You have a request ? Contact Us Join Us
Home
Cybersecurity
IBM

Cyber Threat Intelligence

Answer of IBM Cybersecurity Analyst Professional Certificate
Estimated read time: 56 min
Cyber Threat Intelligence

Module 1 – Threat Intelligence

 Threat Intelligence and Cybersecurity Knowledge Check

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)
  • New security and privacy laws that went into effect in 2019
  • Human error accounting for the majority of security breaches ✔
  • The number of breached records in 2019 more than 3 times that of 2018 ✔
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices ✔
2. What was the average cost of a data breach in 2019 in US dollars?
  • $262K
  • $3.92M ✔
  • $42.7M
  • $237M
3. What was the average size of a data breach in 2019?
  • 5,270 records
  • 25,575 records ✔
  • 362,525 records
  • 1,221,750 records
  • 100,535,220 records
4. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as gathering data from internal, external, technical and human sources?
  • Collect ✔
  • Process
  • Analyze
  • Share
5. Crowdstrike organizes threat intelligence into which three (3) areas? (Select 3)
  • Tactical ✔
  • Control
  • Strategic ✔
  • Operational ✔
6. According to the Crowdstrike model, Endpoints, SIEMs and Firewalls belong in which intelligence area?
  • Control
  • Strategic
  • Operational
  • Tactical ✔
7. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)
  • DarkReading ✔
  • BleepingComputer ✔
  • Journal of the American Association of Cybersecurity Professionals
  • Trend Micro ✔
8. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)
  • Recorded Future ✔
  • FireEye ✔
  • MS RapidDeploy
  • IBM Resilient

Threat Intelligence Framework Knowledge Check

1. True or False. The average enterprise has 85 different security tools from 45 vendors.
  • True ✔
  • False
2. Which threat intelligence framework can be described as a system that is effective if there are only 2 players and the adversary is motivated by socioeconomic or sociopolitical payoffs?
  • Mitre Att&ck Knowledgebase
  • Diamond Model of Intrusion Analysis ✔
  • Cyber Threat Framework
  • Lockheed Martin Cyber Kill Chain
3. True or False. An organization’s security immune system should not be considered fully integrated until it is integrated with the extended partner ecosystem.
  • True ✔
  • False
4. Which term can be defined as “The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise”?
  • Security Intelligence ✔
  • Cybersecurity
  • Security Analytics
  • Threat Intelligence
5. What are the three (3) pillars of effective threat detection? (Select 3)
  • Automate intelligence ✔
  • Analyze everything
  • See everything ✔
  • Become proactive
6. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, organizations have an average of 50-70 security tools in their IT environments.
  • True ✔
  • False

Threat Intelligence Graded Assessment

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)
  • A significant skills gap exists with more new cybersecurity professional needed the total number currently working in this field ✔
  • New security and privacy laws that went into effect in 2019
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices ✔
  • Factors such as cloud migration and IT complexity act as cost multipliers making new breaches increasingly expensive ✔
2. What was the average time to identify and contain a breach in 2019?
  • 12 hours
  • 7 days
  • 46 days
  • 279 days ✔
3. Which industry had the highest average cost per breach in 2019 at $6.45M
  • Manufacturing
  • Finance
  • Government
  • Healthcare ✔
  • Technology
  • Retail
4. Breaches caused by which source resulted in the highest cost per incident in 2019?
  • Employee or contractor negligence
  • Credentials theft ✔
  • Criminal insider
  • Politically motivated hactivists
5. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as normalize, correlate, confirm and enrich the data?
  • Collect
  • Process ✔
  • Analyze
  • Share
6. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as investigate, contain, remediate and prioritize?
  • Collect
  • Process
  • Analyze ✔
  • Share
7. According to the Crowdstrike model, threat hunters, vulnerability management and incident response belong in which intelligence area?
  • Operational ✔
  • Control
  • Tactical
  • Strategic
8. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)
  • Krebs on Security ✔
  • InfoSecurity Magazine ✔
  • Der CyberSpiegel
  • X-Force Exchange ✔
9. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)
  • AVG Ultimate
  • BigFix
  • IBM X-Force Exchange ✔
  • TruSTAR ✔
10. Which threat intelligence framework is divided into 3 levels. Level 1 is getting to know your adversaries. Level 2 involves mapping intelligence yourself and level 3 where you map more information and use that to plan your defense?
  • Lockheed Martin Cyber Kill Chain
  • Diamond Model of Intrusion Analysis
  • Cyber Threat Framework
  • Mitre Att&ck Knowledgebase ✔
11. True or False. An organization’s security immune system should be isolated from outside organizations, including vendors and other third-parties to keep it from being compromised.
  • True
  • False ✔
12. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are pre-exploit activities? (Select 2)
  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures ✔
  • Detect deviations from the norm that indicate early warnings of APTs ✔
  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation
13. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, more that 50% of successful attacks are able to infiltrate without detection.
  • True ✔
  • False

