IBM Cybersecurity Analyst Assessment

Welcome to our blog post on the IBM Cybersecurity Analyst Assessment! This assessment is an essential tool for individuals and companies looking to ensure their cybersecurity practices are up to par. In this post, we will provide an overview of the assessment, discuss its importance in today’s digital landscape, and outline some key areas covered in the assessment.

Why is the IBM Cybersecurity Analyst Assessment important?

As technology continues to advance, the threat landscape for cyberattacks is also rapidly evolving. Cybersecurity breaches can have severe consequences, including financial loss, reputational damage, and the compromise of sensitive data. To combat these threats, organizations need skilled professionals to assess and mitigate potential vulnerabilities. The IBM Cybersecurity Analyst Assessment helps ensure that these professionals have the necessary knowledge and skills to protect against cyber threats.

What does the assessment cover?

The IBM Cybersecurity Analyst Assessment covers a wide range of topics related to cybersecurity. It assesses the individual’s understanding of concepts such as network security, incident response, threat intelligence, vulnerability management, and more. By evaluating these key areas, the assessment helps identify any gaps in knowledge and skills, allowing organizations to address them effectively.

Tips for preparing for the assessment

Preparing for the IBM Cybersecurity Analyst Assessment requires a combination of theoretical knowledge and practical experience. Here are some tips to help you excel in the assessment:

1. Stay up to date: The field of cybersecurity is constantly evolving. Stay current with the latest trends, emerging threats, and security best practices by reading industry news, attending webinars, and participating in relevant forums.
2. Hands-on experience: Practical experience is essential for success in the assessment. Gain hands-on experience by working on real-world cybersecurity projects or through simulated exercises and challenges.
3. Study resources: IBM Cybersecurity provides study resources to help you prepare for the assessment. Take advantage of these resources, including practice exams, online courses, and documentation, to enhance your knowledge in specific areas.
4. Networking: Networking with professionals in the cybersecurity field can provide valuable insights and guidance. Join online communities, attend conferences, and connect with industry experts to expand your network.

All IBM Cybersecurity Analyst Assessment Coursera Quiz Answers

1. Implementing a Security Awareness training program would be an example of which type of control?

• Administrative control

2. Putting locks on a door is an example of which type of control?

• Preventative

3. How would you classify a piece of malicious code that can replicate itself and spread to new systems?

• A worm

4. To engage in packet sniffing, you must implement promiscuous mode on which device?

• A network card
• An Intrusion Detection System (IDS)
• A sniffing router

5. Which mechanism would help assure the integrity of a message, but not do much to assure confidentiality or availability?

• Hashing

6. An organization wants to restrict employee after-hours access to its systems so it publishes a policy forbidding employees to work outside of their assigned hours and then makes sure the Cybersecurity office doors remain locked on weekends. What two (2) types of controls are they using? (Select 2)

• Physical
• Administrative

7. Which two factors contribute to cryptographic strength? (Select 2)

• The use of ciphers that are based on complex mathematical algorithms
• The use of ciphers that have undergone public scrutiny

8. Trying to break an encryption key by trying every possible combination of characters is called what?

• A brute force attack

9. Which of the following describes the core goals of IT security?

• The Open Web Application Security Project (OWASP) Framework
• The Business Process Management Framework
• The CIA Triad

10. Which three (3) roles are typically found in an Information Security organization? (Select 3)

• Vulnerability Assessor
• Chief Information Security Officer (CISO)
• Penetration Tester

11. Problem Management, Change Management, and Incident Management are all key processes of which framework?

• ITIL

12. Alice sends a message to Bob that is intercepted by Trudy. Which scenario describes an integrity violation?

• Trudy reads the message
• Trudy deletes the message without forwarding it

13. In cybersecurity, Accountability is defined as what?

• Being able to map an action to an identity

14. Multifactor authentication (MFA) requires more than one authentication method to be used before identity is authenticated. Which three (3) are authentication methods? (Select 3)

• Something a person is
• Something a person has
• Something a person knows

15. Which three (3) of the following are Physical Access Controls? (Select 3)

• Door locks
• Security guards
• Fences

16. If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file systems could you select? (Select 2)

• NTFS
• FAT32

17. Which three (3) permissions can be set on a file in Linux? (Select 3)

• write
• execute
• Read 

18. If cost is the primary concern, which type of cloud should be considered first?

• Public cloud

19. Consolidating and virtualizing workloads should be done when?

• Before moving the workloads to the cloud

20. Which of the following is a self-regulating standard set up by the credit card industry in the US?

• PCI-DSS

21. Which two (2) of the following attack types target endpoints?

• Ad Network
• Spear Phishing

22. If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch Cybersecurity installed, which statement best characterizes the actions it is able to take automatically?

