IBM Cybersecurity Analyst Professional Certificate
Coursera Courses | Note: These courses have a lot of spelling errors.
Introduction to Cybersecurity Tools & Cyber Attacks
Which of the following statements is True?
Passive attacks are easy to detect because of the latency created by the interception and second forwarding.
Passive attacks are hard to detect because the original message is never delivered so the receiving does not know they missed anything.
Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.
Passive attacks are easy to detect because the original message wrapper must be modified by the attacker before it is forwarded on to the intended recipient.
The purpose of security services includes which three (3) of the following?
Are intended to counter security attacks.
Enhance security of data processing systems and information transfer.
Often replicate functions found in physical documents
Includes any component of your security infrastructure that has been outsourced to a third-party
Which statement best describes access control?
Protection against denial by one of the parties in communication
Protection against the unauthorized disclosure of data
Assurance that the communicating entity is the one claimed
Prevention of unauthorized use of a resource
The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?
Transmission cost sharing between member countries
Data transmission speeds
Authentication
Access Control
Data Confidentiality
Protocol suppression, ID and authentication are examples of which?
Security Architecture
Security Mechanism
Business Policy
Security Policy
The motivation for more security in open systems is driven by which three (3) of the following factors?
New requirements from the WTO, World Trade Organization
The appearence[sic] of data protection legislation in several countries.
The desire by a number of organizations to use OSI recommendations.
Society's increasing dependance[sic] on computers.
True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.
True
True or False: The accidental disclosure of confidential information by an employee is considered an attack.
True
A replay attack and a denial of service attack are examples of which?
Security architecture attack
Passive attack
Masquerade attack
Origin attack
True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.
False
How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?
Worm
How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?
Virus
How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?
Spyware
A large scale Denial of Service attack usually relies upon which of the following?
A botnet
Antivirus software can be classified as which form of threat control?
Technical controls
Which of the following measures can be used to counter a mapping attack?
Record traffic entering the network
Look for suspicious activity like IP addresses or ports being scanned sequentially.
Use a host scanner and keep an inventory of hosts on your network.
All of the above.
In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?
Promiscuous mode
Which countermeasure can be helpful in combating an IP Spoofing attack?
Ingress filtering
Enable IP Packet Authentication filtering
Keep your certificates up-to-date
Enable the IP Spoofing feature available in most commercial antivirus software.
All of the above.
Which two (2) measures can be used to counter a Denial of Service (DOS) attack?
Enable the DOS Filtering option now available on most routers and switches.
Implement a filter to remove flooded packets before they reach the host.
Use traceback to identify the source of the flooded packets.
Enable packet filtering on your firewall.
Which countermeasure should be used against a host insertion attack?
Maintain an accurate inventory of of computer hosts by MAC address.
Use a host scanning tool to match a list of discovered hosts against known hosts.
Investigate newly discovered hosts.
All of the above.
Which is not one of the phases of the intrusion kill chain?
Installation
Activation
Command and Control
Delivery
Which social engineering attack involves a person instead of a system such as an email server?
Vishing
Spectra
Phishing
Cyberwarfare
Which of the following is an example of a social engineering attack?
Logging in to the Army's missle[sic] command computer and launching a nuclear weapon.
Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.
Setting up a web site offering free games, but infecting the downloads with malware.
Sending someone an email with a Trojan Horse attachment.
True or False: While many countries are preparing their military for a future cyberwar, there have been no "cyber battles" to-date.
False
Which tool did Javier say was crucial to his work as a SOC analyst?
SIEM (Security Information and Event Management): Tools like QRadar SIEM are crucial to Javier since he can use it to perform advanced corrolations and threat intelligence integration.
Which hacker organization hacked into the Democratic National Convension[sic] and released Hillery[sic] Clinton's emails?
Fancy Bears[sic]
What challenges are expected in the future?
Enhanced espionage from more countries
Far more advanced malware
New consumer technology to exploit
Why are cyber attacks using SWIFT so dangerous?
Cyber attacks using SWIFT are so dangerous as the protocol used by all banks to transfer money which risks confidential customer data
Explanation:
SWIFT used by banking institutions, where the entire banking operation is connected to a messaging network with the help of data which originally aimed at making communications between banks easier.
