IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional Certificate Cess Exam Quiz Answers

Warning: Jo Respond Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

Question 1)

Implementing a Security Sensation preparation program would be an instance of which type of control?

  • Administrative command

Question 2)

Putting locks on a door is an example of which type of control?

  • Preventative

Question 3)

How would you classify a piece of malicious code that can replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, yous must implement promiscuous mode on which device ?

  • A network card
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question five)

Which mechanism would assistance assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing

Question six)

An arrangement wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours, and then makes sure the part doors remain locked on weekends. What two (two) types of controls are they using? (Select 2)

  • Concrete
  • Administrative

Question 7)

Which two factors contribute to cryptographic strength? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question 8)

Trying to break an encryption primal by trying every possible combination of characters is called what?

  • A fauna force attack

Question 9)

Which of the post-obit describes the core goals of It security?

  • The Open up Web Awarding Security Project (OWASP) Framework
  • The Concern Procedure Management Framework
  • The CIA Triad

Question 10)

Which 3 (3) roles are typically found in an Information Security organization? (Select 3)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Problem Direction, Modify Management, and Incident Management are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the bulletin so forwards information technology on
  • Trudy deletes the message without forwarding it
  • Trudy reads the message
  • Trudy cannot read it considering information technology is encrypted just allows information technology to exist delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined as what?

  • Being able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more than than one authentication method to be used earlier identity is authenticated. Which three (3) are authentication methods? (Select three)

  • Something a person is
  • Something a person has
  • Something a person knows

Question fifteen)

Which three (3) of the post-obit are Concrete Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question 16)

If y'all are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could yous select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (3) permissions can be ready on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question xviii)

If price is the chief business organisation, which type of deject should exist considered beginning?

  • Public cloud

Question 19)

Consolidating and virtualizing workloads should be done when?

  • Before moving the workloads to the cloud

Question xx)

Which of the following is a self-regulating standard ready by the credit menu manufacture in the US?

  • PCI-DSS

Question 21)

Which two (2) of the following attack types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non have a required patch installed, which statement best characterizes the actions information technology is able to take automatically?

  • The endpoint can be quarantined from all network resource except those that let it to download and install the missing patch

Question 23)

Granting access to a user based upon how high upward he is in an system violates what basic security premise?

  • The principle of least privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the post-obit protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the post-obit practices helps clinch the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and continue them hole-and-corner

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Apply of digital signatures

Question 28)

Which of the following practices volition help clinch the confidentiality of data in transit?

  • Disable document pinning
  • Have self-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which 3 (3) of these are benefits yous can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static 1-to-i mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
  • Allows internal IP addresses to be hidden from exterior observers

Question 30)

Which statement all-time describes configuring a NAT router to use static mapping?

  • The organization will need every bit many registered IP addresses equally it has computers that need Internet access

Question 31)

If a computer needs to transport a message to a system that is part of the local network, where does it ship the message?

  • To the system's MAC address

Question 32)

Which are backdrop of a highly available system?

  • Redundancy, failover and monitoring

Question 33)

Which 3 (3) of these statements nearly the UDP protocol are True? (Select iii)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever order they are received
  • UDP is connectionless

Question 34)

What is ane difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW sympathise which application sent a given parcel

Question 35)

You are concerned that your organization is actually not very experienced with securing information sources. Which hosting model would require y'all to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal mean solar day shift from his company's headquarters in Austin, TX U.s.a.. Which 2 (2) of these activities raise the most cause for business? (Select 2)

  • Each dark Hassan logs into his account from an Internet access provider in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (iii) of the post-obit are considered prophylactic coding practices? (Select 3)

  • Apply library functions in place of Os commands
  • Avert using OS commands whenever possible
  • Avoid running commands through a shell interpreter

Question 38)

Which three (3) items should exist included in the Planning footstep of a penetration test? (Select iii)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would encompass the risk ranking, recommendations and roadmap?

