Cybersecurity Tools and Technologies Coursera Quiz Answers
Hello Friends In this article i am gone to share Cybersecurity Tools and Technologies Coursera Quiz Answers with you..
Enrol Link: Cybersecurity Tools and Technologies
Cybersecurity Tools and Technologies Coursera Quiz Answers
WEEK 1 QUIZ ANSWERS
Knowledge check: Defense and offense – Red versus blue
Question 1)
What is the purpose of ethical hacking in the realm of security?
- To identify and address vulnerabilities.
- To protect systems from attacks.
- To exploit vulnerabilities in systems without permission.
- To enhance the skills of security professionals.
Question 2)
Which of the following activities is part of offensive security testing?
- Network penetration testing.
- Regular security assessments.
- Social engineering awareness programs.
- Incident response capabilities.
Question 3)
Which of the following is a key aspect of the blue team’s responsibilities in cybersecurity?
- Managing incident response.
- Conducting vulnerability scanning.
- Implementing security measures in Azure.
- Providing security awareness training.
Question 4)
Which of the following activities is performed by the red team to test an organization’s susceptibility to social engineering attacks?
- Network monitoring
- Vulnerability scanning
- Phishing campaigns
- Intrusion detection
Question 5)
What is the primary objective of the red team’s activities in cybersecurity?
- To simulate real-world attacks and test an organization’s defenses.
- To provide comprehensive vulnerability assessments.
- To educate employees about cybersecurity threats.
- To enhance the security culture within an organization.
Knowledge check: Testing stages
Question 1)
Which of the below represents the first stage of the penetration testing process?
- Escalation
- Reporting and remediation
- Enumeration
- Reconnaissance
Question 2)
Which stage involves actively probing the target system to identify open ports, services, and user accounts?
- Escalation
- Enumeration
- Reporting and remediation
- Exploitation
Question 3)
In which stage of penetration testing do testers gain administrative access and move laterally within the network?
- Exploitation
- Enumeration
- Reporting and remediation
- Escalation
Question 4)
Sam’s Scoops wants to ensure the security of its customer transactions and personal information. They decide to conduct a penetration test to identify vulnerabilities in their system. During the testing process, the ethical hackers have successfully gained unauthorized access to Sam’s Scoops’ network and systems.
What is the next stage in the penetration testing process?
- Reporting and Remediation
- Reconnaissance
- Enumeration
- Escalation
Question 5)
You have four stages of the penetration testing process for Sam’s Scoops complete. Which of the following stages generates a comprehensive report that identifies vulnerabilities and recommends remediation steps for Sam?
- Exploitation
- Reconnaissance
- Reporting and remediation
- Escalation
Knowledge check: Types of penetration tests
Question 1)
A company recently launched an online ordering feature on its website. What’s the purpose of using black box testing to test this feature?
- Testing the functionality of the system from an external perspective.
- Reviewing the source code line by line to identify potential vulnerabilities.
- Simulating real-world attack scenarios without any prior knowledge of the system’s vulnerabilities.
- Analyzing the internal components of the software, such as algorithms and data structures, to check for vulnerabilities.
Question 2)
Which of the following vulnerabilities can be identified through black box testing for an eCommerce website?
- White box testing flaws.
- Analysis of the source code.
- Improperly configured systems.
- Cross-Site Scripting (XSS).
Question 3)
What is the primary advantage of white box testing?
- It focuses on testing the system from a user’s perspective.
- It simulates real-world attack scenarios without prior knowledge of the system’s vulnerabilities.
- Testers have access to the internal structure, design, and code of the system.
- It involves reviewing the source code without executing it.
Question 4)
Which approach is used in white box testing to ensure all parts of the code are exercised during testing?
- Unit testing
- Branch testing
- Code coverage analysis
- Path testing
Question 5)
True or false: Ally wants to ensure that her applications are secure at the source code level. This means that tester requires access to the app architecture and design, as well as the source code.
Grey box testing is ideal because it provides the required access needed to complete the test.
- True
- False
Visit this link: Module quiz: Penetration testing Quiz Answers
WEEK 2 QUIZ ANSWERS
Knowledge check: IDPS
Question 1)
Which of the following is a primary difference between a Network-based Intrusion Detection and Prevention System (NIDPS) and a Host-based Intrusion Detection and Prevention System (HIDPS)?
- NIDPS requires physical installation on each host machine, while HIDPS does not.
- NIDPS is designed to protect individual host machines, while HIDPS is designed to protect network traffic.
- HIDPS is specifically designed to monitor traffic on a single device, while NIDPS monitors traffic across the network.
Question 2)
Which of the following best describes the primary function of an Intrusion Detection and Prevention System (IDPS)?
- Monitoring network traffic and preventing data exfiltration.
- Allocating bandwidth for different types of network traffic.
- Managing user permissions and roles within a network.
Question 3)
Which benefits does Azure Firewall Premium IDPS offer? Select all that apply.
