IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers

IBM Cybersecurity Analyst Professional Certificate Assessment Exam Answers


IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers


Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai


Question 1)

Implementing a Security Awareness training program would be an example of which type of control?

  • Administrative control


Question 2)

Putting locks on a door is an example of which type of control?

  • Preventative


Question 3)

How would you classify a piece of malicious code that can replicate itself and spread to new systems?

  • A worm


Question 4)

To engage in packet sniffing, you must implement promiscuous mode on which device ?

  • A network card
  • An Intrusion Detection System (IDS)
  • A sniffing router


Question 5)

Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability.

  • Hashing


Question 6)

An organization wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

  • Physical
  • Administrative


Question 7)

Which two factors contribute to cryptographic strength? (Select 2)

  • The use of cyphers that are based on complex mathematical algorithms
  • The use of cyphers that have undergone public scrutiny


Question 8)

Trying to break an encryption key by trying every possible combination of characters is called what?

  • A brute force attack


Question 9)

Which of the following describes the core goals of IT security?

  • The Open Web Application Security Project (OWASP) Framework
  • The Business Process Management Framework
  • The CIA Triad


Question 10)

Which three (3) roles are typically found in an Information Security organization? (Select 3)

  • Vulnerability Assessor
  • Chief Information Security Officer (CISO)
  • Penetration Tester



Question 11)

Problem Management, Change Management, and Incident Management are all key processes of which framework?

  • ITIL


Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

  • Trudy changes the message and then forwards it on
  • Trudy deletes the message without forwarding it
  • Trudy reads the message
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form


Question 13)

In cybersecurity, Accountability is defined as what?

  • Being able to map an action to an identity



Question 14)

Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are authentication methods? (Select 3)

  • Something a person is
  • Something a person has
  • Something a person knows



Question 15)

Which three (3) of the following are Physical Access Controls? (Select 3)

  • Door locks
  • Security guards
  • Fences



Question 16)

If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you select? (Select 2)

  • NTFS
  • FAT32


Question 17)

Which three (3) permissions can be set on a file in Linux? (Select 3)

  • write
  • execute
  • read


Question 18)

If cost is the primary concern, which type of cloud should be considered first?

  • Public cloud


Question 19)

Consolidating and virtualizing workloads should be done when?

  • Before moving the workloads to the cloud


Question 20)

Which of the following is a self-regulating standard set up by the credit card industry in the US?

  • PCI-DSS



Question 21)
Which two (2) of the following attack types target endpoints?
  • Ad Network
  • Spear Phishing


Question 22)
If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically?
  • The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch



Question 23)
Granting access to a user based upon how high up he is in an organization violates what basic security premise?
  • The principle of least privileges


Question 24)
The Windows Security App available in Windows 10 provides uses with which of the following protections?
  • Firewall and network protection
  • Family options (parental controls)
  • Virus and threat protection
  • All of the above


Question 25)
Hashing ensures which of the following?
  • Integrity


Question 26)
Which of the following practices helps assure the best results when implementing encryption?
  • Choose a reliable and proven published algorithm
  • Develop a unique cryptographic algorithm for your organization and keep them secret


Question 27)
Which of these methods ensures the authentication, non-repudiation and integrity of a digital communication?
  • Use of digital signatures


Question 28)
Which of the following practices will help assure the confidentiality of data in transit?
  • Disable certificate pinning
  • Accept self-signed certificates
  • Implement HTTP Strict Transport Protocol (HSTS)


Question 29)
Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

  • Allows static 1-to-1 mapping of local IP addresses to global IP addresses
  • Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
  • Allows internal IP addresses to be hidden from outside observers


Question 30)
Which statement best describes configuring a NAT router to use static mapping?
  • The organization will need as many registered IP addresses as it has computers that need Internet access




Question 31)
If a computer needs to send a message to a system that is part of the local network, where does it send the message?
  • To the system's MAC address



Question 32)
Which are properties of a highly available system?
  • Redundancy, failover and monitoring


Question 33)
Which three (3) of these statements about the UDP protocol are True? (Select 3)

  • UDP is faster than TCP
  • UDP packets are reassembled by the receiving system in whatever order they are received
  • UDP is connectionless
  • UDP is more reliable than TCP


Question 34)
What is one difference between a Stateful Firewall and a Next Generation Firewall?

  • A NGFW understand which application sent a given packet


Question 35)
You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?
  • SaaS


Question 36)

Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX USA. Which two (2) of these activities raise the most cause for concern? (Select 2)

  • Each night Hassan logs into his account from an ISP in China
  • One evening, Hassan downloads all of the files associated with the new product he is working on


Question 37)

Which three (3) of the following are considered safe coding practices? (Select 3)

  • Use library functions in place of OS commands
  • Avoid using OS commands whenever possible
  • Avoid running commands through a shell interpreter



Question 38)

Which three (3) items should be included in the Planning step of a penetration test? (Select 3)

  • Informing Need-to-know employees
  • Establishing Boundaries
  • Setting Objectives


Question 39)

Which portion of the pentest report would cover the risk ranking, recommendations and roadmap?

