Course quiz: Cybersecurity threat vectors and mitigation Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Threat Vectors and Mitigation by Microsoft Week 5 | Course quiz: Cybersecurity threat vectors and mitigation Quiz Answers with you..
Enrol Link: Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation by Microsoft Week 5 Quiz Answers
Course quiz: Cybersecurity threat vectors and mitigation Quiz Answers
Question 1)
What is the main benefit of incremental backup over full backup?
- It only backs up the changed data since the last backup.
- It offers better data compression and deduplication.
- It provides a more comprehensive backup of all data.
- It allows for faster data restoration in case of a failure.
Question 2)
True or False: Human error is one of the major causes of data breaches.
- True
- False
Question 3)
As a cybersecurity specialist, you discovered that most of the computers in your organization are showing similar abnormal activities. Some of these computers in the network are not even connected to the internet, yet they got infected by malware. What could be the issue here? Select all that apply.
- They got infected by a worm.
- They got infected by a virus.
- They got infected by a trojan.
- They are suffering from a bug in the operating system.
Question 4)
True or False: Stuxnet is considered the groundbreaking malware that showcased its ability to attack industrial systems and cause significant damage.
- True
- False
Question 5)
A company has fallen victim to a ransomware attack, and the attackers have encrypted their important files. The attackers are demanding a ransom in cryptocurrency to provide the decryption key. What is the recommended course of action for the company? Select all that apply.
- Disconnecting all affected systems from the network and isolating them to prevent the further spread of the ransomware.
- Restoring the affected systems from clean backups and strengthening cybersecurity measures.
- Reporting the incident to law enforcement and providing any available information about the attackers.
- Immediately paying the ransom to regain access to the encrypted files quickly.
Question 6)
A cybersecurity analyst team found a new malware that can change its size and its code regularly. However, the code is not encrypted. What type of malware is it?
- Fileless malware
- Ransomware
- Polymorphic malware
- Metamorphic malware
Question 7)
Jamie accidentally deleted an important file containing personal data from their computer. Jamie needs to recover the file to meet a deadline but didn’t have a backup. What would be the best course of action for Jamie to attempt personal data recovery? Select all that apply.
- Stop using the computer and try using file recovery software.
- Consult a professional data recovery service.
- Check external storage devices or cloud storage for a copy of the deleted file.
- Recreate the file from scratch.
Question 8)
Which of the following strategies should you follow to keep your personal data secure? Select all that apply.
- Regularly update your operating system and software applications.
- Use common and easily guessable passwords for all your accounts.
- Install multiple antivirus software for better protection.
- Regularly back up your data to an external hard drive or a cloud storage system.
Question 9)
What is the main difference between heuristic analysis and behavioral analysis in the context of cybersecurity?
- Heuristic analysis involves analyzing the behavior of files, processes, or entities, while behavioral analysis looks for patterns and characteristics associated with known malware.
- Heuristic analysis focuses on identifying potential threats based on known patterns and characteristics, while behavioral analysis observes and detects abnormal activities and deviations from expected behavior.
- Heuristic analysis analyzes network traffic patterns, while behavioral analysis focuses on examining code and file structure.
- Heuristic analysis and behavioral analysis are interchangeable terms in the context of cybersecurity.
Question 10)
Which type of encryption is typically used for securing large amounts of data?
- Transposition cipher encryption
- Substitution cipher encryption
- Symmetric encryption
- Asymmetric encryption
Question 11)
Which of the following encryption protocols is most suitable for encrypting email messages?
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
- PGP (Pretty Good Privacy)
- SSH (Secure Shell)
- SSL (Secure Sockets Layer)
Question 12)
What role does hashing play in ensuring the integrity of files in an organization?
- By compressing files to reduce their footprint on storage drives.
- By increasing the size of files to meet storage requirements.
- By converting the data into an encrypted format that cannot be read without a key.
- By generating a unique hash value for each file and comparing it to the original when needed.
Question 13)
By using SSL and TLS certificates, organizations can ensure the safeguard of their internal communication channels, including intranets, VPNs, and messaging applications, and remote access?
- True
- False.