Module 2 – Data Loss Prevention and Mobile Endpoint Protection

Data Security and Protection Knowledge Check

1. A student’s grades should be visible to that student when she logs in to her university account. Her ability to see her grades is an example of which aspect of the CIA Triad?
  • Authorization
  • Integrity
  • Confidentiality
  • Availability ✔
2. A university has implemented practices that ensure all student data are encrypted while stored on university servers. Which aspect of the CIA Triad does this practice support?
  • Availability
  • Authorization
  • Confidentiality ✔
  • Integrity
3. The Student Portal of a university issues a confirmation code with a hash value each time a student submits an assignment using the portal. This is an example of which aspect of the CIA Triad?
  • Confidentiality
  • Availability
  • Integrity ✔
  • Authorization
4. True or False. An organization has “air gapped” its small network of critical data servers so they are accessible internally but not to any external system. These systems are now safe from a deliberate attack.
  • True
  • False ✔
5. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive, workable data security solution. The proliferation of smartphones used for work would impact which two (2) of these concerns the most? (Select 2)
  • A cybersecurity skills shortage
  • Explosive data growth ✔
  • Operational complexity
  • New privacy regulations ✔
6. True or False. An organization is subject to both GDPR and PCI-DSS data security regulations and has dedicated all of its efforts in remaining in compliance with these 2 sets of regulations. They are correct in believing that their data is safe.
  • True
  • False ✔
7. True or False. A newly hired CISO made the right choice when he moved the Known Vulnerabilities list to a high priority for his team to resolve even though none of these had ever been exploited on the company’s network to-date.
  • True ✔
  • False
8. All industries have their own unique data security challenges. Which of these industries has a particular concern with HIPAA compliance and the highest cost per breached record?
  • Retail
  • Financial
  • Transportation
  • Healthcare ✔
9. All industries have their own unique data security challenges. Which of these industries has a particular concern with being targeted more than any other by cybercriminals “because that is where the money is”?
  • Financial ✔
  • Healthcare
  • Transportation
  • Retail
10. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)
  • Data discovery ✔
  • Role based access control
  • Data risk analysis ✔
  • Blocking, masking and quarantining ✔
11. Parsing discovered data against known patterns or key words is a process known as what?
  • Data risk analysis
  • Data classification ✔
  • Vulnerability assessment
  • Data discovery
12. Which data protection process takes data activity monitoring output and uses it to generate insights about threats?
  • Data classification
  • Active analytics ✔
  • Data discovery
  • Vulnerability assessment
13. True or False. The IBM Guardium administrator needs to be someone with the highest level of access to the data being protected?
  • True
  • False ✔

Mobile Endpoint Protection Knowledge Check

1. Which mobile operating system runs the majority of smartphones today?
  • iOS
  • Android ✔
  • Blackberry
  • Windows
2. Which mobile operating system runs approximately 60% of tablet computers worldwide?
  • iOS ✔
  • Blackberry
  • Windows
  • Android
3. True or False. Security is enhanced on iOS mobile devices because users typically cannot interact directly with the operating system.
  • True ✔
  • False
4. Which statement best describes the use of anti-virus software on mobile devices?
  • Mobile devices provide native security that makes additional anti-virus software unnecessary.
  • Antivirus software is very effective on mobile devices because it can inspect the data that is associated with each app that is running.
  • Antivirus software can “see” the apps that are running on a mobile device but cannot see the data that is associated with each app. ✔
  • Antivirus software is very effective on mobile devices because it can inspect the data that is associated with each app but only while the app is not running.
5. Which type of threat is Jailbreaking?
  • External
  • System based ✔
  • Internal
  • App based

