Cybersecurity Threat Vectors and Mitigation Quiz Answers + Review

In this article, I’m sharing my thoughts and review of the Cybersecurity Threat Vectors and Mitigation course, along with all the quiz answers to help fellow learners.

Just finished the Coursera course “Cybersecurity Threat Vectors and Mitigation”? You’re in the right place! This course is part of the Microsoft Cybersecurity Analyst Professional Certificate and provides a solid understanding of today’s active threat landscape, types of cyber attacks, encryption methods, and compliance concepts.

Whether you’re preparing for the Microsoft SC-900 exam or just beginning your cybersecurity journey, this course is a helpful step forward — and I’ve got the answers to guide you through it!

Module quiz: Threats and attacks Quiz Answers

Question 1)
What are the disadvantages of full backups? Select all that apply.

• Requires more frequent backups.
• Takes longer to complete compared to other backup methods.
• Takes less time to restore than incremental backups.
• Consumes a significant amount of storage space.

Question 2)
What are the benefits of full disk encryption? Select all that apply.

• Prevents unauthorized access to storage.
• Prevents data theft even if the physical device is stolen.
• Prevents Ransomware attack.
• Makes computer work faster.

Question 3)
Which of the following are used by antimalware applications to detect malware programs? Select all that apply.

• Sandbox analysis
• Behavioral analysis
• Heuristic analysis
• Attachment file name

Question 4)
You received an email stating that you haven’t changed your Outlook password in some time. The email contains a link to go to the Microsoft Outlook website to update your password directly. So, you clicked on the link and changed your password. The next morning you cannot log into your Outlook anymore.

Which of the following statements are true? Select all that apply.

• You were the victim of a spam email attack.
• You were a victim of a social engineering attack.
• You were a victim of a phishing attack.
• You were the victim of a malware attack.

Question 5)
In a _______attack, cybercriminals send tailored emails or messages to high-profile executives in an organization. Select all that apply.

• Spear phishing
• Whaling
• Cold calling
• Baiting

Question 6)
What is the role of a command-and-control center in a malware lifecycle?

• Remove malware from infected systems
• Monitor network traffic for suspicious activities
• Coordinate and control the infected systems
• Encrypt and decrypt sensitive information

Question 7)
True or False: Some malware can take advantage of the vulnerabilities found in hardware like computer processors.

• True
• False

Question 8)
A(n) _____ is used to distribute other vulnerabilities in an infected system.

• Rootkit
• Botnet
• Exploit kit
• Trojan

Question 9)
Which of the following reasons made Stuxnet a significant malware?

• It spread very widely
• It was the first of its kind to attack industrial systems
• There was no solution to the Stuxnet worm
• It caused significant damage to network computers

Question 10)
True or False: Viruses and worms can self-replicate.

• True
• False

Question 11)
What are the benefits of incremental backup? Select all that apply.

• Saves storage space compared to full backups.
• Eliminates the need for full backups.
• Decreases the time required for data recovery.
• Faster backup process.

Question 12)
True or False: Full disk encryption makes your computer significantly slower.

• True
• False

Question 13)
Which of the following protections are offered by modern antimalware programs? Select all that apply.

• Recover encrypted files from ransomware
• Web protection
• File protection
• Spam protection

Question 14)
______ is a type of phishing attack where the victim is tricked using voice calls

• Vishing
• Smishing
• Social engineering
• Pretexting

Question 15)
In a _______attack, cybercriminals send tailored emails or messages to high-profile executives in an organization. Select all that apply.

• Spear phishing
• Baiting
• Cold calling
• Whaling

Question 16)
True or False: All malware maintains communication with a command-and-control center to execute instructions or exfiltrate data.

• True
• False

Question 17)
In early 2018, there were some critical vulnerabilities, called Meltdown and Spectre, that were discovered in processors from reputed chip companies. Which of the following statements are true about these vulnerabilities? Select all that apply.

• Meltdown and Spectre only affect mobile devices.
• Meltdown and Spectre exploit hardware vulnerabilities in processors.
• Meltdown and Spectre can only be exploited through software.
• Meltdown and Spectre affect only Intel processors.

Question 18)
True or False: rootkits are a type of malware that can hide their presence or activities on an infected system.

• True
• False

Question 19)
Which of the following malware causes significant damage to industrial systems?

• Melissa
• Stuxnet
• Code Red
• Conficker

Question 20)
A _______ can self-replicate and spread, while a ______ cannot. Select all that apply.

• Virus, Worm
• Virus, Trojan
• Trojan, Virus
• Worm, Trojan

Question 21)
_________ is a full disc encryption software that comes with recent Windows operating systems.

• Veracrypt
• GPG
• Bitlocker
• FileVault

Question 22)
True or False: Phishing is a subset of social engineering attacks

• True
• False

Question 23)
Consider a scenario where cybercriminals have found that employees in an organization frequently visit a particular website for their daily work. To install the malware in the computers of that organization, cybercriminals infect the website with the expectation that some employees will fall for this trap, allowing the cyber criminals to install malware on their computers. What type of attack is this?

• Pretexting
• Quid Pro Quo
• Watering hole attack
• Whaling

Question 24)
Which of the following malware is specially designed to hide successfully in an infected computer?

• Worms
• Rootkits
• Trojans
• Exploit kit

Question 25)
Malware receives an update or transfers exfiltrated data using ___________________

• Rootkit
• Other malware
• A Command-and-control center
• Rogue access points

Question 25)
True or False: Worms are usually spread by exploiting vulnerabilities in operating systems and software applications to gain access to computer systems.

• True
• False

Question 26)
True or False: In sandbox analysis mode cybersecurity professionals run malware programs in a controlled environment to observe their behavior to easily detect them in the future.

• True
• False

Question 27)
True or False: in baiting attacks the cybercriminals drop items like USB drives labeling them with interesting titles, hoping that someone will pick it up and run what’s inside and install the malware.

• False
• True

Question 28)
True or False: You should always take full backups to ensure better data recovery.

• True
• False

Question 29)
What is the main difference between a virus and a trojan?

• Viruses are more harmful than trojans.
• A virus can be easily detected and removed, while a trojan is more difficult to detect.
• A virus can only be transmitted through email, while a trojan can be transmitted through various means.
• A virus can self-replicate and spread, while a trojan cannot.

---

Module quiz: Cryptography Quiz Answers

Question 1)
Sam wants to securely communicate with a new supplier, but they haven’t agreed on a shared key beforehand. Which type of encryption should they use?

