bomonike

networking.png

Question 17 Which company developed and now owns Linux?

RedHat

Ubuntu

SUSE

None of the above.

Question 34 Translation of domain names to IP addresses and vice versa is carried out by which protocol?

DNS

ARP

DHCP

SNMP

HTTP

Skip to main content Coursera M

SEARCH IN COURSE

Search

English

4

Menu pop-up Collapsed

Hide menu Practice Test Reading: ReadingIBM Cybersecurity Analyst Professional Certificate Practice Exam . Duration: 2 minutes2 min Practice Assignment: IBM Cybersecurity Analyst Practice Quiz Submitted Final Exam IBM Cybersecurity Analyst Assessment Module 1 IBM Cybersecurity Analyst Practice Quiz

Previous

Next IBM Cybersecurity Analyst Practice Quiz Ready to review what you’ve learned before starting the assignment? I’m here to help.

Help me practice

Let’s chat Assignment details Submitted October 24, 10:02 AM MDTOct 24, 10:02 AM MDT Attempts Unlimited

Try again Your grade To pass you need at least 80%. We keep your highest score.

76.21%

View submission

See feedback

Like

Dislike

Report an issue IBM Cybersecurity Analyst Practice Quiz Practice Assignment • 2h

English Your grade: 76.21% Your latest: 76.21%• Your highest: 76.21%• To pass you need at least 80%. We keep your highest score.

Try again 1. Question 1 A Denial of Service (DDoS) attack typically involves a bad actor sending millions of requests to a computer overwhelming that system’s ability to process them all properly. This is a violation of which aspect of the CIA Triad?

Confidentiality

Integrity

Availability

All of the above. Correct Correct! Status: [object Object] 1 / 1 point 2. Question 2 Money is the primary motivation for which type of hacking organization?

Governments

Hactivists

White hats

Black hats Correct Correct! Status: [object Object] 1 / 1 point 3. Question 3 The common vulnerability exploited in all social engineering attacks is what?

Public infrastructure like dams and electrical grids

Social media platforms

People

Firewalls Correct Correct! Status: [object Object] 1 / 1 point 4. Question 4 A directive from upper management stating that all employees must wear an ID badge at all times is an example of what?

Security policy

Security guideline

Security architecture

Security standard Correct Correct! Status: [object Object] 1 / 1 point 5. Question 5 Policies, procedures and tactical plans are all part of what?

Security awareness training

The CIA Triad

The IT Governance process.

The OWASP “Top 10” Correct Correct! Status: [object Object] 1 / 1 point 6. Question 6 Trudy intercepts a plain text-message sent by Alice and changes the location of a meeting that Alice is trying to arrange with Bob before she forwards the altered message to Bob. Which two (2) aspects of the CIA Triad were violated? (Select 2)

Authentication

Integrity Correct Partially correct!

Confidentiality Correct Partially correct!

Availability Status: [object Object] 1 / 1 point 7. Question 7 To exchange messages between two people using symmetric key encryption, how many unique encryption keys are required?

0

1

2

4 Correct Correct! Status: [object Object] 1 / 1 point 8. Question 8 In digital forensics, the record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence is called what?

Record of custody

Chain of custody

Forensic custody record

Forensic index Correct Correct! Status: [object Object] 1 / 1 point 9. Question 9 Which of the following models how to document the processes, functions, and roles of IT Service Management?

The Information Technology Infrastructure Library (ITIL) framework.

The Business Process Management Framework.

The CIA Triad.

The Open Web Application Security Project (OWASP) Framework. Correct Correct! Status: [object Object] 1 / 1 point 10. Question 10 An unplanned interruption to an IT Service would be handled by which ITIL process?

Information Security Management

Event Management

Service Level Management

Problem Management

Incident Management

Change Management Correct Correct! Status: [object Object] 1 / 1 point 11. Question 11 Which role is a high-level management position responsible for the entire computer security department and staff?

Chief Information Security Officer (CISO)

Information Security Architect

Information Security Auditor

Information Security Analyst Correct Correct! Status: [object Object] 1 / 1 point 12. Question 12 Alice, Bob and Trudy are fictional characters commonly used to illustrate which aspect of information security?

ISO27000

NIST 800-53

The CIA Triad. *** ITIL Incorrect Incorrect. This was covered in Cybersecurity Roles, Processes & Operation System Security: Examples & Principles of the CIA Triad Status: [object Object] 0 / 1 point 13. Question 13 Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an availability violation?

