What Does It Cost to Implement Paid Family Leave

IBM Cybersecurity Analyst Professional Certificate Assessment Examination Quiz Answers

Alarm: Jo Answer Green hai wo correct hai just

Jo Greenish Nahi hai. Usme se jo ek incorrect selection tha usko hata diya hai

Question 1)

Implementing a Security Awareness training program would exist an example of which blazon of command?

• Authoritative control

Question 2)

Putting locks on a door is an example of which type of control?

• Preventative

Question 3)

How would you classify a slice of malicious code that tin replicate itself and spread to new systems?

• A worm

Question 4)

To engage in packet sniffing, you must implement promiscuous style on which device ?

• A network carte
• An Intrusion Detection System (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, but not do much to clinch confidentiality or availability.

• Hashing

Question 6)

An organization wants to restrict employee after-hours admission to its systems and so it publishes a policy forbidding employees to piece of work outside of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

• Physical
• Administrative

Question 7)

Which two factors contribute to cryptographic force? (Select 2)

• The use of cyphers that are based on complex mathematical algorithms
• The utilize of cyphers that accept undergone public scrutiny

Question 8)

Trying to suspension an encryption key past trying every possible combination of characters is called what?

• A animal force set on

Question 9)

Which of the following describes the cadre goals of IT security?

• The Open Web Application Security Project (OWASP) Framework
• The Business organisation Process Management Framework
• The CIA Triad

Question 10)

Which three (3) roles are typically found in an Information Security organisation? (Select 3)

• Vulnerability Assessor
• Chief Information Security Officeholder (CISO)
• Penetration Tester

Question 11)

Trouble Management, Change Management, and Incident Management are all key processes of which framework?

• ITIL

Question 12)

Alice sends a bulletin to Bob that is intercepted past Trudy. Which scenario describes an integrity violation?

• Trudy changes the message and and so forwards it on
• Trudy deletes the message without forwarding it
• Trudy reads the message
• Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original grade

Question 13)

In cybersecurity, Accountability is defined every bit what?

• Being able to map an action to an identity

Question xiv)

Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are hallmark methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question xv)

Which iii (iii) of the following are Physical Access Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question 16)

If you are setting up a Windows 10 laptop with a 32Gb difficult drive, which two (2) file system could you select? (Select ii)

• NTFS
• FAT32

Question 17)

Which 3 (iii) permissions tin be prepare on a file in Linux? (Select iii)

• write
• execute
• read

Question 18)

If cost is the primary business organisation, which type of cloud should be considered first?

• Public cloud

Question 19)

Consolidating and virtualizing workloads should be done when?

• Earlier moving the workloads to the cloud

Question 20)

Which of the following is a cocky-regulating standard set by the credit card industry in the US?

• PCI-DSS

Question 21)

Which ii (2) of the following attack types target endpoints?

• Advertisement Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) system detects that an endpoint does non have a required patch installed, which statement best characterizes the actions it is able to take automatically?

• The endpoint tin can be quarantined from all network resource except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how high up he is in an organization violates what bones security premise?

• The principle of least privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the following protections?

• Firewall and network protection
• Family options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the post-obit?

• Integrity

Question 26)

Which of the post-obit practices helps clinch the best results when implementing encryption?

• Choose a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your organisation and keep them secret

Question 27)

Which of these methods ensures the hallmark, non-repudiation and integrity of a digital communication?

• Use of digital signatures

Question 28)

Which of the following practices will aid assure the confidentiality of data in transit?

• Disable certificate pinning
• Accept self-signed certificates
• Implement HTTP Strict Transport Protocol (HSTS)

Question 29)

Which three (3) of these are benefits you lot can realize from using a NAT (Network Address Translation) router? (Select three)

• Allows static 1-to-ane mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
• Allows internal IP addresses to be hidden from outside observers

Question 30)

Which statement best describes configuring a NAT router to apply static mapping?

• The organization will need every bit many registered IP addresses as it has computers that need Internet access

Question 31)

If a calculator needs to send a message to a system that is part of the local network, where does it send the message?

• To the system's MAC address

Question 32)

Which are properties of a highly available system?

• Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements about the UDP protocol are True? (Select 3)

• UDP is faster than TCP
• UDP packets are reassembled by the receiving system in whatever lodge they are received
• UDP is connectionless

Question 34)

What is ane difference betwixt a Stateful Firewall and a Next Generation Firewall?

• A NGFW understand which application sent a given packet

Question 35)

You are concerned that your organisation is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal 24-hour interval shift from his visitor'due south headquarters in Austin, TX Usa. Which two (2) of these activities raise the near crusade for business? (Select ii)

• Each night Hassan logs into his business relationship from an Isp in China
• 1 evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (3) of the following are considered safe coding practices? (Select 3)

• Use library functions in identify of Bone commands
• Avoid using Os commands whenever possible
• Avoid running commands through a shell interpreter

Question 38)

Which three (iii) items should be included in the Planning step of a penetration test? (Select iii)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest report would cover the adventure ranking, recommendations and roadmap?

• Executive Summary

Question forty)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

• Incident Post-Analysis Resources
• Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a loftier level of testing and monitoring, during which phase of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

True or Faux. Digital forensics is constructive in solving cyber crimes merely is not considered effective in solving vehement crimes such as rape and murder.

• False

Question 43)

Which three (3) are common obstacles faced when trying to examine forensic information? (Select 3)

• Selecting the right tools to aid filter and exclude irrelevant data
• Finding the relevant files amidst the hundreds of thousands found on most difficult drives
• Bypassing controls such as passwords

Question 44)

What scripting concept volition repeatedly execute the same cake of code while a specified condition remains truthful?

• Loops

Question 45)

Which 2 (2) statements virtually Python are true? (Select 2)

• Python code is considered easy to debug compared with other popular programming languages
• Python code is considered very readable by novice programmers

Question 46)

In the Python argument

pi="3"

What data type is the data blazon of the variable pi?

• str

Question 47)

What volition be printed by the following block of Python code?

def Add5(in)

 out=in+5

 return out

 print(Add5(x))

• 15

Question 48)

Which threat intelligence framework was developed by the U.s.a. Government to enable consistent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

Truthful or False. An organization's security allowed organisation should be integrated with exterior organizations, including vendors and other third-parties.

• True

Question 50)

Which three (three) of these are among the meridian 12 capabilities that a good data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Real-time alerting
• Tokenization

Question 51)

True or Faux. For iOS and Android mobile devices, users must collaborate with the operating system simply through a serial of applications, merely not straight.

• Truthful

Question 52)

All industries accept their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed past depression-level employees who accept access to payment bill of fare information?

• Retail

Question 53)

True or Imitation. WireShark has an impressive array of features and is distributed free of charge.

• Truthful

Question 54)

In which component of a Mutual Vulnerability Score (CVSS) would privileges required be reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You calculate that there is a 2% probability that a cybercriminal volition exist able to steal credit card numbers from your online storefront which will effect in $10M in losses to your visitor. What have you simply determined?

• A risk

Question 57)

Which 1 of the OWASP Top 10 Awarding Security Risks would exist occur when an application's API exposes financial, healthcare or other PII information?

• Sensitive information exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

• Virus Protection
• Awarding Firewall
• Spam Filter

Question 59)

A robust cybersecurity defence force includes contributions from iii areas, man expertise, security analytics and artificial intelligence. Rapidly analyzing big quantities of unstructured information lends itself all-time to which of these areas?

• Artificial intelligence

Question sixty)

The triad of a security operations centers (SOC) is People, Process and Applied science. Which function of the triad would network monitoring belong?

• Technology

Question 61)

Which of these is a good definition for cyber threat hunting?

• The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

At that place is value brought by each of the IBM i2 Environmental impact assessment use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

• Threat Discovery

.

