IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional person Certificate Assessment Examination Quiz Answers

Warning: Jo Answer Green hai wo correct hai simply

Jo Green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Question ane)

Implementing a Security Awareness training plan would exist an example of which type of control?

  • Authoritative control

Question ii)

Putting locks on a door is an case of which blazon of control?

  • Preventative

Question 3)

How would you lot allocate a slice of malicious code that can replicate itself and spread to new systems?

  • A worm

Question iv)

To engage in package sniffing, yous must implement promiscuous manner on which device ?

  • A network bill of fare
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question five)

Which mechanism would help clinch the integrity of a bulletin, but not do much to clinch confidentiality or availability.

  • Hashing

Question 6)

An organization wants to restrict employee after-hours admission to its systems and so it publishes a policy forbidding employees to work outside of their assigned hours, and so makes sure the office doors remain locked on weekends. What two (two) types of controls are they using? (Select ii)

  • Physical
  • Authoritative

Question 7)

Which two factors contribute to cryptographic force? (Select 2)

  • The employ of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that take undergone public scrutiny

Question viii)

Trying to break an encryption key past trying every possible combination of characters is called what?

  • A animal force attack

Question nine)

Which of the post-obit describes the core goals of IT security?

  • The Open Spider web Application Security Project (OWASP) Framework
  • The Business concern Process Management Framework
  • The CIA Triad

Question x)

Which iii (3) roles are typically found in an Information Security organization? (Select 3)

  • Vulnerability Assessor
  • Principal Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Trouble Management, Change Management, and Incident Management are all central processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and and so forrad it on
  • Trudy deletes the message without forwarding information technology
  • Trudy reads the message
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original class

Question 13)

In cybersecurity, Accountability is divers as what?

  • Being able to map an activity to an identity

Question 14)

Multifactor hallmark (MFA) requires more than 1 authentication method to be used earlier identity is authenticated. Which three (3) are hallmark methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which three (3) of the following are Concrete Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question 16)

If yous are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which 3 (iii) permissions tin can exist fix on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If cost is the primary concern, which type of deject should be considered offset?

  • Public deject

Question 19)

Consolidating and virtualizing workloads should exist washed when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a cocky-regulating standard gear up by the credit carte du jour industry in the United states?

  • PCI-DSS

Question 21)

Which two (2) of the post-obit set on types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non accept a required patch installed, which statement all-time characterizes the actions it is able to take automatically?

  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting admission to a user based upon how high up he is in an arrangement violates what basic security premise?

  • The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the following protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and keep them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Use of digital signatures

Question 28)

Which of the following practices will assistance assure the confidentiality of information in transit?

  • Disable certificate pinning
  • Accept self-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which iii (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static i-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address merely when they are needed
  • Allows internal IP addresses to be subconscious from outside observers

Question 30)

Which argument best describes configuring a NAT router to use static mapping?

  • The system will need as many registered IP addresses equally it has computers that need Internet access

Question 31)

If a reckoner needs to send a message to a system that is part of the local network, where does it send the message?

  • To the system's MAC address

Question 32)

Which are backdrop of a highly bachelor system?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatsoever order they are received
  • UDP is connectionless

Question 34)

What is 1 deviation between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

Yous are concerned that your organization is actually not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal twenty-four hours shift from his company's headquarters in Austin, TX USA. Which 2 (2) of these activities raise the well-nigh cause for concern? (Select 2)

  • Each night Hassan logs into his business relationship from an ISP in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which iii (3) of the following are considered safe coding practices? (Select 3)

  • Utilize library functions in place of OS commands
  • Avoid using OS commands whenever possible
  • Avoid running commands through a crush interpreter

Question 38)

Which three (iii) items should exist included in the Planning step of a penetration exam? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest study would encompass the gamble ranking, recommendations and roadmap?

  • Executive Summary

Question xl)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Postal service-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends because a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

Truthful or Faux. Digital forensics is effective in solving cyber crimes simply is non considered constructive in solving vehement crimes such equally rape and murder.

