Cybersecurity Threat Vectors and Mitigation Coursera Quiz Answers
In this article i am gone to share Cybersecurity Threat Vectors and Mitigation Coursera Quiz Answers with you..
Enrol Link: Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation Coursera Quiz Answers
WEEK 1 QUIZ ANSWERS
Knowledge check: Epic attacks
What is a data breach?
- Validating data.
- Stealing sensitive data.
- Processing data.
- Changing data in the database.
True or False: The Stuxnet worm was the first of its kind to impact industrial machinery.
Imagine receiving an email with a photo attachment from a friend. You proceed to download the file and click on it, but your antivirus application immediately blocks it, flagging it as a trojan. What is a trojan?
- A malicious program that presents itself as a harmless file or software.
- A safe software update from a legitimate source.
- A component of your computer’s operating system.
- A hardware malfunction in your computer.
What steps should be taken to protect your computers from trojans and viruses? Select all that apply.
- Only use Linux-based computers.
- Don’t connect your computer to the internet.
- Always update your operating system.
- Use antivirus and antimalware software.
Imagine you wake up one day and turn on your computer, only to find that you cannot open your files and documents. When you try, you receive a warning that the file cannot be opened. After a while, a popup appears on your screen, demanding money to unlock your files. What just happened?
- Your computer has been infected with ransomware.
- Your computer has a hardware failure.
- Your computer has been affected by a spam email.
- Your internet connection has been compromised.
Knowledge check: Threat vectors
What is a supply chain attack?
- The action of sending infected third-party USB devices to an organization.
- It’s a cyberattack done using third-party software vendors.
- It’s a type of DDoS attack involving all computers in the network.
- It’s a cyberattack originating from other organizations in the network.
True or False: Phishing is a subset of social engineering tactics.
What is a double extortion ransomware attack?
- Attackers encrypt the data two times.
- Attackers take ransom money and don’t deliver the decryption key.
- Attackers exfiltrate user data before encrypting it.
- Attackers double the ransom payment.
What is a threat landscape?
- The process of protecting a network against unauthorized access and attacks.
- The combination of vulnerabilities, threats, and their potential impact on an organization’s assets.
- The physical security of computer hardware.
- The analysis of network traffic to identify potential security breaches.
Which of the following statements is true about smishing and vishing?
- Smishing and vishing are interchangeable terms for the same type of social engineering attack.
- Smishing and vishing are some kinds of physical security attacks.
- Smishing is a social engineering attack involving phone calls, while vishing involves text messages.
- Vishing is a social engineering attack involving phone calls, while smishing involves text messages.
Knowledge check: Mitigation strategies
What are the benefits of multi-factor authentication? Select all that apply.
- It helps to create better passwords.
- Even if the password is leaked, it prevents someone from getting access to the user account.
- It makes it impossible to hack user accounts.
- It adds another layer of security on top of the password.
Which of the following is true about biometric security?
- They cannot be used in conjunction with other security measures.
- They are vulnerable to false acceptances and rejections.
- They require a physical object for authentication.
- They can be easily bypassed by guessing a password.
Suppose your computer is infected with ransomware, leading to the encryption of all your files. Unwilling to pay the ransom, you must find a way to retrieve your data. Which strategies are effective in accomplishing this task?
- Click on the ransomware popup to negotiate.
- Download a new antivirus software and scan your system.
- Restore files from a recent backup.
- Use system restore to revert your computer to an earlier state.
What are the benefits of using password manager software? Select all that apply.
- Eliminate the need for multi-factor authentication.
- Reduce the need to remember multiple passwords.
- Automatically generate strong, unique passwords.
- Store passwords securely in an encrypted database.
True or False: Recent versions of Windows operating systems come with free antivirus software installed.
Visit this link: Module quiz: Threats and attacks Quiz Answers
WEEK 2 QUIZ ANSWERS
Knowledge check: Encryption
What is the Caesar cipher encryption method?
- An asymmetric encryption method that uses a public-private key pair.
- A hashing algorithm used to verify the integrity of data.
- A symmetric encryption method that uses different keys for encryption and decryption.
- A substitution cipher that shifts the alphabet a fixed number of places.
What is the difference between AES and DES encryption methods?
- AES uses a larger key size than DES.
- AES is a block cipher, while DES is a stream cipher.
- DES is more secure than AES.
- AES is an older encryption method than DES.
What is SSL/TLS encryption used for?
- To secure online transactions and sensitive data exchange.
- To encrypt files and data at rest on a hard drive.