Question 63)

Which three (3) soft skills are important to have in an organization'southward incident response squad? (Select iii)

• Advice
• Teamwork
• Problem solving and Disquisitional thinking

Question 64)

Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Analysis

Question 65)

Which three (3) of these statistics nearly phishing attacks are real? (Select 3)

• Around fifteen 1000000 new phishing sites are created each calendar month
• Phishing accounts for most 20% of data breaches
• xxx% of phishing letters are opened by their targeted users

Question 66)

Which iii (three) of these command processes are included in the PCI-DSS standard? (Select 3)

• Implement potent admission control measures
• Regularly monitor and test networks
• Maintain an information security policy

Question 67)

Which three (iii) are malware types usually used in PoS attacks to steal credit card data? (Select three)

• Alina
• BlackPOS
• vSkimmer

Question 68)

According to a 2019 Ponemon study, what pct of consumers indicated they would be willing to pay more for a product or service from a provider with amend security?

• 52%

Question 69)

You get a phone call from a technician at the "Windows company" who tells you lot that they have detected a trouble with your arrangement and would similar to help you resolve it. In gild to help, they need yous to become to a web site and download a simple utility that volition allow them to fix the settings on your computer. Since you only own an Apple tree Mac, you are suspicious of this caller and hang up. What would the assail vector accept been if you had downloaded the "uncomplicated utility" as asked?

• Remote Desktop Protocol (RDP)

Question 70)

What is an effective fully automated way to prevent malware from inbound your system every bit an email attachment?

• Anti-virus software

 Question 71)

True or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family.

• False

Question 72)

Which three (three) of these are PCI-DSS requirements for whatever company handling, processing or transmitting credit card data? (Select three)

• Restrict access to cardholder information past concern demand-to-know
• Assign a unique ID to each person with reckoner access
• Restrict physical access to cardholder data

Question 73)

Truthful or False. Communications of a data breach should be handled past a team composed of members of the IR squad, legal personnel and public relations.

• True

Question 74)

A Coordinating incident response team model is characterized past which of the following?

• Multiple incident response teams within an organization all of whom coordinate their activities only inside their land or section

• Multiple incident response teams inside an arrangement but one with authority to assure consequent policies and practices are followed across all teams

• This term refers to a structure that assures the incident response squad'southward activities are coordinated with senior direction and all appropriate departments within and organization

Question 75)

The cyber hunting squad and the SOC analysts are informally referred to every bit the ____ and ____ teams, respectively.

• Blueish Red

• Red, Blue

Question 76)

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (three) of these topics?

• Abstraction
• Dilemmas
• Morals

Question 77)

Solution architectures often incorporate diagrams like the ane beneath. What does this diagram show?

<<Solution Architecture Information Period.png>>

• Functional components and data flow

Question 78)

Port numbers 1024 through 49151 are known every bit what?

• Registered Ports

Question 79)

Which layer of the OSI model to bundle sniffers operate on?

• Data Link

Question 80)

True or Simulated. Internal attacks from trusted employees represents equally as significant a threat as external attacks from professional cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

• lxxx%

Question 82)

Which country had the highest average cost per breach in 2018 at $eight.19M

• Usa

Question 83)

Which ii (2) of these Python libraries provides useful statistical functions? (Select 2)

• StatsModels

• Scikit-larn

Question 84)

What will print out when this block of Python code is run?

i=i

#i=i+1

#i=i+2

#i=i+3

print(i)

• 1

Question 85)

Which three (3) statements well-nigh Python variables are truthful? (Select 3)

• A variable name must starting time with a letter or the underscore "_" character
• Variables tin change blazon after they accept been fix
• Variables do not have to be declared in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating system?

• Windows

Question 87)

In digital forensics documenting the concatenation of custody of prove is critical. Which of these should be included in your chain of custody log?

• All of the above

Question 88)

Forensic analysis should e'er be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select ii)

• An incremental backup

• A logical backup

Question 89)

Which of the post-obit would be considered an incident precursor?

• An warning from your antivirus software indicating it had detected malware on your organization

• An announced threat against your arrangement by a hactivist group

Question ninety)

If a penetration examination calls for y'all to create a diagram of the target network including the identity of hosts and servers as well as a listing of open ports and published services, which tool would be the all-time fit for this task?

• Nmap

Question 91)

Which blazon of listing is considered best for prophylactic coding practice?

• Whitelist

Question 92)

In reviewing the security logs for a company'southward headquarters in New York City, which of these activities should not raise much of a security business?