• Caesar Cipher
• Symmetric encryption
• Asymmetric encryption

Question 2)
The Data Encryption Standard (DES) is a less secure encryption algorithm than the Advanced Encryption Standard (AES).

• True
• False

Question 3)
True or False: VeraCrypt and TrueCrypt are encryption tools that are used to encrypt entire hard drives, and they do not have the functionality to encrypt individual files or folders.

• True
• False

Question 4)
Ashley and Tim are communicating over an insecure network. They want to establish a shared secret key without exposing it to potential eavesdroppers. Which asymmetric key encryption algorithm should they primarily consider for this purpose?

• Elliptic curve cryptography.
• RSA algorithm.
• Diffie-Hellman algorithm.

Question 5)
A company stores user passwords in plaintext in their database. After a data breach, the company decides to enhance the security of their password storage. Which technique should they implement to ensure that even if two users have the same password, their hashes stored in the database will be different?

• Implementing the MD5 hashing algorithm.
• Implementing salting before hashing.
• Implementing SHA-256 hashing algorithm.

Question 6)
What is the primary purpose of Digital signing?

• To encrypt messages for secure communication.
• To authenticate digital documents or messages and ensure their integrity by using cryptographic techniques such as RSA and ECDSA.
• To compress files for storage.

Question 7)
True or False: SSL certificates are used exclusively for securing web transactions on e-commerce websites.

• True
• False

Question 8)
Signed URLs can only be used for secure file sharing and cannot be used for controlling access to API endpoints.

• True
• False

Question 9)
A centralized authentication and authorization system can enhance security, improve efficiency, ensure consistency, and allow for better scalability.

• True
• False

Question 10)
Acme Corporation is looking for an authentication and authorization protocol to allow their users to log in once and gain access to multiple systems, applications, or services without having to log in again. Which protocol should Acme Corporation consider using?

• OAuth
• SAML (Security Assertion Markup Language)
• OpenID Connect

Question 11)
Which of the following encryption techniques did Julius Caesar use to communicate with his generals?

• Symmetric Encryption
• Asymmetric Encryption
• Caesar Cipher

Question 12)
What is the Advanced Encryption Standard (AES), and how does it secure data transmission?

• AES is an outdated encryption standard that was replaced by RSA.
• AES is an asymmetric encryption algorithm that uses two different keys to encrypt and decrypt data.
• AES is a symmetric encryption algorithm that encrypts data in blocks and uses the same key for both encryption and decryption.

Question 13)
Which encryption tool uses a combination of symmetric and asymmetric encryption to secure email communication and can also be used to encrypt files and folders?

• Bitlocker
• VPN
• PGP (Pretty Good Privacy)

Question 14)
Which hashing algorithm is considered highly secure against collision attacks and is widely adopted for applications that require high levels of security?

• MD5
• Salting
• SHA-256

Question 15)
An online retailer wants to ensure the integrity of electronic invoices and receipts sent to customers and to protect consumers from counterfeit products or fraudulent transactions. Which technology should the retailer employ?

• Digital signatures
• Public key encryption
• File compression

Question 16)
Alice receives an email from her bank asking her to log in to her account to verify her information. She is concerned about phishing and wants to ensure the email is genuinely from her bank. What should she check to verify the authenticity of the email sender?

• Check if the email is digitally signed using a certificate.
• Check if the email contains a link to the bank’s website.
• Check for spelling errors in the email.

Question 17)
What is the primary difference between authentication and authorization in the context of access control?

• Authentication and authorization are synonymous and have no difference.
• Authentication is verifying the identity of a user, while authorization determines what actions or resources an authenticated user can access.
• Authentication allows users to perform actions within a system, while authorization verifies the identity of users.

Question 18)
Which centralized authentication system uses secret-key cryptography and involves an exchange with an Authentication Server (AS) and a Ticket-Granting Service (TGS)?

• Kerberos
• RADIUS
• OAuth

Question 19)
The RSA algorithm is based on the mathematical properties of even numbers.

• True
• False

Question 20)
Digital signatures are the same as digital certificates, and they are used for encrypting communication.

• True
• False

Question 21)
Which of the following statements correctly describes the role of Certificate Authorities (CAs) in the context of digital certificates?

• Certificate Authorities (CAs) are responsible for encrypting data transmitted over the internet.
• Certificate Authorities (CAs) are trusted organizations that validate and issue digital certificates, ensuring the authenticity of the certificate holder’s identity.
• Certificate Authorities (CAs) are databases that store sensitive information for websites and services.

Question 22)
Sam has opened multiple branches and is finding it difficult to manage access controls for each branch individually. Which solution should she adopt to manage access controls more efficiently across all branches?

• She should disregard access controls to save time and effort.
• She should assign a manager at each branch to handle access controls individually.
• She should implement a centralized authentication and authorization system to manage access controls from a single location.

Question 23)
Asymmetric encryption uses a shared secret key to encrypt and decrypt data.

• True
• False

Question 24)
The Data Encryption Standard (DES) is a less secure encryption algorithm than the Advanced Encryption Standard (AES).

• True
• False

Question 25)
Sam’s Scoops stores customer data. Sam wants to ensure that only authorized parties can access this data, even if someone has physical access to the company’s computers. Which encryption tool should Sam use to encrypt the entire hard drive of the business’ computers, including the operating system and all user data?

• PGP (Pretty Good Privacy)
• VPN (Virtual Private Network)
• Bitlocker or FileVault

Question 26)
Salting involves adding a random value to a password before hashing, and this makes it harder for attackers to use precomputed hash tables to crack passwords.

• True
• False

Question 27)
John is a software developer who needs to provide temporary access to a confidential document for his client. He wants to make sure that only his client can access the document and that the access expires after 24 hours. Which technique should John use to achieve this?

• Upload the document to a public cloud storage service.
• Generate a signed URL with an expiration time of 24 hours and share it with the client.
• Share the document via email.

Question 28)
Sam wants to ensure that the online transactions made by customers on the business website are secure. Which encryption protocol should Sam use to secure communication between the web server and the client’s browser?

• SSL/TLS
• Advanced Encryption Standard (AES)
• RSA encryption

Question 29)
What is the primary purpose of using public key encryption?

• To compress data for faster transmission.
• To securely transmit data over unsecured networks using a pair of keys, one public and one private.
• To hide the existence of data transmission.

Question 30)
What is one of the key benefits of using signed URLs?

• Sharing the secret key with the end user for transparency.
• Increased security by requiring a valid signature to access protected resources.
• Allowing unlimited access to the resources for all users.

