IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional person Certificate Assessment Exam Quiz Answers

Alert: Jo Reply Dark-green hai wo correct hai just

Jo Light-green Nahi hai. Usme se jo ek wrong choice tha usko hata diya hai

Question i)

Implementing a Security Awareness training program would be an example of which blazon of command?

  • Administrative control

Question 2)

Putting locks on a door is an example of which type of control?

  • Preventative

Question three)

How would you classify a piece of malicious code that tin replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, yous must implement promiscuous mode on which device ?

  • A network card
  • An Intrusion Detection Arrangement (IDS)
  • A sniffing router

Question 5)

Which machinery would assist assure the integrity of a message, but not do much to clinch confidentiality or availability.

  • Hashing

Question 6)

An organization wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours, and and so makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question 7)

Which ii factors contribute to cryptographic strength? (Select 2)

  • The utilize of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny

Question eight)

Trying to break an encryption fundamental by trying every possible combination of characters is called what?

  • A brute force attack

Question 9)

Which of the post-obit describes the core goals of It security?

  • The Open Spider web Application Security Project (OWASP) Framework
  • The Business Process Management Framework
  • The CIA Triad

Question 10)

Which three (3) roles are typically establish in an Data Security organization? (Select iii)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Problem Management, Change Management, and Incident Management are all key processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

  • Trudy changes the bulletin and so forrard information technology on
  • Trudy deletes the message without forwarding it
  • Trudy reads the bulletin
  • Trudy cannot read information technology because information technology is encrypted but allows information technology to be delivered to Bob in its original course

Question 13)

In cybersecurity, Accountability is defined as what?

  • Being able to map an activity to an identity

Question 14)

Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which iii (iii) are authentication methods? (Select iii)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which three (iii) of the post-obit are Physical Admission Controls? (Select iii)

  • Door locks
  • Security guards
  • Fences

Question 16)

If you are setting upward a Windows ten laptop with a 32Gb hard bulldoze, which two (2) file system could y'all select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which three (three) permissions tin be gear up on a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If cost is the primary business concern, which blazon of deject should exist considered first?

  • Public cloud

Question 19)

Consolidating and virtualizing workloads should exist done when?

  • Before moving the workloads to the deject

Question twenty)

Which of the following is a self-regulating standard fix past the credit menu manufacture in the U.s.?

  • PCI-DSS

Question 21)

Which two (2) of the following attack types target endpoints?

  • Ad Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically?

  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high upwardly he is in an organization violates what bones security premise?

  • The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the following protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the post-obit practices helps assure the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and proceed them hugger-mugger

Question 27)

Which of these methods ensures the authentication, not-repudiation and integrity of a digital communication?

  • Apply of digital signatures

Question 28)

Which of the post-obit practices volition assistance assure the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept cocky-signed certificates
  • Implement HTTP Strict Ship Protocol (HSTS)

Question 29)

Which iii (3) of these are benefits you tin can realize from using a NAT (Network Accost Translation) router? (Select 3)

  • Allows static 1-to-ane mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address but when they are needed
  • Allows internal IP addresses to exist subconscious from outside observers

Question thirty)

Which statement best describes configuring a NAT router to use static mapping?

  • The organization will need equally many registered IP addresses as information technology has computers that demand Cyberspace admission

Question 31)

If a computer needs to ship a bulletin to a system that is role of the local network, where does it send the message?

  • To the system's MAC accost

Question 32)

Which are properties of a highly available system?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever order they are received
  • UDP is connectionless

Question 34)

What is one divergence between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his visitor'due south headquarters in Austin, TX USA. Which two (2) of these activities enhance the about crusade for concern? (Select 2)

  • Each night Hassan logs into his account from an ISP in Red china
  • 1 evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which iii (three) of the post-obit are considered safe coding practices? (Select 3)

  • Use library functions in place of Os commands
  • Avoid using Bone commands whenever possible
  • Avoid running commands through a shell interpreter

Question 38)

Which three (3) items should be included in the Planning step of a penetration exam? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would cover the take chances ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, bare removable media, parcel sniffers and protocol analyzers, all belong to which Incident Response resources category?