  • Executive Summary

Question forty)

Spare workstations and servers, blank removable media, parcel sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Post-Assay Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends because a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is constructive in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.

  • Imitation

Question 43)

Which 3 (3) are common obstacles faced when trying to examine forensic data? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant information
  • Finding the relevant files among the hundreds of thousands found on nigh hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned cake of code while a specified status remains truthful?

  • Loops

Question 45)

Which ii (2) statements about Python are truthful? (Select 2)

  • Python code is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable past novice programmers

Question 46)

In the Python statement

pi="three"

What data type is the data blazon of the variable pi?

  • str

Question 47)

What will be printed by the following cake of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

  • xv

Question 48)

Which threat intelligence framework was developed by the US Government to enable consequent label and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or False. An arrangement's security immune organisation should exist integrated with exterior organizations, including vendors and other third-parties.

  • True

Question 50)

Which three (3) of these are among the pinnacle 12 capabilities that a good data security and protection solution should provide? (Select 3)

  • Vulnerability cess
  • Real-time alerting
  • Tokenization

Question 51)

Truthful or Fake. For iOS and Android mobile devices, users must interact with the operating organisation only through a serial of applications, but non directly.

  • True

Question 52)

All industries take their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a big number of admission points staffed by low-level employees who have admission to payment card data?

  • Retail

Question 53)

True or Fake. WireShark has an impressive array of features and is distributed complimentary of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission footstep in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authority

Question 56)

You calculate that there is a 2% probability that a cybercriminal will exist able to steal credit card numbers from your online storefront which will outcome in $10M in losses to your company. What have yous merely determined?

  • A risk

Question 57)

Which 1 of the OWASP Tiptop x Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

  • Sensitive information exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select three)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defence force includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

  • Engineering science

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The human activity of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

At that place is value brought past each of the IBM i2 Environmental impact assessment utilize cases. Which i of these provides immediate alerting on brand compromises and fraud on the night web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an organization's incident response team? (Select 3)

  • Communication
  • Teamwork
  • Trouble solving and Critical thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (iii) of these statistics near phishing attacks are existent? (Select 3)

  • Around 15 million new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing messages are opened past their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select iii)

  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (iii) are malware types commonly used in PoS attacks to steal credit card data? (Select iii)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon report, what pct of consumers indicated they would exist willing to pay more than for a production or service from a provider with meliorate security?

  • 52%

Question 69)

You get a phone phone call from a technician at the "Windows company" who tells yous that they have detected a problem with your system and would like to help you resolve information technology. In order to help, they demand you lot to go to a web site and download a elementary utility that will allow them to prepare the settings on your computer. Since you just own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if yous had downloaded the "unproblematic utility" as asked?

  • Remote Desktop Protocol (RDP)

Question lxx)

What is an constructive fully automated way to preclude malware from inbound your system as an email zipper?

  • Anti-virus software

 Question 71)

True or False. The large majority of stolen credit bill of fare numbers are used rapidly by the thief or a member of his/her family unit.

  • False

Question 72)

Which 3 (3) of these are PCI-DSS requirements for any company treatment, processing or transmitting credit card information? (Select 3)

  • Restrict access to cardholder data past business need-to-know
  • Assign a unique ID to each person with reckoner access
  • Restrict concrete admission to cardholder data

Question 73)

True or False. Communications of a data breach should be handled past a team composed of members of the IR team, legal personnel and public relations.

  • Truthful

Question 74)

A Analogous incident response team model is characterized by which of the post-obit?

  • Multiple incident response teams within an organisation all of whom coordinate their activities simply inside their state or department
  • Multiple incident response teams within an organisation but one with dominance to clinch consistent policies and practices are followed across all teams
  • This term refers to a structure that assures the incident response team's activities are coordinated with senior direction and all advisable departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blue Red
  • Red, Blueish

Question 76)

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would comprise which iii (iii) of these topics?

  • Brainchild
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams similar the one beneath. What does this diagram evidence?

<<Solution Compages Data Flow.png>>

  • Functional components and information menses

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to parcel sniffers operate on?

