Ibm cybersecurity Exam Questions and
answers 2025
which .of .these .is .the .best .definition .of .a .security .risk .- .ANS✓✓-the .likelihood
.of .a .threat .source .exploiting .a .vulnerability
Fancy .Bears .and .Anonymous .are .examples .of .what .- .ANS✓✓-Hacking
.organizations
which .of .the .following .defines .a .security .threat .- .ANS✓✓-Any .potential .danger
.capable .of .exploiting .a .weaknesses .in .a .system
implement .a .filter .to .remove .flooded .packets .before .they .reach .the .host .is .a
.countermeasure .to .which .form .of .attack .- .ANS✓✓-a .denial .of .service .(DoS)
.attack
An .email .message .that .is .encrypted, .uses .a .digital .signature .and .carries .a .hash
.value .would .address .which .aspects .of .CIA .Triad .- .ANS✓✓-Confidentiality .and
.integrity
A .company .wants .to .prevent .employees .from .wasting .time .on .social .media
.sites. .to .accomplish .this, .a .document .forbidding .use .of .these .sites .while .at
.work .is .written .and .circulated .and .then .the .firewalls .are .updated .to .block
.access .to .Facebook, .Twitter .and .other .popular .sites. .which .2 .types .of .security
.controls .has .the .company .just .implemented .- .ANS✓✓-Technical .
Administrative
A .penetration .tester .that .gains .access .to .a .system .without .permission .and .then
.exploits .it .for .a .personal .gain .is .said .to .wear .what .color .hat .- .ANS✓✓-black
Trying .to .break .an .encryption .key .by .trying .every .possible .combination .of
.characters .is .called .what .- .ANS✓✓-A .brute .force .attack
Which .3 .of .the .following .are .key .ITIL .processes .- .ANS✓✓-Problem
.Management .
Incident .Management .
Change .Management
, Which .3 .roles .are .typically .found .in .an .information .Security .organization .- .ANS
✓✓-Penetration .Tester
Chief .information .Security .Officer .(CISO)
Vulnerability .Assessor
ITIL .is .best .described .as .what .- .ANS✓✓-A .collection .of .IT .Service .Management
.best .practices
Alice .sends .a .message .to .Bob .that .is .intercepted .by .Trudy. .Which .scenario
.describes .an .integrity .violation .- .ANS✓✓-Trudy .changes .the .message .and
.then .forwards .it .on
In .cybersecurity, .Authenticity .is .defined .as .what .- .ANS✓✓-The .property .of
.being .genuine .and .verifiable
Which .type .of .access .control .is .based .upon .the .subjects .clearance .level .and
.the .objects .classification .- .ANS✓✓-Mandatory . Access .Control .(MAC)
The .encryption .and .protocols .used .to .prevent .unauthorized .access .to .data .are
.examples .of .which .type .of .access .control .- .ANS✓✓-Technical
A .windows .10 .user .has .10 .files .exactly .the .same .name. .Which .statement .must
.be .true .for .these .files .- .ANS✓✓-The .Files .must .be .in .different .directories
Which .component .of .the .Linux .operating .system .interacts .with .your .computers
.hardware .- .ANS✓✓-The .kernel
If .cost .is .the .primary .concern, .which .type .of .cloud .should .be .considered .first .-
.ANS✓✓-Public .cloud
Which .security .concerns .follow .your .workload .even .after .it .is .successfully
.moved .to .the .cloud .- .ANS✓✓-(Data .security, .Disaster .Recovery/Business
.Continuity .Planning, .Identity .and .Access .Management, .Compliance)
All .Of .The .Above
Which .of .the .following .is .a .self-regulating .standard .set .up .by .the .credit .card
.industry .in .the .US .- .ANS✓✓-PCI-DSS
Which .2 .of .the .following .attack .types .target .endpoints .- .ANS✓✓-Spear
.Phishing .
