You have a request ? Contact Us Join Us
Home
Cybersecurity
IBM

Penetration Testing, Incident Response and Forensics

Answer of IBM Cybersecurity Analyst Professional Certificate
Estimated read time: 30 min
Penetration Testing, Incident Response and Forensics

Module 1 – Penetration Testing

Planning and Discovery Knowledge Check

1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?
  • Port Scan
  • Document Scanning
  • Anti-Virus Scan
  • Vulnerability Scan ✔
2. Which three (3) forms of discovery can be conducted offline?
  • Packet Sniffing
  • Shoulder Surfing ✔
  • Dumpster Diving ✔
  • Social Engineering ✔
3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?
  • Offline
  • Active ✔
  • Passive
  • Neutral
4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.
  • True
  • False ✔

Attack and Reporting Knowledge Check

1. What level of access is ideal for a penetration tester to achieve in order to exploit a system?
  • Standard
  • Admin/Root ✔
  • Guest
  • Advanced
2. Which of the following is NOT a common type of vulnerability?
  • Misconfigurations
  • Race Conditions
  • Incorrect File and Directory Permissions
  • Phishing ✔
3. Which portion of the pentest report gives a step by step account of how and why each exploit was conducted?
  • Executive Summary
  • Rules of Engagement
  • Recommendations for Remediation
  • Technical Review ✔

Penetration Testing Tools

1. Which tool lets you log network traffic and analyze it?
  • Nmap
  • John the Ripper
  • Metasploit
  • Wireshark ✔
2. Which software serves as toolbox, providing access to hundreds of other tools and resources?
  • Wireshark
  • Hack the Box
  • John the Ripper
  • Kali Linux ✔
3. Which tool is used primarily for password cracking?
  • Kali Linux
  • Nmap
  • John the Ripper ✔
  • Metasploit

Penetration Test Graded Quiz

1. Which of the following is NOT a phase of a penetration test?
  • Discovery
  • Attack ✔
  • Reviewing
  • Planning
2. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?
  • Planning
  • Discovery
  • Attack
  • Reporting ✔
3. Which portion of the pentest report gives a high level detail of how the test went and what goals were accomplished?
  • Executive Summary ✔
  • Scope Worksheet
  • Technical Report
  • Risk Analysis
4. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system?
  • Reporting
  • Discovery ✔
  • Exploitation
  • Planning
5. What method of gathering information can be used to get information about a website that is not readily available?
  • Phishing
  • Social Engineering
  • Port Scanning ✔
  • Google Dorking
6. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?
  • Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
  • General Data Protection Regulation (GDPR) ✔
  • Health Insurance Portability and Accountability Act (HIPPA) ✔
  • Distributed Denial of Service (DDoS)
7. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?
  • Brute Force ✔
  • Hash
  • Passive Agressive
  • Persistent
8. What document would protect the privacy of your client and their customers?
  • Rules of Engagement (RoE)
  • Scope Worksheet
  • Non Disclosure Agreement (NDA) ✔
  • Press Release
9. Gaining access to a system can occur in which two phases?
  • Planning and Discovery
  • Discovery and Reporting
  • Discovery and Attack ✔
  • Planning and Attack
10. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?
  • Grey Box
  • Red Hat
  • White Box
  • Black Box ✔

