Which Of The Following Are Recommendations For Novice Advanced Practice Registered Nurses?

IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers

Warning: Jo Answer Green hai wo correct hai only

Jo Greenish Nahi hai. Usme se jo ek incorrect pick tha usko hata diya hai

Question ane)

Implementing a Security Awareness training programme would be an example of which blazon of control?

• Administrative control

Question two)

Putting locks on a door is an case of which type of command?

• Preventative

Question 3)

How would you classify a piece of malicious code that can replicate itself and spread to new systems?

• A worm

Question 4)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

• A network card
• An Intrusion Detection System (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a bulletin, simply non do much to assure confidentiality or availability.

• Hashing

Question 6)

An system wants to restrict employee afterward-hours admission to its systems then it publishes a policy forbidding employees to piece of work outside of their assigned hours, and and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

• Physical
• Administrative

Question 7)

Which two factors contribute to cryptographic forcefulness? (Select ii)

• The employ of cyphers that are based on circuitous mathematical algorithms
• The utilize of cyphers that have undergone public scrutiny

Question 8)

Trying to break an encryption primal by trying every possible combination of characters is called what?

• A animal force attack

Question nine)

Which of the following describes the core goals of It security?

• The Open Web Application Security Projection (OWASP) Framework
• The Business Process Management Framework
• The CIA Triad

Question ten)

Which three (iii) roles are typically found in an Information Security organization? (Select iii)

• Vulnerability Assessor
• Chief Information Security Officeholder (CISO)
• Penetration Tester

Question 11)

Problem Management, Alter Management, and Incident Management are all primal processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

• Trudy changes the bulletin and then forwards it on
• Trudy deletes the message without forwarding it
• Trudy reads the message
• Trudy cannot read information technology because it is encrypted but allows it to exist delivered to Bob in its original form

Question thirteen)

In cybersecurity, Accountability is defined every bit what?

• Being able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more than 1 authentication method to be used before identity is authenticated. Which three (three) are authentication methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question xv)

Which three (3) of the following are Physical Access Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question 16)

If yous are setting up a Windows 10 laptop with a 32Gb hard bulldoze, which 2 (2) file system could you select? (Select 2)

• NTFS
• FAT32

Question 17)

Which three (3) permissions tin can be attack a file in Linux? (Select iii)

• write
• execute
• read

Question eighteen)

If price is the chief business organisation, which type of cloud should exist considered commencement?

• Public cloud

Question 19)

Consolidating and virtualizing workloads should be washed when?

• Before moving the workloads to the cloud

Question 20)

Which of the post-obit is a cocky-regulating standard set by the credit card manufacture in the US?

• PCI-DSS

Question 21)

Which 2 (2) of the following attack types target endpoints?

• Ad Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) arrangement detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to accept automatically?

• The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how loftier upwards he is in an organization violates what basic security premise?

• The principle of to the lowest degree privileges

Question 24)

The Windows Security App bachelor in Windows ten provides uses with which of the following protections?

• Firewall and network protection
• Family unit options (parental controls)
• All of the to a higher place

Question 25)

Hashing ensures which of the post-obit?

• Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

• Cull a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your organization and go on them surreptitious

Question 27)

Which of these methods ensures the authentication, not-repudiation and integrity of a digital advice?

• Use of digital signatures

Question 28)

Which of the post-obit practices will assistance assure the confidentiality of data in transit?

• Disable certificate pinning
• Have self-signed certificates
• Implement HTTP Strict Send Protocol (HSTS)

Question 29)

Which iii (iii) of these are benefits you lot can realize from using a NAT (Network Accost Translation) router? (Select iii)

• Allows static 1-to-i mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost merely when they are needed
• Allows internal IP addresses to be hidden from outside observers

Question xxx)

Which statement best describes configuring a NAT router to use static mapping?

• The organization volition need as many registered IP addresses as it has computers that need Cyberspace admission

Question 31)

If a figurer needs to transport a bulletin to a system that is part of the local network, where does information technology send the bulletin?