Trudy cannot read it because it is encrypted but allows it to be delivered to Bob in its original form.

Trudy changes the message and then forwards it on.

Trudy reads the message.

Trudy deletes the message without reading or forwarding it. Correct Correct! Status: [object Object] 1 / 1 point 14. Question 14 Which are the three (3) factor categories used in multi factor authentication? (Select 3)

Something you can do.

Someone you know.

Something you have. Correct Partially correct!

Something you know. Correct Partially correct!

Something you are. Correct Partially correct! Status: [object Object] 1 / 1 point 15. Question 15 Mary has access to certain resources because she is in the Research division of her company. She has access to other resources because she is a manager. Which access control system is probably in use in her company?

Hierarchical Access Control (HAC)

Mandatory Access Control (MAC)

Role Based Access Control (RBAC)

Discretionary Access Control (DAC) Correct Correct! Status: [object Object] 1 / 1 point 16. Question 16 In Windows, how many unique address spaces are used by applications running in user mode?

1

64

As many as there are applications running.

As many as there are processes running. Incorrect Incorrect. This was covered in Cybersecurity Roles, Processes & Operation System Security: Windows Operating System Security Basics Status: [object Object] 0 / 1 point 17. Question 17 Which company developed and now owns Linux?

RedHat

Ubuntu

SUSE

None of the above. Correct Correct! Status: [object Object] 1 / 1 point 18. Question 18 Which of the following statements about hypervisors is true?

A hypervisor is an application that runs in an operating system.

A hypervisor runs inside of a virtual image.

A hypervisor is hardware that coordinates process tasks between CPUs.

A hypervisor operates between the hardware and the operating system. Correct Correct! Status: [object Object] 1 / 1 point 19. Question 19 If data security is the primary concern, which type of cloud should be considered first?

Hybrid cloud

Universal cloud

Public cloud

Private cloud Correct Correct! Status: [object Object] 1 / 1 point 20. Question 20 An employee seeking to damage his company because he did not get an expected promotion would be classified as which type of actor?

Hactivists

Inadvertent Actor

Outsiders

Malicious Insider Correct Correct! Status: [object Object] 1 / 1 point 21. Question 21 When examining endpoint security, which three (3) of the following would be classified as clients? (Select 3)

Laptop Correct Partially correct!

Cellphone Correct Partially correct!

Personal Computer Correct Partially correct!

Cloud-based email service Status: [object Object] 1 / 1 point 22. Question 22 Which two (2) Windows patch classifications should always be installed quickly? (Select 2)

Critical Correct Partially correct!

High This should not be selected Incorrect. This was covered in Cybersecurity Compliance Framework & System Administration: Client System Administration, Endpoint Protection and Patching

Urgent

Confidential

Important Status: [object Object] 0.6 / 1 point 23. Question 23 When working on a Windows computer, which mode will you usually be operating in?

System mode

Host mode

Client mode

Kernel mode

User mode Correct Correct! Status: [object Object] 1 / 1 point 24. Question 24 In Active Directory, Administrator, Guest, HelpAssistant, and KRBTGT are all examples of what?

Local accounts

Global accounts

Roles

Domain accounts Incorrect Incorrect. This was covered in Cybersecurity Compliance Framework & System Administration: Server and User Administration Status: [object Object] 0 / 1 point 25. Question 25 Digital signatures ensure which of the following?

Authentication

Non-repudiation

Integrity

All of the above. Correct Correct! Status: [object Object] 1 / 1 point 26. Question 26 How will Quantum computing impact the effectiveness of cryptography?

Both Symmetric and Public Key encryption will work fine if you use quantum keys.

Symmetric key encryption will be weakened, and Public Key encryption will be broken.

Both Symmetric and Public Key encryption will be worthless. The only hope for cryptography will be the development of some new quantum encryption technology.

Symmetric key encryption will be weakened but Public Key encryption will not be impacted. Incorrect Incorrect. This was covered in Cybersecurity Compliance Framework & System Administration: Cryptography and Compliance Pitfalls Status: [object Object] 0 / 1 point 27. Question 27 When can data be encrypted?

While at rest only.

While in transit and while in use only

While at rest or in transit only.

While at rest, in transit and in use.

While at rest or while in use only. Correct Correct! Status: [object Object] 1 / 1 point 28. Question 28 How are Rainbow Tables used by hackers?

