You have a request ? Contact Us Join Us

IBM Cybersecurity Analyst Professional Certificate Assessment Exam

Answers of IBM Cybersecurity Analyst Professional Certificate
IBM Cybersecurity Analyst Professional Certificate Assessment Exam


1. Select the answer the fills in the blanks in the correct order.
A weakness in a system is a/an ____. The potential danger associated with this is a/an ____ that becomes a/an ____ when attacked by a bad actor.
  • risk, exploit, threat
  • vulnerability, threat, exploit ✔
  • threat, exposure, risk
  • threat actor, vulnerability, exposure
2. Putting locks on a door is an example of which type of control?
  • Preventative ✔
  • Detective
  • Deterrent
  • Corrective
3. The potential for an employee to accidently disclose confidential information is considered what?
  • A threat
  • A vulnerability ✔
  • A risk
  • An exposure
4. Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?
  • A Trojan Horse attack
  • A Phishing attack
  • A Denial of Service (DoS) attack ✔
  • An IP Spoofing attack
5. Trudy intercepts a plain text message sent by Alice to Bob but in no way interferes with its delivery. Which aspect of the CIA Triad was violated?
  • Confidentiality ✔
  • Integrity
  • Availability
  • All of the above.
6. A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented? (Select 2)
  • Physical
  • Operational
  • Administrative ✔
  • Technical
7.A penetration tester that gains access to a system without permission and then exploits it for personal gain is said to wear what color hat?
  • White
  • Gray
  • Black ✔
  • Green
8. Trying to break an encryption key by trying every possible combination of characters is called what?
  • A social engineering attack
  • A known cyphertext attack
  • A rainbow table attack
  • A brute force attack ✔
9. Which three (3) of the following are key ITIL processes? (Select 3)
  • Change Management ✔
  • Time Management
  • Process Management
  • Problem Management ✔
  • Project Management
  • Incident Management ✔
10. Which three (3) roles are typically found in an Information Security organization? (Select 3)
  • Security Guard
  • Vulnerability Assessor ✔
  • Finance
  • Penetration Tester ✔
  • Chief Information Security Officer (CISO) ✔
11. Which three (3) are considered best practices, baselines or frameworks? (Select 3)
  • ISO27000 series ✔
  • HIPAA
  • ITIL ✔
  • GDPR ✔
  • COBIT
12. Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes a integrity violation?
  • Trudy deletes the message without forwarding it.
  • Trudy changes the message and then forwards it on. ✔
  • Trudy reads the message.
  • Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form.
13. In cybersecurity, Accountability is defined as what?
  • Being able to map an action to an identity. ✔
  • Being able to apply financial management to a process.
  • The property of being genuine and verifiable.
  • The first or original copy of a document or message.
14. Your bank just implemented 2-factor authentication. Before you can access your account. Which two (2) pairs of factors would satisfy the "2-factor" criteria? (Select 2)
  • Voice recognition and face scan.
  • Your fingerprint scan and face scan. ✔
  • Your password and PIN number.
  • Your password and fingerprint scan.
  • Your bank's ATM card and a PIN number. ✔
15. Which three (3) of the following are Physical Access Controls? (Select 3)
  • Firewalls
  • Door locks ✔
  • HoneyPots
  • Security guards ✔
  • Fences ✔
16. Windows 10 stores 64-bit applications in which directory?
  • \Program Files ✔
  • \System32
  • \System
  • \Program Files (x86)
17. Which three (3) permissions can be set on a file in Linux? (Select 3)
  • execute ✔
  • modify ✔
  • view
  • write
  • run
  • read ✔
18. Which form of Cloud computing combines both public and private clouds?
  • Mixed cloud
  • Hybrid cloud ✔
  • Universal cloud
  • Open cloud
  • Binary cloud
19. Which security concerns follow your workload even after it is successfully moved to the cloud?
  • Data security
  • Disaster Recovery/Business Continuity Planning
  • Identity and Access Management
  • Compliance
  • All of the above. ✔
20. Which of these is a privacy regulation that went into effect in 2018 covering all residents of the European Union and all companies worldwide who do business with residents of the EU?
  • HIPAA
  • ISO27000 series
  • PCI-DSS
  • GDPR ✔
  • NIST 800-53A
21. Which two (2) of the following attack types target endpoints?
  • Denial of Service (DoS)
  • Ad Network ✔
  • Spear Phishing ✔
  • SQL Injection
22. What is the most common patch remediation frequency for most organizations?
As soon as they are released.
  • Weekly
  • Monthly ✔
  • Annually
23. In Windows kernel mode, what stops a misbehaving driver from impacting other processes?
  • Each process runs in its own dedicated virtual address space. ✔
  • The Windows Virtual Address Manager.
  • Nothing.
  • The Windows Process Director.
24. In Linux, Bash, tcsh and sh are what?
  • Shells ✔
  • Directories
  • Distros
  • Commands
25. Public key encryption ensures which of the following?
  • Confidentiality and Availability.
