Click on Again Possibly Crossword Hint
IBM Cybersecurity Annotator Professional Certificate Cess Test Quiz Answers
Alarm: Jo Answer Green hai wo correct hai but
Jo Light-green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai
Question one)
Implementing a Security Sensation training program would be an example of which blazon of control?
- Administrative control
Question two)
Putting locks on a door is an case of which blazon of control?
- Preventative
Question 3)
How would yous allocate a piece of malicious lawmaking that tin can replicate itself and spread to new systems?
- A worm
Question 4)
To engage in packet sniffing, you must implement promiscuous style on which device ?
- A network card
- An Intrusion Detection Arrangement (IDS)
- A sniffing router
Question 5)
Which mechanism would help assure the integrity of a bulletin, but non exercise much to clinch confidentiality or availability.
- Hashing
Question six)
An organization wants to restrict employee afterward-hours access to its systems and so information technology publishes a policy forbidding employees to work exterior of their assigned hours, and then makes certain the role doors remain locked on weekends. What ii (2) types of controls are they using? (Select ii)
- Physical
- Administrative
Question 7)
Which two factors contribute to cryptographic forcefulness? (Select 2)
- The utilize of cyphers that are based on circuitous mathematical algorithms
- The utilize of cyphers that have undergone public scrutiny
Question 8)
Trying to interruption an encryption key past trying every possible combination of characters is called what?
- A brute force attack
Question 9)
Which of the following describes the cadre goals of IT security?
- The Open Web Application Security Project (OWASP) Framework
- The Business organisation Procedure Direction Framework
- The CIA Triad
Question ten)
Which three (3) roles are typically establish in an Information Security system? (Select three)
- Vulnerability Assessor
- Chief Information Security Officer (CISO)
- Penetration Tester
Question 11)
Trouble Management, Change Direction, and Incident Management are all key processes of which framework?
- ITIL
Question 12)
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?
- Trudy changes the message and so frontward it on
- Trudy deletes the message without forwarding information technology
- Trudy reads the message
- Trudy cannot read it considering it is encrypted merely allows it to be delivered to Bob in its original grade
Question 13)
In cybersecurity, Accountability is divers as what?
- Being able to map an activeness to an identity
Question 14)
Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are hallmark methods? (Select 3)
- Something a person is
- Something a person has
- Something a person knows
Question fifteen)
Which three (3) of the following are Physical Access Controls? (Select 3)
- Door locks
- Security guards
- Fences
Question 16)
If you are setting upwards a Windows 10 laptop with a 32Gb hard drive, which ii (2) file system could you select? (Select 2)
- NTFS
- FAT32
Question 17)
Which three (3) permissions tin be attack a file in Linux? (Select 3)
- write
- execute
- read
Question 18)
If cost is the main concern, which blazon of cloud should be considered first?
- Public deject
Question 19)
Consolidating and virtualizing workloads should exist done when?
- Earlier moving the workloads to the cloud
Question twenty)
Which of the following is a self-regulating standard ready past the credit carte industry in the US?
- PCI-DSS
Question 21)
Which two (ii) of the post-obit attack types target endpoints?
- Advert Network
- Spear Phishing
Question 22)
If an Endpoint Detection and Response (EDR) system detects that an endpoint does not accept a required patch installed, which argument best characterizes the actions information technology is able to take automatically?
- The endpoint can exist quarantined from all network resource except those that allow it to download and install the missing patch
Question 23)
Granting access to a user based upon how loftier up he is in an system violates what basic security premise?
- The principle of least privileges
Question 24)
The Windows Security App available in Windows 10 provides uses with which of the following protections?
- Firewall and network protection
- Family options (parental controls)
- All of the above
Question 25)
Hashing ensures which of the following?
- Integrity
Question 26)
Which of the following practices helps clinch the best results when implementing encryption?
- Choose a reliable and proven published algorithm
- Develop a unique cryptographic algorithm for your system and proceed them undercover
Question 27)
Which of these methods ensures the authentication, not-repudiation and integrity of a digital communication?
- Utilise of digital signatures
Question 28)
Which of the following practices will help assure the confidentiality of data in transit?
