Cybersecurity LinkedIn Skill Assessment Answer

by
Rate this post

Here, We see Cybersecurity LinkedIn Skill Assessment Answers. This assessment test consists 15-20 MCQs to demonstrate your knowledge in your selected skills. MCQs comes from different topics – Design and Architecture; Security Concepts; Security Engineering; Security Governance, Risk, and Compliance (GRC); Security Operations (SecOps).

Table of Contents

Q1. According to the shared responsibility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?

  1. Hybrid Cloud
  2. Software as a Service (SaaS)
  3. Platform as a Service (PaaS)✔️
  4. Infrastructure as a Service (IaaS)

Q2. Which option removes the risk of multitenancy in cloud computing?

  1. PaaS
  2. public cloud
  3. private cloud✔️
  4. IaaS

Q3. Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?

  1. denial-of-service✔️
  2. brute force attacks
  3. malware
  4. buffer overflow

Q4. Which security control cannot produce an active response to a security event?

  1. cloud access security broker (CASB)
  2. intrusion prevention system (IPS)
  3. intrusion detection system (IDS)
  4. next generation firewall

Q5. Packet sniffer is also called _.

  1. SIEM
  2. UTM
  3. protocol analyzer✔️
  4. data sink

Q6. Which option tests code while it is in operation?

  1. code review
  2. code analysis
  3. static analysis
  4. dynamic analysis✔️

Q7. Which option describes testing that individual software developers can conduct on their own code?

  1. gray box testing
  2. integration testing
  3. white box testing
  4. unit testing✔️

Q8. In black box penetration testing, what information is provided to the tester about the target environment?

  1. none✔️
  2. limited details of server and network infrastructure
  3. all information
  4. limited details of server infrastructure

Q9. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

  1. intrusion prevention system (IPS)
  2. next generation firewall
  3. cloud access security broker (CASB)✔️
  4. intrusion detection system (IDS)

Q10. Which option describes the best defense against collusion?

  1. monitoring of normal employee system and data access patterns
  2. applying system and application updates regularly
  3. fault tolerant infrastructure and data redundancy
  4. separation of duties and job rotation✔️

ref

Q11. During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

  1. rainbow table attack✔️
  2. pass-the-hash attack
  3. password spray attack
  4. brute force attack

Explanation: A rainbow table attack is a more efficient and effective way of cracking many hashed passwords, whereas brute-forcing would take much longer and may not complete in a reasonable amount of time. ref

Q12. Which area is DMZ?

  1. 4
  2. 1
  3. 2✔️
  4. 3

Q13. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

  1. file hash
  2. asymmetric encryption
  3. digital signature
  4. symmetric encryption✔️

Q14. What is the difference between DRP and BCP

  1. DRP works to keep a business up and running despite a disaster. BCP works to restore the original business capabilities.✔️
  2. BCP works to keep a business up and running despite a disaster. DRP works to restore the original business capabilities.
  3. BCP is part of DRP.
  4. DRP is part of BCP.

Q15. Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?

  1. non-repudiation
  2. integrity
  3. availability✔️
  4. confidentiality

Source: LinkedIn assessment practice mode

Q16. You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?

  1. Cloud Security Posture Management (CSPM)✔️
  2. Intrusion Detection and Prevention System (IDPS)
  3. Cloud Workload Protection Platforms (CWPP)
  4. Cloud Access Security Brokers (CASBs)

Source: LinkedIn assessment practice mode

Q17. ____ validates the integrity of data files.

  1. Compression
  2. Hashing✔️
  3. Symmetric encryption
  4. Stenography

Q18. Which is an example of privacy regulation at the state government level in the U.S.?

  1. CCPA✔️
  2. GDPR
  3. NIST Privacy Framework
  4. OSPF

Q19. what is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?

  1. identity and access management (IAM)✔️
  2. privileged account management (PAM)
  3. authentication and authorization
  4. least privilege

Q20. You have configured audit settings in your organization’s cloud services in the event of a security incident. What type of security control is an audit trail?

  1. preventive control
  2. detective control
  3. directive control
  4. corrective control✔️

Q21. What is the name for a short-term interruption in electrical power supply?

  1. grayout
  2. blackout✔️
  3. brownout
  4. whiteout

Q22. Your security team recommends adding a layer of defense against emerging persistent threats and zero-day exploits for all endpoints on your network. The solution should offer protection from external threats for network-connected devices, regardless of operating system. Which solution is best suited to meet this requirement?

  1. Security Information Event Management (SIEM)
  2. Extended Detection and Response (XDR)
  3. next generation firewall (NGFW)✔️
  4. Cloud App Security Broker (CASB)

Q23. Which is not a threat modelling methodology?

  1. TRIKE
  2. TOGAF✔️
  3. STRIDE
  4. MITRE ATT&CK

Q24. You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application’s source code.

Which strategy should you choose?

  1. dynamic application security testing✔️
  2. unit testing
  3. white box testing
  4. static application security testing

Q25. You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?

  1. Mobile Device Management (MDM)✔️
  2. Data Loss Prevention (DLP)
  3. Intrusion Detection and Prevention System (IDPS)
  4. cloud access security broker (CASB)

Leave a Comment

3 × 4 =