IBM Cybersecurity Analyst Professional Certificate Assessment Exam 70 Questions and Correct Answers/Newest Version

IBM Cybersecurity Analyst Professional Certificate Assessment Exam 70 Questions and Correct Answers/Newest Version 1. Question 1 Select the answer the fills in the blanks in the correct order. A weakness in a system is a/an . The potential danger associated with this is a/an that becomes a/an when attacked by a bad actor. 1 / 1 point threat, exposure, risk threat actor, vulnerability, exposure risk, exploit, threat vulnerability, threat, exploit 2. Question 2 Putting locks on a door is an example of which type of control? 1 / 1 point Preventative Detective Corrective All of the above 3. Question 3 Which of the following defines a security threat? 1 / 1 point Any potential danger capable of exploiting a weakness in a system The likelihood that the weakness in a system will be exploited One instance of a weakness being exploited A weakness in a system that could be exploited by a bad actor 4. Question 4 Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack? 1 / 1 point A Denial of Service (DoS) attack An IP Spoofing attack A Phishing attack All of the above 5. Question 5 Trudy intercepts a plain text message sent by Alice to Bob but in no way interferes with its delivery. Which aspect of the CIA Triad was violated? 1 / 1 point Confidentiality Integrity Availability All of the above 6. Question 6 Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated? 1 / 1 point Confidentiality Integrity Availability All of the above 7. Question 7 Which factor contributes most to the strength of an encryption system? 0 / 1 point The number of private keys used by the system The secrecy of the encryption algorithm used The length of the encryption key used How many people have access to your public key 8. Question 8 What is an advantage asymmetric key encryption has over symmetric key encryption? 0 / 1 point Asymmetric keys can be exchanged more securely than symmetric keys Asymmetric key encryption is faster than symmetric key encryption Asymmetric key encryption is harder to break than symmetric key encryption Asymmetric key encryption provides better security against Man-in-the-middle attacks than is possible with symmetric key encryption Incorrect 9. Question 9 Which three (3) of the following are key ITIL processes? (Select 3) 0 / 1 point Incident Management Problem Management Change Management Project Management Time Management Process Management 10. Question 10 Which position conducts information security investigations for organizations to identify threats that could compromise the organization? 1 / 1 point Information Security Analyst Information Security Auditor Information Security Architect Vulnerability Assessor 11. Question 11 Which three (3) are considered best practices, baselines or frameworks? (Select 3) 1 / 1 point ISO27000 series HIPAA COBIT ITIL GDPR 12. Question 12 Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation? 0 / 1 point Trudy deletes the message without forwarding it Trudy changes the message and then forwards it on Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form Trudy reads the message 13. Question 13 What does the "A" in the CIA Triad stand for? 1 / 1 point Accountability Authenticity Availability Architecture 14. Question 14 Which type of access control is based upon the subject's clearance level and the objects classification? 1 / 1 point Mandatory Access Control (MAC) Role Based Access Control (RBAC) Discretionary Access Control (DAC) Hierarchical Access Control (HAC) 15. Question 15 The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control? 0 / 1 point Administrative Embedded Technical Physical 16. Question 16 Windows 10 stores 64-bit applications in which directory? 1 / 1 point Program Files (x86) System System32 Program Files 17. Question 17 In a Linux file system, which files are contained in the bin folder? 0 / 1 point Executable files such as grep and ping All user binary files, their libraries and headers Directories such as /home and /usr Configuration files such as fstab and inittab 18. Question 18 If cost is the primary concern, which type of cloud should be considered first? 1 / 1 point Universal cloud Private cloud Hybrid cloud Public cloud 19. Question 19 To build a virtual computing environment, where is the hypervisor installed? 1 / 1 point Between the hardware and operating system Between the operating system and applications On the cloud's supervisory system Between the applications and the data sources 20. Question 20 Which regulation contains the security rule that requires all covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI)? 0 / 1 point GDPR HIPAA ISO27000 series NIST 800-53A PCI-DSS 21. Question 21 An identical email sent to millions of addresses at random would be classified as which type of attack? 1 / 1 point A Phishing attack A Shark attack A Spear Phishing attack A Whale attack 22. Question 22 If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically? 1 / 1 point The endpoint can be either allowed access to all network resources or quarantined and denied access to all network resources Nothing can be done directly to the endpoint but a system administrator can be alerted to handle the problem with the system owner No actions can be taken directly on the endpoint but the endpoint's owner can be notified of the actions he/she is expected to take The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch 23. Question 23 Granting access to a user account only those privileges necessary to perform its intended functions is known as what? 1 / 1 point The principle of unified access control Role Based Access Control (RBAC) The principle of least privileges The principle of top-down control 24. Question 24 In Linux, Bash, tcsh and sh are what? 0 / 1 point Shells Distros Directories Commands 25. Question 25 Hashing ensures which of the following? 