To match individual characters against their hashed values across a broad range of standard hashing algorithms.

To coordinate a “full spectrum” attack against a given target all at once.

To better understand the demographics of a target when constructing a phishing attack email.

To decipher stolen passwords by looking up a hashed password and matching it to a string of clear text. Correct Correct! Status: [object Object] 1 / 1 point 29. Question 29 Which of the following inspections can be performed only by a stateful firewall and not by a stateless firewall?

the destination port

if the packet belongs to an open session

the source IP address

the service or protocol used

the destination IP address Correct Correct! Status: [object Object] 1 / 1 point 30. Question 30 Which statement best describes the results of configuring a NAT router to use static address mapping?

Many unregistered IP addresses are mapped to a single registered IP address using different port numbers.

The organization will need as many registered IP addresses as it has computers that need Internet access.

The NAT router uses each computer’s IP address for both internal and external communication.

Unregistered IP addresses are mapped to registered IP addresses as they are needed. Incorrect Incorrect. This was covered in Network Security & Database Vulnerabilities: TCP/IP Framework Status: [object Object] 0 / 1 point 31. Question 31 Which address type does a router use to deliver a packet to a computer on its own local network?

The network’s DHCP server address.

The computer’s domain name.

The network’s default gateway address.

The computer’s MAC address.

The network’s DNS server address.

The computer’s IP address. Correct Correct! Status: [object Object] 1 / 1 point 32. Question 32 How do you represent the number 8 in binary?

1000

1010

1100

1111 Correct Correct! Status: [object Object] 1 / 1 point 33. Question 33 A subnet mask of 255.0.0.0 is used for which class of network?

Class A

Class B

Class C

Class D Correct Correct! Status: [object Object] 1 / 1 point 34. Question 34 Translation of domain names to IP addresses and vice versa is carried out by which protocol?

DNS

ARP

DHCP

SNMP

HTTP Correct Correct! Status: [object Object] 1 / 1 point 35. Question 35 Distributed databases and data warehouses would be considered which data model type?

Semi-structured data

Unstructured data

Structured data

Structureless data Correct Correct! Status: [object Object] 1 / 1 point 36. Question 36 Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?

Attempts to create a list of user ID credentials using an SQL query rather than your organization’s identity management application.

An authorized user attempts to run SQL statements with invalid syntax.

A Finance department application that is accessed far more in the last few days of each month than at any other time.

A user who changes his password the first day of every month like clockwork. Correct Correct! Status: [object Object] 1 / 1 point 37. Question 37 Which operating system is immune from OS Command Injection attacks?

Windows

Linux

MacOS

None of the above. Correct Correct! Status: [object Object] 1 / 1 point 38. Question 38 Which two (2) are phases of a penetration test? (Select 2)

Containment

Restoration

Discovery Correct Partially correct!

Exploitation or Attack Correct Partially correct! Status: [object Object] 1 / 1 point 39. Question 39 Select the correct option to fill in the blank with the missing step in the penetration test attack phase. Gaining Access, __, System Browsing, Installing Additional Tools.

Scanning Ports

Exfiltrating Files

Escalating Privileges

Vulnerability Scanning Incorrect Incorrect. This was covered in Penetration Testing, Incident Response and Forensics: Penetration Testing Status: [object Object] 0 / 1 point 40. Question 40 Which are the first three phases of incident response?

Preparation, Detection & Analysis, Containment, Eradication & Recovery.

Preparation, Review, Analysis.

Containment, Eradication, Recovery.

Detection, Analysis, Remediation. Incorrect Incorrect. This was covered in Penetration Testing, Incident Response and Forensics: Incident Response Status: [object Object] 0 / 1 point 41. Question 41 Which type of monitoring system is designed to stop unauthorized users from accessing or downloading sensitive data?

IPS

IDS

DLP

SIEM Incorrect Incorrect. This was covered in Penetration Testing, Incident Response and Forensics: Incident Response Status: [object Object] 0 / 1 point 42. Question 42 Why would you make hash values of all the data on a system before you move it or begin to analyze it?

To encrypt the original data so it cannot be further corrupted.

Data analysis is primarily focused on what you learn from the hash values.

To preserve the integrity of the original data.

To expose viruses or malware signatures in the data. Correct Correct! Status: [object Object] 1 / 1 point 43. Question 43 Which three (3) of the following data types are considered volatile? (Select 3)

Slack space Correct Partially correct!

