What Is The Current Cost To Draw Up A Will And Medical Directive

IBM Cybersecurity Analyst Professional person Certificate Assessment Exam Quiz Answers

Warning: Jo Reply Greenish hai wo right hai but

Jo Dark-green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Question 1)

Implementing a Security Awareness training program would be an case of which type of command?

• Administrative command

Question 2)

Putting locks on a door is an example of which blazon of control?

• Preventative

Question iii)

How would you classify a piece of malicious lawmaking that tin replicate itself and spread to new systems?

• A worm

Question 4)

To engage in bundle sniffing, you lot must implement promiscuous mode on which device ?

• A network card
• An Intrusion Detection System (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, just not do much to assure confidentiality or availability.

• Hashing

Question 6)

An organization wants to restrict employee later-hours access to its systems then it publishes a policy forbidding employees to work outside of their assigned hours, and so makes sure the part doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

• Physical
• Administrative

Question seven)

Which 2 factors contribute to cryptographic forcefulness? (Select two)

• The use of cyphers that are based on circuitous mathematical algorithms
• The use of cyphers that have undergone public scrutiny

Question 8)

Trying to suspension an encryption key by trying every possible combination of characters is called what?

• A creature strength assault

Question 9)

Which of the following describes the core goals of IT security?

• The Open Web Awarding Security Projection (OWASP) Framework
• The Business Process Management Framework
• The CIA Triad

Question 10)

Which three (3) roles are typically establish in an Information Security system? (Select 3)

• Vulnerability Assessor
• Chief Information Security Officer (CISO)
• Penetration Tester

Question 11)

Problem Management, Alter Direction, and Incident Management are all key processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

• Trudy changes the bulletin and and so frontward it on
• Trudy deletes the message without forwarding it
• Trudy reads the message
• Trudy cannot read it considering it is encrypted but allows it to be delivered to Bob in its original form

Question xiii)

In cybersecurity, Accountability is divers as what?

• Being able to map an activity to an identity

Question 14)

Multifactor authentication (MFA) requires more than one hallmark method to exist used before identity is authenticated. Which three (three) are authentication methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question 15)

Which three (iii) of the post-obit are Physical Admission Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question 16)

If you lot are setting up a Windows 10 laptop with a 32Gb hard bulldoze, which two (2) file arrangement could you select? (Select 2)

• NTFS
• FAT32

Question 17)

Which three (three) permissions can be set on a file in Linux? (Select iii)

• write
• execute
• read

Question 18)

If cost is the master concern, which type of deject should exist considered first?

• Public cloud

Question xix)

Consolidating and virtualizing workloads should be washed when?

• Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard set up by the credit card industry in the The states?

• PCI-DSS

Question 21)

Which two (2) of the following attack types target endpoints?

• Advertizement Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement all-time characterizes the actions it is able to take automatically?

• The endpoint tin can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting admission to a user based upon how high upward he is in an organization violates what basic security premise?

• The principle of least privileges

Question 24)

The Windows Security App available in Windows 10 provides uses with which of the following protections?

• Firewall and network protection
• Family options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the following?

• Integrity

Question 26)

Which of the following practices helps assure the all-time results when implementing encryption?

• Cull a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your organisation and keep them secret

Question 27)

Which of these methods ensures the hallmark, non-repudiation and integrity of a digital communication?

• Use of digital signatures

Question 28)

Which of the following practices will help assure the confidentiality of data in transit?

• Disable certificate pinning
• Accept cocky-signed certificates
• Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (iii) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select three)

• Allows static 1-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
• Allows internal IP addresses to exist hidden from outside observers

Question 30)

Which statement best describes configuring a NAT router to use static mapping?

• The organisation will need as many registered IP addresses as it has computers that demand Internet admission

Question 31)

If a computer needs to send a message to a system that is part of the local network, where does it ship the message?

• To the organisation's MAC address

Question 32)

Which are properties of a highly available organization?