0 / 1 point Confidentiality Integrity Availability All of the above 26. Question 26 Why is hashing not a common method used for encrypting data? 0 / 1 point Hashes are becoming easier to reverse engineer since computers are becoming more powerful There are too few unique hashing algorithms available for widespread use as a general encryption tool The length of the hash string is proportional to the length of the input so the approximate message length can be derived from a hash Hashing is a one-way process so the original data cannot be reconstructed from a hash value 27. Question 27 Which of the following statements about hashing is True? 1 / 1 point A weakness of hashing is that the hash is proportional in length to the original message The original message can be retrieved from the hash if you have the encryption key If you have two hashes that differ only by a single character, you can infer that the original messages also differed very little Hashing uses algorithms that are known as “one-way” functions 28. Question 28 Which of the following practices will help assure the confidentiality of data in transit? 1 / 1 point Always compress files before sending if you are using TLS Accept self-signed certificates Disable certificate pinning Implement HTTP Strict Transport Protocol (HSTS) 29. Question 29 For added security you decide to protect your network by conducting both a stateless and stateful inspection of incoming packets. How can this be done? 0 / 1 point Install a single firewall that is capable of conducting both stateless and stateful inspections Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state related factors You must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall This cannot be done The network administrator must choose to run a given network segment in either stateful or stateless mode, and then select the corresponding firewall type 30. Question 30 Which statement best describes configuring a NAT router to use overload mapping? 1 / 1 point Many unregistered IP addresses are mapped to a single registered IP address using different port numbers Unregistered IP addresses are mapped to registered IP addresses as they are needed The NAT router uses each computer's IP address for both internal and external communication The organization will need as many registered IP addresses as it has computers that need Internet access 31. Question 31 If a computer needs to send a message to a system that is not part of the local network, where does it send the message? 0 / 1 point To the system's IP address The network's default gateway address The network's DNS server address The network's DHCP server address To the system's domain name To the system's MAC address 32. Question 32 In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class A network? 0 / 1 point 1 4 3 2 33. Question 33 Which three (3) of these statements about the UDP protocol are True? (Select 3) 1 / 1 point UDP is faster than TCP UDP is connectionless UDP packets are reassembled by the receiving system in whatever order they are received UDP is more reliable than TCP 34. Question 34 Which type of firewall understands which session a packet belongs to and analyzes it accordingly? 1 / 1 point An Advanced Firewall (AFW) A Next Generation Firewall (NGFW) A Session Firewall (SFW) A Connection Firewall (CFW) 35. Question 35 Data sources such as newspapers, books and web pages are considered which type of data? 0 / 1 point Meta-structured data Semi-structured data Structured data Unstructured data 36. Question 36 Hassan is an engineer who works a normal day shift from his company's headquarters in Austin, TX USA. Which two (2) of these activities raise the most cause for concern? (Select 2) 1 / 1 point One evening, Hassan downloads all of the files associated with the new product he is working on Each night Hassan logs into his account from an ISP in China Hassan has started logging in from home for an hour or so most evenings Hassan runs a lot of SQL queries that contain invalid syntax 37. Question 37 Which three (3) of the following are considered safe coding practices? (Select 3) 0 / 1 point Use library functions in place of OS commands Use blacklists but avoid whitelists when processing input data Avoid running commands through a shell interpreter Avoid using OS commands whenever possible You didn’t select all the correct answers 38. Question 38 Which two (2) forms of discovery must be conducted online? (Select 2) 1 / 1 point Shoulder surfing Port scanning Packet sniffing Social engineering 39. Question 39 If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task? 1 / 1 point John the Ripper Metasploit Wireshark Nmap 40. Question 40 Spare workstations and servers, blank removable media, packet sniffers and protocol analyzers, all belong to which Incident Response resource category? 1 / 1 point Incident Post-Analysis Resources Incident Analysis Hardware and Software Incident Analysis Resources Incident Handler Communications and Facilities 41. Question 41 Which of the following would be considered an incident precursor? 0 / 1 point An alert from your antivirus software indicating it had detected malware on your system An email administrator seeing a large number of emails with suspicious content Application logs indicating multiple failed login attempts from an unfamiliar remote system An announced threat against your organization by a hactivist group 42. Question 42 Forensic analysis should always be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files? (Select 2) 0 / 1 point A logical backup An incremental backup A disk-to-disk backup A disk-to-file backup You didn’t select all the correct answers 43. Question 43 Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3) 0 / 1 point Bypassing controls such as passwords Finding the relevant files among the hundreds of thousands found on most hard drives Selecting the right tools to help filter and exclude irrelevant data Acquiring data from the crime scene 44. Question 44 What scripting concept will repeatedly execute the same block of code while a specified condition remains true? 1 / 1 point if-then Loops Variables Arguments 45. Question 45 Which two (2) statements about Python are true? (Select 2) 1 / 1 point Python code is written at a very low level to better integrate with operating system functions Python code is considered very readable by novice programmers Python is not considered portable, running only on Linux and Windows machines Python code is considered easy to debug compared with other popular programming languages 46. Question 46 In the Python statement pi="3" What data type is the data type of the variable pi? 0 / 1 point bool str int float 47. Question 47 What will be printed by the following block of Python code? def Add5(in) out=in+5 return out print(Add5(10)) 1 / 1 point 5 Add5(10) 15 10 48. Question 48 According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area? 0 / 1 point Strategic Control Tactical Operational 49. Question 49 True or False. An organization's security immune system should be integrated with outside organizations, including vendors and other third-parties. 