How Much Does It Cost To Send Surface Pro For Repair

IBM Cybersecurity Analyst Professional Document Assessment Exam Quiz Answers

Alert: Jo Answer Green hai wo right hai just

Jo Green Nahi hai. Usme se jo ek wrong choice tha usko hata diya hai

Question 1)

Implementing a Security Awareness training programme would exist an example of which type of command?

• Administrative control

Question two)

Putting locks on a door is an example of which type of control?

• Preventative

Question 3)

How would you allocate a slice of malicious lawmaking that tin replicate itself and spread to new systems?

• A worm

Question iv)

To appoint in packet sniffing, you must implement promiscuous fashion on which device ?

• A network card
• An Intrusion Detection System (IDS)
• A sniffing router

Question 5)

Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability.

• Hashing

Question 6)

An organization wants to restrict employee after-hours access to its systems then it publishes a policy forbidding employees to work outside of their assigned hours, and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

• Physical
• Administrative

Question vii)

Which two factors contribute to cryptographic forcefulness? (Select two)

• The use of cyphers that are based on complex mathematical algorithms
• The use of cyphers that take undergone public scrutiny

Question viii)

Trying to break an encryption primal by trying every possible combination of characters is called what?

• A brute strength attack

Question 9)

Which of the following describes the core goals of Information technology security?

• The Open up Web Application Security Project (OWASP) Framework
• The Business Procedure Management Framework
• The CIA Triad

Question x)

Which iii (three) roles are typically establish in an Information Security organisation? (Select iii)

• Vulnerability Assessor
• Chief Information Security Officer (CISO)
• Penetration Tester

Question 11)

Problem Management, Change Management, and Incident Management are all central processes of which framework?

• ITIL

Question 12)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

• Trudy changes the message then forwards it on
• Trudy deletes the message without forwarding it
• Trudy reads the message
• Trudy cannot read it because information technology is encrypted simply allows it to be delivered to Bob in its original form

Question 13)

In cybersecurity, Accountability is defined as what?

• Being able to map an activity to an identity

Question 14)

Multifactor authentication (MFA) requires more i authentication method to be used before identity is authenticated. Which 3 (three) are hallmark methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

Question fifteen)

Which three (3) of the following are Physical Access Controls? (Select 3)

• Door locks
• Security guards
• Fences

Question sixteen)

If you are setting upwards a Windows 10 laptop with a 32Gb difficult bulldoze, which ii (2) file system could y'all select? (Select 2)

• NTFS
• FAT32

Question 17)

Which iii (3) permissions can be set on a file in Linux? (Select 3)

• write
• execute
• read

Question xviii)

If cost is the primary business organisation, which type of cloud should be considered first?

• Public deject

Question 19)

Consolidating and virtualizing workloads should exist washed when?

• Before moving the workloads to the cloud

Question 20)

Which of the following is a self-regulating standard ready past the credit carte industry in the US?

• PCI-DSS

Question 21)

Which 2 (2) of the following attack types target endpoints?

• Ad Network
• Spear Phishing

Question 22)

If an Endpoint Detection and Response (EDR) organization detects that an endpoint does not have a required patch installed, which statement best characterizes the actions information technology is able to take automatically?

• The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

Question 23)

Granting access to a user based upon how loftier upward he is in an arrangement violates what basic security premise?

• The principle of least privileges

Question 24)

The Windows Security App available in Windows x provides uses with which of the following protections?

• Firewall and network protection
• Family unit options (parental controls)
• All of the above

Question 25)

Hashing ensures which of the following?

• Integrity

Question 26)

Which of the following practices helps assure the best results when implementing encryption?

• Cull a reliable and proven published algorithm
• Develop a unique cryptographic algorithm for your organization and keep them secret

Question 27)

Which of these methods ensures the hallmark, non-repudiation and integrity of a digital communication?

• Use of digital signatures

Question 28)

Which of the following practices volition help assure the confidentiality of data in transit?

