IBM Cybersecurity Fundamentals Final Exam Answers
Mini Quiz 1: IBM Cybersecurity Fundamentals
Question 1: She-Ra Cat is a pseudonym for a hacker who was a member of a collective European group in 2012. The group expressed solidarity with a foreign country during economic unrest, stating that the government “refused to listen to its people.” The group lodged cyber attacks against the government’s websites to spread the word about the government’s failure to comply with the people’s wishes. Which type of cyber attacker group could this represent?
- Hactivist
- Criminal gang
- Nation state hacker
- Malicious insider
Question 2: Monica da Silva is an employee at an aeronautics company. She noticed her laptop has started to become unresponsive ever since she went on a business trip to a foreign country. She remembers being asked to hand the device over while at an airport and she thinks that is when the problems started. Which type of cyber attacker group could this represent?
- Hactivist
- Criminal gang
- Nation state hacker
- Malicious insider
Question 3: Stephen Nguyen was laid off last month from his executive-level position at an industrial chemical company. He worked in the research and development (R&D) department. He downloaded his latest project’s information onto a personal USB flash drive. He is bitter about losing his job and considering selling the USB drive to another company’s R&D department. Which type of cyber attacker group could he represent?
- Hactivist
- Criminal gang
- Nation state hacker
- Malicious insider
Mini Quiz 2: IBM Cybersecurity Fundamentals
Question 1: This attack involves sending an email to an individual that appears to be from a trusted source, but instead has the intention of getting personal information, such as a password. What type of cyber attack is this?
- Man in the middle (MitM) attack
- Domain name system (DNS) attack
- Structured query language (SQL) injection
- Phishing attack
Question 2: This attack involves software designed to perform in a detrimental manner to a target, without the target’s consent. It can block access to data and programs, steal information, and make systems inoperable. What type of cyber attack is this?
- Spear phishing attack
- Malware attack
- Domain name system (DNS) attack
- Denial of service (DoS) attack
Question 3: This attack involves causing a system to partially crash and be unable to perform work at normal levels. What type of cyber attack is this?
- Denial of service (DoS) attack
- Credential stuffing attack
- Man in the middle (MitM) attack
- Spear phishing attack
Mini Quiz 3: IBM Cybersecurity Fundamentals
Question 1: Which of the following statements about the attack surface is correct?
- The attack surface is the fewest access permissions granted to enable an attacker.
- Organizations can replace an attack surface with a patch to clearly define and protect the perimeter.
- Organizations will find it easier to have a secure perimeter given the options for remote access, guest wifi, and bring your own devices (BYODs) to work.
- Organizations should keep the attack surface as small as possible as a basic security measure.
Question 2: True or false? Over time, older software may have vulnerabilities discovered. And, new versions of software can introduce new vulnerabilities. In general, updating software and applications to be the latest version significantly reduces the risk of them being successfully attacked.
- True
- False
Question 3: Which prevention concept do organizations introduce in order to grant the fewest permission levels necessary to enable a role to function in a system?
- Attack surface
- Least privileg
- Patches
- Compensating controls
Mini Quiz 4: IBM Cybersecurity Fundamentals
Question 1: Marta works on the security team for a financial services company. She finds a security alert has been generated by the team’s SIEM tool and assigned to her for investigation. She determines that a laptop may be infected with malware known as EMOTET. Marta investigates and finds that the laptop is infected because it is continually trying to establish a connection with a malicious “command and control” server. Fortunately the firewalls are declining these connection requests. However, Marta also finds out that the laptop belongs to a capital markets trader, someone who has access to sensitive financial data. So she concludes that this infection is a top priority and needs to be fixed right away. What cybersecurity job role is Marta performing?
- SOC analyst
- Incident responder
- Threat hunter
- Penetration tester
Question 2: Theresa follows various trusted sources for information about new and emerging cybersecurity threats. She just came across news that a new variant of the EMOTET malware has been detected on the IBM X-Force Exchange, one of her key trusted sources. She learns that this banking trojan, first seen in 2014, has morphed into a spammer of other software malware, and the latest variant uses stolen emails as a delivery mechanism. Since Theresa works for a financial services company, she decides she needs to protect it from this new variant of EMOTET. So, she finds relevant information about how to detect EMOTET and configures her team’s SIEM tool to send alerts to her team when EMOTET is detected. What cybersecurity job role is Theresa performing?