- Disable certificate pinning
- Have self-signed certificates
- Implement HTTP Strict Transport Protocol (HSTS)
Question 29)
Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)
- Allows static 1-to-1 mapping of local IP addresses to global IP addresses
- Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost only when they are needed
- Allows internal IP addresses to be subconscious from outside observers
Question 30)
Which argument best describes configuring a NAT router to utilise static mapping?
- The organization will demand as many registered IP addresses as it has computers that need Internet admission
Question 31)
If a computer needs to ship a message to a system that is role of the local network, where does it send the bulletin?
- To the system's MAC accost
Question 32)
Which are properties of a highly available system?
- Redundancy, failover and monitoring
Question 33)
Which three (iii) of these statements near the UDP protocol are True? (Select three)
- UDP is faster than TCP
- UDP packets are reassembled by the receiving system in whatsoever guild they are received
- UDP is connectionless
Question 34)
What is i difference between a Stateful Firewall and a Next Generation Firewall?
- A NGFW understand which application sent a given bundle
Question 35)
You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?
- SaaS
Question 36)
Hassan is an engineer who works a normal day shift from his visitor'southward headquarters in Austin, TX USA. Which two (2) of these activities raise the most cause for concern? (Select 2)
- Each night Hassan logs into his account from an ISP in China
- One evening, Hassan downloads all of the files associated with the new product he is working on
Question 37)
Which iii (3) of the following are considered safe coding practices? (Select three)
- Use library functions in place of Os commands
- Avoid using Os commands whenever possible
- Avoid running commands through a vanquish interpreter
Question 38)
Which three (iii) items should be included in the Planning step of a penetration test? (Select 3)
- Informing Need-to-know employees
- Establishing Boundaries
- Setting Objectives
Question 39)
Which portion of the pentest report would cover the risk ranking, recommendations and roadmap?
- Executive Summary
Question 40)
Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?
- Incident Mail service-Assay Resources
- Incident Analysis Hardware and Software
Question 41)
NIST recommends because a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?
- Recovery
Question 42)
Truthful or False. Digital forensics is constructive in solving cyber crimes but is non considered effective in solving violent crimes such as rape and murder.
- Simulated
Question 43)
Which three (three) are common obstacles faced when trying to examine forensic data? (Select 3)
- Selecting the right tools to assist filter and exclude irrelevant data
- Finding the relevant files among the hundreds of thousands plant on most hard drives
- Bypassing controls such as passwords
Question 44)
What scripting concept will repeatedly execute the same cake of code while a specified condition remains truthful?
- Loops
Question 45)
Which two (two) statements about Python are true? (Select 2)
- Python lawmaking is considered easy to debug compared with other pop programming languages
- Python code is considered very readable by novice programmers
Question 46)
In the Python statement
pi="3"
What data type is the data type of the variable pi?
- str
Question 47)
What will be printed by the following block of Python lawmaking?
def Add5(in)
out=in+5
return out
print(Add5(x))
- 15
Question 48)
Which threat intelligence framework was developed by the US Government to enable consistent characterization and categorization of cyberthreat events?
- Cyber Threat Framework
Question 49)
True or False. An organization's security immune system should be integrated with outside organizations, including vendors and other tertiary-parties.
- Truthful
Question 50)
Which three (three) of these are among the top 12 capabilities that a expert data security and protection solution should provide? (Select 3)
- Vulnerability assessment
- Real-time alerting
- Tokenization
Question 51)
True or False. For iOS and Android mobile devices, users must interact with the operating system simply through a series of applications, just not directly.
- True
Question 52)
All industries have their own unique data security challenges. Which of these industries has a item concern with PCI-DSS compliance while having a big number of access points staffed by depression-level employees who accept admission to payment bill of fare data?
- Retail
Question 53)
True or False. WireShark has an impressive assortment of features and is distributed free of charge.
- True
Question 54)
In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?
- Base of operations-Exploitability Subscore
Question 55)
The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
- IAM controls to regulate authorization
Question 56)
You calculate that there is a ii% probability that a cybercriminal will be able to steal credit menu numbers from your online storefront which will outcome in $10M in losses to your company. What have you only determined?
- A take chances
Question 57)
Which one of the OWASP Summit x Application Security Risks would be occur when an application'south API exposes fiscal, healthcare or other PII information?
