IBM Cybersecurity Analyst Assessment Exam Answers
Hello Friends in this article i am gone to share Coursera Course: IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers with you..
Enroll Link: IBM Cybersecurity Analyst
IBM Cybersecurity Analyst Professional Certificate Assessment Exam Quiz Answers
Select the answer that fills in the blanks in the correct order.
A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.
- threat actor, vulnerability, exposure
- vulnerability, threat, exploit
- threat, exposure, risk
- risk, exploit, threat
Fancy Bears and Anonymous are examples of what?
- Popular computer security blogs
- Hacking organizations
- Cryptographic cyphers
- Types of malware
What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your system be called?
- A virus
- A Trojan Horse
- A worm
Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?
- A phishing attack
- An IP spoofing attack
- A denial of service (DoS) attack
- A mapping attack
An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?
- Confidentiality and Integrity
- Confidentiality and Availability
- Integrity and Availability
- Confidentiality, Integrity and Availability
An organization wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)
Which two factors contribute to cryptographic strength? (Select 2)
- The use of asymmetric cyphers
- The use of cyphers that have undergone public scrutiny
- The use of cyphers that have been kept very secret
- The use of cyphers that are based on complex mathematical algorithms
What is an advantage asymmetric key encryption has over symmetric key encryption?
- Asymmetric keys can be exchanged more securely than symmetric keys
- Asymmetric key encryption is faster than symmetric key encryption
- Asymmetric key encryption is harder to break than symmetric key encryption
Asymmetric key encryption provides better security against Man-in-the-middle attacks than is possible with symmetric key encryption
Which three (3) of the following are key ITIL processes? (Select 3)
- Incident Management
- Change Management
- Time Management
- Project Management
- Problem Management
- Process Management
Which position conducts information security investigations for organizations to identify threats that could compromise the organization?
- Vulnerability Assessor
- Information Security Auditor
- Information Security Architect
- Information Security Analyst
ITIL is best described as what?
- A collection of IT Service Management best practices
- Privacy regulations for IT systems
- A collection of IT Service Management controls
- A framework for the development of information systems audit procedures
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?
- Trudy reads the message
- Trudy deletes the message without forwarding it
- Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form
- Trudy changes the message and then forwards it on
In cybersecurity, Authenticity is defined as what?
- Being able to apply financial management to a process
- The first or original copy of a document or message
- Being able to map an action to an identity
- The property of being genuine and verifiable
Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are authentication methods? (Select 3)
- Something a person has
- Something a person knows
- Something a person is
- Somewhere a person is located
Ali must grant access to any individual or group he wants to allow access to the files he owns. Which access control type is in use in Ali’s organization?
- Discretionary Access Control (DAC)
- Hierarchical Access Control (HAC)
- Role Based Access Control (RBAC)
- Mandatory Access Control (MAC)
If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you select? (Select 2)
Which three (3) permissions can be set on a file in Linux? (Select 3)
If cost is the primary concern, which type of cloud should be considered first?
- Private cloud
- Public cloud
- Universal cloud
- Hybrid cloud
To build a virtual computing environment, where is the hypervisor installed?
- Between the hardware and operating system
- On the cloud’s supervisory system
- Between the operating system and applications
- Between the applications and the data sources
Security training for IT staff is what type of control?
An identical email sent to millions of addresses at random would be classified as which type of attack?
- A Phishing attack
- A Shark attack
- A Spear Phishing attack
- A Whale attack
If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically?
- The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch
- The endpoint can be either allowed access to all network resources or quarantined and denied access to all network resources
- No actions can be taken directly on the endpoint but the endpoint’s owner can be notified of the actions he/she is expected to take
- Nothing can be done directly to the endpoint but a system administrator can be alerted to handle the problem with the system owner
Which statement about drivers running in Windows kernel mode is true?
- The Windows Virtual Address Manager protects processes in the kernel from interfering with each other’s assigned memory space
- Each process running in kernel mode is assigned its own dedicated virtual address space, so it is safe to load any driver into the kernel for faster execution
- The Windows Process Director prevents processes running in the kernel from interfering with each other’s operations
- Only critical processes are permitted to run in kernel mode since there is nothing to prevent a misbehaving driver from impacting other processes that are also sharing the same memory space
In Linux, Bash, tcsh and sh are what?
Symmetric key encryption by itself ensures which of the following?
- Confidentiality and Availability
- Confidentiality and Integrity
- Confidentiality, Integrity and Availability
- Confidentiality only
Which statement is True of Hash functions?
- Hashing is a reliable way to assure the integrity of a message
- Hashes are becoming easier to reverse engineer since computers are becoming more powerful
- Using hashing is a good way to assure the confidentiality of the messages you send
- The length of the hash string is proportional to the length of the input so the approximate message length can be derived from a hash
Which of the following statements about hashing is True?
- A weakness of hashing is that the hash is proportional in length to the original message
- If you have two hashes that differ only by a single character, you can infer that the original messages also differed very little
- The original message can be retrieved from the hash if you have the encryption key
- Hashing uses algorithms that are known as “one-way” functions
Which statement about encryption is True for data in use.
- Data should always be kept encrypted since modern CPUs are fully capable of operating directly on encrypted data
- Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the data being processed, so dump logs are your only real concern
- It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on
- Data in active memory registers are not at risk of being stolen
Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)
- Allows static 1-to-1 mapping of local IP addresses to global IP addresses
- Allows internal IP addresses to be hidden from outside observers
- Provides for faster network access
- Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
Which statement best describes configuring a NAT router to use static mapping?