  • Executive Summary



Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

  • Incident Post-Analysis Resources
  • Incident Analysis Hardware and Software



Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

  • Recovery



Question 42)

True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.

  • True
  • False



Question 43)

Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3)

  • Selecting the right tools to help filter and exclude irrelevant data
  • Finding the relevant files among the hundreds of thousands found on most hard drives
  • Bypassing controls such as passwords



Question 44)

What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

  • Loops


Question 45)

Which two (2) statements about Python are true? (Select 2)

  • Python code is considered easy to debug compared with other popular programming languages
  • Python code is considered very readable by novice programmers



Question 46)

In the Python statement

pi="3"

What data type is the data type of the variable pi?

  • str



Question 47)

What will be printed by the following block of Python code?


def Add5(in)

 out=in+5

 return out

 print(Add5(10))


  • 15


Question 48)

Which threat intelligence framework was developed by the US Government to enable consistent characterization and categorization of cyberthreat events?

  • Cyber Threat Framework



Question 49)

True or False. An organization's security immune system should be integrated with outside organizations, including vendors and other third-parties. 

  • True



Question 50)

Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

  • Vulnerability assessment
  • Real-time alerting
  • Tokenization




Question 51)
True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, but not directly.

  • True
  • False


Question 52)
All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data?
  • Retail


Question 53)
True or False. WireShark has an impressive array of features and is distributed free of charge.
  • True


Question 54)
In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?
  • Base-Exploitability Subscore



Question 55)
The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
  • IAM controls to regulate authorization


Question 56)
You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What have you just determined?
  • A risk


Question 57)
Which one of the OWASP Top 10 Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

  • Sensitive data exposure


Question 58)
Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)
  • Virus Protection
  • Application Firewall
  • Spam Filter


Question 59)
A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

  • Artificial intelligence


Question 60)
The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?
  • Technology



Question 61)
Which of these is a good definition for cyber threat hunting?
  • The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain




Question 62)
There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

  • Threat Discovery

.
Question 63)
Which three (3) soft skills are important to have in an organization's incident response team? (Select 3)

  • Communication
  • Teamwork
  • Problem solving and Critical thinking


Question 64)
Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

  • Detection & Analysis


Question 65)
Which three (3) of these statistics about phishing attacks are real? (Select 3)

  • Around 15 million new phishing sites are created each month
  • Phishing accounts for nearly 20% of data breaches
  • 30% of phishing messages are opened by their targeted users



Question 66)
Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy


Question 67)
Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)

  • Alina
  • BlackPOS
  • vSkimmer



Question 68)
According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?
  • 52%



Question 69)
You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?

  • Remote Desktop Protocol (RDP)



Question 70)
What is an effective fully automated way to prevent malware from entering your system as an email attachment?
  • Anti-virus software





 Question 71)

True or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family.

  • False


Question 72)

Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)


  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data



Question 73)

True or False. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.

  • True



Question 74)

A Coordinating incident response team model is characterized by which of the following?

  • Multiple incident response teams within an organization all of whom coordinate their activities only within their country or department
  • Multiple incident response teams within an organization but one with authority to assure consistent policies and practices are followed across all teams
  • This term refers to a structure that assures the incident response team’s activities are coordinated with senior management and all appropriate departments within and organization



Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.


  • Blue Red
  • Red, Blue



Question 76)

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

  • Abstraction
  • Dilemmas
  • Morals


Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram show?

<<Solution Architecture Data Flow.png>>

  • Functional components and data flow



Question 78)

Port numbers 1024 through 49151 are known as what?

  • Registered Ports



Question 79)

Which layer of the OSI model to packet sniffers operate on?

  • Data Link



Question 80)

True or False. Internal attacks from trusted employees represents every bit as significant a threat as external attacks from professional cyber criminals.


  • True



Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?


  • 80%



Question 82)

Which country had the highest average cost per breach in 2018 at $8.19M

  • United States



Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

  • StatsModels
  • Scikit-learn



Question 84)

What will print out when this block of Python code is run?


i=1

#i=i+1

#i=i+2

#i=i+3

print(i)


  • 1



Question 85)

Which three (3) statements about Python variables are true? (Select 3)

  • A variable name must start with a letter or the underscore "_" character
  • Variables can change type after they have been set
  • Variables do not have to be declared in advance of their use



Question 86)

PowerShell is a configuration management framework for which operating system?