• To the system'due south MAC accost

Question 32)

Which are backdrop of a highly available system?

• Redundancy, failover and monitoring

Question 33)

Which 3 (3) of these statements about the UDP protocol are True? (Select 3)

• UDP is faster than TCP
• UDP packets are reassembled by the receiving system in whatever guild they are received
• UDP is connectionless

Question 34)

What is one divergence betwixt a Stateful Firewall and a Adjacent Generation Firewall?

• A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organisation is actually not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal 24-hour interval shift from his company'southward headquarters in Austin, TX USA. Which 2 (2) of these activities raise the most cause for concern? (Select ii)

• Each night Hassan logs into his business relationship from an Internet access provider in China
• One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (3) of the following are considered safe coding practices? (Select 3)

• Use library functions in place of Os commands
• Avoid using Os commands whenever possible
• Avoid running commands through a crush interpreter

Question 38)

Which 3 (3) items should be included in the Planning step of a penetration test? (Select three)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest study would comprehend the risk ranking, recommendations and roadmap?

• Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all vest to which Incident Response resources category?

• Incident Postal service-Analysis Resources
• Incident Assay Hardware and Software

Question 41)

NIST recommends considering a number of items, including a loftier level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

Truthful or Fake. Digital forensics is effective in solving cyber crimes but is not considered effective in solving vehement crimes such as rape and murder.

• Imitation

Question 43)

Which three (3) are mutual obstacles faced when trying to examine forensic data? (Select 3)

• Selecting the right tools to help filter and exclude irrelevant data
• Finding the relevant files amid the hundreds of thousands found on near difficult drives
• Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified status remains truthful?

• Loops

Question 45)

Which two (2) statements about Python are true? (Select 2)

• Python code is considered easy to debug compared with other popular programming languages
• Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What information blazon is the information type of the variable pi?

• str

Question 47)

What will be printed by the following block of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

• 15

Question 48)

Which threat intelligence framework was developed past the United states of america Government to enable consistent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

True or False. An system'south security immune arrangement should be integrated with outside organizations, including vendors and other third-parties.

• Truthful

Question fifty)

Which iii (3) of these are among the top 12 capabilities that a proficient data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Existent-time alerting
• Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, simply not directly.

• Truthful

Question 52)

All industries have their own unique data security challenges. Which of these industries has a item concern with PCI-DSS compliance while having a big number of access points staffed by low-level employees who take access to payment card information?

• Retail

Question 53)

Truthful or Imitation. WireShark has an impressive assortment of features and is distributed free of charge.

• Truthful

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

• IAM controls to regulate dominance

Question 56)

You summate that at that place is a 2% probability that a cybercriminal will be able to steal credit carte numbers from your online storefront which volition outcome in $10M in losses to your visitor. What have you lot just determined?

• A risk

Question 57)

Which one of the OWASP Top 10 Application Security Risks would exist occur when an application's API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select iii)

• Virus Protection
• Application Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from iii areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing big quantities of unstructured data lends itself best to which of these areas?

• Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Procedure and Engineering. Which part of the triad would network monitoring belong?

• Applied science

Question 61)

Which of these is a good definition for cyber threat hunting?

• The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early equally possible in the cyber kill concatenation

Question 62)

There is value brought past each of the IBM i2 EIA apply cases. Which one of these provides immediate alerting on brand compromises and fraud on the night web.

• Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an organization's incident response team? (Select 3)

• Communication
• Teamwork
• Trouble solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Assay

Question 65)

Which three (3) of these statistics about phishing attacks are existent? (Select iii)

• Effectually 15 million new phishing sites are created each month
• Phishing accounts for nigh twenty% of data breaches
• xxx% of phishing messages are opened past their targeted users

Question 66)

Which 3 (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Implement stiff access control measures
• Regularly monitor and examination networks
• Maintain an data security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select iii)

• Alina
• BlackPOS
• vSkimmer

Question 68)

According to a 2019 Ponemon study, what pct of consumers indicated they would be willing to pay more than for a product or service from a provider with better security?

