11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

 IT Questions Bank  IOS Command List  Ebooks  IP Calculators »

 Donations

Search the site 

 Home  CCNA » Security » CyberOps »

 IT Questions Bank  IOS Command List CCNA » CCNA Security v2.0 »

Cybersecurity » Networking Essentials IP Subnet Calculators » Donation Contact

CCNA v5 + v6.0 Exam

Answers

CCNA 1 CCNA 2 CCNA 3

CCNA 4

CCNA 1 - Pretest

CCNA 1 - Chapter 1

CCNA 1 - Chapter 2

CCNA 1 - Chapter 3

[Link] 1/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Cyber Threat Management (CyberTM) CCNA 1 - Chapter 4

Course Final Exam Answers CCNA 1 - Chapter 5

 Jul 25, 2022 |  Last Updated: Jan 19, 2024 |
CCNA 1 - Chapter 6
 Cyber Threat Management |  22 Comments

 Share  Tweet  Share  Pin it

CCNA 1 - Chapter 6 Skills
PT

CCNA 1 - Chapter 7
Cyber Threat Management (CyberTM)
Course Final Exam Answers CCNA 1 - Chapter 8

CCNA 1 - Chapter 9
1. What are three disclosure exemptions that pertain to
the FOIA? (Choose three.) CCNA 1 - Chapter 10

law enforcement records that implicate one of a set CCNA 1 - Chapter 11

of enumerated concerns
CCNA 1 PT Practice Skills
information specifically non-exempt by statue
confidential business information CCNA 1 - Practice Final
non-geological information regarding wells
CCNA 1 - Final Exam
national security and foreign policy information
public information from financial institutions

Explanation: The nine Freedom of Information Act Related Posts

(FOIA) exemptions include the following:
6.1.6 Lab – Gather System
1. National security and foreign policy information Information After an Incident
2. Internal personnel rules and practices of an agency Answers
3. Information specifically exempted by statute
4.4.2 Endpoint Vulnerability Quiz
4. Confidential business information Answers
5. Inter- or intra-agency communication subject to
28.1.5 Check Your Understanding –
deliberative process, litigation, and other privileges
Identify the Type of Evidence
6. Information that, if disclosed, would constitute a clearly Answers
unwarranted invasion of personal privacy
Cyber Threat Management Exam
7. Law enforcement records that implicate one of a set of Answers
enumerated concerns
8. Agency information from financial institutions 5.3.5 Lab – Security Controls
Implementation Answers
9. Geological and geophysical information concerning
wells 23.2.7 Check Your Understanding –
Identify CVSS Metrics Answers

[Link] 2/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers
✕ 5.4.2 Risk Management and
Security Controls Quiz Answers

Cyber Threat Management: My

Knowledge Check Answers

1.2.14 Lab – Create Your Personal

Code of Ethical Conduct Answers

7.2.2 Lab – Risk Management

Answers

Recent Comments
Jamesh Brown on Introduction to
2. A company is developing security policies. Which
Linux I – Chapter 13 Exam Answers
security policy would address the rules that determine 2019 + PDF file
access to and use of network resources and define the
dude on 11.10.2 Lab – Design and
consequences of policy violations?
Implement a VLSM Addressing
Scheme (Answers)
data policy
remote access policy Gabe on 7.4.1 Packet Tracer –
acceptable use policy Implement DHCPv4 – Instructions
Answer
password policy
Mathew on For each scenario,
select the best characteristic of
Explanation: An organization needs to establish clear
RAID that is described.
and detailed security policies. Some of these policies
are: Peter on CCNA 1 v7.0 Final Exam
Quiz – Test online
Password policy- Defines minimum password
requirements, such as the number and type of characters
used and how often they need to be changed.
Acceptable use policy- Highlights a set of rules that
determine access to and use of network resources. It
may also define the consequences of policy violations.
Remote access policy- Sets out how to remotely connect
to the internal network of an organization and explains
what information is remotely accessible.
Data policy- Sets out measurable rules for processing
data within an organization, such as specifying where
data is stored, how data is classified, and how data is
handled and disposed of.

