IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Annotator Professional Document Assessment Exam Quiz Answers

Alarm: Jo Answer Green hai wo right hai but

Jo Light-green Nahi hai. Usme se jo ek wrong choice tha usko hata diya hai

Question 1)

Implementing a Security Awareness training program would be an example of which type of command?

  • Authoritative control

Question 2)

Putting locks on a door is an instance of which blazon of control?

  • Preventative

Question 3)

How would you allocate a piece of malicious code that tin can replicate itself and spread to new systems?

  • A worm

Question 4)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

  • A network card
  • An Intrusion Detection System (IDS)
  • A sniffing router

Question 5)

Which machinery would help clinch the integrity of a message, but not practice much to assure confidentiality or availability.

  • Hashing

Question half-dozen)

An arrangement wants to restrict employee after-hours access to its systems then it publishes a policy forbidding employees to work outside of their assigned hours, and then makes certain the office doors remain locked on weekends. What two (ii) types of controls are they using? (Select 2)

  • Physical
  • Administrative

Question seven)

Which two factors contribute to cryptographic forcefulness? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that take undergone public scrutiny

Question 8)

Trying to interruption an encryption key by trying every possible combination of characters is called what?

  • A brute force attack

Question 9)

Which of the post-obit describes the cadre goals of Information technology security?

  • The Open Web Application Security Project (OWASP) Framework
  • The Concern Process Management Framework
  • The CIA Triad

Question 10)

Which 3 (3) roles are typically found in an Data Security arrangement? (Select iii)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester

Question 11)

Problem Management, Change Direction, and Incident Management are all cardinal processes of which framework?

  • ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and and then forrard it on
  • Trudy deletes the bulletin without forwarding it
  • Trudy reads the message
  • Trudy cannot read information technology because it is encrypted just allows information technology to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined as what?

  • Being able to map an action to an identity

Question xiv)

Multifactor authentication (MFA) requires more than ane authentication method to be used before identity is authenticated. Which three (three) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows

Question xv)

Which three (3) of the following are Concrete Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences

Question sixteen)

If yous are setting up a Windows 10 laptop with a 32Gb hard drive, which 2 (2) file organisation could y'all select? (Select 2)

  • NTFS
  • FAT32

Question 17)

Which 3 (3) permissions can be assault a file in Linux? (Select 3)

  • write
  • execute
  • read

Question 18)

If cost is the main concern, which type of cloud should be considered start?

  • Public deject

Question nineteen)

Consolidating and virtualizing workloads should exist done when?

  • Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard fix up past the credit menu industry in the U.s.?

  • PCI-DSS

Question 21)

Which two (2) of the following attack types target endpoints?

  • Advert Network
  • Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) organisation detects that an endpoint does not take a required patch installed, which statement best characterizes the deportment it is able to take automatically?

  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high upward he is in an organization violates what basic security premise?

  • The principle of least privileges

Question 24)

The Windows Security App bachelor in Windows x provides uses with which of the following protections?

  • Firewall and network protection
  • Family options (parental controls)
  • All of the above

Question 25)

Hashing ensures which of the following?

  • Integrity

Question 26)

Which of the following practices helps clinch the all-time results when implementing encryption?

  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your arrangement and keep them secret

Question 27)

Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?

  • Use of digital signatures

Question 28)

Which of the following practices will help assure the confidentiality of data in transit?

  • Disable certificate pinning
  • Accept self-signed certificates
  • Implement HTTP Strict Send Protocol (HSTS)

Question 29)

Which iii (3) of these are benefits you lot can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static 1-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost just when they are needed
  • Allows internal IP addresses to be hidden from outside observers

Question 30)

Which statement best describes configuring a NAT router to use static mapping?

  • The organization will need as many registered IP addresses as it has computers that need Net admission

Question 31)

If a computer needs to send a message to a system that is part of the local network, where does it send the message?

  • To the system'southward MAC accost

Question 32)

Which are properties of a highly available system?

  • Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatsoever order they are received
  • UDP is connectionless

Question 34)

What is one divergence between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really non very experienced with securing data sources. Which hosting model would crave you to secure the fewest information sources?

  • SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX U.s.. Which two (ii) of these activities raise the most cause for business organization? (Select 2)

  • Each nighttime Hassan logs into his account from an ISP in Communist china
  • One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which iii (three) of the following are considered safety coding practices? (Select 3)

  • Apply library functions in place of OS commands
  • Avoid using OS commands whenever possible
  • Avoid running commands through a crush interpreter

Question 38)

Which three (iii) items should be included in the Planning step of a penetration test? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives

Question 39)

Which portion of the pentest report would encompass the risk ranking, recommendations and roadmap?

