IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional person Document Assessment Exam Quiz Answers

Warning: Jo Reply Greenish hai wo right hai just

Jo Green Nahi hai. Usme se jo ek incorrect option tha usko hata diya hai

Question ane)

Implementing a Security Awareness training program would exist an example of which type of command?

  • Administrative control

Question ii)

Putting locks on a door is an example of which type of control?

  • Preventative

Question iii)

How would you classify a piece of malicious code that tin can replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, y'all must implement promiscuous mode on which device ?

  • A network bill of fare
  • An Intrusion Detection Organization (IDS)
  • A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing

Question half dozen)

An arrangement wants to restrict employee after-hours access to its systems then it publishes a policy forbidding employees to work outside of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question 7)

Which two factors contribute to cryptographic strength? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that accept undergone public scrutiny

Question 8)

Trying to break an encryption primal past trying every possible combination of characters is called what?

  • A brute force attack

Question 9)

Which of the post-obit describes the core goals of IT security?

  • The Open Web Application Security Projection (OWASP) Framework
  • The Business organisation Procedure Direction Framework
  • The CIA Triad

Question 10)

Which three (3) roles are typically found in an Information Security arrangement? (Select three)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Problem Management, Change Management, and Incident Management are all fundamental processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and and then forwards it on
  • Trudy deletes the bulletin without forwarding it
  • Trudy reads the message
  • Trudy cannot read information technology because it is encrypted just allows it to be delivered to Bob in its original form

Question xiii)

In cybersecurity, Accountability is defined equally what?

  • Being able to map an action to an identity

Question xiv)

Multifactor authentication (MFA) requires more than ane authentication method to be used before identity is authenticated. Which iii (3) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question 15)

Which iii (3) of the following are Concrete Admission Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question xvi)

If you are setting upward a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you lot select? (Select ii)

  • NTFS
  • FAT32

Question 17)

Which three (3) permissions can be attack a file in Linux? (Select 3)

  • write
  • execute
  • read

Question eighteen)

If cost is the primary concern, which type of deject should be considered beginning?

  • Public cloud

Question 19)

Consolidating and virtualizing workloads should be washed when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard ready past the credit carte manufacture in the U.s.?

  • PCI-DSS

Question 21)

Which two (2) of the following assault types target endpoints?

  • Advertizement Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically?

  • The endpoint tin can be quarantined from all network resources except those that permit information technology to download and install the missing patch

Question 23)

Granting access to a user based upon how loftier upward he is in an organization violates what basic security premise?

  • The principle of least privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the post-obit protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and proceed them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Utilise of digital signatures

Question 28)

Which of the following practices will aid assure the confidentiality of information in transit?

  • Disable certificate pinning
  • Have self-signed certificates
  • Implement HTTP Strict Ship Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static i-to-one mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
  • Allows internal IP addresses to exist hidden from outside observers

Question thirty)

Which argument all-time describes configuring a NAT router to use static mapping?

  • The arrangement will need as many registered IP addresses as it has computers that demand Net admission

Question 31)

If a computer needs to send a message to a organisation that is part of the local network, where does it send the bulletin?

  • To the system's MAC address

Question 32)

Which are properties of a highly available system?

  • Back-up, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select three)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever order they are received
  • UDP is connectionless

Question 34)

What is i divergence between a Stateful Firewall and a Adjacent Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest information sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal mean solar day shift from his company's headquarters in Austin, TX The states. Which 2 (2) of these activities raise the nigh crusade for business? (Select two)

  • Each night Hassan logs into his account from an Isp in China
  • One evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which three (3) of the post-obit are considered safe coding practices? (Select 3)

  • Use library functions in place of OS commands
  • Avoid using Bone commands whenever possible
  • Avoid running commands through a beat out interpreter

Question 38)

Which iii (iii) items should be included in the Planning step of a penetration exam? (Select iii)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would cover the take a chance ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, bare removable media, package sniffers and protocol analyzers, all belong to which Incident Response resources category?

  • Incident Post-Analysis Resources
  • Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

Truthful or False. Digital forensics is constructive in solving cyber crimes simply is non considered constructive in solving violent crimes such as rape and murder.

  • Faux

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic information? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files among the hundreds of thousands found on near hard drives
  • Bypassing controls such every bit passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified status remains true?

  • Loops

Question 45)

Which two (2) statements almost Python are true? (Select ii)

  • Python code is considered easy to debug compared with other pop programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What information type is the data type of the variable pi?

  • str

Question 47)

What will be printed past the following block of Python code?

def Add5(in)

 out=in+v

 return out

 print(Add5(10))

  • fifteen

Question 48)

Which threat intelligence framework was adult by the United states of america Government to enable consequent label and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or False. An system'due south security allowed organisation should be integrated with outside organizations, including vendors and other tertiary-parties.

