Does the National Guard Cover the Cost of Having Babies

IBM Cybersecurity Annotator Professional person Certificate Assessment Test Quiz Answers

Warning: Jo Reply Light-green hai wo correct hai but

Jo Light-green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Question 1)

Implementing a Security Awareness training programme would be an example of which blazon of control?

• Administrative control

Question ii)

Putting locks on a door is an instance of which type of control?

• Preventative

Question 3)

How would you classify a piece of malicious code that can replicate itself and spread to new systems?

• A worm

Question four)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

• A network card
• An Intrusion Detection Organisation (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, simply non exercise much to assure confidentiality or availability.

• Hashing

Question 6)

An arrangement wants to restrict employee after-hours access to its systems so information technology publishes a policy forbidding employees to work outside of their assigned hours, and so makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select ii)

• Physical
• Administrative

Question 7)

Which ii factors contribute to cryptographic strength? (Select ii)

• The use of cyphers that are based on complex mathematical algorithms
• The use of cyphers that have undergone public scrutiny

Question 8)

Trying to break an encryption fundamental by trying every possible combination of characters is chosen what?

• A animal strength attack

Question 9)

Which of the following describes the core goals of IT security?

• The Open Web Application Security Project (OWASP) Framework
• The Business organization Process Direction Framework
• The CIA Triad

Question 10)

Which three (3) roles are typically establish in an Information Security arrangement? (Select 3)

• Vulnerability Assessor
• Primary Information Security Officer (CISO)
• Penetration Tester

Question 11)

Problem Direction, Change Direction, and Incident Management are all cardinal processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

• Trudy changes the message and and then frontwards it on
• Trudy deletes the bulletin without forwarding information technology
• Trudy reads the message
• Trudy cannot read it because it is encrypted just allows it to be delivered to Bob in its original form

Question xiii)

In cybersecurity, Accountability is divers equally what?

• Being able to map an action to an identity

Question 14)

Multifactor authentication (MFA) requires more than one hallmark method to be used before identity is authenticated. Which three (3) are hallmark methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question 15)

Which iii (3) of the post-obit are Physical Access Controls? (Select iii)

• Door locks
• Security guards
• Fences

Question 16)

If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (two) file system could you select? (Select 2)

• NTFS
• FAT32

Question 17)

Which 3 (iii) permissions can exist assail a file in Linux? (Select 3)

• write
• execute
• read

Question 18)

If cost is the primary business, which type of cloud should be considered get-go?

• Public cloud

Question 19)

Consolidating and virtualizing workloads should be done when?

• Before moving the workloads to the cloud

Question 20)

Which of the post-obit is a self-regulating standard gear up upwards by the credit card industry in the US?

• PCI-DSS

Question 21)

Which two (two) of the following attack types target endpoints?

• Advertizement Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not take a required patch installed, which statement best characterizes the actions it is able to take automatically?

• The endpoint can exist quarantined from all network resource except those that allow it to download and install the missing patch

Question 23)

Granting admission to a user based upon how high up he is in an organisation violates what basic security premise?

• The principle of to the lowest degree privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the following protections?

• Firewall and network protection
• Family options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the following?

• Integrity

Question 26)

Which of the post-obit practices helps assure the all-time results when implementing encryption?

• Choose a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your organization and go on them hugger-mugger

Question 27)

Which of these methods ensures the hallmark, non-repudiation and integrity of a digital communication?

• Utilise of digital signatures

Question 28)

Which of the post-obit practices will help assure the confidentiality of information in transit?

• Disable certificate pinning
• Accept self-signed certificates
• Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits y'all tin realize from using a NAT (Network Address Translation) router? (Select 3)

• Allows static 1-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP accost but when they are needed
• Allows internal IP addresses to exist subconscious from outside observers

Question 30)

Which statement all-time describes configuring a NAT router to use static mapping?

• The organization volition demand as many registered IP addresses equally information technology has computers that need Internet access

Question 31)

If a estimator needs to transport a bulletin to a system that is part of the local network, where does it send the message?

