What Is The Amount Of Money One Can Make After Taking Social Security Sfter 62

IBM Cybersecurity Analyst Professional person Certificate Assessment Exam Quiz Answers

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

Question 1)

Implementing a Security Awareness grooming program would be an example of which type of command?

• Administrative control

Question 2)

Putting locks on a door is an case of which blazon of control?

• Preventative

Question 3)

How would y'all allocate a piece of malicious code that tin replicate itself and spread to new systems?

• A worm

Question 4)

To engage in bundle sniffing, you must implement promiscuous style on which device ?

• A network card
• An Intrusion Detection Organization (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability.

• Hashing

Question 6)

An organization wants to restrict employee after-hours access to its systems so information technology publishes a policy forbidding employees to work outside of their assigned hours, and and then makes sure the part doors remain locked on weekends. What two (2) types of controls are they using? (Select ii)

• Concrete
• Administrative

Question seven)

Which two factors contribute to cryptographic strength? (Select 2)

• The use of cyphers that are based on complex mathematical algorithms
• The utilize of cyphers that have undergone public scrutiny

Question 8)

Trying to suspension an encryption fundamental by trying every possible combination of characters is called what?

• A beast force set on

Question 9)

Which of the following describes the cadre goals of IT security?

• The Open Web Application Security Project (OWASP) Framework
• The Business Process Management Framework
• The CIA Triad

Question 10)

Which three (3) roles are typically plant in an Information Security organization? (Select 3)

• Vulnerability Assessor
• Chief Information Security Officeholder (CISO)
• Penetration Tester

Question 11)

Trouble Management, Change Management, and Incident Management are all key processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

• Trudy changes the message and then forrard it on
• Trudy deletes the message without forwarding it
• Trudy reads the message
• Trudy cannot read it because it is encrypted merely allows it to be delivered to Bob in its original course

Question thirteen)

In cybersecurity, Accountability is defined equally what?

• Existence able to map an action to an identity

Question fourteen)

Multifactor hallmark (MFA) requires more than one authentication method to be used before identity is authenticated. Which 3 (3) are authentication methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question xv)

Which three (3) of the following are Physical Admission Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question sixteen)

If yous are setting up a Windows 10 laptop with a 32Gb difficult bulldoze, which two (2) file system could you select? (Select two)

• NTFS
• FAT32

Question 17)

Which 3 (3) permissions can exist set on a file in Linux? (Select 3)

• write
• execute
• read

Question 18)

If price is the main concern, which blazon of deject should be considered get-go?

• Public deject

Question nineteen)

Consolidating and virtualizing workloads should be washed when?

• Before moving the workloads to the cloud

Question xx)

Which of the following is a self-regulating standard fix by the credit card industry in the U.s.a.?

• PCI-DSS

Question 21)

Which two (2) of the post-obit attack types target endpoints?

• Ad Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not take a required patch installed, which statement best characterizes the deportment information technology is able to take automatically?

• The endpoint tin can be quarantined from all network resource except those that allow information technology to download and install the missing patch

Question 23)

Granting access to a user based upon how high upward he is in an organisation violates what bones security premise?

• The principle of least privileges

Question 24)

The Windows Security App bachelor in Windows 10 provides uses with which of the post-obit protections?

• Firewall and network protection
• Family options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the following?

• Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

• Choose a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your system and proceed them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital advice?

• Apply of digital signatures

Question 28)

Which of the following practices will help assure the confidentiality of information in transit?

• Disable document pinning
• Accept self-signed certificates
• Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which iii (3) of these are benefits you tin can realize from using a NAT (Network Address Translation) router? (Select 3)

• Allows static ane-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
• Allows internal IP addresses to exist hidden from outside observers

Question 30)

Which statement best describes configuring a NAT router to use static mapping?

• The organization will need as many registered IP addresses as information technology has computers that demand Net admission

Question 31)

If a computer needs to transport a message to a system that is function of the local network, where does information technology send the message?

