What Are Correctional Services Departments Sometimes Called?

IBM Cybersecurity Annotator Professional Certificate Assessment Exam Quiz Answers

Alert: Jo Respond Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek incorrect option tha usko hata diya hai

Question 1)

Implementing a Security Awareness preparation program would be an example of which blazon of control?

• Administrative control

Question 2)

Putting locks on a door is an example of which type of control?

• Preventative

Question 3)

How would you allocate a piece of malicious code that can replicate itself and spread to new systems?

• A worm

Question 4)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

• A network bill of fare
• An Intrusion Detection System (IDS)
• A sniffing router

Question 5)

Which mechanism would help clinch the integrity of a message, merely not practise much to assure confidentiality or availability.

• Hashing

Question 6)

An arrangement wants to restrict employee after-hours access to its systems so information technology publishes a policy forbidding employees to work exterior of their assigned hours, and so makes sure the function doors remain locked on weekends. What ii (2) types of controls are they using? (Select 2)

• Physical
• Administrative

Question 7)

Which ii factors contribute to cryptographic strength? (Select two)

• The use of cyphers that are based on complex mathematical algorithms
• The use of cyphers that have undergone public scrutiny

Question 8)

Trying to pause an encryption key past trying every possible combination of characters is chosen what?

• A animal force attack

Question 9)

Which of the following describes the core goals of IT security?

• The Open Spider web Awarding Security Project (OWASP) Framework
• The Business Procedure Management Framework
• The CIA Triad

Question 10)

Which three (iii) roles are typically establish in an Information Security organization? (Select 3)

• Vulnerability Assessor
• Chief Information Security Officer (CISO)
• Penetration Tester

Question 11)

Problem Direction, Change Management, and Incident Direction are all key processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

• Trudy changes the message and then frontwards it on
• Trudy deletes the bulletin without forwarding it
• Trudy reads the message
• Trudy cannot read it considering it is encrypted merely allows it to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined as what?

• Being able to map an action to an identity

Question 14)

Multifactor hallmark (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (iii) are hallmark methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question 15)

Which three (3) of the post-obit are Concrete Admission Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question 16)

If you are setting up a Windows x laptop with a 32Gb hard bulldoze, which two (2) file system could y'all select? (Select 2)

• NTFS
• FAT32

Question 17)

Which iii (3) permissions can be set on a file in Linux? (Select iii)

• write
• execute
• read

Question 18)

If cost is the primary concern, which blazon of deject should exist considered first?

• Public cloud

Question nineteen)

Consolidating and virtualizing workloads should exist washed when?

• Earlier moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard ready by the credit carte du jour industry in the United states of america?

• PCI-DSS

Question 21)

Which two (2) of the following assault types target endpoints?

• Ad Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non accept a required patch installed, which argument best characterizes the actions information technology is able to take automatically?

• The endpoint can be quarantined from all network resources except those that allow information technology to download and install the missing patch

Question 23)

Granting access to a user based upon how high upwards he is in an organization violates what bones security premise?

• The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the following protections?

• Firewall and network protection
• Family options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the following?

• Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

• Cull a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your arrangement and continue them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

• Use of digital signatures

Question 28)

Which of the post-obit practices will assist assure the confidentiality of information in transit?

• Disable certificate pinning
• Have self-signed certificates
• Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you lot tin can realize from using a NAT (Network Address Translation) router? (Select 3)

• Allows static i-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address merely when they are needed
• Allows internal IP addresses to exist subconscious from outside observers

Question thirty)

Which argument best describes configuring a NAT router to use static mapping?

• The organisation volition need as many registered IP addresses as it has computers that demand Internet admission

Question 31)

If a figurer needs to ship a bulletin to a system that is part of the local network, where does information technology send the bulletin?

• To the system's MAC accost

Question 32)

Which are backdrop of a highly available system?

• Back-up, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

• UDP is faster than TCP
• UDP packets are reassembled past the receiving organisation in whatsoever gild they are received
• UDP is connectionless

Question 34)

What is i difference betwixt a Stateful Firewall and a Next Generation Firewall?