Question 31)
Microsoft’s Identity Platform, as an IDaaS, does not support single sign-on (SSO) which allows users to authenticate once and gain access to multiple applications and resources.

• True
• False

---

Module quiz: Network and device-based threats Quiz Answers

Question 1)
Jamie is a remote worker who often uses a neighboring coffee shop’s free Wi-Fi to send or receive files and communicate with coworkers. One day, Jamie realized some emails had not been sent and did not appear in the sent folder, while coworkers reported receiving odd emails from Jamie. Which of the following attacks could Jamie be a victim of?

• Man-in-the-middle attack
• Replay attack
• Data exfiltration
• Brute force attack

Question 2)
True or False: A replay attack involves an attacker retransmitting captured data in order to trick a system into granting unauthorized access.

• True
• False

Question 3)
When choosing a VPN service, what factors should be considered to ensure it meets your specific needs?

• The cost, security features, server locations, and privacy policy of the VPN.
• Only the number of server locations.
• Just the cost of the service.
• Only the security features of the VPN.

Question 4)
Which of the following scenarios is most likely to involve an advanced persistent threat (APT) attack?

• A user’s personal computer is infected with ransomware that locks their files and demands payment.
• An individual receives a single phishing email trying to scam them into sending money.
• A major corporation notices suspicious activity over a prolonged period, including unusual network traffic, increased failed login attempts, and modifications to user privileges.
• A small business’s website is defaced by a hacker.

Question 5)
True or False: Regularly updating the firmware of your IoT devices automatically guarantees that they are fully protected against all possible cybersecurity threats.

• True
• False

Question 6)
You’re working as a network security officer in a large organization. The current network infrastructure includes several servers, hundreds of office computers, an array of smartphones used by field employees, and a variety of IoT devices (like smart TVs, printers, and cameras). Your task is to improve network security. Which of the following is the best strategy for network segmentation?

• Group all devices based on their physical location in the organization.
• Separate the network into two segments: one for servers and office computers, and another for smartphones and IoT devices.
• Segment the network into four groups: servers, office computers, smartphones, and IoT devices.
• Keep the network as a single segment for easier management.

Question 7)
Imagine an organization experiences a sudden increase in network traffic and suspicious activity. The IT team notices anomalies in user behavior and multiple failed login attempts. Which component of an intrusion detection and prevention system (IDPS) would be responsible for recognizing these patterns and identifying potential threats?

• Database
• Sensors
• Analyzers
• User Interface

Question 8)
In which of the following scenarios does endpoint security play a crucial role? Select all that apply.

• An organization implements strict physical access controls and surveillance cameras in their data center.
• An employee unknowingly clicks on a malicious email attachment, resulting in a ransomware infection that spreads across the organization’s network.
• An employee accidentally spills coffee on a company-issued smartphone, causing it to malfunction.
• A remote worker connects to the company’s network using their personal laptop from a coffee shop.

Question 9)
True or False: Regularly adding more rules to the firewall and allowing all outgoing traffic by default are efficient strategies for firewall optimization.

• True
• False

Question 10)
Imagine a scenario where employees are allowed to use their personal devices for work purposes. Which of the following are potential risks that organizations should consider when implementing a Bring Your Own Device (BYOD) policy?

• Data security and privacy concerns.
• Cost savings for the organization.
• Compatibility issues between different devices and operating systems.
• Enhanced employee productivity and satisfaction.

Question 11)
True or False: One type of threat to data transfer is data exfiltration.

• True
• False

Question 12)
True or False: A replay attack involves an attacker retransmitting captured data in order to trick a system into granting unauthorized access.

• True
• False

Question 13)
Which VPN protocol is known for providing the highest level of security due to its use of strong encryption techniques?

• L2TP
• PPTP
• OpenVPN
• IKEv2

Question 14)
True or False: APT attacks always result in immediate and noticeable harm to the target system or network.

• True
• False

Question 15)
True or False: Intrusion Detection and Prevention Systems (IDPS) can only detect and prevent external attacks on a network.

• True
• False

Question 16)
In which of the following scenarios does endpoint security play a crucial role? Select all that apply.

• An employee accidentally spills coffee on a company-issued smartphone, causing it to malfunction.
• An organization implements strict physical access controls and surveillance cameras in their data center.
• A remote worker connects to the company’s network using their personal laptop from a coffee shop.
• An employee unknowingly clicks on a malicious email attachment, resulting in a ransomware infection that spreads across the organization’s network.

Question 17)
As a network administrator, you’ve noticed that your firewall is causing latency issues and slowing down network traffic. What is the best practice to optimize your firewall in this scenario? Select all that apply.

• Disable the firewall.
• Add more rules to the firewall.
• Regularly audit the firewall and remove outdated or redundant rules.
• Prioritize rules based on their importance.

Question 18)
Imagine a scenario where employees are allowed to use their personal devices for work purposes. Which of the following are potential risks that organizations should consider when implementing a Bring Your Own Device (BYOD) policy?

• Cost savings for the organization.
• Enhanced employee productivity and satisfaction.
• Compatibility issues between different devices and operating systems.
• Data security and privacy concerns.

Question 19)
Consider a situation where Joey, a bank employee, frequently uses an application to authorize financial transactions. The application requires you to enter a unique passcode sent through email each time you log in. One day, Joey notices multiple unauthorized transactions from the same account, each using the same passcode they had used for a previous legitimate transaction. Based on this scenario, which data transmission threat is most likely being exploited?

• Eavesdropping
• Brute force attack
• Man-in-the-middle attack
• Replay attack

Question 20)
Jerry frequently travels for work and often uses public Wi-Fi at airports and coffee shops to access sensitive company data. What should Jerry use to ensure their data is secure during transmission?

• Virtual private network (VPN)
• Anti-virus software
• Firewall
• Incognito mode in a browser

Question 21)
You’ve set up a series of video surveillance cameras in your home without implementing any security measures. One day while monitoring the network, you discovered that these cameras are regularly sending traffic to unknown external IP addresses. What could be the reason?

• The cameras automatically update their firmware.
• The cameras are transferring data to other IoT devices in the house.
• The cameras are backing up data to cloud storage.
• The cameras have been compromised and are part of a botnet.

Question 22)
Why is network segmentation important for an organization’s network security?

• Network segmentation makes the network easier to manage.
• Network segmentation is important because it allows every device to communicate with each other without restrictions.
• Network segmentation is always required.
• Network segmentation improves security by limiting the spread of threats and reducing the attack surface.