- Increased security
- Reduced false positives
- Centralized management
- Scalability
Question 4)
The __________ policy defines the types of traffic to monitor and the actions to take when malicious traffic is detected in Azure Firewall Premium IDPS.
- Access control
- Monitoring
- IDPS
- Security
Question 5)
Which component of the Elastic Stack indexes and stores the Suricata log files in network intrusion detection using open-source tools?
- Logstash
- Kibana
- Elasticsearch
Knowledge check: Configuring firewalls
Question 1)
What is the benefit of integrating Azure Firewall with Microsoft Sentinel in the context of network security in Microsoft Azure?
- It provides a centralized point for network services like Azure Firewall and Network Virtual Appliances (NVAs).
- It enables direct communication between virtual networks without the need for a gateway or VPN.
- It allows for enforcing restrictions on network traffic based on source/destination IP addresses, ports, and protocols.
- It helps in identifying emerging threats and applying appropriate security measures.
Question 2)
XYZ Corporation has multiple on-premise applications that need to communicate with specific Azure services deployed in their virtual network. The company want to configure Azure Firewall to allow this communication while maintaining a robust security posture.
Which feature of Azure Firewall can the corporation use to simplify rule management and allow communication between its on-premises applications and specific Azure services hosted in its virtual network?
- Threat Intelligence-Based Filtering
- Application rules
- Network rules
- Azure Firewall application FQDN tags
Question 3)
What are the main benefits of integrating network security groups (NSGs) with Azure Firewall in Microsoft Azure?
- Resource monitoring, virtual machine backup, and disaster recovery.
- Real-time threat analysis, data encryption, and secure socket layer (SSL) decryption.
- Cost optimization, automatic scaling, and load balancing.
- Centralized network security management, application-level filtering, and enhanced traffic inspection.
Question 4)
The recommended native option for enforcing network segmentation and controlling traffic flows across both VNets and subscriptions in Azure is ___________.
- Virtual network peering
- Azure Firewall
- Network security groups (NSGs)
Question 5)
Which of the following are design principles for ensuring reliability when configuring Azure Firewall? Select all that apply.
- Enable threat intelligence on Azure Firewall.
- Determine if you want to use third-party MSSP (Managed Security Service Provider).
- Deploy by using a secured virtual hub.
- Use a global Azure Firewall policy.
Knowledge check: Azure VPN
Question 1)
You are a network administrator for a company that has recently adopted cloud services in Microsoft Azure. The company’s remote workforce needs secure access to Azure resources from their individual client computers. You are tasked with setting up the appropriate VPN connection type to meet this requirement.
Which VPN connection type should you configure to allow remote workers to securely access Azure resources from their individual client computers?
- VNet-to-VNet VPN
- Point-to-Site VPN
- ExpressRoute VPN
- Site-to-Site VPN
Question 2)
Which of the following statements accurately describes the benefits of Azure VPN in terms of global reach and scalability?
- Azure VPN ensures scalability by facilitating secure connectivity for managing supply chains and collaborating with logistics partners.
- Azure VPN offers global reach with availability in over 100 regions worldwide, allowing businesses to connect to Azure from anywhere across the globe.
- Azure VPN ensures scalability by enabling remote monitoring and predictive maintenance of manufacturing equipment, optimizing production efficiency.
- Azure VPN provides global reach by connecting retail stores to a central data center for seamless access to shared data and applications.
Question 3)
What is the purpose of IPsec tunnels in a VPN configuration on Azure?
- Establishing the Azure virtual network
- Enabling secure communication over the internet
- Monitoring the VPN connection status
- Providing authentication mechanisms
Question 4)
To authenticate clients connecting to a VNet over a point-to-site VPN connection in Azure, you need to upload the __________ certificate to Azure.
- Root
- Client
Question 5)
Which authentication type is recommended for Point-to-Site (P2S) VPN connections in Azure?
- Username and password
- RADIUS authentication
- Azure certificate
- Active Directory integration
Knowledge check: Vulnerability management
Question 1)
Which of the following are steps involved in the vulnerability management process? Select all that apply.
- Conduct vulnerability assessments.
- Implement mitigation measures.
- Perform a daily backup of system data.
- Prioritize vulnerabilities based on risk.
Question 2)
Which type of vulnerability arises from incorrect or inadequate configurations of hardware, software, or network devices?
- Software vulnerabilities
- Network vulnerabilities
- Configuration vulnerabilities
- Data vulnerabilities
Question 3)
What is the purpose of vulnerability scanning in the vulnerability management process?
- To exploit known vulnerabilities and assess their impact.
- To continuously monitor systems for new vulnerabilities.
- To identify potential vulnerabilities and weaknesses in the system or software.
- To review the scan results and assess the severity of each vulnerability.
Question 4)
You are the security lead for a growing online retail company. Your team recently conducted a comprehensive security assessment of your Azure environment and identified several vulnerabilities that need immediate attention.
Which of the following actions would be a common and effective remediation strategy to address the identified vulnerabilities?