Module 2 – Incident Response

Incident Response Knowledge Check

1. Which three (3) of the following are phases of an incident response?
  • Containment, Eradication & Recovery ✔
  • Post Incident Analysis & Lessons Learned
  • Preparation ✔
  • Detection & Analysis ✔
2. Which statement is true about an event?
  • An incident is defined as an event that takes place at a specific time and place.
  • An incident can lead to an event if it is determined to be a threat.
  • Multiple events of the same type are necessary before they can be considered an incident.
  • An event may be totally benign, like receiving an email. ✔
3. True or False: A robust automated incident response system should be able to detect and prevent loss from all incidents.
  • True
  • False ✔
4. Which three (3) are common Incident Response Team models?
  • Distributed ✔
  • Coordinating ✔
  • Central ✔
  • Control
5. A good automated Incident Response system should be able to detect which three (3) of these common attack vectors?
  • An unauthorized removable drive being attached to the network. ✔
  • A brute force hacking attack. ✔
  • A former employee using his knowledge at a competitor company.
  • An email phishing attack. ✔
6. Which three (3) of the following are components of an Incident Response Policy?
  • IR Policy testing responsibility. ✔
  • IR Awareness training.
  • Means, tools and resources available. ✔
  • Identity of IR team members. ✔
7. Contact information, Smart phones, and Secure storage facilities all belong to which Incident Response resource category?
  • Incident Handler Communications and Facilities. ✔
  • Incident Analysis Resources.
  • Incident Post-Analysis Resources.
  • Incident Analysis Hardware and Software.
8. Which three (3) of the following would be considered an incident detection precursor?
  • Detecting the use of a vulnerability scanner ✔
  • An announced threat against your organization from an activist group. ✔
  • An application log showing numerous failed login attempts from an unknown remote system.
  • A vendor notice of a vulnerability to a product you own. ✔
9. Which type of monitoring system detects anomalous network traffic but typically does not take action beyond sending an alert to an administrator?
  • IPS
  • IDS ✔
  • DLP
  • SIEM
10. True or False: The Incident Response team should keep their documentation as concise as possible so only the most important facts take up the attention of the team leadership.
  • True
  • False ✔
11. What is the proper classification for a data breach that resulted in the exposure of sensitive personally identifiable information (PII)?
  • None
  • Privacy Breach ✔
  • Proprietary Breach
  • Integrity Loss
12. What is the proper classification for the recovery effort from a breach if you can estimate the total effort required but it will require bringing in additional resources?
  • Regular
  • Extended
  • Supplemented ✔
  • Not Recoverable
13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Potential damange to and theft of resources, Need for evidence preservation, and Service availability?
  • Containment ✔
  • Eradication
  • Recovery
  • None of these
14. Which Post Incident activity would include ascertaining exactly what happened and at what times?
  • Utilizing collected data
  • Evidence retension
  • Lessons learned meeting ✔
  • Documentation review & update

Incident Response Graded Quiz

1. Select the missing phase of Incident Response: Preparation, _____, Containment, Eradication & Recovery, Post Incident Activity.
  • Detection and Analysis ✔
  • Execution
  • Root Cause Analysis
  • Acquire Data
2. Which statement is true about an incident?
  • An incident is an event that negatively affects IT systems. ✔
  • An incident is any collection of 3 or more related events.
  • Incidents involved external actors while events involved internal actors.
  • An incident becomes an event if a threat is identified.
3. True or False: A Coordinating Incidents Response Team provides advice and guidance to the Distributed IR teams in each department, but generally does not have specific authority over those teams.
  • True ✔
  • False
4. Which Incident Response Team model describes a team that has authority over all aspects of IR within the entire organization?
  • Distributed
  • Coordinating
  • Central ✔
  • Control
5. In what way will having a set of predefined baseline questions will help you in the event of an incident?
  • Trap the bad actors.
  • Interrogate suspects.
  • Coordinate with other teams and the media. ✔
  • Avoid events turning into Incidents.
6. Incident Response team resources can be divided into which three (3) of the following categories?
  • Incident Analysis Resources ✔
  • Incident Handler Communications and Facilities ✔
  • Incident Post-Analysis Resources
  • Incident Analysis Hardware and Software ✔
7. Port lists, Documentation, and Cryptographic hashes all belong to which Incident Response resource category?
  • Incident Post-Analysis Resources
  • Incident Analysis Resources ✔
  • Incident Analysis Hardware and Software
  • Incident Handler Communications and Facilities
8. Which three (3) of the following would be considered an incident detection indicator?
  • Detecting the use of a vulnerability scanner.
  • An application log showing numerous failed login attempts from an unknown remote system. ✔
  • A significant deviation from typical network traffic flow patterns. ✔
  • The discovery of a file containing unusual characters by a system administrator. ✔
9. Which type of monitoring system analyzes logs and events in real time?
  • IPS
  • IDS
  • DLP
  • SIEM ✔
10. True or False: Highly detailed and thorough documentation is needed to support the analysis of current and future incidents.
  • True ✔
  • False
11. What is the proper classification for a breach that results in sensitive or proprietary information being changed or deleted.
  • Proprietary Breach
  • Privacy Breach
  • Integrity Loss ✔
  • None
12. What is the proper classification for the recovery effort from a breach if sensitive data was stolen and posted on a public web site?
  • Not Recoverable ✔
  • Supplemented
  • Regular
  • Extended
13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Eliminate components of the incident, Disable compromised accounts, and Identify and mitigate vulnerabilities?
  • Containment
  • Eradication ✔
  • Recovery
  • None of these.
14. Which Post Incident activity would include reviewing response times, which systems were impacted and other metrics associated with the incident?
  • Lessons learned meeting
  • Evidence retention
  • Documentation review & update
  • Utilizing collected data ✔