Data Loss Prevention and Mobile Endpoint Protection Graded Assessment

1. Which mobile operating system was originally based on the Linux kernel?
  • Android ✔
  • Blackberry
  • Windows
  • iOS
2. Which two (2) mobile operating combined dominate the vast majority of the smartphone market? (Select 2)
  • iOS ✔
  • Windows
  • Blackberry
  • Android ✔
3. True or False. Security is enhanced on Android mobile devices because users interact directly with the operating system.
  • True
  • False ✔
4. What is one limitation to the operation of anti-virus software running on mobile devices?
  • Mobile devices provide native security that makes additional anti-virus software unnecessary.
  • Antivirus software is very effective on mobile devices because it can inspect the data that is associated with each app but only while the app is not running.
  • Antivirus software must be granted permission to inspect each app on a device.
  • Antivirus software can “see” the apps that are running on a mobile device but cannot see the data that is associated with each app. ✔
5. On a mobile device, which type of threat is a phishing scam?
  • External
  • Internal
  • App based ✔
  • System based
6. A university uses clustered servers to make sure students will always be able to submit their assignments even if one server is down for maintenance. Server clustering enables which aspect of the CIA Triad?
  • Confidentiality
  • Availability ✔
  • Integrity
  • Authorization
7. A university has enabled WPA2 encryption on its WiFi systems throughout the campus. Which aspect of the CIA Triad is directly supported by this action?
  • Integrity
  • Confidentiality ✔
  • Availability
  • Authorization
8. A student can see her grades via her school’s Student Portal but is unable to change them. This restriction is in support of which aspect of the CIA Triad?
  • Confidentiality
  • Integrity ✔
  • Authorization
  • Availability
9. True or False. An operator who corrupts data by mistake is considered an “inadvertent attack” that should be considered when developing data protection plans.
  • True ✔
  • False
10. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive and workable data security solution. GDPR, CCPA, and PCC-DSS are concerned with which one of these challenges?
  • A cybersecurity skills shortage
  • Operational complexity
  • Explosive data growth
  • New privacy regulations ✔
11. True of False. A biotech research company with a very profitable product line has grown so rapidly it has acquired a marketing company, a small IT services company and a company that specializes in pharmaceutical manufacturing and distribution.  The CEO of the parent company made a good decision when he decided not to consolidate all data security under a single CISO, believing that each of the new divisions understands its own data security needs better than the parent company possibly could.
  • True
  • False ✔
12. Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)
  • Failure to address known vulnerabilities ✔
  • Failure to decentralize the data security function
  • Failure to prioritize and leverage data activity monitoring ✔
  • Failure to move beyond compliance ✔
13. All industries have their own unique data security challenges. Which of these industries has a particular concern with a widely distributed IT infrastructure that must provide services across a multiple government jurisdictions while not violating the privacy concerns of its users?
  • Healthcare
  • Transportation ✔
  • Retail
  • Financial
14. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)
  • Encryption ✔
  • Data classification ✔
  • Incident management
  • Data and file monitoring ✔
15. Which is the data protection process that addresses inappropriate privileges, insecure authentication methods, account sharing, configuration files and missing security patches?
  • Data risk analysis
  • Vulnerability assessment ✔
  • Data classification
  • Data discovery
16. Which data protection process substitutes key data with a token that is issued by a trusted third-party where the token can be accessed but not redeemed by an untrusted party?
  • Data classification
  • Data discovery
  • Tokenization ✔
  • Substitution
17. IBM Guardium provides heterogeneous data source support. This support results in which capability?
  • Each data repository can maintain a unique security policy
  • Similar security capabilities can be applied to different types of data repositories ✔
  • Different security policies can be applied against data of the same type
  • There is support for both structure and unstructured data sources
Module 3 – Scanning
VULNERABILITY TOOLS KNOWLEDGE CHECK
1. Which component of a vulnerability scanner would perform security checks according to its installed plug-ins?
  • Database
  • User Interface
  • Report Module
  • Engine Scanner ✔
2. Which component of a vulnerability scanner stores vulnerability information and scan results?
  • Engine Scanner
  • Report Module
  • User Interface
  • Database ✔
3. How does a vulnerability scanner detect internal threats?
  • By scanning hosts ✔
  • By scanning internet facing hosts from the Internet
  • By scanning commonly access external hosts from within the network
  • By reviewing incident data retrieved from a SIEM system
4. In which component of a Common Vulnerability Score (CVSS) would the attack vector be reflected?
  • Environmental Score
  • Temporal Score
  • Base-Exploitability Subscore ✔
  • Base-Impact Subscore
5. In which component of a Common Vulnerability Score (CVSS) would confidentiality be reflected?
  • Temporal Score
  • Base-Impact Subscore ✔
  • Base-Exploitability Subscore
  • Environmental Score
6. In which component of a Common Vulnerability Score (CVSS) would exploit code maturity be reflected?
  • Temporal Score ✔
  • Base-Exploitability Subscore
  • Base-Impact Subscore
  • Environmental Score
7. In which component of a Common Vulnerability Score (CVSS) would security requirements subscore be reflected?
  • Base-Exploitability Subscore
  • Environmental Score ✔
  • Temporal Score
  • Base-Impact Subscore
8. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are available to the public and can be freely downloaded.
  • True ✔
  • False
9. The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these has the least stringent security requirements?
  • a) CIS Sub-Controls for small, commercial off-the-shelf or home office software environments. ✔
  • b) CIS Sub-Controls focused on helping security teams manage sensitive client or company information.
  • c) CIS Sub-Controls that reduce the impact of zero-day and targeted attacks from sophisticated adversaries.
  • “a” and “b” only
  • “a” and “c” only
  • All of the above.