Although the Government had taken various measures to prevent Cyber attacks are common occurrences that steal customer data and fetch money from their account.
Hence, SWIFT, which relies on the internet and networking might backfire and be a major threat to the people.
Which statement best describes Authentication?
Assurance that a resource can be accessed and used
Assurance that the communicating entity is the one claimed
Protection against denial by one of the parties in communication
Prevention of unauthorized use of a resource
Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?
Contingent security mechanism
Active security mechanism
External security mechanism
Passive security mechanism
If an organization responds to an intentional threat, that threat is now classified as what?
An attack
-An active threat
A malicious threat
An open case
An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?
-Water Hole
Advanced Persistent Threat
Spectra
Denial of Service (DOS)
Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?
Account compromise
Attorney impersonation
Request to make a payment
CEO Fraud, where CEO sends email to an employee
Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?
Black Hats
A political motivation is often attributed to which type of actor?
Hacktivist
Which type of actor hacked the 2016 US Presidential Elections?
Government
True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered.
Cryptography, digital signatures, access controls and routing controls considered which?
-Pervasive security mechanisms
security policy
Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.
Packet Sniffing
True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.
True or False: A tornado threatening a data center can be classified as an attack.
Traffic flow analysis is classified as which?
Passive attack
Botnets can be used to orchestrate which form of attack?
Distribution of Spam
-DDoS attacks
Phishing attacks
Distribution of Spyware
As a Malware launchpad
All of the above
Policies and training can be classified as which form of threat control?
-Administrative controls
Passive Controls
Encrypting your email is an example of addressing which aspect of the CIA Triad?
Confidentiality
Integrity
Availability
Trudy changes the meeting time in a message she intercepts from Alice before she forwards it on to Bob. This is a violation of which aspect of the CIA Triad?
Confidentiality
Integrity
Availability
You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad?
Confidentiality
Integrity
Availability
The use of digital signatures is an example of which concept?
Non-repudiation
Confidentiality
Integrity
Availability
Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can nonmanager employees in the Singapore office. Which 2 access criterial types were likely involved in setting this up?
Groups: Managers would be in a managers group.
Timeframe
Transaction type
Physical location: Location is used as an access control factor.
In incident management, an event that has a negative impact on some aspect of the network or data is called what?
Event
Attack
Incident: an event with impact
Threat
In incident management, a data inventory, data classification and data management process are part of which key concept?
Automated system
Business Continuity Plan & Disaster Recovery
E-Discovery: It is crucial to have an automated inventory of systems and data so you can know if anything changes or does not belong.
Post-Incident Activities
Which of the phase of the Incident Response Process do steps like Identify cyber security incident, Define objectives and investigate situation and Take appropriate action fall into?
Phase 1: Prepare
Phase 2: Respond
Phase 3: Follow Up]
In the context of security standards and compliance, which two (2) of these items are goals of frameworks and best practices?
They seek to improve performance, controls and metrics.
They are rules to follow for a specific industry.
They serve as an enforcement mechanism for government, industry or clients.
They help translate the business needs into technical or operational needs.
A company document that says employees may not do online shopping while at work would be which of the following?
Strategic Plan
Tactical Plan
Procedure
Policy
Which three (3) of these are compliance standards that must be adhered to by companies is some industries / countries?
HIPAA
PCI/DSS
OCTAVE
SOX
A method of evaluating computer and network security by simulating an attack on a computer system or network from external or internal threats is know as which of the following?
A threat
A white hat
A hack
A pentest
The OWASP “Top 10” provides guidance on what?
The top 10 malware exploits reported each year.
The top 10 network vulnerabilities reported each year.
The top 10 cybercrimes reported each year.
The top 10 application vulnerabilities reported each year.
Which two (2) key components are part of incident response? (Select 2)
Response team
Threat
Investigation
Attack
Which is not part of the Sans Institutes Audit process?
Deliver a report.
Define the audit scope and limitations.
Help to translate the business needs into technical or operational needs.
Feedback based on the findings.
Which key concept to understand incident response is defined as "data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup."
E-Discovery
Which is not included as part of the IT Governance process?
Tactical Plans
Procedures
Audits
Policies
A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?