• 52%

Question 69)

You get a telephone telephone call from a technician at the "Windows company" who tells you that they take detected a problem with your arrangement and would similar to help you lot resolve it. In order to assist, they need y'all to go to a spider web site and download a simple utility that will let them to fix the settings on your computer. Since you just own an Apple Mac, y'all are suspicious of this caller and hang upwardly. What would the attack vector take been if you had downloaded the "simple utility" as asked?

• Remote Desktop Protocol (RDP)

Question seventy)

What is an effective fully automated way to prevent malware from inbound your organisation as an e-mail attachment?

• Anti-virus software

 Question 71)

True or False. The big majority of stolen credit menu numbers are used quickly by the thief or a member of his/her family.

• Faux

Question 72)

Which three (3) of these are PCI-DSS requirements for any visitor treatment, processing or transmitting credit bill of fare information? (Select iii)

• Restrict access to cardholder data past business concern demand-to-know
• Assign a unique ID to each person with reckoner admission
• Restrict concrete access to cardholder data

Question 73)

Truthful or Faux. Communications of a data breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.

• Truthful

Question 74)

A Coordinating incident response squad model is characterized by which of the following?

• Multiple incident response teams within an arrangement all of whom coordinate their activities only inside their country or department

• Multiple incident response teams within an organization only one with authority to assure consistent policies and practices are followed beyond all teams

• This term refers to a structure that assures the incident response team's activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to every bit the ____ and ____ teams, respectively.

• Blue Red

• Red, Blue

Question 76)

The partnership betwixt security analysts and engineering can be said to be grouped into 3 domains, homo expertise, security analytics and artificial intelligence. The human expertise domain would comprise which three (iii) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram show?

<<Solution Architecture Data Flow.png>>

• Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Data Link

Question 80)

Truthful or False. Internal attacks from trusted employees represents every flake as significant a threat as external attacks from professional person cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

• 80%

Question 82)

Which country had the highest average cost per breach in 2018 at $viii.19M

• United States

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select two)

• StatsModels

• Scikit-learn

Question 84)

What will impress out when this block of Python code is run?

i=ane

#i=i+1

#i=i+2

#i=i+3

print(i)

• 1

Question 85)

Which three (iii) statements about Python variables are truthful? (Select 3)

• A variable proper name must beginning with a letter of the alphabet or the underscore "_" grapheme
• Variables can change blazon afterward they have been set
• Variables do not have to be alleged in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating arrangement?

• Windows

Question 87)

In digital forensics documenting the chain of custody of prove is critical. Which of these should exist included in your concatenation of custody log?

• All of the above

Question 88)

Forensic analysis should e'er exist conducted on a re-create of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select ii)

• An incremental backup

• A logical backup

Question 89)

Which of the following would be considered an incident precursor?

• An alarm from your antivirus software indicating it had detected malware on your system

• An announced threat confronting your organization past a hactivist grouping

Question 90)

If a penetration examination calls for you to create a diagram of the target network including the identity of hosts and servers likewise as a list of open ports and published services, which tool would be the best fit for this job?

• Nmap

Question 91)

Which type of list is considered best for safety coding exercise?

• Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York Metropolis, which of these activities should not heighten much of a security concern?

• A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database

• An employee has started logging in from dwelling for an hr or then during the last ii weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which type of data?

• Unstructured data

• Semi-structured information

• Structured information

Question 94)

Which 3 (3) of these statements near the TCP protocol are True? (Select 3)

• TCP packets are reassembled by the receiving system in the order in which they were sent

• TCP is more reliable than UDP

• TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

• 2

Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this company need to clinch all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• ane

Question 97)

Why is symmetric key encryption the virtually common choice of methods to encryptic information at rest?

• There are far more keys bachelor for use

• It is much faster than asymmetric key encryption

Question 98)

Which of the post-obit statements virtually hashing is Truthful?