  • Executive Summary

Question 40)

Spare workstations and servers, bare removable media, package sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Mail service-Analysis Resources
  • Incident Assay Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving tearing crimes such as rape and murder.

  • Simulated

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic information? (Select 3)

  • Selecting the right tools to assist filter and exclude irrelevant data
  • Finding the relevant files amidst the hundreds of thousands found on nigh hard drives
  • Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

  • Loops

Question 45)

Which two (2) statements about Python are truthful? (Select two)

  • Python lawmaking is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable by novice programmers

Question 46)

In the Python statement

pi="3"

What data type is the data type of the variable pi?

  • str

Question 47)

What will be printed past the following cake of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(10))

  • 15

Question 48)

Which threat intelligence framework was adult by the United states Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework

Question 49)

True or Simulated. An organization's security immune system should be integrated with exterior organizations, including vendors and other third-parties.

  • True

Question fifty)

Which iii (3) of these are amid the top 12 capabilities that a proficient data security and protection solution should provide? (Select 3)

  • Vulnerability assessment
  • Real-time alerting
  • Tokenization

Question 51)

True or Fake. For iOS and Android mobile devices, users must interact with the operating organization only through a series of applications, but not straight.

  • True

Question 52)

All industries have their ain unique information security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a big number of access points staffed by low-level employees who have admission to payment bill of fare data?

  • Retail

Question 53)

Truthful or Fake. WireShark has an impressive assortment of features and is distributed costless of charge.

  • True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required exist reflected?

  • Base-Exploitability Subscore

Question 55)

The Decommission footstep in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • IAM controls to regulate authorization

Question 56)

You calculate that there is a two% probability that a cybercriminal will be able to steal credit carte du jour numbers from your online storefront which will result in $10M in losses to your company. What have you just determined?

  • A risk

Question 57)

Which i of the OWASP Top ten Application Security Risks would be occur when an application'southward API exposes financial, healthcare or other PII information?

  • Sensitive data exposure

Question 58)

Which three (three) of these are Solution Building Blocks (SBBs)? (Select 3)

  • Virus Protection
  • Application Firewall
  • Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

  • Bogus intelligence

Question threescore)

The triad of a security operations centers (SOC) is People, Process and Engineering science. Which part of the triad would network monitoring vest?

  • Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early on as possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 Eia employ cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.

Question 63)

Which three (3) soft skills are important to take in an organisation's incident response squad? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis

Question 65)

Which three (3) of these statistics nearly phishing attacks are real? (Select three)

  • Effectually 15 1000000 new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing letters are opened by their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Question 67)

Which 3 (iii) are malware types ordinarily used in PoS attacks to steal credit menu data? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer

Question 68)

According to a 2019 Ponemon written report, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with improve security?

  • 52%

Question 69)

You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your organization and would like to help you lot resolve it. In club to assistance, they demand you to go to a web site and download a simple utility that will permit them to prepare the settings on your estimator. Since you only own an Apple tree Mac, you lot are suspicious of this caller and hang upwards. What would the assail vector accept been if you had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated way to foreclose malware from inbound your system as an e-mail attachment?

  • Anti-virus software

 Question 71)

True or Faux. The large bulk of stolen credit bill of fare numbers are used speedily past the thief or a fellow member of his/her family.

  • False

Question 72)

Which three (three) of these are PCI-DSS requirements for whatsoever visitor handling, processing or transmitting credit card data? (Select 3)

  • Restrict access to cardholder data by business demand-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data

Question 73)

True or Imitation. Communications of a data alienation should be handled by a team composed of members of the IR squad, legal personnel and public relations.

  • True

Question 74)

A Coordinating incident response team model is characterized by which of the post-obit?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their land or department
  • Multiple incident response teams within an organization but one with authorisation to assure consistent policies and practices are followed beyond all teams
  • This term refers to a structure that assures the incident response team'south activities are coordinated with senior management and all appropriate departments within and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

  • Blue Carmine
  • Ruddy, Blueish

Question 76)

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and bogus intelligence. The human expertise domain would contain which three (three) of these topics?

  • Abstraction
  • Dilemmas
  • Morals

Question 77)

Solution architectures often contain diagrams similar the i below. What does this diagram bear witness?

<<Solution Architecture Data Period.png>>

  • Functional components and data period

Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Data Link

Question lxxx)

True or False. Internal attacks from trusted employees represents every bit as significant a threat as external attacks from professional cyber criminals.