- Many unregistered IP addresses are mapped to a single registered IP address using different port numbers
- The NAT router uses each computer’s IP address for both internal and external communication
- Unregistered IP addresses are mapped to registered IP addresses as they are needed
- The organization will need as many registered IP addresses as it has computers that need Internet access
Which address type does a computer use to get a new IP address when it boots up?
- To the system’s domain name
- The network’s DHCP server address
- To the system’s IP address
- The network’s default gateway address
- To the system’s MAC address
- The network’s DNS server address
In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?
What is the primary difference between the IPv4 and IPv6 addressing schema?
- IPv6 allows for billions of times as many possible IP addresses
- IPv6 is significantly faster than IPv4
- IPv6 is a simple version update to IPv4 with numerous bugs fixed
- IPv6 is used only for IOT devices
Which type of firewall understands which session a packet belongs to and analyzes it accordingly?
- A Connection Firewall (CFW)
- A Session Firewall (SFW)
- A Next Generation Firewall (NGFW)
- An Advanced Firewall (AFW)
Data sources such as newspapers, books and web pages are considered which type of data?
- Meta-structured data
- Unstructured data
- Semi-structured data
- Structured data
In reviewing the security logs for a company’s headquarters in New York City, which of these activities should not raise much of a security concern?
- A recently hired data scientist in the Medical Analytics department has repeatedly attempted to access the corporate financial database
- Each night one headquarters employee logs into his account from an ISP in China
- An employee has started logging in from home for an hour or so during the last 2 weeks of each quarter
- One evening an employee logs in from home and downloads all of the files associated with the new product he is working on
Poor user input sanitation and unsafe execution of OS commands leaves a system vulnerable to which form of attack?
- DLL Hijacking
- OS Command Injection
- Denial of Service (DoS)
- SQL Injection
An employee calls the IT Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first thing you should tell the employee to do?
- Run a vulnerability scan
- Start searching his hard drive for unusual files or folders
- Run an antivirus scan
- Run a Port scan
A penetration tester involved in a “Black box” attack would be doing what?
- Attempting to penetrate a system as an insider with “employee” level knowledge of the system
- Attempting to penetrate a system for personal gain
- Attempting to penetrate a system using highly specialized “black box” tools
- Attempting to penetrate a client’s systems as if she were an external hacker with no inside knowledge of the systems
Which Incident Response Team model describes a team that runs all incident response activities for a company?
NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?
In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)
- Analyze the data
- Develop a plan to acquire the data
- Acquire the data
- Verify the integrity of the data
In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?
- The names of every person who has physical custody of any piece of evidence
- Documenting the actions that are performed on the evidence and at what time
- Documenting how the evidence was stored when not in use
- All of the above
What scripting concept will repeatedly execute the same block of code while a specified condition remains true?
Which three (3) statements about Python variables are true? (Select 3)
- Variables can change type after they have been set
- Variables do not have to be declared in advance of their use
- Variable names are not case sensitive, i.e. the variable “TotalSales” and “totalsales” would refer to the same block of memory
Variables must be declared at the top of the program
- A variable name must start with a letter or the underscore “_” character
In the Python statement
What data type is the data type of the variable pi?
What will be printed by the following block of Python code?
According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?
According to the FireEye Mandiant’s Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?
Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)
- Real-time alerting
- Vulnerability assessment
- Event correlation
Which type of threat is a social engineering attack?
- System based
- App based
All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data?
True or False. WireShark has an impressive array of features and is distributed free of charge.
What organization manages the assignment and registration of port numbers?
- Internet Engineering Task Force (IETF)
- Internet Assigned Numbers Authority (IANA)
- Internet Architecture Board (IAB)
- Internet Port Assignment Authority (IPAA)
The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
- Centralized Key-Value & Secret stores
- Versioning of infrastructure
- Creation of Immutable images
- IAM controls to regulate authorization
Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?
- Red Box Testing
- Gray Box Testing
- White Box testing
- Black Box Testing
- Insecure deserialization
- Insufficient logging and monitoring
- Security misconfiguration
- Cross-site scripting
Solution architectures often contain diagrams like the one below. What does this diagram show?
- External context and boundary diagram
- Enterprise architecture
- Architecture overview
- Functional components and data flow
SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)
- Number of users with access to the SIEM
- Events per second (EPS)
- Flows per minute (FPM)
- The MSU capacity of the system running the SIEM
What do QRadar flow collectors do with the flows they collect?
- Flows are converted into events and sent to the central event processor
- Flows are bundled into related flowpaks and forwarded to the flow processor
- They send all raw flow data to the central flow processor
- They convert the flow data to a standard QRadar flow format and forward it to the centralized flow processor
True or False. Thorough reconnaissance is an important step in developing an effective cyber kill chain.
There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.
- VIP Protection
- Fraud Investigations
- Insider Threat
- Threat Discovery
Which three (3) soft skills are important to have in an organization’s incident response team? (Select 3)
- Problem solving and Critical thinking
Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?
- Detection & Analysis
- Post-Incident Activity
- Containment, Eradication & Recovery
You are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?
- A shark attack
- As a phishing attack
- A fly phishing attack
- As a whale attack
Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)
- Assign a unique ID to each person with computer access
- Restrict access to cardholder data by business need-to-know
- All employees with direct access to cardholder data must change their passwords monthly
- Restrict physical access to cardholder data
Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)
According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?
You get email constantly telling you that your eBay account shows signs of suspicious activity and that you should log in using the link provided to restore your credentials. You have taken a great course on Cybersecurity, so you check and see the sender’s email address is “firstname.lastname@example.org”. Which attack vector is being used to try to compromise your system?
- Malicious Links
- Remote Desktop Protocol (RDP)
- Software Vulnerabilities
Which ransomware tormented victims by deleting files incrementally with each hour the ransom was not paid?
- Bad Rabbit