Table of Contents
Penetration Testing, Incident Response, and Forensics Week 01 Quiz Answers
Quiz 01 – Planning and Discovery Knowledge Check ( Practice Quiz )
Q1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?
- Vulnerability Scan
Q2. What forms of discovery can be conducted offline?
- Dumpster Diving
- Social Engineering
- Shoulder Surfing
Q3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?
- Active
Q4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.
- False
Attack and Reporting Knowledge Check ( Practice Quiz )
Q1. What level of access is ideal for a penetration tester to achieve in order to exploit a system?
- Admin/Root
Q2. Which of the following is NOT a common type of vulnerability?
- Phishing
Q3. Which portion of the pentest report gives a step-by-step account of how and why each exploit was conducted?
- Technical Review
Penetration testing tools ( Practice Quiz )
Q1. Which tool lets you log network traffic and analyze it?
- Wireshark
Q2. Which software serves as a toolbox, providing access to hundreds of other tools and resources?
- Kali Linux
Q3. Which tool is used primarily for password cracking?
- John the Ripper
Quiz 02 – Penetration Test Graded Quiz ( Main Quiz )
Q1. Which of the following is NOT a phase of a penetration test?
- Reviewing
Q2. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?
- Reporting
Q3. Which portion of the pentest report gives a high-level detail of how the test went and what goals were accomplished?
- Executive Summary
Q4. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system?
- Discovery
Q5. What method of gathering information can be used to get information about a website that is not readily available?
- Google Dorking
Q6. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?
- Health Insurance Portability and Accountability Act (HIPPA)
- General Data Protection Regulation (GDPR)
Q7. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?
- Brute Force
Q8. What document would protect the privacy of your client and their customers?
- Non Disclosure Agreement (NDA)
Q9. Gaining access to a system can occur in which two phases?
- Discovery and Attack
Q10. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?
- Black Box
Penetration Testing, Incident Response, and Forensics Week 02 Quiz Answers
Quiz 01 – Incident Response Knowledge Check
Q1. Which three (3) of the following are phases of incident response?
- Detection & Analysis
- Containment, Eradication & Recovery
- Preparation
Q2. Which statement is true about an event?
- An event may be totally benign, like receiving an email.
Q3. True or False: A robust automated incident response system should be able to detect and prevent loss from all incidents.
- False
Q4. Which three (3) are common Incident Response Team models?
- Central
- Coordinating
- Distributed
Q5. A well-automated Incident Response system should be able to detect which three (3) of these common attack vectors?
- An unauthorized removable drive being attached to the network.
- A brute force hacking attack.
- An email phishing attack.
Q6. Which three (3) of the following are components of an Incident Response Policy?
- IR Policy testing responsibility.
- Means, tools and resources available.
- Identity of IR team members.
Q7. Contact information, Smartphones, and Secure storage facilities all belong to which Incident Response resource category?
- Incident Handler Communications and Facilities.
Q8. Which three (3) of the following would be considered an incident detection precursor?
- An announced threat against your organization from an activist group.
- A vendor notice of a vulnerability to a product you own.
- Detecting the use of a vulnerability scanner
Q9. Which type of monitoring system detects anomalous network traffic but typically does not take action beyond sending an alert to an administrator?
- IDS
Q10. True or False: The Incident Response team should keep their documentation as concise as possible so only the most important facts take up the attention of the team leadership.
- False
Q11. What is the proper classification for a data breach that resulted in the exposure of sensitive personally identifiable information (PII)?
- Privacy Breach
Q12. What is the proper classification for the recovery effort from a breach if you can estimate the total effort required but it will require bringing in additional resources?
- Supplemented
Q13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Potential damage to and theft of resources, Need for evidence preservation, and Service availability?
- Containment
Q14. Which Post Incident activity would include ascertaining exactly what happened and at what times?
- Lessons learned meeting
Quiz 02 – Incident Response Graded Quiz ( Main Quiz )
Q1. Select the missing phase of Incident Response: Preparation, _____, Containment, Eradication & Recovery, Post Incident Activity.
- Detection and Analysis
Q2. Which statement is true about an incident?
- An incident is an event that negatively affects IT systems.
Q3. True or False: A Coordinating Incidents Response Team provides advice and guidance to the Distributed IR teams in each department, but generally does not have specific authority over those teams.
- True
Q4. Which Incident Response Team model describes a team that has authority over all aspects of IR within the entire organization?
- Central
Q5. In what way will having a set of predefined baseline questions will help you in the event of an incident?
- Coordinate with other teams and the media.
Q6. Incident Response team resources can be divided into which three (3) of the following categories?
