cybersecurity certification ibm

Ace your homework & exams now with Quizwiz!

Web applications are vulnerable. What is the percentage of web applications that display at least one known vulnerability? 50% 70% 95% 100%

100%

03/06 According to John Mulligan (Interim CTO at Target) how many records were affected by their data breach? 40 million guests on payment card data 70 million guests on personal data 200 million guests The amount of affected records is unknown

40 million guests on payment card data 70 million guests on personal data

Scripts have the following capabilities: Implement user interactions with the website Interact seamlessly with the website Perform any action that is related to the website Launch signed and safe controls All of the above

All of the above

What is Defense in Depth (DiD)? It is also known as the "Castle Approach" DiD is based on Roman defensive strategies from the 3rd and 4th centuries DiD defends a system from attack using a number of layered, independent technologies, known as controls It provides redundancy in the event a single security control fails, or a vulnerability is exploited. All of the above

All of the above

According to Managed Security Services, how many security incidents affect our networks globally? Hundreds of Thousands Millions Billions Trillions

Billions

An advanced persistent threat (ATP) is a set of stealthy and continuous computer hacking processes, often targeting a specific entity. True False

False

As of 2018, 40% of cyberattacks come from well-organized underground networks that share tools data, and expertise. True False

False

Based on the IBM X-Force report "The shifting panorama of global cybercrime", what is the biggest motivation for cybercriminals to attack companies around the world? Financial gain Hacktivism Terrorism Espionage

Financial gain

Based on the IBM X-Force report "The shifting panorama of global cybercrime", what is the biggest motivation for cybercriminals to attack companies around the world? Financial gain Hacktivism Terrorism Espionage

Financial gain

Which of the following is true regarding the Hypertext Transfer Protocol (HTTP)? HTTP is a communications protocol used to transfer information on intranets and the World Wide Web Describes the "language" used between the server tier and the data tier Uses the Port 23 (usually open for traffic even at the firewall level) All of the above

HTTP is a communications protocol used to transfer information on intranets and the World Wide Web

What is the I2P (Invisible Internet Project)? I2P unlike Tor wasn't designed to be resilient against blocking. I2P is a peer-to-peer network that allows applications to send messages to each other anonymously and securely. I2P has a central directory of nodes. All of the above.

I2P is a peer-to-peer network that allows applications to send messages to each other anonymously and securely.

Which are the five phases for the Cyber Resilience Lifecycle based in NIST CSF? Identify, Protect, Detect, Respond, Recover Investigate, Remediate, Protect, Recover, Take legal action Identify, Investigate, Remediate, Respond, Rework None of the above

Identify, Protect, Detect, Respond, Recover

What is an attack surface? Large monitor used for QRadar display in order to see small network diagram paths. Targeted companies for a cyber attack Portion of map on a globe that is affected by a large-scale cyber attack

Targeted companies for a cyber attack

Which of the following is considered to be a known truth about web applications? They don't show well on new high resolution (4K) monitors They often suffer from high severity vulnerabilities They are immune to SQL injection attacks because relational databases are now obsolete

They often suffer from high severity vulnerabilities

The use of a cyber-attack for research purposes, such as probing potential vulnerabilities within a company's network or conducting penetration testing, is known as: White Hat Hacking Code Red Hacking Hacktivism Benign Hacking

White Hat Hacking

[Select Two] Which of the following are common attack vectors/ challenges for the Federal Government Agencies? Lack of sufficient skills and administration Meeting the demands of their shareholders The decreasing volume of citizen data collected makes obsolete the need for governing data use and storage Abandoning analog operating models in favor of digital systems to transform the way they deliver service

Lack of sufficient skills and administration Meeting the demands of their shareholders

[Select all that apply] Which of the following stressors are known to overwhelm cyber security personnel? Overloaded by data Too many government regulations Shortage of skills to fill the needed positions Dealing with unaddressed threats

Overloaded by data Shortage of skills to fill the needed positions Dealing with unaddressed threats

Which of the following financial malware families ranks 1st on the global financial malware charts, with attacks that spread to banks in the USA, UK, Australia, and New Zealand? All of the above Neverquest Kronos Gozi

all of the above

Which of the following motivators explain why cyber criminals carry out cyber-attacks? Financial Gain Hacktivism Espionage Bragging Rights All of the above

all of the above

Evaluate the following statement. "Our site is safe if we use network vulnerability assessments, firewalls are in place and the data is encrypted with SSL". True False

false

Even though IoT security is a major concern, most of the critical systems like healthcare pacemakers and drug infusion pumps are still considered safe and "unhackable". True False

false

Footprinting and brute force are commonly used to perform a DDoS attack using the telnet port 22, benefiting from IoT devices' lack of security controls. True False

false

A single IoT device is not typically very powerful, so a single bot is not much of a threat. But DDoS botnet attacks are made up of hundreds of thousands of bots, all under the control of the hacker. True False

true

Is it true that both MERCK and MAERSK were heavily affected by the NOT-PETYA global cyberattack in 2017? True False

true

Through the explosion of data and wide adoption of IoT devices, the planet has effectively grown its own central nervous system. True False

true

Virtual Private Network (VPN) can help prevent spying on the internet and other network traffic and substantially enhance end-user privacy and security. True False

true

Which of the following examples best illustrates a cyber threat? A friend uses your Netflix login information without your knowledge Correct! You receive an email from an unknown account asking you to click on a link to claim a prize. Correct! Hackers infiltrate a banking website and obtain customer account information All of the Above

you receive an email from an unknown account asking you to click on a link to claim a prize. Hackers infiltrate a banking website and obtain customer account information