  • Incident Post-Assay Resource
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

Truthful or Simulated. Digital forensics is effective in solving cyber crimes but is not considered constructive in solving violent crimes such every bit rape and murder.

  • Imitation

Question 43)

Which 3 (3) are mutual obstacles faced when trying to examine forensic information? (Select 3)

  • Selecting the correct tools to help filter and exclude irrelevant information
  • Finding the relevant files amid the hundreds of thousands found on most hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same cake of code while a specified status remains true?

  • Loops

Question 45)

Which two (2) statements nigh Python are true? (Select two)

  • Python code is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What information type is the data type of the variable pi?

  • str

Question 47)

What will be printed past the following block of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was developed by the United states Government to enable consequent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or False. An organization's security immune organization should exist integrated with outside organizations, including vendors and other third-parties.

  • True

Question fifty)

Which 3 (three) of these are amid the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

  • Vulnerability assessment
  • Real-fourth dimension alerting
  • Tokenization

Question 51)

True or Faux. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, merely not straight.

  • True

Question 52)

All industries accept their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed past low-level employees who have access to payment carte du jour information?

  • Retail

Question 53)

True or Imitation. WireShark has an impressive array of features and is distributed costless of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base of operations-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

  • IAM controls to regulate say-so

Question 56)

Y'all calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What have yous only adamant?

  • A risk

Question 57)

Which i of the OWASP Top 10 Application Security Risks would exist occur when an application's API exposes financial, healthcare or other PII information?

  • Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select iii)

  • Virus Protection
  • Awarding Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defence includes contributions from iii areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing big quantities of unstructured data lends itself best to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Procedure and Technology. Which function of the triad would network monitoring belong?

  • Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The human activity of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries equally early equally possible in the cyber impale chain

Question 62)

There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on make compromises and fraud on the dark spider web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an arrangement'south incident response team? (Select iii)

  • Advice
  • Teamwork
  • Problem solving and Critical thinking

Question 64)

Implementing stiff endpoint detection and mitigation strategies falls into which stage of the incident response lifecycle?

  • Detection & Assay

Question 65)

Which 3 (three) of these statistics about phishing attacks are real? (Select 3)

  • Around xv one thousand thousand new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing messages are opened by their targeted users

Question 66)

Which iii (three) of these command processes are included in the PCI-DSS standard? (Select 3)

  • Implement strong admission control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit carte data? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon written report, what pct of consumers indicated they would be willing to pay more than for a production or service from a provider with better security?

  • 52%

Question 69)

You lot become a phone phone call from a technician at the "Windows company" who tells yous that they accept detected a problem with your system and would like to aid you resolve it. In order to assist, they need you to go to a web site and download a simple utility that will allow them to set up the settings on your estimator. Since you lot but own an Apple Mac, yous are suspicious of this caller and hang up. What would the assault vector take been if you had downloaded the "simple utility" every bit asked?

  • Remote Desktop Protocol (RDP)

Question lxx)

What is an effective fully automated way to prevent malware from entering your organisation equally an email zipper?

  • Anti-virus software

 Question 71)

True or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family unit.

  • Imitation

Question 72)

Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit carte du jour data? (Select 3)

  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict concrete access to cardholder data

Question 73)

True or Imitation. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response squad model is characterized by which of the following?

  • Multiple incident response teams inside an organization all of whom coordinate their activities only inside their land or department
  • Multiple incident response teams inside an system only one with potency to assure consistent policies and practices are followed beyond all teams
  • This term refers to a structure that assures the incident response team'south activities are coordinated with senior management and all appropriate departments inside and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to equally the ____ and ____ teams, respectively.

  • Blue Red
  • Red, Blueish

Question 76)

The partnership between security analysts and engineering science tin be said to be grouped into three domains, man expertise, security analytics and artificial intelligence. The homo expertise domain would contain which 3 (3) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams like the one beneath. What does this diagram show?