- Sensitive data exposure
Question 58)
Which three (3) of these are Solution Edifice Blocks (SBBs)? (Select 3)
- Virus Protection
- Awarding Firewall
- Spam Filter
Question 59)
A robust cybersecurity defense includes contributions from 3 areas, human being expertise, security analytics and artificial intelligence. Quickly analyzing big quantities of unstructured data lends itself best to which of these areas?
- Artificial intelligence
Question lx)
The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?
- Applied science
Question 61)
Which of these is a proficient definition for cyber threat hunting?
- The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber impale chain
Question 62)
There is value brought past each of the IBM i2 EIA use cases. Which i of these provides firsthand alerting on brand compromises and fraud on the dark web.
- Threat Discovery
.
Question 63)
Which 3 (3) soft skills are important to have in an organisation'due south incident response team? (Select 3)
- Communication
- Teamwork
- Trouble solving and Critical thinking
Question 64)
Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?
- Detection & Analysis
Question 65)
Which three (three) of these statistics nigh phishing attacks are existent? (Select 3)
- Around 15 million new phishing sites are created each month
- Phishing accounts for nigh 20% of information breaches
- 30% of phishing letters are opened past their targeted users
Question 66)
Which three (three) of these control processes are included in the PCI-DSS standard? (Select 3)
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an data security policy
Question 67)
Which 3 (3) are malware types commonly used in PoS attacks to steal credit menu data? (Select 3)
- Alina
- BlackPOS
- vSkimmer
Question 68)
According to a 2019 Ponemon written report, what per centum of consumers indicated they would be willing to pay more for a product or service from a provider with better security?
- 52%
Question 69)
You get a telephone call from a technician at the "Windows company" who tells yous that they have detected a problem with your system and would like to help you resolve information technology. In lodge to assistance, they need you lot to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since y'all only own an Apple tree Mac, you are suspicious of this caller and hang upward. What would the attack vector have been if y'all had downloaded the "elementary utility" equally asked?
- Remote Desktop Protocol (RDP)
Question 70)
What is an constructive fully automatic way to preclude malware from entering your system equally an email attachment?
- Anti-virus software
Question 71)
True or Imitation. The large bulk of stolen credit carte numbers are used quickly by the thief or a member of his/her family unit.
- False
Question 72)
Which three (iii) of these are PCI-DSS requirements for any company handling, processing or transmitting credit carte information? (Select 3)
- Restrict access to cardholder data past business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder information
Question 73)
True or Fake. Communications of a data breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.
- True
Question 74)
A Coordinating incident response team model is characterized past which of the following?
- Multiple incident response teams within an organization all of whom coordinate their activities merely inside their land or department
- Multiple incident response teams inside an system but one with say-so to assure consequent policies and practices are followed across all teams
- This term refers to a structure that assures the incident response team'southward activities are coordinated with senior management and all appropriate departments inside and organization
Question 75)
The cyber hunting squad and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.
- Blue Red
- Ruddy, Blue
Question 76)
The partnership between security analysts and technology tin can be said to be grouped into three domains, human expertise, security analytics and artificial intelligence. The human being expertise domain would contain which 3 (3) of these topics?
- Abstraction
- Dilemmas
- Morals
Question 77)
Solution architectures often comprise diagrams like the one below. What does this diagram show?
<<Solution Compages Information Flow.png>>
- Functional components and data flow
Question 78)
Port numbers 1024 through 49151 are known as what?
- Registered Ports
Question 79)
Which layer of the OSI model to packet sniffers operate on?
- Information Link
Question 80)
True or False. Internal attacks from trusted employees represents every bit as meaning a threat as external attacks from professional cyber criminals.
- True
Question 81)
According to the FireEye Mandiant'south Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?
- 80%
Question 82)
Which country had the highest boilerplate price per breach in 2018 at $eight.19M
- United States
Question 83)
Which two (2) of these Python libraries provides useful statistical functions? (Select 2)
- StatsModels
- Scikit-larn
Question 84)
What volition impress out when this cake of Python code is run?
i=1
#i=i+1
#i=i+ii
#i=i+3
print(i)
- 1
Question 85)
Which three (iii) statements near Python variables are true? (Select 3)
- A variable name must first with a alphabetic character or the underscore "_" character
- Variables can alter blazon later on they have been set
- Variables exercise not accept to exist alleged in advance of their use
Question 86)
PowerShell is a configuration direction framework for which operating arrangement?