• To the system's MAC address

Question 32)

Which are properties of a highly available system?

• Redundancy, failover and monitoring

Question 33)

Which three (iii) of these statements about the UDP protocol are True? (Select three)

• UDP is faster than TCP
• UDP packets are reassembled past the receiving arrangement in whatever social club they are received
• UDP is connectionless

Question 34)

What is 1 departure betwixt a Stateful Firewall and a Next Generation Firewall?

• A NGFW understand which application sent a given parcel

Question 35)

Y'all are concerned that your organization is really non very experienced with securing information sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX USA. Which ii (2) of these activities raise the most cause for concern? (Select 2)

• Each night Hassan logs into his account from an Internet access provider in China
• One evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which three (iii) of the following are considered safe coding practices? (Select 3)

• Utilise library functions in place of Bone commands
• Avert using OS commands whenever possible
• Avoid running commands through a shell interpreter

Question 38)

Which 3 (3) items should be included in the Planning step of a penetration test? (Select 3)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest report would cover the adventure ranking, recommendations and roadmap?

• Executive Summary

Question twoscore)

Spare workstations and servers, bare removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resources category?

• Incident Postal service-Analysis Resources
• Incident Analysis Hardware and Software

Question 41)

NIST recommends because a number of items, including a loftier level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

True or Faux. Digital forensics is effective in solving cyber crimes just is not considered effective in solving trigger-happy crimes such equally rape and murder.

• False

Question 43)

Which iii (3) are common obstacles faced when trying to examine forensic data? (Select 3)

• Selecting the right tools to aid filter and exclude irrelevant data
• Finding the relevant files amidst the hundreds of thousands found on virtually hard drives
• Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the aforementioned block of code while a specified status remains true?

• Loops

Question 45)

Which two (ii) statements virtually Python are true? (Select ii)

• Python code is considered easy to debug compared with other pop programming languages
• Python code is considered very readable past novice programmers

Question 46)

In the Python argument

pi="iii"

What data type is the information blazon of the variable pi?

• str

Question 47)

What volition be printed by the following cake of Python code?

def Add5(in)

 out=in+v

 return out

 print(Add5(10))

• 15

Question 48)

Which threat intelligence framework was developed by the Usa Regime to enable consistent label and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

True or Faux. An organization's security immune system should be integrated with outside organizations, including vendors and other third-parties.

• True

Question l)

Which three (3) of these are amongst the elevation 12 capabilities that a good data security and protection solution should provide? (Select 3)

• Vulnerability cess
• Existent-time alerting
• Tokenization

Question 51)

True or Fake. For iOS and Android mobile devices, users must interact with the operating organisation only through a series of applications, but non straight.

• True

Question 52)

All industries have their own unique information security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of admission points staffed by depression-level employees who have access to payment carte data?

• Retail

Question 53)

True or Simulated. WireShark has an impressive array of features and is distributed free of accuse.

• True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You calculate that there is a 2% probability that a cybercriminal volition be able to steal credit card numbers from your online storefront which will effect in $10M in losses to your visitor. What have you merely adamant?

• A risk

Question 57)

Which one of the OWASP Top ten Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which 3 (3) of these are Solution Building Blocks (SBBs)? (Select three)

• Virus Protection
• Application Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from three areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured information lends itself best to which of these areas?

• Bogus intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Procedure and Technology. Which office of the triad would network monitoring belong?

• Technology

Question 61)

Which of these is a expert definition for cyber threat hunting?

• The deed of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries every bit early on every bit possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 Eia use cases. Which ane of these provides immediate alerting on brand compromises and fraud on the dark web.

• Threat Discovery

.

Question 63)

Which iii (three) soft skills are important to accept in an organization's incident response team? (Select 3)

• Communication
• Teamwork
• Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Assay

Question 65)

Which three (3) of these statistics about phishing attacks are existent? (Select iii)

• Around 15 one thousand thousand new phishing sites are created each month
• Phishing accounts for nearly 20% of data breaches
• 30% of phishing messages are opened by their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Implement stiff access control measures
• Regularly monitor and test networks
• Maintain an information security policy

Question 67)

Which three (three) are malware types commonly used in PoS attacks to steal credit card information? (Select 3)

• Alina
• BlackPOS
• vSkimmer

Question 68)

According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more than for a product or service from a provider with ameliorate security?