<<Solution Architecture Data Period.png>>

  • Functional components and information catamenia

Question 78)

Port numbers 1024 through 49151 are known equally what?

  • Registered Ports

Question 79)

Which layer of the OSI model to package sniffers operate on?

  • Data Link

Question 80)

True or False. Internal attacks from trusted employees represents every flake as meaning a threat as external attacks from professional cyber criminals.

  • True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest average price per alienation in 2018 at $eight.19M

  • United States

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What volition print out when this cake of Python code is run?

i=1

#i=i+1

#i=i+two

#i=i+three

print(i)

  • 1

Question 85)

Which three (3) statements about Python variables are true? (Select 3)

  • A variable proper noun must start with a letter of the alphabet or the underscore "_" grapheme
  • Variables tin alter blazon after they have been set
  • Variables exercise not have to be declared in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

  • All of the to a higher place

Question 88)

Forensic assay should e'er be conducted on a copy of the original data. Which two (two) types of copying are appropriate for getting data from a laptop caused from a terminated employee, if yous suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the post-obit would be considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An announced threat against your organization by a hactivist group

Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well every bit a list of open ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which type of list is considered best for condom coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a visitor'due south headquarters in New York City, which of these activities should not raise much of a security concern?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from abode for an hour or and so during the concluding two weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which blazon of information?

  • Unstructured data
  • Semi-structured data
  • Structured data

Question 94)

Which three (3) of these statements about the TCP protocol are True? (Select three)

  • TCP packets are reassembled by the receiving organization in the society in which they were sent
  • TCP is more reliable than UDP
  • TCP is connectedness-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

  • 2

Question 96)

A small visitor with 25 computers wishes to connect them to the Net using a NAT router. How many Public IP addresses will this company need to assure all 25 computers tin communicate with each other and other systems on the Net if they implement Port Address Translations?

  • i

Question 97)

Why is symmetric central encryption the most common choice of methods to encryptic data at residue?

  • There are far more keys available for use
  • Information technology is much faster than disproportionate key encryption

Question 98)

Which of the following statements about hashing is True?

  • Hashing uses algorithms that are known equally "ane-mode" functions

Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a 1-manner process and so the original data cannot be reconstructed from a hash value

Question 100)

Public fundamental encryption incorporating digital signatures ensures which of the post-obit?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used by Microsoft in Agile Directory?

  • Kerberos

Question 102)

Granting access to a user account only those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the most common patch remediation frequency for almost organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method normally used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Equus caballus attacks

Question 105)

Security training for Information technology staff is what type of command?

  • Virtual
  • Operational
  • Concrete

Question 106)

Which security concerns follow your workload even afterward information technology is successfully moved to the cloud?

  • All of the above

Question 107)

Which course of Cloud computing combines both public and private clouds?

  • Hybrid deject

Question 108)

Which component of the Linux operating arrangement interacts with your computer's hardware?

  • The kernel

Question 109)

The encryption and protocols used to foreclose unauthorized access to data are examples of which type of access command?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The property of beingness 18-carat and verifiable

Question 111)

ITIL is best described as what?

  • A collection of It Service Management all-time practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer data systems?

  • Data Security Auditor

Question 113)

A visitor wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding utilize of these sites while at piece of work is written and circulated and so the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which 2 (ii) types of security controls has the company just implemented? (Select 2)

  • Administrative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a slice of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your organization exist called?

  • Spyware

Question 116)

Fancy Bears and Bearding are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, gamble
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they attain the host is a countermeasure to which form of attack?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic patently-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it await like Alice intended it for Bob from the get-go. Which attribute of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which factor contributes most to the strength of an encryption system?

  • How many people have access to your public key
  • The length of the encryption central used
  • The number of private keys used by the system

Question 121)

What is an advantage asymmetric cardinal encryption has over symmetric central encryption?

  • Asymmetric keys can be exchanged more securely than symmetric keys
  • Asymmetric key encryption is harder to intermission than symmetric key encryption
  • Asymmetric cardinal encryption is faster than symmetric central encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations calculator systems?