• Disable certificate pinning
• Accept self-signed certificates
• Implement HTTP Strict Send Protocol (HSTS)

Question 29)

Which three (three) of these are benefits you lot tin realize from using a NAT (Network Address Translation) router? (Select 3)

• Allows static one-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
• Allows internal IP addresses to be hidden from outside observers

Question thirty)

Which statement best describes configuring a NAT router to apply static mapping?

• The system volition need as many registered IP addresses as it has computers that need Cyberspace access

Question 31)

If a computer needs to send a message to a organisation that is office of the local network, where does it send the message?

• To the organisation'southward MAC address

Question 32)

Which are backdrop of a highly bachelor system?

• Redundancy, failover and monitoring

Question 33)

Which three (3) of these statements most the UDP protocol are True? (Select iii)

• UDP is faster than TCP
• UDP packets are reassembled past the receiving system in whatever order they are received
• UDP is connectionless

Question 34)

What is one departure between a Stateful Firewall and a Side by side Generation Firewall?

• A NGFW understand which application sent a given packet

Question 35)

Y'all are concerned that your system is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

Question 36)

Hassan is an engineer who works a normal solar day shift from his company's headquarters in Austin, TX Usa. Which 2 (ii) of these activities raise the nigh crusade for business organization? (Select 2)

• Each night Hassan logs into his account from an Internet service provider in China
• One evening, Hassan downloads all of the files associated with the new product he is working on

Question 37)

Which three (3) of the following are considered safety coding practices? (Select 3)

• Apply library functions in place of OS commands
• Avert using Bone commands whenever possible
• Avert running commands through a shell interpreter

Question 38)

Which iii (iii) items should be included in the Planning step of a penetration test? (Select 3)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

Question 39)

Which portion of the pentest written report would encompass the risk ranking, recommendations and roadmap?

• Executive Summary

Question 40)

Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?

• Incident Post-Analysis Resources
• Incident Analysis Hardware and Software

Question 41)

NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?

• Recovery

Question 42)

True or False. Digital forensics is constructive in solving cyber crimes just is not considered effective in solving trigger-happy crimes such as rape and murder.

• Faux

Question 43)

Which three (3) are mutual obstacles faced when trying to examine forensic data? (Select iii)

• Selecting the right tools to aid filter and exclude irrelevant data
• Finding the relevant files among the hundreds of thousands found on almost hard drives
• Bypassing controls such as passwords

Question 44)

What scripting concept will repeatedly execute the same block of code while a specified status remains truthful?

• Loops

Question 45)

Which two (2) statements virtually Python are true? (Select 2)

• Python code is considered easy to debug compared with other popular programming languages
• Python code is considered very readable past novice programmers

Question 46)

In the Python statement

pi="three"

What data type is the information type of the variable pi?

• str

Question 47)

What volition be printed by the following block of Python code?

def Add5(in)

 out=in+5

 render out

 impress(Add5(x))

• 15

Question 48)

Which threat intelligence framework was developed by the US Regime to enable consequent characterization and categorization of cyberthreat events?

• Cyber Threat Framework

Question 49)

Truthful or False. An organization's security immune system should be integrated with outside organizations, including vendors and other third-parties.

• True

Question fifty)

Which three (3) of these are among the height 12 capabilities that a adept data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Existent-time alerting
• Tokenization

Question 51)

True or Fake. For iOS and Android mobile devices, users must interact with the operating system merely through a series of applications, but non directly.

• True

Question 52)

All industries have their own unique data security challenges. Which of these industries has a detail business organization with PCI-DSS compliance while having a large number of access points staffed by depression-level employees who have access to payment card data?

• Retail

Question 53)

True or False. WireShark has an impressive array of features and is distributed free of accuse.

• True

Question 54)

In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?

• Base-Exploitability Subscore

Question 55)

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

Question 56)

You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What accept you just determined?

• A chance

Question 57)

Which one of the OWASP Top 10 Awarding Security Risks would be occur when an application's API exposes financial, healthcare or other PII data?

• Sensitive data exposure

Question 58)

Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

• Virus Protection
• Application Firewall
• Spam Filter

Question 59)

A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Chop-chop analyzing big quantities of unstructured information lends itself all-time to which of these areas?