- Incident Handler Communications and Facilities
- Incident Analysis Resources
- Incident Analysis Hardware and Software
Q7. Port lists, Documentation, and Cryptographic hashes all belong to which Incident Response resource category?
- Incident Analysis Resources
Q8. Which three (3) of the following would be considered an incident detection indicator?
- An application log showing numerous failed login attempts from an unknown remote system.
- A significant deviation from typical network traffic flow patterns.
- The discovery of a file containing unusual characters by a system administrator.
Q9. Which type of monitoring system analyzes logs and events in real-time?
- SIEM
Q10. True or False: Highly detailed and thorough documentation is needed to support the analysis of current and future incidents.
- True
- False
Q11. What is the proper classification for a breach that results in sensitive or proprietary information being changed or deleted?
- Integrity Loss
Q12. What is the proper classification for the recovery effort from a breach if sensitive data was stolen and posted on a public website?
- Not Recoverable
Q13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Eliminate components of the incident, Disable compromised accounts, and Identify and mitigate vulnerabilities?
- Eradication
Q14. Which Post Incident activity would include reviewing response times, which systems were impacted, and other metrics associated with the incident?
- Utilizing collected data
Penetration Testing, Incident Response, and Forensics Week 03 Quiz Answers
Quiz 01 – Forensic Course Overview Knowledge Check
Q1. Digital forensics can be defined as the application of science to the identification, collection, examination, and analysis of what?
- Data
Q2. According to NIST, the four (4) steps of the forensic process include which? (Select 4)
- Collection
- Examination
- Analysis
- Reporting
The Forensics Process Knowledge Check ( Practice Quiz )
Q1. According to NIST, a forensic analysis should include four elements, Places, Items, Events, and what?
- People
Q2. True or False. Digital forensics report must contain details of every test conducted, the methods and tools used, and the results.
- True
Q3. Which section of a digital forensics report would contain a list of the steps you have taken to ensure the integrity of the evidence?
- Forensic Acquisition & Examination Preparation
Q4. Network activity, Application usage, Logs, and Keystroke monitoring are all sources of what?
- Data
Q5. What are the three (3) main hurdles that must be overcome when examining data? (Select 3)
- Bypassing controls such as operating system and encryption passwords.
- Selecting the most effective tools to help with the searching and filtering of data.
- Dealing with a sea of data. A single hard drive will contains many thousands of files that are not relevant to our investigation.
Forensic Data Knowledge Check ( Practice Quiz )
Q1. True or False. Only data files can be effectively analyzed during a forensic analysis.
- False
Q2. Most data files are smaller than the number of blocks allocated to their storage by the file system, the unused spaces are known as what?
- Slack space
Q3. What does file metadata known as “MAC” data stand for in the context of a forensic analysis?
- Modification, Access and Creation times
Q4. Open files are considered which data type?
- Volatile
Q5. True or False. When collecting forensic data from a running system, you should always attempt to collect volatile data first.
- True
Q6. Which operating system has a “Target Disk Mode” that allows a forensic investigator to easily make a copy of the target hard drive?
- Mac OS X
Q7. Which three (3) of the following are application components? (Select 3)
- Supporting files
- Log files
- Configuration settings
Q8. Which of these applications would likely be of the most interest in forensic analysis?
Q9. What useful forensic data can be extracted from the Application layer of the TCP/IP protocol stack?
- HTTP addresses
Q10. Which device would you inspect if you were looking for failed attempts to penetrate your company’s network?
- Firewall
Quiz 02 – Digital Forensics Assessment ( Main Quiz )
Q1. Digital forensics is commonly applied to which of the following activities?
- All of the above
Q2. Does NIST include three (3) steps in collecting data? (Select 3)
- Develop a plan to aquire the data
- Acquire the data
- Verify the integrity of the data
Q3. What is the primary purpose of maintaining a chain of custody?
- To avoid allegations of mishandling or tampering of evidence.
Q4. True or False. Digital forensics had been used to solve a number of high-profile violent crimes.
- True
Q5. True or False. A digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.
- False
Q6. Which section of a digital forensics report would include using the best practices of taking lots of screenshots, using built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?
- Findings & Analysis
Q7. Which types of files are appropriate subjects for forensic analysis?
- All of the above
Q8. Deleting file results in what action by most operating systems?
- The memory registers used by the file are marked as available for new storage but are otherwise not changed.
Q9. Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?
- A logical backup
Q10. How does a forensic analysis use hash sets acquired from NIST’s Software Reference Library project?
- They can quickly eliminate known good operating system and application files from consideration.
Q11. Which three (3) of the following data types are considered non-volatile? (Select 3)
- Dump files
- Logs
- Swap files
Q12. Configuration files are considered which data type?