  • Truthful

Question fifty)

Which three (3) of these are among the top 12 capabilities that a good information security and protection solution should provide? (Select iii)

  • Vulnerability assessment
  • Existent-time alerting
  • Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, only not directly.

  • True

Question 52)

All industries have their ain unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of admission points staffed past low-level employees who have access to payment carte du jour data?

  • Retail

Question 53)

True or Faux. WireShark has an impressive assortment of features and is distributed free of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

You calculate that there is a 2% probability that a cybercriminal volition be able to steal credit card numbers from your online storefront which will consequence in $10M in losses to your company. What have you just determined?

  • A risk

Question 57)

Which one of the OWASP Top ten Awarding Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

  • Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defence includes contributions from 3 areas, man expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself all-time to which of these areas?

  • Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Procedure and Engineering science. Which part of the triad would network monitoring vest?

  • Technology

Question 61)

Which of these is a skilful definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early equally possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 EIA utilise cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an arrangement'south incident response team? (Select iii)

  • Communication
  • Teamwork
  • Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Assay

Question 65)

Which 3 (3) of these statistics well-nigh phishing attacks are real? (Select 3)

  • Around xv meg new phishing sites are created each calendar month
  • Phishing accounts for almost twenty% of data breaches
  • 30% of phishing messages are opened by their targeted users

Question 66)

Which three (iii) of these control processes are included in the PCI-DSS standard? (Select three)

  • Implement strong access command measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select iii)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2022 Ponemon study, what pct of consumers indicated they would be willing to pay more than for a product or service from a provider with better security?

  • 52%

Question 69)

You become a telephone phone call from a technician at the "Windows visitor" who tells you lot that they accept detected a problem with your system and would like to assistance you resolve it. In guild to help, they need yous to go to a web site and download a simple utility that will allow them to fix the settings on your estimator. Since yous just own an Apple Mac, yous are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated fashion to prevent malware from entering your system every bit an email attachment?

  • Anti-virus software

 Question 71)

Truthful or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family.

  • Faux

Question 72)

Which three (three) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

  • Restrict access to cardholder data past business need-to-know
  • Assign a unique ID to each person with reckoner admission
  • Restrict physical access to cardholder information

Question 73)

Truthful or False. Communications of a data breach should be handled past a squad composed of members of the IR squad, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response team model is characterized by which of the following?

  • Multiple incident response teams inside an organization all of whom coordinate their activities just within their country or department
  • Multiple incident response teams within an system but one with authorisation to assure consistent policies and practices are followed across all teams
  • This term refers to a construction that assures the incident response team's activities are coordinated with senior management and all appropriate departments within and organisation

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blue Blood-red
  • Ruddy, Blue

Question 76)

The partnership betwixt security analysts and technology can exist said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The man expertise domain would contain which three (3) of these topics?

  • Brainchild
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram testify?

<<Solution Architecture Data Menses.png>>

  • Functional components and data period

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Information Link

Question 80)

Truthful or False. Internal attacks from trusted employees represents equally as significant a threat as external attacks from professional cyber criminals.

  • True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest average cost per breach in 2022 at $8.19M

  • United States

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn

Question 84)

What will print out when this block of Python code is run?

i=1

#i=i+1

#i=i+2

#i=i+3

print(i)

  • i

Question 85)

Which iii (3) statements nigh Python variables are true? (Select three)

  • A variable proper name must start with a alphabetic character or the underscore "_" character
  • Variables can alter type later on they have been set
  • Variables do not have to be alleged in advance of their use

Question 86)

PowerShell is a configuration direction framework for which operating arrangement?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is disquisitional. Which of these should be included in your chain of custody log?

  • All of the above

Question 88)

Forensic assay should ever be conducted on a copy of the original information. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the following would exist considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An appear threat against your organisation by a hactivist group

Question 90)

If a penetration test calls for yous to create a diagram of the target network including the identity of hosts and servers too every bit a list of open ports and published services, which tool would exist the best fit for this task?

  • Nmap

Question 91)

Which type of listing is considered best for safe coding practice?

  • Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should non raise much of a security business concern?

  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate fiscal database
  • An employee has started logging in from dwelling for an hour or so during the last ii weeks of each quarter

Question 93)

Data sources such equally newspapers, books and web pages are considered which type of data?

  • Unstructured data
  • Semi-structured data
  • Structured data

Question 94)

Which three (3) of these statements near the TCP protocol are True? (Select 3)

  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the four octets are used to define the network portion of the accost in a Class B network?

  • 2

Question 96)

A small-scale visitor with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this visitor demand to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • 1

Question 97)

Why is symmetric key encryption the almost common pick of methods to encryptic data at residuum?

  • There are far more keys available for use
  • It is much faster than disproportionate key encryption

Question 98)

Which of the following statements near hashing is Truthful?

