IBM Cybersecurity Analyst Practice Quiz Answers
Hello Friends in this article i am gone to share Coursera Course: IBM Cybersecurity Analyst Practice Quiz Answers with you..
Enroll Link: IBM Cybersecurity Analyst
IBM Cybersecurity Analyst Practice Quiz Answers
A Denial of Service (DDoS) attack typically involves a bad actor sending millions of requests to a computer overwhelming that system’s ability to process them all properly. This is a violation of which aspect of the CIA Triad?
- All of the above.
Money is the primary motivation for which type of hacking organization?
- Black hats
- White hats
The common vulnerability exploited in all social engineering attacks is what?
- Social media platforms
- Public infrastructure like dams and electrical grids
A directive from upper management stating that all employees must wear an ID badge at all times is an example of what?
- Security guideline
- Security policy
- Security architecture
- Security standard
Policies, procedures and tactical plans are all part of what?
- The CIA Triad
- Security awareness training
- The IT Governance process.
- The OWASP “Top 10”
Trudy intercepts a plain text-message sent by Alice and changes the location of a meeting that Alice is trying to arrange with Bob before she forwards the altered message to Bob. Which two (2) aspects of the CIA Triad were violated? (Select 2)
To exchange messages between two people using symmetric key encryption, how many unique encryption keys are required?
In digital forensics, the record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence is called what?
- Forensic index
- Chain of custody
- Forensic custody record
- Record of custody
Which of the following models how to document the processes, functions, and roles of IT Service Management?
- The Open Web Application Security Project (OWASP) Framework.
- The CIA Triad.
- The Information Technology Infrastructure Library (ITIL) framework.
- The Business Process Management Framework.
An unplanned interruption to an IT Service would be handled by which ITIL process?
- Service Level Management
- Information Security Management
- Incident Management
- Event Management
- Change Management
- Problem Management
Which role is a high-level management position responsible for the entire computer security department and staff?
- Information Security Auditor
- Information Security Analyst
- Information Security Architect
- Chief Information Security Officer (CISO)
Alice, Bob and Trudy are fictional characters commonly used to illustrate which aspect of information security?
- NIST 800-53
- The CIA Triad.
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an availability violation?
- Trudy changes the message and then forwards it on.
- Trudy deletes the message without reading or forwarding it.
- Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form.
- Trudy reads the message.
Which are the three (3) factor categories used in multi factor authentication? (Select 3)
- Someone you know.
- Something you have.
- Something you can do.
- Something you know.
- Something you are.
Mary has access to certain resources because she is in the Research division of her company. She has access to other resources because she is a manager. Which access control system is probably in use in her company?
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role Based Access Control (RBAC)
- Hierarchical Access Control (HAC)
In Windows, how many unique address spaces are used by applications running in user mode?
- As many as there are applications running.
- As many as there are processes running.
Which company developed and now owns Linux?
- None of the above.
Which of the following statements about hypervisors is true?
- A hypervisor runs inside of a virtual image.
- A hypervisor is hardware that coordinates process tasks between CPUs.
- A hypervisor operates between the hardware and the operating system.
- A hypervisor is an application that runs in an operating system.
If data security is the primary concern, which type of cloud should be considered first?
- Universal cloud
- Public cloud
- Private cloud
- Hybrid cloud
An employee seeking to damage his company because he did not get an expected promotion would be classified as which type of actor?
- Inadvertent Actor
- Malicious Insider
When examining endpoint security, which three (3) of the following would be classified as clients? (Select 3)
- Personal Computer
- Cloud-based email service
Which two (2) Windows patch classifications should always be installed quickly? (Select 2)
When working on a Windows computer, which mode will you usually be operating in?
- Kernel mode
- System mode
- Host mode
- User mode
- Client mode
In Active Directory, Administrator, Guest, HelpAssistant, and KRBTGT are all examples of what?
- Global accounts
- Local accounts
- Domain accounts
Digital signatures ensure which of the following?
- All of the above.
How will Quantum computing impact the effectiveness of cryptography?
- Both Symmetric and Public Key encryption will work fine if you use quantum keys.
- Both Symmetric and Public Key encryption will be worthless. The only hope for cryptography will be the development of some new quantum encryption technology.