  • Windows



Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

  • All of the above



Question 88)

Forensic analysis should always be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2)

  • An incremental backup
  • A logical backup



Question 89)

Which of the following would be considered an incident precursor?

  • An alert from your antivirus software indicating it had detected malware on your system
  • An announced threat against your organization by a hactivist group




Question 90)

If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task?

  • Nmap



Question 91)

Which type of list is considered best for safe coding practice?

  • Whitelist



Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should not raise much of a security concern?


  • A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database
  • An employee has started logging in from home for an hour or so during the last 2 weeks of each quarter



Question 93)

Data sources such as newspapers, books and web pages are considered which type of data?

  • Unstructured data
  • Semi-structured data
  • Structured data



Question 94)

Which three (3) of these statements about the TCP protocol are True? (Select 3)


  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP
  • TCP is connection-oriented




Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?


  • 2



Question 96)

A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this company need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

  • 1



Question 97)

Why is symmetric key encryption the most common choice of methods to encryptic data at rest?

  • There are far more keys available for use
  • It is much faster than asymmetric key encryption



Question 98)

Which of the following statements about hashing is True?

  • Hashing uses algorithms that are known as “one-way” functions



Question 99)

Why is hashing not a common method used for encrypting data?

  • Hashing is a one-way process so the original data cannot be reconstructed from a hash value



Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

  • Confidentiality and Integrity



Question 101)

What is the primary authentication protocol used by Microsoft in Active Directory?

  • Kerberos



Question 102)

Granting access to a user account only those privileges necessary to perform its intended functions is known as what?

  • The principle of least privileges



Question 103)

What is the most common patch remediation frequency for most organizations?

  • Monthly
  • Annually



Question 104)

Island hopping is an attack method commonly used in which scenario?

  • Supply Chain Infiltration
  • Blocking access to a website for all users
  • Compromising a corporate VIP
  • Trojan Horse attacks



Question 105)

Security training for IT staff is what type of control?

  • Virtual
  • Operational
  • Physical



Question 106)

Which security concerns follow your workload even after it is successfully moved to the cloud?

  • All of the above



Question 107)

Which form of Cloud computing combines both public and private clouds?

  • Hybrid cloud



Question 108)

Which component of the Linux operating system interacts with your computer's hardware?

  • The shell
  • The hardware abstraction layer (HAL)   --- use this if The Kernel was wrong
  • The Hardware Interface Driver (HID)
  • The kernel


Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

  • Technical



Question 110)

In cybersecurity, Authenticity is defined as what?

  • The property of being genuine and verifiable



Question 111)

ITIL is best described as what?

  • A collection of IT Service Management best practices




Question 112)

Which position is in charge of testing the security and effectiveness of computer information systems?

  • Information Security Auditor



Question 113)

A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented? (Select 2)


  • Administrative
  • Technical



Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity



Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your system be called?

  • Spyware



Question 116)

Fancy Bears and Anonymous are examples of what?

  • Hacking organizations



Question 117)

Select the answer the fills in the blanks in the correct order.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor. 

  • vulnerability, threat, exploit
  • threat, exposure, risk
  • threat actor, vulnerability, exposure



Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

  • A Denial of Service (DoS) attack



Question 119)

Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

  • All of the above



Question 120)

Which factor contributes most to the strength of an encryption system?

  • How many people have access to your public key
  • The length of the encryption key used
  • The number of private keys used by the system




Question 121)

What is an advantage asymmetric key encryption has over symmetric key encryption?


  • Asymmetric keys can be exchanged more securely than symmetric keys
  • Asymmetric key encryption is harder to break than symmetric key encryption
  • Asymmetric key encryption is faster than symmetric key encryption



Question 122)

Which position is responsible for the "ethical hacking" of an organizations computer systems?

  • A Penetration Tester



Question 123)

Which three (3) are considered best practices, baselines or frameworks? (Select 3)

  • ISO27000 series
  • ITIL
  • COBIT



Question 124)

What does the "A" in the CIA Triad stand for?

  • Availability



Question 125)

Which type of access control is based upon the subject's clearance level and the objects classification?

  • Hierarchical Access Control (HAC)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Access Control (RBAC)



Question 126)

Windows 10 stores 64-bit applications in which directory?

  • \Program Files




Question 127)

To build a virtual computing environment, where is the hypervisor installed?

  • Between the applications and the data sources
  • On the cloud's supervisory system
  • Between the hardware and operating system
  • Between the operating system and applications



Question 128)

An identical email sent to millions of addresses at random would be classified as which type of attack?


  • A Shark attack
  • A Phishing attack



Question 129)

Which statement about drivers running in Windows kernel mode is true?

  • Only critical processes are permitted to run in kernel mode since there is nothing to prevent a 



Question 130)

Symmetric key encryption by itself ensures which of the following?