- Windows
Question 87)
In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?
- All of the in a higher place
Question 88)
Forensic assay should always exist conducted on a copy of the original data. Which two (ii) types of copying are appropriate for getting data from a laptop caused from a terminated employee, if you lot suspect he has deleted incriminating files? (Select 2)
- An incremental backup
- A logical backup
Question 89)
Which of the following would be considered an incident precursor?
- An alert from your antivirus software indicating it had detected malware on your arrangement
- An announced threat against your arrangement by a hactivist group
Question 90)
If a penetration exam calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open up ports and published services, which tool would be the best fit for this task?
- Nmap
Question 91)
Which type of list is considered best for safe coding practice?
- Whitelist
Question 92)
In reviewing the security logs for a visitor'south headquarters in New York City, which of these activities should non raise much of a security business concern?
- A recently hired information scientist in the Medical Analytics department has repeatedly attempted to admission the corporate financial database
- An employee has started logging in from domicile for an 60 minutes or so during the last 2 weeks of each quarter
Question 93)
Data sources such as newspapers, books and web pages are considered which type of data?
- Unstructured data
- Semi-structured information
- Structured data
Question 94)
Which 3 (iii) of these statements about the TCP protocol are True? (Select three)
- TCP packets are reassembled by the receiving system in the order in which they were sent
- TCP is more than reliable than UDP
- TCP is connectedness-oriented
Question 95)
In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?
- 2
Question 96)
A pocket-size visitor with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses volition this company need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?
- one
Question 97)
Why is symmetric primal encryption the most common choice of methods to encryptic information at rest?
- There are far more keys available for utilise
- Information technology is much faster than disproportionate key encryption
Question 98)
Which of the following statements nigh hashing is True?
- Hashing uses algorithms that are known as "one-way" functions
Question 99)
Why is hashing not a common method used for encrypting information?
- Hashing is a one-way process and so the original information cannot be reconstructed from a hash value
Question 100)
Public key encryption incorporating digital signatures ensures which of the post-obit?
- Confidentiality and Integrity
Question 101)
What is the primary authentication protocol used past Microsoft in Active Directory?
- Kerberos
Question 102)
Granting access to a user account only those privileges necessary to perform its intended functions is known every bit what?
- The principle of least privileges
Question 103)
What is the most mutual patch remediation frequency for most organizations?
- Monthly
- Annually
Question 104)
Island hopping is an attack method ordinarily used in which scenario?
- Supply Chain Infiltration
- Blocking access to a website for all users
- Compromising a corporate VIP
- Trojan Horse attacks
Question 105)
Security training for It staff is what type of control?
- Virtual
- Operational
- Physical
Question 106)
Which security concerns follow your workload fifty-fifty after it is successfully moved to the deject?
- All of the in a higher place
Question 107)
Which form of Deject calculating combines both public and individual clouds?
- Hybrid deject
Question 108)
Which component of the Linux operating arrangement interacts with your computer's hardware?
- The kernel
Question 109)
The encryption and protocols used to prevent unauthorized access to information are examples of which type of access control?
- Technical
Question 110)
In cybersecurity, Authenticity is defined as what?
- The property of being genuine and verifiable
Question 111)
ITIL is best described as what?
- A collection of IT Service Management best practices
Question 112)
Which position is in charge of testing the security and effectiveness of computer information systems?
- Information Security Auditor
Question 113)
A company wants to forestall employees from wasting time on social media sites. To achieve this, a certificate forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other pop sites. Which two (2) types of security controls has the visitor merely implemented? (Select 2)
- Administrative
- Technical
Question 114)
An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?
Confidentiality and Integrity
Question 115)
What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information information technology can get together from your system be called?
- Spyware
Question 116)
Fancy Bears and Anonymous are examples of what?
- Hacking organizations
Question 117)
Select the reply the fills in the blanks in the correct order.
A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.
