Which application testing method tests applications from within using software instrumentation? 1 point SAST: Static Application...

Which application testing method tests applications from within using software instrumentation?

1 point

SAST: Static Application Security Testing.

IAST Interactive Application Security Testing.

PAST: Passive Application Security Testing.

DAST: Dynamic Security Application Testing.

57.

Question 57

Which one of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

1 point

Insufficient logging and monitoring

Security misconfiguration

Insecure deserialization

Cross-site scripting

58.

Question 58

Why should you always look for common patterns before starting a new security architecture design?

1 point

They can help identify best practices.

They can shorten the development lifecycle.

Some document complete tested solutions.

All of the above.

59.

Question 59

Which of these describes the process of data normalization in a SIEM?

1 point

Compresses incoming.

Allows for predictable and consistent storage for all records.

Removes duplicate records from incoming data.

Encrypts incoming data.

60.

Question 60

The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

1 point

Abstraction

Pattern identification

Dilemmas

Machine learning

Anomaly detection

Morals

61.

Question 61

True or False. If you have no better place to start hunting threats, start with a view of the global threat landscape and then drill down to a regional view, industry view and finally a view of the threats specific to your own organization.

1 point

True

False

62.

Question 62

There is value brought by each of the IBM i2 EIA use cases. Which one of these provides immediate alerting on brand compromises and fraud on the dark web.

1 point

Insider Threat

Threat Discovery

Fraud Investigations

VIP Protection

63.

Question 63

Which three (3) soft skills are important to have in an organization's incident response team? (Select 3)

1 point

Teamwork

Problem solving and Critical thinking

Communication

Motivational

64.

Question 64

According to the IRIS Framework, during which stage of an attack would the attacker attempt to escalate their privileges, move laterally and conduct internal reconnaissance?

1 point

Attack beginnings.

Continue the attack, expand network access.

Launch and execute the attack.

Attack objective execution.

Continuous phases occur.

65.

Question 65

Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?

<<insert Paypal phishing email graphic>>

1 point

Suspicious attachments.

Generic greetings and signature.

Poor quality layout.

There is a hyperlink in the body of the email.

66.

Question 66

Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

1 point

All employees with direct access to cardholder data must change their passwords monthly.

Restrict access to cardholder data by business need-to-know.

Restrict physical access to cardholder data.

Assign a unique ID to each person with computer access.

67.

Question 67

Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise that is shipped to a reshipper who sends it on to its final destination before it is sold for profit.

Why is such a complex process used instead of simply using the stolen numbers to buy the products that are desired?

1 point

Because stolen cards can rarely be used directly to purchase merchandise.

To make the end-to-end transaction very difficult to follow.

It is easier to get approval to use a credit card to purchase a prepaid credit card than to it is to purchase merchandise.

If done quickly, there is a multiplying effect in play. The stolen credit card can be used to buy 3 or 4 prepaid cards each valued at the credit limit of the original card. The same is true for using each prepaid card to buy multiple gift cards and each gift card to buy more merchandise than its face value.

68.

Question 68

According to a 2019 Ponemon study, what percent of consumers indicated they would be willing to pay more for a product or service from a provider with better security?

1 point

12%

52%

82%

92%

69.

Question 69

You get email constantly telling you that your eBay account shows signs of suspicious activity and that you should log in using the link provided to restore your credentials. You have taken a great course on Cybersecurity, so you check and see the sender's email address is "[email protected]". Which attack vector is being used to try to compromise your system?

1 point

Malicious Links

Software Vulnerabilities

Phishing

Remote Desktop Protocol (RDP)

70.

Question 70

What is an effective fully automated way to prevent malware from entering your system as an email attachment?

1 point

A full system backup.

Anti-virus software.

Strong passwords.

Fully patched operating system and applications.