Login sessions Correct Partially correct!

Running processes

Swap files This should not be selected Incorrect. This was covered in Penetration Testing, Incident Response and Forensics: Digital Forensics Status: [object Object] 0.5 / 1 point 44. Question 44 Which three (3) of the following are examples of how scripts are used today? (Select 3)

Backups

Transcription This should not be selected Incorrect. This was covered in Penetration Testing, Incident Response and Forensics: Introduction to Scripting

Automation Correct Partially correct!

Testing Correct Partially correct! Status: [object Object] 0.5 / 1 point 45. Question 45 What will be printed by the following block of Python code?

def Add5(in)

out=in+5

return out

print(Add5(10))

Add5(10)

15

5

10 Correct Correct! Status: [object Object] 1 / 1 point 46. Question 46 How is Python developed and distributed?

Python is an Open Source project and distributed free of charge.

Python is developed by Google and distributed free of charge.

Python is developed by IBM and distributed free of charge.

Python is developed by RedHat and distributed free of charge. Correct Correct! Status: [object Object] 1 / 1 point 47. Question 47 How do you indicate some text is only a comment in a Python file?

Any code between double angle brackets (i.e. «comments») is considered a comment.

Comments are isolated inside a comment function, i.e. comment(“this is a comment only”).

Use a hash “#” character. Everything to the right of that character on the same line will be treated as a comment.

Comments must be entire lines that start with “REM”. Correct Correct! Status: [object Object] 1 / 1 point 48. Question 48 Which country had the highest average cost per breach in 2018 at $8.19M

Germany

Japan

Russia

United States

United Kingdom

China Correct Correct! Status: [object Object] 1 / 1 point 49. Question 49 Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)

Detect deviations from the norm that indicate early warnings of APTs.

Perform forensic investigation. Correct Partially correct!

Prioritize vulnerabilities to optimize remediation processes and close critical exposures.

Gather full situational awareness through advanced security analytics. Correct Partially correct! Status: [object Object] 1 / 1 point 50. Question 50 Which mobile operating system is being developed in a consortium that includes the Open Handset Alliance?

Blackberry

iOS

Android

Windows Incorrect Incorrect. This was covered in Cyber Threat Intelligence: Data Loss Prevention & Mobile Endpoint Status: [object Object] 0 / 1 point 51. Question 51 Which data protection process provides prebuilt capabilities, mapped to specific regulations, to create the necessary resources to implement and demonstrate compliance with these regulations?

Automated compliance support

Blocking, masking and quarantining

Active analytics

Real-time alerting Correct Correct! Status: [object Object] 1 / 1 point 52. Question 52 A university just upgraded their email system, so it now encrypts all email by default. What aspect of the CIA Triad does this upgrade support?

Authorization

Integrity

Confidentiality

Availability Correct Correct! Status: [object Object] 1 / 1 point 53. Question 53 Which component of a vulnerability scanner allows the administrator to operate the scanner?

Report Module

Engine Scanner

User Interface

Database Correct Correct! Status: [object Object] 1 / 1 point 54. Question 54 The Common Vulnerability Scoring System (CVSS) is designed to help a company prioritize vulnerabilities. Which score would indicate a very high priority vulnerability?

1

High

Red

10 Correct Correct! Status: [object Object] 1 / 1 point 55. Question 55 The foundation of robust security depends upon a number of factors including which two (2) of these? (Select 2)

Use systematic analysis of the threats and controls. Correct Partially correct!

Strict adherence to security architecture standards such as ISO/IEC: 20071.

Build with a clearly communicated structure. Correct Partially correct!

Iterate design and build for rapid deployment. Status: [object Object] 1 / 1 point 56. Question 56 The Recover step in the DevSecOps Operate & Monitor phase contains which of these activities?

Virtual Patching

Root Cause Analysis

Inventory

Compliance Correct Correct! Status: [object Object] 1 / 1 point 57. Question 57 Which of these is an aspect of an Enterprise Architecture?

Shows the internal data and use of reusable or off-the-shelf components.

Does not describe the internals of the main components or how they will be implemented.

Gives the technology perspectives in detail.

Describes how specific products or technologies are used. Correct Correct! Status: [object Object] 1 / 1 point 58. Question 58 Which three (3) of these are features of Solution Building Blocks (SBBs)? (Select 3)

Specifies the technical components to implement a function. Correct Partially correct!