• The endpoint can be quarantined from all network resources except those that allow it to download and install the missing patch

23. Granting access to a user based on how high up he is in an organization violates what basic security premise?

• The principle of least privileges

24. Hashing ensures which of the following?

• Integrity

25. Which of these methods ensures the authentication, non-repudiation, and integrity of digital communication?

• Use of digital signatures

26. Which three (3) of these are benefits you can realize from using a NAT (Network Address Translation) router? (Select 3)

• Allows static 1-to-1 mapping of local IP addresses to global IP addresses
• Allows dynamic mapping of many local IP addresses to a smaller number of global IP address only when they are needed
• Allows internal IP addresses to be hidden from outside observers

27. Which statement best describes configuring a NAT router to use static mapping?

• The organization will need as many registered IP addresses as it has computers that need Internet access

28. If a computer needs to send a message to a system that is part of the local network, where does it send the message?

• To the system’s MAC address

29. What are the properties of a highly available system?

• Redundancy, failover, and monitoring

30. Which three (3) of these statements about the UDP protocol are True? (Select 3)

• UDP is faster than TCP
• UDP packets are reassembled by the receiving system in whatever order they are received
• UDP is connectionless

31. What is one difference between a Stateful Firewall and a Next-Generation Firewall?

• An NGFW understands which application sent a given packet 

32. You are concerned that your organization is really not very experienced with securing data sources. Which hosting model would require you to secure the fewest data sources?

• SaaS

33. Hassan is an engineer who works a normal day shift from his company’s headquarters in Austin, TX USA. Which two (2) of these activities raise the most cause for concern? (Select 2)

• Each night Hassan logs into his account from an ISP in China
• One evening, Hassan downloads all of the files associated with the new product he is working on

34. Which three (3) of the following are considered safe coding practices? (Select 3)

• Use library functions in place of OS commands
• Avoid using OS commands whenever possible
• Avoid running commands through a shell interpreter

35. Which three (3) items should be included in the Planning step of a penetration test? (Select 3)

• Informing Need-to-know employees
• Establishing Boundaries
• Setting Objectives

36. Which portion of the pentest report would cover the risk ranking, recommendations, and roadmap?

• Executive Summary

37. True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes such as rape and murder.

• False

38. Which three (3) are common obstacles faced when trying to examine forensic data? (Select 3)

• Selecting the right tools to help filter and exclude irrelevant data
• Finding the relevant files among the hundreds of thousands found on most hard drives
• Bypassing controls such as passwords

39. What scripting concept will repeatedly execute the same block of code while a specified condition remains true?

• Loops

40. Which two (2) statements about Python are true? (Select 2)

• Python code is considered easy to debug compared with other popular programming languages
• Python code is considered very readable by novice programmers

41. NIST recommends considering a number of items, including a high level of testing and monitoring, during which stage of a comprehensive Containment, Eradication and recovery strategy?

• Recovery

42. In the Python statement pi=”3″  What data type is the data type of the variable pi?

• Str 

43. What will be printed by the following block of Python code?

def Add5(in) , out=in+5 , return out ,  print(Add5(10))

• 15

44. Which threat intelligence framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events?

• Cyber Threat Framework

45. True or False. An organization’s security immune system should be integrated with outside organizations, including vendors and other third parties. 

• True

46. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

• Vulnerability assessment
• Real-time alerting
• Tokenization

47. True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series of applications, but not directly.

• True

48. All industries have their own unique data security challenges. Which of these industries has a particular concern with PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to payment card data?

• Retail

49. True or False. WireShark has an impressive array of features and is distributed free of charge.

• True

50. In which component of a Common Vulnerability Score (CVSS) would the privileges required be reflected?

• Base-Exploitability Subscore

51. The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

• IAM controls to regulate authorization

52. You calculate that there is a 2% probability that a cybercriminal will be able to steal credit card numbers from your Cybersecurity online storefront which will result in $10M in losses to your company. What have you just determined?

• A risk

53. Which one of the OWASP Top 10 Application Security Risks would occur when an application’s API exposes financial, healthcare, or other PII data?