In HTML, what is the 'origin policy'? A. Only US made web servers can communicate with each other B. A script loaded from one origin cannot access a document from another origin C. You can only use one log-in per web site per device Only US made web servers can communicate with each other A script loaded from one origin cannot access a document from another origin You can only use one log-in per web site per device

A script loaded from one origin cannot access a document from another origin

What is a botnet? A robot that sits at a QRadar console and replaces low level network analysts Slang for a small network controller around the size of a soda bottle A type of malware that scales to attack a multitude of devices A network of automated bots that work in unison to scan for malicious software

A type of malware that scales to attack a multitude of devices

Denial of Service/Distributed Denial of Service Attacks that deliberately overloads a network in order to shut down its online capability. SQL Injection Inserts command code into a client application allowing that hacker access to their data. Phishing Tricking a user into providing protected information or downloading malicious software. Malware Malicious Software programmed to attack a target computer. Watering Hole Attack that compromises a specific target group by infecting websites used by the group.

Denial of Service/Distributed Denial of Service Attacks that deliberately overloads a network in order to shut down its online capability. SQL Injection Inserts command code into a client application allowing that hacker access to their data! Phishing Tricking a user into providing protected information or downloading malicious software. Malware Malicious Software programmed to attack a target computer. Watering Hole Attack that compromises a specific target group by infecting websites used by the group.

[SELECT TWO] What were the two of the most prominent financial cyber threats to Asian countries (excluding Japan)? Dridex Trickbot Kronos Neverquest

Dridex Trickbot

What is true about misconfiguration as one of the most challenging types of cyber threats? Choose two. Incidents where attackers gain access to vulnerable systems left exposed by inexperienced administrators or users (e.g. default factory settings) Employees and insiders falling for phishing emails that resulted in account takeover or access to sensitive data. Erroneous permission-level attribution on cloud services and networked backups exposed sensitive data through weak or non-existent authentication.

Incidents where attackers gain access to vulnerable systems left exposed by inexperienced administrators or users (e.g. default factory settings) Erroneous permission-level attribution on cloud services and networked backups exposed sensitive data through weak or non-existent authentication.

Which of the following is the top critical application security risk in the OWASP 2017 Top 10 vulnerabilities report? Injection Broken Authentication Sensitive Data Exposure Security Misconfiguration Cross-Site Scripting (XSS)

Injection

Network security serves as the first line of defense for governments and organizations. They support our global economy and communications infrastructure on which our society relies today. True False

True

TOR exit nodes are frequently used by attackers to inject malware and takedown network services. True False

True

The architecture of a web application includes the following tiers: Client Tier, Middle Tier and Data Tier. True False

True

The collective computing and storage capacity of smartphones surpasses that of all worldwide servers. True False

True

The dark web is a place that attackers use to hide their activity online and collaborate with other cybercriminals to interchange illegal goods - i.e., drugs, firearms, stolen identities - and develop sophisticated cyber-attack tools. True False

True

The volume of injection-type attacks nearly doubled in 2017 over the previous year as a result of botnet-based command injection attacks utilizing coin-mining tools. True False

True

Tor, an acronym of "The Onion Router," is a worldwide network of servers developed by the U.S. Navy, and used exclusively by U.S. government agencies to fight cybercrime. True False

True

Why is it important to create an integrated security domain system? Until recently, organizations have responded to security concerns by deploying a new tool to address each new risk. We've observed one company was using 85 tools from 45 different software vendors! Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. Costly and complex fragmented security capabilities provide the visibility and coordination needed to stop today's sophisticated attacks. Because it involves the partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats. The security portfolio structured around domains presents a less organized fashion to make sense of threats using logs, data, threats, flows, packets, etc. Because the traditional defense strategy is not to layer on another point-product tool or technology to an already fragmented and disjointed IT environment.

Until recently, organizations have responded to security concerns by deploying a new tool to address each new risk. We've observed one company was using 85 tools from 45 different software vendors! Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. Because it involves the partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats.

Which is NOT an example of an application security attack? Cross-site request forgery Security misconfiguration Using a hex string in a username field

Using a hex string in a username field


Related study sets

The Amazing Animals of the Mohave

View Set

Moters drives unit 2, Chapter 5- motor controls and transformers, DC/AC Drives Chapter 7, 8, 9, 2 primary windings, delta, wye,

View Set

Climate Change and Ozone- AP Review questions

View Set

RN Pediatric Nursing Online Practice 2023 B

View Set