  • True

Question 81)

Co-ordinate to the FireEye Mandiant'due south Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

  • 80%

Question 82)

Which country had the highest boilerplate cost per breach in 2018 at $8.19M

  • Us

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-acquire

Question 84)

What will impress out when this block of Python code is run?

i=i

#i=i+1

#i=i+ii

#i=i+three

print(i)

  • 1

Question 85)

Which three (3) statements well-nigh Python variables are true? (Select three)

  • A variable name must start with a alphabetic character or the underscore "_" character
  • Variables can change blazon after they have been ready
  • Variables do non have to be declared in accelerate of their utilize

Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows

Question 87)

In digital forensics documenting the chain of custody of bear witness is critical. Which of these should be included in your chain of custody log?

  • All of the in a higher place

Question 88)

Forensic analysis should always exist conducted on a re-create of the original data. Which two (2) types of copying are advisable for getting data from a laptop acquired from a terminated employee, if y'all suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup

Question 89)

Which of the following would be considered an incident forerunner?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An appear threat confronting your organization by a hactivist group

Question 90)

If a penetration test calls for you lot to create a diagram of the target network including the identity of hosts and servers also as a list of open ports and published services, which tool would be the best fit for this task?

  • Nmap

Question 91)

Which type of list is considered best for safe coding practise?

  • Whitelist

Question 92)

In reviewing the security logs for a company'due south headquarters in New York Urban center, which of these activities should not raise much of a security concern?

  • A recently hired data scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from home for an hr or and so during the last 2 weeks of each quarter

Question 93)

Data sources such as newspapers, books and web pages are considered which type of data?

  • Unstructured data
  • Semi-structured data
  • Structured data

Question 94)

Which iii (3) of these statements nearly the TCP protocol are True? (Select 3)

  • TCP packets are reassembled past the receiving organisation in the order in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented

Question 95)

In IPv4, how many of the four octets are used to define the network portion of the address in a Class B network?

  • two

Question 96)

A modest company with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this company demand to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Accost Translations?

  • 1

Question 97)

Why is symmetric central encryption the most common choice of methods to encryptic data at rest?

  • There are far more than keys available for use
  • It is much faster than asymmetric key encryption

Question 98)

Which of the following statements about hashing is Truthful?

  • Hashing uses algorithms that are known as "ane-way" functions

Question 99)

Why is hashing not a common method used for encrypting information?

  • Hashing is a one-manner procedure so the original data cannot exist reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity

Question 101)

What is the principal authentication protocol used by Microsoft in Active Directory?

  • Kerberos

Question 102)

Granting admission to a user account only those privileges necessary to perform its intended functions is known every bit what?

  • The principle of least privileges

Question 103)

What is the nigh common patch remediation frequency for well-nigh organizations?

  • Monthly
  • Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

  • Supply Concatenation Infiltration
  • Blocking admission to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks

Question 105)

Security training for Information technology staff is what type of control?

  • Virtual
  • Operational
  • Concrete

Question 106)

Which security concerns follow your workload fifty-fifty after it is successfully moved to the deject?

  • All of the higher up

Question 107)

Which form of Cloud computing combines both public and private clouds?

  • Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

  • The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to information are examples of which type of access control?

  • Technical

Question 110)

In cybersecurity, Authenticity is divers every bit what?

  • The property of being 18-carat and verifiable

Question 111)

ITIL is best described as what?

  • A collection of Information technology Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer information systems?

  • Information Security Auditor

Question 113)

A company wants to forestall employees from wasting time on social media sites. To reach this, a document forbidding use of these sites while at piece of work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which 2 (2) types of security controls has the visitor just implemented? (Select ii)

  • Administrative
  • Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would accost which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious lawmaking that gets installed on a computer and reports dorsum to the controller your keystrokes and other information it can get together from your system exist chosen?

  • Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct club.

A weakness in a arrangement is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of set on?

  • A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic obviously-text message from Alice to her boyfriend Sam. The message upsets Trudy then she forwards it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the to a higher place

Question 120)

Which factor contributes almost to the strength of an encryption arrangement?

  • How many people take access to your public cardinal
  • The length of the encryption key used
  • The number of private keys used past the system

Question 121)

What is an advantage asymmetric central encryption has over symmetric central encryption?

  • Asymmetric keys can be exchanged more securely than symmetric keys
  • Asymmetric key encryption is harder to break than symmetric key encryption
  • Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations calculator systems?

  • A Penetration Tester

Question 123)

Which three (3) are considered all-time practices, baselines or frameworks? (Select three)

  • ISO27000 series
  • ITIL
  • COBIT

Question 124)

What does the "A" in the CIA Triad represent?