  • False

Question 43)

Which three (3) are mutual obstacles faced when trying to examine forensic information? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files amidst the hundreds of thousands found on about difficult drives
  • Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified condition remains truthful?

  • Loops

Question 45)

Which two (two) statements about Python are truthful? (Select 2)

  • Python code is considered easy to debug compared with other pop programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="iii"

What data blazon is the data type of the variable pi?

  • str

Question 47)

What volition exist printed by the following block of Python code?

def Add5(in)

 out=in+v

 return out

 impress(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was developed by the The states Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

Truthful or Simulated. An organization's security allowed system should be integrated with outside organizations, including vendors and other third-parties.

  • True

Question 50)

Which iii (3) of these are amidst the peak 12 capabilities that a skillful data security and protection solution should provide? (Select three)

  • Vulnerability assessment
  • Real-time alerting
  • Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must collaborate with the operating system but through a series of applications, just not direct.

  • True

Question 52)

All industries have their own unique information security challenges. Which of these industries has a detail business with PCI-DSS compliance while having a large number of access points staffed past depression-level employees who take access to payment card data?

  • Retail

Question 53)

True or Faux. WireShark has an impressive array of features and is distributed gratis of accuse.

  • True

Question 54)

In which component of a Mutual Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

You calculate that there is a two% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will effect in $10M in losses to your visitor. What have you but determined?

  • A take a chance

Question 57)

Which i of the OWASP Meridian 10 Application Security Risks would exist occur when an application'south API exposes financial, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which three (three) of these are Solution Edifice Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Awarding Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

  • Bogus intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

  • Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 EIA use cases. Which 1 of these provides immediate alerting on make compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to take in an arrangement'southward incident response team? (Select 3)

  • Communication
  • Teamwork
  • Trouble solving and Critical thinking

Question 64)

Implementing stiff endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (iii) of these statistics about phishing attacks are existent? (Select three)

  • Around 15 million new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing messages are opened by their targeted users

Question 66)

Which 3 (three) of these command processes are included in the PCI-DSS standard? (Select 3)

  • Implement potent access command measures
  • Regularly monitor and examination networks
  • Maintain an data security policy

Question 67)

Which iii (iii) are malware types commonly used in PoS attacks to steal credit menu data? (Select iii)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2022 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

  • 52%

Question 69)

Y'all get a telephone telephone call from a technician at the "Windows company" who tells you that they take detected a problem with your system and would like to help you lot resolve it. In guild to help, they need you to go to a web site and download a simple utility that will allow them to ready the settings on your calculator. Since you only ain an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you lot had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an constructive fully automated manner to forestall malware from entering your system equally an email attachment?

  • Anti-virus software

 Question 71)

True or False. The large bulk of stolen credit bill of fare numbers are used quickly by the thief or a member of his/her family.

  • Fake

Question 72)

Which iii (3) of these are PCI-DSS requirements for whatsoever company handling, processing or transmitting credit carte du jour data? (Select 3)

  • Restrict access to cardholder data past business demand-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data

Question 73)

True or False. Communications of a information breach should exist handled by a squad composed of members of the IR team, legal personnel and public relations.

  • Truthful

Question 74)

A Analogous incident response team model is characterized by which of the following?

  • Multiple incident response teams inside an organization all of whom coordinate their activities only within their country or department
  • Multiple incident response teams within an organisation but i with authority to assure consistent policies and practices are followed beyond all teams
  • This term refers to a construction that assures the incident response team's activities are coordinated with senior management and all appropriate departments inside and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blue Ruby
  • Red, Blue

Question 76)

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (iii) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures frequently contain diagrams like the 1 below. What does this diagram show?

<<Solution Compages Information Flow.png>>

  • Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Data Link

Question fourscore)

True or False. Internal attacks from trusted employees represents as as significant a threat as external attacks from professional cyber criminals.