  • A Penetration Tester

Question 123)

Which 3 (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

  • Availability

Question 125)

Which type of access control is based upon the subject's clearance level and the objects nomenclature?

  • Hierarchical Access Command (HAC)
  • Discretionary Access Command (DAC)
  • Mandatory Access Command (MAC)
  • Role Based Admission Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Plan Files

Question 127)

To build a virtual calculating environment, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the deject's supervisory organisation
  • Between the hardware and operating system
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of attack?

  • A Shark assault
  • A Phishing assail

Question 129)

Which argument almost drivers running in Windows kernel manner is true?

  • But critical processes are permitted to run in kernel mode since there is nothing to prevent a

Question 130)

Symmetric central encryption past itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability

Question 131)

Which statement all-time describes configuring a NAT router to use dynamic mapping?

  • The organization will need as many registered IP addresses as it has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP address using different port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each figurer'southward IP address for both internal and external advice

Question 132)

Which address type does a estimator utilise to get a new IP address when it boots upward?

  • The network's DHCP server accost

Question 133)

What is the primary difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times every bit many possible IP addresses

Question 134)

Which blazon of firewall understands which session a packet belongs to and analyzes it appropriately?

  • A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that possibly, just mayhap, the links in the electronic mail he clicked on this morning were not from the real Lottery Commission. What is the first matter you should tell the employee to practise?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Blackness box" attack would exist doing what?

  • Attempting to penetrate a client'due south systems as if she were an external hacker with no inside knowled

Question 137)

Which Mail service Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing collected information

Question 138)

In digital forensics, which iii (3) steps are involved in the collection of information? (Select 3)

  • Develop a programme to acquire the data
  • Verify the integrity of the information
  • Larn the data

Question 139)

Which three (iii) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+1

  • 9

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and mail-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)

  • Get together total situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

In that location are many adept reasons for maintaining comprehensive backups of disquisitional data. Which aspect of the CIA Triad is about impacted past an organisation's backup practices?

  • Availability
  • Integrity
  • Dominance

Question 143)

Which phase of DevSecOps would incorporate the activities Internal/External testing, Continuous balls, and Compliance checking?

  • Test
  • Lawmaking & build
  • Operate & monitor
  • Plan

Question 144)

Which one of the OWASP Pinnacle 10 Application Security Risks would be occur when there are no safeguards against a user being immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select two)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

True or Fake. If you have no better identify to start hunting threats, outset with a view of the global threat landscape and so drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

  • True

Question 147)

Truthful or False. Cloud-based storage or hosting providers are among the top sources of third-party breaches

  • True

Question 148)

Yous are looking very difficult on the web for the lowest mortgage interest load you lot tin discover and yous come beyond a rate that is and then depression it could not maybe be true. You check out the site to come across that the terms are and quickly find you lot are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come up up in news feeds or Google searches are sometimes chosen "click-allurement". These manufactures oftentimes tempt yous to link to other sites that can be infected with malware. What set on vector is used past these click-bait sites to get you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • One example of a weakness being exploited
  • A weakness in a system that could be exploited past a bad actor

Question 151)

Suspicious activity, like IP addresses or ports beingness scanned sequentially, is a sign of which type of assault?

  • A mapping attack
  • A denial of service (DoS) set on
  • A phishing set on
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read it because it is encrypted simply allows it to exist delivered to Bob in its original form
  • Trudy changes the message and then forrard it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and advisable administrative, technical, and physical safeguards for protecting electronic protected wellness information (east-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A good Endpoint Detection and Response arrangement (EDR) should take which 3 (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which statement about encryption is Truthful about data in use.

  • Information should e'er be kept encrypted since modern CPUs are fully capable of operating directly on encrypted information
  • It is vulnerable to theft and should exist decrypted only for the briefest possible time while it is being operated on
  • Short of orchestrating a memory dump from a arrangement crash, there is no practical mode for malware to become at the data being processed, so dump logs are your but real business
  • Information in active retentivity registers are not at run a risk of existence stolen

Question 156)

For added security you determine to protect your network past conducting both a stateless and stateful inspection of incoming packets. How can this be washed?