- vulnerability, threat, exploit
- threat, exposure, risk
- threat thespian, vulnerability, exposure
Question 118)
Implement a filter to remove flooded packets before they accomplish the host is a countermeasure to which class of attack?
- A Denial of Service (DoS) attack
Question 119)
Trudy intercepts a romantic plain-text message from Alice to her swain Sam. The message upsets Trudy and so she forwards it to Bob, making information technology look like Alice intended information technology for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?
- All of the in a higher place
Question 120)
Which factor contributes most to the strength of an encryption system?
- How many people take access to your public cardinal
- The length of the encryption key used
- The number of private keys used by the system
Question 121)
What is an advantage asymmetric key encryption has over symmetric key encryption?
- Asymmetric keys can be exchanged more securely than symmetric keys
- Asymmetric primal encryption is harder to interruption than symmetric cardinal encryption
- Asymmetric key encryption is faster than symmetric key encryption
Question 122)
Which position is responsible for the "ethical hacking" of an organizations computer systems?
- A Penetration Tester
Question 123)
Which 3 (3) are considered best practices, baselines or frameworks? (Select three)
- ISO27000 series
- ITIL
- COBIT
Question 124)
What does the "A" in the CIA Triad stand for?
- Availability
Question 125)
Which type of access control is based upon the subject field's clearance level and the objects nomenclature?
- Hierarchical Access Command (HAC)
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role Based Access Control (RBAC)
Question 126)
Windows 10 stores 64-bit applications in which directory?
- \Plan Files
Question 127)
To build a virtual calculating environment, where is the hypervisor installed?
- Between the applications and the data sources
- On the cloud's supervisory arrangement
- Between the hardware and operating system
- Between the operating system and applications
Question 128)
An identical e-mail sent to millions of addresses at random would be classified as which type of assault?
- A Shark attack
- A Phishing set on
Question 129)
Which statement about drivers running in Windows kernel mode is true?
- Only disquisitional processes are permitted to run in kernel style since in that location is aught to forbid a
Question 130)
Symmetric fundamental encryption past itself ensures which of the following?
- Confidentiality and Integrity
- Confidentiality only
- Confidentiality and Availability
Question 131)
Which statement all-time describes configuring a NAT router to use dynamic mapping?
- The system will demand equally many registered IP addresses every bit it has computers that need Cyberspace access
- Many registered IP addresses are mapped to a single registered IP accost using different port numbers
- Unregistered IP addresses are mapped to registered IP addresses as they are needed
- The NAT router uses each reckoner'south IP address for both internal and external advice
Question 132)
Which address type does a calculator utilize to get a new IP address when it boots up?
- The network's DHCP server address
Question 133)
What is the main difference betwixt the IPv4 and IPv6 addressing schema?
- IPv6 is significantly faster than IPv4
- IPv6 is used only for IOT devices
- IPv6 allows for billions of times equally many possible IP addresses
Question 134)
Which blazon of firewall understands which session a packet belongs to and analyzes it appropriately?
- A Next Generation Firewall (NGFW)
Question 135)
An employee calls the IT Helpdesk and admits that perhaps, just possibly, the links in the email he clicked on this forenoon were not from the real Lottery Commission. What is the first thing you should tell the employee to do?
- Run a Port scan
- Run an antivirus scan
Question 136)
A penetration tester involved in a "Black box" attack would be doing what?
- Attempting to penetrate a client's systems every bit if she were an external hacker with no inside knowled
Question 137)
Which Mail Incident activity would exist concerned with maintaining the proper concatenation-of-custody?
- Lessons learned meeting
- Bear witness retentiveness
- Documentation review & update
- Utilizing collected data
Question 138)
In digital forensics, which 3 (iii) steps are involved in the drove of data? (Select 3)
- Develop a plan to acquire the data
- Verify the integrity of the data
- Larn the data
Question 139)
Which three (3) of the following are considered scripting languages? (Select 3)
- Perl
- Fustigate
- Python
Question 140)
What is the largest number that volition be printed during the execution of this Python while loop?
i=0
while (i<x):
impress(i)
i=i+1
- 9
Question 141)
Activities performed equally a role of security intelligence can be divided into pre-exploit and mail-exploit activities. Which two (2) of these are mail-exploit activities? (Select ii)
- Gather total situational sensation through advanced security analytics
- Perform forensic investigation
Question 142)
In that location are many good reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an system's backup practices?
