IBM Cyber security L1-3
Which of the following best represents the concept of mobility?
Connected appliances, Satellites, Cell phone users
Which of the following infrastructure types is deemed to be critical?
Electric power grid & Bridges & Internet
How does SSH protect our information?
Encryption
Evaluate the following statement. "Our site is safe if we use network vulnerability assessments, firewalls are in place and the data is encrypted with SSL".
False
{True/ False} Even though IoT security is a major concern, most of the critical systems like healthcare pacemakers and drug infusion pumps are still considered safe and "unhackable".
False
{True/False}As of 2018, 40% of cyberattacks come from well-organized underground networks that share tools data, and expertise.
False
{True/False}The Threat Report contains a risk score, from 0-5, that gives a general impression of how credible the threat from this IP is. It also provides us with further data that can be used by a team of security analysts to help pinpoint where the attack took place, who was attacked, and not only the date, but the exact timeframe of when the attack was active.
False
{True/False}Tor, an acronym of "The Onion Router," is a worldwide network of servers developed by the U.S. Navy, and used exclusively by U.S. government agencies to fight cybercrime
False
ZenMap is a ____________.
Network Mapping Tool
What is an attack surface?
Targeted companies for a cyber attack
{True/ False} A single IoT device is not typically very powerful, so a single bot is not much of a threat. But DDoS botnet attacks are made up of hundreds of thousands of bots, all under the control of the hacker.
True
{True/ False} Ping is a basic Internet program that allows a user to verify that a particular IP address exists and can accept requests
True
{True/ False} Virtual Private Network (VPN) can help prevent spying on the internet and other network traffic and substantially enhance end-user privacy and security.
True
{True/ False} X-Force Exchange offers 24/7 monitoring, collection, and reporting on vulnerabilities.
True
{True/ False}The Botnet report contains the following information: ● When the attack was last captured ● If the attack has more or less botnet clients than previous attacks ● When the attack was at its strongest ● How many people were affected ● A list of the countries affected and a map that displays the severity in each country
True
{True/False}An advanced persistent threat (ATP) is a set of stealthy and continuous computer hacking processes, often targeting a specific entity.
True
{True/False}Network security serves as the first line of defense for governments and organizations. They support our global economy and communications infrastructure on which our society relies today.
True
The architecture of a web application includes the following tiers: Client Tier, Middle Tier and Data Tier
True
What Unix/Linux Command lists the contents of the current directory or folder?
LS
In cyber resilience the business priority is to support "continuous availability", the expectation is of always-on systems with zero downtime, and at the same time, our systems are more heterogeneous than ever. Which technologies will be critical to solving this expectation and complexity?
1. Artificial Intelligence 2 .Predictive systems 3. Orchestration as part of a software-defined resiliency story
Match the attack type with its description.
1. Denial of Service (DDoS): Attack that deliberately overloads a network in order to shut down its online capability 2. SQL Injection: Inserts commands code into a client application allowing that hacker access to their data 3. Phishing: Tricking a user into providing malicious software. 4. Malware: Malicious Software programmed to attack a target computer.
What is true about misconfiguration as one of the most challenging types of cyber threats?
1. Incidents where attackers gain access to vulnerable systems left exposed by inexperienced administrators or users (e.g. default factory settings) 2. Employees and insiders falling for phishing emails that resulted in account takeover or access to sensitive data. 3. Erroneous permission-level attribution on cloud services and networked backups exposed sensitive data through weak or non-existent authentication.
[Select Two] Which of the following are common attack vectors/ challenges for the Federal Government Agencies?
1. Lack of sufficient skills and administration 2. Mitigate insider threats
Why is it important to create an integrated security domain system?
1. Until recently, organizations have responded to security concerns by deploying a new tool to address each new risk. We've observed one company was using 85 tools from 45 different software vendors! Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. 2. Because it involves the partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats.
Web applications are vulnerable. What is the percentage of web applications that display at least one known vulnerability?
100%
According to John Mulligan (Interim CTO at Target) how many records were affected by their data breach?
40 million guests on payment card data & 70 million guests on personal dat
What is a botnet?
A type of malware that scales to attack a multitude of device
According to Managed Security Services, how many security incidents affect our networks globally?
Billions
What was the listed vulnerability for the Ceragon FiberAir IP-10 bridges?
Default Password for the root account
Which of the following motivators explain why cyber criminals carry out cyber-attacks?
Financial Gain Hacktivism Espionage Bragging Rights
In general, what is the first step an attacker will perform when attacking a system?
Footprinting
_________ is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It serves two main functions: host or network interface identification and location addressing.
IP Address
Which Microsoft Windows command displays all current TCP/IP network configuration values, and can refresh Dynamic Host Configuration Protocol and Domain Name System settings?
IPConfig
Which are the five phases for the Cyber Resilience Lifecycle based in NIST CSF?
Identify, Protect, Detect, Respond, Recover
[Select all that apply] Which of the following stressors are known to overwhelm cyber security personnel?
Overloaded by data & Shortage of skills to fill the needed positions & Dealing with unaddressed threats
The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Which of the following services is a DNS
Quad9
How can we secure our Internet traffic when connecting to external sites?
Secure Shell
The use of a cyber-attack for research purposes, such as probing potential vulnerabilities within a company's network or conducting penetration testing, is known as:
White Hat Hacking
Which of the following is a free and open-source packet analyzer? It is used for network troubleshooting, analysis, software and communications protocol development, and education?
Wireshark
Which of the following examples best illustrates a cyber threat?
You receive an email from an unknown account asking you to click on a link to claim a prize. & Hackers infiltrate a banking website and obtain customer account information