[Link] 3/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

3. Which framework should be recommended for

establishing a comprehensive information security
management system in an organization?

ISO/IEC 27000
ISO OSI model
CIA Triad
NIST/NICE framework

Explanation: A cybersecurity specialist needs to be

familiar with the different frameworks and models for
managing information security.

4. If a person knowingly accesses a government

computer without permission, what federal act laws
would the person be subject to?

SOX
ECPA
GLBA
CFAA

Explanation: The Computer Fraud and Abuse Act

(CFAA) provides the foundation for US laws criminalizing
unauthorized access to computer systems.

5. Match the roles in the data governance program to the

description.

[Link] 4/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Cyber Threat Management (CyberTM) Course Final Exam 5

Explanation: Place the options in the following order:

a person who oversees the data Data

protection strategy of an organization protection
officer

a person or organization who Data

processes personal data on behalf of processor
the data controller

a person who determines the Data

purposes for which, and the way in controller
which, personal data is processed

a person who ensures that data Data

supports the business needs of an steward
organization and meets regulatory
requirements

a person who ensures compliance Data owner

with policies and procedures,
assigns the proper classification to
information assets, and determines
the criteria for accessing information
assets
[Link] 5/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

a person who implements the Data

classification and security controls custodian
for the data in accordance with the
rules set out by the data owner.

MO-STACHE, MO-SAVINGS Get Started

6. What type of security test uses simulated attacks to

determine possible consequences of a real threat?

penetration testing
integrity checking
network scanning
vulnerability scanning

Explanation: There are many security tests that can be

used to assess a network. Penetration testing is used to
determine the possible consequences of successful
attacks on the network. Integrity checking is used to
detect and report changes made to systems.
Vulnerability scanning is used to find weaknesses and
misconfigurations on network systems. Network
scanning is used to discover available resources on the
network.

[Link] 6/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

7. What are two tasks that can be accomplished with the

Nmap and Zenmap network tools? (Choose two.)

Identification of Layer 3 protocol support on hosts

Password recovery
TCP and UDP port scanning
Validation of IT system configuratio
Password auditing

Explanation: Nmap is a low-level network scanner that

is available to the public and which has the ability to
perform port scanning, to identify open TCP and UDP
ports, and perform system identification. It can also be
used to identify Layer 3 protocols that are running on a
system.

8. Which network security tool can detect open TCP and

UDP ports on most versions of Microsoft Windows?

L0phtcrack
Zenmap
SuperScan
Nmap

Explanation: There are various network security tools

available for network security testing and evaluation.
L0phtcrack can be used to perform password auditing
and recovery. SuperScan is a Microsoft port scanning
software that detects open TCP and UDP ports on
systems. Nmap and Zenmap are low-level network
scanners available to the public.

9. Match the network security testing tool with the correct

function. (Not all options are used.)

[Link] 7/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Cyber Threat Management (CyberTM) Course Final Exam 9

Explanation: Place the options in the following order:

used to assess if network devices are Tripwire
compliant with network security policies

used to scan systems for software Nessus

vulnerabilities

used for Layer 3 port scanning Nmap

10. Match the command line tool with its description.

[Link] 8/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Cyber Threat Management (CyberTM) Course Final Exam

10

Explanation: Place the options in the following order:

Displays TCP/IP settings (IP address, ipconfig
subnet mask, default gateway, DNS,
and MAC information.

Gathers information from TCP and UDP netcat

network connections and can be used
for port scanning, monitoring, banner
grabbing, and file copying.

Assembles and analyzes packets for hping

port scanning, path discovery, OS
fingerprinting, and firewall testing.

Queries a DNS server to help nslookup

troubleshoot a DNS database.

11. What three services are offered by FireEye? (Choose

three.)

deploys incident detection rule sets to network security

tools
creates firewall rules dynamically
identifies and stops email threat vectors
identifies and stops latent malware on files

[Link] 9/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

subjects all traffic to deep packet inspection analysis

blocks attacks across the web

Explanation: FireEye is a security company that uses a

three-pronged approach combining security intelligence,
security expertise, and technology. FireEye offers SIEM
and SOAR with the Helix Security Platform, which use
behavioral analysis and advanced threat detection.