• Hashing uses algorithms that are known as "one-way" functions

Question 99)

Why is hashing not a common method used for encrypting data?

• Hashing is a one-manner process so the original information cannot exist reconstructed from a hash value

Question 100)

Public cardinal encryption incorporating digital signatures ensures which of the following?

• Confidentiality and Integrity

Question 101)

What is the principal authentication protocol used past Microsoft in Active Directory?

• Kerberos

Question 102)

Granting admission to a user business relationship only those privileges necessary to perform its intended functions is known every bit what?

• The principle of to the lowest degree privileges

Question 103)

What is the nearly mutual patch remediation frequency for virtually organizations?

• Monthly

• Annually

Question 104)

Island hopping is an attack method usually used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security training for IT staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even after it is successfully moved to the cloud?

• All of the higher up

Question 107)

Which form of Cloud computing combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating arrangement interacts with your computer'south hardware?

• The kernel

Question 109)

The encryption and protocols used to prevent unauthorized admission to data are examples of which type of access control?

• Technical

Question 110)

In cybersecurity, Actuality is defined as what?

• The property of existence 18-carat and verifiable

Question 111)

ITIL is best described every bit what?

• A collection of It Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer information systems?

• Information Security Auditor

Question 113)

A company wants to prevent employees from wasting time on social media sites. To reach this, a document forbidding employ of these sites while at piece of work is written and circulated and then the firewalls are updated to cake admission to Facebook, Twitter and other pop sites. Which two (2) types of security controls has the company just implemented? (Select 2)

• Administrative

• Technical

Question 114)

An e-mail message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a calculator and reports back to the controller your keystrokes and other information it can gather from your system exist chosen?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad player.

• vulnerability, threat, exploit

• threat, exposure, risk

• threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets earlier they accomplish the host is a countermeasure to which form of attack?

• A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text bulletin from Alice to her boyfriend Sam. The bulletin upsets Trudy so she forwards it to Bob, making information technology await like Alice intended it for Bob from the commencement. Which aspect of the CIA Triad has Trudy violated ?

• All of the above

Question 120)

Which factor contributes virtually to the strength of an encryption system?

• How many people take access to your public central

• The length of the encryption primal used

• The number of private keys used by the organization

Question 121)

What is an advantage disproportionate primal encryption has over symmetric fundamental encryption?

• Asymmetric keys can be exchanged more securely than symmetric keys

• Asymmetric key encryption is harder to break than symmetric key encryption

• Disproportionate cardinal encryption is faster than symmetric primal encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

• A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

• ISO27000 serial

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which type of admission control is based upon the discipline'south clearance level and the objects classification?

• Hierarchical Access Control (HAC)
• Discretionary Admission Control (DAC)
• Mandatory Access Control (MAC)
• Role Based Access Control (RBAC)

Question 126)

Windows x stores 64-fleck applications in which directory?

• \Plan Files

Question 127)

To build a virtual computing surroundings, where is the hypervisor installed?

• Between the applications and the information sources
• On the deject'due south supervisory system
• Between the hardware and operating arrangement
• Between the operating system and applications

Question 128)

An identical e-mail sent to millions of addresses at random would be classified as which type of set on?

• A Shark attack

• A Phishing attack

Question 129)

Which statement almost drivers running in Windows kernel mode is true?

• Only disquisitional processes are permitted to run in kernel mode since there is zip to prevent a

Question 130)

Symmetric fundamental encryption by itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality merely

• Confidentiality and Availability

Question 131)

Which argument best describes configuring a NAT router to utilise dynamic mapping?

• The organization volition demand as many registered IP addresses as it has computers that need Internet access

• Many registered IP addresses are mapped to a single registered IP accost using dissimilar port numbers

• Unregistered IP addresses are mapped to registered IP addresses equally they are needed

• The NAT router uses each computer's IP accost for both internal and external communication

Question 132)

Which address type does a computer use to get a new IP address when it boots up?