Question 14)
Which of the following best describes the role of centralized authentication and authorization systems in managing network access?
- They heighten the potential for access violations by focusing on a single point of authentication.
- They require organizations to use different access control systems for each data center.
- They increase the complexity of managing network access by requiring individual access protocols for each machine.
- They enable organizations to manage network access across a variety of users from a single point, reducing inconsistencies and potential access violations.
Question 15)
Kerberos is an authentication protocol that uses __________ cryptography to securely authenticate client-server applications on a network.
- private-key
- secret-key
- session-key
- public-key
Question 16)
The ________ protocol is primarily used for authenticating, authorizing, and accounting for network users.
- FTP
- RADIUS
- SNMP
- IMAP
Question 17)
Which of the following is a data transmission threat? Select all that apply.
- Data was accessed and changed without proper authorization by an unknown external entity while sending as an email attachment.
- Data was being uploaded to a backup server. An external entity intercepted the transfer process and captured the data.
- An external entity pretended to be the CEO of a business organization and asked you to submit a resignation letter immediately.
- An external entity accessed the company database and exfiltrated it.
Question 18)
True or False: A temporary website outage due to a distributed denial-of-service (DDoS) attack can be considered an example of an advanced persistent threat (APT) attack.
- True
- False
Question 19)
True or False: The scenario where a smart home device automatically reorders grocery items when they run low based on predefined preferences set by the homeowner represents a potential IoT threat.
- True
- False
- This scenario demonstrates a beneficial feature of IoT technology that enhances convenience and efficiency for homeowners. As long as the ordering process is secure and the homeowner’s preferences are respected, there is no inherent threat associated with this scenario.
Question 20)
How can organizations ensure better endpoint security? Select all that apply.
- Enabling multifactor authentications for all endpoints.
- Disabling all internet connectivity on endpoints to eliminate external threats.
- Training employees on best practices for endpoint security and raising awareness about potential threats.
- Regularly updating and patching operating systems and applications.
Question 21)
True or False: An Intrusion Detection and Prevention System (IDPS) can only detect and alert about security breaches but cannot take automated actions to prevent them.
- True
- False
Question 22)
Which of the following are valid application update types? Select all that apply.
- Security updates
- Feature updates
- Patch updates
- Performance updates
Question 23)
True or False: Security compliance is essential because it helps in the protection of sensitive data and aids in preventing data breaches.
- True
- False
Question 24)
In the risk management cycle, after risks are identified, they are then ______________.
- monitored and reviewed
- mitigated
- quantified
Question 25)
Under GDPR, which right allows data subjects to demand that their data be deleted?
- Right to be forgotten
- Right to restrict processing
- Right to rectification
- Right to data portability
Question 26)
According to GDPR, companies must obtain _______ consent from users for the use of cookies and provide them with an option to reject them.
- Explicit
- Express
- Implicit
- Indirect
Question 27)
PCI-DSS applies to all entities involved in activities related to ___________.
- credit card transactions
- social media accounts
- email communications
- personal identification information
Question 28)
True or False: The concept of identity in a network is only based on a person’s name.
- True
- False
Question 29)
True or False: The adoption of single sign-on (SSO) increases administrative costs because it raises the number of password-related issues the IT help desk teams must manage.
- True
- False
Question 30)
What is the primary function of organizational units (OUs) within domains?
- OUs are used for tracking the organization’s financial transactions.
- OUs apply Group Policy settings and delegate administrative authority.
- OUs primarily help in troubleshooting network issues.
- OUs increase the organization’s overall operational costs.
Question 31)
True or False: Relying solely on incremental backup is sufficient as a backup strategy.
- True
- False
Question 32)
Which of the following malware spread by exploiting the vulnerabilities found in a computer in the network?
- Trojans
- Worms
- Rootkits
- Ransomware
Question 33)
Which of the following techniques are commonly used in ransomware attacks? Select all that apply.
- Physical theft of computer hardware or storage devices.
- Exploiting software vulnerabilities to gain unauthorized access.
- Phishing emails with malicious attachments or links.
- Distributed Denial of Service (DDoS) attacks.
