A growing number of exciting, well-paying jobs in today’s security industry do not require a college degree. This is the final course required to assess your acquired knowledge and skills from the previous two specializations, IT Fundamentals of Cybersecurity and Security Analyst Fundamentals, to become job-ready for a cybersecurity analyst role. You will be expected to pass a final assessment quiz for each of the seven (7) prior courses within the IBM Cybersecurity Analyst Professional Certificate. Upon successful completion of the quizzes, you will acquire the IBM Cybersecurity Analyst Professional Certificate. Enroll on Coursera IBM Cybersecurity Analyst Assessment Coursera Quiz AnswersQ1. Implementing a Security Awareness training program would be an example of which type of control?
Q2. Putting locks on a door is an example of which type of control?
Q3. How would you classify a piece of malicious code that can replicate itself and spread to new systems?
Q4. To engage in packet sniffing, you must implement promiscuous mode on which device?
Q5. Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability?
Q6. An organization wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours and then makes sure the office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)
Q7. Which two factors contribute to cryptographic strength? (Select 2)
Q8. Trying to break an encryption key by trying every possible combination of characters is called what?
Q9. Which of the following describes the core goals of IT security?
Q10. Which three (3) roles are typically found in an Information Security organization? (Select 3)
Q11. Problem Management, Change Management, and Incident Management are all key processes of which framework?
Q12. Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?
Q13. In cybersecurity, Accountability is defined as what?
Q14. Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are authentication methods? (Select 3)
Q15. Which three (3) of the following are Physical Access Controls? (Select 3)
Q16. If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file systems could you select? (Select 2)
Q17. Which three (3) permissions can be set on a file in Linux? (Select 3)
Q18. If cost is the primary concern, which type of cloud should be considered first?
Q19. Consolidating and virtualizing workloads should be done when?
Q20. Which of the following is a self-regulating standard set up by the credit card industry in the US?
Q21. Which two (2) of the following attack types target endpoints?
Q22. If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed, which statement best characterizes the actions it is able to take automatically?
Q23. Granting access to a user based upon how high up he is in an organization violates what basic security premise?
Q24. Hashing ensures which of the following?
Q25. Which of these methods ensures the authentication, non-repudiation, and integrity of digital communication?
Q26. Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)
Q27. Which statement best describes configuring a NAT router to use static mapping?
Q28. If a computer needs to send a message to a system that is part of the local network, where does it send the message?
Q29. Which are properties of a highly available system?
Q30. Which three (3) of these statements about the UDP protocol are True? (Select 3)
Q31. What is one difference between a Stateful Firewall and a Next-Generation Firewall?
Q32. You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?
Q33. Hassan is an engineer who works a normal day shift from his company’s headquarters in Austin, TX USA. Which two (2) of these activities raise the most cause for concern? (Select 2)
Q34. Which three (3) of the following are considered safe coding practices? (Select 3)
Q35. Which three (3) items should be included in the Planning step of a penetration test? (Select 3)
Q36. Which portion of the pentest report would cover the risk ranking, recommendations, and roadmap?
Q41. NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication & Recovery strategy?
Q37. True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.
Q38. Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3)
Q39. What scripting concept will repeatedly execute the same block of code while a specified condition remains true?
Q40. Which two (2) statements about Python are true? (Select 2)
Q41. In the Python statement pi=”3″ What data type is the data type of the variable pi?
Q42. What will be printed by the following block of Python code? def Add5(in) out=in+5 return out print(Add5(10))
Q43. Which threat intelligence framework was developed by the US Government to enable consistent characterization and categorization of cyberthreat events?
Q44. True or False. An organization’s security immune system should be integrated with outside organizations, including vendors and other third parties.
Q45. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)
Q46. True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, but not directly.
Q47. All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data?
Q48. True or False. WireShark has an impressive array of features and is distributed free of charge.
Q49. In which component of a Common Vulnerability Score (CVSS) would privileges required be reflected?
Q50. The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
Q51. You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your online storefront which will result in $10M in losses to your company. What have you just determined?
Q52. Which one of the OWASP Top 10 Application Security Risks would occur when an application’s API exposes financial, healthcare or other PII data?
Q53. Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)
Q54. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas ?
Q55. The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong ?
Q56. Which of these is a good definition for cyber threat hunting ?
Q57. There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.
Q58. Which three (3) soft skills are important to have in an organization’s incident response team? (Select 3)
Q59. Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle ?
Q60. Which three (3) of these statistics about phishing attacks are real? (Select 3)
Q61. Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)
Q62. Which three (3) are malware types commonly used in PoS attacks to steal credit card data ? (Select 3)
Q63. According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security ?
Q64. You get a phone call from a technician at the “Windows company” who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the “simple utility” as asked ?
Q65. What is an effective fully automated way to prevent malware from entering your system as an email attachment ?
Q66. True or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family.
Q67. Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)
Q68. True or False. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.
Q69. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics ?