• The network'due south DHCP server accost

Question 133)

What is the main difference between the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used only for IOT devices

• IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it appropriately?

• A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that peradventure, but possibly, the links in the email he clicked on this morning were not from the real Lottery Committee. What is the first thing you should tell the employee to do?

• Run a Port scan

• Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" assault would be doing what?

• Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled

Question 137)

Which Postal service Incident activity would exist concerned with maintaining the proper chain-of-custody?

• Lessons learned coming together
• Prove retention
• Documentation review & update
• Utilizing nerveless data

Question 138)

In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)

• Develop a plan to acquire the information

• Verify the integrity of the data

• Learn the information

Question 139)

Which 3 (3) of the following are considered scripting languages? (Select 3)

• Perl

• Bash

• Python

Question 140)

What is the largest number that will exist printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+1

• ix

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (ii) of these are post-exploit activities? (Select 2)

• Assemble full situational awareness through advanced security analytics

• Perform forensic investigation

Question 142)

At that place are many skilful reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an organization'south backup practices?

• Availability

• Integrity

• Authorization

Question 143)

Which phase of DevSecOps would contain the activities Internal/External testing, Continuous balls, and Compliance checking?

• Test

• Lawmaking & build

• Operate & monitor

• Plan

Question 144)

Which 1 of the OWASP Top 10 Awarding Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

• Flows per minute (FPM)

• Events per 2nd (EPS)

Question 146)

True or False. If you lot have no better place to showtime hunting threats, outset with a view of the global threat mural and and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

• True

Question 147)

Truthful or Imitation. Cloud-based storage or hosting providers are among the tiptop sources of third-party breaches

• True

Question 148)

You lot are looking very difficult on the web for the lowest mortgage interest load y'all can find and you come beyond a rate that is so low it could not possibly be true. You check out the site to see that the terms are and quickly find you are the victim of a ransomware attack. What was the probable attack vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-allurement". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?

• Malicious Links

More than New Questions

Question 150)

Which of the following defines a security threat?

• Any potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a arrangement volition be exploited
• One instance of a weakness being exploited
• A weakness in a organisation that could be exploited past a bad actor

Question 151)

Suspicious activity, similar IP addresses or ports being scanned sequentially, is a sign of which type of attack?

• A mapping attack
• A denial of service (DoS) assault
• A phishing assault
• An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the bulletin without forwarding it
• Trudy cannot read it because it is encrypted but allows it to exist delivered to Bob in its original class
• Trudy changes the message so forwards information technology on
• Trudy reads the message

Question 153)

Which regulation contains the security dominion that requires all covered entities to maintain reasonable and appropriate administrative, technical, and concrete safeguards for protecting electronic protected health information (due east-PHI)?

• PCI-DSS
• ISO27000 series
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response organisation (EDR) should have which iii (3) of these capabilities? (Select 3)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at once
• Deploying devices with network configurations

Question 155)

Which statement about encryption is True well-nigh information in use.

• Data should e'er be kept encrypted since mod CPUs are fully capable of operating directly on encrypted data

• It is vulnerable to theft and should be decrypted simply for the briefest possible fourth dimension while it is being operated on

• Brusk of orchestrating a retention dump from a arrangement crash, there is no practical way for malware to go at the data existence processed, so dump logs are your but real concern

• Data in active memory registers are not at run a risk of existence stolen

Question 156)

For added security you decide to protect your network past conducting both a stateless and stateful inspection of incoming packets. How can this exist washed?

• This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless manner, and then select the respective firewall type

• Install a single firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state related factors

• You must install ii firewalls in series, so all packets laissez passer through the stateless firewall beginning and then the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

• 2
• i
• 4
• 3

Question 158)

If you lot have to rely upon metadata to work with the data at paw, you are probably working with which type of data?

• Meta-structured data
• Semi-structured data
• Structured information
• Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select 2)

• Port scanning
• Shoulder surfing
• Social engineering
• Bundle sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

• Distributed
• Cardinal
• Analogous
• Control

Question 161)

Which is the data protection procedure that prevents a suspicious information request from being completed?