- Implementing additional security controls like firewalls.
- Conducting vulnerability scanning regularly.
- Updating the asset inventory and classification.
- Assessing the severity of vulnerabilities.
Question 5)
Fill in the blank: Vulnerabilities are weaknesses or flaws in a system or software that can be exploited by threat actors to compromise its ________________, ________________, or ________________.
- flexibility, security, or responsiveness
- integrity, confidentiality, or availability
- functionality, performance, or compatibility
- usability, scalability, or efficiency
Visit this link: Module quiz: Preventative tools Quiz Answers
WEEK 3 QUIZ ANSWERS
Knowledge check: The Command Line
Question 1)
What is the purpose of the Set-ExecutionPolicy cmdlet in Windows PowerShell?
- To change the user’s password.
- To uninstall a software program.
- To set the execution policy for PowerShell scripts.
- To create a new registry key.
Question 2)
You are tasked with finding the IP address of a system through the command line tool. Which command would be most suitable for this task?
- netstat
- ifconfig
- ping
- traceroute
Question 3)
You are a penetration tester hired by a company to assess the security of their online ordering system, which contains sensitive customer data. You need to conduct command line penetration testing to identify vulnerabilities.
What is the best practice for maintaining security while performing this test?
- Disable firewalls and security software.
- Document and seek authorization before testing.
- Use default credentials for testing purposes.
- Perform tests on production systems during peak hours.
Question 4)
Which Azure service can help automate the detection of misconfigured resources and security vulnerabilities in an Azure environment?
- Azure CI/CD platform
- Azure Active Directory
- Azure Security Center
- Azure Key Vault
Question 5)
Which command is used to create a new directory using the command line?
- cd
- dir
- rd
- mkdir
Knowledge check: Setting up Azure for testing
Question 1)
John is a penetration tester hired by Sam’s Scoops. He needs to manage environment-specific variables such as connection strings and API keys for his testing environment.
Which Azure service should he use for secure storage and access control?
- Azure Logic Apps
- Azure Functions
- Azure Key Vault
- Azure Blob Storage
Question 2)
You are configuring a load testing environment in Azure to simulate heavy user traffic on your application. What Azure service can help you to manage and distribute the load effectively?
- Azure Functions
- Azure Application Gateway
- Azure Kubernetes Service (AKS)
- Azure Logic Apps
Question 3)
You need to ensure that your Azure resources meet specific security compliance standards before deploying them for testing. Which Azure service can help you assess and enforce compliance?
- Azure Key Vault
- Azure Bastion
- Azure Security Center
- Azure Firewall
Question 4)
You want to store the results of your testing data securely and cost effectively in Azure. Which Azure service should you use?
- Azure Cosmos DB
- Azure Blob Storage
- Azure Data Lake Storage
- Azure SQL Database
Question 5)
You are setting up a testing environment in Azure and want to grant access to team members for specific resources without sharing your credentials. Which Azure service should you use?
- Azure Key Vault
- Azure Active Directory (AD)
- Azure Firewall
Knowledge check: Running the test
Question 1)
Mart is leading a penetration testing team tasked with evaluating the security of an organization’s Azure environment. He recognizes the need for his team to establish clear rules of engagement for the upcoming test.
What key aspect highlights the significance of defining these rules before commencing the penetration test?
- To limit the scope of the test and define boundaries.
- To allow testers unrestricted access to Azure resources.
- To ensure the team of penetration testers are paid fairly.
- To maintain secrecy about the testing process.
Question 2)
Now that Mart has discussed the importance of establishing clear rules of engagement before initiating a penetration test, what should be their immediate next step?
- Secure an insurance policy to cover all potential damage.
- Hire a legal team to handle potential issues.
- Inform the organization competitors about the testing plan.
- Obtain written consent from Azure and regulatory approval.
Question 3)
What should Mart include in the penetration testing report to be submitted to the quality analysis team of the organization?
- A summary of every Azure feature tested.
- An executive summary, detailed findings, risk assessments, and remediation recommendations.
- A list of every Azure vulnerability identified.
- A detailed list of Azure user accounts and passwords.
Question 4)
What precautions should testers take regarding sensitive data in the Azure environment during penetration testing?
- Share sensitive data across the penetration testing team to simulate real conditions.
- Ensure the organization encrypts sensitive data to protect it from the testing exercises.
- Leave sensitive data unprotected to test the effectiveness of Azure security features.
- Use anonymized or dummy data whenever possible.
Question 5)
Which of the following describes a key role of Azure CLI and Azure PowerShell in uncovering vulnerabilities during penetration testing?
- They automate the process of sending malicious inputs.
- They prioritize vulnerabilities based on their potential impact.
- They solely analyze security headers.
- They focus on network security.
Visit this link: Module quiz: Azure penetration testing Quiz Answers
WEEK 4 QUIZ ANSWERS
Visit this link: Self review: Plan of attack Quiz Answers
Visit this link: Course quiz: Cybersecurity tools and technologies Quiz Answers