Question 34)
A cybersecurity analyst team discovered a new type of malware that encrypts its code to evade detection. The malware also changes its code structure and appearance with each iteration. What type of malware is it?
- Polymorphic malware
- Metamorphic malware
- Fileless malware
- Ransomware
Question 35)
Which of the following steps should you follow before selling a laptop to prevent data theft? Select all that apply.
- Delete files and folders manually from the laptop’s storage.
- Perform a factory reset or reinstall the operating system.
- Use data erasure software to wipe the hard drive securely.
- Remove the hard drive from the laptop and keep it separately.
Question 36)
True or False: S/MIME is typically used to encrypt email communications.
- True
- False
Question 37)
How are intranets, VPNs, and messaging applications, as well as remote access, secured within organizations?
- By using SSL and TLS certificates.
- By regularly changing their network passwords.
- By employing firewalls and antivirus software.
- By sharing sensitive data only through encrypted emails.
Question 38)
By having ____________ of authentication, organizations can enforce consistent access policies across various networks and services, reducing the administrative workload and enhancing security.
- anonymous points
- distributed servers
- multiple points
- a single point
Question 39)
True or False: Kerberos is used to authenticate client-server applications by using a public-key infrastructure.
- True
- False
Question 40)
Which of the following are the main features of an advanced persistent threat (APT) attack? Select all that apply.
- Coordinated and prolonged efforts
- Random attacks
- Persistent targeting
- Advanced techniques
Question 41)
Jamie is currently in the middle of a critical project and using an outdated version of the Windows operating system. It will take at least one more month to complete this project. One day, he noticed that there was a security update released by Microsoft for the same version of the operating system. There is also a newer version of Windows released. What would be the appropriate step for Jamie?
- Install the security update for the current version of the Windows operating system and continue with the project.
- Ignore both the security update and the newer version of the Windows operating system.
- Upgrade to the newer version of the Windows operating system immediately.
- Delay the installation of the security update until the project is completed.
Question 42)
Why is security compliance important in an organization?
- It ensures employees understand all technical aspects of security systems.
- It allows the company to save money on cybersecurity software.
- It reduces the need for internal audits.
- It helps protect sensitive data and prevent data breaches.
Question 43)
True or False: The risk management cycle starts with quantifying the risks.
- True
- False
Question 44)
According to GDPR, what is mandatory for companies to provide to users regarding the use of cookies on their websites?
- Explicit consent and an option to reject cookies.
- Only information that cookies are being used.
- An option to accept cookies but not to reject them.
- An option to customize the level of cookies, but no need for explicit consent.
Question 45)
What does identity refer to in the context of a network?
- Distinctive representation or digital persona of a user or system.
- Encryption keys used for secure communication.
- Physical characteristics of a user or system.
- Authentication credentials such as passwords.
Question 46)
How does the adoption of single sign-on (SSO) impact an organization’s administrative costs?
- It has no impact on the administrative costs.
- It increases administrative costs due to complex password-related issues.
- It reduces administrative costs by eliminating a significant proportion of password-related issues.
- It reduces administrative costs by increasing the workload of IT Help Desk teams.
Question 47)
True or False: Organizational units (OUs) within domains are primarily used to increase the organization’s operational costs.
- True
- False
Question 48)
Which of the following statements are correct regarding the use of an incremental backup system? Select all that apply.
- It saves backup restore time.
- It saves backup time.
- It saves storage.
- It prevents data corruption.
Question 49)
In a ransomware-infected system, why is it tough to recover the data or files?
- The files are overwritten by new malicious files.
- The files are moved to an undisclosed location on the network.
- The files are physically deleted from the system.
- The files are securely encrypted by the ransomware.
Question 50)
Jamie lost their laptop with important data. Which of the following steps makes it harder for someone to retrieve or steal data from it? Select all that apply.
- Set a strong password or passphrase for the laptop.
- Enable full-disk encryption on the laptop.
- Enable automatic software updates on the laptop.
- Install antivirus and firewall applications.
Question 51)
True or False: Heuristic analysis is more important than behavioral analysis.
- True
- False
Question 52)
True or False: For large amounts of data, asymmetric encryption is usually utilized.