Question 23)
Why is endpoint security extremely important for an organization?

• To protect sensitive data from unauthorized access and data breaches.
• To defend against insider threats and employee misconduct.
• To ensure uninterrupted network traffic and infrastructure stability.
• To prevent physical theft of company assets and equipment.

Question 24)
Which of the following are common threats to data transmission? Select all that apply.

• Man-in-the-middle attacks
• Data exfiltration
• Phishing
• Eavesdropping

Question 25)
For a network administrator seeking to capture and analyze network packets to troubleshoot a problem, which of the following tools is most suitable? Select all that apply.

• Firewall
• Wireshark
• Ettercap
• The Router

Question 26)
What are some of the prevention strategies that can be effective against advanced persistent threat (APT) attacks? Select all that apply.

• Keeping the entire network connected and without segmentation.
• Educating users about the dangers of phishing and how to identify suspicious emails.
• Ignoring unusual network activity as a minor glitch.
• Regularly updating and patching systems.

Question 27)
Which of the following statements about IoT botnets is correct? Select all that apply.

• IoT botnets are primarily made up of computing devices like desktops and laptops.
• IoT devices cannot be attacked easily when they are behind firewalls.
• IoT botnets are used to carry out distributed denial-of-service (DDoS) attacks.
• The Mirai botnet is an example of an IoT botnet.

Question 28)
True or False: Endpoint security solely focuses on protecting desktop computers and laptops within an organization.

• True
• False

Question 29)
True or False: Network segmentation only serves to increase network performance and has no impact on security.

• True
• False

Question 30)
What is the role of sensors in an intrusion detection and prevention system (IDPS)?

• Managing user access and permissions.
• Capturing and monitoring network traffic.
• Analyzing patterns and behaviors.
• Storing known attack signatures.

Question 31)
Which of the following steps are valid to optimize the firewall? Select all that apply.

• Regularly update firewall software.
• Implement monitoring and logging.
• Increase the number of firewall rules to improve security.
• Allow all incoming connections to reduce firewall load.

Question 32)
Which of the following are the benefits when an organization implements a BYOD policy? Select all that apply.

• Improved productivity and efficiency.
• Decreased security risks and data breaches.
• Increased device standardization and control.
• Increased employee satisfaction and morale.

Question 33)
True or False: Implementing app whitelisting and blacklisting processes is recommended when enabling a BYOD policy for employees.

• True
• False

---

Module quiz: Security, compliance and identity Quiz Answers

Question 1)
True or False: Security compliance is only important for businesses that operate internationally.

• True
• False

Question 2)
A pharmaceutical company is trying to develop a new drug and needs to manage the risks involved in its development process, as well as ensure that it adheres to all relevant regulations. Which process should the company implement?

• Focus only on risk management.
• Focus only on compliance management.
• Implementing both Risk Management to identify and mitigate risks and Compliance Management to adhere to relevant regulations.

Question 3)
According to the GDPR, processing of personal data is always unlawful.

• True
• False

Question 4)
The GDPR only considers browser cookies as personal data if the user explicitly provides their name and contact information.

• True
• False

Question 5)
A cloud-based service provider wants to assure its customers that it has effective controls in place to safeguard data privacy and security. Which auditing procedure should the cloud-based service provider undergo to demonstrate this assurance?

• PCI-DSS
• SOC 2
• HIPAA

Question 6)
An organization wants to simplify user access and provide a smoother user experience by allowing users to use a single digital identity to access resources across multiple security domains. Which concept should the organization implement?

• Active Directory
• Access Control
• Identity Federation

Question 7)
Which of the following best describes the role of Active Directory (AD) in identity management?

• AD is used for website development.
• AD is used for managing individual identifiers.
• AD is used for data storage and backup.

Question 8)
Single sign-on (SSO) technology increases the number of passwords a user needs to remember.

• True.
• False.

Question 9)
What are the three principles guiding the layered security approach known as defense in depth?

• Password protection, data encryption, and email security.
• Network segmentation, DDoS protection, and firewall implementation.
• Confidentiality, Integrity, and Availability.

Question 10)
In the Zero Trust Model, trust is assumed once you are inside the network.

• True.
• False.

Question 11)
What is the primary difference between risk management and compliance?

• Risk management involves identifying and mitigating risks, while compliance involves ensuring adherence to laws, regulations, and ethical standards.
• Risk management involves identifying risks while compliance involves adhering to a specific set of rules.
• Risk management is an optional process while compliance is mandatory for all organizations.

Question 12)
What is one of the rights provided to individuals by the General Data Protection Regulation (GDPR) regarding their personal data?

• Right to unlimited data storage
• Right to erasure (right to be forgotten)
• Right to free services

Question 13)
According to the General Data Protection Regulation (GDPR), what must companies do before storing or accessing cookies on a user’s computer?

• They must obtain explicit and informed consent from the user.
• They must store cookies without informing the user.
• They can store cookies as long as they inform the user within 30 days.

Question 14)
Which cybersecurity standard is developed and published by the International Organization for Standardization and focuses on establishing an Information Security Management System (ISMS) through a risk-based approach?

• SOC 2
• PCI-DSS
• ISO 27001

Question 15)
What does identity refer to within the information security world?

• The distinctive representation of a user or system within a network.
• The hardware ID of a device.
• The name of an individual.

Question 16)
Sara is an IT administrator at a mid-sized company and is considering implementing single sign-on (SSO) to improve security and efficiency. She is aware that SSO has some potential drawbacks. Which of the following measures should Sara consider implementing to mitigate the risk of a single point of failure in SSO?

• Sara doesn’t need to worry as SSO is inherently secure.
• Share the SSO credentials with only a select few in the organization.
• Implement multi-factor authentication (MFA) and regularly update security protocols.

Question 17)
Damon owns a chain of clothing shops. He has been a victim of theft and corporate espionage by employees and suppliers. He wants to secure his business based on the Zero Trust Model. Which of the following practices aligns with the Zero Trust Model principles?

• Damon checks IDs at the entrance and allows free access within the store once verified.
• Damon provides all employees with unrestricted access to all areas of the store but installs security cameras.
• Damon installs security cameras, requires identity verification for accessing sensitive areas, and limits access rights to only what is necessary for an employee’s specific task.

Question 18)
An e-commerce company operating in Europe and the United States is looking to ensure that they are compliant with data security laws. Which of the following should they consider as part of their compliance strategy?