Module 3 – Digital Forensics

Forensic Course Overview Knowledge Check

1. Digital forensics can be defined as the application of science to the identification, collection, examination, and analysis of what?
  • Malware
  • Data ✔
  • Evidence
  • Cybercriminals
2. According to NIST, the four (4) steps of the forensic process include which? (Select 4)
  • Examination ✔
  • Preserving
  • Reporting ✔
  • Investigating
  • Analysis ✔
  • Collection ✔

The Forensics Process Knowledge Check

1. According to NIST, a forensic analysis should include four elements, Places, Items, Events and what?
  • People ✔
  • Methods
  • Data
  • Systems
2. True or False. Digital forensics report must contain details of every test conducted, the methods and tools used, and the results.
  • True ✔
  • False
3. Which section of a digital forensics report would contain a list of the steps you have taken to insure the integrity of the evidence?
  • Overview & Case Summary
  • Forensic Acquisition & Examination Preparation ✔
  • Findings & Analysis
  • Conclusion
4. Network activity, Application usage, Logs and Keystroke monitoring are all sources of what?
  • Data ✔
  • Malware
  • Forensic dead-ends
  • Leaks
5. What are the three (3) main hurdles that must be overcome when examining data? (Select 3)
  • Dealing with a sea of data. A single hard drive will contains many thousands of files that are not relevant to our investigation. ✔
  • Selecting the most effective tools to help with the searching and filtering of data. ✔
  • Bypassing controls such as operating system and encryption passwords. ✔
  • Not tripping malware booby traps that were setup to prevent examination of data.

Forensic Data Knowledge Check

1. True or False. Only data files can be effectively analyzed during a forensic analysis.
  • True
  • False ✔
2. Most data files are smaller than the number of blocks allocated to their storage by the file system, the unused spaces is known as what?
  • Block buffer space
  • Slack space ✔
  • Free space
  • Allocation overage space
3. What does file metadata known as “MAC” data stand for in the context of a forensic analysis?
  • Machine Access Control
  • Metadata associated with i/OS files
  • Machine Allocated Content
  • Modification, Access and Creation times ✔
4. Open files are considered which data type?
  • Non-volatile
  • Dynamic
  • Volatile ✔
  • Static
5. True or False. When collecting forensic data from a running system, you should always attempt to collect volatile data first.
  • True ✔
  • False
6. Which operating system has a “Target Disk Mode” that allows a forensic investigator to easily make a copy of the target hard drive?
  • Mac OS X ✔
  • Microsoft Window
  • Linux
  • UNIX
7. Which three (3) of the following are application components? (Select 3)
  • Supporting files ✔
  • Operating system DLLs
  • Log files ✔
  • Configuration settings ✔
8. Which of these applications would likely be of the most interest in a forensic analysis?
  • Email ✔
  • OSI Application Layer protocols
  • Patch files
  • Operating system DLLs
9. What useful foresnsic data can be extracted from the Application layer of the TCP/IP protocol stack?
  • HTTP addresses ✔
  • TCP addresses
  • UDP addresses
  • ICMP addresses
10. Which device would you inspect if you were looking for failed attempts to penetrate your company’s network?
  • Firewall ✔
  • Intrusion detection system
  • Packet sniffer
  • Remote access server