• A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you lot to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal 24-hour interval shift from his company's headquarters in Austin, TX Usa. Which two (2) of these activities heighten the near cause for concern? (Select ii)

• Each nighttime Hassan logs into his account from an ISP in China
• One evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which iii (3) of the post-obit are considered safe coding practices? (Select 3)

• Use library functions in place of OS commands
• Avoid using Bone commands whenever possible
• Avert running commands through a shell interpreter

Question 38)

Which three (3) items should exist included in the Planning step of a penetration test? (Select 3)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest study would cover the adventure ranking, recommendations and roadmap?

• Executive Summary

Question 40)

Spare workstations and servers, bare removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

• Incident Post-Analysis Resources
• Incident Assay Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

True or False. Digital forensics is constructive in solving cyber crimes merely is not considered constructive in solving tearing crimes such as rape and murder.

• False

Question 43)

Which iii (iii) are common obstacles faced when trying to examine forensic data? (Select three)

• Selecting the right tools to help filter and exclude irrelevant data
• Finding the relevant files among the hundreds of thousands found on most hard drives
• Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified condition remains truthful?

• Loops

Question 45)

Which two (2) statements about Python are truthful? (Select 2)

• Python code is considered piece of cake to debug compared with other popular programming languages
• Python code is considered very readable by novice programmers

Question 46)

In the Python argument

pi="3"

What data type is the data type of the variable pi?

• str

Question 47)

What will be printed by the following block of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

• 15

Question 48)

Which threat intelligence framework was adult by the United states Government to enable consequent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

True or Faux. An system's security immune system should exist integrated with outside organizations, including vendors and other third-parties.

• Truthful

Question 50)

Which three (iii) of these are amid the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Real-time alerting
• Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must collaborate with the operating system only through a series of applications, but not direct.

• True

Question 52)

All industries have their ain unique data security challenges. Which of these industries has a particular business organization with PCI-DSS compliance while having a large number of access points staffed by depression-level employees who accept access to payment carte data?

• Retail

Question 53)

True or False. WireShark has an impressive array of features and is distributed free of charge.

• True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required exist reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You summate that there is a 2% probability that a cybercriminal will be able to steal credit menu numbers from your online storefront which will result in $10M in losses to your company. What have you lot just determined?

• A take a chance

Question 57)

Which 1 of the OWASP Tiptop ten Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which iii (iii) of these are Solution Building Blocks (SBBs)? (Select three)

• Virus Protection
• Application Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from three areas, human expertise, security analytics and bogus intelligence. Chop-chop analyzing large quantities of unstructured data lends itself best to which of these areas?

• Artificial intelligence

Question lx)

The triad of a security operations centers (SOC) is People, Procedure and Technology. Which office of the triad would network monitoring belong?

• Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

• The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill concatenation

Question 62)

At that place is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

• Threat Discovery

.

Question 63)

Which iii (3) soft skills are important to have in an organisation'south incident response team? (Select 3)

• Communication
• Teamwork
• Problem solving and Critical thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which stage of the incident response lifecycle?

• Detection & Analysis

Question 65)

Which 3 (3) of these statistics near phishing attacks are real? (Select three)

• Around 15 million new phishing sites are created each month
• Phishing accounts for nearly xx% of data breaches
• 30% of phishing messages are opened by their targeted users

Question 66)

Which 3 (3) of these control processes are included in the PCI-DSS standard? (Select iii)

• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

Question 67)

Which iii (3) are malware types commonly used in PoS attacks to steal credit carte du jour data? (Select 3)

• Alina
• BlackPOS
• vSkimmer

Question 68)

Co-ordinate to a 2019 Ponemon written report, what percent of consumers indicated they would be willing to pay more for a production or service from a provider with amend security?