• To the system's MAC accost

Question 32)

Which are properties of a highly bachelor system?

• Redundancy, failover and monitoring

Question 33)

Which three (three) of these statements virtually the UDP protocol are True? (Select three)

• UDP is faster than TCP
• UDP packets are reassembled by the receiving system in whatever gild they are received
• UDP is connectionless

Question 34)

What is one departure between a Stateful Firewall and a Next Generation Firewall?

• A NGFW understand which awarding sent a given package

Question 35)

You lot are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require yous to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX United states of america. Which two (2) of these activities raise the most cause for concern? (Select 2)

• Each night Hassan logs into his account from an Internet access provider in Prc
• One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (3) of the following are considered safe coding practices? (Select 3)

• Use library functions in identify of Os commands
• Avoid using OS commands whenever possible
• Avoid running commands through a shell interpreter

Question 38)

Which three (3) items should exist included in the Planning stride of a penetration exam? (Select three)

• Informing Demand-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest report would encompass the risk ranking, recommendations and roadmap?

• Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

• Incident Post-Analysis Resources
• Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

Truthful or Faux. Digital forensics is effective in solving cyber crimes only is not considered effective in solving violent crimes such as rape and murder.

• Fake

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3)

• Selecting the right tools to help filter and exclude irrelevant data
• Finding the relevant files among the hundreds of thousands found on most difficult drives
• Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified condition remains true?

• Loops

Question 45)

Which 2 (two) statements nearly Python are true? (Select 2)

• Python code is considered easy to debug compared with other pop programming languages
• Python lawmaking is considered very readable by novice programmers

Question 46)

In the Python statement

pi="three"

What information type is the data type of the variable pi?

• str

Question 47)

What volition be printed by the following block of Python code?

def Add5(in)

 out=in+v

 render out

 print(Add5(10))

• 15

Question 48)

Which threat intelligence framework was adult by the US Government to enable consistent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

True or False. An organization'due south security immune organization should be integrated with outside organizations, including vendors and other third-parties.

• True

Question fifty)

Which iii (3) of these are amid the tiptop 12 capabilities that a good data security and protection solution should provide? (Select iii)

• Vulnerability cess
• Real-time alerting
• Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must interact with the operating arrangement just through a series of applications, only not direct.

• Truthful

Question 52)

All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card information?

• Retail

Question 53)

Truthful or False. WireShark has an impressive array of features and is distributed free of charge.

• Truthful

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You summate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will event in $10M in losses to your company. What take you just adamant?

• A risk

Question 57)

Which i of the OWASP Summit 10 Application Security Risks would exist occur when an application'due south API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which iii (3) of these are Solution Building Blocks (SBBs)? (Select 3)

• Virus Protection
• Awarding Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense force includes contributions from 3 areas, human expertise, security analytics and bogus intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

• Artificial intelligence

Question sixty)

The triad of a security operations centers (SOC) is People, Procedure and Engineering. Which part of the triad would network monitoring vest?

• Engineering

Question 61)

Which of these is a practiced definition for cyber threat hunting?

• The human activity of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early every bit possible in the cyber kill concatenation

Question 62)

In that location is value brought by each of the IBM i2 EIA employ cases. Which one of these provides firsthand alerting on make compromises and fraud on the nighttime web.

• Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an organization's incident response team? (Select iii)

• Communication
• Teamwork
• Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Analysis

Question 65)

Which three (iii) of these statistics about phishing attacks are real? (Select iii)

• Around 15 1000000 new phishing sites are created each month
• Phishing accounts for nearly twenty% of data breaches
• xxx% of phishing messages are opened by their targeted users

Question 66)

Which three (3) of these command processes are included in the PCI-DSS standard? (Select three)

• Implement strong admission control measures
• Regularly monitor and test networks
• Maintain an data security policy

Question 67)

Which 3 (three) are malware types commonly used in PoS attacks to steal credit card data? (Select iii)

• Alina
• BlackPOS
• vSkimmer

Question 68)

According to a 2022 Ponemon written report, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

• 52%

Question 69)

Yous get a phone call from a technician at the "Windows company" who tells y'all that they have detected a problem with your arrangement and would similar to assistance yous resolve it. In order to help, they need you to go to a web site and download a elementary utility that volition permit them to ready the settings on your computer. Since yous only own an Apple Mac, you are suspicious of this caller and hang up. What would the assault vector have been if you had downloaded the "elementary utility" as asked?