Integrity
A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?
Availability
Which of these is an example of the concept of non-repudiation?
Alice sends a message to Bob with certainty that it was not altered while in route by Trudy.
Alice sends a message to Bob with certainty that it will be delivered.
Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.
Alice sends a message to Bob and Alice is certain that it was not read by Trudy.
You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?
Groups
Physical location
Transaction type
Timeframe
In incident management, an observed change to the normal behavior of a system, environment or process is called what?
Event
In incident management, tools like SIEM, SOA and UBA are part of which key concept?
Automated system
BCP & Disaster Recovery
Post-Incident Activities
E-Discovery
Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?
Respond
Follow Up
Prepare
In the context of security standards and compliance, which two (2) of these are considered normative and compliance items?
They seek to improve performance, controls and metrics.
They are rules to follow for a specific industry.
They help translate the business needs into technical or operational needs.
They serve as an enforcement mechanism for government, industry or clients.
A company document that details how an employee should request Internet access for her computer would be which of the following?
Procedure
Strategic Plan
Policy
Tactical Plan
Which of these is a methodology by which to conduct audits?
SOX
HIPAA
PCI/DSS
OCTAVE
Mile 2 CPTE Training teaches you how to do what?
Conduct a pentest.
Advanced network management tasks
Conduct a Ransomware attack
Construct a botnet
Which three (3) statements about OWASP are True?
OWASP stands for Open Web Application Security Project
OWASP provides tools and guidance for mobile applications.
OWASP Top 10 only lists the top 10 web application vulnerabilities but you must engage an OWASP certified partner to learn how to fix them.
OWASP provides guidance and tools to help you address web application vulnerabilities on their Top 10 list.
Firewalls contribute to the security of your network in which three (3) ways?
Prevent unauthorized modifications to internal data from an outside actor.
Allow only authorized access to inside the network.
Prevent an internal user from downloading data she is not authorized to access.
Prevent Denial of Service (DOS) attacks.
Which packets are selected for inspection by a packet filtering firewall?
Every packet entering or leaving a network.
The first packet of every transmission but only subsequent packets when “high risk” protocols are used.
Every packet entering the network but no packets leaving the network.
The first packet in any transmission, whether entering or leaving.
True or False: Application Gateways are an effective way to control which individuals can establish telnet connections through the gateway.
Why are XML gateways used?
XML packet headers are different from that of other protocols and often “confuse” conventional firewalls.
Conventional firewalls attempt to execute XML code as instructions to the firewall.
XML traffic cannot pass through a conventional firewall.
XML traffic passes through conventional firewalls without inspection.
Which three (3) things are True about Stateless firewalls?
They filter packets based upon Layer 3 and 4 information only (IP address and Port number)
They are faster than Stateful firewalls.
They maintain tables that allow them to compare current packets with previous packets.
They are also known as packet-filtering firewalls.
True or False: Most Antivirus/Antimalware software works by comparing each file encountered on your system against a compressed (zipped) version of known malware maintained by the vendor on the local host.
How many unique encryption keys are required for 2 people to exchange a series of messages using asymmetric public key cryptography?
4
What is Cryptographic Strength?
Relies on math, not secrecy
Ciphers that have stood the test of time are public algorithms.
Exclusive Or (XOR) is the “secret sauce” behind modern encryption.
All of the above.
What is the primary difference between Symmetric and Asymmetric encryption?
The same key is used to both encrypt and decrypt the message.
Which type of cryptographic attack is characterized by an attack based upon trial an error where many millions of keys may be attempted in order to break the encrypted message?
brute-force
What is the correct sequence of steps required for Alice to send a message to Bob using asymmetric encryption?
Alice requests Bob’s public key and uses it to encrypt her message. Alice then sends the encrypted message to Bob who decrypts it using his private key.
A skilled penetration tester wants to show her employer how smart she is in hopes of getting a promotion. Without obtaining permission, she hacks into the company’s new online store to see if there are any weaknesses that can be hardened before the system goes live. She does not do any damage and writes a useful report which she sends over her boss’s head to the CISO. What color hat was she wearing?
A White Hat
A Gray Hat
A Black Hat
A Pink Hat
A Rainbow Hat
Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?