• 52%

Question 69)

You lot get a telephone call from a technician at the "Windows company" who tells you that they have detected a trouble with your system and would like to help you resolve information technology. In order to aid, they need you to go to a web site and download a simple utility that will permit them to fix the settings on your computer. Since you but own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "unproblematic utility" as asked?

• Remote Desktop Protocol (RDP)

Question lxx)

What is an effective fully automated style to forestall malware from entering your system every bit an e-mail attachment?

• Anti-virus software

 Question 71)

True or Faux. The large majority of stolen credit card numbers are used apace by the thief or a member of his/her family.

• False

Question 72)

Which iii (3) of these are PCI-DSS requirements for whatever company handling, processing or transmitting credit menu data? (Select 3)

• Restrict access to cardholder information by business organization need-to-know
• Assign a unique ID to each person with computer admission
• Restrict physical access to cardholder information

Question 73)

Truthful or Imitation. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.

• Truthful

Question 74)

A Coordinating incident response team model is characterized by which of the following?

• Multiple incident response teams within an system all of whom coordinate their activities only within their country or department

• Multiple incident response teams within an organization simply one with authority to assure consistent policies and practices are followed across all teams

• This term refers to a structure that assures the incident response team's activities are coordinated with senior management and all advisable departments inside and organization

Question 75)

The cyber hunting team and the SOC analysts are informally referred to equally the ____ and ____ teams, respectively.

• Blue Scarlet

• Crimson, Blue

Question 76)

The partnership betwixt security analysts and engineering science can be said to be grouped into 3 domains, homo expertise, security analytics and bogus intelligence. The human expertise domain would contain which three (3) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures often incorporate diagrams like the one below. What does this diagram show?

<<Solution Architecture Data Flow.png>>

• Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known as what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Data Link

Question eighty)

True or False. Internal attacks from trusted employees represents equally as pregnant a threat every bit external attacks from professional cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

• 80%

Question 82)

Which state had the highest average cost per breach in 2018 at $8.19M

• Usa

Question 83)

Which two (two) of these Python libraries provides useful statistical functions? (Select 2)

• StatsModels

• Scikit-larn

Question 84)

What will print out when this block of Python code is run?

i=i

#i=i+1

#i=i+two

#i=i+3

print(i)

• one

Question 85)

Which 3 (3) statements about Python variables are truthful? (Select 3)

• A variable proper noun must start with a alphabetic character or the underscore "_" character
• Variables can modify blazon after they take been set
• Variables do not take to exist declared in advance of their utilize

Question 86)

PowerShell is a configuration management framework for which operating system?

• Windows

Question 87)

In digital forensics documenting the chain of custody of show is critical. Which of these should be included in your concatenation of custody log?

• All of the in a higher place

Question 88)

Forensic analysis should always be conducted on a copy of the original data. Which ii (2) types of copying are appropriate for getting information from a laptop acquired from a terminated employee, if you lot suspect he has deleted incriminating files? (Select 2)

• An incremental backup

• A logical backup

Question 89)

Which of the post-obit would be considered an incident precursor?

• An alert from your antivirus software indicating it had detected malware on your arrangement

• An announced threat against your organization past a hactivist grouping

Question xc)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers besides as a list of open ports and published services, which tool would exist the all-time fit for this task?

• Nmap

Question 91)

Which type of list is considered best for rubber coding exercise?

• Whitelist

Question 92)

In reviewing the security logs for a visitor'due south headquarters in New York City, which of these activities should not heighten much of a security business?

• A recently hired data scientist in the Medical Analytics section has repeatedly attempted to admission the corporate financial database

• An employee has started logging in from home for an hr or so during the final 2 weeks of each quarter

Question 93)

Information sources such as newspapers, books and web pages are considered which type of data?