• Artificial intelligence

Question 60)

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

• Technology

Question 61)

Which of these is a practiced definition for cyber threat hunting?

• The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

Question 62)

There is value brought by each of the IBM i2 Environmental impact assessment apply cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

• Threat Discovery

.

Question 63)

Which three (3) soft skills are of import to accept in an organization'southward incident response team? (Select iii)

• Advice
• Teamwork
• Problem solving and Critical thinking

Question 64)

Implementing stiff endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Analysis

Question 65)

Which iii (3) of these statistics nearly phishing attacks are existent? (Select 3)

• Around 15 1000000 new phishing sites are created each month
• Phishing accounts for nearly 20% of data breaches
• 30% of phishing messages are opened past their targeted users

Question 66)

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

Question 67)

Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)

• Alina
• BlackPOS
• vSkimmer

Question 68)

Co-ordinate to a 2022 Ponemon study, what percent of consumers indicated they would be willing to pay more than for a production or service from a provider with better security?

• 52%

Question 69)

You lot become a phone call from a technician at the "Windows company" who tells you that they accept detected a problem with your system and would like to aid you resolve it. In order to aid, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your estimator. Since you only own an Apple tree Mac, you are suspicious of this caller and hang upward. What would the assail vector accept been if you had downloaded the "uncomplicated utility" as asked?

• Remote Desktop Protocol (RDP)

Question seventy)

What is an effective fully automated fashion to prevent malware from inbound your organisation every bit an email attachment?

• Anti-virus software

 Question 71)

Truthful or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family unit.

• Fake

Question 72)

Which three (3) of these are PCI-DSS requirements for any company treatment, processing or transmitting credit card information? (Select 3)

• Restrict access to cardholder information by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical admission to cardholder data

Question 73)

True or False. Communications of a data breach should exist handled past a team composed of members of the IR team, legal personnel and public relations.

• True

Question 74)

A Coordinating incident response squad model is characterized by which of the post-obit?

• Multiple incident response teams within an organization all of whom coordinate their activities merely within their country or department

• Multiple incident response teams within an organization but one with say-so to assure consistent policies and practices are followed across all teams

• This term refers to a structure that assures the incident response team's activities are coordinated with senior management and all appropriate departments inside and organisation

Question 75)

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

• Blue Carmine

• Red, Blue

Question 76)

The partnership between security analysts and technology tin can exist said to be grouped into 3 domains, human expertise, security analytics and bogus intelligence. The human expertise domain would contain which three (iii) of these topics?

• Brainchild
• Dilemmas
• Morals

Question 77)

Solution architectures often contain diagrams like the one below. What does this diagram show?

<<Solution Architecture Information Flow.png>>

• Functional components and information flow

Question 78)

Port numbers 1024 through 49151 are known as what?

• Registered Ports

Question 79)

Which layer of the OSI model to packet sniffers operate on?

• Information Link

Question lxxx)

True or Simulated. Internal attacks from trusted employees represents every flake as pregnant a threat equally external attacks from professional cyber criminals.

• True

Question 81)

According to the FireEye Mandiant's Security Effectiveness Study 2022, what fraction of security tools are deployed with default settings and thus underperform expectations?

• 80%

Question 82)

Which country had the highest average cost per breach in 2022 at $8.19M

• Usa

Question 83)

Which two (2) of these Python libraries provides useful statistical functions? (Select 2)

• StatsModels

• Scikit-learn

Question 84)

What will impress out when this block of Python code is run?

i=1

#i=i+one

#i=i+2

#i=i+iii

impress(i)

• 1

Question 85)

Which 3 (iii) statements about Python variables are true? (Select 3)

• A variable name must start with a letter of the alphabet or the underscore "_" character
• Variables can change blazon after they accept been set
• Variables do non have to be declared in advance of their use

Question 86)

PowerShell is a configuration management framework for which operating system?

• Windows

Question 87)

In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

• All of the above

Question 88)

Forensic analysis should always exist conducted on a copy of the original information. Which two (2) types of copying are advisable for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select ii)

• An incremental backup

• A logical backup

Question 89)

Which of the following would be considered an incident precursor?

