IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Question i)

Implementing a Security Awareness grooming programme would exist an case of which type of control?

  • Administrative control

Question 2)

Putting locks on a door is an example of which type of control?

  • Preventative

Question 3)

How would you lot allocate a slice of malicious code that tin can replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, you lot must implement promiscuous mode on which device ?

  • A network carte du jour
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question v)

Which mechanism would assistance assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing

Question 6)

An arrangement wants to restrict employee afterwards-hours access to its systems so it publishes a policy forbidding employees to work exterior of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question vii)

Which ii factors contribute to cryptographic force? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question 8)

Trying to break an encryption central by trying every possible combination of characters is chosen what?

  • A fauna force attack

Question 9)

Which of the post-obit describes the core goals of IT security?

  • The Open Web Application Security Project (OWASP) Framework
  • The Concern Procedure Management Framework
  • The CIA Triad

Question x)

Which three (3) roles are typically found in an Information Security organization? (Select three)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Trouble Management, Alter Management, and Incident Management are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and and then forrad it on
  • Trudy deletes the message without forwarding it
  • Trudy reads the message
  • Trudy cannot read it considering it is encrypted but allows it to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is divers as what?

  • Beingness able to map an activity to an identity

Question xiv)

Multifactor authentication (MFA) requires more than 1 authentication method to be used earlier identity is authenticated. Which three (iii) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question xv)

Which iii (three) of the post-obit are Physical Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question xvi)

If yous are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (iii) permissions can be set on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If toll is the primary business concern, which type of cloud should be considered offset?

  • Public cloud

Question 19)

Consolidating and virtualizing workloads should be done when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard prepare by the credit card industry in the U.s.?

  • PCI-DSS

Question 21)

Which ii (ii) of the following attack types target endpoints?

  • Advertisement Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement all-time characterizes the deportment it is able to take automatically?

  • The endpoint tin can exist quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high up he is in an arrangement violates what basic security premise?

  • The principle of least privileges

Question 24)

The Windows Security App available in Windows ten provides uses with which of the following protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the in a higher place

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your arrangement and keep them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital advice?

  • Use of digital signatures

Question 28)

Which of the following practices will help clinch the confidentiality of data in transit?

  • Disable document pinning
  • Accept cocky-signed certificates
  • Implement HTTP Strict Send Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you tin can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static 1-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
  • Allows internal IP addresses to be hidden from exterior observers

Question thirty)

Which argument best describes configuring a NAT router to utilize static mapping?

  • The organization will need as many registered IP addresses as it has computers that need Cyberspace admission

Question 31)

If a estimator needs to transport a message to a system that is part of the local network, where does information technology send the message?

  • To the system'southward MAC address

Question 32)

Which are properties of a highly available system?

  • Back-up, failover and monitoring

Question 33)

Which 3 (3) of these statements nearly the UDP protocol are True? (Select iii)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving organisation in whatever lodge they are received
  • UDP is connectionless

Question 34)

What is i difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

Y'all are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you lot to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX United states. Which 2 (2) of these activities raise the most cause for business concern? (Select 2)

  • Each nighttime Hassan logs into his account from an Internet service provider in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (three) of the following are considered safe coding practices? (Select 3)

  • Use library functions in place of Bone commands
  • Avoid using Os commands whenever possible
  • Avert running commands through a crush interpreter

Question 38)

Which three (3) items should be included in the Planning step of a penetration exam? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would cover the take chances ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, bare removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Post-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes simply is non considered effective in solving violent crimes such every bit rape and murder.

  • Fake

Question 43)

Which 3 (3) are common obstacles faced when trying to examine forensic information? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files among the hundreds of thousands found on most difficult drives
  • Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified status remains truthful?

  • Loops

Question 45)

Which 2 (ii) statements nigh Python are true? (Select ii)

  • Python code is considered like shooting fish in a barrel to debug compared with other popular programming languages
  • Python lawmaking is considered very readable by novice programmers

Question 46)

In the Python argument

pi="3"

What data type is the data type of the variable pi?