  • Confidentiality and Integrity
  • Confidentiality only
  • Confidentiality and Availability




Question 131)

Which statement best describes configuring a NAT router to use dynamic mapping?

  • The organization will need as many registered IP addresses as it has computers that need Internet access
  • Many registered IP addresses are mapped to a single registered IP address using different port numbers
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer's IP address for both internal and external communication



Question 132)

Which address type does a computer use to get a new IP address when it boots up?

  • The network's DHCP server address



Question 133)

What is the primary difference between the IPv4 and IPv6 addressing schema?

  • IPv6 is significantly faster than IPv4
  • IPv6 is used only for IOT devices
  • IPv6 allows for billions of times as many possible IP addresses



Question 134)

Which type of firewall understands which session a packet belongs to and analyzes it accordingly?

  • A Next Generation Firewall (NGFW)



Question 135)

An employee calls the IT Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first thing you should tell the employee to do?


  • Run a Port scan
  • Run an antivirus scan



Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

  • Attempting to penetrate a client's systems as if she were an external hacker with no inside knowled



Question 137)

Which Post Incident activity would be concerned with maintaining the proper chain-of-custody?

  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data



Question 138)

In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)

  • Develop a plan to acquire the data
  • Verify the integrity of the data
  • Acquire the data



Question 139)

Which three (3) of the following are considered scripting languages? (Select 3)

  • Perl
  • Bash
  • Python



Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)


 i=i+1


  • 9



Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)


  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation



Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an organization's backup practices?

  • Availability
  • Integrity
  • Authorization



Question 143)

Which phase of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?


  • Test
  • Code & build
  • Operate & monitor
  • Plan



Question 144)

Which one of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting



Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

  • Flows per minute (FPM)
  • Events per second (EPS)



Question 146)

True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

  • True



Question 147)

True or False. Cloud-based storage or hosting providers are among the top sources of third-party breaches

  • True



Question 148)

You are looking very hard on the web for the lowest mortgage interest load you can find and you come across a rate that is so low it could not possibly be true. You check out the site to see that the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

  • Phishing
  • Malicious Links
  • Software Vulnerabilities



Question 149)

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?

  • Malicious Links



More New Questions



Question 150)
Which of the following defines a security threat?

  • Any potential danger capable of exploiting a weakness in a system
  • The likelihood that the weakness in a system will be exploited
  • One instance of a weakness being exploited
  • A weakness in a system that could be exploited by a bad actor


Question 151)
Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?

  • A mapping attack
  • A denial of service (DoS) attack
  • A phishing attack
  • An IP spoofing attack


Question 152)
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

  • Trudy deletes the message without forwarding it
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
  • Trudy changes the message and then forwards it on
  • Trudy reads the message


Question 153)
Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

  • PCI-DSS
  • ISO27000 series
  • HIPAA
  • GDPR
  • NIST 800-53A


Question 154)
A good Endpoint Detection and Response system (EDR) should have which three (3) of these capabilities? (Select 3)

  • Automatically quarantine noncompliant endpoints
  • Manage encryption keys for each endpoint
  • Manage thousands of devices at once
  • Deploying devices with network configurations



Question 155)
Which statement about encryption is True about data in use.

  • Data should always be kept encrypted since modern CPUs are fully capable of operating directly on encrypted data
  • It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on
  • Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the data being processed, so dump logs are your only real concern
  • Data in active memory registers are not at risk of being stolen



Question 156)
For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

  • This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless mode, and then select the corresponding firewall type
  • Install a single firewall that is capable of conducting both stateless and stateful inspections
  • Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state related factors
  • You must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall



Question 157)
In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

  • 2
  • 4
  • 3



Question 158)
If you have to rely upon metadata to work with the data at hand, you are probably working with which type of data?

  • Meta-structured data
  • Semi-structured data
  • Structured data
  • Unstructured data


Question 159)
Which two (2) forms of discovery must be conducted online? (Select 2)

  • Port scanning
  • Shoulder surfing
  • Social engineering
  • Packet sniffing



Question 160)
Which Incident Response Team model describes a team that runs all incident response activities for a company?

  • Distributed
  • Central
  • Coordinating
  • Control



Question 161)
Which is the data protection process that prevents a suspicious data request from being completed?

  • Data risk analysis
  • Data classification
  • Data discovery
  • Blocking, masking and quarantining


Question 162)
Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

  • Red Box Testing
  • Gray Box Testing
  • White Box testing
  • Black Box Testing


Question 163)
Which type of application attack would include User denies performing an operation, attacker exploits an application without trace, and attacker covers her tracks?

  • Auditing and logging
  • Authentication
  • Authorization
  • Input validation


Question 164)
True or False. Thorough reconnaissance is an important step in developing an effective cyber kill chain.

