In this article i am gone to share Coursera Course: Assets, Threats, and Vulnerabilities Weekly challenge 3 Quiz Answers with you..

Enroll Link: Assets, Threats, and Vulnerabilities

 

Also Visit:  Assets, Threats, and Vulnerabilities Weekly challenge 2 Quiz Answers

 

Assets, Threats, and Vulnerabilities Weekly challenge 3 Quiz Answers

Question 1)
An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges.

The application’s broken access controls are an example of what?

• A vulnerability
• A threat
• An exploit
• A security control

Question 2)
Fill in the blank: The five layers of the defense in depth model are: perimeter, network, endpoint, application, and _____.

• session
• transport
• physical
• data

Question 3)
What is the difference between the application and data layers of the defense in depth model?

• The application layer secures information with controls that are programmed into the application itself. The data layer maintains the integrity of information with controls like encryption and hashing.
• The data layer includes controls like encryption and hashing to secure data at rest. The application layer protects individual devices that are connected to a network.
• The data layer only allows employees to access information. The application layer secures information with controls that are programmed into the application itself.
• The application layer maintains the integrity of information with controls like encryption and hashing. The data layer blocks network traffic from untrusted websites.

Question 4)
Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.

• 9
• 4
• 1
• 11

Question 5)
Which of the following are characteristics of the vulnerability management process? Select two answers.

• Vulnerability management is a way to limit security risks.
• Vulnerability management is a way to discover new assets.
• Vulnerability management should consider various perspectives.
• Vulnerability management should be a one-time process.

Question 6)
What is the main goal of performing a vulnerability assessment?

• To catalog assets that need to be protected
• To pass remediation responsibilities over to the IT department
• To practice ethical hacking techniques
• To identify weaknesses and prevent attacks

Question 7)
What are the two types of attack surfaces that security professionals defend? Select two answers.

• Physical
• Intellectual property
• Digital
• Brand reputation

Question 8)
An online newspaper suffered a data breach. The attackers exploited a vulnerability in the login form of their website. The attackers were able to access the newspaper’s user database, which did not encrypt personally identifiable information (PII).

What attack vectors did the malicious hackers use to steal user information? Select two answers.

• The user database
• The online login form
• The newspaper’s website
• The unencrypted PII

Question 9)
A security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.

Which steps of an attacker mindset should the team perform to figure this out? Select three answers.

• Determine how the target can be accessed.
• Evaluate attack vectors that can be exploited.
• Identify a target.
• Consider potential threat actors.

Question 10)
Consider the following scenario:

You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.
Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.

• Evaluate how the app handles user data.
• Identify the types of users who will interact with the app.
• Ensure the app’s login form works.
• Integrate the app with existing educational resources.

 

Question 11)
A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.

The outdated WiFi router is an example of what?

• An access control
• An exploit
• A vulnerability
• A threat

Question 12)
Why do organizations use the defense in depth model to protect information? Select two answers.

• Security teams can easily determine the “who, what, when, and how” of an attack.
• Threats that penetrate one level can be contained in another.
• Layered defenses reduce risk by addressing multiple vulnerabilities.
• Each layer uses unique technologies that communicate with each other.

Question 13)
A security team is preparing new workstations that will be installed in an office.

Which vulnerability management steps should they take to prepare these workstations? Select three answers.

• Consider who will be using each computer.
• Install a suite of collaboration tools on each workstation.
• Configure the company firewall to allow network access.
• Download the latest patches and updates for each system.

Question 14)
A security team is conducting a periodic vulnerability assessment on their security procedures. Their objective is to review gaps in their current procedures that could lead to a data breach. After identifying and analyzing current procedures, the team conducts a risk assessment.

What is the purpose of performing a risk assessment?

• To adjust current security procedures
• To score vulnerabilities based on their severity and impact
• To fix vulnerabilities that have been identified
• To simulate attacks that could be performed against each vulnerability

Question 15)
Fill in the blank: All the potential vulnerabilities that a threat actor could exploit is called an attack _____.

• vector
• surface
• database
• network

Question 16)
What are ways to protect an organization from common attack vectors? Select three answers.

• By educating employees about security vulnerabilities
• By not practicing an attacker mindset
• By implementing effective password policies
• By keeping software and systems updated

Question 17)
Which of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.

• It must be submitted with supporting evidence.
• It must be independent of other issues.
• It must pose a financial risk.
• It must be recognized as a potential security risk.
• It can only affect one codebase.

Question 18)
What is the purpose of vulnerability management? Select three answers.

• To uncover vulnerabilities and reduce their exploitation
• To track assets and the risks that affect them
• To identify exposures to internal and external threats
• To review an organization’s internal security systems

Question 19)
Which of the following are types of attack surfaces? Select three answers.

• Malicious software
• Cloud servers
• Network routers
• Computer workstations

Question 20)
A project manager at a utility company receives a suspicious email that contains a file attachment. They open the attachment and it installs malicious software on their laptop.

What are the attack vectors used in this situation? Select two answers.

• The infected workstation
• The suspicious email
• The file attachment
• The malicious software

Question 21)
What phase comes after identifying a target when practicing an attacker mindset?

• Prepare defenses against threats.
• Find the tools and methods of attack.
• Evaluate the target’s attack vectors.
• Determine how the target can be accessed

Question 22)
What security strategy uses a layered approach to prevent attackers from gaining access to sensitive data?

• Defense in depth
• Caesar’s cipher
• Triple DES (3DES)
• Kerchoff’s principle

Question 23)
What is the main purpose of the CVE® list?

• To share a standard way of identifying and categorizing known vulnerabilities and exposures
• To keep a record of the coding mistakes of major software developers
• To create a dictionary of threats to organizational assets that must be addressed
• To provide organizations with a framework for managing cybersecurity risk

Question 24)
What is not a step of practicing an attacker mindset?

• Determine how a target can be accessed.
• Evaluate attack vectors that can be exploited.
• Identify ways to fix existing vulnerabilities.
• Find the tools and methods of attack.

Question 25)
Which of the following are reasons that security teams practice an attacker mindset? Select three answers.

• To exploit flaws in an application’s codebase
• To find insights into the best security controls to use
• To uncover vulnerabilities that should be monitored
• To identify attack vectors

Question 26)
Which layer of the defense in depth model relates to user devices that have accessed a network?

• Perimeter
• Endpoint
• Data
• Application

Question 27)
Fill in the blank: An attack _____ refers to the pathways attackers use to penetrate security defenses.

• landscape
• surface
• vector
• vulnerability

Question 28)
During a vulnerability assessment, a scanner identifies a vulnerable onsite server. After analyzing the server, you discover that its operating system is missing critical updates.

What is the next step you should take in the vulnerability assessment process?

• Scan the millions of devices that connect to the server.
• Disregard the outdated operating system because the device is operational.
• Deactivate the server because its operating system is outdated.
• Perform a risk assessment of the old operating system.

Question 1)
Consider the following scenario:
A cloud service provider has misconfigured a cloud drive. They’ve forgotten to change the default sharing permissions. This allows all of their customers to access any data that is stored on the drive.
This misconfigured cloud drive is an example of what?

• An exploit
• A vulnerability
• A threat
• A security control