• Redundancy, failover and monitoring

Question 33)

Which 3 (three) of these statements about the UDP protocol are True? (Select 3)

• UDP is faster than TCP
• UDP packets are reassembled by the receiving system in whatever order they are received
• UDP is connectionless

Question 34)

What is one difference between a Stateful Firewall and a Next Generation Firewall?

• A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX USA. Which ii (ii) of these activities heighten the most crusade for concern? (Select two)

• Each nighttime Hassan logs into his account from an Internet service provider in Prc
• One evening, Hassan downloads all of the files associated with the new production he is working on

Question 37)

Which three (3) of the following are considered safe coding practices? (Select iii)

• Use library functions in place of OS commands
• Avoid using Bone commands whenever possible
• Avert running commands through a shell interpreter

Question 38)

Which iii (3) items should be included in the Planning step of a penetration test? (Select 3)

• Informing Demand-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest written report would embrace the hazard ranking, recommendations and roadmap?

• Executive Summary

Question twoscore)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resources category?

• Incident Mail-Analysis Resources
• Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered constructive in solving violent crimes such as rape and murder.

• Simulated

Question 43)

Which three (3) are mutual obstacles faced when trying to examine forensic data? (Select 3)

• Selecting the right tools to help filter and exclude irrelevant data
• Finding the relevant files amid the hundreds of thousands found on almost difficult drives
• Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

• Loops

Question 45)

Which two (2) statements about Python are true? (Select two)

• Python code is considered easy to debug compared with other popular programming languages
• Python lawmaking is considered very readable past novice programmers

Question 46)

In the Python statement

pi="3"

What data blazon is the data type of the variable pi?

• str

Question 47)

What will be printed past the following block of Python code?

def Add5(in)

 out=in+5

 render out

 print(Add5(10))

• 15

Question 48)

Which threat intelligence framework was developed by the The states Regime to enable consistent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

Truthful or False. An organization's security immune system should be integrated with exterior organizations, including vendors and other third-parties.

• True

Question fifty)

Which three (3) of these are among the summit 12 capabilities that a practiced data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Real-time alerting
• Tokenization

Question 51)

True or False. For iOS and Android mobile devices, users must interact with the operating organisation only through a series of applications, but not directly.

• True

Question 52)

All industries have their own unique information security challenges. Which of these industries has a particular business with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data?

• Retail

Question 53)

True or False. WireShark has an impressive assortment of features and is distributed free of accuse.

• Truthful

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

• Base of operations-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission stage contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You calculate that in that location is a 2% probability that a cybercriminal volition be able to steal credit card numbers from your online storefront which volition upshot in $10M in losses to your visitor. What have you only adamant?

• A take chances

Question 57)

Which one of the OWASP Top 10 Application Security Risks would exist occur when an application's API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select three)

• Virus Protection
• Application Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured information lends itself all-time to which of these areas?

• Artificial intelligence

Question sixty)

The triad of a security operations centers (SOC) is People, Process and Engineering science. Which part of the triad would network monitoring belong?

• Technology

Question 61)

Which of these is a proficient definition for cyber threat hunting?

• The human action of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 EIA apply cases. Which i of these provides immediate alerting on brand compromises and fraud on the dark spider web.

• Threat Discovery

.

Question 63)

Which iii (iii) soft skills are of import to take in an arrangement's incident response team? (Select 3)

• Advice
• Teamwork
• Trouble solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Assay

Question 65)

Which three (iii) of these statistics about phishing attacks are real? (Select 3)

• Around fifteen million new phishing sites are created each month
• Phishing accounts for virtually 20% of data breaches
• 30% of phishing messages are opened past their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Implement potent access command measures
• Regularly monitor and exam networks
• Maintain an information security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit menu data? (Select 3)

• Alina
• BlackPOS
• vSkimmer

Question 68)

Co-ordinate to a 2022 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

• 52%

Question 69)

You become a phone call from a technician at the "Windows visitor" who tells you that they accept detected a trouble with your arrangement and would like to help you resolve it. In order to help, they need y'all to go to a web site and download a uncomplicated utility that will allow them to set up the settings on your computer. Since you lot only ain an Apple Mac, yous are suspicious of this caller and hang upward. What would the attack vector have been if you had downloaded the "unproblematic utility" as asked?