  • True
  • False


Question 165)
True or False. One of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

  • True
  • False



Question 166)
True or False. A large company has a data breach involving the theft of employee personnel records but no customer data of any kind. Since no external data was involved, the company does not have to report the breach to law enforcement.

  • True
  • False



Question 167)
You are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?

  • As a phishing attack
  • As a whale attack
  • A shark attack
  • A fly phishing attack



Question 168)
Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit card data is true?

  • Muti-factor authentication is required for all new card holders
  • Some form of mobile device management (MDM) must be used on all mobile credit card processing devices
  • All employees with direct access to cardholder data must be bonded
  • Cardholder data must be encrypted if it is sent across open or public networks




Question 169)
Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?
  • Control
  • Coordinating
  • Distributed
  • O Central



Question 170)
In a Linux file system, which files are contained in the \bin folder?
  • All user binary files, their libraries and headers
  • Executable files such as grep and ping
  • Configuration files such as fstab and inittab
  • Directories such as /home and /usr


Question 171)
If a computer needs to send a message to a system that is not part of the local network, where does it send the message?
  • To the system's domain name
  • To the system's IP address
  • The network's DNS server address
  • To the system's MAC address
  • The network's default gateway address
  • The network's DHCP server address



Question 172)
Which three (3) of these statements about the TCP protocol are True? (Select 3)
  • TCP is faster than UDP
  • TCP is connection-oriented
  • TCP packets are reassembled by the receiving system in the order in which they were sent
  • TCP is more reliable than UDP



Question 172)
A professor is not allowed to change a student's final grade after she submits it without completing a special form to explain the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?
  • Authorization
  • Integrity
  • Confidentiality
  • Availability



Question 173)
Which of these is the best definition of a security risk?
  • An instance of being exposed to losses
  • Any potential danger that is associated with the exploitation of a vulnerability
  • A weakness in a system
  • The likelihood of a threat source exploiting a vulnerability



Question 174)
Trudy intercepts a plain text message sent by Alice to Bob, but in no way interferes with its delivery. Which aspect of the CIA Triad was violated?
  • Confidentiality
  • Integrity
  • Availability
  • All of the above



Question 175)
What is an advantage symmetric key encryption has over asymmetric key encryption?
  • Symmetric key encryption provides better security against Man-in-the-middle attacks than is possible with asymmetric key encryption
  • Symmetric key encryption is faster than asymmetric key encryption
  • Symmetric keys can be exchanged more securely than asymmetric keys
  • Symmetric key encryption is harder to break than asymmetric key encryption



Question 176)
Which type of application attack would include network eavesdropping, dictionary attacks and cookie replays?
  • Configuration management
  • Authentication
  • Authorization
  • Exception management



Question 177)
Why should you always look for common patterns before starting a new security architecture design?
  • They can help identify best practices
  • They can shorten the development lifecycle
  • Some document complete tested solutions
  • All of the above


Question 178)
A penetration tester that gains access to a system without permission and then exploits it for personal gain is said to wear what color hat?

  • Black


Question 179)
Ali must grant access to any individual or group he wants to allow access to the files he owns. Which access control type is in use in Ali's organization?

  • Mandatory Access Control (MAC)
  • Hierarchical Access Control (HAC)
  • Role Based Access Control (RBAC)
  • Discretionary Access Control (DAC)


Question 180)
Which statement is True of Hash functions?
  • Hashing is a reliable way to assure the integrity of a message


Question 181)
Signature-based detection and statistical anomaly detection are found on what type of device?
  • An Intrusion Prevention System (IPS)


Question 182)
Poor user input sanitation and unsafe execution of OS commands leaves a system vulnerable to which form of attack?
  • OS Command Injection


Question 185)
According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?

  • Tactical



Question 186)
True or False.WireShark has an impressive array of features and is distributed free of charge.

  • True
  • False

Question 187)
What organization managers the assignment and registration of port numbers?
  • Internet Assigned Numbers Authority (IANA)


Question 188)
What do QRadar flow collectors do with the flows they collect?
  • They convert the flow data to a standard QRadar flow format and forward it to the centralized flow processor


Question 189)
According to the IRIS Framework, during which stage of an attack would the attacker attempt to escalate their privileges, move laterally and conduct internal reconnaissance?

  • Continue the attack, expand network access



Question 190)
According to a 2018 Ponemon study third party risk management, which three (3) of these were identified as best practices? (Select 3)

  • An inventory of all third parties with whom you share information
  • Frequent review of third-party management policies and programs
  • Evaluation of the security and privacy practices of all third parties


Question 191)
Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit.