  • This cannot exist done The network administrator must choose to run a given network segment in either stateful or stateless style, and so select the corresponding firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall merely These advanced devices audit everything a stateless firewall inspects in improver to state related factors
  • You must install two firewalls in series, and then all packets laissez passer through the stateless firewall first and and so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

  • 2
  • 1
  • 4
  • 3

Question 158)

If you have to rely upon metadata to work with the data at mitt, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured data
  • Structured information
  • Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select two)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Central
  • Analogous
  • Control

Question 161)

Which is the data protection process that prevents a suspicious information request from being completed?

  • Data risk analysis
  • Information classification
  • Information discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Cherry Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which blazon of application attack would include User denies performing an performance, assailant exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Authentication
  • Say-so
  • Input validation

Question 164)

Truthful or False. Thorough reconnaissance is an important stride in developing an effective cyber impale concatenation.

  • Truthful
  • Fake

Question 165)

Truthful or False. One of the primary challenges in cyber threat hunting is a lack of useful tools sold past too few vendors.

  • True
  • False

Question 166)

Truthful or Faux. A large company has a data breach involving the theft of employee personnel records but no client data of whatever kind. Since no external data was involved, the company does not have to report the breach to law enforcement.

  • True
  • False

Question 167)

You are the CEO of a large tech company and have but received an angry email that looks like it came from one of your biggest customers. The electronic mail says your company is overbilling the customer and asks that you examine the attached invoice. Yous do but find it blank, and so you respond politely to the sender asking for more than details. You never hear dorsum, but a week later your security squad tells you that your credentials take been used to access and exfiltrate large amounts of visitor financial data. What kind of attack did you fall victim to?

  • Every bit a phishing attack
  • As a whale assault
  • A shark attack
  • A fly phishing assail

Question 168)

Which of these statements most the PCI-DSS requirements for any company handling, processing or transmitting credit bill of fare data is truthful?

  • Muti-factor authentication is required for all new card holders
  • Some grade of mobile device direction (MDM) must be used on all mobile credit carte processing devices
  • All employees with directly admission to cardholder information must be bonded
  • Cardholder information must be encrypted if it is sent beyond open or public networks

Which Incident Response Team model describes a team that acts every bit consulting experts to suggest local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Cardinal

In a Linux file arrangement, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /domicile and /usr

If a reckoner needs to send a bulletin to a system that is not part of the local network, where does information technology ship the message?

  • To the arrangement's domain name
  • To the arrangement's IP address
  • The network's DNS server address
  • To the arrangement'due south MAC accost
  • The network'south default gateway address
  • The network'south DHCP server accost

Which three (3) of these statements about the TCP protocol are True? (Select 3)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more than reliable than UDP

A professor is not allowed to alter a student's final form after she submits it without completing a special form to explicate the circumstances that necessitated the alter. This additional step supports which aspect of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security take a chance?

  • An instance of being exposed to losses
  • Whatever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a organisation
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a apparently text message sent by Alice to Bob, just in no way interferes with its commitment. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an advantage symmetric fundamental encryption has over asymmetric primal encryption?

  • Symmetric fundamental encryption provides improve security against Man-in-the-middle attacks than is possible with asymmetric key encryption
  • Symmetric key encryption is faster than asymmetric key encryption
  • Symmetric keys can exist exchanged more than securely than asymmetric keys
  • Symmetric central encryption is harder to break than asymmetric key encryption

Which blazon of awarding attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Authorisation
  • Exception direction

Why should you lot always look for mutual patterns before starting a new security compages blueprint?

  • They can assist place all-time practices
  • They can shorten the evolution lifecycle
  • Some document complete tested solutions
  • All of the above

Last Update: 09/12/2021

Warning: Jo Answer Dark-green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

PLEASE Await I Will ADD MORE NEW QUETIONS..

Also if y'all accept Questions with correct answer  Send me on my Email i will update on my web log..

niyander111@gmail.com

Cheers...