Port Scanning Knowledge Check

1. Which three (3) of these is identified by a basic port scanner? (Select 3)
  • Active hosts using TCP ✔
  • The destination of packets flowing through an open port
  • Available services provided by the target system ✔
  • A list of Open ports on a target system ✔
2. Port numbers 49151 through 65536 are known as what?
  • Virtual Ports
  • Well known ports
  • Dynamic and Private Ports ✔
  • Registered Ports
3. What are the three (3) responses a port scanner might receive when it is scanning a system for open ports? (Select 3)
  • Filtered (or blocked) ✔
  • Available
  • Closed ✔
  • Open ✔
4. Which type of scan is commonly used to check if a working system is at the address indicated and that it is responding?
  • Stealth scan
  • TCP/Half Open Scan (aka a SYN scan)
  • UDP port scan
  • Ping (ICMP Echo Request) ✔
  • TCP Connect
5. Which type of scan sends an empty packet or packet with a different payload for each port scanned. A response is received only for closed ports?
  • UDP port scan ✔
  • TCP/Half Open Scan (aka a SYN scan)
  • Stealth scan
  • Ping (ICMP Echo Request)
  • TCP Connect

Network Protocol Analyzers Knowledge Check

1. Which two (2) of these are other names for a protocol analyzer? (Select 2)
  • Packet analyzer ✔
  • Port analyzer
  • Snooper
  • Network analyzer ✔
2. Which is the most popular packet sniffer used?
  • WireShark ✔
  • PacketGrabber
  • SniffMaster
  • ProtoALL

Vulnerability Assessment Tools Graded Assessment

1. Which of these is identified by a basic port scanner?
  • OSI Layer 1 data
  • MAC addresses
  • IP addressess
  • Open ports ✔
2. Port numbers 0 through 1023 are known as what?
  • Registered Ports
  • Dynamic and Private Ports
  • Well known ports ✔
  • Virtual Ports
3. If a port is blocked, what response will be sent to the port scanner?
  • A “this port is blocked” message will be sent
  • A reply will be sent containing the next higher port number that is open.
  • There will be no response ✔
  • A challenge message will be sent requestion appropriate authorization codes
4. Which type of scan notes the connection but leaves the target hanging, i.e. does not reveal any information to the target about the host that initiated the scan?
  • Ping (ICMP Echo Request)
  • TCP Connect
  • UDP port scan
  • Stealth scan
  • TCP/Half Open Scan (aka a SYN scan) ✔
5. Which two (2) of these are other names for a protocol analyzer? (Select 2)
  • Traffic analyzer ✔
  • Gateway analyzer
  • Domain analyzer
  • Sniffer ✔
6. True or False. Packet sniffers are used by hackers but have no legitimate place in legitimate network management.
  • True
  • False ✔
7. Which component of a vulnerability scanner provides high-level graphs and trend reports for executive leadership?
  • Engine Scanner
  • Database
  • Report Module ✔
  • User Interface
8. How does a vulnerability scanner detect external threats?
  • By reviewing incident data retrieved from a SIEM system
  • By scanning commonly access external hosts from within the network
  • By scanning hosts
  • By scanning internet facing hosts from the Internet ✔
9. What are the three (3) components that make up the overall Common Vulnerability Score (CVSS)? (Select 3)
  • External
  • Environmental ✔
  • Temporal ✔
  • Internal
  • Base ✔
10. In which component of a Common Vulnerability Score (CVSS) would attack complexity be reflected?
  • Base-Exploitability Subscore ✔
  • Base-Impact Subscore
  • Temporal Score
  • Environmental Score
11. In which component of a Common Vulnerability Score (CVSS) would integrity be reflected?
  • Environmental Score
  • Base-Impact Subscore ✔
  • Base-Exploitability Subscore
  • Temporal Score
12. In which component of a Common Vulnerability Score (CVSS) would remediation level be reflected?
  • Environmental Score
  • Base-Exploitability Subscore
  • Temporal Score ✔
  • Base-Impact Subscore
13. In which component of a Common Vulnerability Score (CVSS) would impact subscore be reflected?
  • Base-Exploitability Subscore
  • Environmental Score
  • Temporal Score ✔
  • Base-Impact Subscore
14. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are restricted to use by US military agencies only.
  • True
  • False ✔
15. The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these are required to meet the middle level of security?
  • a) CIS Sub-Controls for small, commercial off-the-shelf or home office software environments.
  • b) CIS Sub-Controls focused on helping security teams manage sensitive client or company information.
  • c) CIS Sub-Controls that reduce the impact of zero-day and targeted attacks from sophisticated adversaries.
  • “a” and “b” only ✔
  • “a” and “c” only
  • All of the above.