• Information risk analysis
• Data classification
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which class of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their assail to streamline costs and focus efforts?

• Red Box Testing
• Gray Box Testing
• White Box testing
• Black Box Testing

Question 163)

Which type of application attack would include User denies performing an operation, attacker exploits an application without trace, and attacker covers her tracks?

• Auditing and logging
• Authentication
• Potency
• Input validation

Question 164)

True or False. Thorough reconnaissance is an important stride in developing an constructive cyber kill chain.

• True
• False

Question 165)

True or False. One of the principal challenges in cyber threat hunting is a lack of useful tools sold past too few vendors.

• True
• False

Question 166)

True or False. A large company has a data breach involving the theft of employee personnel records just no customer information of any kind. Since no external data was involved, the company does non accept to study the alienation to law enforcement.

• True
• Simulated

Question 167)

Y'all are the CEO of a large tech company and have just received an angry email that looks like it came from ane of your biggest customers. The electronic mail says your company is overbilling the customer and asks that you examine the attached invoice. Y'all exercise but notice it blank, so y'all reply politely to the sender asking for more details. Yous never hear back, simply a calendar week afterwards your security squad tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?

• Every bit a phishing attack
• Equally a whale attack
• A shark assail
• A wing phishing attack

Question 168)

Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit carte du jour information is true?

• Muti-cistron authentication is required for all new card holders
• Some form of mobile device direction (MDM) must be used on all mobile credit card processing devices
• All employees with directly access to cardholder data must exist bonded
• Cardholder information must be encrypted if it is sent across open or public networks

Which Incident Response Team model describes a team that acts every bit consulting experts to advise local IR teams?

• Control
• Coordinating
• Distributed
• O Central

In a Linux file system, which files are contained in the \bin folder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such as fstab and inittab
• Directories such as /home and /usr

If a computer needs to send a message to a system that is not part of the local network, where does it transport the message?

• To the system'south domain name
• To the system's IP address
• The network'south DNS server accost
• To the arrangement'southward MAC address
• The network'southward default gateway address
• The network'southward DHCP server address

Which three (3) of these statements nearly the TCP protocol are True? (Select 3)

• TCP is faster than UDP
• TCP is connection-oriented
• TCP packets are reassembled by the receiving arrangement in the society in which they were sent
• TCP is more reliable than UDP

A professor is non immune to change a student's final grade after she submits it without completing a special form to explain the circumstances that necessitated the modify. This additional stride supports which aspect of the CIA Triad?

• Authorization
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security risk?

• An instance of being exposed to losses
• Any potential danger that is associated with the exploitation of a vulnerability
• A weakness in a arrangement
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text message sent by Alice to Bob, but in no way interferes with its commitment. Which attribute of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the above

What is an advantage symmetric central encryption has over asymmetric key encryption?

• Symmetric key encryption provides amend security confronting Man-in-the-eye attacks than is possible with disproportionate key encryption
• Symmetric key encryption is faster than asymmetric key encryption
• Symmetric keys can exist exchanged more securely than asymmetric keys
• Symmetric central encryption is harder to break than disproportionate key encryption

Which blazon of application set on would include network eavesdropping, dictionary attacks and cookie replays?

• Configuration direction
• Hallmark
• Authority
• Exception management

Why should you lot always look for common patterns before starting a new security architecture design?

• They can help identify all-time practices
• They can shorten the development lifecycle
• Some document complete tested solutions
• All of the in a higher place

Last Update: 09/12/2021

Warning: Jo Answer Green hai wo correct hai but

Jo Dark-green Nahi hai. Usme se jo ek wrong choice tha usko hata diya hai

Please Look I Will ADD MORE NEW QUETIONS..

Also if you lot have Questions with correct reply  Send me on my Email i will update on my blog..

niyander111@gmail.com

Thank you...

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Posted by: heintzherthould74.blogspot.com

Share this post