• An alert from your antivirus software indicating it had detected malware on your system

• An appear threat confronting your organisation past a hactivist group

Question 90)

If a penetration test calls for y'all to create a diagram of the target network including the identity of hosts and servers as well as a list of open up ports and published services, which tool would be the best fit for this task?

• Nmap

Question 91)

Which type of list is considered best for prophylactic coding practice?

• Whitelist

Question 92)

In reviewing the security logs for a company's headquarters in New York City, which of these activities should not raise much of a security concern?

• A recently hired data scientist in the Medical Analytics department has repeatedly attempted to admission the corporate financial database

• An employee has started logging in from dwelling for an hour or so during the final two weeks of each quarter

Question 93)

Data sources such as newspapers, books and spider web pages are considered which type of data?

• Unstructured information

• Semi-structured information

• Structured data

Question 94)

Which iii (3) of these statements near the TCP protocol are True? (Select 3)

• TCP packets are reassembled past the receiving system in the order in which they were sent

• TCP is more reliable than UDP

• TCP is connexion-oriented

Question 95)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

• ii

Question 96)

A pocket-sized company with 25 computers wishes to connect them to the Cyberspace using a NAT router. How many Public IP addresses will this company need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• ane

Question 97)

Why is symmetric central encryption the near common selection of methods to encryptic data at residuum?

• There are far more keys bachelor for use

• It is much faster than asymmetric key encryption

Question 98)

Which of the following statements about hashing is True?

• Hashing uses algorithms that are known as "i-fashion" functions

Question 99)

Why is hashing not a common method used for encrypting data?

• Hashing is a one-way process so the original information cannot be reconstructed from a hash value

Question 100)

Public key encryption incorporating digital signatures ensures which of the post-obit?

• Confidentiality and Integrity

Question 101)

What is the primary authentication protocol used by Microsoft in Active Directory?

• Kerberos

Question 102)

Granting access to a user account merely those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

Question 103)

What is the nearly common patch remediation frequency for most organizations?

• Monthly

• Annually

Question 104)

Island hopping is an assail method normally used in which scenario?

• Supply Chain Infiltration
• Blocking access to a website for all users
• Compromising a corporate VIP
• Trojan Horse attacks

Question 105)

Security preparation for Information technology staff is what type of control?

• Virtual

• Operational

• Physical

Question 106)

Which security concerns follow your workload even later on information technology is successfully moved to the cloud?

• All of the above

Question 107)

Which class of Cloud computing combines both public and private clouds?

• Hybrid cloud

Question 108)

Which component of the Linux operating system interacts with your figurer'due south hardware?

• The kernel

Question 109)

The encryption and protocols used to prevent unauthorized access to data are examples of which blazon of access control?

• Technical

Question 110)

In cybersecurity, Authenticity is defined as what?

• The property of being genuine and verifiable

Question 111)

ITIL is all-time described as what?

• A collection of IT Service Management best practices

Question 112)

Which position is in charge of testing the security and effectiveness of computer data systems?

• Data Security Accountant

Question 113)

A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding employ of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (ii) types of security controls has the visitor just implemented? (Select two)

• Administrative

• Technical

Question 114)

An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?

Confidentiality and Integrity

Question 115)

What would a piece of malicious code that gets installed on a estimator and reports back to the controller your keystrokes and other data information technology can get together from your system be chosen?

• Spyware

Question 116)

Fancy Bears and Anonymous are examples of what?

• Hacking organizations

Question 117)

Select the answer the fills in the blanks in the correct society.

A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.

• vulnerability, threat, exploit

• threat, exposure, risk

• threat actor, vulnerability, exposure

Question 118)

Implement a filter to remove flooded packets earlier they achieve the host is a countermeasure to which form of attack?

• A Deprival of Service (DoS) attack

Question 119)

Trudy intercepts a romantic plain-text bulletin from Alice to her beau Sam. The message upsets Trudy so she forward it to Bob, making it look like Alice intended it for Bob from the kickoff. Which aspect of the CIA Triad has Trudy violated ?