Module 4 – Application Security and Testing

Security Architecture Considerations Knowledge Check

1. True or False. A security architect’s job is to make sure that security considerations dominate other design aspects such as usability, resilience and cost.
  • True
  • False ✔
2. Which of these is an aspect of an Enterprise Architecture?
  • Considers the needs of the entire organization ✔
  • Gives the technology perspectives in detail
  • Describes how specific products or technologies are used
  • Shows the internal data and use of reusable or off-the-shelf components
3. Which of these is an aspect of a Solution Architecture?
  • Does not describe the internals of the main components or how they will be implemented
  • Describes how specific products or technologies are used ✔
  • Maps the main components of a problem space and solution at a very high level
  • Considers the needs of the entire organization
4. Which three (3) of these are general features of Building Blocks? (Select 3)
  • Defined boundary, but can work with other building blocks ✔
  • Package of function defined to meet a business need ✔
  • May be product or vendor aware
  • Could be an actor, business service, application or data ✔
5. Which three (3) of these are Architecture Building Blocks (ABBs)? (Select 3)
  • Certificate Authority
  • Data Security ✔
  • Identity and Access Management ✔
  • Application Security ✔
6. Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)
  • Key Security Manager ✔
  • HSM ✔
  • Certificate Authority ✔
  • Data Security
7. The diagram below shows which type of architecture?
(Image)
  • Context-Aware Enterprise Security Architecture
  • Solution Architecture
  • Enterprise Security Architecture ✔
  • Solution Building Blocks
8. Solution architectures often contain diagrams like the one below. What does this diagram show?
(Image)
  • Functional components and data flow
  • Enterprise architecture
  • External context and boundary diagram
  • Architecture overview ✔
9. In security architecture, a reusable solution to a commonly recurring problem is known as what?
  • A module
  • A component
  • A blueprint
  • A pattern ✔

Application Security Techniques and Risks Knowledge Check

1. Which of these is an application security threat?
  • Earthquake
  • Malware ✔
  • Hackers
  • A security flaw in source code
2. Failure to use input validation in your application introduces what?
  • A vulnerability ✔
  • A threat
  • A vector
  • A risk
3. Which software development lifecycle is characterized as a top-down approach where one stage of the project is completed before the next stage begins?
  • Iterative
  • Agile and Scrum
  • Waterfall ✔
  • Spiral
4. Which form of penetration testing allows the testers complete knowledge of the systems they are trying to penetrate in advance of their attack to simulate an internal attack from a knowledgeable insider?
  • Red Box Testing
  • White Box testing ✔
  • Black Box Testing
  • Gray Box Testing
5. Which application testing method requires access to the original application source code?
  • SAST: Static Application Security Testing ✔
  • IAST: Interactive Application Security Testing
  • DAST: Dynamic Security Application Testing
  • PAST: Passive Application Security Testing
6. Which three (3) steps are part of a Supplier Risk Assessment? (Select 3)
  • Identify how the risk would impact the business ✔
  • Identify how any risks would impact your organization’s business ✔
  • Determine the likelihood the risk would interrupt the business ✔
  • Identify mitigations that would minimize or eliminate the risk
7. What type of firewall should you install to protect applications used by your organization from hacking?
  • A statefull firewall
  • A web application firewall (WAF) ✔
  • A Juniper firewall
  • A stateless firewall
8. Which type of application attack would include elevation of privilege, data tampering and luring attacks?
  • Configuration management
  • Authorization ✔
  • Auditing and logging
  • Exception management
9. Which type of application attack would include information disclosure and denial of service?
  • Exception management
  • Authorization
  • Authentication ✔
  • Configuration management
10. Which one of the OWASP Top 10 Application Security Risks would be occur when untrusted data is sent to an interpreter as part of a command or query?
  • Injection ✔
  • XML external entities (XXE)
  • Broken authentication
  • Sensitive data exposure
11. Which one of the OWASP Top 10 Application Security Risks would be occur when a poorly configured XML processor evaluates an external entity reference within an XML document allowing the external entity to expose internal files?
  • XML external entities (XXE) ✔
  • Security misconfiguration
  • Broken access control
  • Cross-site scripting
12. Which of these threat modeling methodologies was introduced in 1999 at Microsoft to provide their developer’s a mnemonic that would help them find security vulnerabilities in their products?
  • STRIDE ✔
  • TRIKE
  • VAST
  • P.A.S.T.A.
13. Security standards do not have the force of law but security regulations do. Which one of these is a security regulation?
  • ISO 27034/24772
  • Gramm-Leach-Bliley Act ✔
  • DISA-STIG
  • PCI-DSS

Devsecops & Security Automation Knowledge Check

1. Which phase of DevSecOps would contain the activities Threat modeling & risk analysis, Security backlog and Architecture & design?
  • Plan ✔
  • Test
  • Operate & monitor
  • Release, deploy & decommission
  • Code & build
2. Which phase of DevSecOps would contain the activities Continuous component control, Application and infrastructure orchestration, and Data cleansing & retention?
  • Code & build
  • Operate & monitor
  • Plan
  • Release, deploy & decommission ✔
  • Test
3. The Release step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
  • Creation of Immutable images
  • IAM controls to regulate authorization
  • Centralized Key-Value & Secret stores
  • Versioning of infrastructure ✔
4. The Detect & Visualize step in the DevSecOps Operate & Monitor phase contains which of these activities?
  • Inventory ✔
  • Chaos engineering
  • Virtual Patching
  • Root Cause Analysis