  • str

Question 47)

What will exist printed past the following block of Python lawmaking?

def Add5(in)

 out=in+five

 return out

 impress(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was developed past the The states Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or Faux. An organization's security immune system should be integrated with outside organizations, including vendors and other third-parties.

  • Truthful

Question 50)

Which three (3) of these are amid the top 12 capabilities that a practiced data security and protection solution should provide? (Select iii)

  • Vulnerability assessment
  • Real-time alerting
  • Tokenization

Question 51)

True or Simulated. For iOS and Android mobile devices, users must interact with the operating arrangement only through a serial of applications, just not directly.

  • True

Question 52)

All industries have their own unique data security challenges. Which of these industries has a item concern with PCI-DSS compliance while having a large number of admission points staffed by depression-level employees who take access to payment card data?

  • Retail

Question 53)

Truthful or False. WireShark has an impressive assortment of features and is distributed complimentary of accuse.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required exist reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authorisation

Question 56)

You summate that at that place is a 2% probability that a cybercriminal will be able to steal credit carte numbers from your online storefront which will result in $10M in losses to your visitor. What have y'all only determined?

  • A take chances

Question 57)

Which one of the OWASP Top 10 Application Security Risks would exist occur when an application's API exposes financial, healthcare or other PII information?

  • Sensitive data exposure

Question 58)

Which 3 (3) of these are Solution Building Blocks (SBBs)? (Select three)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from iii areas, human expertise, security analytics and bogus intelligence. Apace analyzing large quantities of unstructured information lends itself all-time to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

  • Applied science

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

There is value brought past each of the IBM i2 Eia use cases. Which one of these provides immediate alerting on brand compromises and fraud on the nighttime web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are of import to have in an organization's incident response team? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which stage of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (iii) of these statistics well-nigh phishing attacks are real? (Select three)

  • Effectually 15 million new phishing sites are created each month
  • Phishing accounts for about 20% of information breaches
  • xxx% of phishing messages are opened by their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

  • Implement strong admission control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit menu information? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon written report, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

  • 52%

Question 69)

Yous get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your organization and would similar to assist you lot resolve it. In order to help, they need you lot to get to a web site and download a unproblematic utility that will allow them to gear up the settings on your computer. Since you only own an Apple Mac, y'all are suspicious of this caller and hang upwardly. What would the attack vector have been if you had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automatic way to prevent malware from inbound your system as an email attachment?

  • Anti-virus software

 Question 71)

True or False. The large bulk of stolen credit card numbers are used speedily by the thief or a fellow member of his/her family.

  • Imitation

Question 72)

Which iii (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card information? (Select three)

  • Restrict access to cardholder information by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict concrete admission to cardholder data

Question 73)

True or Imitation. Communications of a data breach should be handled by a squad equanimous of members of the IR team, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response squad model is characterized by which of the post-obit?

  • Multiple incident response teams within an organization all of whom coordinate their activities just inside their country or department
  • Multiple incident response teams inside an arrangement but one with dominance to assure consistent policies and practices are followed across all teams
  • This term refers to a construction that assures the incident response team'southward activities are coordinated with senior direction and all appropriate departments inside and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blueish Blood-red
  • Crimson, Blue

Question 76)

The partnership between security analysts and engineering science can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would incorporate which iii (three) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams similar the one below. What does this diagram show?

<<Solution Architecture Data Flow.png>>

  • Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to package sniffers operate on?

  • Data Link

Question 80)

True or False. Internal attacks from trusted employees represents equally equally significant a threat as external attacks from professional cyber criminals.