• Unstructured data

• Semi-structured data

• Structured data

Question 94)

Which iii (3) of these statements about the TCP protocol are True? (Select 3)

• TCP packets are reassembled by the receiving organization in the guild in which they were sent

• TCP is more reliable than UDP

• TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

• 2

Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this visitor need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• ane

Question 97)

Why is symmetric key encryption the most mutual pick of methods to encryptic data at residuum?

• There are far more keys available for use

• Information technology is much faster than asymmetric primal encryption

Question 98)

Which of the following statements about hashing is True?

• Hashing uses algorithms that are known equally "i-way" functions

Question 99)

Why is hashing not a common method used for encrypting data?

• Hashing is a one-way process and then the original data cannot exist reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

• Confidentiality and Integrity

Question 101)

What is the chief authentication protocol used by Microsoft in Active Directory?

• Kerberos

Question 102)

Granting access to a user business relationship only those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

Question 103)

What is the most common patch remediation frequency for most organizations?

• Monthly

• Annually

Question 104)

Isle hopping is an assail method commonly used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Equus caballus attacks

Question 105)

Security preparation for IT staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even after it is successfully moved to the cloud?

• All of the above

Question 107)

Which form of Cloud computing combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

• The kernel

Question 109)

The encryption and protocols used to forbid unauthorized access to data are examples of which blazon of access control?

• Technical

Question 110)

In cybersecurity, Actuality is defined as what?

• The holding of being genuine and verifiable

Question 111)

ITIL is best described every bit what?

• A drove of IT Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of estimator data systems?

• Information Security Auditor

Question 113)

A company wants to prevent employees from wasting fourth dimension on social media sites. To achieve this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented? (Select two)

• Administrative

• Technical

Question 114)

An electronic mail message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious lawmaking that gets installed on a computer and reports back to the controller your keystrokes and other information information technology tin can gather from your system exist chosen?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the reply the fills in the blanks in the correct order.

A weakness in a organization is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad player.

• vulnerability, threat, exploit

• threat, exposure, adventure

• threat role player, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

• A Denial of Service (DoS) set on

Question 119)

Trudy intercepts a romantic plain-text bulletin from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it look like Alice intended information technology for Bob from the showtime. Which aspect of the CIA Triad has Trudy violated ?

• All of the above

Question 120)

Which cistron contributes virtually to the forcefulness of an encryption organization?

• How many people have admission to your public key

• The length of the encryption key used

• The number of individual keys used by the system

Question 121)

What is an advantage asymmetric key encryption has over symmetric fundamental encryption?

• Disproportionate keys can exist exchanged more than securely than symmetric keys

• Disproportionate fundamental encryption is harder to break than symmetric key encryption

• Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "upstanding hacking" of an organizations computer systems?

• A Penetration Tester

Question 123)

Which three (three) are considered best practices, baselines or frameworks? (Select 3)

• ISO27000 series

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which blazon of access control is based upon the subject'due south clearance level and the objects classification?

• Hierarchical Access Control (HAC)
• Discretionary Admission Control (DAC)
• Mandatory Access Control (MAC)
• Role Based Admission Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

• \Plan Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

• Between the applications and the data sources
• On the cloud'south supervisory system
• Between the hardware and operating organisation
• Between the operating system and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of attack?

• A Shark assail

• A Phishing attack

Question 129)

Which argument virtually drivers running in Windows kernel mode is true?

• Simply critical processes are permitted to run in kernel mode since there is nothing to prevent a

Question 130)

Symmetric key encryption past itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to use dynamic mapping?

• The organization will need as many registered IP addresses as it has computers that need Internet access

• Many registered IP addresses are mapped to a single registered IP accost using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses as they are needed

• The NAT router uses each calculator's IP address for both internal and external communication

Question 132)

Which accost type does a computer use to go a new IP address when information technology boots up?

• The network'due south DHCP server address

Question 133)

What is the master difference betwixt the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used just for IOT devices

• IPv6 allows for billions of times every bit many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it accordingly?

