In this article i am gone to share Coursera Course: Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers with you..

---

Also visit:  Sound the Alarm: Detection and Response Weekly challenge 4 Quiz Answers

---

 

Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers

Question 1)
Which of the following is an example of a security incident?

• Multiple unauthorized transfers of sensitive documents to an external system.
• An extreme weather event causes a network outage.
• A company experiences increased traffic volumes on their website because of a new product release.
• An authorized user emails a file to a customer.

Question 2)
A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?

• Skip irrelevant steps.
• Complete the steps in any order.
• Overlap the steps as needed.
• Only use each step once.

Question 3)
Which step does the NIST Incident Response Lifecycle begin with?

• Post-Incident Activity
• Containment, Eradication and Recovery
• Detection and Analysis
• Preparation

Question 4)
What are some roles included in a computer security incident response team (CSIRT)? Select three answers.

• Incident manager
• Incident coordinator
• Technical lead
• Security analyst

Question 5)
Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.

• procedures
• exercises
• policies
• instructions

Question 6)
Which of the following best describes how security analysts use security tools?

• They only use detection and management tools during incident investigations.
• They only use documentation tools for incident response tasks.
• They only use a single tool to monitor, detect, and analyze events.
• They use a combination of different tools for various tasks.

Question 7)
What are the qualities of effective documentation? Select three answers.

• Clear
• Brief
• Accurate
• Consistent

Question 8)
What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

• An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
• An IDS and an IPS both have the same capabilities.
• An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
• An IDS automates response and an IPS generates alerts.

Question 9)
What is the difference between a security information and event management (SIEM) tool and a security orchestration, automation, and response (SOAR) tool?

• SIEM tools and SOAR tools have the same capabilities.
• SIEM tools collect and analyze log data, which are then reviewed by security analysts. SOAR tools use automation to respond to security incidents.
• SIEM tools use automation to respond to security incidents. SOAR tools collect and analyze log data, which are then reviewed by security analysts.
• SIEM tools are used for case management while SOAR tools collect, analyze, and report on log data.

Question 10)
Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.

• data collection
• data analysis
• data aggregation
• data normalization

 

Question 11)
Which of the following is an example of a security incident?

• A software bug causes an application to crash.
• An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
• An unauthorized user successfully changes the password of an account that does not belong to them.
• A user installs a device on their computer that is allowed by an organization’s policy.

Question 12)
What happens during the data collection and aggregation step of the SIEM process? Select two answers.

• Data is analyzed according to rules.
• Data is centralized in one place.
• Data is cleaned and transformed.
• Data is collected from different sources.

Question 13)
What are some common elements contained in incident response plans? Select two answers.

• Financial information
• System information
• Incident response procedures
• Simulations

Question 14)
Fill in the blank: An intrusion detection system (IDS) _____ system activity and alerts on possible intrusions.

• analyzes
• monitors
• manages
• protects

Question 15)
A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?

• Collect data
• Analyze data
• Normalize data
• Aggregate data

Question 16)
Which of the following statements describe security incidents and events?

• All security incidents are events, but not all events are security incidents.
• Security incidents and events are unrelated.
• All events are security incidents, but not all security incidents are events.
• Security incidents and events are the same.

Question 17)
What process is used to provide a blueprint for effective incident response?

• The NIST Incident Response Lifecycle
• The incident handler’s journal
• The 5 W’s of an incident
• The NIST Cybersecurity Framework

Question 18)
Which core functions of the NIST Cybersecurity Framework relate to the NIST Incident Response Lifecycle? Select two answers.

• Respond
• Discover
• Investigate
• Detect

Question 19)
Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.

• computer security incident response team
• forensic investigation team
• threat hunter group
• risk assessment group

Question 20)
What are investigative tools used for?

• Managing alerts
• Documenting incidents
• Monitoring activity
• Analyzing events

Question 21)
What are examples of tools used for documentation? Select two answers.

• Playbooks
• Audio recorders
• Final reports
• Cameras

Question 22)
Which process uses a variety of applications, tools, and workflows to respond to security events?

• Security information and event management (SIEM)
• Security orchestration, automation, and response (SOAR)
• Intrusion prevention system (IPS)
• Intrusion detection system (IDS)

Question 23)
What is the NIST Incident Response Lifecycle?

• The method of closing an investigation
• A system that only includes regulatory standards and guidelines
• A framework that provides a blueprint for effective incident response
• The process used to document events

Question 24)
Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.

• Preparation
• Containment, Eradication, and Recovery
• Protection
• Detection and Analysis

Question 25)
What is a computer security incident response team (CSIRT)?

• A specialized group of security professionals who focus on incident prevention
• A specialized group of security professionals who are solely dedicated to crisis management
• A specialized group of security professionals who are trained in incident management and response
• A specialized group of security professionals who work in isolation from other departments

Question 26)
A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert’s evidence in greater detail?

• A documentation tool
• A detection tool
• A recovery tool
• An investigative tool

Question 27)
Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.

• pauses
• reports
• stops
• detects

Question 28)
What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?

• The analysis and response to a security incident
• The analysis of a centralized platform
• The creation of raw log data
• The creation of potential threats

Question 29)
Which of the following methods can a security analyst use to create effective documentation? Select two answers.

• Write documentation in a way that reduces confusion.
• Provide clear and concise explanations of concepts and processes.
• Provide documentation in a paper-based format.
• Write documentation using technical language.