  • Truthful

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which state had the highest average cost per breach in 2022 at $8.19M

  • The states

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select ii)

  • StatsModels
  • Scikit-learn

Question 84)

What will print out when this block of Python code is run?

i=1

#i=i+1

#i=i+2

#i=i+3

print(i)

  • 1

Question 85)

Which three (3) statements about Python variables are true? (Select three)

  • A variable name must start with a letter or the underscore "_" graphic symbol
  • Variables can modify type after they accept been gear up
  • Variables practice not accept to be alleged in advance of their apply

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is disquisitional. Which of these should be included in your concatenation of custody log?

  • All of the above

Question 88)

Forensic analysis should e'er be conducted on a re-create of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select two)

  • An incremental fill-in
  • A logical backup

Question 89)

Which of the following would exist considered an incident forerunner?

  • An alert from your antivirus software indicating information technology had detected malware on your arrangement
  • An appear threat confronting your organization by a hactivist grouping

Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open up ports and published services, which tool would be the best fit for this chore?

  • Nmap

Question 91)

Which type of list is considered best for safe coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a visitor's headquarters in New York City, which of these activities should not raise much of a security business?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate fiscal database
  • An employee has started logging in from dwelling house for an hour or then during the terminal 2 weeks of each quarter

Question 93)

Information sources such as newspapers, books and web pages are considered which blazon of data?

  • Unstructured data
  • Semi-structured data
  • Structured information

Question 94)

Which 3 (iii) of these statements about the TCP protocol are Truthful? (Select three)

  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the iv octets are used to ascertain the network portion of the address in a Form B network?

  • 2

Question 96)

A pocket-size visitor with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses volition this company need to assure all 25 computers tin communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • 1

Question 97)

Why is symmetric cardinal encryption the most common choice of methods to encryptic data at rest?

  • At that place are far more keys available for apply
  • It is much faster than disproportionate central encryption

Question 98)

Which of the following statements about hashing is True?

  • Hashing uses algorithms that are known as "one-way" functions

Question 99)

Why is hashing non a common method used for encrypting data?

  • Hashing is a ane-manner process so the original information cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the master authentication protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting access to a user account just those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the most mutual patch remediation frequency for nigh organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method usually used in which scenario?

  • Supply Concatenation Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security preparation for Information technology staff is what type of control?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload fifty-fifty subsequently it is successfully moved to the deject?

  • All of the above

Question 107)

Which form of Cloud computing combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your calculator'south hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of admission control?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The holding of being genuine and verifiable

Question 111)

ITIL is all-time described as what?

  • A collection of IT Service Management all-time practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer information systems?

  • Information Security Auditor

Question 113)

A company wants to prevent employees from wasting time on social media sites. To accomplish this, a certificate forbidding use of these sites while at work is written and circulated and and so the firewalls are updated to block access to Facebook, Twitter and other pop sites. Which ii (ii) types of security controls has the company just implemented? (Select 2)

  • Administrative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would accost which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports dorsum to the controller your keystrokes and other information information technology tin can gather from your system be chosen?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad player.

  • vulnerability, threat, exploit
  • threat, exposure, adventure
  • threat histrion, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they attain the host is a countermeasure to which grade of attack?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text bulletin from Alice to her boyfriend Sam. The message upsets Trudy so she forwards information technology to Bob, making information technology await like Alice intended it for Bob from the beginning. Which attribute of the CIA Triad has Trudy violated ?

  • All of the higher up

Question 120)

Which factor contributes nigh to the strength of an encryption system?

  • How many people accept access to your public key
  • The length of the encryption key used
  • The number of private keys used by the system

Question 121)

What is an reward disproportionate key encryption has over symmetric key encryption?

  • Disproportionate keys tin be exchanged more securely than symmetric keys
  • Asymmetric fundamental encryption is harder to break than symmetric cardinal encryption
  • Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

  • Availability

Question 125)

Which type of access command is based upon the subject's clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Command (MAC)
  • Office Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-chip applications in which directory?