  • Confidentiality and Integrity. ✔
  • Confidentiality only.
  • Confidentiality, Integrity and Availability.
26. Which of the following practices helps assure the best results when implementing encryption?
  • Choose a reliable and proven published algorithm. ✔
  • Develop a unique cryptographic algorithm for your organization and keep them secret.
  • Change the cryptographic algorithm used monthly.
  • Hard-code encryption keys into your applications to assure consistent use.
27. Which of the following statements about hashing is True?
  • If you have two hashes that differ only by a single character, you can infer that the original messages also differed very little.
  • Hashing uses algorithms that are known as “one-way” functions. ✔
  • The original message can be retrieved from the hash if you have the encryption key.
  • A weakness of hashing is that the hash is proportional in length to the original message.
28. Which of the following practices will help assure the confidentiality of data in transit?
  • Accept self-signed certificates.
  • Always compress files before sending if you are using TLS.
  • Implement HTTP Strict Transport Protocol (HSTS). ✔
  • Disable certificate pinning.
29. For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done?
  • You must install the stateful and stateless firewalls in parallel with an intelligent switch in front of them to direct the packets to one or the other as appropriate.
  • Install a single firewall that is capable of conducting both stateless and stateful inspections. ✔
  • You must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall.
  • Install a stateful firewall only. These advanced devices inspect everything a stateless firewall inspects in addition to state related factors.
30. Which statement best describes configuring a NAT router to use overload mapping?
  • The organization will need as many registered IP addresses as it has computers that need Internet access.
  • The NAT router uses each computer's IP address for both internal and external communication.
  • Many unregistered IP addresses are mapped to a single registered IP address using different port numbers. ✔
  • Unregistered IP addresses are mapped to registered IP addresses as they are needed.
31. If a computer needs to send a message to a system that is not part of the local network, where does it send the message?
  • The network's DNS server address.
  • The computer's domain name.
  • The computer's IP address.
  • The computer's MAC address.
  • The network's default gateway address. ✔
  • The network's DHCP server address.
32. In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?
  • 1
  • 2 ✔
  • 3
  • 4
33. Which three (3) of these statements comparing UDP and TCP are True? (Select 3)
  • TCP is connectionless. ✔
  • UDP is connectionless. ✔
  • TCP is more reliable than UDP.
  • TCP is faster than UDP.
  • UDP is more reliable than TCP. ✔
  • UDP is faster than TCP.
34. What is one difference between a Stateful Firewall and a Next Generation Firewall?
  • A NGFW understand which application sent a given packet.
  • A Stateful Firewall understands which application sent a given packet.
  • There is no real difference. These are two names for the same device.
  • A NGFW does not understand session information. ✔
35. You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?
  • PaaS
  • On premise
  • SaaS ✔
  • IaaS
36. A Vulnerability Assessment should be conducted during which phase of the Discover - Harden - Monitor & Protect - Repeat cycle?
  • Identification & Baseline. ✔
  • Raise the Bar.
  • Real-Time Monitor & Protection.
  • Repeat.
37. Which three (3) of the following are considered safe coding practices? (Select 3)
  • Avoid using OS commands whenever possible. ✔
  • Use library functions in place of OS commands. ✔
  • Avoid running commands through a shell interpreter. ✔
  • Use blacklists but avoid whitelists when processing input data.
38. An employee calls the IT Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning were not from the real Lottery Commission. What is the first thing you should tell the employee to do?
  • Run a Port scan.
  • Start searching his hard drive for unusual files or folders.
  • Run an antivirus scan. ✔
  • Run a vulnerability scan.
39. If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task?
  • John the Ripper
  • Wireshark
  • Nmap ✔
  • Metasploit
40. Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category?
  • Incident Analysis Resources.
  • Incident Analysis Hardware and Software. ✔
  • Incident Post-Analysis Resources.
  • Incident Handler Communications and Facilities.
41. NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?
  • Containment
  • Eradication ✔
  • Recovery
  • None of these.
42. True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.
  • True
  • False ✔
43. Which of these devices collects the most information on network activity?
  • Intrusion detection systems.
  • Firewalls.
  • System Event Management systems.
  • Packet sniffers. ✔
44. What scripting concept is widely used across different languages that checks if a condition is true, and if so, takes action, and if false, a different action?
  • Variables
  • if-then ✔
  • Loops
  • Arguments
45. Which three (3) statements about variables are true? (Select 3)
  • Variables must be declared at the top of the program.
  • Variables do not have to be declared in advance of their use. ✔
  • Variable names are not case sensitive, i.e. the variable "TotalSales" and "totalsales" would refer to the same block of memory.