Deep Dive Into Cross-scripting Knowledge Check

1. True or False. Finding a bug in a software product from a major vendor can be very profitable for a security researcher.
  • True ✔
  • False
2. Which is the top vulnerability found in common security products?
  • Cross-site scripting ✔
  • Use of broken or risky cryptographic algorithms
  • Password in clear text
  • SQL Injection
3. True or False. Building software defenses into your software includes: input validation, output sensitization, strong encryption, strong authentication and authorization.
  • True ✔
  • False
4. Complete the following statement. Cross-site scripting ____
  • allows a hacker to write a script that links applications across sites.
  • is a rare hack but a potentially dangerous one.
  • is limited to http parameters and can be defeated by using https.
  • allows attackers to inject client-side scripts into a web page. ✔
5. True or False. A Stored XSS attack is potentially far more dangerous than a Reflected XSS attack.
  • True ✔
  • False
6. Cross-site scripting attacks can be minimized by using HTML and URL Encoding. How would a browser display this string?
  • : <b>Test</b>
  • <b>Test</b>
  • <<Test>>
  • <b>Test</b> ✔
  • Test
7. Which is the most effective means of validating user input?
  • Client-side input validation
  • Server-side input validation
  • Blacklisting
  • Whitelisting ✔

Application Testing Graded Assessment

1. True or False. A security architect’s job is to make sure that security considerations are balanced against other design aspects such as usability, resilience and cost.
  • True ✔
  • FALSE
2. Which of these is an aspect of an Enterprise Architecture?
  • Maps the main components of a problem space and solution at a very high level. ✔
  • Describes how specific products or technologies are used
  • Gives the technology perspectives in detail
  • Shows the internal data and use of reusable or off-the-shelf components
3. Which of these is an aspect of a Solution Architecture?
  • Maps the main components of a problem space and solution at a very high level
  • Considers the needs of the entire organization
  • Does not describe the internals of the main components or how they will be implemented
  • Shows the internal data and use of reusable or off-the-shelf components ✔
4. Which three (3) of these are features of Architecture Building Blocks (ABBs)? (Select 3)
  • Guides the development of a Solution Architecture ✔
  • Specifies the technical components to implement a function
  • Product and vendor neutral ✔
  • Captures and defines requirements such as function, data, and application ✔
5. Which three (3) of these are Architecture Building Blocks (ABBs)? (Select 3)
  • Infrastructure and Endpoint Security ✔
  • Detect and Respond ✔
  • Identity and Access Management ✔
  • Key Security Manager
6. Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)
  • Application Security
  • Hardware Token ✔
  • Privilege Access Manager ✔
  • Web Application Firewall (WAF) ✔
7. The diagram below shows which level of architecture?
(Image)
  • High Level Security Architecture
  • Enterprise Security Architecture ✔
  • Domain-specific Enterprise Security Architecture
  • Solution Architecture
8. Solution architectures often contain diagrams like the one below. What does this diagram show?
(Image)
  • Enterprise architecture
  • External context and boundry diagram
  • Functional components and data flow
  • Solution architecture overview ✔
9. Solution architectures often contain diagrams like the one below. What does this diagram show?
(Image)
  • Enterprise architecture
  • Functional components and data flow
  • External context and boundary diagram ✔
  • Architecture overview
10. What is lacking in a security architecture pattern that prevents it from being used as a finished design?
  • Proper level of abstraction
  • Proper formatting
  • The context of the project at hand ✔
  • Vendor selections
11. What are the possible consequences if a bug in your application becomes known?
  • It is embarrassing to your company
  • Financial losses via lawsuits and fines can be very significant
  • Government agencies can impose fines and other sanctions against your company
  • All of the above ✔
12. What was the ultimate consequence to Target Stores in the United States from their 2013 data breach in which over 100M records were stolen?
  • Costs and fines estimated at $1B. ✔
  • Criminal negligence charges were filed 3 Target executives, 1 of whom received a prison sentence
  • Costs and fines that forced the company into bankruptcy
13. Select the two (2) top vulnerabilities found in common security products. (Select 2)
  • Cross-site request forgery ✔
  • Cross-site scripting ✔
  • SQL Injection
  • Use of hard-coded credentials
14. True or False. If you can isolate your product from the Internet, it is safe from being hacked.
  • True
  • False ✔
15. Which three (3) things can Cross-site scripting be used for? (Select 3)
  • Steal cookies ✔
  • Harvest credentials ✔
  • Take over sessions ✔
  • Break encryption
16. True or False. Commonly a Reflect XSS attack is sent as part of an Email or a malicious link and affects only the the user who receives the Email or link.
  • True ✔
  • False
17. Cross-site scripting attacks can be minimized by using HTML and URL Encoding. How would a browser display this string?
  • :&lt;b&gt;Password&lt;/b&gt;
  • <<Password>>
  • Password
  • <b>Password</b> ✔
  • &lt;b&gt;Password&lt;/b&gt;
18. Which three (3) statements about whitelisting user input are true? (Select 3)
  • Whitelisting reduces the attack surface to a known quantity ✔
  • Special characters should only be allowed on an exception basis ✔
  • Single quotes should never be allowed as user input
  • Whenever possible, input should be whitelisted to alphanumeric values to prevent XSS ✔
19. Which two (2) statements are considered good practice for avoiding XSS attacks (Select 2)
  • Encode all data output as part of HTML and JavaScript ✔
  • Develop you own validation or encoding functionality that is customized for your application
  • Use strict whitelists on accepting input ✔
  • Use blacklists and client-side validation
20. How would you classify a hactivist group who thinks that your company’s stance on climate change threatens the survival of the planet?
  • A vector
  • A threat ✔
  • A vulnerability
  • A risk
21. Which software development lifecycle is characterized by short bursts of analysis, design, coding and testing during a series of 1 to 4 week sprints?
  • Agile and Scrum ✔
  • Spiral
  • Waterfall
  • Iterative
22. Which software development lifecycle is characterized by a series of cycles and an emphasis on security?
  • Spiral ✔
  • Waterfall
  • Agile and Scrum
  • Iterative
23. Which form of penetration testing allows the testers no knowledge of the systems they are trying to penetrate in advance of their attack to simulate an external attack by hackers with no knowledge of an organizations systems?
  • Black Box Testing ✔
  • Red Box Testing
  • Gray Box Testing
  • White Box testing
24. Which application testing method requires a URL to the application, is quick and cheap but also produces the most false-positive results?
  • PAST: Passive Application Security Testing
  • SAST: Static Application Security Testing
  • DAST: Dynamic Security Application Testing ✔
  • IAST Interactive Application Security Testing
25. Which type of application attack would include buffer overflow, cross-site scripting, and SQL injection?
  • Authentication
  • Configuration management
  • Authorization
  • Input validation ✔
26. Which type of application attack would include unauthorized access to configuration stores, unauthorized access to administration interfaces and over-privileged process and service accounts?
  • Auditing and logging
  • Authentication
  • Configuration management ✔
  • Exception management
27. Which one of the OWASP Top 10 Application Security Risks would occur when authentication and session management functions are implemented incorrectly allowing attackers to compromise passwords, keys or session tokens.
  • Sensitive data exposure
  • Broken authentication ✔
  • XML external entities (XXE)
  • Broken access control
28. Which one of the OWASP Top 10 Application Security Risks would occur when restrictions on what a user is allowed to do is not properly enforced?.
  • Insecure deserialization
  • Security misconfiguration
  • Cross-site scripting
  • Broken access control ✔
29. Which of these threat modeling methodologies is integrated seamlessly into an Agile development methodology?
  • VAST ✔
  • P.A.S.T.A.
  • TRIKE
  • STRIDE
30. Security standards do not have the force of law but security regulations do. Which one of these is a security regulation?
  • NIST 800-53
  • HIPAA ✔
  • ISO 27034/24772
  • PCI-DSS
31. Which phase of DevSecOps would contain the activities Secure application code, Secure infrastructure configuration, and OSS/COTS validation?
  • Operate & monitor
  • Plan
  • Release, deploy & decommission
  • Code & build ✔
  • Test
32. Which phase of DevSecOps would contain the activities Detect & Visualize, Respond, and Recover?
  • Release, deploy & decommission
  • Test
  • Operate & monitor ✔
  • Plan
  • Code & build
33. The Deploy step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
  • Data backup cleansing
  • Versioning of infrastructure
  • IAM controles to regulate authorization
  • Creation of Immutable images ✔
34. The Respond step in the DevSecOps Operate & Monitor phase contains which of these activities?
  • Root Cause Analysis
  • Inventory
  • Chaos engineering
  • Virtual Patching ✔