  • \Plan Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the cloud's supervisory organisation
  • Between the hardware and operating organization
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would exist classified every bit which type of attack?

  • A Shark attack
  • A Phishing attack

Question 129)

Which statement about drivers running in Windows kernel way is truthful?

  • Only disquisitional processes are permitted to run in kernel mode since there is nothing to prevent a

Question 130)

Symmetric key encryption by itself ensures which of the post-obit?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to use dynamic mapping?

  • The organization will demand equally many registered IP addresses as information technology has computers that need Cyberspace access
  • Many registered IP addresses are mapped to a single registered IP address using dissimilar port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer's IP address for both internal and external communication

Question 132)

Which address type does a computer use to get a new IP address when it boots upwards?

  • The network's DHCP server address

Question 133)

What is the primary difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes information technology appropriately?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that maybe, just mayhap, the links in the email he clicked on this morning time were not from the real Lottery Commission. What is the first thing you should tell the employee to exercise?

  • Run a Port scan
  • Run an antivirus browse

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled

Question 137)

Which Mail service Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Testify retentiveness
  • Documentation review & update
  • Utilizing collected information

Question 138)

In digital forensics, which three (3) steps are involved in the drove of information? (Select 3)

  • Develop a programme to learn the data
  • Verify the integrity of the information
  • Larn the data

Question 139)

Which three (three) of the following are considered scripting languages? (Select iii)

  • Perl
  • Fustigate
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+i

  • nine

Question 141)

Activities performed equally a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which ii (ii) of these are post-exploit activities? (Select ii)

  • Gather total situational awareness through avant-garde security analytics
  • Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is most impacted by an organization's backup practices?

  • Availability
  • Integrity
  • Authorization

Question 143)

Which stage of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Code & build
  • Operate & monitor
  • Plan

Question 144)

Which 1 of the OWASP Height x Application Security Risks would be occur when at that place are no safeguards against a user being immune to execute HTML or JavaScript in the user'due south browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (ii) factors? (Select 2)

  • Flows per infinitesimal (FPM)
  • Events per second (EPS)

Question 146)

Truthful or Imitation. If you have no better place to outset hunting threats, start with a view of the global threat landscape so drill down to a regional view, manufacture view and finally a view of the threats specific to your own organisation.

  • True

Question 147)

True or Fake. Deject-based storage or hosting providers are amidst the top sources of third-party breaches

  • True

Question 148)

You lot are looking very hard on the web for the everyman mortgage interest load you can detect and y'all come beyond a charge per unit that is and then low information technology could non mayhap be truthful. You check out the site to see that the terms are and chop-chop discover you are the victim of a ransomware assault. What was the probable attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative manufactures that come upward in news feeds or Google searches are sometimes chosen "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to go you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the post-obit defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • One instance of a weakness beingness exploited
  • A weakness in a system that could be exploited by a bad actor

Question 151)

Suspicious action, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?

  • A mapping attack
  • A denial of service (DoS) attack
  • A phishing attack
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original class
  • Trudy changes the message and then forrad it on
  • Trudy reads the message

Question 153)

Which regulation contains the security dominion that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should have which three (iii) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which argument near encryption is Truthful nigh data in use.

  • Data should always exist kept encrypted since modern CPUs are fully capable of operating direct on encrypted data
  • Information technology is vulnerable to theft and should exist decrypted only for the briefest possible time while it is being operated on
  • Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the data being processed, and then dump logs are your but real concern
  • Information in active retention registers are not at risk of being stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be washed?

  • This cannot be done The network administrator must cull to run a given network segment in either stateful or stateless manner, and then select the corresponding firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall but These advanced devices inspect everything a stateless firewall inspects in addition to state related factors
  • You must install two firewalls in series, then all packets pass through the stateless firewall first and then the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to ascertain the network portion of the address in a Course A network?