- Availability
- Integrity
- Authorization
Question 143)
Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?
- Test
- Code & build
- Operate & monitor
- Plan
Question 144)
Which one of the OWASP Meridian ten Application Security Risks would be occur when at that place are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.
- Cross-site scripting
Question 145)
SIEM license costs are typically calculated based upon which two (2) factors? (Select two)
- Flows per minute (FPM)
- Events per second (EPS)
Question 146)
Truthful or Simulated. If you have no better place to first hunting threats, beginning with a view of the global threat landscape so drill downwardly to a regional view, manufacture view and finally a view of the threats specific to your ain organization.
- Truthful
Question 147)
True or Simulated. Cloud-based storage or hosting providers are amongst the top sources of third-party breaches
- True
Question 148)
You are looking very hard on the web for the lowest mortgage interest load you lot can find and you come across a rate that is then low it could not possibly be true. You bank check out the site to see that the terms are and quickly discover you are the victim of a ransomware attack. What was the probable attack vector used by the bad actors?
- Phishing
- Malicious Links
- Software Vulnerabilities
Question 149)
Very provocative articles that come up in news feeds or Google searches are sometimes called "click-allurement". These articles often tempt you lot to link to other sites that can be infected with malware. What assault vector is used by these click-bait sites to get you to go to the really bad sites?
- Malicious Links
More than New Questions
Question 150)
Which of the following defines a security threat?
- Whatever potential danger capable of exploiting a weakness in a system
- The likelihood that the weakness in a arrangement will be exploited
- I example of a weakness being exploited
- A weakness in a system that could be exploited past a bad player
Question 151)
Suspicious activity, similar IP addresses or ports existence scanned sequentially, is a sign of which type of attack?
- A mapping attack
- A denial of service (DoS) attack
- A phishing attack
- An IP spoofing assail
Question 152)
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?
- Trudy deletes the message without forwarding it
- Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
- Trudy changes the bulletin and and so forwards information technology on
- Trudy reads the bulletin
Question 153)
Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?
- PCI-DSS
- ISO27000 series
- HIPAA
- GDPR
- NIST 800-53A
Question 154)
A good Endpoint Detection and Response system (EDR) should have which three (3) of these capabilities? (Select 3)
- Automatically quarantine noncompliant endpoints
- Manage encryption keys for each endpoint
- Manage thousands of devices at once
- Deploying devices with network configurations
Question 155)
Which statement virtually encryption is True about data in use.
- Data should e'er be kept encrypted since modernistic CPUs are fully capable of operating directly on encrypted information
- It is vulnerable to theft and should be decrypted just for the briefest possible time while it is being operated on
- Short of orchestrating a retentivity dump from a system crash, there is no practical fashion for malware to get at the data being processed, and then dump logs are your only real concern
- Information in agile memory registers are not at gamble of beingness stolen
Question 156)
For added security you make up one's mind to protect your network past conducting both a stateless and stateful inspection of incoming packets. How tin can this be done?
- This cannot be done The network administrator must cull to run a given network segment in either stateful or stateless mode, and and so select the respective firewall type
- Install a single firewall that is capable of conducting both stateless and stateful inspections
- Install a stateful firewall simply These advanced devices audit everything a stateless firewall inspects in addition to state related factors
- Y'all must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall
Question 157)
In IPv4, how many of the 4 octets are used to define the network portion of the accost in a Form A network?
- 2
- one
- four
- 3
Question 158)
If you lot take to rely upon metadata to work with the data at manus, you are probably working with which type of data?
- Meta-structured data
- Semi-structured data
- Structured data
- Unstructured information
Question 159)
Which two (two) forms of discovery must be conducted online? (Select ii)
- Port scanning
- Shoulder surfing
- Social engineering
- Packet sniffing
Question 160)
Which Incident Response Team model describes a squad that runs all incident response activities for a company?
- Distributed
- Central
- Coordinating
- Control
Question 161)
Which is the data protection process that prevents a suspicious data request from being completed?