- True
- False
Question 53)
______ can assist organizations in verifying the integrity of files.
- Compressing files to reduce their footprint on storage drives
- Generating a unique hash value for each file and comparing it to the original when needed
- Increasing the size of files to meet storage requirements
- Converting the data into an encrypted format that cannot be read without a key
Question 54)
Which of the following are solutions offered by Microsoft for Endpoint Security? Select all that apply.
- Microsoft Defender Antivirus and Microsoft Defender Firewall
- Microsoft Office 365 and Microsoft Azure Active Directory
- Microsoft Secure Score and Microsoft Intune
- Microsoft SQL Server and Microsoft SharePoint
Question 55)
What is the purpose of an Intrusion Detection and Prevention System (IDPS)? Select all that apply.
- Encrypting sensitive data during transmission to protect it from interception.
- Collecting and analyzing logs to detect patterns and trends for proactive security measures.
- Monitoring network traffic and identifying potential security breaches or malicious activities.
- Blocking and preventing unauthorized access attempts to a network or system.
Question 56)
Security compliance is important because it helps protect _____.
- sensitive data
- buildings
- software
- reputation
Question 57)
Under GDPR, the ________ law allows individuals to stop the processing of their personal data.
- Right to object
- Right to restrict processing
- Right to rectification
- Right to be forgotten
Question 58)
True or False: Under GDPR, it is sufficient for websites to merely inform users that cookies are being used without obtaining explicit consent or providing an option to reject them.
- True
- False
Question 59)
True or False: PCI-DSS was introduced by major credit card organizations as a measure to combat credit card fraud.
- True
- False
Question 60)
Which of the following are valid impacts when an organization suffers from data breaches? Select all that apply.
- Huge cost in restoring the servers and hardware
- Financial loss and legal liabilities
- Loss of customer trust and loyalty
- Huge time and money in data restoration and encryption
Question 61)
Which of the following malware can spread automatically? Select all that apply.
- Viruses
- Worms
- Ransomware
- Rootkits
- Trojans
Question 62)
True or False: Full disk encryption can prevent data theft if someone knows your computer password.
- True
- False
Question 63)
True or False: A centralized authentication and authorization system complicates management and reduces control by distributing access across various networks and services.
- True
- False
Question 64)
True or False: If someone silently listens to the communication between two parties, it will still be considered a data transmission threat.
- True
- False
Question 65)
Which of the following scenarios is an example of an Advanced Persistent Threat (APT) attack?
- A company’s website experiences a temporary outage due to a distributed denial-of-service (DDoS) attack.
- An organization experiences a data breach where sensitive customer information is compromised due to a phishing email campaign.
- An employee accidentally opens a malicious email attachment, triggering a malware infection on their workstation.
- A sophisticated external team persistently targets a nuclear facility in Iran, deploying the Stuxnet worm to cause significant damage.
Question 66)
Which of the following can be the devastating impact of IoT threats? Select all that apply.
- Disruption in cloud-based technologies, leading to service outages and data loss.
- Unauthorized access to personal information and sensitive data.
- Manipulation or control of IoT devices for malicious purposes, such as surveillance or attacks.
- C: Increased monthly utility bills.
Question 67)
How does an Intrusion Detection and Prevention System (IDPS) work?
- It scans all files and documents stored on the network for any signs of malware or malicious code.
- It encrypts all network traffic to ensure secure communication between endpoints.
- It analyzes network traffic and compares it against known patterns or signatures of known attacks.
- It actively blocks all incoming network traffic to prevent any potential attacks.
Question 68)
What PCI-DSS is primarily aimed at ensuring the security of?
- Email communications
- Social media accounts
- Personal identification information
- Financial transactions
Question 69)
Identity in a network is like a digital ___________ that is unique and specific to each user or system.
- fingerprint
- stamp
- avatar
Question 70)
Stuxnet was a highly sophisticated cyberweapon that made headlines for its targeted attacks on industrial systems. Which of the following statements is true about Stuxnet?
- Stuxnet exploited vulnerabilities in Macintosh computers.
- Stuxnet leveraged zero-day vulnerabilities.