• All of the above

Question 120)

Which gene contributes nearly to the strength of an encryption system?

• How many people have admission to your public key

• The length of the encryption key used

• The number of private keys used past the system

Question 121)

What is an advantage disproportionate key encryption has over symmetric cardinal encryption?

• Asymmetric keys can be exchanged more securely than symmetric keys

• Asymmetric key encryption is harder to break than symmetric key encryption

• Asymmetric key encryption is faster than symmetric key encryption

Question 122)

Which position is responsible for the "ethical hacking" of an organizations figurer systems?

• A Penetration Tester

Question 123)

Which three (three) are considered all-time practices, baselines or frameworks? (Select 3)

• ISO27000 series

• ITIL

• COBIT

Question 124)

What does the "A" in the CIA Triad stand for?

• Availability

Question 125)

Which type of access control is based upon the subject field'south clearance level and the objects classification?

• Hierarchical Access Control (HAC)
• Discretionary Access Control (DAC)
• Mandatory Admission Control (MAC)
• Role Based Access Control (RBAC)

Question 126)

Windows 10 stores 64-bit applications in which directory?

• \Programme Files

Question 127)

To build a virtual computing environment, where is the hypervisor installed?

• Between the applications and the information sources
• On the cloud'southward supervisory system
• Between the hardware and operating organisation
• Between the operating organization and applications

Question 128)

An identical email sent to millions of addresses at random would be classified every bit which type of attack?

• A Shark attack

• A Phishing attack

Question 129)

Which statement almost drivers running in Windows kernel mode is true?

• Only critical processes are permitted to run in kernel manner since there is nothing to prevent a

Question 130)

Symmetric key encryption by itself ensures which of the following?

• Confidentiality and Integrity

• Confidentiality only

• Confidentiality and Availability

Question 131)

Which statement all-time describes configuring a NAT router to utilise dynamic mapping?

• The organization volition need every bit many registered IP addresses as it has computers that need Internet admission

• Many registered IP addresses are mapped to a single registered IP address using different port numbers

• Unregistered IP addresses are mapped to registered IP addresses as they are needed

• The NAT router uses each figurer'south IP address for both internal and external communication

Question 132)

Which address type does a computer employ to get a new IP accost when it boots up?

• The network's DHCP server address

Question 133)

What is the primary deviation between the IPv4 and IPv6 addressing schema?

• IPv6 is significantly faster than IPv4

• IPv6 is used merely for IOT devices

• IPv6 allows for billions of times as many possible IP addresses

Question 134)

Which type of firewall understands which session a packet belongs to and analyzes information technology accordingly?

• A Adjacent Generation Firewall (NGFW)

Question 135)

An employee calls the IT Helpdesk and admits that maybe, only perchance, the links in the email he clicked on this morning were not from the real Lottery Committee. What is the beginning affair yous should tell the employee to do?

• Run a Port scan

• Run an antivirus browse

Question 136)

A penetration tester involved in a "Black box" attack would be doing what?

• Attempting to penetrate a client's systems as if she were an external hacker with no within knowled

Question 137)

Which Mail Incident action would exist concerned with maintaining the proper chain-of-custody?

• Lessons learned coming together
• Evidence retention
• Documentation review & update
• Utilizing collected data

Question 138)

In digital forensics, which 3 (3) steps are involved in the collection of data? (Select three)

• Develop a program to learn the information

• Verify the integrity of the data

• Acquire the data

Question 139)

Which 3 (3) of the following are considered scripting languages? (Select iii)

• Perl

• Bash

• Python

Question 140)

What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

 print(i)

 i=i+i

• nine

Question 141)

Activities performed every bit a role of security intelligence can be divided into pre-exploit and mail-exploit activities. Which 2 (2) of these are postal service-exploit activities? (Select 2)

• Gather full situational sensation through advanced security analytics

• Perform forensic investigation

Question 142)

There are many good reasons for maintaining comprehensive backups of disquisitional data. Which attribute of the CIA Triad is nearly impacted by an organization'due south backup practices?

• Availability

• Integrity

• Dominance

Question 143)

Which phase of DevSecOps would contain the activities Internal/External testing, Continuous assurance, and Compliance checking?