• Ensuring compliance with GDPR in Europe and being attentive to local data protection regulations in the United States.
• Ensuring compliance with GDPR in Europe but ignoring HIPAA as they are not a healthcare company.
• Ensuring compliance with local data protection regulations in the United States but disregarding GDPR as they are not based in Europe.

Question 19)
Which of the following is true about using single sign-on (SSO) technology? Select all that apply.

• Improved user convenience.
• Increased number of passwords to remember.
• Increased complexity of authentication process.
• Reduced password-related issues.

Question 20)
A risk heat map is a tool used in compliance management to ensure adherence to laws and regulations.

• True
• False

Question 21)
XYZ Corp, a US-based company, offers online services to customers in Europe. Which of the following statements is true regarding XYZ Corp’s obligation to comply with GDPR?

• XYZ Corp does not need to comply with GDPR because it is based in the US.
• XYZ Corp must comply with GDPR.
• XYZ Corp only needs to comply with US data protection laws.

Question 22)
Sarah visits an online store for the first time. Before she can browse the items, a pop-up appears informing her that the site uses cookies and provides options for her to accept, reject, or customize the level of cookies she is comfortable with. What regulation makes this transparency and consent necessary?

• The General Data Protection Regulation (GDPR).
• The Browser Transparency Act.
• The Cookie Consumption Law.

Question 23)
Alice is an IT administrator who uses Active Directory (AD) to manage user accounts and computers within her company’s network. She wants to enforce a security policy that requires all computers within the network to have the latest antivirus software installed. Which feature of AD should she use to efficiently apply this policy to all computers?

• Manually installing antivirus software on each computer.
• Creating individual user accounts for each computer.
• Using Group Policies to define and enforce settings across multiple computers.

Question 24)
Defense in depth is a security strategy that relies on one strong layer of protection.

• True
• False

Question 25)
PCI-DSS is a cybersecurity standard that primarily focuses on the protection of patients’ medical records and other health information.

• True
• False

Question 26)
Active Directory (AD) employs Access Control Lists (ACLs) to implement authorization, which defines who has access to objects in the directory and what operations they can perform.

• True
• False

Question 27)
What is one of the guiding principles of the Zero Trust Model?

• Assume everything inside the network is safe.
• Trust but verify.
• Verify explicitly.

Question 28)
Your organization is migrating its data to Azure cloud services. As a security consultant, you have been tasked with implementing a defense in depth strategy. Which of the following layers would you consider crucial in your security strategy?

• Focus only on physical security.
• Focus only on data protection.
• Consider data protection, application security, compute security, network security, perimeter security, identity and access, and physical security.

Question 29)
Active Directory primarily serves as a user authentication and authorization service.

• True
• False

---

Self-review: Security strategy Quiz Answers

Question 1)
You conducted a security analysis for Sam. You had to identify all potential threats, internal and external, that Sam’s Scoops might face. What were the main objectives that you took into account while conducting the analysis?

• Designing a comprehensive data protection strategy and implementing MFA measures.
• Creating an incident response plan and proposing a plan for continuous monitoring.
• Decreasing the cost of IT infrastructure.
• Identifying potential threats, assessing risks, and formulating countermeasures.

Question 2)
At which step in the security strategy report creation process did you consider prioritizing threats based on their potential impact and likelihood of occurrence?

• Design a comprehensive data protection strategy.
• Develop countermeasures for each threat.
• Evaluate risks.

Question 3)
What is the purpose of developing countermeasures for each identified threat in the security strategy report?

• To assess the likelihood of each threat occurring.
• To mitigate risks and minimize the potential impact of each threat.
• To identify potential vulnerabilities and attack vectors.

Question 4)
What does a comprehensive data protection strategy typically encompass?

• Technological solutions only.
• Secure data storage and transmission, regular data backups, and robust access control measures.
• Employee training and policy changes only.

Question 5)
What is the purpose of an incident response plan in the security strategy report?

• To enable effective response and recovery from security incidents, and to prevent future occurrences.
• To identify potential threats and vulnerabilities.
• To prioritize threats based on their potential impact and likelihood of occurrence.

Question 6)
Sam’s Scoops allows their employees to use their personal devices in the shop. As part of developing the security strategy, you implemented a BYOD policy. What would be a primary security enhancement for this policy?

• Implementing log monitoring
• Implementing network segmentation.
• Enabling full disk encryption on all devices.

Question 7)
When you created the Phishing avoidance strategy, what was the primary solution for your strategy?

• Response protocols.
• Email filters and anti-malware software.

Question 8)
Several employees have installed unapproved software on their work computers. What is the most appropriate action you could take?

• Uninstall the unauthorized applications without notifying the employees involved.
• Ignore the issue if the applications are not harmful.
• Dispatch a company-wide email reiterating the policy against unauthorized applications.
• Identify the employees using unauthorized applications, inform them individually, and remove the applications.

Question 9)
Have you developed a continuous improvement plan for Sam’s Scoops’ security strategy?

• Yes, my plan includes regular security audits, employee training, and periodic review of security policies and procedures.
• I didn’t think a continuous improvement plan was necessary.

Question 10)
Does your plan consider the business context, including regulatory requirements and Sam’s Scoops’ rapid growth?

• My plan focuses on technical security measures and doesn’t consider the business context.
• My plan considers the business context, including regulatory requirements and the company’s rapid growth.

---

Course quiz: Cybersecurity threat vectors and mitigation Quiz Answers

Question 1)
What is the main benefit of incremental backup over full backup?

• It only backs up the changed data since the last backup.
• It offers better data compression and deduplication.
• It provides a more comprehensive backup of all data.
• It allows for faster data restoration in case of a failure.

Question 2)
True or False: Human error is one of the major causes of data breaches.

• True
• False

Question 3)
As a cybersecurity specialist, you discovered that most of the computers in your organization are showing similar abnormal activities. Some of these computers in the network are not even connected to the internet, yet they got infected by malware. What could be the issue here? Select all that apply.

• They got infected by a worm.
• They got infected by a virus.
• They got infected by a trojan.
• They are suffering from a bug in the operating system.

Question 4)
True or False: Stuxnet is considered the groundbreaking malware that showcased its ability to attack industrial systems and cause significant damage.

• True
• False

Question 5)
A company has fallen victim to a ransomware attack, and the attackers have encrypted their important files. The attackers are demanding a ransom in cryptocurrency to provide the decryption key. What is the recommended course of action for the company? Select all that apply.

• Disconnecting all affected systems from the network and isolating them to prevent the further spread of the ransomware.
• Restoring the affected systems from clean backups and strengthening cybersecurity measures.
• Reporting the incident to law enforcement and providing any available information about the attackers.
• Immediately paying the ransom to regain access to the encrypted files quickly.