• Remote Desktop Protocol (RDP)

Question lxx)

What is an effective fully automated manner to prevent malware from entering your system as an email zipper?

• Anti-virus software

 Question 71)

Truthful or False. The large majority of stolen credit card numbers are used chop-chop by the thief or a fellow member of his/her family.

• False

Question 72)

Which three (three) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

• Restrict admission to cardholder information past business organization need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data

Question 73)

True or False. Communications of a information alienation should exist handled by a team composed of members of the IR squad, legal personnel and public relations.

• True

Question 74)

A Analogous incident response team model is characterized by which of the following?

• Multiple incident response teams within an organization all of whom coordinate their activities only within their country or department

• Multiple incident response teams within an organization but i with authority to assure consistent policies and practices are followed across all teams

• This term refers to a structure that assures the incident response team'due south activities are coordinated with senior direction and all advisable departments within and system

Question 75)

The cyber hunting squad and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

• Blue Ruddy

• Red, Blue

Question 76)

The partnership between security analysts and applied science tin can be said to be grouped into 3 domains, human expertise, security analytics and bogus intelligence. The homo expertise domain would contain which three (three) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures often incorporate diagrams similar the one below. What does this diagram testify?

<<Solution Architecture Data Flow.png>>

• Functional components and data menstruation

Question 78)

Port numbers 1024 through 49151 are known every bit what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Information Link

Question 80)

True or Simulated. Internal attacks from trusted employees represents every bit as significant a threat as external attacks from professional person cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2022, what fraction of security tools are deployed with default settings and thus underperform expectations?

• lxxx%

Question 82)

Which country had the highest boilerplate cost per breach in 2022 at $8.19M

• United States

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select 2)

• StatsModels

• Scikit-learn

Question 84)

What will print out when this cake of Python code is run?

i=1

#i=i+1

#i=i+2

#i=i+iii

print(i)

• 1

Question 85)

Which 3 (3) statements nearly Python variables are true? (Select iii)

• A variable name must start with a letter or the underscore "_" grapheme
• Variables can change blazon after they take been set
• Variables practise not have to be alleged in accelerate of their use

Question 86)

PowerShell is a configuration direction framework for which operating organisation?

• Windows

Question 87)

In digital forensics documenting the concatenation of custody of evidence is disquisitional. Which of these should be included in your chain of custody log?

• All of the above

Question 88)

Forensic analysis should always be conducted on a re-create of the original data. Which two (2) types of copying are advisable for getting data from a laptop acquired from a terminated employee, if y'all suspect he has deleted incriminating files? (Select 2)

• An incremental fill-in

• A logical fill-in

Question 89)

Which of the following would exist considered an incident forerunner?

• An warning from your antivirus software indicating it had detected malware on your system

• An appear threat against your organization by a hactivist group

Question 90)

If a penetration examination calls for you to create a diagram of the target network including the identity of hosts and servers as well as a listing of open ports and published services, which tool would be the best fit for this chore?

• Nmap

Question 91)

Which type of list is considered best for safe coding do?

• Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should not raise much of a security concern?

• A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate fiscal database

• An employee has started logging in from dwelling house for an hr or so during the last 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which type of data?

• Unstructured information

• Semi-structured data

• Structured data

Question 94)

Which 3 (iii) of these statements about the TCP protocol are Truthful? (Select three)

• TCP packets are reassembled past the receiving system in the order in which they were sent

• TCP is more reliable than UDP

• TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the accost in a Form B network?