• Remote Desktop Protocol (RDP)

Question lxx)

What is an effective fully automatic way to prevent malware from entering your organization equally an email attachment?

• Anti-virus software

 Question 71)

True or Simulated. The large majority of stolen credit carte numbers are used quickly past the thief or a member of his/her family.

• Imitation

Question 72)

Which three (3) of these are PCI-DSS requirements for any visitor handling, processing or transmitting credit carte data? (Select 3)

• Restrict access to cardholder data past business need-to-know
• Assign a unique ID to each person with figurer access
• Restrict physical access to cardholder information

Question 73)

Truthful or False. Communications of a data alienation should exist handled past a team composed of members of the IR team, legal personnel and public relations.

• True

Question 74)

A Coordinating incident response squad model is characterized by which of the following?

• Multiple incident response teams within an organization all of whom coordinate their activities only within their state or department

• Multiple incident response teams inside an organization merely 1 with authority to assure consequent policies and practices are followed across all teams

• This term refers to a structure that assures the incident response squad'south activities are coordinated with senior management and all advisable departments within and organisation

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

• Blue Red

• Cherry-red, Bluish

Question 76)

The partnership betwixt security analysts and engineering can be said to be grouped into three domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram prove?

<<Solution Architecture Data Flow.png>>

• Functional components and information flow

Question 78)

Port numbers 1024 through 49151 are known as what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Data Link

Question 80)

True or False. Internal attacks from trusted employees represents every bit as meaning a threat as external attacks from professional cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2022, what fraction of security tools are deployed with default settings and thus underperform expectations?

• eighty%

Question 82)

Which country had the highest boilerplate cost per breach in 2022 at $8.19M

• U.s.a.

Question 83)

Which 2 (2) of these Python libraries provides useful statistical functions? (Select 2)

• StatsModels

• Scikit-learn

Question 84)

What will print out when this cake of Python lawmaking is run?

i=one

#i=i+1

#i=i+ii

#i=i+3

print(i)

• 1

Question 85)

Which three (3) statements nigh Python variables are truthful? (Select iii)

• A variable name must start with a letter or the underscore "_" character
• Variables can modify type after they take been fix
• Variables practise non take to exist declared in advance of their utilise

Question 86)

PowerShell is a configuration management framework for which operating system?

• Windows

Question 87)

In digital forensics documenting the chain of custody of show is critical. Which of these should be included in your chain of custody log?

• All of the above

Question 88)

Forensic assay should always exist conducted on a copy of the original data. Which ii (2) types of copying are advisable for getting data from a laptop caused from a terminated employee, if yous suspect he has deleted incriminating files? (Select 2)

• An incremental backup

• A logical backup

Question 89)

Which of the following would exist considered an incident precursor?

• An alert from your antivirus software indicating information technology had detected malware on your system

• An announced threat against your organization by a hactivist group

Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task?

• Nmap

Question 91)

Which blazon of list is considered best for safe coding practice?

• Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should not heighten much of a security business concern?

• A recently hired data scientist in the Medical Analytics section has repeatedly attempted to access the corporate financial database

• An employee has started logging in from habitation for an hour or so during the last 2 weeks of each quarter

Question 93)

Information sources such as newspapers, books and spider web pages are considered which type of data?

• Unstructured data

• Semi-structured data

• Structured data

Question 94)

Which three (3) of these statements well-nigh the TCP protocol are True? (Select 3)

• TCP packets are reassembled by the receiving organization in the order in which they were sent

• TCP is more reliable than UDP

• TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the accost in a Class B network?