Digital Forensics Assessment

1. Digital forensics is commonly applied to which of the following activities?
  • Criminal investigation
  • Incident handling
  • Data recovery
  • All of the above ✔
2. NIST includes which three (3) as steps in collecting data? (Select 3)
  • Develop a plan to aquire the data ✔
  • Verify the integrity of the data ✔
  • Acquire the data
  • Normalize the data
3. What is the primary purpose of maintaining a chain of custody?
  • So a person in possession of evidence will know who they are allowed to give it to next
  • To keep valuable hardware securely locked to tables or floors.
  • To allow for accurate client billing
  • To avoid allegations of mishandling or tampering of evidence. ✔
4. True or False. Digital forensics had been used to solve a number of high-profile violent crimes.
  • True ✔
  • False
5. True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.
  • True
  • False ✔
6. Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?
  • Overview & Case Summary
  • Forensic Acquisition & Examination Preparation
  • Findings & Analysis ✔
  • Conclusion
7. Which types of files are appropriate subjects for forensic analysis?
  • Data files
  • Image and video files
  • Application files
  • All of the above ✔
8. Deleting a file results in what action by most operating systems?
  • The memory registers used by the file are erased and marked as available for new storage.
  • The file is copied to a trash or recycle folder and the original memory registers are erased.
  • The memory registers used by the file are marked as available for new storage but are otherwise not changed. ✔
  • Random data is immediately copied into the memory registers used by the file to obfuscate the previous contents.
9. Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?
  • An incremental backup
  • A logical backup ✔
  • A disk-to-file backup
  • A disk-to-disk backup
10. How does a forensic analysis use hash sets acquired from NIST’s Software Reference Library project?
  • They can quickly eliminate known good operating system and application files from consideration. ✔
  • They provide a record of known encrypted malware.
  • Hashes will help you quickly zero in on deleted files.
  • They are useful in identifying files that were created outside the United States.
11. Which three (3) of the following data types are considered non-volatile? (Select 3)
  • Dump files ✔
  • Swap files ✔
  • Free space
  • Logs ✔
12. Configuration files are considered which data type?
  • Static
  • Volatile
  • Dynamic
  • Non-volatile ✔
13. True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.
  • True
  • False ✔
14. Which three (3) of the following are application components? (Select 3)
  • OSI Application Layer protocols
  • Data files ✔
  • Authentication mechanisms ✔
  • Application architecture ✔Application architecture ✔
15. Which of these applications would likely be of the least interest in a forensic analysis?
  • Patch files ✔
  • Chat
  • Email
  • Web host data
16. The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)
  • UDP
  • IPv4 / IPv6 ✔
  • LDAP
  • ICMP ✔
17. Which device would you inspect if you were looking for event data correlated across a number of different network devices?
  • Firewall
  • Remote access server ✔
  • Packet sniffer
  • Intrusion detection system
18. Which of these sources might require a court order in order to obtain the data for forensic analysis?
  • Intrusion detection systems
  • System Event Management systems
  • ISP records ✔
  • Firewalls

Module 4 – Introduction to Scripting

Scripting Overview Knowledge Check

1. Which organization is credited with creating the first scripting language?
  • Digital Computer Corporation
  • NIST
  • University of California at Berkley
  • IBM Corporation ✔
2. Which concept of a scripting language helps with repetitive tasks?
  • Variables
  • IF statements
  • Arguments
  • Loops ✔
3. Which three (3) of the following are scripting language? (Select 3)
  • PowerShell ✔
  • JCL ✔
  • FORTRAN
  • JavaScript ✔
4. True or False. JavaScript greatly improved the functionality of webpages.
  • True ✔
  • False
5. Which Scripting language uses 1s and 0s in a two symbol system?
  • TRAC
  • Logical
  • Binary ✔
  • base2

Python Scripting Knowledge Check

1. Python can be best described as what?
  • A high-level scripting language. ✔
  • A low-level compiled programming language.
  • The hottest new scripting language introduced in 2012.
  • A structured programming language.
2. True or False. Extensive free resources are available on the web to make it relatively easy to learn Python.
  • True ✔
  • False
3. Indentations are used in Python code for which reason?
  • To indicate a library function is being called.
  • To define a block of code and are required. ✔
  • For readability and are optional.
  • To define loop nesting and are required.
4. What file type is commonly used to store Python code?
  • .txt
  • .python
  • Any extension is allowed as long as the file only contains ASCII text characters.
  • .py ✔
5. In the Python statement
pi=3
What is the data type of the variable pi?
  • string
  • float
  • bool
  • int ✔
6. True or False. In the Python statements below Example1=’A’
Example2=”B”
Example1 is a character variable type while Example2 is a string variable type.
  • True
  • False ✔
7. What will be printed by this Python code block?
pi=3
pi3=3*pi
print(pi3)
pi3
  • 333
  • 9 ✔
  • 3
8. True or False. A tuple in Python is similar to a list but it is an immutable data type so its values cannot be changed after they are first set.
  • True ✔
  • False
9. How many times will a while loop execute in Python?
  • As long as the specified condition is true. ✔
  • Until the end while statement is encountered.
  • As many times as are specified in the loop counter.
  • Until the first exit statement is encountered.
10. True or False. Python functions must be purchased or downloaded in libraries from Python development companies. You must have Python SDK in order to develop your own functions.
  • True
  • False ✔
11. Which two (2) of these Python libraries provides useful scientific computing functions? (Select 2)
  • NumPy ✔
  • StatsModels
  • Matplotlib
  • Pandas ✔
  • Seaborn
  • Scikit-learn

