All Practice Exams
100+ Free IBM Cybersecurity Analyst Practice Questions
IBM Cybersecurity Analyst Professional Certificate (Coursera) practice questions are available now; exam metadata is being verified.
✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0
A penetration tester uses Metasploit to deliver a payload after identifying a vulnerable service. Which phase of the engagement does this represent?
A
B
C
D
to track
Same family resources
Explore More IBM Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
2026 Statistics
Key Facts: IBM Cybersecurity Analyst Exam
8 courses
Program length
IBM / Coursera
80%
Minimum passing grade
IBM / Coursera
No expiry
Certificate validity
Coursera
4-8 months
Typical completion time
IBM / Coursera
QRadar, ZAP, Python
Hands-on tools
IBM Skills Network
Security+ prep
Aligned certification target
IBM
The IBM Cybersecurity Analyst Professional Certificate is an eight-course Coursera program delivered by IBM, earned with a minimum 80% grade and a passing final assessment, and included in a Coursera subscription with no separate exam fee. It covers OS and network security, threat intelligence and vulnerability management (CVE/CVSS), penetration testing, incident response and forensics, SIEM with IBM QRadar, and compliance frameworks (NIST, GDPR, HIPAA, PCI-DSS), capped by a real-world breach capstone. There is no fixed question count and the credential does not expire.
Sample IBM Cybersecurity Analyst Practice Questions
Try these sample questions to test your IBM Cybersecurity Analyst exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1The CIA triad is the foundational model taught early in the IBM Cybersecurity Analyst program. Which security goal is directly violated when an attacker alters values in a database without authorization?
A.Confidentiality
B.Availability
C.Integrity
D.Non-repudiation
Explanation: Integrity ensures that data is accurate, complete, and unmodified except by authorized parties. Unauthorized alteration of database values is a textbook integrity violation, which controls such as hashing, digital signatures, and access controls are designed to prevent.
2A SOC analyst follows the principle of least privilege when provisioning a new helpdesk account. Which configuration best reflects this principle?
A.Granting local administrator rights so the user never gets blocked
B.Disabling logging on the account to reduce noise
C.Adding the account to the Domain Admins group for convenience
D.Granting only the specific permissions needed to perform helpdesk tasks
Explanation: Least privilege means each user, process, or system is granted only the minimum access required to perform its function and nothing more. Limiting a helpdesk account to the precise permissions needed reduces the attack surface and the blast radius if the account is compromised.
3On a Linux system, which command displays the permission bits, owner, and group of files in the current directory in long format?
A.chmod -R
B.pwd
C.ls -l
D.whoami
Explanation: The 'ls -l' command lists directory contents in long format, showing the permission string (for example, -rwxr-xr--), owner, group, size, and modification time. Reading these permission bits is a core Linux administration skill for a security analyst auditing file access.
4In the Windows operating system, which feature uses access tokens and security identifiers (SIDs) to determine whether a process can access a securable object?
A.Windows Defender Firewall
B.Task Scheduler
C.BitLocker drive encryption
D.Access control through the Security Reference Monitor
Explanation: Windows enforces authorization by comparing the access token (which contains the user's SID and group SIDs) against the discretionary access control list (DACL) on the securable object. The Security Reference Monitor in the kernel performs this access check, the foundation of Windows access control.
5Which authentication concept is demonstrated when a user must provide a password AND a one-time code from a hardware token to log in?
A.Single sign-on
B.Federated identity
C.Multi-factor authentication combining 'something you know' and 'something you have'
D.Role-based access control
Explanation: Multi-factor authentication (MFA) requires two or more independent factors from different categories: something you know (password), something you have (token), or something you are (biometric). Combining a password with a hardware-token code uses two distinct factor categories, which is what makes MFA stronger than a password alone.
6A SOC is typically organized into analyst tiers. Which task is most characteristic of a Tier 1 (level 1) security analyst?
A.Performing deep malware reverse engineering
B.Leading enterprise threat-hunting campaigns
C.Triaging and monitoring incoming SIEM alerts and escalating true positives
D.Designing the organization's overall security architecture
Explanation: Tier 1 analysts are the first line of the SOC: they monitor dashboards, triage incoming alerts, filter out false positives, and escalate confirmed incidents to Tier 2 for deeper investigation. This triage role is central to the analyst processes taught in the IBM program.
7Which type of malware disguises itself as legitimate software to trick a user into installing it, then performs malicious actions in the background?
A.Worm
B.Logic bomb
C.Rootkit
D.Trojan horse
Explanation: A Trojan horse masquerades as a benign or desirable program to deceive the user into running it, after which it delivers a malicious payload such as a backdoor. Unlike a worm, a Trojan does not self-replicate; it relies on the user being tricked into executing it.
8An attacker sends a crafted email impersonating a bank to trick users into entering credentials on a fake site. The program teaches that this social-engineering technique is called what?
A.Phishing
B.Pharming
C.Smishing
D.Tailgating
Explanation: Phishing uses fraudulent emails (or messages) that impersonate a trusted entity to lure victims into revealing credentials or clicking malicious links. It is one of the most common initial-access vectors and a core social-engineering concept in the IBM curriculum.
9Which statement best describes the difference between authentication and authorization?
A.Authentication grants permissions; authorization verifies identity
B.They are interchangeable terms for the same control
C.Authentication verifies who you are; authorization determines what you are allowed to do
D.Authentication is only for machines; authorization is only for humans
Explanation: Authentication establishes identity (proving you are who you claim to be), while authorization decides which resources and actions that authenticated identity may access. A user is first authenticated, then authorized against access-control policies.
10On macOS and other Unix-like systems, which mechanism extends traditional owner/group/other permissions to grant fine-grained access to specific users?
A.Access Control Lists (ACLs)
B.The sudoers timeout
C.The /etc/shadow file
D.Address Space Layout Randomization
Explanation: Access Control Lists (ACLs) supplement the classic Unix owner/group/other model by letting administrators grant or deny permissions to named individual users or groups on a per-object basis. macOS supports file-system ACLs to provide this granularity beyond the standard rwx bits.
About the IBM Cybersecurity Analyst Practice Questions
Verified exam format metadata for IBM Cybersecurity Analyst Professional Certificate (Coursera) is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.