• 52%

Question 69)

Y'all get a phone call from a technician at the "Windows company" who tells you that they have detected a trouble with your arrangement and would similar to aid you lot resolve it. In gild to assistance, they need you lot to become to a web site and download a simple utility that will allow them to prepare the settings on your figurer. Since you only own an Apple Mac, you are suspicious of this caller and hang upwards. What would the attack vector have been if you had downloaded the "elementary utility" as asked?

• Remote Desktop Protocol (RDP)

Question lxx)

What is an effective fully automated way to prevent malware from entering your system as an e-mail zipper?

• Anti-virus software

 Question 71)

True or False. The large majority of stolen credit card numbers are used apace by the thief or a fellow member of his/her family unit.

• False

Question 72)

Which three (3) of these are PCI-DSS requirements for whatever visitor handling, processing or transmitting credit card data? (Select 3)

• Restrict admission to cardholder data by business organisation demand-to-know
• Assign a unique ID to each person with calculator access
• Restrict physical access to cardholder data

Question 73)

Truthful or False. Communications of a data alienation should exist handled by a team composed of members of the IR team, legal personnel and public relations.

• True

Question 74)

A Analogous incident response team model is characterized by which of the following?

• Multiple incident response teams inside an organization all of whom coordinate their activities merely within their country or department

• Multiple incident response teams within an organization merely i with authorisation to clinch consequent policies and practices are followed across all teams

• This term refers to a construction that assures the incident response team's activities are coordinated with senior management and all advisable departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

• Blueish Red

• Carmine, Blueish

Question 76)

The partnership betwixt security analysts and technology can exist said to exist grouped into 3 domains, homo expertise, security analytics and artificial intelligence. The man expertise domain would incorporate which three (iii) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures frequently contain diagrams like the one beneath. What does this diagram evidence?

<<Solution Architecture Data Menses.png>>

• Functional components and information menstruum

Question 78)

Port numbers 1024 through 49151 are known equally what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Data Link

Question eighty)

True or False. Internal attacks from trusted employees represents equally as pregnant a threat as external attacks from professional person cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

• 80%

Question 82)

Which country had the highest average cost per breach in 2018 at $8.19M

• United States

Question 83)

Which two (ii) of these Python libraries provides useful statistical functions? (Select two)

• StatsModels

• Scikit-acquire

Question 84)

What volition print out when this block of Python code is run?

i=1

#i=i+1

#i=i+2

#i=i+3

print(i)

• i

Question 85)

Which 3 (3) statements about Python variables are true? (Select 3)

• A variable name must outset with a letter or the underscore "_" graphic symbol
• Variables tin change type after they have been fix
• Variables do not take to exist declared in advance of their utilize

Question 86)

PowerShell is a configuration direction framework for which operating system?

• Windows

Question 87)

In digital forensics documenting the chain of custody of prove is disquisitional. Which of these should be included in your chain of custody log?

• All of the above

Question 88)

Forensic analysis should always be conducted on a re-create of the original data. Which two (ii) types of copying are appropriate for getting information from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

• An incremental backup

• A logical backup

Question 89)

Which of the following would be considered an incident precursor?

• An alert from your antivirus software indicating it had detected malware on your organisation

• An announced threat against your organization past a hactivist group

Question 90)

If a penetration test calls for yous to create a diagram of the target network including the identity of hosts and servers as well as a listing of open ports and published services, which tool would be the best fit for this chore?

• Nmap

Question 91)

Which blazon of listing is considered all-time for condom coding practice?

• Whitelist

Question 92)

In reviewing the security logs for a visitor'southward headquarters in New York Urban center, which of these activities should non raise much of a security concern?

• A recently hired information scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database

• An employee has started logging in from home for an hour or so during the last 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and spider web pages are considered which type of data?

• Unstructured data

• Semi-structured data

• Structured data

Question 94)

Which three (three) of these statements almost the TCP protocol are True? (Select 3)

• TCP packets are reassembled past the receiving organisation in the society in which they were sent

• TCP is more than reliable than UDP

• TCP is connexion-oriented

Question 95)

In IPv4, how many of the 4 octets are used to ascertain the network portion of the address in a Class B network?