• two

Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this visitor need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• ane

Question 97)

Why is symmetric key encryption the nigh common pick of methods to encryptic data at rest?

• There are far more keys available for utilise

• It is much faster than disproportionate primal encryption

Question 98)

Which of the following statements about hashing is True?

• Hashing uses algorithms that are known every bit "ane-mode" functions

Question 99)

Why is hashing not a mutual method used for encrypting data?

• Hashing is a 1-way process so the original data cannot exist reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the post-obit?

• Confidentiality and Integrity

Question 101)

What is the master authentication protocol used past Microsoft in Active Directory?

• Kerberos

Question 102)

Granting access to a user account simply those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

Question 103)

What is the about common patch remediation frequency for most organizations?

• Monthly

• Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

• Supply Chain Infiltration
• Blocking admission to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security training for Information technology staff is what blazon of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even afterward it is successfully moved to the cloud?

• All of the above

Question 107)

Which form of Deject computing combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating arrangement interacts with your computer'due south hardware?

• The kernel

Question 109)

The encryption and protocols used to forbid unauthorized access to data are examples of which type of access control?

• Technical

Question 110)

In cybersecurity, Actuality is defined as what?

• The property of beingness genuine and verifiable

Question 111)

ITIL is best described equally what?

• A drove of IT Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer data systems?

• Information Security Auditor

Question 113)

A visitor wants to prevent employees from wasting fourth dimension on social media sites. To accomplish this, a certificate forbidding employ of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other pop sites. Which ii (2) types of security controls has the company only implemented? (Select two)

• Authoritative

• Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your organisation be called?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the respond the fills in the blanks in the correct social club.

A weakness in a arrangement is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

• vulnerability, threat, exploit

• threat, exposure, risk

• threat player, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they attain the host is a countermeasure to which form of set on?

• A Denial of Service (DoS) attack

Question 119)

Trudy intercepts a romantic manifestly-text bulletin from Alice to her boyfriend Sam. The bulletin upsets Trudy so she forwards information technology to Bob, making it look like Alice intended it for Bob from the starting time. Which aspect of the CIA Triad has Trudy violated ?

• All of the above

Question 120)

Which cistron contributes most to the strength of an encryption system?

• How many people have admission to your public fundamental

• The length of the encryption fundamental used

• The number of private keys used by the system

Question 121)

What is an advantage asymmetric cardinal encryption has over symmetric key encryption?

• Disproportionate keys tin can be exchanged more securely than symmetric keys

• Asymmetric key encryption is harder to break than symmetric key encryption

• Asymmetric key encryption is faster than symmetric central encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations estimator systems?

• A Penetration Tester

Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

• ISO27000 serial

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which type of access control is based upon the discipline's clearance level and the objects nomenclature?

• Hierarchical Admission Command (HAC)
• Discretionary Admission Control (DAC)
• Mandatory Admission Control (MAC)
• Role Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

• \Program Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

• Between the applications and the data sources
• On the deject's supervisory organization
• Betwixt the hardware and operating organization
• Between the operating organisation and applications

Question 128)

An identical email sent to millions of addresses at random would be classified equally which type of attack?

• A Shark attack

• A Phishing attack

Question 129)

Which statement about drivers running in Windows kernel mode is true?

• Only disquisitional processes are permitted to run in kernel mode since there is nothing to forbid a

Question 130)

Symmetric key encryption by itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to utilize dynamic mapping?

• The organization will demand as many registered IP addresses as it has computers that need Internet access

• Many registered IP addresses are mapped to a unmarried registered IP address using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses as they are needed

• The NAT router uses each estimator'south IP address for both internal and external communication

Question 132)

Which address type does a computer use to become a new IP address when information technology boots upwards?

• The network's DHCP server address

Question 133)

What is the principal difference between the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used only for IOT devices

• IPv6 allows for billions of times every bit many possible IP addresses

Question 134)

Which type of firewall understands which session a bundle belongs to and analyzes it accordingly?