• A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database

• An employee has started logging in from home for an hr or so during the final 2 weeks of each quarter

Question 93)

Data sources such every bit newspapers, books and web pages are considered which type of information?

• Unstructured data

• Semi-structured data

• Structured data

Question 94)

Which iii (3) of these statements almost the TCP protocol are True? (Select 3)

• TCP packets are reassembled by the receiving arrangement in the order in which they were sent

• TCP is more reliable than UDP

• TCP is connection-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the accost in a Class B network?

• 2

Question 96)

A pocket-sized company with 25 computers wishes to connect them to the Net using a NAT router. How many Public IP addresses will this company demand to assure all 25 computers tin can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• 1

Question 97)

Why is symmetric key encryption the well-nigh common selection of methods to encryptic data at rest?

• There are far more keys available for use

• It is much faster than asymmetric fundamental encryption

Question 98)

Which of the post-obit statements about hashing is True?

• Hashing uses algorithms that are known as "one-way" functions

Question 99)

Why is hashing not a mutual method used for encrypting data?

• Hashing is a one-style process so the original data cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the following?

• Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used by Microsoft in Active Directory?

• Kerberos

Question 102)

Granting admission to a user account just those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

Question 103)

What is the most common patch remediation frequency for virtually organizations?

• Monthly

• Annually

Question 104)

Island hopping is an attack method commonly used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security training for It staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload fifty-fifty after it is successfully moved to the cloud?

• All of the above

Question 107)

Which form of Cloud computing combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your figurer's hardware?

• The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

• Technical

Question 110)

In cybersecurity, Actuality is defined every bit what?

• The property of being genuine and verifiable

Question 111)

ITIL is best described as what?

• A drove of It Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer data systems?

• Information Security Accountant

Question 113)

A company wants to prevent employees from wasting fourth dimension on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company merely implemented? (Select 2)

• Administrative

• Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your system be called?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct gild.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

• vulnerability, threat, exploit

• threat, exposure, risk

• threat role player, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

• A Deprival of Service (DoS) set on

Question 119)

Trudy intercepts a romantic plain-text message from Alice to her fellow Sam. The message upsets Trudy then she forward it to Bob, making information technology await like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?

• All of the to a higher place

Question 120)

Which factor contributes most to the strength of an encryption arrangement?

• How many people take access to your public central

• The length of the encryption key used

• The number of private keys used by the system

Question 121)

What is an reward asymmetric key encryption has over symmetric key encryption?

• Asymmetric keys can be exchanged more securely than symmetric keys

• Disproportionate key encryption is harder to intermission than symmetric key encryption

• Asymmetric primal encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations estimator systems?

• A Penetration Tester

Question 123)

Which iii (3) are considered all-time practices, baselines or frameworks? (Select 3)

• ISO27000 series

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which type of access command is based upon the subject's clearance level and the objects classification?

• Hierarchical Admission Control (HAC)
• Discretionary Access Control (DAC)
• Mandatory Admission Command (MAC)
• Office Based Admission Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

• \Plan Files

Question 127)

To build a virtual calculating surround, where is the hypervisor installed?

• Between the applications and the data sources
• On the deject's supervisory system
• Between the hardware and operating system
• Between the operating organization and applications

Question 128)

An identical email sent to millions of addresses at random would be classified as which type of assail?

• A Shark attack

• A Phishing assail

Question 129)

Which statement virtually drivers running in Windows kernel mode is true?

• Only critical processes are permitted to run in kernel style since there is nothing to prevent a

Question 130)

Symmetric primal encryption by itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which statement best describes configuring a NAT router to apply dynamic mapping?

• The organization will need as many registered IP addresses as it has computers that need Net access

• Many registered IP addresses are mapped to a unmarried registered IP address using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses every bit they are needed

• The NAT router uses each computer'southward IP address for both internal and external communication

Question 132)

Which accost type does a computer use to get a new IP address when it boots up?

• The network's DHCP server address

Question 133)

What is the main divergence between the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used only for IOT devices

• IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a bundle belongs to and analyzes it appropriately?

• A Next Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that maybe, but possibly, the links in the email he clicked on this morning were non from the real Lottery Committee. What is the first thing you lot should tell the employee to practise?