Add context of the platforms and environments.

May be product or vendor aware.

Is product and vendor neutral. This should not be selected Incorrect. This was covered in Cyber Threat Intelligence: Application Security and Testing Status: [object Object] 0.25 / 1 point 59. Question 59 Which two (2) approaches do SIEMs take to establish relationships between event log entries? (Select 2)

map and grid

correlation/regression analysis

rule-based Correct Partially correct!

statistical correlation engine based Correct Partially correct! Status: [object Object] 1 / 1 point 60. Question 60 What is event coalescing in SIEM data processing?

Multiple endpoints, such as all of the laptops belonging to the same department, are treated as a single device for analysis purposes.

It is the promotion of an event to a higher status due to its severity or the presence of multiple similar events.

When 3 events are found with matching properties within a 10 second period, they are coalesced into a single event.

It is the dropping of duplicate event records from the same source. Incorrect Incorrect. This was covered in Cyber Threat Intelligence: SIEM Platforms Status: [object Object] 0 / 1 point 61. Question 61 Targeted acts of war, espionage, hacktivists, targeted data theft, and indirect criminal activities designed for mass disruption are collectively referred to as what?

The vulnerability profile.

The threat surface.

The attack vector.

The countermeasure challenge. Incorrect Incorrect. This was covered in Cyber Threat Intelligence: Threat Hunting Status: [object Object] 0 / 1 point 62. Question 62 Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain? (Select 3)

Withdraw and Cover Up This should not be selected Incorrect. This was covered in Cyber Threat Intelligence: Threat Hunting

Command & Control Correct Partially correct!

Installation Correct Partially correct!

Actions on Objectives Status: [object Object] 0.5 / 1 point 63. Question 63 In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list? (Select 3)

Develop an incident response plan based on the incident response policy. Correct Partially correct!

Establish a formal incident response capability. Correct Partially correct!

Establish policies and procedures regarding incident-related information sharing. Correct Partially correct!

Secure sufficient funding for the incident response team. Status: [object Object] 1 / 1 point 64. Question 64 Holding a cross-departmental meeting to review lessons learned from an incident after it has been resolved falls into which phase of the incident response lifecycle?

Containment, Eradication & Recovery

Preparation

Detection & Analysis

Post-Incident Activity Correct Correct! Status: [object Object] 1 / 1 point 65. Question 65 What are three (3) common signs that an email might be a phishing attack? (Select 3)

It is generically address, for example, to “Dear Customer”. Correct Partially correct!

It is from a company you have done business with and contains advertisements for products similar to what you have purchased from them in the past.

It is not from someone you know or do business with. Correct Partially correct!

There is a request to click a link and provide personal “account” details. Correct Partially correct! Status: [object Object] 1 / 1 point 66. Question 66 True of False. Because of their large volume of transactions, it is often easier for an attacker to successfully penetrate the PoS systems of a major retail chain than it is that of a small independent business where every transaction can be viewed by the owner.

True

False Incorrect Incorrect. This was covered in Cybersecurity Capstone: POS Breach Status: [object Object] 0 / 1 point 67. Question 67 True or False. A study conducted by the Ingenico Group recommended the use of Tokenization which replaces credit card data with a secure token while the data is at rest.

True

False Correct Correct! Status: [object Object] 1 / 1 point 68. Question 68 According to NIST, Cyber Supply Chain Risk Management (SCRM) activities include which of the following?

Determining cybersecurity requirements for suppliers.

Communicating to suppliers how cybersecurity requirements will be verified and validated.

Enacting cybersecurity requirements through formal agreements.

All of the above. Correct Correct! Status: [object Object] 1 / 1 point 69. Question 69 You get a pop-up message on your screen telling you that highly confidential company files have been downloaded and will be made public unless you pay a fee. What type of ransomware has attacked your system?

Crypto

Locker

Blockware

Leakware/Doxware Incorrect Incorrect. This was covered in Cybersecurity Capstone: Ransomware Status: [object Object] 0 / 1 point 70. Question 70 What is an effective fully automated way to prevent malware from entering your system as an email attachment?

Fully patched operating system and applications.

Strong passwords.

A full system backup.

Anti-virus software. Incorrect Incorrect. This was covered in Cybersecurity Capstone: Ransomware Status: [object Object] 0 / 1 point