- To provide users with anonymous browsing capabilities.
- To block unwanted network traffic and prevent DDoS attacks.
How does VPN encryption help secure online communications?
- By encrypting network traffic between two or more devices.
- By providing access to restricted websites and online resources.
- By providing users with additional network bandwidth.
- By blocking incoming network traffic from unknown sources.
How does blockchain technology use encryption to ensure security?
- By restricting access to the blockchain to authorized users only.
- By using a public-private key encryption method.
- By encrypting all network traffic between nodes.
- By providing users with access to network security tools and software.
Knowledge check: Public/private and key hashing
Which of the following is an example of a public key cryptography algorithm?
What is the main difference between a digital signature and a message authentication code (MAC)?
- A digital signature is created using a public key, while a MAC is created using a symmetric key.
- A digital signature is used for encryption, while a MAC is used for decryption.
- A digital signature provides non-repudiation, while a MAC provides confidentiality.
- A digital signature is used for key exchange, while a MAC is used for data transfer.
Which of the following is an example of a hash function?
Which of the following is an example of a digital signature algorithm?
Which of the following is an example of a key exchange algorithm?
Knowledge check: Digital signing and certificates
What is the primary purpose of digital signatures?
- Increasing message readability.
- Compressing files.
- Encrypting messages.
- Authenticating the sender and ensuring message integrity.
In the context of digital certificates, what is the main function of a public key?
- Decrypting messages.
- Verifying digital signatures.
- Generating digital signatures.
- Encrypting messages.
What is the primary purpose of a Certificate Authority (CA) in the context of digital certificates?
- To generate private keys.
- To store digital certificates.
- To issue and manage digital certificates.
- To validate digital signatures.
Which of the following algorithms are typically used for generating digital signatures? Select all that apply.
Imagine that Riley prepares to send a confidential document to Morgan over a secure digital network. She wants to assure Morgan that the document is genuinely from her and hasn’t been tampered with during transmission.
In the digital signature scheme they’re using, what does Riley use to create the digital signature attached to the document?
- Riley’s private key
- Riley’s public key.
- Morgan’s public key.
- Morgan’s private key.
Knowledge check: Authentication and authorization
Which of the following statements best describes the difference between authentication and authorization?
- Authentication and authorization are the same concept and are used interchangeably.
- Authentication is a type of authorization, and authorization is a type of authentication.
- Authentication is verifying the identity of a user or system, while authorization is granting access based on user permissions.
- Authentication is granting access based on user permissions, while authorization is verifying the identity of a user or system.
Which authentication system uses digital certificates to verify the identity of a user, device, or application?
- Certificate-based authentication
Imagine you’re the head of IT at a growing tech company. Your company has been experiencing security breaches due to weak user passwords. You have been tasked with implementing multi-factor authentication to enhance security.
When considering your options, which of the following is a common factor used in multi-factor authentication? Select all that apply.
- Something you have
- Something you can guess
- Something you know
- Something you are
In the context of password storage, what is the purpose of a salt?
- To encrypt the password.
- To verify the password during the login process.
- To ensure that the same password results in different hashes for different users.
- To make the password hashing process faster.
You’re working as the IT manager for a rapidly growing tech startup. Your company is adding new internal software and tools constantly. Your employees struggle to remember their various login credentials and the IT department is flooded with password reset requests.
Which of the following benefits of a centralized authentication and authorization system could be a solution to your problem?
- It simplifies the authentication process for users.
- It makes passwords more secure.
- It increases the complexity of the system.
- It allows users to have multiple sets of credentials for different systems.
Visit this link: Module quiz: Cryptography Quiz Answers
WEEK 3 QUIZ ANSWERS
Knowledge check: Data transmission
Which of the following are valid IoT threats? Select all that apply.
- Weak authentication mechanisms.
- Strong password policies.
- Unsecure network services.
- Regular firmware updates.
What is the purpose of IoT botnets?
- To launch coordinated attacks.
- To enhance device functionality.
- To provide network segmentation.
- Coin mining.
Which of the following are true for APT attacks? Select all that apply.
- APT attacks are usually short-term and random.
- APT attacks often exploit zero-day vulnerabilities.
- APT attacks aim for quick, immediate damage.
- APT attacks are typically designed to evade detection.
Why is data encryption an essential feature of a VPN?
- It helps to speed up your internet connection.
- It changes your device’s IP address.
- It stores your data for future reference.
- It ensures your data is unreadable to potential eavesdroppers.