12. What is a characteristic of CybOX?

It is the specification for an application layer protocol that

allows the communication of CTI over HTTPS.
It enables the real-time exchange of cyberthreat
indicators between the U.S. Federal Government and the
private sector.
It is a set of standardized schemata for specifying,
capturing, characterizing, and communicating events
and properties of network operations.
It is a set of specifications for exchanging cyberthreat
information between organizations.

Explanation: CybOX is an open standards set of

standardized schemata for specifying, capturing,
characterizing, and communicating events and properties
of network operations that support many cybersecurity
functions.

13. What three security tools does Cisco Talos maintain

security incident detection rule sets for? (Choose three.)

ClamAV
Snort
Socat
NetStumbler
SpamCop

[Link] 10/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Explanation: Talos maintains the security incident

detection rule sets for the [Link], ClamAV, and
SpamCop network security tools.

180° Lay-flat for

Cleaning Every Hidden
Area

14. Which security organization maintains a list of

common vulnerabilities and exposures (CVE) and is used
by prominent security organizations?

CIS
SecurityNewsWire
MITRE
SANDS

Explanation: The MITRE Corporation maintains a list of

common vulnerabilities and exposures (CVE) used by
prominent security organizations.

15. As a Cybersecurity Analyst, it is very important to

keep current. It was suggested by some colleagues that
NewsBites contains many good current articles to read.
What network security organization maintains this weekly
digest?

MITRE
CIS
[Link] 11/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

SANDS
(ISC)2

Explanation: The SysAdmin, Audit, Network, Security

(SANS) Institute has many resources. One of them is
called NewsBites, the weekly digest of news articles
about computer security.

16. A network administrator is creating a network profile

to generate a network baseline. What is included in the
critical asset address space element?

the IP addresses or the logical location of essential

systems or data
the time between the establishment of a data flow and its
termination
the TCP and UDP daemons and ports that are allowed to
be open on the server
the list of TCP or UDP processes that are available to
accept data

Explanation: A network profile should include some

important elements, such as the following:
Total throughput – the amount of data passing from a
given source to a given destination in a given period of
time
Session duratio n – the time between the establishment
of a data flow and its termination
Ports used – a list of TCP or UDP processes that are
available to accept data
Critical asset address space – the IP addresses or the
logical location of essential systems or data

17. When a server profile for an organization is being

established, which element describes the TCP and UDP
daemons and ports that are allowed to be open on the
server?
[Link] 12/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

service accounts
listening ports
software environment
critical asset address space

Explanation: A server profile will often contain the

following:
* Listening ports – the TCP and UDP daemons and ports
that are allowed to be open on the server
* User accounts – the parameters defining user access
and behavior
* Service accounts – the definitions of the type of service
that an application is allowed to run on a server
* Software environment – the tasks, processes, and
applications that are permitted to run on the server

18. The IT security personnel of an organization notice

that the web server deployed in the DMZ is frequently
targeted by threat actors. The decision is made to
implement a patch management system to manage the
server. Which risk management strategy method is being
used to respond to the identified risk?

risk retention
risk sharing

[Link] 13/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

risk reduction
risk avoidance

Explanation: There are four potential strategies for

responding to risks that have been identified:
* Risk avoidance – Stop performing the activities that
create risk.
* Risk reduction – Decrease the risk by taking measures
to reduce vulnerability.
* Risk sharing – Shift some of the risk to other parties.
* Risk retention – Accept the risk and its consequences.

19. Which class of metric in the CVSS Base Metric Group

defines the features of the exploit such as the vector,
complexity, and user interaction required by the exploit?