Introduction to Scripting Assessment

1. What was considered to be the first scripting language?
  • Perl
  • Bash
  • TRAC
  • JCL ✔
2. Which concept of a scripting language is a memory address paired with a symbolic name (or identifier) which contains a value?
  • Arguments
  • IF statements
  • Loops
  • Variables ✔
3. Which three (3) of the following are scripting languages? (Select 3)
  • Bash ✔
  • Perl ✔
  • C++
  • Hex ✔
4. Which Scripting language is a task automation and configuration management framework from Microsoft?
  • JCL
  • JavaScript
  • Perl
  • PowerShell ✔
5. Which is an example of how scripts are commonly used today?
  • Autocorrection
  • Word processing
  • Task automation ✔
  • Transcription
6. What scripting concept is widely used across different languages to process a set of instructions over and over again until a specified condition is met?
  • Arguments
  • If-then
  • Loops ✔
  • Variables
7. Bash is a scripting language developed for use with which operating system?
  • Linux
  • UNIX ✔
  • Mac OS X
  • Windows
8. Which Python command would print out “Hello World”?
  • print(Hello World)
  • print(“Hello World”) ✔
  • type(“Hello World”)
  • output(0,”Hello World”)
9. Why does Python often takes fewer lines of code to accomplish a task than C or Java?
  • Python can utilize extensive function libraries. ✔
  • In Python you can embed multiple steps within a single command.
  • Python generally takes more lines of code than C or Java to accomplish the same task.
  • Python code is more efficient than C or Java code.
10. How many spaces must be used to indent a block of code in Python?
  • Any number 1 or more as long as the same indentation is used within a code block. ✔
  • Multiples of 3.
  • Any number 1 or more as long as the same indentation is used throughout the program.
  • Indentation is binary, i.e. a line is either indented or it is not, so there is no restriction to how many spaces are used on any line of indented code.
11. What will Python do when it encounters the hash character “#”?
  • Treat everything to the right of the hash on the current line as a comment. ✔
  • Treat everything between that hash and the next hash encountered in the program as a comment.
  • Hash is used as a wildcard character in Python.
  • Call in the referenced library function the follows the hash.
12. What will be printed by this Python code block?
pi=3.14159
pi=int(pi)
print(pi)
  • 3 ✔
  • 3.14159
  • pi=3.14159
  • pi
13. True or False. In the Python statements below
Example1=”3″
Example1 is a string variable type.
  • True ✔
  • False
14. What will be printed by this Python code block?pi=”3″
pi3=3*pi
print(pi3)
  • 333 ✔
  • 9
  • 3
  • pi3
15. How many times will the following Python for loop be executed assuming UNMembers is a list of the 193 members of the United Nations General Assembly?
for country in UNMembers:
print(country)
  • 0
  • 1
  • 193 ✔
  • Until it reaches a specified country
16. What is one good reason to write your own function in Python?
  • There is no library function already written that will do what you need. ✔
  • Python only operates through the execution of functions.
  • Functions execute far faster than standard Python code.
  • There are extra Python operators that will only execute inside of a defined function.
17. Which two (2) of these Python libraries provide useful graphics and visualization functions? (Select 2)
  • Pandas
  • Seaborn ✔
  • Scikit-learn
  • StatsModels
  • NumPy
  • Matplotlib ✔

 

#Cybersecurity #IBM

Post a Comment

© 2025 TeamsCloud ‧ All rights reserved. Developed by Teams
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.