- SOC analyst
- Incident responder
- Threat hunter
- Penetration tester
Question 3: Sam is a capital markets trader for a financial services company. He gets an urgent call from Diego on the security team who informs Sam there is compelling evidence that Sam’s laptop has been infected with malicious malware. Diego shares that, so far, it looks like the malware has not inflicted any serious harm, but that Sam needs to shut down his laptop immediately and disconnect it from the network. Diego opens an IT ticket to have Sam’s laptop re-imaged and restored, and provides Sam with a temporary laptop to continue his work in the meantime. Diego will also follow-up with Sam at a later point to help him understand how his laptop was infected and educate him about how to avoid future such situations. What cybersecurity job role is Diego performing?
- SOC analyst
- Incident responder
- Threat hunter
- Penetration tester
IBM Cybersecurity Fundamentals Final Quiz Answers
Question 1: Which of the following is NOT one of the three key elements of cybersecurity?
- People
- Process
- Ports
- Technology
Question 2: Information security’s objectives are often defined using the CIA triad. CIA is a mnemonic for the three objectives. What are they?
- Comprehensive, Integrated, and Accessible
- Confidentiality, Integrity, and Availability
- Confident, Intelligent, and Automatic
- Complete, Impartial, and Aware
Question 3: Which of the following statements is correct about the social engineering tactics that attackers use?
- Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that could then be used for fraudulent purposes.
- Social engineering can be employed in-person, over the phone, or online through websites, email, and social media.
- Social engineering can be a powerful technique that works because humans are not perfect and can exhibit irrational behavior as well as flawed decision making.
- All of the above.
Question 4: What type of cyber attack involves sending an email to an individual that appears to be from a trusted source, but instead has the intention of getting personal information, such as a password.
- Man in the middle (MitM) attack
- Domain name system (DNS) attack
- Structured query language (SQL) injection
- Phishing attack
Question 5: What type of cyber attack involves causing a system to partially crash and be unable to perform work at normal levels.
- Spear phishing attack
- Credential stuffing attack
- Man in the middle (MitM) attack
- Denial of service (DoS) attack
Question 6: Which cybersecurity job role is responsible for determining if a reported alert is an organizational attack, scoping out the extent of the cybersecurity incident, planning the best remediation methods, and implementing the remediation with appropriate teams in a timely manner?
- Security operations center (SOC) analyst
- Incident responder
- Threat hunter
- Penetration tester
Question 7: Which of the following describes the threat actor group called script kiddies?
- Mostly teenagers and young adults who are self-taught, rely on basic hacking tools, and are motivated by having fun and gaining reputations in the hacking community.
- A diverse group of organized people who are driven by ideologies or causes, use a range of tools, and want to bring about change.
- A broad, growing group of cyber-based criminals who have a range of tools, often develop their own malware, and are driven by financial motivations.
- Members within an organization who become resentful or bitter, typically use granted corporate access instead of technical skills or budget, and are motivated by revenge or financial gain.
Question 8: Which of the following is a common approach that organizations use to detect cyber attacks?
- Allowing all security staff continuous access to every file an organization has produced.
- Using security information and event management (SIEM) tools.
- Disabling all forms of encryption within an internal network.
- Setting up an access control list (ACL).
Question 9: Organizations establish and follow an incident management framework to respond to cyber attacks. Oftentimes, one of the phases to manage incident response is called Reflection. What is it?
- The phase when the organization plans what it should do in the event of an incident, such as preparing resources and testing procedures.
- The phase when the organization observes the attack and the priority is to prevent the incident from worsening.
- The phase when the organization has resolved the incident and needs to move back to standard operations, such as by removing temporary fixes and restoring services.
- The phase after the incident when it is important for the organization to review not only what caused the incident, but how effective the response was.
Question 10: Which of the following describes the “transfer” risk response method?
- The organization accepts the risk in its current form. A “risk owner” makes this decision.
- The organization decides a risk is too large to accept and tries to have it reduced, either by reducing the likelihood or consequence.
- The organization has a third party accept the risk, or part of it, instead of accepting it themselves. This can be done via insurance.
- The organization decides a risk is too high and withdraws from being affected by it.
Question 11: To help prevent cyber attacks, organizations will use a concept called defense in depth. What is it?
- Instead of a layered approach, they use a single approach to focus on vulnerability management.
- Instead of a single approach, they use a layered approach such as with a combination of firewalls, malware scanners, and data encryption in which an attack would have to circumvent all layers to be successful.
- They grant the fewest permission levels necessary to enable a role to function in a system.
- They keep the attack surface where an attacker could choose to access and exploit data as small as possible.