Q70. Solution architectures often contain diagrams like the one below. What does this diagram show ? <<Solution Architecture Data Flow.png>>
Q71. Port numbers 1024 through 49151 are known as what ?
Q72. Which layer of the OSI model to packet sniffers operate on ?
Q73. True or False. Internal attacks from trusted employees represents every bit as significant a threat as external attacks from professional cyber criminals.
Q74. According to the FireEye Mandiant’s Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations ?
Q74. Which country had the highest average cost per breach in 2018 at $8.19M
Q76. Which two (2) of these Python libraries provides useful statistical functions? (Select 2)
Q77. What will print out when this block of Python code is run ? i=1 #i=i+1 #i=i+2 #i=i+3 print(i)
Q78. Which three (3) statements about Python variables are true? (Select 3)
Q79. PowerShell is a configuration management framework for which operating system ?
Q80. In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log ?
Q81. Forensic analysis should always be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee, if you suspect he has deleted incriminating files ? (Select 2)
Q82. Which of the following would be considered an incident precursor ?
Q83. If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task ?
Q84. Which type of list is considered best for safe coding practice ?
Q85. Which three (3) of these statements about the TCP protocol are True? (Select 3)
Q86. In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network ?
Q87. A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this company need to assure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations ?
Q88. Which of the following statements about hashing is True ?
Q89. Why is hashing not a common method used for encrypting data ?
Q90. Public key encryption incorporating digital signatures ensures which of the following ?
Q91. What is the primary authentication protocol used by Microsoft in Active Directory ?
Q92. Granting access to a user account only those privileges necessary to perform its intended functions is known as what ?
Q93. Island hopping is an attack method commonly used in which scenario ?
Q94. Which security concerns follow your workload even after it is successfully moved to the cloud ?
Q95. Which form of Cloud computing combines both public and private clouds ?
Q96. Which component of the Linux operating system interacts with your computer’s hardware ?
Q97. The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control ?
Q98. In cybersecurity, Authenticity is defined as what ?
99. ITIL is best described as what ?
Q100. Which position is in charge of testing the security and effectiveness of computer information systems ?
Q101. A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented? (Select 2)
Q102. An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the CIA Triad?
Q103. What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your system be called ?
Q104. Fancy Bears and Anonymous are examples of what ?
Q105. Implement a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack ?
Q106. Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated ?
Q107. Which position is responsible for the “ethical hacking” of an organizations computer systems ?
Q108. Which three (3) are considered best practices, baselines or frameworks? (Select 3)
Q109. What does the “A” in the CIA Triad stand for ?
Q110. Windows 10 stores 64-bit applications in which directory ?
Q111. Which statement about drivers running in Windows kernel mode is true ?
Q112. Which statement best describes configuring a NAT router to use dynamic mapping ?
Q113. Which address type does a computer use to get a new IP address when it boots up ?
Q114. Which type of firewall understands which session a packet belongs to and analyzes it accordingly ?
Q115. A penetration tester involved in a “Black box” attack would be doing what ?
Q116. In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)
Q117. Which three (3) of the following are considered scripting languages? (Select 3)
Q118. What is the largest number that will be printed during the execution of this Python while loop ? i=0 while (i<10): print(i) i=i+1
Q119. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)
Q120. Which one of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user’s browser that can hijack sessions.
Q121. SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)
Q122. True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.
Q123. True or False. Cloud-based storage or hosting providers are among the top sources of third-party breaches
Q124. Very provocative articles that come up in news feeds or Google searches are sometimes called “click-bait”. These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites ?
IBM Cybersecurity Analyst Assessment Coursera Course Review:In our experience, we suggest you enroll in IBM Cybersecurity Analyst Assessment courses and gain some new skills from Professionals completely free and we assure you will be worth it. IBM Cybersecurity Analyst Assessment course is available on Coursera for free, if you are stuck anywhere between quiz or graded assessment quiz, just visit Networking Funda to get IBM Cybersecurity Analyst Assessment Coursera Quiz Answers. Conclusion:I hope this IBM Cybersecurity Analyst Assessment Coursera Quiz Answers would be useful for you to learn something new from this Course. If it helped you then don’t forget to bookmark our site for more Coursera Quiz Answers. This course is intended for audiences of all experiences who are interested in learning about new skills in a business context; there are no prerequisite courses. Keep Learning! << Previous Course Quiz Answers Cybersecurity Capstone: Breach Response Case Studies All Course Quiz Answers of IBM Cybersecurity Analyst Professional Certificate Course 01: Introduction to Cybersecurity Tools & Cyber Attacks Course 02: Cybersecurity Roles, Processes & Operating System Security Course 03: Cybersecurity Compliance Framework & System Administration Course 04: Network Security & Database Vulnerabilities Course 05: Penetration Testing, Incident Response, and Forensics Course 06: Cyber Threat Intelligence Course 07: Cybersecurity Capstone: Breach Response Case Studies Course 08: IBM Cybersecurity Analyst Assessment |