  • To make the end-to-end transaction very difficult to follow


Question 192)
Which of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

  • Cross-site scripting


Question 193)
Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)


  • Failure to move beyond compliance
  • Failure to define who owns responsibility for the data itself
  • Failure to recognize the need for centralized data security
  • Failure to hire an adequately skilled workforce


Question 194)
Which of these devices collects the most information on network activity?

  • Packet sniffers
  • Intrusion detection systems
  • Firewalls
  • System Event Management systems


Question 195)
A Vulnerability Assessment should be conducted during which phase of the Discover - Harden - Monitor & Protect - Repeat cycle?

  • Identification & Baseline
  • Raise the Bar
  • Real-Time Monitor & Protection
  • Repeat


Question 196)
Requiring all employees to complete annual security awareness training is an example of which type of control?
  • Corrective
  • Administrative 
  • Preventative
  • Deterrent


Question 197)
Which statement best describes configuring a NAT router to use overload mapping?

  • The organization will need as many registered IP addresses as it has computers that need Internet access
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed
  • The NAT router uses each computer's IP address for both internal and external communication
  • Many unregistered IP addresses are mapped to a single registered IP address using different port number


Question 198)
Which type of threat is a social engineering attack?
  • System based
  • Internal
  • App-based
  • External


Question 199)
Which layer of the OSI model do packet sniffers operate on?

  • Data Link


Question 200)
You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront, which will result in $10M in losses to your company. What have you just determined?

  • A risk


Question 201)
For a SIEM, what is a record of network activity between two hosts for the duration of a session called?

  • Flows


Question 202)
Which position conducts information security investigations for organizations to identify threats that could compromise the organization?
  • Information Security Analyst


Question 203)
Security standards do not have the force of law, but security regulations do. Which one of these is a security regulation?
  • Sarbanes-Oxley Act (SOX)



Question 204)
You are looking very hard on the web for the lowest mortgage interest load you can find and you come across a rate that is so low it could not possibly be true. You check out the site to see what the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

  • Malicious Links


Question 205)
An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of CIA Triad.
  • Confidentiality and integrity


Question 205)
Which 3 of the following are key ITIL processes.
  • Problem Management
  • Incident Management
  • Change Management



Question 206)
A windows 10 user has 10 files exactly the same name. Which statement must be true for these files.
  • The Files must be in different directories


Question 207)
What scripting concept is widely used across different languages that checks if a condition is true, and if so, takes action, and if false, a different action.
  • if-then


Question 208)
Which 2 of these python libraries provides useful statistical functions.
  • Number
  • Matplotlib


Question 209)
Your bank just implemented 2-factor authentication. Before you can access your account. Which two (2) pairs of factors would satisfy the "2-factor" criteria? (Select 2)
  • Your password and fingerprint scan
  • Your bank's ATM card and a PIN number







Last Update: 03/ 09/ 2024  

Warning: Jo Answer Green hai wo correct hai but

Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai






PLEASE WAIT I WILL ADD MORE NEW QUETIONS..


Also if you have Questions with  correct answer Send me on my Email i will update on my blog..

niyander111@gmail.com

Thank you...



Post a Comment

50 Comments

  1. Some of the answers are not marked with green colour and some of them have more than two answers.

    ReplyDelete
    Replies
    1. jo green hai wo correct hai ,or jo green nahi hai usme me wrong hata diya hai...

      Delete
  2. so the answers not marked with green are incorrect

    ReplyDelete
  3. Let me clear everything.

    Jo Green hai wo Sahi hai..

    but

    Jo Green Nahi hai. Usme se jo ek wrong selection tha usko hata diya hai

    So ab Questions ko match karo or jo is blog me options milte hai unme se select karo 80 to 90% chances hai jo maine galat kiye the wo tumare sahi ho jaye..

    All the Best..

    ReplyDelete
    Replies
    1. Please try and always reply in English, so that we can also benefit from the answer you are giving back. Thanks for the good work.

      Delete
  4. Niyander bhai jaan, i am trying to pass final assessment exam, can you please specifically go according to latest Questions they have? i checked youtube videos and those people asking money to provide PDF copy.

    ReplyDelete
    Replies
    1. i am trying bro.. but i can not get new questions... or bro please don't buy any pdf from YouTube or internet.. if you get new questions with answer ones you attempt a quiz please send me.. i will update on our blog..

      Delete
    2. hi bro,you have IBM Cybersecurity Analyst Professional Certificate Assessment Exam answers ?

      Delete
  5. IBM Cybersecurity Analyst Practice Quiz answers available?

    ReplyDelete
  6. It's totally fantastic keep it up 😊

    ReplyDelete
  7. Keep it up bro you are amazing 🥲

    ReplyDelete
  8. thank you so much for supportive answers

    ReplyDelete
  9. You are awesome bro.. your post help me to clear cybersecurity final exam.. thanks a lot..