  • Data Link

Question 80)

Truthful or False. Internal attacks from trusted employees represents every chip as pregnant a threat as external attacks from professional cyber criminals.

  • True

Question 81)

Co-ordinate to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • eighty%

Question 82)

Which state had the highest average price per alienation in 2018 at $viii.19M

  • U.s.

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select two)

  • StatsModels
  • Scikit-learn

Question 84)

What will print out when this cake of Python code is run?

i=1

#i=i+ane

#i=i+2

#i=i+3

print(i)

  • one

Question 85)

Which iii (iii) statements about Python variables are truthful? (Select three)

  • A variable proper noun must start with a letter or the underscore "_" graphic symbol
  • Variables tin can change blazon after they have been set
  • Variables do non have to be declared in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating organisation?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your concatenation of custody log?

  • All of the higher up

Question 88)

Forensic analysis should always be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical fill-in

Question 89)

Which of the following would exist considered an incident precursor?

  • An alarm from your antivirus software indicating it had detected malware on your organization
  • An announced threat confronting your organisation past a hactivist grouping

Question 90)

If a penetration exam calls for yous to create a diagram of the target network including the identity of hosts and servers every bit well equally a list of open ports and published services, which tool would exist the best fit for this task?

  • Nmap

Question 91)

Which type of list is considered best for prophylactic coding exercise?

  • Whitelist

Question 92)

In reviewing the security logs for a company'southward headquarters in New York City, which of these activities should non raise much of a security concern?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from habitation for an hour or so during the terminal 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which blazon of data?

  • Unstructured data
  • Semi-structured data
  • Structured information

Question 94)

Which three (3) of these statements about the TCP protocol are True? (Select 3)

  • TCP packets are reassembled by the receiving system in the club in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to ascertain the network portion of the address in a Class B network?

  • 2

Question 96)

A small visitor with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses volition this company need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Accost Translations?

  • one

Question 97)

Why is symmetric key encryption the nearly common choice of methods to encryptic information at rest?

  • There are far more keys available for use
  • Information technology is much faster than asymmetric primal encryption

Question 98)

Which of the following statements about hashing is Truthful?

  • Hashing uses algorithms that are known every bit "ane-style" functions

Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a one-way procedure so the original data cannot be reconstructed from a hash value

Question 100)

Public primal encryption incorporating digital signatures ensures which of the post-obit?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used past Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting access to a user account only those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the most common patch remediation frequency for most organizations?

  • Monthly
  • Annually

Question 104)

Isle hopping is an attack method commonly used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security preparation for IT staff is what type of control?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload even afterwards it is successfully moved to the cloud?

  • All of the to a higher place

Question 107)

Which form of Cloud calculating combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your estimator's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to information are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The holding of being 18-carat and verifiable

Question 111)

ITIL is best described every bit what?

  • A collection of IT Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of reckoner data systems?

  • Information Security Auditor

Question 113)

A visitor wants to prevent employees from wasting time on social media sites. To attain this, a certificate forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other pop sites. Which ii (2) types of security controls has the company just implemented? (Select ii)

  • Administrative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information information technology tin can gather from your organization exist chosen?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the respond the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they achieve the host is a countermeasure to which form of attack?

  • A Deprival of Service (DoS) attack

Question 119)

Trudy intercepts a romantic apparently-text message from Alice to her beau Sam. The message upsets Trudy so she forrad it to Bob, making it await like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which factor contributes most to the forcefulness of an encryption system?

  • How many people take access to your public central
  • The length of the encryption key used
  • The number of private keys used past the organization

Question 121)

What is an reward disproportionate fundamental encryption has over symmetric key encryption?

  • Disproportionate keys can be exchanged more securely than symmetric keys
  • Asymmetric key encryption is harder to break than symmetric cardinal encryption
  • Asymmetric key encryption is faster than symmetric fundamental encryption

Question 122)

Which position is responsible for the "upstanding hacking" of an organizations reckoner systems?