Module 5 – SIEM Platforms

SIEM Concepts Knowledge Check

1. Which three (3) of the following are core functions of a SIEM? (Select 3)
  • Consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network ✔
  • Blocks actions or packet flows that violate security policies
  • Manages network security by monitoring flows and events ✔
  • Collects logs and other security documentation for analysis ✔
2. True or False. SIEMs capture network flow data in near real time and apply advanced analytics to reveal security offenses.
  • True ✔
  • False
3. Which of these describes the process of data normalization in a SIEM?
  • Removes duplicate records from incoming data
  • Compresses incoming
  • Turns raw data into a format that has fields that SIEM can use ✔
  • Encrypts incoming data
4. True or False. A SIEM considers any event that is anomalous, or outside the norm, to be an offense.
  • True ✔
  • False
5. True or False. A large company might have QRadar event collectors in each of their data centers that are configured to forward all collected events to a central event processor for analysis.
  • True ✔
  • False
6. The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would vendor-specific training belong?
  • People ✔
  • Process
  • Technology
  • None of the above

Artificial Intelligence in SIEMs Knowledge Check

1. True or False. Information is often overlooked simply because the security analysts do not know how it is connected.
  • True ✔
  • False
2. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?
  • Bias elimination
  • Common sense ✔
  • Generalization ✔
  • Morals ✔
  • Pattern identification
  • Anomaly detection
3. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for abstraction?
  • Human expertise ✔
  • Artificial intelligence
  • Security analytics