• 2

Question 96)

A small-scale company with 25 computers wishes to connect them to the Net using a NAT router. How many Public IP addresses volition this company demand to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• 1

Question 97)

Why is symmetric key encryption the most common pick of methods to encryptic data at residue?

• In that location are far more keys bachelor for use

• Information technology is much faster than asymmetric fundamental encryption

Question 98)

Which of the following statements about hashing is True?

• Hashing uses algorithms that are known as "one-way" functions

Question 99)

Why is hashing not a mutual method used for encrypting information?

• Hashing is a 1-way process then the original data cannot exist reconstructed from a hash value

Question 100)

Public central encryption incorporating digital signatures ensures which of the following?

• Confidentiality and Integrity

Question 101)

What is the chief authentication protocol used by Microsoft in Agile Directory?

• Kerberos

Question 102)

Granting admission to a user account only those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

Question 103)

What is the about mutual patch remediation frequency for nigh organizations?

• Monthly

• Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security grooming for It staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even after it is successfully moved to the cloud?

• All of the above

Question 107)

Which grade of Cloud calculating combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

• The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

• Technical

Question 110)

In cybersecurity, Authenticity is divers as what?

• The holding of being genuine and verifiable

Question 111)

ITIL is best described every bit what?

• A drove of It Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of figurer information systems?

• Data Security Auditor

Question 113)

A company wants to foreclose employees from wasting time on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented? (Select two)

• Administrative

• Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a slice of malicious code that gets installed on a figurer and reports back to the controller your keystrokes and other information information technology can gather from your arrangement exist called?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a arrangement is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

• vulnerability, threat, exploit

• threat, exposure, gamble

• threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of assail?

• A Deprival of Service (DoS) assail

Question 119)

Trudy intercepts a romantic obviously-text message from Alice to her boyfriend Sam. The message upsets Trudy so she frontwards it to Bob, making it await like Alice intended it for Bob from the offset. Which aspect of the CIA Triad has Trudy violated ?

• All of the above

Question 120)

Which factor contributes almost to the strength of an encryption system?

• How many people take access to your public key

• The length of the encryption key used

• The number of private keys used by the system

Question 121)

What is an advantage asymmetric key encryption has over symmetric primal encryption?

• Asymmetric keys tin be exchanged more securely than symmetric keys

• Asymmetric cardinal encryption is harder to break than symmetric key encryption

• Asymmetric key encryption is faster than symmetric primal encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

• A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select three)

• ISO27000 series

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which type of access control is based upon the subject'southward clearance level and the objects classification?

• Hierarchical Admission Control (HAC)
• Discretionary Access Control (DAC)
• Mandatory Access Control (MAC)
• Role Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-flake applications in which directory?

• \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

• Betwixt the applications and the data sources
• On the cloud'due south supervisory system
• Between the hardware and operating organisation
• Betwixt the operating arrangement and applications

Question 128)

An identical electronic mail sent to millions of addresses at random would be classified as which type of assail?

• A Shark assail

• A Phishing attack

Question 129)

Which argument near drivers running in Windows kernel style is true?

• Merely disquisitional processes are permitted to run in kernel way since there is nothing to forbid a

Question 130)

Symmetric key encryption past itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to apply dynamic mapping?

• The organization will need equally many registered IP addresses every bit it has computers that demand Net admission

• Many registered IP addresses are mapped to a single registered IP address using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses as they are needed

• The NAT router uses each reckoner's IP accost for both internal and external advice

Question 132)

Which address blazon does a reckoner use to get a new IP address when it boots up?

• The network'south DHCP server address

Question 133)

What is the master difference between the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used simply for IOT devices

• IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes information technology accordingly?

• A Next Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that maybe, just peradventure, the links in the email he clicked on this morning were not from the existent Lottery Commission. What is the first thing you should tell the employee to exercise?