- Information risk assay
- Data classification
- Data discovery
- Blocking, masking and quarantining
Question 162)
Which grade of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their assail to streamline costs and focus efforts?
- Red Box Testing
- Gray Box Testing
- White Box testing
- Blackness Box Testing
Question 163)
Which type of application attack would include User denies performing an operation, aggressor exploits an application without trace, and attacker covers her tracks?
- Auditing and logging
- Authentication
- Authorisation
- Input validation
Question 164)
True or False. Thorough reconnaissance is an important step in developing an effective cyber kill chain.
- True
- False
Question 165)
Truthful or False. One of the principal challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.
- Truthful
- False
Question 166)
True or False. A large company has a data breach involving the theft of employee personnel records merely no customer information of whatsoever kind. Since no external data was involved, the company does not have to report the breach to police force enforcement.
- True
- False
Question 167)
You are the CEO of a large tech visitor and have just received an angry email that looks similar it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do simply find information technology blank, so you reply politely to the sender request for more details. Y'all never hear back, simply a week later your security squad tells you that your credentials accept been used to access and exfiltrate large amounts of company financial information. What kind of attack did you autumn victim to?
- As a phishing attack
- As a whale assail
- A shark assail
- A fly phishing assail
Question 168)
Which of these statements most the PCI-DSS requirements for whatsoever company handling, processing or transmitting credit carte data is true?
- Muti-cistron hallmark is required for all new card holders
- Some form of mobile device management (MDM) must be used on all mobile credit card processing devices
- All employees with straight access to cardholder data must be bonded
- Cardholder data must be encrypted if information technology is sent beyond open or public networks
Which Incident Response Team model describes a team that acts every bit consulting experts to advise local IR teams?
- Control
- Coordinating
- Distributed
- O Primal
In a Linux file system, which files are contained in the \bin folder?
- All user binary files, their libraries and headers
- Executable files such every bit grep and ping
- Configuration files such as fstab and inittab
- Directories such as /home and /usr
If a computer needs to send a message to a system that is not part of the local network, where does information technology ship the message?
- To the system's domain proper name
- To the system's IP address
- The network'due south DNS server address
- To the system's MAC accost
- The network'southward default gateway accost
- The network's DHCP server address
Which 3 (3) of these statements about the TCP protocol are Truthful? (Select 3)
- TCP is faster than UDP
- TCP is connexion-oriented
- TCP packets are reassembled by the receiving organization in the guild in which they were sent
- TCP is more reliable than UDP
A professor is not allowed to modify a student's final class afterwards she submits it without completing a special class to explain the circumstances that necessitated the alter. This boosted stride supports which attribute of the CIA Triad?
- Authorization
- Integrity
- Confidentiality
- Availability
Which of these is the best definition of a security risk?
- An instance of being exposed to losses
- Any potential danger that is associated with the exploitation of a vulnerability
- A weakness in a system
- The likelihood of a threat source exploiting a vulnerability
Trudy intercepts a plain text bulletin sent past Alice to Bob, but in no manner interferes with its delivery. Which attribute of the CIA Triad was violated?
- Confidentiality
- Integrity
- Availability
- All of the to a higher place
What is an advantage symmetric key encryption has over asymmetric key encryption?
- Symmetric key encryption provides ameliorate security against Man-in-the-centre attacks than is possible with asymmetric primal encryption
- Symmetric key encryption is faster than asymmetric key encryption
- Symmetric keys tin can be exchanged more than securely than disproportionate keys
- Symmetric key encryption is harder to break than asymmetric key encryption
Which type of application attack would include network eavesdropping, dictionary attacks and cookie replays?
- Configuration management
- Authentication
- Authorization
- Exception management
Why should yous always look for common patterns before starting a new security architecture design?
- They can help identify all-time practices
- They tin shorten the development lifecycle
- Some document consummate tested solutions
- All of the above
Last Update: 09/12/2021
Alert: Jo Answer Green hai wo right hai simply
Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai
Delight Expect I Will ADD More than NEW QUETIONS..
Too if you take Questions with correct answer Send me on my E-mail i will update on my blog..
niyander111@gmail.com
Thank you...
Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html
0 Response to "Click on Again Possibly Crossword Hint"
Post a Comment