Question 6)
A cybersecurity analyst team found a new malware that can change its size and its code regularly. However, the code is not encrypted. What type of malware is it?

• Fileless malware
• Ransomware
• Polymorphic malware
• Metamorphic malware

Question 7)
Jamie accidentally deleted an important file containing personal data from their computer. Jamie needs to recover the file to meet a deadline but didn’t have a backup. What would be the best course of action for Jamie to attempt personal data recovery? Select all that apply.

• Stop using the computer and try using file recovery software.
• Consult a professional data recovery service.
• Check external storage devices or cloud storage for a copy of the deleted file.
• Recreate the file from scratch.

Question 8)
Which of the following strategies should you follow to keep your personal data secure? Select all that apply.

• Regularly update your operating system and software applications.
• Use common and easily guessable passwords for all your accounts.
• Install multiple antivirus software for better protection.
• Regularly back up your data to an external hard drive or a cloud storage system.

Question 9)
What is the main difference between heuristic analysis and behavioral analysis in the context of cybersecurity?

• Heuristic analysis involves analyzing the behavior of files, processes, or entities, while behavioral analysis looks for patterns and characteristics associated with known malware.
• Heuristic analysis focuses on identifying potential threats based on known patterns and characteristics, while behavioral analysis observes and detects abnormal activities and deviations from expected behavior.
• Heuristic analysis analyzes network traffic patterns, while behavioral analysis focuses on examining code and file structure.
• Heuristic analysis and behavioral analysis are interchangeable terms in the context of cybersecurity.

Question 10)
Which type of encryption is typically used for securing large amounts of data?

• Transposition cipher encryption
• Substitution cipher encryption
• Symmetric encryption
• Asymmetric encryption

Question 11)
Which of the following encryption protocols is most suitable for encrypting email messages?

• S/MIME (Secure/Multipurpose Internet Mail Extensions)
• PGP (Pretty Good Privacy)
• SSH (Secure Shell)
• SSL (Secure Sockets Layer)

Question 12)
What role does hashing play in ensuring the integrity of files in an organization?

• By compressing files to reduce their footprint on storage drives.
• By increasing the size of files to meet storage requirements.
• By converting the data into an encrypted format that cannot be read without a key.
• By generating a unique hash value for each file and comparing it to the original when needed.

Question 13)
By using SSL and TLS certificates, organizations can ensure the safeguard of their internal communication channels, including intranets, VPNs, and messaging applications, and remote access?

• True
• False.

Question 14)
Which of the following best describes the role of centralized authentication and authorization systems in managing network access?

• They heighten the potential for access violations by focusing on a single point of authentication.
• They require organizations to use different access control systems for each data center.
• They increase the complexity of managing network access by requiring individual access protocols for each machine.
• They enable organizations to manage network access across a variety of users from a single point, reducing inconsistencies and potential access violations.

Question 15)
Kerberos is an authentication protocol that uses __________ cryptography to securely authenticate client-server applications on a network.

• private-key
• secret-key
• session-key
• public-key

Question 16)
The ________ protocol is primarily used for authenticating, authorizing, and accounting for network users.

• FTP
• RADIUS
• SNMP
• IMAP

Question 17)
Which of the following is a data transmission threat? Select all that apply.

• Data was accessed and changed without proper authorization by an unknown external entity while sending as an email attachment.
• Data was being uploaded to a backup server. An external entity intercepted the transfer process and captured the data.
• An external entity pretended to be the CEO of a business organization and asked you to submit a resignation letter immediately.
• An external entity accessed the company database and exfiltrated it.

Question 18)
True or False: A temporary website outage due to a distributed denial-of-service (DDoS) attack can be considered an example of an advanced persistent threat (APT) attack.

• True
• False

Question 19)
True or False: The scenario where a smart home device automatically reorders grocery items when they run low based on predefined preferences set by the homeowner represents a potential IoT threat.

• True
• False

Question 20)
How can organizations ensure better endpoint security? Select all that apply.

• Enabling multifactor authentications for all endpoints.
• Disabling all internet connectivity on endpoints to eliminate external threats.
• Training employees on best practices for endpoint security and raising awareness about potential threats.
• Regularly updating and patching operating systems and applications.

Question 21)
True or False: An Intrusion Detection and Prevention System (IDPS) can only detect and alert about security breaches but cannot take automated actions to prevent them.

• True
• False

Question 22)
Which of the following are valid application update types? Select all that apply.

• Security updates
• Feature updates
• Patch updates
• Performance updates

Question 23)
True or False: Security compliance is essential because it helps in the protection of sensitive data and aids in preventing data breaches.

• True
• False

Question 24)
In the risk management cycle, after risks are identified, they are then ______________.

• monitored and reviewed
• mitigated
• quantified

Question 25)
Under GDPR, which right allows data subjects to demand that their data be deleted?

• Right to be forgotten
• Right to restrict processing
• Right to rectification
• Right to data portability

Question 26)
According to GDPR, companies must obtain _______ consent from users for the use of cookies and provide them with an option to reject them.

• Explicit
• Express
• Implicit
• Indirect

Question 27)
PCI-DSS applies to all entities involved in activities related to ___________.

• credit card transactions
• social media accounts
• email communications
• personal identification information

Question 28)
True or False: The concept of identity in a network is only based on a person’s name.

• True
• False

Question 29)
True or False: The adoption of single sign-on (SSO) increases administrative costs because it raises the number of password-related issues the IT help desk teams must manage.

• True
• False

Question 30)
What is the primary function of organizational units (OUs) within domains?

• OUs are used for tracking the organization’s financial transactions.
• OUs apply Group Policy settings and delegate administrative authority.
• OUs primarily help in troubleshooting network issues.
• OUs increase the organization’s overall operational costs.

Question 31)
True or False: Relying solely on incremental backup is sufficient as a backup strategy.

• True
• False

Question 32)
Which of the following malware spread by exploiting the vulnerabilities found in a computer in the network?

• Trojans
• Worms
• Rootkits
• Ransomware

Question 33)
Which of the following techniques are commonly used in ransomware attacks? Select all that apply.

• Physical theft of computer hardware or storage devices.
• Exploiting software vulnerabilities to gain unauthorized access.
• Phishing emails with malicious attachments or links.
• Distributed Denial of Service (DDoS) attacks.

Question 34)
A cybersecurity analyst team discovered a new type of malware that encrypts its code to evade detection. The malware also changes its code structure and appearance with each iteration. What type of malware is it?