• A Next Generation Firewall (NGFW)

Question 135)

An employee calls the It Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first thing yous should tell the employee to do?

• Run a Port scan

• Run an antivirus scan

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

• Attempting to penetrate a client'south systems as if she were an external hacker with no inside knowled

Question 137)

Which Mail service Incident activity would be concerned with maintaining the proper chain-of-custody?

• Lessons learned meeting
• Evidence retention
• Documentation review & update
• Utilizing collected information

Question 138)

In digital forensics, which three (3) steps are involved in the collection of information? (Select three)

• Develop a plan to larn the data

• Verify the integrity of the data

• Learn the data

Question 139)

Which three (three) of the following are considered scripting languages? (Select three)

• Perl

• Bash

• Python

Question 140)

What is the largest number that volition be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+1

• 9

Question 141)

Activities performed as a office of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (ii) of these are mail service-exploit activities? (Select 2)

• Gather full situational awareness through avant-garde security analytics

• Perform forensic investigation

Question 142)

There are many adept reasons for maintaining comprehensive backups of critical information. Which aspect of the CIA Triad is most impacted by an organization's backup practices?

• Availability

• Integrity

• Authority

Question 143)

Which phase of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

• Test

• Lawmaking & build

• Operate & monitor

• Plan

Question 144)

Which one of the OWASP Height x Application Security Risks would exist occur when there are no safeguards against a user beingness immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which ii (2) factors? (Select 2)

• Flows per infinitesimal (FPM)

• Events per second (EPS)

Question 146)

True or False. If you have no improve place to start hunting threats, start with a view of the global threat landscape and then drill downwardly to a regional view, industry view and finally a view of the threats specific to your own organization.

• True

Question 147)

True or False. Cloud-based storage or hosting providers are amidst the tiptop sources of tertiary-party breaches

• True

Question 148)

You are looking very hard on the web for the lowest mortgage involvement load yous can find and y'all come across a rate that is and then low it could non perhaps be true. Yous check out the site to encounter that the terms are and chop-chop notice you lot are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative articles that come up up in news feeds or Google searches are sometimes called "click-bait". These manufactures often tempt y'all to link to other sites that can be infected with malware. What assail vector is used by these click-bait sites to get y'all to go to the really bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the post-obit defines a security threat?

• Whatever potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a system will be exploited
• 1 example of a weakness being exploited
• A weakness in a organisation that could be exploited by a bad player

Question 151)

Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which blazon of attack?

• A mapping set on
• A denial of service (DoS) attack
• A phishing attack
• An IP spoofing assault

Question 152)

Alice sends a message to Bob that is intercepted past Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the bulletin without forwarding it
• Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
• Trudy changes the message and so forrad it on
• Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

• PCI-DSS
• ISO27000 series
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response organization (EDR) should have which three (3) of these capabilities? (Select 3)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at once
• Deploying devices with network configurations

Question 155)

Which statement most encryption is True about information in use.

• Data should always be kept encrypted since modern CPUs are fully capable of operating straight on encrypted information

• It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on

• Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the data being processed, and then dump logs are your only real business organization

• Data in active memory registers are not at risk of being stolen

Question 156)

For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

• This cannot be done The network administrator must cull to run a given network segment in either stateful or stateless mode, and then select the respective firewall blazon

• Install a single firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall but These avant-garde devices inspect everything a stateless firewall inspects in addition to state related factors

• You must install ii firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

• two
• one
• 4
• iii

Question 158)

If you have to rely upon metadata to work with the data at hand, you are probably working with which type of information?

• Meta-structured data
• Semi-structured information
• Structured data
• Unstructured data

Question 159)

Which two (2) forms of discovery must be conducted online? (Select ii)

• Port scanning
• Shoulder surfing
• Social engineering science
• Packet sniffing

Question 160)

Which Incident Response Team model describes a squad that runs all incident response activities for a company?

• Distributed
• Central
• Analogous
• Control

Question 161)

Which is the data protection process that prevents a suspicious data request from being completed?