  • True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • eighty%

Question 82)

Which state had the highest average cost per breach in 2018 at $8.19M

  • United States

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-acquire

Question 84)

What will impress out when this block of Python code is run?

i=ane

#i=i+1

#i=i+2

#i=i+3

print(i)

  • 1

Question 85)

Which three (3) statements about Python variables are true? (Select three)

  • A variable proper noun must start with a letter or the underscore "_" character
  • Variables can alter type after they take been set
  • Variables practice non have to be alleged in accelerate of their utilise

Question 86)

PowerShell is a configuration direction framework for which operating organisation?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of testify is critical. Which of these should exist included in your chain of custody log?

  • All of the above

Question 88)

Forensic analysis should always exist conducted on a copy of the original data. Which two (2) types of copying are advisable for getting data from a laptop acquired from a terminated employee, if yous suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the following would be considered an incident precursor?

  • An alert from your antivirus software indicating information technology had detected malware on your organisation
  • An announced threat confronting your system by a hactivist group

Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a listing of open up ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which type of list is considered best for prophylactic coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a visitor'due south headquarters in New York City, which of these activities should not raise much of a security business concern?

  • A recently hired information scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from home for an 60 minutes or and so during the last 2 weeks of each quarter

Question 93)

Data sources such every bit newspapers, books and web pages are considered which blazon of information?

  • Unstructured data
  • Semi-structured information
  • Structured data

Question 94)

Which three (3) of these statements nigh the TCP protocol are True? (Select 3)

  • TCP packets are reassembled past the receiving system in the club in which they were sent
  • TCP is more reliable than UDP
  • TCP is connectedness-oriented

Question 95)

In IPv4, how many of the iv octets are used to define the network portion of the accost in a Course B network?

  • ii

Question 96)

A modest company with 25 computers wishes to connect them to the Net using a NAT router. How many Public IP addresses will this company need to assure all 25 computers can communicate with each other and other systems on the Cyberspace if they implement Port Accost Translations?

  • i

Question 97)

Why is symmetric key encryption the most mutual selection of methods to encryptic data at rest?

  • In that location are far more keys bachelor for use
  • It is much faster than asymmetric key encryption

Question 98)

Which of the post-obit statements about hashing is True?

  • Hashing uses algorithms that are known as "i-manner" functions

Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a ane-way process so the original data cannot exist reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the primary hallmark protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting access to a user business relationship only those privileges necessary to perform its intended functions is known every bit what?

  • The principle of least privileges

Question 103)

What is the virtually common patch remediation frequency for near organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an assault method usually used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for It staff is what type of command?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload even afterwards it is successfully moved to the cloud?

  • All of the above

Question 107)

Which course of Deject computing combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized admission to data are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is divers as what?

  • The holding of existence genuine and verifiable

Question 111)

ITIL is best described as what?

  • A drove of IT Service Management best practices

Question 112)

Which position is in accuse of testing the security and effectiveness of figurer information systems?

  • Information Security Auditor

Question 113)

A visitor wants to prevent employees from wasting time on social media sites. To accomplish this, a certificate forbidding employ of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which 2 (ii) types of security controls has the company just implemented? (Select two)

  • Administrative
  • Technical

Question 114)

An electronic mail message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can assemble from your system be called?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the reply the fills in the blanks in the correct lodge.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, adventure
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which class of attack?

  • A Deprival of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The bulletin upsets Trudy so she forwards it to Bob, making information technology expect similar Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which factor contributes most to the strength of an encryption system?

  • How many people have access to your public cardinal
  • The length of the encryption central used
  • The number of individual keys used by the system

Question 121)

What is an advantage asymmetric cardinal encryption has over symmetric cardinal encryption?

  • Asymmetric keys tin be exchanged more securely than symmetric keys
  • Asymmetric fundamental encryption is harder to break than symmetric key encryption
  • Disproportionate central encryption is faster than symmetric fundamental encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select iii)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad represent?

  • Availability

Question 125)

Which type of admission control is based upon the subject'south clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Command (DAC)
  • Mandatory Admission Control (MAC)
  • Role Based Access Command (RBAC)

Question 126)

Windows x stores 64-flake applications in which directory?

  • \Program Files

Question 127)

To build a virtual calculating environment, where is the hypervisor installed?