• 2

Question 96)

A pocket-sized company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this visitor need to assure all 25 computers tin can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• 1

Question 97)

Why is symmetric key encryption the most mutual choice of methods to encryptic information at rest?

• There are far more keys available for use

• It is much faster than asymmetric key encryption

Question 98)

Which of the following statements about hashing is True?

• Hashing uses algorithms that are known as "one-style" functions

Question 99)

Why is hashing not a common method used for encrypting data?

• Hashing is a one-way process so the original data cannot be reconstructed from a hash value

Question 100)

Public cardinal encryption incorporating digital signatures ensures which of the post-obit?

• Confidentiality and Integrity

Question 101)

What is the chief authentication protocol used by Microsoft in Agile Directory?

• Kerberos

Question 102)

Granting access to a user business relationship only those privileges necessary to perform its intended functions is known every bit what?

• The principle of least privileges

Question 103)

What is the well-nigh common patch remediation frequency for most organizations?

• Monthly

• Annually

Question 104)

Island hopping is an attack method ordinarily used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security training for Information technology staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even afterward it is successfully moved to the cloud?

• All of the in a higher place

Question 107)

Which form of Cloud computing combines both public and private clouds?

• Hybrid deject

Question 108)

Which component of the Linux operating arrangement interacts with your computer's hardware?

• The kernel

Question 109)

The encryption and protocols used to forestall unauthorized access to data are examples of which type of admission control?

• Technical

Question 110)

In cybersecurity, Authenticity is divers as what?

• The belongings of being genuine and verifiable

Question 111)

ITIL is all-time described as what?

• A collection of It Service Management best practices

Question 112)

Which position is in accuse of testing the security and effectiveness of reckoner information systems?

• Information Security Auditor

Question 113)

A company wants to prevent employees from wasting time on social media sites. To reach this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company only implemented? (Select 2)

• Administrative

• Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious lawmaking that gets installed on a computer and reports back to the controller your keystrokes and other data information technology tin can assemble from your system be called?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a organization is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad player.

• vulnerability, threat, exploit

• threat, exposure, chance

• threat player, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they accomplish the host is a countermeasure to which grade of attack?

• A Deprival of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text bulletin from Alice to her beau Sam. The bulletin upsets Trudy so she frontward it to Bob, making it look like Alice intended information technology for Bob from the beginning. Which attribute of the CIA Triad has Trudy violated ?

• All of the higher up

Question 120)

Which gene contributes about to the strength of an encryption system?

• How many people have access to your public key

• The length of the encryption central used

• The number of private keys used by the organization

Question 121)

What is an advantage disproportionate central encryption has over symmetric fundamental encryption?

• Disproportionate keys can be exchanged more deeply than symmetric keys

• Asymmetric key encryption is harder to break than symmetric key encryption

• Disproportionate primal encryption is faster than symmetric cardinal encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations figurer systems?

• A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

• ISO27000 series

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

• Availability

Question 125)

Which type of access control is based upon the subject's clearance level and the objects classification?

• Hierarchical Access Control (HAC)
• Discretionary Access Control (DAC)
• Mandatory Access Command (MAC)
• Role Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

• \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

• Between the applications and the data sources
• On the cloud's supervisory system
• Between the hardware and operating organization
• Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of assault?

• A Shark assault

• A Phishing attack

Question 129)

Which statement near drivers running in Windows kernel mode is true?

• Only critical processes are permitted to run in kernel mode since at that place is cipher to forestall a

Question 130)

Symmetric key encryption past itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to use dynamic mapping?

• The organization will need equally many registered IP addresses as it has computers that need Cyberspace access

• Many registered IP addresses are mapped to a single registered IP accost using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses as they are needed

• The NAT router uses each reckoner's IP address for both internal and external communication

Question 132)

Which address blazon does a calculator use to get a new IP accost when it boots up?

• The network'due south DHCP server address

Question 133)

What is the principal difference betwixt the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used only for IOT devices

• IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a package belongs to and analyzes it accordingly?