  • two
  • i
  • 4
  • 3

Question 158)

If you have to rely upon metadata to work with the information at mitt, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured information
  • Structured information
  • Unstructured data

Question 159)

Which two (2) forms of discovery must exist conducted online? (Select two)

  • Port scanning
  • Shoulder surfing
  • Social engineering science
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a squad that runs all incident response activities for a company?

  • Distributed
  • Primal
  • Coordinating
  • Control

Question 161)

Which is the data protection procedure that prevents a suspicious data request from being completed?

  • Data risk analysis
  • Information classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial noesis of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Reddish Box Testing
  • Gray Box Testing
  • White Box testing
  • Blackness Box Testing

Question 163)

Which type of application attack would include User denies performing an operation, attacker exploits an application without trace, and aggressor covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or False. Thorough reconnaissance is an important step in developing an constructive cyber kill chain.

  • True
  • Fake

Question 165)

True or Simulated. One of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • True
  • False

Question 166)

True or Imitation. A big company has a data alienation involving the theft of employee personnel records but no customer data of any kind. Since no external data was involved, the company does not have to report the breach to law enforcement.

  • True
  • Imitation

Question 167)

You are the CEO of a large tech company and have just received an aroused email that looks like it came from one of your biggest customers. The email says your visitor is overbilling the customer and asks that you lot examine the attached invoice. Yous do but notice it blank, so you reply politely to the sender asking for more than details. You never hear dorsum, merely a week later your security team tells you that your credentials take been used to access and exfiltrate large amounts of company financial information. What kind of attack did you fall victim to?

  • Every bit a phishing set on
  • As a whale set on
  • A shark attack
  • A wing phishing attack

Question 168)

Which of these statements near the PCI-DSS requirements for whatsoever company handling, processing or transmitting credit carte du jour information is true?

  • Muti-gene authentication is required for all new card holders
  • Some grade of mobile device direction (MDM) must be used on all mobile credit card processing devices
  • All employees with directly access to cardholder information must exist bonded
  • Cardholder data must be encrypted if information technology is sent across open or public networks

Which Incident Response Squad model describes a squad that acts equally consulting experts to advise local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Cardinal

In a Linux file system, which files are contained in the \bin binder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such equally fstab and inittab
  • Directories such every bit /habitation and /usr

If a reckoner needs to ship a bulletin to a organization that is not part of the local network, where does it send the message?

  • To the arrangement's domain name
  • To the organisation's IP address
  • The network's DNS server address
  • To the system's MAC address
  • The network's default gateway accost
  • The network's DHCP server address

Which 3 (iii) of these statements nearly the TCP protocol are Truthful? (Select three)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled past the receiving system in the order in which they were sent
  • TCP is more reliable than UDP

A professor is non allowed to alter a student's concluding grade subsequently she submits it without completing a special form to explain the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security risk?

  • An instance of being exposed to losses
  • Any potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a organisation
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a evidently text message sent by Alice to Bob, simply in no mode interferes with its delivery. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an advantage symmetric key encryption has over disproportionate key encryption?

  • Symmetric key encryption provides amend security against Man-in-the-middle attacks than is possible with asymmetric fundamental encryption
  • Symmetric primal encryption is faster than disproportionate key encryption
  • Symmetric keys can exist exchanged more securely than asymmetric keys
  • Symmetric fundamental encryption is harder to break than asymmetric key encryption

Which blazon of application set on would include network eavesdropping, lexicon attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authority
  • Exception direction

Why should y'all always look for common patterns earlier starting a new security architecture design?

  • They tin can aid identify best practices
  • They can shorten the development lifecycle
  • Some certificate complete tested solutions
  • All of the to a higher place

Last Update: 09/12/2021

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong pick tha usko hata diya hai

Please WAIT I WILL Add MORE NEW QUETIONS..

Besides if you lot have Questions with correct answer  Transport me on my Email i will update on my web log..

niyander111@gmail.com

Thank you...