• A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the Information technology Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the offset thing y'all should tell the employee to practise?

• Run a Port scan

• Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

• Attempting to penetrate a client'southward systems as if she were an external hacker with no within knowled

Question 137)

Which Postal service Incident activity would be concerned with maintaining the proper chain-of-custody?

• Lessons learned coming together
• Evidence retention
• Documentation review & update
• Utilizing collected data

Question 138)

In digital forensics, which three (3) steps are involved in the collection of data? (Select iii)

• Develop a plan to acquire the information

• Verify the integrity of the data

• Acquire the data

Question 139)

Which three (three) of the following are considered scripting languages? (Select 3)

• Perl

• Bash

• Python

Question 140)

What is the largest number that will exist printed during the execution of this Python while loop?

i=0

while (i<10):

 impress(i)

 i=i+1

• 9

Question 141)

Activities performed equally a part of security intelligence tin can be divided into pre-exploit and postal service-exploit activities. Which two (2) of these are mail-exploit activities? (Select ii)

• Get together full situational awareness through advanced security analytics

• Perform forensic investigation

Question 142)

There are many proficient reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an arrangement's backup practices?

• Availability

• Integrity

• Authorization

Question 143)

Which phase of DevSecOps would incorporate the activities Internal/External testing, Continuous balls, and Compliance checking?

• Exam

• Code & build

• Operate & monitor

• Plan

Question 144)

Which 1 of the OWASP Top x Application Security Risks would be occur when at that place are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that tin can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which ii (2) factors? (Select 2)

• Flows per minute (FPM)

• Events per second (EPS)

Question 146)

True or Simulated. If you have no better place to start hunting threats, start with a view of the global threat landscape and so drill down to a regional view, industry view and finally a view of the threats specific to your ain organization.

• Truthful

Question 147)

True or False. Cloud-based storage or hosting providers are among the top sources of tertiary-party breaches

• True

Question 148)

You are looking very hard on the web for the lowest mortgage interest load you can find and yous come across a rate that is so low it could not possibly be true. Yous bank check out the site to meet that the terms are and rapidly find y'all are the victim of a ransomware attack. What was the likely assail vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles oftentimes tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get yous to go to the really bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

• Any potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a arrangement will be exploited
• Ane instance of a weakness being exploited
• A weakness in a organisation that could exist exploited past a bad histrion

Question 151)

Suspicious activity, similar IP addresses or ports being scanned sequentially, is a sign of which type of attack?

• A mapping attack
• A denial of service (DoS) assault
• A phishing set on
• An IP spoofing assail

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the message without forwarding information technology
• Trudy cannot read it considering it is encrypted but allows information technology to be delivered to Bob in its original grade
• Trudy changes the message and so forrad it on
• Trudy reads the bulletin

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (eastward-PHI)?

• PCI-DSS
• ISO27000 series
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A practiced Endpoint Detection and Response organization (EDR) should have which three (three) of these capabilities? (Select 3)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at one time
• Deploying devices with network configurations

Question 155)

Which statement almost encryption is True about data in use.

• Data should always be kept encrypted since modernistic CPUs are fully capable of operating straight on encrypted information

• It is vulnerable to theft and should be decrypted only for the briefest possible time while it is beingness operated on

• Short of orchestrating a memory dump from a system crash, in that location is no practical mode for malware to get at the data being processed, so dump logs are your just real business concern

• Data in agile memory registers are not at risk of being stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this exist washed?

• This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless manner, and and so select the corresponding firewall type

• Install a unmarried firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall just These advanced devices inspect everything a stateless firewall inspects in addition to country related factors

• Yous must install two firewalls in series, and then all packets pass through the stateless firewall beginning and so the stateless firewall

Question 157)

In IPv4, how many of the four octets are used to ascertain the network portion of the accost in a Class A network?

• 2
• 1
• iv
• 3

Question 158)

If you have to rely upon metadata to work with the data at manus, you are probably working with which type of data?