    ReplyDelete
  10. You are Awesome bro , thanks for Sharing this article..

    ReplyDelete
    Replies
    1. hi bro,you have IBM Cybersecurity Analyst Professional Certificate Assessment Exam answers ?

      Delete
  11. Dear

    Go to this link : https://bit.ly/3FzuEIj

    i Provide all the answers of IBM Cybersecurity Analyst Professional Certificate Assessment Exam in this post

    ReplyDelete
  12. What is the most common patch remediation frequency for most organizations?

    True Ans: Monthly

    ReplyDelete
  13. Granting access to a user account only those privileges necessary to perform its intended functions is known as what?


    Ans: The principle of least privileges

    ReplyDelete
  14. The Windows Security App available in Windows 10 provides uses with which of the following protections?

    Virus and threat protection

    Firewall and network protection

    Family options (parental controls)

    All of the above <-- The Correct Answer

    ReplyDelete
  15. Which of the following practices helps assure the best results when implementing encryption?

    Ans: Choose a reliable and proven published algorithm

    ReplyDelete
  16. Why is symmetric key encryption the most common choice of methods to encryptic data at rest?

    Ans: It is much faster than asymmetric key encryption

    ReplyDelete
  17. A Vulnerability Assessment should be conducted during which phase of the Discover - Harden - Monitor & Protect - Repeat cycle?


    1 point

    Identification & Baseline <-- correct



    Raise the Bar



    Real-Time Monitor & Protection



    Repeat

    ReplyDelete
  18. An employee calls the IT Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first thing you should tell the employee to do?


    Ans: Run an antivirus scan


    ReplyDelete
  19. Which of these devices collects the most information on network activity?



    Packet sniffers <<< correct



    Intrusion detection systems



    Firewalls



    System Event Management systems

    ReplyDelete
  20. In the Python statement

    pi="3"

    What data type is the data type of the variable pi?


    Ans: str

    ReplyDelete
  21. A professor is not allowed to change a student's final grade after she submits it without completing a special form to explain the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?

    Ans: Integrity

    ReplyDelete
  22. Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)


    Failure to move beyond compliance <<< yes

    Failure to define who owns responsibility for the data itself <<< yes

    Failure to recognize the need for centralized data security <<< yes

    Failure to hire an adequately skilled workforce

    ReplyDelete
  23. Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?


    Ans: Gray Box

    ReplyDelete
  24. Which of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.


    Cross-site scripting

    ReplyDelete
  25. The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.


    Ans: Red, Blue

    ReplyDelete
  26. According to the IRIS Framework, during which stage of an attack would the attacker attempt to escalate their privileges, move laterally and conduct internal reconnaissance?


    Continue the attack, expand network access

    ReplyDelete
  27. You are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?


    a whale attack

    ReplyDelete
  28. Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit.

    Ans: To make the end-to-end transaction very difficult to follow


    ReplyDelete
  29. Thanks for sharing this article.. you save my time

    ReplyDelete
  30. Which phase of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

    Ans: Test

    ReplyDelete
  31. Question 2
    Requiring all employees to complete annual security awareness training is an example of which type of control?

    Corrective
    Administrative - Answer
    Preventative
    Deterrent

    Question 30
    Which statement best describes configuring a NAT router to use overload mapping?

    The organization will need as many registered IP addresses as it has computers that need Internet access - Incorrect

    Unregistered IP addresses are mapped to registered IP addresses as they are needed

    The NAT router uses each computer's IP address for both internal and external communication

    Many unregistered IP addresses are mapped to a single registered IP address using different port number

    Question 33
    Which three (3) of these statements about the UDP protocol are True? (Select 3)

    UDP is more reliable than TCP - Incorrect

    UDP is faster than TCP - Answer

    UDP packets are reassembled by the receiving system in whatever order they are received - Answer

    UDP is connectionless - Answer

    48. According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?

    Control - Incorrect

    Question 51
    Which type of threat is a social engineering attack?

    System based
    Internal
    App-based - Answer
    External

    Question 53
    Which layer of the OSI model do packet sniffers operate on?

    Data Link - Answer

    Question 56
    You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront, which will result in $10M in losses to your company. What have you just determined?

    A risk - Answer

    Question 59
    For a SIEM, what is a record of network activity between two hosts for the duration of a session called?

    Flows - Answer

    ReplyDelete
  32. Question 2
    Requiring all employees to complete annual security awareness training is an example of which type of control?

    Corrective
    Administrative - Answer
    Preventative
    Deterrent

    Question 30
    Which statement best describes configuring a NAT router to use overload mapping?