- Non-volatile
Q13. True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.
- False
Q14. Which three (3) of the following are application components? (Select 3)
- Application architecture
- Authentication mechanisms
- Data files
Q15. Which of these applications would likely be of the least interest in forensic analysis?
- Patch files
Q16. The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)
- ICMP
- IPv4 / IPv6
Q17. Which device would you inspect if you were looking at event data correlated across a number of different network devices?
- Remote access server
Q18. Which of these sources might require a court order in order to obtain the data for forensic analysis?
- ISP records
Penetration Testing, Incident Response, and Forensics Week 04 Quiz Answers
Quiz 01 – Scripting Overview Knowledge Check
Q1. Which organization is credited with creating the first scripting language?
- IBM Corporation
Q2. Which concept of a scripting language helps with repetitive tasks?
- Loops
Q3. Which three (3) of the following are scripting languages? (Select 3)
- PowerShell
- JavaScript
- JCL
Q4. True or False. JavaScript greatly improved the functionality of web pages.
- True
Q5. Which Scripting language uses 1s and 0s in a two symbol system?
- Binary
Python Scripting Knowledge Check
Q1. Python can be best described as what?
- A high-level scripting language.
Q2. True or False. Extensive free resources are available on the web to make it relatively easy to learn Python.
- True
Q3. Indentations are used in Python code for which reason?
- To define a block of code and are required.
Q4. What file type is commonly used to store Python code?
- .py
Q5.
In the Python statement
pi=3
What is the data type of the variable pi?
- int
Q6. True or False. In the Python statements below
Example1=’A’
Example2=”B”
Example1 is a character variable type while Example2 is a string variable type.
- False
Q7. What will be printed by this Python code block?
pi=3
pi3=3*pi
print(pi3)
- 9
Q8. True or False. A tuple in Python is similar to a list but it is an immutable data type so its values cannot be changed after they are first set.
- True
Q9. How many times will a while loop execute in Python?
- As long as the specified condition is true.
Q10. True or False. Python functions must be purchased or downloaded in libraries from Python development companies. You must have Python SDK in order to develop your own functions.
- False
Q11. Which two (2) of these Python libraries provide useful scientific computing functions? (Select 2)
- Pandas
- NumPy
Quiz 02 – Introduction to Scripting Assessment
Q1. What was considered to be the first scripting language?
- JCL
Q2. Which concept of a scripting language is a memory address paired with a symbolic name (or identifier) which contains a value?
- Variables
Q3. Which three (3) of the following are scripting languages? (Select 3)
- Bash
- Perl
- Hex
Q4. Which Scripting language is a task automation and configuration management framework from Microsoft?
- PowerShell
Q5. Which is an example of how scripts are commonly used today?
- Task automation
Q6. What scripting concept is widely used across different languages to process a set of instructions over and over again until a specified condition is met?
- Loops
Q7. Bash is a scripting language developed for use with which operating system?
- UNIX
Q8. Which Python command would print out “Hello World”?
- print(“Hello World”)
Q9. Why does Python often take fewer lines of code to accomplish a task than C or Java?
- Python can utilize extensive function libraries.
Q10. How many spaces must be used to indent a block of code in Python?
- Any number 1 or more as long as the same indentation is used within a code block.
Q11. What will Python do when it encounters the hash character “#”?
- Treat everything to the right of the hash on the current line as a comment.
Q12. What will be printed by this Python code block?
pi=3.14159
pi=int(pi)
print(pi)
- 3
Q13. True or False. In the Python statements below
Example1=”3″
Example1 is a string variable type.
- True
Q14. What will be printed by this Python code block?
pi=”3″
pi3=3*pi
print(pi3)
- 333
Q15. How many times will the following Python for loop be executed assuming UNMembers is a list of the 193 members of the United Nations General Assembly?
for the country in UNMembers:
print(country)
- 193
Q16. What is one good reason to write your own function in Python?
- There is no library function already written that will do what you need
Q17. Which two (2) of these Python libraries provide useful graphics and visualization functions? (Select 2)
- Seaborn
- Matplotlib
All Course Quiz Answers of IBM Cybersecurity Analyst Professional Certificate
Course 01: Introduction to Cybersecurity Tools & Cyber Attacks
Course 02: Cybersecurity Roles, Processes & Operating System Security
Course 03: Cybersecurity Compliance Framework & System Administration
Course 04: Network Security & Database Vulnerabilities
Course 05: Penetration Testing, Incident Response, and Forensics
Course 06: Cyber Threat Intelligence
Course 07: Cybersecurity Capstone: Breach Response Case Studies
Course 08: IBM Cybersecurity Analyst Assessment