• A Next Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that peradventure, but perhaps, the links in the e-mail he clicked on this morning were not from the real Lottery Committee. What is the first thing you should tell the employee to do?

• Run a Port browse

• Run an antivirus browse

Question 136)

A penetration tester involved in a "Blackness box" attack would be doing what?

• Attempting to penetrate a customer's systems as if she were an external hacker with no inside knowled

Question 137)

Which Postal service Incident activity would exist concerned with maintaining the proper concatenation-of-custody?

• Lessons learned meeting
• Prove retentivity
• Documentation review & update
• Utilizing collected information

Question 138)

In digital forensics, which 3 (3) steps are involved in the drove of information? (Select 3)

• Develop a plan to larn the information

• Verify the integrity of the data

• Acquire the data

Question 139)

Which three (3) of the following are considered scripting languages? (Select 3)

• Perl

• Bash

• Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<ten):

 print(i)

 i=i+1

• nine

Question 141)

Activities performed as a part of security intelligence tin be divided into pre-exploit and mail service-exploit activities. Which ii (two) of these are mail-exploit activities? (Select ii)

• Gather full situational awareness through advanced security analytics

• Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is well-nigh impacted by an organization'south backup practices?

• Availability

• Integrity

• Authorization

Question 143)

Which stage of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

• Test

• Code & build

• Operate & monitor

• Plan

Question 144)

Which one of the OWASP Meridian 10 Application Security Risks would be occur when there are no safeguards confronting a user being allowed to execute HTML or JavaScript in the user'southward browser that can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (ii) factors? (Select two)

• Flows per minute (FPM)

• Events per second (EPS)

Question 146)

True or False. If yous have no better identify to start hunting threats, starting time with a view of the global threat landscape and then drill downwards to a regional view, industry view and finally a view of the threats specific to your ain system.

• True

Question 147)

Truthful or False. Cloud-based storage or hosting providers are among the top sources of tertiary-political party breaches

• Truthful

Question 148)

Y'all are looking very difficult on the spider web for the lowest mortgage interest load you tin can find and you come beyond a rate that is so low it could not perchance be truthful. Yous check out the site to run into that the terms are and rapidly observe y'all are the victim of a ransomware attack. What was the likely assail vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative manufactures that come up upwardly in news feeds or Google searches are sometimes chosen "click-bait". These articles often tempt you to link to other sites that tin exist infected with malware. What attack vector is used by these click-bait sites to get you lot to go to the really bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

• Any potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a organisation will exist exploited
• One instance of a weakness being exploited
• A weakness in a organisation that could be exploited by a bad thespian

Question 151)

Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?

• A mapping attack
• A denial of service (DoS) attack
• A phishing set on
• An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the message without forwarding it
• Trudy cannot read it because it is encrypted only allows it to be delivered to Bob in its original form
• Trudy changes the message and and then forwards it on
• Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate authoritative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

• PCI-DSS
• ISO27000 serial
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should take which three (iii) of these capabilities? (Select 3)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at once
• Deploying devices with network configurations

Question 155)

Which statement about encryption is True about information in use.

• Data should e'er be kept encrypted since modern CPUs are fully capable of operating directly on encrypted information

• It is vulnerable to theft and should be decrypted just for the briefest possible fourth dimension while it is existence operated on

• Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the information being processed, so dump logs are your only real concern

• Information in active memory registers are non at risk of being stolen

Question 156)

For added security you lot decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

• This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless manner, and then select the respective firewall type

• Install a single firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to land related factors

• Yous must install 2 firewalls in series, so all packets laissez passer through the stateless firewall first and then the stateless firewall

Question 157)

In IPv4, how many of the four octets are used to define the network portion of the address in a Class A network?

• 2
• 1
• 4
• 3

Question 158)

If you have to rely upon metadata to work with the information at mitt, you are probably working with which type of data?