Exploitability
Exploit Code Maturity
Impact
Modified Base

Explanation: The Base Metric Group of CVSS

represents the characteristics of a vulnerability that are
constant over time and across contexts. It contains two
classes of metrics:
* Exploitability metrics – features of the exploit such as
the vector, complexity, and user interaction required by
the exploit
* Impact metrics – the impacts of the exploit rooted in the
CIA triad of confidentiality, integrity, and availability

20. In what order are the steps in the vulnerability

management life cycle conducted?

discover, prioritize assets, assess, remediate, report,

verify

[Link] 14/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

discover, prioritize assets, assess, remediate, verify,

report
discover, assess, prioritize assets, report, remediate,
verify
discover, prioritize assets, assess, report, remediate,
verify

Explanation: There are six steps in the vulnerability

management life cycle:
– Discover
– Prioritize assets
– Assess
– Report
– Remediate
– Verify

21. An organization has implemented antivirus software.

What type of security control did the company
implement?

detective control
compensative control
deterrent control
recovery control

Explanation: A cybersecurity specialist must be aware of

the technologies and measures that are used as
countermeasures to protect the organization from threats
and vulnerabilities.

[Link] 15/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers
✕

22. What is the first step taken in risk assessment?

Identify threats and vulnerabilities and the matching

of threats with vulnerabilities.
Compare to any ongoing risk assessment as a means of
evaluating risk management effectiveness.
Establish a baseline to indicate risk before security
controls are implemented.
Perform audits to verify threats are eliminated.

Explanation: The three steps of risk assessment in

order are as follows:
– Identify threats and vulnerabilities and the matching of
threats with vulnerabilities.
– Establish a baseline to indicate risk before security
controls are implemented.
– Compare to an ongoing risk assessment as a means of
evaluating risk management effectiveness.

23. Match the stages in the risk management process to

the description.

[Link] 16/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Explanation: Place the options in the following order:

Develop an action plan to reduce Respond
overall organization risk exposure. to the risk.
Management should rank and
prioritize threats and a team
determines how to respond to each
threat.

Once a risk has been identified, it is Assess

assessed and analyzed to determine the risk.
the severity that the threat poses.

Continuously review risk reductions Monitor

due to elimination, mitigation and the risk.
transfer actions.

Identify the threats throughout the Frame the

organization that increase risk. risk.

24. Your risk manager just distributed a chart that uses

three colors to identify the level of threat to key assets in
the information security systems. Red represents high
level of risk, yellow represents average level of threat and
green represents low level of threat. What type of risk
analysis does this chart represent?

[Link] 17/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

qualitative analysis
quantitative analysis
loss analysis
exposure factor analysis

Explanation: A qualitative or quantitative risk analysis is

used to identify and prioritize threats to the organization.

25. A company manages sensitive customer data for

multiple clients. The current authentication mechanism to
access the database is username and passphrase. The
company is reviewing the risk of employee credential
compromise that may lead to a data breach and decides
to take action to mitigate the risk before further actions
can be taken to eliminate the risk. Which action should
the company take for now?

Install fingerprint or retinal scanners.

Implement multi-factor authentication.
Purchase an insurance policy.
Enhance data encryption with an advanced algorithm.

Explanation: Risk management is the identification,

evaluation, and prioritization of risks. Organizations
manage risk in one of four ways, avoidance, mitigation,

[Link] 18/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

transfer, or accept. In this scenario, implementing multi-

factor authentication can reduce the risk of employee
credential compromise, which is a mitigation action.
Installing fingerprint or retinal scanners eliminates the
risk, which is avoidance. Purchasing an insurance policy
is transferring the financial risk to the insurance
company.

26. Match the security incident stakeholder with the role.

Cyber Threat Management (CyberTM) Course Final Exam

26

Explanation: Place the options in the following order:

performs disciplinary measures human resources

changes firewall rules information

assurance

preserves attack evidence IT support

designs the budget management

reviews policies for local or legal department

federal guideline violations

27. Why would threat actors prefer to use a zero-day

attack in the Cyber Kill Chain weaponization phase?

to launch a DoS attack toward the target

[Link] 19/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

to get a free malware package

to avoid detection by the target
to gain faster delivery of the attack on the target

Explanation: When a threat actor prepares a weapon for

an attack, the threat actor chooses an automated tool
(weaponizer) that can be deployed through discovered
vulnerabilities. Malware that will carry desired attacks is
then built into the tool as the payload. The weapon (tool
plus malware payload) will be delivered to the target
system. By using a zero-day weaponizer, the threat actor
hopes that the weapon will not be detected because it is
unknown to security professionals and detection
methods are not yet developed.