• Run a Port scan

• Run an antivirus scan

Question 136)

A penetration tester involved in a "Blackness box" attack would be doing what?

• Attempting to penetrate a client'south systems as if she were an external hacker with no inside knowled

Question 137)

Which Postal service Incident activity would be concerned with maintaining the proper chain-of-custody?

• Lessons learned meeting
• Evidence retention
• Documentation review & update
• Utilizing collected data

Question 138)

In digital forensics, which 3 (3) steps are involved in the collection of data? (Select 3)

• Develop a plan to larn the data

• Verify the integrity of the information

• Acquire the data

Question 139)

Which three (three) of the following are considered scripting languages? (Select iii)

• Perl

• Fustigate

• Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+1

• 9

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which 2 (2) of these are postal service-exploit activities? (Select 2)

• Gather full situational awareness through advanced security analytics

• Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of disquisitional data. Which aspect of the CIA Triad is most impacted past an organization's backup practices?

• Availability

• Integrity

• Authorization

Question 143)

Which stage of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

• Test

• Lawmaking & build

• Operate & monitor

• Plan

Question 144)

Which one of the OWASP Top 10 Awarding Security Risks would exist occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select two)

• Flows per minute (FPM)

• Events per second (EPS)

Question 146)

True or False. If you have no better identify to start hunting threats, start with a view of the global threat landscape and so drill down to a regional view, industry view and finally a view of the threats specific to your own system.

• True

Question 147)

Truthful or False. Deject-based storage or hosting providers are amidst the top sources of third-party breaches

• Truthful

Question 148)

Y'all are looking very difficult on the spider web for the lowest mortgage interest load you can find and you see a rate that is so low information technology could not possibly be true. You cheque out the site to encounter that the terms are and chop-chop find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative manufactures that come up in news feeds or Google searches are sometimes called "click-allurement". These manufactures often tempt you to link to other sites that can be infected with malware. What assail vector is used by these click-allurement sites to get you to become to the actually bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the post-obit defines a security threat?

• Any potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a organisation will exist exploited
• One instance of a weakness being exploited
• A weakness in a system that could be exploited past a bad role player

Question 151)

Suspicious action, similar IP addresses or ports existence scanned sequentially, is a sign of which blazon of attack?

• A mapping set on
• A denial of service (DoS) assail
• A phishing assault
• An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the bulletin without forwarding information technology
• Trudy cannot read it considering information technology is encrypted merely allows it to exist delivered to Bob in its original form
• Trudy changes the message and so forrad it on
• Trudy reads the bulletin

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

• PCI-DSS
• ISO27000 serial
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should have which three (iii) of these capabilities? (Select 3)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at one time
• Deploying devices with network configurations

Question 155)

Which statement near encryption is True about data in utilise.

• Information should always be kept encrypted since modernistic CPUs are fully capable of operating direct on encrypted information

• It is vulnerable to theft and should be decrypted merely for the briefest possible time while information technology is being operated on

• Brusk of orchestrating a memory dump from a system crash, there is no applied way for malware to get at the data existence candy, so dump logs are your only real concern

• Information in active retentiveness registers are not at risk of being stolen

Question 156)

For added security y'all decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How tin can this be done?

• This cannot be washed The network administrator must choose to run a given network segment in either stateful or stateless mode, and then select the corresponding firewall type

• Install a unmarried firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall merely These advanced devices inspect everything a stateless firewall inspects in addition to state related factors

• You must install 2 firewalls in serial, so all packets pass through the stateless firewall beginning and and so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

• 2
• 1
• 4
• iii

Question 158)

If you take to rely upon metadata to work with the data at hand, yous are probably working with which blazon of data?

• Meta-structured data
• Semi-structured data
• Structured information
• Unstructured data

Question 159)

Which two (ii) forms of discovery must be conducted online? (Select two)

• Port scanning
• Shoulder surfing
• Social applied science
• Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

• Distributed
• Central
• Coordinating
• Command

Question 161)

Which is the information protection procedure that prevents a suspicious information request from beingness completed?

