All Coursera Quiz Answers

Assets, Threats, and Vulnerabilities Weekly challenge 4 Quiz Answers

In this article i am gone to share Coursera Course: Assets, Threats, and Vulnerabilities Weekly challenge 4 Quiz Answers with you..

Enroll Link: Assets, Threats, and Vulnerabilities


Also Visit:  Assets, Threats, and Vulnerabilities Weekly challenge 3 Quiz Answers


Assets, Threats, and Vulnerabilities Weekly challenge 4 Quiz Answers

Question 1)
Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

  • distribute malicious email
  • obtain access credentials
  • establish trust
  • perform open-box testing

Question 2)
What is the most common form of social engineering used by attackers?

  • Adware
  • Malware
  • Ransomware
  • Phishing

Question 3)
Which of the following are not types of malware? Select two answers.

  • SQL injection
  • Worm
  • Cross-site scripting
  • Virus

Question 4)
Which type of malware requires the user to make a payment to the attacker to regain access to their device?

  • Ransomware
  • Cryptojacking
  • Botnets
  • Brute force attacks

Question 5)
Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.

  • Increased CPU usage
  • Unusually high electricity costs
  • Sudden system crashes
  • Modified or deleted files

Question 6)
What is malicious code that is inserted into a vulnerable application called?

  • Cryptojacking
  • Input validation
  • Social engineering
  • Injection attack

Question 7)
An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site’s server and activated during the server’s response.

This is an example of what type of injection attack?

  • DOM-based
  • Stored
  • Reflected
  • SQL injection

Question 8)
Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

  • Credit card payment forms
  • User login pages
  • Pop-up advertisements
  • Social media feeds

Question 9)
A security team is conducting a threat model on a new software system. The team is creating their plan for defending against threats. Their choices are to avoid risk, transfer it, reduce it, or accept it.

Which key step of a threat model does this scenario represent?

  • Analyze threats
  • Define the scope
  • Mitigate risks
  • Evaluate findings

Question 10)
During which stage of the PASTA framework is an attack tree created?

  • Attack modeling
  • Vulnerability analysis
  • Threat analysis
  • Decomposing an application


Question 11)
Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

  • Pretexting
  • Vishing
  • Smishing
  • Whaling

Question 12)
What are the characteristics of a ransomware attack? Select three answers.

  • Attackers display unwanted advertisements on the device.
  • Attackers demand payment to restore access to a device.
  • Attackers make themselves known to their targets.
  • Attackers encrypt data on the device without the user’s permission.

Question 13)
Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

  • earn
  • mine
  • collect
  • invest

Question 14)
Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.

What type of attack did the researchers perform?

  • Social engineering
  • Ransomware
  • Input sanitization
  • Injection

Question 15)
Fill in the blank: A _____ cross-site scripting (XSS) attack is an instance when malicious script exists in the webpage a browser loads.

  • DOM-based
  • Reflected
  • Stored
  • Brute force

Question 16)
What are the reasons that an attacker would perform a SQL injection attack? Select three answers.

  • To gain administrative rights to a database
  • To steal the access credentials of users in a database
  • To delete entire tables in a database
  • To send phishing messages to users in a database

Question 17)
What are some key benefits of the threat modeling process? Select all that apply.

  • Reduce an attack surface
  • Remediate all vulnerabilities
  • Help prioritize threats
  • Identify points of failure

Question 18)
A security team is decomposing an application during a PASTA threat model. What information will they discover during this step of the process?

  • Which data owners are compromising the organization
  • How the application handles data and which controls are in place
  • The vulnerabilities that have been reported to the CVE® list
  • The types of threats that can be used to compromise data


Question 19)
A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.

What type of attack did the hacktivist group perform?

  • Quid pro quo
  • Injection
  • Watering hole
  • Rainbow table

Question 20)
Which of the following are coding techniques that can be used to prevent SQL injection attacks? Select three answers.

  • Public key infrastructure (PKI)
  • Input sanitization
  • Prepared statements
  • Input validation

Question 21)
Which of the following could be examples of social engineering attacks? Select three answers.

  • A pop-up advertisement promising a large cash reward in return for sensitive information
  • A lost record of important customer information
  • An email urgently asking you to send money to help a friend who is stuck in a foreign country
  • An unfamiliar employee asking you to hold the door open to a restricted area

Question 22)
What is the main difference between a vishing attack and a smishing attack?

  • Vishing makes use of voice calls to trick targets.
  • Vishing exploits social media posts to identify targets.
  • Vishing involves a widespread email campaign to steal information.
  • Vishing is used to target executives at an organization.

Question 23)
A government contractor is tricked into installing a virus on their workstation that encrypts all their files. The virus displays a message on the workstation telling the contractor that they can have the files decrypted if they make a payment of $31,337 to an email address.

What type of attack is this an example of?

  • Cross-site scripting
  • Ransomware
  • Brute force attack
  • Scareware

Question 24)
Which stage of the PASTA framework is related to identifying the application components that must be evaluated?

  • Perform a vulnerability analysis
  • Define the technical scope
  • Characterize the environment
  • Implement prepared statements

Question 25)
A threat actor tricked a new employee into sharing information about a senior executive over the phone.

This is an example of what kind of attack?

  • Social engineering
  • SQL injection
  • Malware
  • Credential stuffing

Question 26)
Fill in the blank: The main difference between a worm and a virus is that a worm can _____.

  • replicate itself across devices without requiring users to perform an action
  • take control of an infected system by encrypting its data
  • operate without the target’s knowledge
  • be delivered inside of a legitimate-looking application

Question 27)
Fill in the blank: A(n) _____ tool can be used by security professionals to catch abnormal activity, like malware mining for cryptocurrency.

  • Fileless malware
  • Spyware
  • Attack tree
  • Intrusion detection system (IDS)

Question 28)
A small business that sells online courses conducted a threat modeling exercise on its data systems. The team conducting the exercise started by defining the scope of the model. Then, they identified threat actors who might target the data systems. Next, the team is creating a diagram that maps threats to assets that are being protected.
What is this type of diagram called?

  • User provisioning
  • Bug bounty
  • Attack tree
  • Rainbow table

Question 29)
An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.
This is an example of what type of injection attack?

  • Stored
  • Reflected
  • Brute force
  • DOM-based

Question 30)
A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.
The malware hidden in this editing software is an example of which type of malware?

  • Adware
  • Scareware
  • Trojan
  • Spyware