28. A threat actor has identified the potential vulnerability

of the web server of an organization and is building an
attack. What will the threat actor possibly do to build an
attack weapon?

Create a point of persistence by adding services.

Install a webshell on the web server for persistent
access.
Obtain an automated tool in order to deliver the
malware payload through the vulnerability.
Collect credentials of the web server developers and
administrators.

Explanation: One tactic of weaponization used by a

threat actor after the vulnerability is identified is to obtain
an automated tool to deliver the malware payload
through the vulnerability.

[Link] 20/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Bring
techn
SBS's Digital Banking heart
busin
Guide releva
digita

29. According to NIST standards, which incident

response stakeholder is responsible for coordinating an
incident response with other stakeholders to minimize
the damage of an incident?

IT support
human resources
legal department
management

Explanation: The management team creates the

policies, designs the budget, and is in charge of staffing
all departments. Management is also responsible for
coordinating the incident response with other
stakeholders and minimizing the damage of an incident.

30. Which meta-feature element in the Diamond Model

describes information gained by the adversary?

resources
results
direction
methodology

Explanation: The meta-feature element results are used

to delineate what the adversary gained from the intrusion

[Link] 21/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

event.

31. The manager of a new data center requisitions

magnetic door locks. The locks will require employees to
swipe an ID card to open. Which type of security control
is being implemented?

corrective
compensative
preventive
recovery

Explanation: Preventive security controls prevent

unwanted or unauthorized activities from occurring
and/or apply restrictions to authorized users.

32. What is a statement of applicability (SOA)?

It stipulates total compliance with NIST.

It sets out a broad framework of network protocols used
and their implementations.
It allows for the tailoring of available control
objectives and controls to best meet its priorities
around confidentiality, integrity, and availability
It is used as an audit point for network device
implementation.

[Link] 22/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

33. An organization is developing a data governance

program that follows regulations and policies. Which role
in the program is responsible for ensuring compliance
with policies and procedures, assigning the proper
classification to information assets, and determining the
criteria for accessing information assets?

data controller
data custodian
data owner
data protection officer

34. A company is preparing for an ISMS audit. Match the

right control for each control objective.

35. Which step in the Vulnerability Management Life

Cycle performs inventory of all assets across the network
and identifies host details, including operating system
and open services?

Assess
Discover
Remediate
Prioritize assets

Explanation: The steps in the Vulnerability Management

Life Cycle include these:
Discover – inventory all assets across the network
and identify host details, including operating systems
and open services to identify vulnerabilities
Prioritize assets – categorize assets into groups or
business units, and assign a business value to asset
groups based on their criticality to business
operations

[Link] 23/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Assess – determine a baseline risk profile to

eliminate risks based on asset criticality, vulnerability
threats, and asset classification
Report – measure the level of business risk
associated with your assets according to your
security policies. Document a security plan, monitor
suspicious activity, and describe known
vulnerabilities
Remediate – prioritize according to business risk
and fix vulnerabilities in order of risk
Verify – verify that threats have been eliminated
through follow-up audits

36. Which two classes of metrics are included in the

CVSS Base Metric Group? (Choose two.)

Confidentiality Requirement
Modified Base
Exploit Code Maturity
Exploitability
Impact metrics

Explanation: The Base Metric Group of CVSS

represents the characteristics of a vulnerability that are
constant over time and across contexts. It contains two
classes of metrics, Exploitability and Impact.

[Link] 24/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers
✕

37. Which type of evidence cannot prove an IT security

fact on its own?

best
corroborative
indirect
hearsay

Explanation: Indirect evidence cannot prove a fact on its

own, but direct evidence can. Corroborative evidence is
supporting information. Best evidence is most reliable
because it is something concrete such as a signed
contract.