  • A Penetration Tester

Question 123)

Which iii (3) are considered all-time practices, baselines or frameworks? (Select 3)

  • ISO27000 serial
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

  • Availability

Question 125)

Which blazon of access command is based upon the subject's clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Command (DAC)
  • Mandatory Access Control (MAC)
  • Office Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Betwixt the applications and the information sources
  • On the deject's supervisory system
  • Betwixt the hardware and operating system
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which blazon of set on?

  • A Shark assail
  • A Phishing assault

Question 129)

Which statement almost drivers running in Windows kernel mode is true?

  • Only critical processes are permitted to run in kernel mode since there is nada to prevent a

Question 130)

Symmetric key encryption by itself ensures which of the post-obit?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to apply dynamic mapping?

  • The arrangement will demand equally many registered IP addresses as it has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP address using unlike port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each estimator's IP address for both internal and external communication

Question 132)

Which address type does a computer apply to get a new IP address when it boots up?

  • The network's DHCP server accost

Question 133)

What is the principal difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used merely for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it appropriately?

  • A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the It Helpdesk and admits that mayhap, just possibly, the links in the e-mail he clicked on this morning were not from the real Lottery Committee. What is the first thing you should tell the employee to practice?

  • Run a Port scan
  • Run an antivirus browse

Question 136)

A penetration tester involved in a "Blackness box" attack would be doing what?

  • Attempting to penetrate a client'due south systems as if she were an external hacker with no inside knowled

Question 137)

Which Mail service Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data

Question 138)

In digital forensics, which three (3) steps are involved in the collection of data? (Select three)

  • Develop a programme to larn the data
  • Verify the integrity of the data
  • Learn the data

Question 139)

Which three (iii) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that volition be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+ane

  • 9

Question 141)

Activities performed as a role of security intelligence can be divided into pre-exploit and post-exploit activities. Which 2 (2) of these are post-exploit activities? (Select 2)

  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is most impacted by an system's backup practices?

  • Availability
  • Integrity
  • Authorisation

Question 143)

Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Lawmaking & build
  • Operate & monitor
  • Program

Question 144)

Which 1 of the OWASP Top 10 Awarding Security Risks would exist occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (two) factors? (Select two)

  • Flows per infinitesimal (FPM)
  • Events per second (EPS)

Question 146)

Truthful or False. If you take no meliorate place to start hunting threats, start with a view of the global threat landscape and then drill downwardly to a regional view, industry view and finally a view of the threats specific to your own organization.

  • True

Question 147)

True or False. Cloud-based storage or hosting providers are among the summit sources of third-party breaches

  • Truthful

Question 148)

You lot are looking very hard on the spider web for the everyman mortgage involvement load you can find and yous come across a rate that is so low information technology could not possibly be true. You cheque out the site to run across that the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come up up in news feeds or Google searches are sometimes called "click-bait". These articles oft tempt yous to link to other sites that can be infected with malware. What attack vector is used past these click-bait sites to go you to get to the really bad sites?

  • Malicious Links

More than New Questions

Question 150)

Which of the post-obit defines a security threat?

  • Whatever potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • I instance of a weakness existence exploited
  • A weakness in a system that could be exploited past a bad actor

Question 151)

Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of set on?

  • A mapping attack
  • A denial of service (DoS) set on
  • A phishing assail
  • An IP spoofing attack

Question 152)

Alice sends a bulletin to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding information technology
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
  • Trudy changes the message and and so frontwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and concrete safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should have which three (three) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which statement virtually encryption is True nearly data in employ.

  • Information should always be kept encrypted since mod CPUs are fully capable of operating straight on encrypted data
  • It is vulnerable to theft and should exist decrypted simply for the briefest possible time while information technology is existence operated on
  • Short of orchestrating a retention dump from a system crash, there is no practical way for malware to become at the data being candy, and then dump logs are your only real concern
  • Data in active memory registers are not at risk of being stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network administrator must cull to run a given network segment in either stateful or stateless manner, and and then select the respective firewall type
  • Install a unmarried firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These avant-garde devices inspect everything a stateless firewall inspects in addition to country related factors
  • You must install 2 firewalls in serial, and so all packets pass through the stateless firewall first and and then the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to ascertain the network portion of the address in a Class A network?