Charlie is sending sensitive data to Alex over the internet. However, unknown to both of them, Quinn intercepted their connection. Quinn was able to receive all the data Charlie sent to Alex and could even alter the data before sending it on to Alex. Based on the scenario above, which attack is Quinn most likely conducting?
- Man-in-the-middle (MiTM) attack
- Replay attack
- Distributed denial of service (DDoS) attack
- Brute force attack
Knowledge check: Security controls
What is the purpose of endpoint encryption in endpoint security?
- To protect data stored on endpoints from unauthorized access.
- To enforce access controls and prevent unauthorized device connections.
- To block malicious network traffic and prevent cyberattacks.
- To monitor user behavior and detect insider threats.
What are the potential disadvantages of network segmentation? Select all that apply.
- Longer configuration time.
- Higher hardware costs.
- Increased latency in network traffic.
- More bandwidth consumption.
Which of the following are the key benefits of implementing an intrusion detection and prevention system (IDPS)? Select all that apply.
- Enhanced network connectivity.
- Early threat detection.
- Data encryption.
- Enhanced incident response efficiency.
Which of the following are valid components of an IDPS? Select all that apply.
True or False: Firewall rule prioritization does not contribute to the optimization process, and monitoring and logging activities are not important for detecting potential security threats.
Knowledge check: Application updates
You’ve got an email stating that your computer software needs an update, and it includes a link that appears to be genuine. What should be your course of action? Select all that apply.
- Click on the link immediately to update the software.
- Forward the email to your friends to let them know about the software update.
- Check the official website or app for any software updates.
- Verify the email sender and the link before clicking.
In a business organization’s office, there are 50 computers. The IT department comes across news of a zero-day vulnerability in a software program they use, and there’s currently no patch or fix from the software provider. What actions should this company take? Select all that apply.
- Inform all employees about the vulnerability and instruct them not to use the software until further notice.
- Uninstall or disable the software across all systems.
- Install an older version of the software on all systems as it may not have the vulnerability.
- Assume the vulnerability won’t impact their specific systems and continue using the software.
You’re using an older version of an operating system on your computer, and you’re ok with it because everything seems to be running smoothly. Which of the following statements are true? Select all that apply.
- Your system might be at risk of getting exploited due to unpatched vulnerabilities.
- You might be missing out on performance improvements and new features.
- You can install newer hardware which will work smoother with this operating system.
- You may not have the latest security patches and updates.
In a corporate environment, employees are permitted to bring their personal devices and access company data through these devices. What potential issues might arise from this practice? Select all that apply.
- The company’s internet bandwidth will be exhausted, causing network outages.
- Employees will be less productive as they will use their own devices for personal activities.
- If a device is lost or stolen, it could lead to unauthorized access to company data.
- Malware or viruses on an employee’s device could potentially infect the company network.
- Personal devices might have security vulnerabilities that can expose company data.
True or False: In the context of a BYOD (Bring Your Own Device) policy, it is recommended not to monitor the applications that users install on their personal devices.
Visit this link: Module quiz: Network and device-based threats Quiz Answers
WEEK 4 QUIZ ANSWERS
Knowledge check: Security and compliance concepts
Which of the following standards focuses on establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS)?
- ISO 27001
- SOC 2
Sam’s website accepts online orders and processes credit card transactions. She wants to ensure the security of customer data and comply with industry regulations. Which standard should Sam consider implementing to meet these requirements?
- ISO 27001
- SOC 2
Sam is concerned about the increasing volume of customer data, financial records, and employee information as her business expands. She wants to ensure that she takes appropriate actions to protect this data and mitigate potential risks. Which of the following steps is an essential part of the risk management process that Sam should undertake to avoid legal implications?
- Refraining from creating backup data to avoid unnecessary costs.
- Ignoring the risks until they turned into actual issues.
- Implementing a formal risk management process.
- Storing all the data on a single server to simplify the IT infrastructure.
Sam owns an ice cream business in Europe and has recently launched a new website for online orders. Customers can register an account on the website, place orders, and share their personal data such as names, addresses, phone numbers, and credit card information. Sam is excited about the increasing customer base but has not yet implemented any specific data protection measures.
Which of the following scenarios represents a violation of the General Data Protection Regulation (GDPR)?
- Sam decides to share her customer list, including personal data, with a third-party marketing company without seeking any consent from her customers.
- Sam implements encryption for stored customer data and transactions to increase the security of her customers’ personal data.
- Sam ensures that customers can request access to their personal data stored by her business and can also request data deletion.