  • Hashing uses algorithms that are known as "1-mode" functions

Question 99)

Why is hashing non a common method used for encrypting data?

  • Hashing is a one-fashion process and so the original data cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used past Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting access to a user account just those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges

Question 103)

What is the well-nigh common patch remediation frequency for most organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an set on method normally used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for Information technology staff is what type of control?

  • Virtual
  • Operational
  • Physical

Question 106)

Which security concerns follow your workload even after it is successfully moved to the deject?

  • All of the above

Question 107)

Which form of Cloud computing combines both public and individual clouds?

  • Hybrid deject

Question 108)

Which component of the Linux operating organisation interacts with your calculator's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized admission to data are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

  • The belongings of being 18-carat and verifiable

Question 111)

ITIL is best described as what?

  • A collection of IT Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of calculator information systems?

  • Information Security Auditor

Question 113)

A visitor wants to prevent employees from wasting fourth dimension on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and so the firewalls are updated to block admission to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the visitor just implemented? (Select 2)

  • Authoritative
  • Technical

Question 114)

An e-mail message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a reckoner and reports back to the controller your keystrokes and other information it can gather from your system be called?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct guild.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked past a bad player.

  • vulnerability, threat, exploit
  • threat, exposure, gamble
  • threat histrion, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they accomplish the host is a countermeasure to which form of assault?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text message from Alice to her beau Sam. The bulletin upsets Trudy so she forwards information technology to Bob, making it look like Alice intended information technology for Bob from the first. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above

Question 120)

Which gene contributes most to the strength of an encryption system?

  • How many people have access to your public key
  • The length of the encryption key used
  • The number of private keys used by the organisation

Question 121)

What is an advantage asymmetric key encryption has over symmetric key encryption?

  • Disproportionate keys can be exchanged more securely than symmetric keys
  • Disproportionate key encryption is harder to break than symmetric primal encryption
  • Disproportionate key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations figurer systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad correspond?

  • Availability

Question 125)

Which type of access control is based upon the subject'southward clearance level and the objects nomenclature?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Part Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Programme Files

Question 127)

To build a virtual computing environs, where is the hypervisor installed?

  • Betwixt the applications and the information sources
  • On the cloud's supervisory system
  • Between the hardware and operating system
  • Between the operating arrangement and applications

Question 128)

An identical electronic mail sent to millions of addresses at random would be classified as which blazon of attack?

  • A Shark attack
  • A Phishing attack

Question 129)

Which statement nearly drivers running in Windows kernel mode is truthful?

  • Just critical processes are permitted to run in kernel mode since there is nothing to prevent a

Question 130)

Symmetric key encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality but
  • Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to use dynamic mapping?

  • The system will demand as many registered IP addresses every bit information technology has computers that demand Internet access
  • Many registered IP addresses are mapped to a single registered IP address using dissimilar port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each reckoner's IP address for both internal and external communication

Question 132)

Which accost type does a estimator use to get a new IP address when it boots up?

  • The network's DHCP server accost

Question 133)

What is the chief difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used simply for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes information technology accordingly?

  • A Next Generation Firewall (NGFW)

Question 135)

An employee calls the It Helpdesk and admits that perhaps, merely peradventure, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the kickoff thing yous should tell the employee to do?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" set on would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled

Question 137)

Which Post Incident activeness would exist concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data

Question 138)

In digital forensics, which three (iii) steps are involved in the collection of data? (Select three)

  • Develop a programme to acquire the data
  • Verify the integrity of the data
  • Larn the data

Question 139)

Which three (3) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<ten):

 print(i)

 i=i+1

  • 9

Question 141)

Activities performed equally a part of security intelligence can be divided into pre-exploit and mail-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)

  • Assemble total situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is most impacted past an organization'due south fill-in practices?

  • Availability
  • Integrity
  • Authorization

Question 143)

Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Test
  • Code & build
  • Operate & monitor
  • Program

Question 144)

Which ane of the OWASP Top 10 Awarding Security Risks would exist occur when there are no safeguards against a user being immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select two)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

True or False. If you lot accept no amend place to start hunting threats, starting time with a view of the global threat landscape and and so drill downwards to a regional view, manufacture view and finally a view of the threats specific to your own organization.

  • True

Question 147)

Truthful or Simulated. Cloud-based storage or hosting providers are amongst the tiptop sources of third-party breaches

  • True

Question 148)

Yous are looking very difficult on the web for the lowest mortgage interest load y'all can find and you come across a rate that is so low it could non peradventure be truthful. You lot bank check out the site to come across that the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come upwards in news feeds or Google searches are sometimes called "click-bait". These articles oftentimes tempt you to link to other sites that can be infected with malware. What assail vector is used past these click-bait sites to go you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a organisation
  • The likelihood that the weakness in a organisation will exist exploited
  • Ane instance of a weakness being exploited
  • A weakness in a arrangement that could exist exploited past a bad actor

Question 151)

Suspicious activity, similar IP addresses or ports being scanned sequentially, is a sign of which blazon of attack?