• Run a Port scan

• Run an antivirus scan

Question 136)

A penetration tester involved in a "Blackness box" attack would exist doing what?

• Attempting to penetrate a client'south systems as if she were an external hacker with no inside knowled

Question 137)

Which Post Incident activity would be concerned with maintaining the proper chain-of-custody?

• Lessons learned coming together
• Evidence retention
• Documentation review & update
• Utilizing collected data

Question 138)

In digital forensics, which three (iii) steps are involved in the collection of information? (Select three)

• Develop a plan to acquire the data

• Verify the integrity of the information

• Acquire the data

Question 139)

Which iii (3) of the following are considered scripting languages? (Select 3)

• Perl

• Fustigate

• Python

Question 140)

What is the largest number that will exist printed during the execution of this Python while loop?

i=0

while (i<ten):

 print(i)

 i=i+1

• nine

Question 141)

Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which ii (2) of these are mail service-exploit activities? (Select 2)

• Gather total situational sensation through advanced security analytics

• Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of critical data. Which attribute of the CIA Triad is nearly impacted by an organization'south backup practices?

• Availability

• Integrity

• Authorisation

Question 143)

Which stage of DevSecOps would comprise the activities Internal/External testing, Continuous assurance, and Compliance checking?

• Test

• Code & build

• Operate & monitor

• Plan

Question 144)

Which one of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user beingness immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

• Cross-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select ii)

• Flows per minute (FPM)

• Events per second (EPS)

Question 146)

True or False. If you have no meliorate place to start hunting threats, starting time with a view of the global threat landscape and and then drill downwardly to a regional view, industry view and finally a view of the threats specific to your own organization.

• True

Question 147)

True or False. Cloud-based storage or hosting providers are among the acme sources of tertiary-party breaches

• True

Question 148)

Y'all are looking very hard on the web for the lowest mortgage interest load y'all can detect and you come across a rate that is so low it could not mayhap exist true. You bank check out the site to run into that the terms are and quickly find you are the victim of a ransomware attack. What was the probable attack vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What assault vector is used by these click-bait sites to become you to go to the really bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

• Any potential danger capable of exploiting a weakness in a system
• The likelihood that the weakness in a system will exist exploited
• 1 example of a weakness being exploited
• A weakness in a system that could be exploited by a bad actor

Question 151)

Suspicious activeness, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?

• A mapping set on
• A denial of service (DoS) attack
• A phishing assail
• An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the message without forwarding it
• Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original grade
• Trudy changes the message and then frontward it on
• Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)?

• PCI-DSS
• ISO27000 series
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response organisation (EDR) should have which 3 (3) of these capabilities? (Select three)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at once
• Deploying devices with network configurations

Question 155)

Which argument about encryption is Truthful about data in use.

• Data should always be kept encrypted since modernistic CPUs are fully capable of operating directly on encrypted data

• It is vulnerable to theft and should be decrypted just for the briefest possible time while it is beingness operated on

• Brusk of orchestrating a retentivity dump from a system crash, there is no practical mode for malware to get at the data being processed, so dump logs are your merely real concern

• Information in agile memory registers are not at risk of existence stolen

Question 156)

For added security you lot decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How tin this be washed?

• This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless mode, so select the corresponding firewall type

• Install a single firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall only These avant-garde devices audit everything a stateless firewall inspects in addition to country related factors

• Yous must install 2 firewalls in series, and so all packets pass through the stateless firewall first and and then the stateless firewall

Question 157)

In IPv4, how many of the four octets are used to define the network portion of the address in a Class A network?

• ii
• i
• 4
• iii

Question 158)

If yous have to rely upon metadata to work with the data at hand, you are probably working with which type of data?

• Meta-structured information
• Semi-structured information
• Structured data
• Unstructured information

Question 159)

Which two (two) forms of discovery must exist conducted online? (Select 2)

• Port scanning
• Shoulder surfing
• Social engineering
• Packet sniffing

Question 160)

Which Incident Response Team model describes a team that runs all incident response activities for a company?

• Distributed
• Central
• Coordinating
• Control

Question 161)

Which is the data protection process that prevents a suspicious information request from beingness completed?