• Polymorphic malware
• Metamorphic malware
• Fileless malware
• Ransomware

Question 35)
Which of the following steps should you follow before selling a laptop to prevent data theft? Select all that apply.

• Delete files and folders manually from the laptop’s storage.
• Perform a factory reset or reinstall the operating system.
• Use data erasure software to wipe the hard drive securely.
• Remove the hard drive from the laptop and keep it separately.

Question 36)
True or False: S/MIME is typically used to encrypt email communications.

• True
• False

Question 37)
How are intranets, VPNs, and messaging applications, as well as remote access, secured within organizations?

• By using SSL and TLS certificates.
• By regularly changing their network passwords.
• By employing firewalls and antivirus software.
• By sharing sensitive data only through encrypted emails.

Question 38)
By having ____________ of authentication, organizations can enforce consistent access policies across various networks and services, reducing the administrative workload and enhancing security.

• anonymous points
• distributed servers
• multiple points
• a single point

Question 39)
True or False: Kerberos is used to authenticate client-server applications by using a public-key infrastructure.

• True
• False

Question 40)
Which of the following are the main features of an advanced persistent threat (APT) attack? Select all that apply.

• Coordinated and prolonged efforts
• Random attacks
• Persistent targeting
• Advanced techniques

Question 41)
Jamie is currently in the middle of a critical project and using an outdated version of the Windows operating system. It will take at least one more month to complete this project. One day, he noticed that there was a security update released by Microsoft for the same version of the operating system. There is also a newer version of Windows released. What would be the appropriate step for Jamie?

• Install the security update for the current version of the Windows operating system and continue with the project.
• Ignore both the security update and the newer version of the Windows operating system.
• Upgrade to the newer version of the Windows operating system immediately.
• Delay the installation of the security update until the project is completed.

Question 42)
Why is security compliance important in an organization?

• It ensures employees understand all technical aspects of security systems.
• It allows the company to save money on cybersecurity software.
• It reduces the need for internal audits.
• It helps protect sensitive data and prevent data breaches.

Question 43)
True or False: The risk management cycle starts with quantifying the risks.

• True
• False

Question 44)
According to GDPR, what is mandatory for companies to provide to users regarding the use of cookies on their websites?

• Explicit consent and an option to reject cookies.
• Only information that cookies are being used.
• An option to accept cookies but not to reject them.
• An option to customize the level of cookies, but no need for explicit consent.

Question 45)
What does identity refer to in the context of a network?

• Distinctive representation or digital persona of a user or system.
• Encryption keys used for secure communication.
• Physical characteristics of a user or system.
• Authentication credentials such as passwords.

Question 46)
How does the adoption of single sign-on (SSO) impact an organization’s administrative costs?

• It has no impact on the administrative costs.
• It increases administrative costs due to complex password-related issues.
• It reduces administrative costs by eliminating a significant proportion of password-related issues.
• It reduces administrative costs by increasing the workload of IT Help Desk teams.

Question 47)
True or False: Organizational units (OUs) within domains are primarily used to increase the organization’s operational costs.

• True
• False

Question 48)
Which of the following statements are correct regarding the use of an incremental backup system? Select all that apply.

• It saves backup restore time.
• It saves backup time.
• It saves storage.
• It prevents data corruption.

Question 49)
In a ransomware-infected system, why is it tough to recover the data or files?

• The files are overwritten by new malicious files.
• The files are moved to an undisclosed location on the network.
• The files are physically deleted from the system.
• The files are securely encrypted by the ransomware.

Question 50)
Jamie lost their laptop with important data. Which of the following steps makes it harder for someone to retrieve or steal data from it? Select all that apply.

• Set a strong password or passphrase for the laptop.
• Enable full-disk encryption on the laptop.
• Enable automatic software updates on the laptop.
• Install antivirus and firewall applications.

Question 51)
True or False: Heuristic analysis is more important than behavioral analysis.

• True
• False

Question 52)
True or False: For large amounts of data, asymmetric encryption is usually utilized.

• True
• False

Question 53)
______ can assist organizations in verifying the integrity of files.

• Compressing files to reduce their footprint on storage drives
• Generating a unique hash value for each file and comparing it to the original when needed
• Increasing the size of files to meet storage requirements
• Converting the data into an encrypted format that cannot be read without a key

Question 54)
Which of the following are solutions offered by Microsoft for Endpoint Security? Select all that apply.

• Microsoft Defender Antivirus and Microsoft Defender Firewall
• Microsoft Office 365 and Microsoft Azure Active Directory
• Microsoft Secure Score and Microsoft Intune
• Microsoft SQL Server and Microsoft SharePoint

Question 55)
What is the purpose of an Intrusion Detection and Prevention System (IDPS)? Select all that apply.

• Encrypting sensitive data during transmission to protect it from interception.
• Collecting and analyzing logs to detect patterns and trends for proactive security measures.
• Monitoring network traffic and identifying potential security breaches or malicious activities.
• Blocking and preventing unauthorized access attempts to a network or system.

Question 56)
Security compliance is important because it helps protect _____.

• sensitive data
• buildings
• software
• reputation

Question 57)
Under GDPR, the ________ law allows individuals to stop the processing of their personal data.

• Right to object
• Right to restrict processing
• Right to rectification
• Right to be forgotten

Question 58)
True or False: Under GDPR, it is sufficient for websites to merely inform users that cookies are being used without obtaining explicit consent or providing an option to reject them.

• True
• False

Question 59)
True or False: PCI-DSS was introduced by major credit card organizations as a measure to combat credit card fraud.

• True
• False

Question 60)
Which of the following are valid impacts when an organization suffers from data breaches? Select all that apply.

• Huge cost in restoring the servers and hardware
• Financial loss and legal liabilities
• Loss of customer trust and loyalty
• Huge time and money in data restoration and encryption

Question 61)
Which of the following malware can spread automatically? Select all that apply.

• Viruses
• Worms
• Ransomware
• Rootkits
• Trojans

Question 62)
True or False: Full disk encryption can prevent data theft if someone knows your computer password.

• True
• False

Question 63)
True or False: A centralized authentication and authorization system complicates management and reduces control by distributing access across various networks and services.

• True
• False

Question 64)
True or False: If someone silently listens to the communication between two parties, it will still be considered a data transmission threat.

• True
• False

Question 65)
Which of the following scenarios is an example of an Advanced Persistent Threat (APT) attack?