  • 2
  • i
  • 4
  • iii

Question 158)

If you have to rely upon metadata to work with the data at hand, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured information
  • Structured information
  • Unstructured information

Question 159)

Which two (two) forms of discovery must exist conducted online? (Select ii)

  • Port scanning
  • Shoulder surfing
  • Social technology
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a visitor?

  • Distributed
  • Fundamental
  • Analogous
  • Control

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

  • Information risk analysis
  • Data classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their set on to streamline costs and focus efforts?

  • Red Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of awarding attack would include User denies performing an operation, aggressor exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or False. Thorough reconnaissance is an of import pace in developing an effective cyber impale chain.

  • True
  • False

Question 165)

True or False. One of the main challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • Truthful
  • False

Question 166)

True or Fake. A large company has a data alienation involving the theft of employee personnel records merely no customer data of whatever kind. Since no external data was involved, the company does not have to report the breach to law enforcement.

  • True
  • False

Question 167)

You are the CEO of a large tech company and have just received an angry email that looks similar information technology came from i of your biggest customers. The email says your company is overbilling the client and asks that you examine the fastened invoice. Yous do simply find it bare, so you answer politely to the sender asking for more details. You never hear dorsum, merely a calendar week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you autumn victim to?

  • As a phishing assail
  • As a whale attack
  • A shark attack
  • A fly phishing attack

Question 168)

Which of these statements virtually the PCI-DSS requirements for any company handling, processing or transmitting credit card data is true?

  • Muti-factor authentication is required for all new bill of fare holders
  • Some form of mobile device management (MDM) must be used on all mobile credit bill of fare processing devices
  • All employees with direct access to cardholder data must be bonded
  • Cardholder data must exist encrypted if it is sent across open or public networks

Which Incident Response Team model describes a squad that acts as consulting experts to advise local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Central

In a Linux file system, which files are independent in the \bin binder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such equally fstab and inittab
  • Directories such every bit /home and /usr

If a computer needs to send a message to a system that is not part of the local network, where does it transport the message?

  • To the system's domain name
  • To the organisation'southward IP address
  • The network'due south DNS server accost
  • To the system'south MAC address
  • The network's default gateway address
  • The network's DHCP server address

Which three (three) of these statements about the TCP protocol are True? (Select three)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving organisation in the order in which they were sent
  • TCP is more reliable than UDP

A professor is not allowed to change a student'due south final grade after she submits it without completing a special form to explain the circumstances that necessitated the change. This boosted stride supports which aspect of the CIA Triad?

  • Say-so
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security run a risk?

  • An instance of being exposed to losses
  • Whatsoever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a organisation
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a obviously text message sent by Alice to Bob, but in no manner interferes with its commitment. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the in a higher place

What is an reward symmetric central encryption has over asymmetric key encryption?

  • Symmetric central encryption provides amend security against Man-in-the-center attacks than is possible with asymmetric fundamental encryption
  • Symmetric key encryption is faster than asymmetric primal encryption
  • Symmetric keys tin be exchanged more securely than disproportionate keys
  • Symmetric fundamental encryption is harder to suspension than disproportionate key encryption

Which type of awarding attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorization
  • Exception direction

Why should you always look for common patterns before starting a new security architecture design?

  • They tin can help identify best practices
  • They tin can shorten the evolution lifecycle
  • Some document complete tested solutions
  • All of the to a higher place

Final Update: 09/12/2021

Warning: Jo Reply Dark-green hai wo correct hai just

Jo Dark-green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

Please Await I Will Add together More NEW QUETIONS..

As well if you have Questions with correct respond  Send me on my E-mail i will update on my web log..

niyander111@gmail.com

Give thanks you...