- Symmetric key encryption will be weakened but Public Key encryption will not be impacted.
- Symmetric key encryption will be weakened, and Public Key encryption will be broken.
When can data be encrypted?
- While at rest only.
- While at rest or in transit only.
- While in transit and while in use only
- While at rest, in transit and in use.
- While at rest or while in use only.
How are Rainbow Tables used by hackers?
- To decipher stolen passwords by looking up a hashed password and matching it to a string of clear text.
- To coordinate a “full spectrum” attack against a given target all at once.
- To better understand the demographics of a target when constructing a phishing attack email.
- To match individual characters against their hashed values across a broad range of standard hashing algorithms.
Which of the following inspections can be performed only by a stateful firewall and not by a stateless firewall?
- the destination port
- if the packet belongs to an open session
- the destination IP address
- the source IP address
- the service or protocol used
Which statement best describes the results of configuring a NAT router to use static address mapping?
- Many unregistered IP addresses are mapped to a single registered IP address using different port numbers.
- Unregistered IP addresses are mapped to registered IP addresses as they are needed.
- The NAT router uses each computer’s IP address for both internal and external communication.
- The organization will need as many registered IP addresses as it has computers that need Internet access.
Which address type does a router use to deliver a packet to a computer on its own local network?
- The computer’s domain name.
- The computer’s MAC address.
- The network’s DHCP server address.
- The network’s default gateway address.
- The computer’s IP address.
- The network’s DNS server address.
How do you represent the number 8 in binary?
A subnet mask of 255.0.0.0 is used for which class of network?
- Class A
- Class B
- Class C
- Class D
Translation of domain names to IP addresses and vice versa is carried out by which protocol?
Distributed databases and data warehouses would be considered which data model type?
- Structured data
- Structureless data
- Semi-structured data
- Unstructured data
Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?
- An authorized user attempts to run SQL statements with invalid syntax.
- Attempts to create a list of user ID credentials using an SQL query rather than your organization’s identity management application.
- A Finance department application that is accessed far more in the last few days of each month than at any other time.
- A user who changes his password the first day of every month like clockwork.
Which operating system is immune from OS Command Injection attacks?
- None of the above.
Which two (2) are phases of a penetration test? (Select 2)
- Exploitation or Attack
Select the correct option to fill in the blank with the missing step in the penetration test attack phase. Gaining Access, ______, System Browsing, Installing Additional Tools.
- Scanning Ports
- Vulnerability Scanning
- Exfiltrating Files
- Escalating Privileges
Which are the first three phases of incident response?
- Containment, Eradication, Recovery.
- Preparation, Detection & Analysis, Containment, Eradication & Recovery.
- Detection, Analysis, Remediation.
- Preparation, Review, Analysis.
Which type of monitoring system is designed to stop unauthorized users from accessing or downloading sensitive data?
Why would you make hash values of all the data on a system before you move it or begin to analyze it?
- To encrypt the original data so it cannot be further corrupted.
- Data analysis is primarily focused on what you learn from the hash values.
- To preserve the integrity of the original data.
- To expose viruses or malware signatures in the data.
Which three (3) of the following data types are considered volatile? (Select 3)
- Slack space
- Swap files
- Login sessions
- Running processes
Which three (3) of the following are examples of how scripts are used today? (Select 3)
What will be printed by the following block of Python code?
How is Python developed and distributed?
- Python is developed by Google and distributed free of charge.
- Python is developed by IBM and distributed free of charge.
- Python is developed by RedHat and distributed free of charge.
- Python is an Open Source project and distributed free of charge.
How do you indicate some text is only a comment in a Python file?
- Any code between double angle brackets (i.e. <<comments>>) is considered a comment.
- Comments are isolated inside a comment function, i.e. comment(“this is a comment only”).
- Use a hash “#” character. Everything to the right of that character on the same line will be treated as a comment.
- Comments must be entire lines that start with “REM”.
Which country had the highest average cost per breach in 2018 at $8.19M
- United States
- United Kingdom
Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)
- Perform forensic investigation.
- Prioritize vulnerabilities to optimize remediation processes and close critical exposures.
- Gather full situational awareness through advanced security analytics.