• Examination

• Code & build

• Operate & monitor

• Plan

Question 144)

Which one of the OWASP Acme x Application Security Risks would be occur when there are no safeguards confronting a user being immune to execute HTML or JavaScript in the user's browser that can hijack sessions.

• Cantankerous-site scripting

Question 145)

SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

• Flows per minute (FPM)

• Events per second (EPS)

Question 146)

True or Simulated. If you lot have no amend identify to start hunting threats, showtime with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own system.

• True

Question 147)

True or Fake. Cloud-based storage or hosting providers are among the top sources of tertiary-political party breaches

• True

Question 148)

You are looking very hard on the web for the lowest mortgage interest load you can observe and you come across a rate that is then low it could non possibly be truthful. You check out the site to see that the terms are and speedily find you are the victim of a ransomware attack. What was the likely assail vector used by the bad actors?

• Phishing

• Malicious Links

• Software Vulnerabilities

Question 149)

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the actually bad sites?

• Malicious Links

More New Questions

Question 150)

Which of the following defines a security threat?

• Whatsoever potential danger capable of exploiting a weakness in a arrangement
• The likelihood that the weakness in a organisation volition be exploited
• I instance of a weakness being exploited
• A weakness in a organisation that could be exploited by a bad actor

Question 151)

Suspicious activity, similar IP addresses or ports existence scanned sequentially, is a sign of which type of assault?

• A mapping attack
• A denial of service (DoS) set on
• A phishing set on
• An IP spoofing attack

Question 152)

Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a confidentiality violation?

• Trudy deletes the bulletin without forwarding it
• Trudy cannot read information technology because information technology is encrypted but allows information technology to be delivered to Bob in its original class
• Trudy changes the bulletin and then forwards it on
• Trudy reads the message

Question 153)

Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate authoritative, technical, and physical safeguards for protecting electronic protected wellness information (e-PHI)?

• PCI-DSS
• ISO27000 series
• HIPAA
• GDPR
• NIST 800-53A

Question 154)

A good Endpoint Detection and Response system (EDR) should take which three (3) of these capabilities? (Select three)

• Automatically quarantine noncompliant endpoints
• Manage encryption keys for each endpoint
• Manage thousands of devices at once
• Deploying devices with network configurations

Question 155)

Which statement nigh encryption is Truthful about data in use.

• Data should always be kept encrypted since modern CPUs are fully capable of operating straight on encrypted data

• It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on

• Short of orchestrating a memory dump from a arrangement crash, there is no practical way for malware to get at the data being processed, so dump logs are your only real business organization

• Information in agile retentiveness registers are non at take a chance of being stolen

Question 156)

For added security you lot determine to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?

• This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless way, and then select the respective firewall type

• Install a unmarried firewall that is capable of conducting both stateless and stateful inspections

• Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to land related factors

• You must install two firewalls in serial, so all packets pass through the stateless firewall kickoff so the stateless firewall

Question 157)

In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network?

• ii
• 1
• iv
• 3

Question 158)

If you have to rely upon metadata to work with the information at manus, y'all are probably working with which type of data?

• Meta-structured data
• Semi-structured data
• Structured data
• Unstructured data

Question 159)

Which two (ii) forms of discovery must be conducted online? (Select 2)

• Port scanning
• Shoulder surfing
• Social technology
• Package sniffing

Question 160)

Which Incident Response Squad model describes a team that runs all incident response activities for a visitor?

• Distributed
• Central
• Coordinating
• Control

Question 161)

Which is the data protection process that prevents a suspicious data asking from being completed?

• Data gamble assay
• Information classification
• Data discovery
• Blocking, masking and quarantining

Question 162)

Which form of penetration testing allows the testers partial cognition of the systems they are trying to penetrate in accelerate of their attack to streamline costs and focus efforts?

• Red Box Testing
• Gray Box Testing
• White Box testing
• Blackness Box Testing

Question 163)

Which type of application attack would include User denies performing an operation, attacker exploits an application without trace, and assailant covers her tracks?