  • Availability

Question 125)

Which blazon of admission command is based upon the subject area's clearance level and the objects classification?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Admission Control (RBAC)

Question 126)

Windows 10 stores 64-flake applications in which directory?

  • \Program Files

Question 127)

To build a virtual computing surroundings, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the cloud's supervisory organization
  • Between the hardware and operating system
  • Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would exist classified as which type of assail?

  • A Shark assault
  • A Phishing assault

Question 129)

Which statement nigh drivers running in Windows kernel mode is true?

  • Simply disquisitional processes are permitted to run in kernel mode since there is nothing to prevent a

Question 130)

Symmetric fundamental encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality merely
  • Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to utilise dynamic mapping?

  • The system will demand as many registered IP addresses equally it has computers that need Net admission
  • Many registered IP addresses are mapped to a single registered IP address using different port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each reckoner'south IP address for both internal and external communication

Question 132)

Which accost blazon does a computer use to get a new IP accost when information technology boots up?

  • The network's DHCP server address

Question 133)

What is the primary difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times equally many possible IP addresses

Question 134)

Which type of firewall understands which session a parcel belongs to and analyzes it accordingly?

  • A Side by side Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that perchance, merely possibly, the links in the email he clicked on this morning were non from the existent Lottery Commission. What is the first thing you lot should tell the employee to practice?

  • Run a Port scan
  • Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no within knowled

Question 137)

Which Post Incident action would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned coming together
  • Bear witness retention
  • Documentation review & update
  • Utilizing collected information

Question 138)

In digital forensics, which three (three) steps are involved in the drove of data? (Select 3)

  • Develop a plan to acquire the data
  • Verify the integrity of the data
  • Acquire the data

Question 139)

Which three (iii) of the post-obit are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<x):

 print(i)

 i=i+one

  • 9

Question 141)

Activities performed equally a role of security intelligence can be divided into pre-exploit and mail service-exploit activities. Which 2 (ii) of these are post-exploit activities? (Select 2)

  • Gather total situational awareness through advanced security analytics
  • Perform forensic investigation

Question 142)

At that place are many good reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an arrangement'south backup practices?

  • Availability
  • Integrity
  • Authorization

Question 143)

Which phase of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?

  • Examination
  • Code & build
  • Operate & monitor
  • Programme

Question 144)

Which one of the OWASP Summit 10 Awarding Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (ii) factors? (Select 2)

  • Flows per minute (FPM)
  • Events per second (EPS)

Question 146)

True or Faux. If you have no ameliorate place to start hunting threats, showtime with a view of the global threat landscape and so drill down to a regional view, manufacture view and finally a view of the threats specific to your own organization.

  • True

Question 147)

Truthful or Fake. Deject-based storage or hosting providers are among the peak sources of third-party breaches

  • Truthful

Question 148)

You are looking very difficult on the spider web for the lowest mortgage interest load yous tin find and you come across a rate that is so low information technology could not possibly be true. You cheque out the site to run across that the terms are and quickly notice yous are the victim of a ransomware attack. What was the likely assail vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities

Question 149)

Very provocative articles that come in news feeds or Google searches are sometimes called "click-bait". These articles ofttimes tempt you to link to other sites that tin be infected with malware. What attack vector is used by these click-allurement sites to get you to go to the really bad sites?

  • Malicious Links

More New Questions

Question 150)

Which of the post-obit defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • One instance of a weakness beingness exploited
  • A weakness in a system that could be exploited by a bad actor

Question 151)

Suspicious activity, like IP addresses or ports existence scanned sequentially, is a sign of which type of attack?

  • A mapping attack
  • A denial of service (DoS) attack
  • A phishing set on
  • An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read information technology because it is encrypted simply allows it to be delivered to Bob in its original course
  • Trudy changes the message so forwards it on
  • Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected wellness information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A

Question 154)

A adept Endpoint Detection and Response system (EDR) should have which three (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at one time
  • Deploying devices with network configurations

Question 155)

Which argument well-nigh encryption is Truthful well-nigh data in use.

  • Information should always be kept encrypted since modernistic CPUs are fully capable of operating directly on encrypted data
  • It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on
  • Curt of orchestrating a memory dump from a arrangement crash, there is no applied way for malware to get at the data being candy, so dump logs are your merely real concern
  • Data in active memory registers are not at risk of beingness stolen

Question 156)

For added security y'all make up one's mind to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network ambassador must cull to run a given network segment in either stateful or stateless mode, and and then select the respective firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall simply These avant-garde devices inspect everything a stateless firewall inspects in add-on to country related factors
  • Yous must install 2 firewalls in series, so all packets laissez passer through the stateless firewall showtime so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Form A network?