- Stuxnet propagated through social media platforms.
- Stuxnet primarily targeted financial institutions.
Question 71)
Which of the following strategies should you follow to keep your personal data secure? Select all that apply.
- Use common and easily guessable passwords for all your accounts.
- Install multiple antivirus software for better protection.
- Regularly update your operating system and software applications.
- Regularly back up your data to an external hard drive or a cloud storage system.
Question 72)
True or False: The RADIUS protocol is used primarily for file sharing across a network.
- True
- False
Question 73)
By reducing the volume of password-related issues, the adoption of single sign-on (SSO) can lead to ________ administrative costs in an organization.
- increased
- untracked
- reduced
- expanded
Question 74)
Which of the following systems were affected by the Stuxnet worm?
Banking and financial institutions.- Government communication networks.
- Industrial control systems (SCADA systems).
- Global transportation networks.
Question 75)
Besides malware attacks, which of the following options can cause data corruption? Select all that apply.
- Hardware failure.
- Network congestion.
- Power outages or voltage fluctuations.
- Software updates.
Question 76)
What is Kerberos primarily used for in network security?
- Data compression.
- Providing public key certificates.
- Authenticating client-server applications using secret-key cryptography.
- Monitoring network traffic.
Question 77)
Which of the following can be considered a data transmission threat?
- Jamie sent an email to one of their contacts using a public Wi-Fi network, but the content of the email was altered before it reached its intended destination.
- Jamie accidentally deleted an important file while transferring it from one folder to another on their local computer.
- Jamie accidentally sends an email to the wrong recipient within the organization.
- Jamie regularly backs up their files to an external hard drive for data redundancy.
Question 78)
Which of the following can be considered as an endpoint? Select all that apply.
- Network switches and routers.
- Mobile devices such as smartphones and tablets.
- Personal computers and laptops.
- Cloud servers and data centers.
Question 79)
The _____ encryption protocol is primarily used for email message encryption.
- PGP (Pretty Good Privacy)
- SSH (Secure Shell)
- SSL (Secure Sockets Layer)
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
Question 80)
Which of the following best describes the final step in the risk management cycle?
- Quantify risks
- Identify risks
- Mitigate risks
- Monitor and review risks
Question 81)
Which of the following reasons can cause a data breach? Select all that apply.
- Vulnerabilities in an organization’s computer systems.
- Not installing VPN.
- Not updating software regularly.
- Human error.
Question 82)
You have recently downloaded a file from the internet, and your antivirus software has flagged it as potentially harmful. During a comprehensive analysis, the software is examining the file’s behavior, code structure, and potential threat indicators to determine if it poses a risk to your computer. What type of analysis is the antivirus software performing?
- Sandbox analysis
- Heuristic analysis
Forensic analysisSignature-based analysis
Question 83)
True or False: By generating a unique hash value for each file and comparing it to the original when needed, organizations can verify the integrity of their files.
- True
- False.
Question 84)
By ______ organizations can secure their remote access and internal communication channels like intranets, VPNs, and messaging applications.
employing firewalls and antivirus software- regularly changing their network passwords
- using SSL and TLS certificates
- sharing sensitive data only through encrypted emails
Question 85)
What is the primary purpose of the RADIUS protocol in network security?
- To compress data for network transmission.
- To authenticate, authorize, and account for network users.
- To provide email services.
- To facilitate web hosting.
Question 86)
The ____ encryption is generally the preferred method for encrypting large volumes of data because of its increased efficiency.
- Symmetric encryption
- Asymmetric encryption
- Transposition cipher encryption
- Substitution cipher encryption
Question 87)
True or False: The right to object is a data subject right under GDPR, which allows individuals to stop the processing of their personal data.
- True
- False
Question 88)
Organizational Units (OUs) are containers within domains that help ________ and manage resources based on administrative needs.
- organize
- dissolve
- increase
- limit
Question 89)
Which of the following evading techniques are used by modern malware? Select all that apply.
- Sandbox evasion
- Code obfuscation
- Firewall blocking
- Code signing
Question 90)
True or False: Security fixes should be installed as soon as possible.
- True
- False