IBM Cyber security L1-3

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following best represents the concept of mobility?

Connected appliances, Satellites, Cell phone users

Which of the following infrastructure types is deemed to be critical?

Electric power grid & Bridges & Internet

How does SSH protect our information?

Encryption

Evaluate the following statement. "Our site is safe if we use network vulnerability assessments, firewalls are in place and the data is encrypted with SSL".

False

{True/ False} Even though IoT security is a major concern, most of the critical systems like healthcare pacemakers and drug infusion pumps are still considered safe and "unhackable".

False

{True/False}As of 2018, 40% of cyberattacks come from well-organized underground networks that share tools data, and expertise.

False

{True/False}The Threat Report contains a risk score, from 0-5, that gives a general impression of how credible the threat from this IP is. It also provides us with further data that can be used by a team of security analysts to help pinpoint where the attack took place, who was attacked, and not only the date, but the exact timeframe of when the attack was active.

False

{True/False}Tor, an acronym of "The Onion Router," is a worldwide network of servers developed by the U.S. Navy, and used exclusively by U.S. government agencies to fight cybercrime

False

ZenMap is a ____________.

Network Mapping Tool

What is an attack surface?

Targeted companies for a cyber attack

{True/ False} A single IoT device is not typically very powerful, so a single bot is not much of a threat. But DDoS botnet attacks are made up of hundreds of thousands of bots, all under the control of the hacker.

True

{True/ False} Ping is a basic Internet program that allows a user to verify that a particular IP address exists and can accept requests

True

{True/ False} Virtual Private Network (VPN) can help prevent spying on the internet and other network traffic and substantially enhance end-user privacy and security.

True

{True/ False} X-Force Exchange offers 24/7 monitoring, collection, and reporting on vulnerabilities.

True

{True/ False}The Botnet report contains the following information: ● When the attack was last captured ● If the attack has more or less botnet clients than previous attacks ● When the attack was at its strongest ● How many people were affected ● A list of the countries affected and a map that displays the severity in each country

True

{True/False}An advanced persistent threat (ATP) is a set of stealthy and continuous computer hacking processes, often targeting a specific entity.

True

{True/False}Network security serves as the first line of defense for governments and organizations. They support our global economy and communications infrastructure on which our society relies today.

True

The architecture of a web application includes the following tiers: Client Tier, Middle Tier and Data Tier

True

What Unix/Linux Command lists the contents of the current directory or folder?

LS

In cyber resilience the business priority is to support "continuous availability", the expectation is of always-on systems with zero downtime, and at the same time, our systems are more heterogeneous than ever. Which technologies will be critical to solving this expectation and complexity?

1. Artificial Intelligence 2 .Predictive systems 3. Orchestration as part of a software-defined resiliency story

Match the attack type with its description.

1. Denial of Service (DDoS): Attack that deliberately overloads a network in order to shut down its online capability 2. SQL Injection: Inserts commands code into a client application allowing that hacker access to their data 3. Phishing: Tricking a user into providing malicious software. 4. Malware: Malicious Software programmed to attack a target computer.

What is true about misconfiguration as one of the most challenging types of cyber threats?

1. Incidents where attackers gain access to vulnerable systems left exposed by inexperienced administrators or users (e.g. default factory settings) 2. Employees and insiders falling for phishing emails that resulted in account takeover or access to sensitive data. 3. Erroneous permission-level attribution on cloud services and networked backups exposed sensitive data through weak or non-existent authentication.

[Select Two] Which of the following are common attack vectors/ challenges for the Federal Government Agencies?

1. Lack of sufficient skills and administration 2. Mitigate insider threats

Why is it important to create an integrated security domain system?

1. Until recently, organizations have responded to security concerns by deploying a new tool to address each new risk. We've observed one company was using 85 tools from 45 different software vendors! Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. 2. Because it involves the partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats.

Web applications are vulnerable. What is the percentage of web applications that display at least one known vulnerability?

100%

According to John Mulligan (Interim CTO at Target) how many records were affected by their data breach?

40 million guests on payment card data & 70 million guests on personal dat

What is a botnet?

A type of malware that scales to attack a multitude of device

According to Managed Security Services, how many security incidents affect our networks globally?

Billions

What was the listed vulnerability for the Ceragon FiberAir IP-10 bridges?

Default Password for the root account

Which of the following motivators explain why cyber criminals carry out cyber-attacks?

Financial Gain Hacktivism Espionage Bragging Rights

In general, what is the first step an attacker will perform when attacking a system?

Footprinting

_________ is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It serves two main functions: host or network interface identification and location addressing.

IP Address

Which Microsoft Windows command displays all current TCP/IP network configuration values, and can refresh Dynamic Host Configuration Protocol and Domain Name System settings?

IPConfig

Which are the five phases for the Cyber Resilience Lifecycle based in NIST CSF?

Identify, Protect, Detect, Respond, Recover

[Select all that apply] Which of the following stressors are known to overwhelm cyber security personnel?

Overloaded by data & Shortage of skills to fill the needed positions & Dealing with unaddressed threats

The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Which of the following services is a DNS

Quad9

How can we secure our Internet traffic when connecting to external sites?

Secure Shell

The use of a cyber-attack for research purposes, such as probing potential vulnerabilities within a company's network or conducting penetration testing, is known as:

White Hat Hacking

Which of the following is a free and open-source packet analyzer? It is used for network troubleshooting, analysis, software and communications protocol development, and education?

Wireshark

Which of the following examples best illustrates a cyber threat?

You receive an email from an unknown account asking you to click on a link to claim a prize. & Hackers infiltrate a banking website and obtain customer account information


Conjuntos de estudio relacionados

Photosynthesis and Cellular Respiration

View Set

Greek Mythology gods & goddesses

View Set

Module 6 proteins and amino acids

View Set