through avant-garde security analytics
  • Perform forensic investigation

Question 142)

There are many practiced reasons for maintaining comprehensive backups of critical information. Which attribute of the CIA Triad is most impacted by an organization's backup practices?

  • Availability
  • Integrity
  • Authority

Question 143)

Which phase of DevSecOps would incorporate the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Lawmaking & build
  • Operate & monitor
  • Plan

Question 144)

Which 1 of the OWASP Top 10 Application Security Risks would exist occur when there are no safeguards confronting a user being allowed to execute HTML or JavaScript in the user'south browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select ii)

  • Flows per infinitesimal (FPM)
  • Events per second (EPS)

Question 146)

Truthful or Fake. If you have no improve place to first hunting threats, start with a view of the global threat landscape then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

  • True

Question 147)

True or False. Cloud-based storage or hosting providers are among the superlative sources of 3rd-party breaches

  • True

Question 148)

You are looking very difficult on the web for the lowest mortgage interest load y'all tin can observe and yous come across a charge per unit that is so depression it could non possibly be truthful. Y'all cheque out the site to see that the terms are and chop-chop discover you are the victim of a ransomware attack. What was the likely set on vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative manufactures that come up upward in news feeds or Google searches are sometimes called "click-allurement". These manufactures often tempt you lot to link to other sites that tin exist infected with malware. What attack vector is used past these click-bait sites to go you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • 1 case of a weakness being exploited
  • A weakness in a system that could be exploited by a bad actor

Question 151)

Suspicious activity, like IP addresses or ports beingness scanned sequentially, is a sign of which type of attack?

  • A mapping attack
  • A deprival of service (DoS) set on
  • A phishing assail
  • An IP spoofing set on

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding information technology
  • Trudy cannot read it because it is encrypted just allows it to exist delivered to Bob in its original form
  • Trudy changes the message and and then forrard it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate authoritative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A skillful Endpoint Detection and Response organisation (EDR) should have which iii (three) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at one time
  • Deploying devices with network configurations

Question 155)

Which statement about encryption is True about data in use.

  • Data should always be kept encrypted since modern CPUs are fully capable of operating directly on encrypted data
  • It is vulnerable to theft and should be decrypted only for the briefest possible fourth dimension while it is beingness operated on
  • Short of orchestrating a memory dump from a arrangement crash, there is no practical style for malware to become at the data being processed, so dump logs are your simply real concern
  • Data in active memory registers are not at risk of beingness stolen

Question 156)

For added security you lot decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot exist washed The network administrator must choose to run a given network segment in either stateful or stateless way, and so select the respective firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These avant-garde devices inspect everything a stateless firewall inspects in addition to state related factors
  • Yous must install 2 firewalls in series, so all packets pass through the stateless firewall outset and then the stateless firewall

Question 157)

In IPv4, how many of the iv octets are used to ascertain the network portion of the address in a Grade A network?

  • ii
  • 1
  • 4
  • iii

Question 158)

If you take to rely upon metadata to work with the data at mitt, y'all are probably working with which type of data?

  • Meta-structured information
  • Semi-structured data
  • Structured data
  • Unstructured data

Question 159)

Which two (two) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Packet sniffing

Question 160)

Which Incident Response Squad model describes a team that runs all incident response activities for a company?

  • Distributed
  • Central
  • Coordinating
  • Command

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

  • Information risk analysis
  • Information classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers fractional knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Cherry-red Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application assault would include User denies performing an functioning, attacker exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or False. Thorough reconnaissance is an of import step in developing an effective cyber kill chain.

  • True
  • Faux

Question 165)

True or False. 1 of the master challenges in cyber threat hunting is a lack of useful tools sold by also few vendors.

  • True
  • Imitation

Question 166)

Truthful or False. A large company has a information breach involving the theft of employee personnel records just no customer data of whatsoever kind. Since no external data was involved, the visitor does not have to report the breach to law enforcement.

  • True
  • False

Question 167)

You are the CEO of a big tech company and take but received an angry electronic mail that looks similar it came from one of your biggest customers. The electronic mail says your visitor is overbilling the client and asks that yous examine the attached invoice. You lot exercise but find information technology bare, so y'all answer politely to the sender asking for more details. Yous never hear back, only a calendar week afterwards your security team tells you that your credentials have been used to access and exfiltrate large amounts of visitor fiscal data. What kind of attack did y'all autumn victim to?

  • Equally a phishing attack
  • Equally a whale attack
  • A shark assault
  • A fly phishing attack

Question 168)

Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit card data is truthful?

  • Muti-factor authentication is required for all new menu holders
  • Some class of mobile device direction (MDM) must be used on all mobile credit menu processing devices
  • All employees with directly access to cardholder data must be bonded
  • Cardholder information must be encrypted if it is sent across open or public networks

Which Incident Response Squad model describes a team that acts every bit consulting experts to advise local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Cardinal

In a Linux file system, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such equally /dwelling house and /usr

If a calculator needs to transport a message to a system that is not office of the local network, where does it send the bulletin?

  • To the system's domain proper noun
  • To the system's IP address
  • The network'due south DNS server address
  • To the system's MAC address
  • The network's default gateway address
  • The network's DHCP server address

Which iii (iii) of these statements nearly the TCP protocol are True? (Select 3)

  • TCP is faster than UDP
  • TCP is connexion-oriented
  • TCP packets are reassembled past the receiving organization in the order in which they were sent
  • TCP is more reliable than UDP

A professor is not allowed to change a pupil'south last grade after she submits it without completing a special form to explicate the circumstances that necessitated the alter. This additional step supports which aspect of the CIA Triad?

  • Authorisation
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security risk?

  • An case of being exposed to losses
  • Any potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a arrangement
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text message sent past Alice to Bob, but in no style interferes with its delivery. Which attribute of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the in a higher place

What is an reward symmetric central encryption has over disproportionate key encryption?

  • Symmetric cardinal encryption provides better security confronting Homo-in-the-middle attacks than is possible with asymmetric primal encryption
  • Symmetric key encryption is faster than asymmetric key encryption
  • Symmetric keys can be exchanged more securely than asymmetric keys
  • Symmetric cardinal encryption is harder to break than disproportionate fundamental encryption

Which blazon of application attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Dominance
  • Exception management

Why should you always look for mutual patterns before starting a new security architecture design?

  • They can help identify best practices
  • They can shorten the development lifecycle
  • Some certificate complete tested solutions
  • All of the above

Last Update: 09/12/2021

Alarm: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

PLEASE Await I Volition ADD More than NEW QUETIONS..

As well if you take Questions with correct answer  Send me on my Email i will update on my blog..

niyander111@gmail.com

Thanks...