38. What three tasks are accomplished by a

comprehensive security policy? (Choose three.)

useful for management

defines legal consequences of violations
is not legally binding
gives security staff the backing of management
vagueness
sets rules for expected behavior

Explanation: The security policy of an organization

accomplishes several tasks:

[Link] 25/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

It demonstrates the commitment to security by an

organization.
It sets the rules for expected behavior.
It ensures consistency in system operations, and
software and hardware acquisition use and
maintenance.
It defines the legal consequences of violations.
It gives security staff the backing of management.

39. To ensure that the chain of custody is maintained,

what three items should be logged about evidence that is
collected and analyzed after a security incident has
occurred? (Choose three.)

measures used to prevent an incident

time and date the evidence was collected
extent of the damage to resources and assets
vulnerabilities that were exploited in an attack
serial numbers and hostnames of devices used as
evidence
location of all evidence

Explanation: A chain of custody refers to the proper

accounting of evidence collected about an incident that is
used as part of an investigation. The chain of custody
should include the location of all evidence, the identifying
information of all evidence such as serial numbers and
hostnames, identifying information about all persons
handing the evidence, and the time and date that the
evidence was collected.

40. Which meta-feature element in the Diamond Model

classifies the general type of intrusion event?

phase
results
methodology

[Link] 26/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

direction

Explanation: Methodology – This is used to classify the

general type of event, such as port scan, phishing,
content delivery attack, syn flood, etc.

41. What key considerations does a business impact

analysis (BIA) examine? (Choose four.)

Recovery time objectives (RTOs)

Recovery point objectives (RPOs)
Recovery point times (RPTs)
Mean time between objectives (RBOs)
Mean time between failures (MTBF)
Mean time to repair (MTTR)

Explanation: Business continuity controls are more than

just backing up data and providing redundant hardware.
Creating a business continuity plan starts with carrying
out a business impact analysis (BIA) to identify critical
business processes, resources, and relationships
between systems. The BIA focuses on the consequences
of the interruption to critical business functions and
examines the key considerations listed here: RTOs,
RPOs, MTTR, and MTBF. The National Institute of
Standards and Technology (NIST) developed best
practices in relation to business continuity.

42. Which type of controls help uncover new potential

threats?

Preventive controls
Detective controls
Corrective controls

Explanation: Detective measures include controls that

discover unwanted events. These measures uncover

[Link] 27/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

new potential threats.

← Previous Article Next Article →

Checkpoint Exam: Incident 1.4.2 Governance and
Response Answers Compliance Quiz Answers

 Subscribe 

Join the discussion

{} [+] 

22 COMMENTS

Mark  1 year ago

A risk analyst conducts quantitative risk analysis and

determines that the SLE factor is $10,000 and the
ARO factor is 10%. What would be the ALE factor
given these values?

$150

$100

$1,000

$1,500
Reply

Mark  1 year ago

Why are honeypots positioned in the cloud?

[Link] 28/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

to isolate the honeypots from production networks

to have easier access to the honeypots

to create DMZ zones within the cloud

to have a faster solution to gather information

Reply

Mark  1 year ago

A cybersecurity analyst is testing a new vulnerability

scanner on a system. The analyst chooses to run an
intrusive credentialed scan. A few moments later, the
system that was running the scan crashed. What is
the most probable cause of the crash?

a hardware failure

the intrusive scan

a false positive

a false negative

Reply

Yeick  4 months ago

 Reply to Mark
The intrusive scan

Reply

Mark  1 year ago

An organization has experienced several data

breaches over the last five years. These data
breaches have cost the organization financially and
damaged its reputation. The organization has hired a
cybersecurity penetration team to perform a full
security audit on the entire organization. This
independent contractor conducted the audit and found
the following vulnerabilities:

[Link] 29/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

• Several user accounts allowed unauthorized and

escalated privileges.
• Systems and information without formal
authorization.
What two steps can the organization take to mitigate
these risks? (Choose two.)

terminate access and reset all passwords

adopt a no reuse of passwords on different

applications policy

log when elevated privileges are used

assign the least privilege to perform the given task

Reply

Pascal  1 year ago

Ethicsl hacker review please,?