SIEM Platforms Graded Assessment

1. True or False. SIEMs can be available on premises and in a cloud environment.
  • True ✔
  • False
2. For a SIEM, what are logs of specific actions such as user logins referred to?
  • Logs
  • Actions
  • Events ✔
  • Flows
3. Which of these describes the process of data normalization in a SIEM?
  • Compresses incoming
  • Indexes data records for fast searching and sorting ✔
  • Removes duplicate records from incoming data
  • Encrypts incoming data
4. When a data stream entering a SIEM exceeds the volume it is licensed to handle, what are three (3) ways the excess data is commonly handled, depending upon the terms of the license agreement? (Select 3)
  • The data stream is throttled to accept only the amount allowed by the license ✔
  • The data is processed and the license is automatically bumped up to the next tier.
  • The excess data is dropped ✔
  • The excess data is stored in a queue until it can be processed ✔
5. Which five (5) event properties must match before the event will be coalesced with other events? (Select 5)
  • Source Port
  • Destination Port ✔
  • Source IP ✔
  • QID ✔
  • Username ✔
  • Destination IP ✔
6. What is the goal of SIEM tuning?
  • To get the SIEM to present all recognized offenses to the investigators
  • To get the SIEM to sort out all false-positive offenses so only those that need to be investigated are presented to the investigators ✔
  • To increase the speed and efficency of the data processing so license caps are never exceeded.
  • To automatically resolve as many offenses as possible with automated actions
7. True or False. QRadar event collectors send all raw event data to the central event processor for all data handling such as data normalization and event coalescence.
  • True
  • False ✔
8. The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would containment belong?
  • People
  • Process ✔
  • Technology
  • None of the above
9. True or False. There is a natural tendency for security analysts to choose to work on cases that they are familiar with and to ignore those that may be important but for which they have no experience.
  • True ✔
  • False
10. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The security analytics domain contains which three (3) of these topics?
  • Data correlation ✔
  • Generalization
  • Common sense
  • Anomaly detection ✔
  • Pattern identification ✔
  • Natural language
11. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for data visualization?
  • Artificial intelligence
  • Security analytics ✔
  • Human expertise

Module 6 – Threat Hunting

Threat Hunting Overview Knowledge Check

1. Cyber threats pose many challenges to organizations today. Which three (3) of these are among those cited? (Select 3)
  • There is a cybersecurity skills shortage ✔
  • Almost half of the breaches are caused by malicious or criminal acts ✔
  • It takes an average of 191 days to even detect an attack has occurred ✔
  • There are too few cybersecurity tools available from too few vendors
2. What percent of security leaders reported that threat hunting increased the speed and accuracy of response in detection of advanced threats?
  • 10%
  • 27%
  • 91% ✔
  • 100%
3. While 80% of the threats are known and detected, the 20% that remains unknown account for what percent of the damage?
  • 20%
  • 40%
  • 80% ✔
  • 100%
4. True or False. The skill set of a cyber threat hunter is very different from that of a cybersecurity analyst and many threat hunters a have backrounds doing intelligence work.
  • True ✔
  • False
5. Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain? (Select 3)
  • Delivery ✔
  • Reconnaissance ✔
  • Negotiation
  • Weaponization ✔
6. True or False. A cyber threat hunting team generally sits at the center of the SOC Command Center.
  • True
  • False ✔
7. There is value brought by each of the IBM i2 EIA use cases. Which one of these delivers net new discovery of correlating low level alerts and offenses?
  • VIP Protection
  • Fraud Investigations
  • Insider Threat
  • Cyber Threat Hunting ✔

Threat Hunting Graded Assessment

1. What is one thing that makes cybersecurity threats so challenging to deal with?
  • There is a big shortage in cyber security skills and many job openings unfilled ✔
  • Most organizations are faced with too few attacks to study effectively or dedicate full-time specialists to investigate
  • The large majority of “breaches” are inadvertent mistakes by employees which distracts from investigating the few that are from real cyber criminals
  • ‘There are too few cybersecurity tools available from too few vendors
2. The level 3 and 4 cybersecurity analysts working in a Security Operations Center (SOC) combat cyber crime by performing which type of activity?
  • Cyber forensic investigations ✔
  • Cyber data mining
  • Cyber threat hunting
  • Penetration testing
3. True or False. If you have no better place to start hunting threats, start with a view of your own organization then work your way up to an industry view and then a regional view, a national view and finally a global view of the threat landscape.
  • True
  • False ✔
4. Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain?
  • Recovery
  • Exploitation ✔
  • Installation ✔
  • Delivery ✔
5. True or False. A cyber threat hunting team generally sits outside the SOC command center.
  • True ✔
  • False
6. There is value brought by each of the IBM i2 EIA use cases. Which one of these identifies net new money chain transfers?
  • Fraud Investigations ✔
  • VIP Protection
  • Insider Threat
  • Cyber Threat Hunting

#Cybersecurity #IBM

Post a Comment

© 2025 TeamsCloud ‧ All rights reserved. Developed by Teams
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.