  • A mapping attack
  • A deprival of service (DoS) attack
  • A phishing attack
  • An IP spoofing assault

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read it considering it is encrypted but allows information technology to be delivered to Bob in its original class
  • Trudy changes the message and then forwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and advisable administrative, technical, and physical safeguards for protecting electronic protected health data (e-PHI)?

  • PCI-DSS
  • ISO27000 serial
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A proficient Endpoint Detection and Response system (EDR) should have which three (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations

Question 155)

Which statement about encryption is True about information in utilize.

  • Information should always be kept encrypted since modern CPUs are fully capable of operating directly on encrypted data
  • It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on
  • Brusque of orchestrating a memory dump from a system crash, there is no practical fashion for malware to become at the data being processed, so dump logs are your only real concern
  • Information in active memory registers are not at risk of existence stolen

Question 156)

For added security yous decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How tin this be done?

  • This cannot be washed The network administrator must choose to run a given network segment in either stateful or stateless fashion, and so select the corresponding firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state related factors
  • You must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall

Question 157)

In IPv4, how many of the four octets are used to define the network portion of the address in a Grade A network?

  • two
  • one
  • iv
  • three

Question 158)

If yous have to rely upon metadata to piece of work with the data at hand, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured data
  • Structured data
  • Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering science
  • Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Primal
  • Coordinating
  • Command

Question 161)

Which is the data protection process that prevents a suspicious information asking from being completed?

  • Data risk analysis
  • Data classification
  • Data discovery
  • Blocking, masking and quarantining

Question 162)

Which course of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Red Box Testing
  • Greyness Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of application assail would include User denies performing an performance, assailant exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or False. Thorough reconnaissance is an important footstep in developing an constructive cyber kill concatenation.

  • True
  • False

Question 165)

True or False. One of the master challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • True
  • False

Question 166)

True or Imitation. A large company has a data breach involving the theft of employee personnel records but no client information of any kind. Since no external data was involved, the company does not have to written report the breach to police enforcement.

  • Truthful
  • False

Question 167)

You lot are the CEO of a large tech company and have just received an aroused electronic mail that looks like it came from one of your biggest customers. The e-mail says your company is overbilling the customer and asks that you lot examine the attached invoice. You exercise but find it blank, so you answer politely to the sender asking for more details. Yous never hear back, but a calendar week afterwards your security squad tells you lot that your credentials have been used to access and exfiltrate big amounts of company financial data. What kind of set on did y'all fall victim to?

  • Equally a phishing attack
  • As a whale attack
  • A shark attack
  • A fly phishing attack

Question 168)

Which of these statements virtually the PCI-DSS requirements for any company treatment, processing or transmitting credit bill of fare data is true?

  • Muti-factor authentication is required for all new card holders
  • Some form of mobile device management (MDM) must exist used on all mobile credit card processing devices
  • All employees with direct access to cardholder data must be bonded
  • Cardholder data must exist encrypted if information technology is sent beyond open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Fundamental

In a Linux file system, which files are contained in the \bin binder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /home and /usr

If a estimator needs to ship a message to a system that is non function of the local network, where does it send the message?

  • To the system's domain name
  • To the system's IP accost
  • The network's DNS server address
  • To the organisation'southward MAC address
  • The network's default gateway address
  • The network'south DHCP server address

Which iii (3) of these statements about the TCP protocol are True? (Select 3)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more than reliable than UDP

A professor is not allowed to change a student's last form after she submits it without completing a special form to explain the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?

  • Authorisation
  • Integrity
  • Confidentiality
  • Availability

Which of these is the best definition of a security risk?

  • An case of being exposed to losses
  • Any potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a system
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plainly text message sent past Alice to Bob, but in no mode interferes with its delivery. Which attribute of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an reward symmetric key encryption has over disproportionate key encryption?

  • Symmetric key encryption provides meliorate security against Human-in-the-eye attacks than is possible with asymmetric key encryption
  • Symmetric key encryption is faster than asymmetric key encryption
  • Symmetric keys can be exchanged more securely than asymmetric keys
  • Symmetric primal encryption is harder to suspension than disproportionate key encryption

Which blazon of application attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Authentication
  • Say-so
  • Exception management

Why should you always await for common patterns before starting a new security architecture design?

  • They can assist place all-time practices
  • They can shorten the development lifecycle
  • Some document complete tested solutions
  • All of the above

Concluding Update: 09/12/2021

Alarm: Jo Respond Green hai wo correct hai just

Jo Dark-green Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Delight WAIT I Will Add MORE NEW QUETIONS..

Also if you have Questions with correct answer  Send me on my E-mail i will update on my blog..

niyander111@gmail.com

Cheers...