- Detect deviations from the norm that indicate early warnings of APTs.
Which mobile operating system is being developed in a consortium that includes the Open Handset Alliance?
Which data protection process provides prebuilt capabilities, mapped to specific regulations, to create the necessary resources to implement and demonstrate compliance with these regulations?
- Real-time alerting
- Automated compliance support
- Blocking, masking and quarantining
- Active analytics
A university just upgraded their email system, so it now encrypts all email by default. What aspect of the CIA Triad does this upgrade support?
Which component of a vulnerability scanner allows the administrator to operate the scanner?
- Engine Scanner
- Report Module
- User Interface
The Common Vulnerability Scoring System (CVSS) is designed to help a company prioritize vulnerabilities. Which score would indicate a very high priority vulnerability?
The foundation of robust security depends upon a number of factors including which two (2) of these? (Select 2)
- Iterate design and build for rapid deployment.
- Build with a clearly communicated structure.
- Use systematic analysis of the threats and controls.
- Strict adherence to security architecture standards such as ISO/IEC: 20071.
The Recover step in the DevSecOps Operate & Monitor phase contains which of these activities?
- Virtual Patching
- Root Cause Analysis
Which of these is an aspect of an Enterprise Architecture?
- Shows the internal data and use of reusable or off-the-shelf components.
- Gives the technology perspectives in detail.
- Describes how specific products or technologies are used.
- Does not describe the internals of the main components or how they will be implemented.
Which three (3) of these are features of Solution Building Blocks (SBBs)? (Select 3)
- May be product or vendor aware.
- Add context of the platforms and environments.
- Is product and vendor neutral.
- Specifies the technical components to implement a function.
Which two (2) approaches do SIEMs take to establish relationships between event log entries? (Select 2)
- correlation/regression analysis
- map and grid
- statistical correlation engine based
What is event coalescing in SIEM data processing?
- It is the promotion of an event to a higher status due to its severity or the presence of multiple similar events.
- Multiple endpoints, such as all of the laptops belonging to the same department, are treated as a single device for analysis purposes.
- When 3 events are found with matching properties within a 10 second period, they are coalesced into a single event.
- It is the dropping of duplicate event records from the same source.
Targeted acts of war, espionage, hacktivists, targeted data theft, and indirect criminal activities designed for mass disruption are collectively referred to as what?
- The attack vector.
- The vulnerability profile.
- The threat surface.
- The countermeasure challenge.
Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain? (Select 3)
- Actions on Objectives
- Command & Control
- Withdraw and Cover Up
In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list? (Select 3)
- Establish policies and procedures regarding incident-related information sharing.
- Develop an incident response plan based on the incident response policy.
- Establish a formal incident response capability.
- Secure sufficient funding for the incident response team.
Holding a cross-departmental meeting to review lessons learned from an incident after it has been resolved falls into which phase of the incident response lifecycle?
- Post-Incident Activity
- Containment, Eradication & Recovery
- Detection & Analysis
What are three (3) common signs that an email might be a phishing attack? (Select 3)
- It is generically address, for example, to “Dear Customer”.
- It is not from someone you know or do business with.
- There is a request to click a link and provide personal “account” details.
- It is from a company you have done business with and contains advertisements for products similar to what you have purchased from them in the past.
True of False. Because of their large volume of transactions, it is often easier for an attacker to successfully penetrate the PoS systems of a major retail chain than it is that of a small independent business where every transaction can be viewed by the owner.
True or False. A study conducted by the Ingenico Group recommended the use of Tokenization which replaces credit card data with a secure token while the data is at rest.
According to NIST, Cyber Supply Chain Risk Management (SCRM) activities include which of the following?
- Determining cybersecurity requirements for suppliers.
- Communicating to suppliers how cybersecurity requirements will be verified and validated.
- Enacting cybersecurity requirements through formal agreements.
- All of the above.
You get a pop-up message on your screen telling you that highly confidential company files have been downloaded and will be made public unless you pay a fee. What type of ransomware has attacked your system?
What is an effective fully automated way to prevent malware from entering your system as an email attachment?
- Strong passwords.
- Fully patched operating system and applications.
- Anti-virus software.
- A full system backup.