Reply

aaaa  1 year ago

The manager of a new data center requisitions

magnetic door locks. The locks will require employees
to swipe an ID card to open. Which type of security
control is being implemented?

corrective
compensative
preventive
recovery

Reply

IT Administrator  1 year ago

 Reply to aaaa
Author
I added all your questions. Thank you for
sharing.

[Link] 30/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Reply

aaaa  1 year ago

Which type of evidence cannot prove an IT security

fact on its own?

indirect
corroborative
hearsay
best

Reply

aaaa  1 year ago

What three tasks are accomplished by a

comprehensive security policy? (Choose three.)

sets rules for expected behavior

gives security staff the backing of management
defines legal consequences of violations
useful for management
is not legally binding
vagueness

Reply

aaaa  1 year ago

To ensure that the chain of custody is maintained,

what three items should be logged about evidence
that is collected and analyzed after a security incident
has occurred? (Choose three.)

measures used to prevent an incident

location of all evidence
vulnerabilities that were exploited in an attack
time and date the evidence was collected

[Link] 31/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

serial numbers and hostnames of devices used

as evidence
extent of the damage to resources and assets

Reply

aaaa  1 year ago

Which meta-feature element in the Diamond Model

classifies the general type of intrusion event?

methodology
phase
results
direction

Reply

aaaa  1 year ago

Which meta-feature element in the Diamond Model

classifies the general type of intrusion event?

methodology
phase
results
direction

Reply

aaaa  1 year ago

What key considerations does a business impact

analysis (BIA) examine?
Choose four correct answers

[Link] 32/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Reply

aaaa  1 year ago

Which type of controls help uncover new potential

threats?

Preventive controls
Detective controls
Corrective controls

Reply

aaaa  1 year ago

What is a statement of applicability (SOA)?

It stipulates total compliance with NIST.

It sets out a broad framework of network protocols
used and their implementations.
It allows for the tailoring of available control
objectives and controls to best meet its
priorities around confidentiality, integrity, and
availability
It is used as an audit point for network device
implementation.

Reply

aaaa  1 year ago

[Link] 33/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

An organization is developing a data governance

program that follows regulations and policies. Which
role in the program is responsible for ensuring
compliance with policies and procedures, assigning
the proper classification to information assets, and
determining the criteria for accessing information
assets?

data controller
data custodian
data owner
data protection officer

Reply

aaaa  1 year ago

Which two classes of metrics are included in the

CVSS Base Metric Group? (Choose two.)

Confidentiality Requirement
Impact metrics
Modified Base
Exploitability
Exploit Code Maturity

Reply

aaaa  1 year ago

Which step in the Vulnerability Management Life

Cycle performs inventory of all assets across the
network and identifies host details, including operating
system and open services?

remediate
prioritize assets
assess
discover

[Link] 34/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Reply

aaaa  1 year ago

What key considerations does a business impact

analysis (BIA) examine?

* the mean/average time between failures

* the mean/average time to repair an asset
* the average lifespan of an asset
* the maximum time the system/network/application
can be down

Reply

aaaa  1 year ago

A company is preparing for an ISMS audit. Match the

right control for each control objective.

Place the options in the following order:

A clean desk policy will be implemented.
To prevent loss, damage, theft or compromise of
sensitive data

Employees will be required to report any observed or

suspected information security weakness.
To ensure a consistent and effective approach to the
management of information security incidents

Rules regarding the installation of softwareby

employess will be established and implemented.
To prevent exploitation of software vulnerabilities

[Link] 35/36
11/4/24, 10:33 AM Cyber Threat Management (CyberTM) Course Final Exam Answers

Reply

ahmed  1 year ago

What is a statement of applicability (SOA)?

Reply

[Link] Copyright © 2024. Privacy Policy

Contact

[Link] 36/36