  • Variables can change type after they have been set. ✔
  • A variable name must start with a letter or the underscore "_" character. ✔
46. What is the largest number that will be printed during the execution of this Python while loop?
  • 1
  • 10 ✔
  • 9
  • 0
47. Which two (2) of these Python libraries provides useful statistical functions? (Select 2)
  • Seaborn
  • StatsModels
  • Pandas ✔
  • NumPy ✔
  • Matplotlib
  • Scikit-learn
48. According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?
  • Strategic ✔
  • Control
  • Tactical
  • Operational
49. According to the FireEye Mandiant's Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?
  • 50%
  • 80% ✔
  • 25%
  • 10%
50. Which is the data protection process that prevents a suspicious data request from being completed?
  • Blocking, masking and quarantining ✔
  • Data discovery
  • Data classification
  • Data risk analysis
51. There are many good reasons for maintaining comprehensive backups of critical data. Which aspect of the CIA Triad is most impacted by an organization's backup practices?
  • Confidentiality
  • Authorization
  • Availability ✔
  • Integrity
52. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive, workable data security solution. An organization creating a new Chief Information Security Officer (CISO) is an attempt to address which of one these?
  • New privacy regulations.
  • A cybersecurity skills shortage. ✔
  • Operational complexity.
  • Explosive data growth.
53. Which type of scan completes a TCP connection and is both slower and easier to detect than a SYN scan?
  • Stealth scan
  • Ping (ICMP Echo Request)
  • TCP Connect
  • UDP port scan
  • TCP/Half Open Scan (aka a SYN scan) ✔
54. Port numbers 1024 through 49151 are known as what?
  • Well known ports
  • Dynamic and Private Ports
  • Registered Ports ✔
  • Virtual Ports
55. The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
  • Creation of Immutable images.
  • Versioning of infrastructure.
  • Centralized Key-Value & Secret stores.
  • IAM controls to regulate authorization. ✔
56. Which type of application attack would include network eavesdropping, dictionary attacks and cookie replays?
  • Authorization
  • Exception management
  • Configuration management
  • Authentication ✔
57. Which of these is an aspect of a Solution Architecture?
  • Considers the needs of the entire organization.
  • Maps the main components of a problem space and solution at a very high level.
  • Gives the technology perspectives in detail.
  • Does not describe the internals of the main components or how they will be implemented. ✔
58. Which type of Building Blocks are Data Security and Application Security?
  • Solution Building Block (SBB) ✔
  • Component Building Block (CBB)
  • General Building Block
  • Architecture Building Block (ABB)
59. Which of these describes the process of data normalization in a SIEM?
  • Allows for predictable and consistent storage for all records. ✔
  • Removes duplicate records from incoming data.
  • Compresses incoming.
  • Encrypts incoming data.
60. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?
  • Machine learning
  • Natural language ✔
  • Abstraction ✔
  • Anomaly detection
  • Pattern identification ✔
  • Bias elimination
61. True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.
  • True ✔
  • False
62. The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.
  • Attack, Defense
  • Visitors, Home
  • Red, Blue
  • Blue, Red ✔
63. Which incident response team model assures consistency in the incident response policies and implementation across all IR teams in a global enterprise?
  • Coordinating incident response team.
  • Distributed incident response team.
  • Central incident response team. ✔
  • Hybrid incident response team.
64. According to the IRIS Framework, during which stage of an attack would the attacker attempt to escalate their privileges, move laterally and conduct internal reconnaissance?
  • Continuous phases occur.
  • Continue the attack, expand network access. ✔
  • Attack beginnings.
  • Launch and execute the attack.
  • Attack objective execution.
65. You are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to?
  • As a phishing attack.
  • A shark attack.
  • As a whale attack.
  • As a spear phishing attack. ✔
66. Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)
  • Implement strong access control measures. ✔
  • Require a photo ID for all credit card transactions.
  • Maintain an information security policy. ✔
  • Regularly monitor and test networks. ✔
67. Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit.
Why is such a complex process used instead of simply using the stolen numbers to buy the products that are desired?
  • If done quickly, there is a multiplying effect in play. The stolen credit card can be used to buy 3 or 4 prepaid cards each valued at the credit limit of the original card. The same is true for using each prepaid card to buy multiple gift cards and each gift card to buy more merchandise than its face value.
  • Because stolen cards can rarely be used directly to purchase merchandise.
  • To make the end-to-end transaction very difficult to follow. ✔
  • It is easier to get approval to use a credit card to purchase a prepaid credit card than to it is to purchase merchandise.
68. According to a 2018 Ponemon study third party risk management, which three (3) of these were identified as best practices? (Select 3)
  • Frequent review of third-party management policies and programs.  ✔
  • Requirement that all third-parties are bonded against data loss in the event of a breach.
  • Evaluation of the security and privacy practices of all third parties. ✔
  • An inventory of all third parties with whom you share information. ✔
69. You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?
  • Phishing ✔
  • Software Vulnerabilities
  • Malicious Links
  • Remote Desktop Protocol (RDP)
70. Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?
  • Malicious Links ✔
  • Remote Desktop Protocol (RDP)
  • Phishing
  • Software Vulnerabilities


Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.