• Sensitive data exposure

54. Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

• Virus Protection
• Application Firewall
• Spam Filter

55. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics, and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

• Artificial intelligence

56. The triad of a security operations center (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong to?

• Technology

57. Which of these is a good definition of cyber threat hunting?

• The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

58. There is value brought by each of the IBM Cybersecurity i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web?

• Threat Discovery

59. Which three (3) soft skills are important to have in an organization’s incident response team? (Select 3)

• Communication
• Teamwork
• Problem-solving and Critical thinking

60. Implementing strong endpoint detection and mitigation strategies falls into which phase of the incident response lifecycle?

• Detection & Analysis

61. Which three (3) of these statistics about phishing attacks are real? (Select 3)

• Around 15 million new phishing sites are created each month
• Phishing accounts for nearly 20% of data breaches
• 30% of phishing messages are opened by their targeted users

62. Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

63. Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)

• Alina
• BlackPOS
• skimmer

64. According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

• 52%

65. You get a phone call from a technician at the “Windows company” who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a Cybersecurity website and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the “simple utility” as asked?

• Remote Desktop Protocol (RDP)

66. What is an effective fully automated way to prevent malware from entering your system as an email attachment?

• Anti-virus software

67. True or False. The large majority of stolen credit card numbers are used quickly by the thief or a member of his/her family.

• False

68. Which three (3) of these are PCI-DSS requirements for any company handling, processing, or transmitting credit card data? (Select 3)

• Restrict access to cardholder data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data

69. True or False. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel, and public relations.

• True

70. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics, and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

• Abstraction
• Dilemmas
• Morals

71. Solution architectures often contain diagrams like the one below. What does this diagram show?

<<Solution Architecture Data Flow.png>>

• Functional components and data flow

72. Port numbers 1024 through 49151 are known as what?

• Registered Ports

73. Which layer of the OSI model do packet sniffers operate on?

• Data Link

74. True or False. Internal attacks from trusted employees represent every bit as significant a threat as external attacks from professional cybercriminals.

• True

75. According to the FireEye Mandiant’s Security Effectiveness Report 2020, what fraction of security tools are deployed with default settings and thus underperform expectations?

• 80%

76. Which country had the highest average cost per breach in 2018 at $8.19M

• United States

77. Which two (2) of these Python libraries provide useful statistical functions? (Select 2)

• StatsModels
• Scikit-learn

78. What will print out when this block of Python code is run?

i=1 #i=i+1 #i=i+2 #i=i+3

print(i)

• 1

79. Which three (3) statements about Python variables are true? (Select 3)

• A variable name must start with a letter or the underscore “_” character
• Variables can change type after they have been set
• Variables do not have to be declared in advance of their use

80. PowerShell is a configuration management framework for which operating system?

• Windows

81. In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your chain of custody log?

• All of the above

82. Forensic analysis should always be conducted on a copy of the original data. Which two (2) types of copying are appropriate for getting data from a laptop acquired from a terminated employee if you suspect he has deleted incriminating files? (Select 2)

• An incremental backup
• A logical backup

83. Which of the following would be considered an incident precursor?

• An alert from your antivirus software indicating it had detected malware on your system
• An announced threat against your organization by an activist group

84. If a penetration test calls for you to create a diagram of the target network including the identity of hosts and servers as well as a list of open ports and published services, which tool would be the best fit for this task?

• Nmap

85. Which type of list is considered best for safe coding practice?

• Whitelist

86. Which three (3) of these statements about the TCP protocol are True? (Select 3)

• TCP packets are reassembled by the receiving system in the order in which they were sent
• TCP is more reliable than UDP
• TCP is connection-oriented

87. In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?

• 2

88. A small company with 25 computers wishes to connect them to the Internet using a NAT router. How many Public IP addresses will this company need to ensure all 25 computers can communicate with each other and other systems on the Internet if they implement Port Address Translations?

• 1

89. Which of the following statements about hashing is True?

• Hashing uses algorithms that are known as “one-way” functions

90. Why is hashing not a common method used for encrypting data?

• Hashing is a one-way process so the original data cannot be reconstructed from a hash value

91. Public key encryption incorporating digital signatures ensures which of the following?

• Confidentiality and Integrity

92. What is the primary authentication protocol used by Microsoft in Active Directory?

• Kerberos

93. Granting access to a user account only those privileges necessary to perform its intended functions is known as what?