  • Between the applications and the information sources
  • On the cloud'due south supervisory system
  • Between the hardware and operating system
  • Betwixt the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would exist classified as which type of attack?

  • A Shark attack
  • A Phishing set on

Question 129)

Which statement about drivers running in Windows kernel mode is true?

  • Merely critical processes are permitted to run in kernel mode since there is zilch to prevent a

Question 130)

Symmetric fundamental encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality just
  • Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to utilize dynamic mapping?

  • The system will need equally many registered IP addresses as it has computers that demand Internet access
  • Many registered IP addresses are mapped to a single registered IP address using different port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer's IP address for both internal and external communication

Question 132)

Which address blazon does a computer use to become a new IP address when it boots up?

  • The network's DHCP server address

Question 133)

What is the primary difference betwixt the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times equally many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it appropriately?

  • A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that maybe, only mayhap, the links in the electronic mail he clicked on this morn were not from the existent Lottery Commission. What is the first thing y'all should tell the employee to do?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Blackness box" assail would be doing what?

  • Attempting to penetrate a client'south systems equally if she were an external hacker with no within knowled

Question 137)

Which Post Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned coming together
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data

Question 138)

In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)

  • Develop a programme to acquire the data
  • Verify the integrity of the data
  • Acquire the data

Question 139)

Which three (iii) of the following are considered scripting languages? (Select 3)

  • Perl
  • Fustigate
  • Python

Question 140)

What is the largest number that volition be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+i

  • nine

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which ii (two) of these are post-exploit activities? (Select ii)

  • Gather full situational sensation through advanced security analytics
  • Perform forensic investigation

Question 142)

There are many expert reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is about impacted past an organization'southward backup practices?

  • Availability
  • Integrity
  • Authorisation

Question 143)

Which phase of DevSecOps would contain the activities Internal/External testing, Continuous balls, and Compliance checking?

  • Examination
  • Code & build
  • Operate & monitor
  • Program

Question 144)

Which one of the OWASP Peak 10 Application Security Risks would be occur when at that place are no safeguards confronting a user being allowed to execute HTML or JavaScript in the user'southward browser that can hijack sessions.

  • Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

True or False. If you have no improve identify to start hunting threats, start with a view of the global threat landscape and and so drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

  • True

Question 147)

Truthful or Simulated. Cloud-based storage or hosting providers are amidst the acme sources of third-political party breaches

  • True

Question 148)

You lot are looking very hard on the spider web for the everyman mortgage interest load y'all can find and you come across a charge per unit that is so low it could non possibly be true. You check out the site to encounter that the terms are and quickly discover you are the victim of a ransomware assault. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative manufactures that come up up in news feeds or Google searches are sometimes called "click-bait". These articles oft tempt y'all to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to go you to go to the actually bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Whatever potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system volition be exploited
  • One case of a weakness being exploited
  • A weakness in a organization that could be exploited past a bad role player

Question 151)

Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of assail?

  • A mapping assail
  • A deprival of service (DoS) attack
  • A phishing set on
  • An IP spoofing set on

Question 152)

Alice sends a bulletin to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read it considering it is encrypted but allows it to exist delivered to Bob in its original form
  • Trudy changes the message and so forwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected wellness information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A adept Endpoint Detection and Response system (EDR) should have which iii (iii) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which statement about encryption is True about data in use.

  • Data should e'er be kept encrypted since mod CPUs are fully capable of operating direct on encrypted data
  • It is vulnerable to theft and should be decrypted only for the briefest possible time while it is existence operated on
  • Short of orchestrating a memory dump from a organization crash, in that location is no practical mode for malware to become at the information beingness processed, then dump logs are your simply real concern
  • Data in active memory registers are not at take chances of beingness stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network ambassador must choose to run a given network segment in either stateful or stateless style, and then select the corresponding firewall type
  • Install a unmarried firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state related factors
  • You must install 2 firewalls in series, then all packets pass through the stateless firewall first and so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

  • 2
  • 1
  • four
  • 3

Question 158)

If yous have to rely upon metadata to work with the data at hand, you lot are probably working with which type of data?