• Meta-structured information
• Semi-structured data
• Structured data
• Unstructured data

Question 159)

Which two (2) forms of discovery must exist conducted online? (Select 2)

• Port scanning
• Shoulder surfing
• Social engineering
• Packet sniffing

Question 160)

Which Incident Response Team model describes a squad that runs all incident response activities for a company?

• Distributed
• Central
• Coordinating
• Command

Question 161)

Which is the information protection process that prevents a suspicious data request from being completed?

• Information adventure analysis
• Data classification
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which class of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

• Red Box Testing
• Gray Box Testing
• White Box testing
• Blackness Box Testing

Question 163)

Which type of application assail would include User denies performing an performance, attacker exploits an awarding without trace, and attacker covers her tracks?

• Auditing and logging
• Authentication
• Dominance
• Input validation

Question 164)

True or False. Thorough reconnaissance is an important step in developing an effective cyber impale concatenation.

• Truthful
• Faux

Question 165)

True or Fake. One of the main challenges in cyber threat hunting is a lack of useful tools sold by likewise few vendors.

• True
• False

Question 166)

True or Simulated. A large company has a data alienation involving the theft of employee personnel records merely no customer data of any kind. Since no external data was involved, the company does not have to report the breach to police enforcement.

• True
• False

Question 167)

You lot are the CEO of a big tech company and have just received an aroused electronic mail that looks like information technology came from 1 of your biggest customers. The email says your company is overbilling the client and asks that you examine the attached invoice. You do only find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later on your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?

• Equally a phishing attack
• As a whale attack
• A shark attack
• A fly phishing attack

Question 168)

Which of these statements virtually the PCI-DSS requirements for whatever company handling, processing or transmitting credit card data is true?

• Muti-factor authentication is required for all new card holders
• Some course of mobile device direction (MDM) must be used on all mobile credit bill of fare processing devices
• All employees with direct access to cardholder data must exist bonded
• Cardholder data must exist encrypted if it is sent beyond open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?

• Control
• Coordinating
• Distributed
• O Fundamental

In a Linux file system, which files are contained in the \bin folder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such every bit fstab and inittab
• Directories such as /home and /usr

If a computer needs to send a message to a arrangement that is not part of the local network, where does information technology send the message?

• To the system's domain name
• To the system's IP address
• The network's DNS server address
• To the organisation's MAC address
• The network's default gateway address
• The network's DHCP server address

Which three (3) of these statements about the TCP protocol are True? (Select three)

• TCP is faster than UDP
• TCP is connexion-oriented
• TCP packets are reassembled by the receiving system in the guild in which they were sent
• TCP is more reliable than UDP

A professor is not immune to modify a student's final course afterwards she submits information technology without completing a special form to explicate the circumstances that necessitated the change. This boosted stride supports which aspect of the CIA Triad?

• Potency
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security risk?

• An instance of being exposed to losses
• Whatever potential danger that is associated with the exploitation of a vulnerability
• A weakness in a system
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a apparently text bulletin sent past Alice to Bob, but in no mode interferes with its delivery. Which aspect of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the above

What is an reward symmetric key encryption has over asymmetric key encryption?

• Symmetric central encryption provides amend security confronting Man-in-the-middle attacks than is possible with asymmetric key encryption
• Symmetric fundamental encryption is faster than asymmetric key encryption
• Symmetric keys tin exist exchanged more deeply than asymmetric keys
• Symmetric key encryption is harder to break than asymmetric key encryption

Which blazon of application assault would include network eavesdropping, lexicon attacks and cookie replays?

• Configuration direction
• Authentication
• Authority
• Exception management

Why should you lot e'er await for mutual patterns earlier starting a new security architecture design?

• They can help identify best practices
• They can shorten the development lifecycle
• Some document consummate tested solutions
• All of the above

Concluding Update: 09/12/2021

Alert: Jo Reply Green hai wo correct hai simply

Jo Greenish Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

PLEASE Wait I Volition ADD MORE NEW QUETIONS..

Too if you have Questions with correct reply  Transport me on my Electronic mail i will update on my blog..

niyander111@gmail.com

Thank you...

culpepperhicter.blogspot.com

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html