  • 2
  • 1
  • 4
  • 3

Question 158)

If you have to rely upon metadata to piece of work with the data at paw, you lot are probably working with which blazon of data?

  • Meta-structured data
  • Semi-structured information
  • Structured data
  • Unstructured information

Question 159)

Which two (2) forms of discovery must be conducted online? (Select two)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Bundle sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Fundamental
  • Coordinating
  • Command

Question 161)

Which is the data protection process that prevents a suspicious information request from being completed?

  • Information risk analysis
  • Data classification
  • Information discovery
  • Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in accelerate of their assail to streamline costs and focus efforts?

  • Ruby Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing

Question 163)

Which type of awarding attack would include User denies performing an performance, attacker exploits an application without trace, and aggressor covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation

Question 164)

True or Faux. Thorough reconnaissance is an important step in developing an constructive cyber kill chain.

  • True
  • False

Question 165)

True or Fake. I of the master challenges in cyber threat hunting is a lack of useful tools sold by also few vendors.

  • Truthful
  • False

Question 166)

True or False. A big company has a information breach involving the theft of employee personnel records only no customer information of any kind. Since no external information was involved, the company does not have to report the breach to constabulary enforcement.

  • True
  • False

Question 167)

You are the CEO of a large tech company and have just received an angry email that looks like information technology came from i of your biggest customers. The email says your company is overbilling the customer and asks that you lot examine the attached invoice. You do but find it blank, so you lot reply politely to the sender asking for more than details. You lot never hear back, but a week afterward your security team tells yous that your credentials have been used to access and exfiltrate large amounts of visitor financial data. What kind of attack did you fall victim to?

  • Equally a phishing assail
  • As a whale attack
  • A shark attack
  • A fly phishing attack

Question 168)

Which of these statements about the PCI-DSS requirements for whatever company treatment, processing or transmitting credit carte du jour data is true?

  • Muti-cistron authentication is required for all new carte holders
  • Some grade of mobile device management (MDM) must exist used on all mobile credit carte processing devices
  • All employees with direct admission to cardholder data must be bonded
  • Cardholder information must exist encrypted if information technology is sent across open or public networks

Which Incident Response Team model describes a squad that acts as consulting experts to propose local IR teams?

  • Control
  • Coordinating
  • Distributed
  • O Central

In a Linux file system, which files are contained in the \bin folder?

  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /home and /usr

If a computer needs to send a message to a system that is not office of the local network, where does it transport the message?

  • To the system's domain name
  • To the system's IP address
  • The network's DNS server address
  • To the arrangement's MAC address
  • The network's default gateway address
  • The network'southward DHCP server address

Which 3 (3) of these statements about the TCP protocol are True? (Select 3)

  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP

A professor is not allowed to change a student's final class after she submits information technology without completing a special course to explain the circumstances that necessitated the change. This boosted stride supports which attribute of the CIA Triad?

  • Authorization
  • Integrity
  • Confidentiality
  • Availability

Which of these is the all-time definition of a security risk?

  • An instance of being exposed to losses
  • Whatever potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a system
  • The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a plain text bulletin sent past Alice to Bob, just in no mode interferes with its commitment. Which aspect of the CIA Triad was violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

What is an advantage symmetric primal encryption has over asymmetric key encryption?

  • Symmetric key encryption provides ameliorate security against Human being-in-the-middle attacks than is possible with asymmetric key encryption
  • Symmetric cardinal encryption is faster than disproportionate key encryption
  • Symmetric keys tin exist exchanged more securely than asymmetric keys
  • Symmetric central encryption is harder to break than asymmetric cardinal encryption

Which type of application attack would include network eavesdropping, dictionary attacks and cookie replays?

  • Configuration management
  • Hallmark
  • Dominance
  • Exception management

Why should you always look for common patterns before starting a new security architecture design?

  • They tin help identify best practices
  • They can shorten the development lifecycle
  • Some document complete tested solutions
  • All of the higher up

Final Update: 09/12/2021

Alert: Jo Answer Light-green hai wo correct hai but

Jo Greenish Nahi hai. Usme se jo ek wrong pick tha usko hata diya hai

Delight Wait I WILL ADD MORE NEW QUETIONS..

Also if you lot accept Questions with correct reply  Send me on my Email i volition update on my weblog..

niyander111@gmail.com

Thank you...