• Data take chances analysis
• Information classification
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers fractional knowledge of the systems they are trying to penetrate in accelerate of their assail to streamline costs and focus efforts?

• Red Box Testing
• Grayness Box Testing
• White Box testing
• Black Box Testing

Question 163)

Which type of awarding attack would include User denies performing an operation, assaulter exploits an application without trace, and attacker covers her tracks?

• Auditing and logging
• Hallmark
• Say-so
• Input validation

Question 164)

Truthful or False. Thorough reconnaissance is an of import footstep in developing an effective cyber kill chain.

• True
• False

Question 165)

True or False. I of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

• True
• False

Question 166)

Truthful or False. A big company has a data breach involving the theft of employee personnel records but no customer information of any kind. Since no external data was involved, the visitor does not have to report the alienation to law enforcement.

• True
• False

Question 167)

Y'all are the CEO of a large tech company and have just received an angry email that looks like it came from i of your biggest customers. The email says your company is overbilling the customer and asks that y'all examine the fastened invoice. You practice but find it bare, so you lot answer politely to the sender asking for more details. You never hear back, just a week later your security team tells yous that your credentials accept been used to access and exfiltrate large amounts of company financial data. What kind of attack did you autumn victim to?

• As a phishing assault
• As a whale set on
• A shark attack
• A fly phishing attack

Question 168)

Which of these statements near the PCI-DSS requirements for whatsoever company handling, processing or transmitting credit carte information is true?

• Muti-factor hallmark is required for all new bill of fare holders
• Some form of mobile device management (MDM) must be used on all mobile credit menu processing devices
• All employees with directly access to cardholder data must exist bonded
• Cardholder information must be encrypted if it is sent across open or public networks

Which Incident Response Team model describes a team that acts as consulting experts to advise local IR teams?

• Control
• Coordinating
• Distributed
• O Fundamental

In a Linux file organisation, which files are contained in the \bin binder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such as fstab and inittab
• Directories such as /habitation and /usr

If a figurer needs to send a bulletin to a organisation that is not role of the local network, where does it send the bulletin?

• To the system'southward domain name
• To the system's IP address
• The network's DNS server address
• To the arrangement'south MAC address
• The network'south default gateway address
• The network's DHCP server address

Which three (3) of these statements about the TCP protocol are True? (Select iii)

• TCP is faster than UDP
• TCP is connexion-oriented
• TCP packets are reassembled by the receiving organization in the order in which they were sent
• TCP is more reliable than UDP

A professor is not immune to alter a student'southward final grade after she submits it without completing a special class to explain the circumstances that necessitated the change. This boosted step supports which aspect of the CIA Triad?

• Authorization
• Integrity
• Confidentiality
• Availability

Which of these is the best definition of a security run a risk?

• An instance of existence exposed to losses
• Any potential danger that is associated with the exploitation of a vulnerability
• A weakness in a system
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a manifestly text message sent by Alice to Bob, just in no way interferes with its commitment. Which aspect of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the above

What is an advantage symmetric key encryption has over asymmetric key encryption?

• Symmetric key encryption provides better security against Human-in-the-middle attacks than is possible with asymmetric key encryption
• Symmetric key encryption is faster than asymmetric key encryption
• Symmetric keys can be exchanged more than securely than asymmetric keys
• Symmetric key encryption is harder to break than disproportionate fundamental encryption

Which type of awarding attack would include network eavesdropping, lexicon attacks and cookie replays?

• Configuration management
• Hallmark
• Authorization
• Exception management

Why should yous always look for common patterns earlier starting a new security architecture design?

• They can aid identify best practices
• They tin can shorten the evolution lifecycle
• Some document complete tested solutions
• All of the above

Terminal Update: 09/12/2021

Warning: Jo Respond Dark-green hai wo correct hai merely

Jo Green Nahi hai. Usme se jo ek wrong option tha usko hata diya hai

Please WAIT I Volition ADD MORE NEW QUETIONS..

Also if yous have Questions with right reply  Send me on my Email i will update on my weblog..

niyander111@gmail.com

Thank you...

cunninghampoer1954.blogspot.com

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Share this post