• Auditing and logging
• Authentication
• Authorisation
• Input validation

Question 164)

True or False. Thorough reconnaissance is an of import stride in developing an effective cyber kill chain.

• True
• Fake

Question 165)

Truthful or Faux. One of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.

• True
• Simulated

Question 166)

True or Fake. A large company has a data breach involving the theft of employee personnel records merely no customer information of any kind. Since no external data was involved, the visitor does not have to report the alienation to police force enforcement.

• Truthful
• False

Question 167)

You are the CEO of a big tech company and have but received an angry electronic mail that looks similar it came from one of your biggest customers. The email says your company is overbilling the client and asks that you lot examine the attached invoice. You lot do just find it bare, so y'all reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of visitor fiscal information. What kind of assail did you fall victim to?

• As a phishing attack
• Equally a whale attack
• A shark attack
• A fly phishing attack

Question 168)

Which of these statements well-nigh the PCI-DSS requirements for any company treatment, processing or transmitting credit card data is true?

• Muti-gene hallmark is required for all new menu holders
• Some class of mobile device direction (MDM) must exist used on all mobile credit card processing devices
• All employees with direct access to cardholder information must exist bonded
• Cardholder data must be encrypted if it is sent across open or public networks

Which Incident Response Squad model describes a team that acts as consulting experts to suggest local IR teams?

• Control
• Analogous
• Distributed
• O Central

In a Linux file system, which files are contained in the \bin binder?

• All user binary files, their libraries and headers
• Executable files such as grep and ping
• Configuration files such equally fstab and inittab
• Directories such every bit /dwelling house and /usr

If a figurer needs to send a message to a system that is not part of the local network, where does it send the message?

• To the system'southward domain name
• To the organisation'southward IP accost
• The network'southward DNS server address
• To the organization's MAC address
• The network's default gateway accost
• The network's DHCP server address

Which three (iii) of these statements about the TCP protocol are Truthful? (Select three)

• TCP is faster than UDP
• TCP is connection-oriented
• TCP packets are reassembled by the receiving organization in the guild in which they were sent
• TCP is more than reliable than UDP

A professor is not allowed to change a student's concluding course after she submits it without completing a special form to explain the circumstances that necessitated the change. This additional step supports which aspect of the CIA Triad?

• Authorization
• Integrity
• Confidentiality
• Availability

Which of these is the all-time definition of a security adventure?

• An instance of being exposed to losses
• Whatever potential danger that is associated with the exploitation of a vulnerability
• A weakness in a system
• The likelihood of a threat source exploiting a vulnerability

Trudy intercepts a obviously text message sent by Alice to Bob, simply in no manner interferes with its delivery. Which aspect of the CIA Triad was violated?

• Confidentiality
• Integrity
• Availability
• All of the higher up

What is an reward symmetric key encryption has over asymmetric key encryption?

• Symmetric key encryption provides better security confronting Man-in-the-center attacks than is possible with asymmetric key encryption
• Symmetric key encryption is faster than asymmetric key encryption
• Symmetric keys can exist exchanged more than securely than asymmetric keys
• Symmetric central encryption is harder to break than asymmetric cardinal encryption

Which type of application attack would include network eavesdropping, dictionary attacks and cookie replays?

• Configuration management
• Hallmark
• Dominance
• Exception management

Why should you always look for common patterns before starting a new security compages design?

• They tin can assistance place best practices
• They can shorten the development lifecycle
• Some certificate complete tested solutions
• All of the higher up

Concluding Update: 09/12/2021

Alarm: Jo Reply Dark-green hai wo correct hai merely

Jo Green Nahi hai. Usme se jo ek incorrect pick tha usko hata diya hai

PLEASE Expect I WILL Add together MORE NEW QUETIONS..

As well if you take Questions with correct answer  Send me on my Email i will update on my blog..

niyander111@gmail.com

Thank you lot...

Source: https://niyander.blogspot.com/2021/03/IBM%20Cybersecurity%20Analyst%20Professional%20Certificate%20Assessment%20Exam%20Answers.html

Posted by: fowlerthavest.blogspot.com

Share this post