  • Meta-structured information
  • Semi-structured information
  • Structured information
  • Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a visitor?

  • Distributed
  • Central
  • Coordinating
  • Control

Question 161)

Which is the information protection process that prevents a suspicious data asking from beingness completed?

  • Data chance analysis
  • Data nomenclature
  • Information discovery
  • Blocking, masking and quarantining

Question 162)

Which grade of penetration testing allows the testers fractional knowledge of the systems they are trying to penetrate in accelerate of their attack to streamline costs and focus efforts?

  • Cherry-red Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of awarding attack would include User denies performing an operation, assailant exploits an awarding without trace, and aggressor covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorisation
  • Input validation

Question 164)

Truthful or Faux. Thorough reconnaissance is an important pace in developing an constructive cyber impale chain.

  • True
  • Faux

Question 165)

True or False. One of the main challenges in cyber threat hunting is a lack of useful tools sold by as well few vendors.

  • True
  • Imitation

Question 166)

True or False. A big company has a data breach involving the theft of employee personnel records but no client data of whatever kind. Since no external data was involved, the company does not have to report the breach to police enforcement.

  • True
  • Fake

Question 167)

Y'all are the CEO of a large tech company and have merely received an angry electronic mail that looks like information technology came from one of your biggest customers. The e-mail says your company is overbilling the client and asks that y'all examine the fastened invoice. You do but detect information technology bare, so you answer politely to the sender asking for more details. You never hear dorsum, but a week later your security team tells you that your credentials have been used to admission and exfiltrate big amounts of company financial data. What kind of attack did y'all fall victim to?

  • As a phishing set on
  • Every bit a whale attack
  • A shark attack
  • A fly phishing attack

Question 168)

Which of these statements near the PCI-DSS requirements for any company handling, processing or transmitting credit card information is truthful?

  • Muti-gene authentication is required for all new card holders
  • Some form of mobile device management (MDM) must exist used on all mobile credit card processing devices
  • All employees with directly access to cardholder data must be bonded
  • Cardholder data must be encrypted if it is sent beyond open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?

  • Command
  • Coordinating
  • Distributed
  • O Central

In a Linux file arrangement, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /habitation and /usr

If a computer needs to send a message to a organisation that is not part of the local network, where does it send the message?

  • To the organization's domain proper name
  • To the system's IP address
  • The network's DNS server accost
  • To the organization's MAC accost
  • The network's default gateway address
  • The network'southward DHCP server address

Which 3 (3) of these statements about the TCP protocol are True? (Select iii)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP

A professor is not allowed to change a student'southward last form after she submits it without completing a special class to explain the circumstances that necessitated the change. This boosted step supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security risk?

  • An case of beingness exposed to losses
  • Whatsoever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a organisation
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a patently text message sent by Alice to Bob, but in no way interferes with its delivery. Which attribute of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an reward symmetric cardinal encryption has over asymmetric key encryption?

  • Symmetric cardinal encryption provides better security against Human being-in-the-middle attacks than is possible with disproportionate key encryption
  • Symmetric key encryption is faster than disproportionate key encryption
  • Symmetric keys tin be exchanged more securely than asymmetric keys
  • Symmetric key encryption is harder to interruption than asymmetric primal encryption

Which type of application set on would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration direction
  • Hallmark
  • Authorization
  • Exception management

Why should you ever wait for mutual patterns before starting a new security architecture pattern?

  • They tin assistance identify best practices
  • They tin shorten the development lifecycle
  • Some document complete tested solutions
  • All of the above

Final Update: 09/12/2021

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

PLEASE Look I WILL Add together MORE NEW QUETIONS..

Likewise if you accept Questions with correct answer  Ship me on my Email i will update on my blog..

niyander111@gmail.com

Thank y'all...