• Meta-structured information
• Semi-structured information
• Structured data
• Unstructured information

Question 159)

Which ii (2) forms of discovery must be conducted online? (Select two)

• Port scanning
• Shoulder surfing
• Social technology
• Bundle sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

• Distributed
• Key
• Coordinating
• Command

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

• Information risk analysis
• Data classification
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial cognition of the systems they are trying to penetrate in accelerate of their attack to streamline costs and focus efforts?

• Red Box Testing
• Grey Box Testing
• White Box testing
• Blackness Box Testing

Question 163)

Which type of application attack would include User denies performing an performance, aggressor exploits an application without trace, and attacker covers her tracks?

• Auditing and logging
• Hallmark
• Authority
• Input validation

Question 164)

True or Fake. Thorough reconnaissance is an important step in developing an constructive cyber impale chain.

• True
• False

Question 165)

True or Simulated. One of the chief challenges in cyber threat hunting is a lack of useful tools sold past too few vendors.

• True
• False

Question 166)

True or Imitation. A big company has a data alienation involving the theft of employee personnel records but no customer data of any kind. Since no external data was involved, the visitor does non take to report the breach to police force enforcement.

• True
• False

Question 167)

You are the CEO of a big tech company and have simply received an angry email that looks like it came from one of your biggest customers. The electronic mail says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you lot respond politely to the sender asking for more details. You never hear dorsum, merely a week subsequently your security team tells you lot that your credentials accept been used to access and exfiltrate large amounts of company fiscal data. What kind of assault did you fall victim to?

• Equally a phishing assault
• As a whale attack
• A shark attack
• A wing phishing attack

Question 168)

Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit card data is true?

• Muti-cistron authentication is required for all new card holders
• Some form of mobile device management (MDM) must be used on all mobile credit carte processing devices
• All employees with straight access to cardholder data must be bonded
• Cardholder information must exist encrypted if it is sent beyond open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to propose local IR teams?

• Control
• Coordinating
• Distributed
• O Central

In a Linux file system, which files are contained in the \bin folder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such equally fstab and inittab
• Directories such as /home and /usr

If a computer needs to ship a message to a system that is not office of the local network, where does it ship the message?

• To the system's domain name
• To the organization'due south IP accost
• The network'south DNS server address
• To the system's MAC address
• The network'due south default gateway address
• The network's DHCP server address

Which three (3) of these statements about the TCP protocol are True? (Select 3)

• TCP is faster than UDP
• TCP is connection-oriented
• TCP packets are reassembled by the receiving system in the order in which they were sent
• TCP is more reliable than UDP

A professor is not allowed to change a pupil's terminal grade later on she submits it without completing a special form to explain the circumstances that necessitated the change. This boosted step supports which attribute of the CIA Triad?

• Potency
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security risk?

• An instance of beingness exposed to losses
• Any potential danger that is associated with the exploitation of a vulnerability
• A weakness in a arrangement
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text bulletin sent by Alice to Bob, merely in no way interferes with its commitment. Which attribute of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the in a higher place

What is an advantage symmetric key encryption has over asymmetric cardinal encryption?

• Symmetric key encryption provides better security against Homo-in-the-middle attacks than is possible with asymmetric cardinal encryption
• Symmetric key encryption is faster than asymmetric fundamental encryption
• Symmetric keys can be exchanged more securely than asymmetric keys
• Symmetric central encryption is harder to break than disproportionate key encryption

Which type of awarding set on would include network eavesdropping, dictionary attacks and cookie replays?

• Configuration direction
• Authentication
• Authorization
• Exception management

Why should you always look for common patterns before starting a new security architecture pattern?

• They tin can help identify best practices
• They tin can shorten the development lifecycle
• Some certificate consummate tested solutions
• All of the above

Last Update: 09/12/2021

Alert: Jo Answer Dark-green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

PLEASE Wait I Volition ADD More than NEW QUETIONS..

Also if you accept Questions with correct answer  Send me on my Email i will update on my blog..

niyander111@gmail.com

Thank you...

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Posted by: petehaske1995.blogspot.com

Share this post