IBM security analyst practice quiz
You get a pop-up message on your screen telling you that highly confidential company files have been downloaded and will be made public unless you pay a fee. What type of ransomware has attacked your system?
Leakware/Doxware
In Active Directory, Administrator, Guest, HelpAssistant, and KRBTGT are all examples of what?
Local accounts
Which three (3) of the following data types are considered volatile? (Select 3)
Login sessions Running processes Slack space
To exchange messages between two people using symemtric key encryption, how many unique encryption keys are required ?
1
A university just upgraded their email system, so it now encrypts all email by default. What aspect of the CIA Triad does this upgrade support?
Confidentiality
The Common Vulnerability Scoring System (CVSS) is designed to help a company prioritize vulnerabilities. Which score would indicate a very high priority vulnerability?
10
How do you represent the number 8 in binary?
1000
What will be printed by the following block of Python code? def Add5(in) out=in+5 return out print(Add5(10))
15
Which of the following statements about hypervisors is true?
A hypervisor operates between the hardware and the operating system.
According to NIST, Cyber Supply Chain Risk Management (SCRM) activities include which of the following?
All of the above.
Digital signatures ensure which of the following?
All of the above.
Translation of domain names to IP addresses and vice versa is carried out by which protocol?
DNS
Which mobile operating system is being developed in a consortium that includes the Open Handset Alliance?
Android
What is an effective fully automated way to prevent malware from entering your system as an email attachment?
Anti-virus software.
In Windows, how many unique address spaces are used by applications running in user mode?
As many as there are processes running.
Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?
Attempts to create a list of user ID credentials using an SQL query rather than your organization's identity management application.
Which data protection process provides prebuilt capabilities, mapped to specific regulations, to create the necessary resources to implement and demonstrate compliance with these regulations?
Automated compliance support
A (DDoS) attack typically involves bad actor sending millions of requests to a computer overwhelming that system's ability to process them all properly. This is a violation of which aspect of the CIA Triad ?
Availability
Which three (3) of the following are examples of how scripts are used today? (Select 3)
Backups Testing Automation
Money is the primary motivation for which type of hacking organization ?
Black Hats
In digital forensics, the record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence is called what?
Chain of custody
Which role is a high-level management position responsible for the entire computer security department and staff?
Chief Information Security Officer (CISO)
A subnet mask of 255.0.0.0 is used for which class of network?
Class A
Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain? (Select 3)
Command & Control Installation Actions on Objectives
In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list? (Select 3)
Develop an incident response plan based on the incident response policy. Establish policies and procedures regarding incident-related information sharing. Establish a formal incident response capability.
Select the correct option to fill in the blank with the missing step in the penetration test attack phase. Gaining Access, ______, System Browsing, Installing Additional Tools.
Escalating Privileges
Which two (2) are phases of a penetration test? (Select 2)
Exploitation or Attack Discovery
True of False. Because of their large volume of transactions, it is often easier for an attacker to successfully penetrate the PoS systems of a major retail chain than it is that of a small independent business where every transaction can be viewed by the owner.
False
Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)
Gather full situational awareness through advanced security analytics. Perform forensic investigation.
Which of these is an aspect of an Enterprise Architecture?
Gives the technology perspectives in detail. ????????????
Which type of monitoring system is designed to stop unauthorized users from accessing or downloading sensitive data?
IDS ????????
Which two (2) Windows patch classifications should always be installed quickly? (Select 2)
Important Critical
An unplanned interruption to an IT Service would be handled by which ITIL process?
Incident Management
Trudy intercepts a plain-text message sent by Alice and changes the location of a meeting that Alice is trying to arrange with Bob before she forwards the altered message to Bob. Which two aspects of the CIA triad were violated ?
Integrity, Confidentiality
What are three (3) common signs that an email might be a phishing attack? (Select 3)
It is not from someone you know or do business with. It is generically address, for example, to "Dear Customer". There is a request to click a link and provide personal "account" details.
When examining endpoint security, which three (3) of the following would be classified as clients? (Select 3)
Laptop Cellphone Personal Computer
An employee seeking to damage his company because he did not get an expected promotion would be classified as which type of actor?
Malicious Insider
Which three (3) of these are features of Solution Building Blocks (SBBs)? (Select 3)
May be product or vendor aware. Specifies the technical components to implement a function. Add context of the platforms and environments.
Question 17 Which company developed and now owns Linux?
None of the above.
Which operating system is immune from OS Command Injection attacks?
None of the above.
The common vulnerability exploited in all social engineering attacks is what ?
People
Holding a cross-departmental meeting to review lessons learned from an incident after it has been resolved falls into which phase of the incident response lifecycle?
Post-Incident Activity
Which are the first three phases of incident response?
Preparation, Detection & Analysis, Containment, Eradication & Recovery.
If data security is the primary concern, which type of cloud should be considered first?
Private cloud
How is Python developed and distributed?
Python is an Open Source project and distributed free of charge.
Mary has access to certain resources because she is in the Research division of her company. She has access to other resources because she is a manager. Which access control system is probably in use in her company?
Role Based Access Control (RBAC)
The Recover step in the DevSecOps Operate & Monitor phase contains which of these activities?
Root Cause Analysis
A directive from upper management stating that all employees must wear an ID badge at all times is an example of what ?
Security policy
Which are the three (3) factor categories used in multi factor authentication? (Select 3)
Something you have. Something you are. Something you know.
Distributed databases and data warehouses would be considered which data model type?
Structured data
How will Quantum computing impact the effectiveness of cryptography?
Symmetric key encryption will be weakened, and Public Key encryption will be broken.
Question 12 Alice, Bob and Trudy are fictional characters commonly used to illustrate which aspect of information security?
The CIA Triad.
Policies, procedures and tactical plans are all part of what ?
The IT Governance process.
Which of the following models how to document the processes, functions, and roles of IT Service Management?
The Information Technology Infrastructure Library (ITIL) framework
Which address type does a router use to deliver a packet to a computer on its own local network?
The computer's MAC address.
Which statement best describes the results of configuring a NAT router to use static address mapping?
The organization will need as many registered IP addresses as it has computers that need Internet access.
Targeted acts of war, espionage, hacktivists, targeted data theft, and indirect criminal activities designed for mass disruption are collectively referred to as what?
The threat surface.
How are Rainbow Tables used by hackers?
To decipher stolen passwords by looking up a hashed password and matching it to a string of clear text.
Why would you make hash values of all the data on a system before you move it or begin to analyze it?
To preserve the integrity of the original data.
Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an availability violation?
Trudy deletes the message without reading or forwarding it.
True or False. A study conducted by the Ingenico Group recommended the use of Tokenization which replaces credit card data with a secure token while the data is at rest.
True
Which country had the highest average cost per breach in 2018 at $8.19M
United States
How do you indicate some text is only a comment in a Python file?
Use a hash "#" character. Everything to the right of that character on the same line will be treated as a comment.
The foundation of robust security depends upon a number of factors including which two (2) of these? (Select 2)
Use systematic analysis of the threats and controls. Build with a clearly communicated structure.
Which component of a vulnerability scanner allows the administrator to operate the scanner?
User Interface
When working on a Windows computer, which mode will you usually be operating in?
User mode
What is event coalescing in SIEM data processing?
When 3 events are found with matching properties within a 10 second period, they are coalesced into a single event.
When can data be encrypted?
While at rest, in transit and in use.
Which of the following inspections can be performed only by a stateful firewall and not by a stateless firewall?
if the packet belongs to an open session
Which two (2) approaches do SIEMs take to establish relationships between event log entries? (Select 2)
rule-based statistical correlation engine based