1 / 1 point True False 50. Question 50 Which is the data protection process that prevents a suspicious data request from being completed? 1 / 1 point Data discovery Data classification Data risk analysis Blocking, masking and quarantining 51. Question 51 Which type of threat is a social engineering attack? 0 / 1 point Internal App based System based External 52. Question 52 All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data? 0 / 1 point Retail Transportation Financial Healthcare 53. Question 53 Which type of scan is quieter than other TCP scans and can get around firewalls, but can be detected with newer IDSs? 1 / 1 point Ping (ICMP Echo Request) UDP port scan Stealth scan TCP/Half Open Scan (aka a SYN scan) TCP Connect 54. Question 54 In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected? 1 / 1 point Environmental Score Temporal Score Base-Impact Subscore Base-Exploitability Subscore 55. Question 55 Security standards do not have the force of law, but security regulations do. Which one of these is a security regulation? 0 / 1 point NIST 800-53 CERT Secure Coding Sarbanes-Oxley Act (SOX) PCI-DSS Incorrect 56. Question 56 You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What have you just determined? 0 / 1 point A threat A risk A vector A vulnerability 57. Question 57 Which one of the OWASP Top 10 Application Security Risks would be occur when an application's API exposes financial, healthcare or other PII data? 1 / 1 point Sensitive data exposure Security misconfiguration Broken access control XML external entities (XXE) 58. Question 58 Solution architectures often contain diagrams like the one below. What does this diagram show? <<Solution Architecture Data F>> 1 / 1 point Enterprise architecture Architecture overview Functional components and data flow External context and boundary diagram 59. Question 59 For a SIEM, what is a record of network activity between two hosts for the duration of a session called? 0 / 1 point Actions Logs Events Flows 60. Question 60 The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics? 0 / 1 point Anomaly detection Dilemmas Morals Abstraction Machine Learning Pattern identification 61. Question 61 True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization. 1 / 1 point True False 62. Question 62 There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web. 0 / 1 point Fraud Investigations VIP Protection Threat Discovery Insider Threat 63. Question 63 A Coordinating incident response team model is characterized by which of the following? 1 / 1 point Multiple incident response teams within an organization but one with authority to assure consistent policies and practices are followed across all teams This term refers to a structure that assures the incident response team’s activities are coordinated with senior management and all appropriate departments within and organization Multiple incident response teams within an organization with specific technology in place, such as shared databases, to assure threat and response knowledge is shared peer-to-peer across all teams Multiple incident response teams within an organization all of whom coordinate their activities only within their country or department 64. Question 64 True or False. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations. 1 / 1 point True False 65. Question 65 You are the CEO of a large tech company and have just received an angry email that looks like it came from one of your biggest customers. The email says your company is overbilling the customer and asks that you examine the attached invoice. You do but find it blank, so you reply politely to the sender asking for more details. You never hear back, but a week later your security team tells you that your credentials have been used to access and exfiltrate large amounts of company financial data. What kind of attack did you fall victim to? 0 / 1 point A shark attack As a phishing attack As a whale attack A fly phishing attack 66. Question 66 Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit card data is true? 0 / 1 point Cardholder data must be encrypted if it is sent across open or public networks Some form of mobile device management (MDM) must be used on all mobile credit card processing devices All employees with direct access to cardholder data must be bonded Muti-factor authentication is required for all new card holders 67. Question 67 Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit. Why is such a complex process used instead of simply using the stolen numbers to buy the products that are desired? 0 / 1 point If done quickly, there is a multiplying effect in play. The stolen credit card can be used to buy 3 or 4 prepaid cards each valued at the credit limit of the original card. The same is true for using each prepaid card to buy multiple gift cards and each gift card to buy more merchandise than its face value Because stolen cards can rarely be used directly to purchase merchandise To make the end-to-end transaction very difficult to follow It is easier to get approval to use a credit card to purchase a prepaid credit card than to it is to purchase merchandise 68. Question 68 According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security? 1 / 1 point 12% 24% 52% 92% 69. Question 69 You get email constantly telling you that your eBay account shows signs of suspicious activity and that you should log in using the link provided to restore your credentials. You have taken a great course on Cybersecurity, so you check and see the sender's email address is "". Which attack vector is being used to try to compromise your system? 0 / 1 point Malicious Links Remote Desktop Protocol (RDP) Phishing Software Vulnerabilities Incorrect 70. Question 70 Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites? 1 / 1 point Malicious Links Remote Desktop Protocol (RDP) Software Vulnerabilities Phishing