General Data Protection Regulation (GDPR)
Open Source Security Testing Methodology Manual (OSSTMM).
NIST SP 800-42 Guidelines on Network Security Testing.
Information Systems Security Assessment Framework (ISSAF)
According to the Vulnerability Assessment Methodology, Potential Impacts are determined by which 2 factors?
Identify Indicators and Exposure
Exposure and Sensitivity
Potential Impacts and Adaptive Capacity
Sensitivity and Adaptive Capacity
In digital forensics, the term Chain of Custody refers to what?
This is a digital “chain” that isolated digital evidence from being disturbed until it can be analyzed by the police or other authorities.
This is a physical chain that is place around a crime scene to protect the evidence from being disturbed.
The record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.
This chain of custody is simply a written record of who possessed the evidence as it moves from collection to analysis to presentation in a court of law.
What is the primary function of a firewall?
Scans the system and search for matches against the malware definitions.
Secures communication that may be understood by the intended recipient only.
Filter traffic between networks.
Uses malware definitions.
What is Locard's exchange principle?
The perpetrator of a crime will bring something into the crime scene and leave with something from it, and that both can be used as forensic evidence.
Which two (2) are types of firewall?
Protocol-filtering
Packet-filtering
Statutory
Application-level
Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet?
Source and destination IP addresses.
TCP/UDP source and destination port numbers.
ICMP message type.
TCP SYN and ACK bits.
All of the above.
Which three (3) of the following are limitations of Application gateways?
Application gateways are susceptible to IP spoofing.
Each application to be managed needs its own gateway.
Client software must be “smart” and know to contact the gateway.
Application gateways are not good and understanding protocols such as telnet.
Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address?
An XML Gateway.
An application-level firewall.
A packet-filtering firewall.
All of the above.
Which statement about Stateful firewalls is True?
They have state tables that allow them to compare current packets with previous packets.
They are less secure in general than Stateless firewalls.
They are faster than Stateless firewalls.
All of the above.
True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashes of known virus and malware previously made by the antivirus/antimalware vendor.
Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?
Social Engineering
Brute force
Rainbow Tables
Known Plaintext
Known Ciphertext
What are two (2) drawbacks to using symmetric key encryption?
A modern supercomputer can break even the most advanced symmetric key in a matter of minutes.
The sender and recipient must find a secure way to share the key itself.
Symmetric key encryption is slower than asymmetric key encryption.
You need to use a different encryption key with everyone you communicate with, otherwise anyone who has ever received an encrypted message from you could open any message you sent to anyone else using that key.
Cybersecurity Roles, Processes & Operating System Security
The statement: “The protection of computer systems from theft or damage to the hardware, software or information on them, as well as from disruption or misdirection of the services they provide.” Is a good definition for what?
IT Security
When looking at security standard and compliance, which three (3) are characteristics of best practices, baselines and frameworks?
They are rules to follow for a specific industry.
They seek to improve performance, controls and metrics.
They enforce government, industry or client regulations.
They are used to improved controls, methodologies and governance for the IT department.
They help translate the business needs into technical or operational needs.
Which three (3) of these roles would likely exist in an Information Security organization?
Regional Sales Executive
Product Development Manager
CISO, Chief Information Security Officer
Vulnerability Assessor
Director of Human Resources
Information Security Architect
In the video Introduction to Process, which three (3) items were called out as critical to the success of a Security Operations Center (SOC)?
People
Process
Tools
Uninterruptible Power Supplies for all critical systems.
Bandwidth
Faraday Cages
Process performance metrics typically measure items in which four (4) categories?
Rework
Parts Inventory on hand
Backlog of pending orders
Quality (defect rate)
Injuries
Cost
Cycle time
Service Portfolio Management, Financial Management, Demand Management and Business Relationship Management belong to which ITIL Service Lifecycle Phase?
Service Design
Service Improvement
Service Operations
Service Strategy
Service Transition
Log, Assign, Track, Categorize, Prioritize, Resolve and Close are all steps in which ITIL process?
Change Management
Problem Management
Incident Management
Event Management
What critical item is noted when discussing process roles?
Separation of duties is critical; the approver should not be the requester.