    The organization will need as many registered IP addresses as it has computers that need Internet access - Incorrect

    Unregistered IP addresses are mapped to registered IP addresses as they are needed

    The NAT router uses each computer's IP address for both internal and external communication

    Many unregistered IP addresses are mapped to a single registered IP address using different port number

    Question 33
    Which three (3) of these statements about the UDP protocol are True? (Select 3)

    UDP is more reliable than TCP - Incorrect

    UDP is faster than TCP - Answer

    UDP packets are reassembled by the receiving system in whatever order they are received - Answer

    UDP is connectionless - Answer

    48. According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?

    Control - Incorrect

    Question 51
    Which type of threat is a social engineering attack?

    System based
    Internal
    App-based - Answer
    External

    Question 53
    Which layer of the OSI model do packet sniffers operate on?

    Data Link - Answer

    Question 56
    You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront, which will result in $10M in losses to your company. What have you just determined?

    A risk - Answer

    Question 59
    For a SIEM, what is a record of network activity between two hosts for the duration of a session called?

    Flows - Answer

    ReplyDelete
  33. ---------------------------------------------------
    Which position conducts information security investigations for organizations to identify threats that could compromise the organization?

    Information Security Analyst
    ---------------------------------------------------
    In a Linux file system, which files are contained in the \bin folder?

    Executable files such as grep and ping
    ---------------------------------------------------
    Security standards do not have the force of law, but security regulations do. Which one of these is a security regulation?

    Sarbanes-Oxley Act (SOX)
    ---------------------------------------------------
    ---------------------------------------------------
    Which of the following describes the core goals of IT security?

    The CIA Triad
    ---------------------------------------------------
    Island hopping is an attack method commonly used in which scenario?

    Supply Chain Infiltration
    ---------------------------------------------------
    What is the primary difference between the IPv4 and IPv6 addressing schema?

    IPv6 allows for billions of times as many possible IP addresses
    ---------------------------------------------------
    Data sources such as newspapers, books and web pages are considered which type of data?

    Unstructured data
    ---------------------------------------------------
    You are looking very hard on the web for the lowest mortgage interest load you can find and you come across a rate that is so low it could not possibly be true. You check out the site to see what the terms are and quickly find you are the victim of a ransomware attack. What was the likely attack vector used by the bad actors?

    Malicious Links
    ---------------------------------------------------
    For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

    Incorrect answer: This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless mode, and then select the corresponding firewall type
    ---------------------------------------------------
    Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

    Incorrect answer: Incident Analysis Resources
    ---------------------------------------------------
    A Coordinating incident response team model is characterized by which of the following?

    Incorrect answer: Multiple incident response teams within an organization with specific technology in place, such as shared databases, to assure threat and response knowledge is shared peer-to-peer across all teams

    ReplyDelete
    Replies
    1. Dear LutzeEigerwand
      Thank you so much for sharing your answer...

      Delete
  34. how do send latest IBM Cybersecurity Analyst Practice Quiz questions? Its to long for comment.

    ReplyDelete
    Replies
    1. just make it pdf and email me niyander111@gmail.com

      Delete
  35. Question 41
    Which of the following would be considered an incident precursor?

    0 / 1 point

    An alert from your antivirus software indicating it had detected malware on your system <---- Incorrect


    An announced threat against your organization by a hactivist group


    An email administrator seeing a large number of emails with suspicious content


    Application logs indicating multiple failed login attempts from an unfamiliar remote system

    Question 48
    According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?

    0 / 1 point

    Operational


    Strategic


    Tactical


    Control

    ReplyDelete
  36. Which component of the Linux operating system interacts with your computer's hardware?

    0 / 1 point

    The shell


    The hardware abstraction layer (HAL)


    The Hardware Interface Driver (HID)


    The kernel <------ Incorrect

    ReplyDelete
  37. Question 30
    Which statement best describes configuring a NAT router to use overload mapping?

    0 / 1 point

    Unregistered IP addresses are mapped to registered IP addresses as they are needed <----- incorrect


    Many unregistered IP addresses are mapped to a single registered IP address using different port numbers


    The NAT router uses each computer's IP address for both internal and external communication


    The organization will need as many registered IP addresses as it has computers that need Internet access

    ReplyDelete
  38. Which statement best describes configuring a NAT router to use overload mapping?

    The organization will need as many registered IP addresses as it has computers that need Internet access
    Unregistered IP addresses are mapped to registered IP addresses as they are needed <----- incorrect
    The NAT router uses each computer's IP address for both internal and external communication
    Many unregistered IP addresses are mapped to a single registered IP address using different port number

    ReplyDelete
  39. Which type of threat is a social engineering attack?

    0 / 1 point

    System based


    Internal


    App based <----- Incorrect


    External <----- Correct

    ReplyDelete