• A company’s website experiences a temporary outage due to a distributed denial-of-service (DDoS) attack.
• An organization experiences a data breach where sensitive customer information is compromised due to a phishing email campaign.
• An employee accidentally opens a malicious email attachment, triggering a malware infection on their workstation.
• A sophisticated external team persistently targets a nuclear facility in Iran, deploying the Stuxnet worm to cause significant damage.

Question 66)
Which of the following can be the devastating impact of IoT threats? Select all that apply.

• Disruption in cloud-based technologies, leading to service outages and data loss.
• Unauthorized access to personal information and sensitive data.
• Manipulation or control of IoT devices for malicious purposes, such as surveillance or attacks.
• C: Increased monthly utility bills.

Question 67)
How does an Intrusion Detection and Prevention System (IDPS) work?

• It scans all files and documents stored on the network for any signs of malware or malicious code.
• It encrypts all network traffic to ensure secure communication between endpoints.
• It analyzes network traffic and compares it against known patterns or signatures of known attacks.
• It actively blocks all incoming network traffic to prevent any potential attacks.

Question 68)
What PCI-DSS is primarily aimed at ensuring the security of?

• Email communications
• Social media accounts
• Personal identification information
• Financial transactions

Question 69)
Identity in a network is like a digital ___________ that is unique and specific to each user or system.

• fingerprint
• email
• stamp
• avatar

Question 70)
Stuxnet was a highly sophisticated cyberweapon that made headlines for its targeted attacks on industrial systems. Which of the following statements is true about Stuxnet?

• Stuxnet exploited vulnerabilities in Macintosh computers.
• Stuxnet leveraged zero-day vulnerabilities.
• Stuxnet propagated through social media platforms.
• Stuxnet primarily targeted financial institutions.

Question 71)
Which of the following strategies should you follow to keep your personal data secure? Select all that apply.

• Use common and easily guessable passwords for all your accounts.
• Install multiple antivirus software for better protection.
• Regularly update your operating system and software applications.
• Regularly back up your data to an external hard drive or a cloud storage system.

Question 72)
True or False: The RADIUS protocol is used primarily for file sharing across a network.

• True
• False

Question 73)
By reducing the volume of password-related issues, the adoption of single sign-on (SSO) can lead to ________ administrative costs in an organization.

• increased
• untracked
• reduced
• expanded

Question 74)
Which of the following systems were affected by the Stuxnet worm?

• Banking and financial institutions.
• Government communication networks.
• Industrial control systems (SCADA systems).
• Global transportation networks.

Question 75)
Besides malware attacks, which of the following options can cause data corruption? Select all that apply.

• Hardware failure.
• Network congestion.
• Power outages or voltage fluctuations.
• Software updates.

Question 76)
What is Kerberos primarily used for in network security?

• Data compression.
• Providing public key certificates.
• Authenticating client-server applications using secret-key cryptography.
• Monitoring network traffic.

Question 77)
Which of the following can be considered a data transmission threat?

• Jamie sent an email to one of their contacts using a public Wi-Fi network, but the content of the email was altered before it reached its intended destination.
• Jamie accidentally deleted an important file while transferring it from one folder to another on their local computer.
• Jamie accidentally sends an email to the wrong recipient within the organization.
• Jamie regularly backs up their files to an external hard drive for data redundancy.

Question 78)
Which of the following can be considered as an endpoint? Select all that apply.

• Network switches and routers.
• Mobile devices such as smartphones and tablets.
• Personal computers and laptops.
• Cloud servers and data centers.

Question 79)
The _____ encryption protocol is primarily used for email message encryption.

• PGP (Pretty Good Privacy)
• SSH (Secure Shell)
• SSL (Secure Sockets Layer)
• S/MIME (Secure/Multipurpose Internet Mail Extensions)

Question 80)
Which of the following best describes the final step in the risk management cycle?

• Quantify risks
• Identify risks
• Mitigate risks
• Monitor and review risks

Question 81)
Which of the following reasons can cause a data breach? Select all that apply.

• Vulnerabilities in an organization’s computer systems.
• Not installing VPN.
• Not updating software regularly.
• Human error.

Question 82)
You have recently downloaded a file from the internet, and your antivirus software has flagged it as potentially harmful. During a comprehensive analysis, the software is examining the file’s behavior, code structure, and potential threat indicators to determine if it poses a risk to your computer. What type of analysis is the antivirus software performing?

• Sandbox analysis
• Heuristic analysis
• Forensic analysis
• Signature-based analysis

Question 83)
True or False: By generating a unique hash value for each file and comparing it to the original when needed, organizations can verify the integrity of their files.

• True
• False.

Question 84)
By ______ organizations can secure their remote access and internal communication channels like intranets, VPNs, and messaging applications.

• employing firewalls and antivirus software
• regularly changing their network passwords
• using SSL and TLS certificates
• sharing sensitive data only through encrypted emails

Question 85)
What is the primary purpose of the RADIUS protocol in network security?

• To compress data for network transmission.
• To authenticate, authorize, and account for network users.
• To provide email services.
• To facilitate web hosting.

Question 86)
The ____ encryption is generally the preferred method for encrypting large volumes of data because of its increased efficiency.

• Symmetric encryption
• Asymmetric encryption
• Transposition cipher encryption
• Substitution cipher encryption

Question 87)
True or False: The right to object is a data subject right under GDPR, which allows individuals to stop the processing of their personal data.

• True
• False

Question 88)
Organizational Units (OUs) are containers within domains that help ________ and manage resources based on administrative needs.

• organize
• dissolve
• increase
• limit

Question 89)
Which of the following evading techniques are used by modern malware? Select all that apply.

• Sandbox evasion
• Code obfuscation
• Firewall blocking
• Code signing

Question 90)
True or False: Security fixes should be installed as soon as possible.

• True
• False

You might also like: Intro to Networking and Cloud Computing Quiz Answers + Review

My Review:

I recently completed the “Cybersecurity Threat Vectors and Mitigation” course on Coursera, which is part of the Microsoft Cybersecurity Analyst Professional Certificate. This 5-module course offers a solid overview of the current threat landscape and the strategies used to defend against cyber attacks. It covers everything from common threat vectors and attack types to encryption techniques and key security and compliance concepts. The course is beginner-friendly and doesn’t require any prior technical experience, making it a great fit for anyone starting out in cybersecurity.

It also serves as valuable preparation for the Microsoft SC-900 exam, which leads to the Security, Compliance, and Identity Fundamentals Certification. Overall, it’s a clear, informative, and practical introduction to the core threats and defenses in modern cybersecurity.