• The principle of least privileges

94. Island hopping is an attack method commonly used in which scenario?

• Supply Chain Infiltration

95. Which security concerns follow your workload even after it is successfully moved to the cloud?

• All of the above

96. Which form of Cloud computing combines both public and private clouds?

• Hybrid cloud

97. Which component of the Linux operating system interacts with your computer’s hardware?

• The kernel

98. The encryption and protocols used to prevent unauthorized access to data are examples of which type of access control?

Technical

99. In cybersecurity, Authenticity is defined as what?

• The property of being genuine and verifiable

100. ITIL is best described as what?

• A collection of IT Service Management best practices

101. Which position is in charge of testing the security and effectiveness of computer information systems?

• Information Security Auditor

102. A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document forbidding the use of these sites while at work is written and circulated, and then the firewalls are updated to block access to Facebook, Twitter, and other popular sites. Which two (2) types of security controls has the company just implemented? (Select 2)

• Administrative
• Technical

103. An email message that is encrypted, uses a digital signature, and carries a hash value would address which aspects of the CIA Triad?

• Confidentiality and Integrity

104. What would a piece of malicious code that gets installed on a computer and reports back to the controller your keystrokes and other information it can gather from your system be called?

• Spyware

105. Fancy Bears and Anonymous are examples of what?

• Hacking organizations

106. Implementing a filter to remove flooded packets before they reach the host is a countermeasure to which form of attack?

• A Denial of Service (DoS) attack

107. Trudy intercepts a romantic plain-text message from Alice to her boyfriend Sam. The message upsets Trudy so she forwards it to Bob, making it look like Alice intended it for Bob from the beginning. Which aspect of the CIA Triad has Trudy violated?

• All of the above

108. Which position is responsible for the “ethical hacking” of an organization’s computer systems?

• A Penetration Tester

109. Which three (3) are considered best practices, baselines, or frameworks? (Select 3)

• ISO27000 series
• ITIL
• COBIT

110. What does the “A” in the CIA Triad stand for?

• Availability

111. Windows 10 stores 64-bit applications in which directory?

• \Program Files

112. Which statement about drivers running in Windows kernel mode is true?

• Only critical processes are permitted to run in kernel mode since there is nothing to prevent

113. Which statement best describes configuring a NAT router to use dynamic mapping?

• Many registered IP addresses are mapped to a single registered IP address using different port numbers
• Unregistered IP addresses are mapped to registered IP addresses as they are needed

114.  Which address type does a computer use to get a new IP address when it boots up?

• The network’s DHCP server address

115. Which type of firewall understands which session a packet belongs to and analyzes it accordingly?

• A Next Generation Firewall (NGFW)

116. A penetration tester involved in a “Black box” attack would be doing what?

• Attempting to penetrate a client’s systems as if she were an external hacker with no inside knowledge

117. In digital forensics, which three (3) steps are involved in the collection of data? (Select 3)

• Develop a plan to acquire the data
• Verify the integrity of the data
• Acquire the data

118. Which three (3) of the following are considered scripting languages? (Select 3)

• Perl
• Bash
• Python

119. What is the largest number that will be printed during the execution of this Python while loop?

i=0

while (i<10):

print(i)

i=i+1

• 9

120. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are post-exploit activities? (Select 2)

• Gather full situational awareness through advanced security analytics
• Perform forensic investigation

121. Which one of the OWASP Top 10 Application Security Risks would occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user’s browser that can hijack sessions?

• Cross-site scripting

122. SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)

• Flows per minute (FPM)
• Events per second (EPS)

123. True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view, and finally a view of the threats specific to your own organization.

• True

124. True or False. Cloud-based storage or hosting providers are among the top sources of third-party breaches

• True

125. Very provocative articles that come up in news feeds or Google searches are sometimes called “click-bait”. These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?

• Malicious Links

---

Conclusion

In conclusion, the IBM Cybersecurity Analyst Assessment is a valuable tool for assessing an individual’s knowledge and skills in the field of cybersecurity. By identifying areas for improvement, this assessment helps organizations strengthen their cybersecurity defenses. Prepare for the assessment, stay updated, gain practical experience, utilize study resources and network with cybersecurity professionals. Taking these steps will increase your chances of success and help you establish yourself as a proficient cybersecurity analyst.

We hope you found this blog post informative and helpful in understanding the IBM Cybersecurity Analyst Assessment. If you’re interested in exploring this topic further, we recommend checking out IBM’s official website for more information and resources.