Ad .Network
If .an .endpoint .Detection .and .Response .(EDR) .system .detects .that .an .endpoint
.does .not .have .a .required .patch .installed, .which .statement .best .characterizes
.the .actions .it .is .able .to .take .automatically .- .ANS✓✓-The .endpoint .can .be
.quarantined .from .all .network .resources .except .those .that .allow .it .to .download
.and .install .the .missing .patch
answers 2025
which .of .these .is .the .best .definition .of .a .security .risk .- .ANS✓✓-the .likelihood
.of .a .threat .source .exploiting .a .vulnerability
Fancy .Bears .and .Anonymous .are .examples .of .what .- .ANS✓✓-Hacking
.organizations
which .of .the .following .defines .a .security .threat .- .ANS✓✓-Any .potential .danger
.capable .of .exploiting .a .weaknesses .in .a .system
implement .a .filter .to .remove .flooded .packets .before .they .reach .the .host .is .a
.countermeasure .to .which .form .of .attack .- .ANS✓✓-a .denial .of .service .(DoS)
.attack
An .email .message .that .is .encrypted, .uses .a .digital .signature .and .carries .a .hash
.value .would .address .which .aspects .of .CIA .Triad .- .ANS✓✓-Confidentiality .and
.integrity
A .company .wants .to .prevent .employees .from .wasting .time .on .social .media
.sites. .to .accomplish .this, .a .document .forbidding .use .of .these .sites .while .at
.work .is .written .and .circulated .and .then .the .firewalls .are .updated .to .block
.access .to .Facebook, .Twitter .and .other .popular .sites. .which .2 .types .of .security
.controls .has .the .company .just .implemented .- .ANS✓✓-Technical .
Administrative
A .penetration .tester .that .gains .access .to .a .system .without .permission .and .then
.exploits .it .for .a .personal .gain .is .said .to .wear .what .color .hat .- .ANS✓✓-black
Trying .to .break .an .encryption .key .by .trying .every .possible .combination .of
.characters .is .called .what .- .ANS✓✓-A .brute .force .attack
Which .3 .of .the .following .are .key .ITIL .processes .- .ANS✓✓-Problem
.Management .
Incident .Management .
Change .Management
, Which .3 .roles .are .typically .found .in .an .information .Security .organization .- .ANS
✓✓-Penetration .Tester
Chief .information .Security .Officer .(CISO)
Vulnerability .Assessor
ITIL .is .best .described .as .what .- .ANS✓✓-A .collection .of .IT .Service .Management
.best .practices
Alice .sends .a .message .to .Bob .that .is .intercepted .by .Trudy. .Which .scenario
.describes .an .integrity .violation .- .ANS✓✓-Trudy .changes .the .message .and
.then .forwards .it .on
In .cybersecurity, .Authenticity .is .defined .as .what .- .ANS✓✓-The .property .of
.being .genuine .and .verifiable
Which .type .of .access .control .is .based .upon .the .subjects .clearance .level .and
.the .objects .classification .- .ANS✓✓-Mandatory . Access .Control .(MAC)
The .encryption .and .protocols .used .to .prevent .unauthorized .access .to .data .are
.examples .of .which .type .of .access .control .- .ANS✓✓-Technical
A .windows .10 .user .has .10 .files .exactly .the .same .name. .Which .statement .must
.be .true .for .these .files .- .ANS✓✓-The .Files .must .be .in .different .directories
Which .component .of .the .Linux .operating .system .interacts .with .your .computers
.hardware .- .ANS✓✓-The .kernel
If .cost .is .the .primary .concern, .which .type .of .cloud .should .be .considered .first .-
.ANS✓✓-Public .cloud
Which .security .concerns .follow .your .workload .even .after .it .is .successfully
.moved .to .the .cloud .- .ANS✓✓-(Data .security, .Disaster .Recovery/Business
.Continuity .Planning, .Identity .and .Access .Management, .Compliance)
All .Of .The .Above
Which .of .the .following .is .a .self-regulating .standard .set .up .by .the .credit .card
.industry .in .the .US .- .ANS✓✓-PCI-DSS
Which .2 .of .the .following .attack .types .target .endpoints .- .ANS✓✓-Spear
.Phishing .
Ad .Network
If .an .endpoint .Detection .and .Response .(EDR) .system .detects .that .an .endpoint
.does .not .have .a .required .patch .installed, .which .statement .best .characterizes
.the .actions .it .is .able .to .take .automatically .- .ANS✓✓-The .endpoint .can .be
.quarantined .from .all .network .resources .except .those .that .allow .it .to .download
.and .install .the .missing .patch