• Data risk analysis
• Information nomenclature
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers fractional knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

• Red Box Testing
• Greyness Box Testing
• White Box testing
• Black Box Testing

Question 163)

Which type of awarding attack would include User denies performing an operation, attacker exploits an application without trace, and assaulter covers her tracks?

• Auditing and logging
• Authentication
• Authorization
• Input validation

Question 164)

True or Faux. Thorough reconnaissance is an important step in developing an effective cyber kill chain.

• True
• False

Question 165)

Truthful or Fake. Ane of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

• True
• False

Question 166)

True or False. A large company has a data breach involving the theft of employee personnel records merely no customer information of whatever kind. Since no external data was involved, the company does not have to report the breach to constabulary enforcement.

• Truthful
• False

Question 167)

You are the CEO of a large tech company and have just received an angry electronic mail that looks like information technology came from ane of your biggest customers. The email says your visitor is overbilling the client and asks that you examine the fastened invoice. You lot exercise but discover it bare, so yous reply politely to the sender asking for more than details. You never hear back, merely a calendar week later your security team tells yous that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?

• As a phishing attack
• As a whale attack
• A shark attack
• A fly phishing set on

Question 168)

Which of these statements almost the PCI-DSS requirements for any company treatment, processing or transmitting credit card information is true?

• Muti-factor hallmark is required for all new card holders
• Some form of mobile device management (MDM) must be used on all mobile credit card processing devices
• All employees with straight access to cardholder data must exist bonded
• Cardholder data must be encrypted if information technology is sent across open or public networks

Which Incident Response Squad model describes a team that acts equally consulting experts to suggest local IR teams?

• Command
• Analogous
• Distributed
• O Primal

In a Linux file system, which files are contained in the \bin folder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such as fstab and inittab
• Directories such as /home and /usr

If a computer needs to send a message to a system that is not part of the local network, where does it send the message?

• To the system's domain name
• To the organisation'southward IP accost
• The network's DNS server accost
• To the system'south MAC address
• The network's default gateway accost
• The network'due south DHCP server accost

Which three (3) of these statements about the TCP protocol are True? (Select 3)

• TCP is faster than UDP
• TCP is connectedness-oriented
• TCP packets are reassembled past the receiving organization in the order in which they were sent
• TCP is more than reliable than UDP

A professor is not allowed to change a educatee's final form after she submits it without completing a special form to explicate the circumstances that necessitated the alter. This boosted pace supports which aspect of the CIA Triad?

• Potency
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security hazard?

• An instance of beingness exposed to losses
• Any potential danger that is associated with the exploitation of a vulnerability
• A weakness in a arrangement
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a apparently text message sent past Alice to Bob, just in no way interferes with its delivery. Which aspect of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the above

What is an advantage symmetric key encryption has over asymmetric key encryption?

• Symmetric cardinal encryption provides amend security against Homo-in-the-eye attacks than is possible with asymmetric key encryption
• Symmetric fundamental encryption is faster than asymmetric cardinal encryption
• Symmetric keys can be exchanged more securely than asymmetric keys
• Symmetric central encryption is harder to break than asymmetric key encryption

Which type of application assault would include network eavesdropping, lexicon attacks and cookie replays?

• Configuration management
• Authentication
• Authorization
• Exception direction

Why should you ever look for common patterns before starting a new security architecture design?

• They can help place best practices
• They can shorten the evolution lifecycle
• Some document complete tested solutions
• All of the above

Terminal Update: 09/12/2021

Warning: Jo Reply Green hai wo correct hai only

Jo Green Nahi hai. Usme se jo ek wrong pick tha usko hata diya hai

PLEASE Look I Will Add More NEW QUETIONS..

Also if y'all have Questions with correct answer  Send me on my E-mail i will update on my weblog..

niyander111@gmail.com

Thank you...

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Posted by: eppsreck1993.blogspot.com

Share this post