Sam’s ice cream business is booming, and she decides to introduce a new program where customers can earn rewards based on their purchases. As part of this program, she plans to collect health-related information from customers, like their fitness activities and dietary preferences, to offer tailored healthy ice cream options. She has recently learned about the Health Insurance Portability and Accountability Act (HIPAA) and is concerned about the potential implications of collecting this health-related information.
Which of the following actions should Sam take to ensure she is compliant with HIPAA?
- Ignore the concept of HIPAA, as it only applies to healthcare providers and insurance companies.
- Implement robust security measures for data protection and provide information to her customers about how their data will be used, ensuring transparency and compliance with HIPAA.
- Proceed without concern, HIPAA doesn’t apply to small businesses.
- Collect health-related information but store it on her personal computer to ensure its safety.
Knowledge check: ID and Active Directory
Sam wants to set up a system that enables her employees to access the resources they need to do their jobs securely, but she also wants to prevent unauthorized access. Which of the following would be the primary goal of such an identity management system in Sam’s business?
- To protect business and employee data from being accessed by third-party applications.
- To ensure that only authorized individuals can access appropriate resources at the right times and for the right reasons.
- To allow employees to change their personal information in the business system whenever they want.
- To ensure all employees can access any business-related information at any time.
Sam uses a variety of software tools to manage inventory, payroll, customer relations, and sales in her ice cream business. She finds it challenging to remember the different passwords for each of these tools. She’s considering implementing a new system to make this easier. What would be the main advantage for Sam if she decided to use a Single Sign-On (SSO) system?
- It would ensure that Sam’s user accounts across all tools cannot be hacked.
- It would provide extra layers of security for Sam by asking for additional verification for each tool.
- It would allow Sam to access all her business tools using a single set of credentials.
- It would require Sam to remember multiple passwords for her various accounts.
What is the primary role of Group Policy within an Active Directory framework?
- To enable the dispatch of emails to users.
- To uphold the optimal performance of the server.
- To preserve user data.
- To regulate and manage the operational environment of user accounts and computer accounts.
Which of the following is the primary function of Azure AD?
- To serve as a cloud-based identity and access management service.
- To perform vulnerability scanning on the network.
- To provide cloud storage for user data.
- To host web applications.
In the context of Azure Active Directory, what does the term “Federation” refer to?
- The process of replicating data across different regions in Azure.
- The process of performing backups in Azure.
- The process of establishing trust between two or more domains to allow users to access resources across these domains.
- The process of implementing firewalls and security groups in Azure.
Knowledge check: Defense models
Sam decides to enhance her company’s security system. A cybersecurity consultant recommends implementing the Zero Trust Model. Which of the following implementation scenarios best represents the Zero Trust Model in Sam’s business?
- Sam installs a robust firewall system, thereby creating a barrier to external threats while fully trusting all the internal network traffic.
- Sam verifies the identity of every user outside the network while all users already inside the network are fully trusted.
- Sam uses encrypted communication channels for transferring sensitive information, assuming trust only for encrypted channels.
- Sam allows access to the systems only after verifying the identities of all users, irrespective of their location (inside or outside the network).
Sam hires a cybersecurity team for ongoing security operations and monitoring. Which of the following scenarios best explains the significance of this move in safeguarding her organization?
- The cybersecurity team should keep checking for any network breaches periodically, say once a month, and take necessary action only when a threat is detected.
- The cybersecurity team’s job is to install a powerful antivirus software simply, and then they can sit back and relax, as the software will take care of all the threats.
- The cybersecurity team should constantly monitor and analyze the organization’s networks and systems, detect any anomalies or threats, respond to them immediately, and adapt the security measures as needed.
- The cybersecurity team should focus solely on external threats, as those are the only significant risks to the organization’s network and systems.
You have been hired to review an organization’s security measures related to access to its infrastructure. Which measure would you prioritize?
- Ensuring data redundancy.
- Implementing perimeter firewalls.
- Strengthening access controls.
- Employing one-way hashing algorithms.
You are the lead developer of a new application and are concerned about data security. Which step would you take to ensure the application is secure?
- Ensuring geographical dispersal of resources.
- Secure application development.
- Implementing network segmentation.
- Implementing DDoS protection.
As a data security officer, your company’s database has just been breached. Which layer of the defense in depth strategy has been compromised?
- Physical security
Visit this link: Module quiz: Security, compliance and identity Quiz Answers
WEEK 5 QUIZ ANSWERS
Visit this link: Self-review: Security strategy Quiz Answers