• Data risk analysis
• Information nomenclature
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in accelerate of their assault to streamline costs and focus efforts?

• Red Box Testing
• Gray Box Testing
• White Box testing
• Black Box Testing

Question 163)

Which type of application set on would include User denies performing an operation, attacker exploits an application without trace, and attacker covers her tracks?

• Auditing and logging
• Authentication
• Authorization
• Input validation

Question 164)

Truthful or Imitation. Thorough reconnaissance is an of import step in developing an constructive cyber impale chain.

• True
• False

Question 165)

True or False. One of the main challenges in cyber threat hunting is a lack of useful tools sold by as well few vendors.

• True
• False

Question 166)

True or False. A large visitor has a data alienation involving the theft of employee personnel records just no customer information of any kind. Since no external data was involved, the company does not have to report the alienation to law enforcement.

• True
• False

Question 167)

You are the CEO of a big tech company and have just received an angry e-mail that looks similar it came from i of your biggest customers. The e-mail says your company is overbilling the customer and asks that yous examine the fastened invoice. You do merely observe information technology blank, so you lot reply politely to the sender asking for more details. You never hear dorsum, but a calendar week after your security team tells you that your credentials have been used to access and exfiltrate large amounts of visitor fiscal data. What kind of attack did you fall victim to?

• Every bit a phishing attack
• Every bit a whale assail
• A shark assail
• A fly phishing assail

Question 168)

Which of these statements about the PCI-DSS requirements for any visitor handling, processing or transmitting credit menu data is true?

• Muti-factor authentication is required for all new card holders
• Some form of mobile device management (MDM) must exist used on all mobile credit card processing devices
• All employees with direct admission to cardholder data must exist bonded
• Cardholder information must be encrypted if it is sent across open or public networks

Which Incident Response Squad model describes a team that acts as consulting experts to advise local IR teams?

• Command
• Coordinating
• Distributed
• O Central

In a Linux file organisation, which files are contained in the \bin folder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such equally fstab and inittab
• Directories such as /home and /usr

If a computer needs to transport a bulletin to a system that is not part of the local network, where does it send the message?

• To the system'southward domain proper noun
• To the arrangement's IP accost
• The network'due south DNS server address
• To the system's MAC address
• The network's default gateway address
• The network's DHCP server address

Which three (3) of these statements nigh the TCP protocol are True? (Select 3)

• TCP is faster than UDP
• TCP is connection-oriented
• TCP packets are reassembled by the receiving system in the order in which they were sent
• TCP is more reliable than UDP

A professor is not allowed to alter a student's terminal grade after she submits it without completing a special form to explain the circumstances that necessitated the alter. This additional footstep supports which aspect of the CIA Triad?

• Authorization
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security risk?

• An instance of being exposed to losses
• Any potential danger that is associated with the exploitation of a vulnerability
• A weakness in a organization
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text message sent by Alice to Bob, merely in no way interferes with its delivery. Which aspect of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the above

What is an advantage symmetric cardinal encryption has over disproportionate central encryption?

• Symmetric key encryption provides improve security against Human being-in-the-middle attacks than is possible with asymmetric key encryption
• Symmetric key encryption is faster than disproportionate fundamental encryption
• Symmetric keys can be exchanged more securely than asymmetric keys
• Symmetric central encryption is harder to interruption than disproportionate key encryption

Which blazon of application attack would include network eavesdropping, dictionary attacks and cookie replays?

• Configuration management
• Authentication
• Authorization
• Exception management

Why should you always look for common patterns before starting a new security architecture design?

• They tin can aid identify best practices
• They tin can shorten the development lifecycle
• Some document complete tested solutions
• All of the above

Final Update: 09/12/2021

Alert: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Delight Wait I Volition Add together More NEW QUETIONS..

Too if you lot have Questions with right answer  Send me on my Email i volition update on my blog..

niyander111@gmail.com

Thank yous...

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Posted by: pressleyolawkway.blogspot.com

Share this post