All Coursera Quiz Answers

Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers

In this article i am gone to share Coursera Course: Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers with you..


Also visit:ย  Sound the Alarm: Detection and Response Weekly challenge 4 Quiz Answers


 

Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers

Question 1)
Which of the following is an example of a security incident?

  • Multiple unauthorized transfers of sensitive documents to an external system.
  • An extreme weather event causes a network outage.
  • A company experiences increased traffic volumes on their website because of a new product release.
  • An authorized user emails a file to a customer.

Question 2)
A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?

  • Skip irrelevant steps.
  • Complete the steps in any order.
  • Overlap the steps as needed.
  • Only use each step once.

Question 3)
Which step does the NIST Incident Response Lifecycle begin with?

  • Post-Incident Activity
  • Containment, Eradication and Recovery
  • Detection and Analysis
  • Preparation

Question 4)
What are some roles included in a computer security incident response team (CSIRT)? Select three answers.

  • Incident manager
  • Incident coordinator
  • Technical lead
  • Security analyst

Question 5)
Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.

  • procedures
  • exercises
  • policies
  • instructions

Question 6)
Which of the following best describes how security analysts use security tools?

  • They only use detection and management tools during incident investigations.
  • They only use documentation tools for incident response tasks.
  • They only use a single tool to monitor, detect, and analyze events.
  • They use a combination of different tools for various tasks.

Question 7)
What are the qualities of effective documentation? Select three answers.

  • Clear
  • Brief
  • Accurate
  • Consistent

Question 8)
What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

  • An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
  • An IDS and an IPS both have the same capabilities.
  • An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
  • An IDS automates response and an IPS generates alerts.

Question 9)
What is the difference between a security information and event management (SIEM) tool and a security orchestration, automation, and response (SOAR) tool?

  • SIEM tools and SOAR tools have the same capabilities.
  • SIEM tools collect and analyze log data, which are then reviewed by security analysts. SOAR tools use automation to respond to security incidents.
  • SIEM tools use automation to respond to security incidents. SOAR tools collect and analyze log data, which are then reviewed by security analysts.
  • SIEM tools are used for case management while SOAR tools collect, analyze, and report on log data.

Question 10)
Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.

  • data collection
  • data analysis
  • data aggregation
  • data normalization

 

Question 11)
Which of the following is an example of a security incident?

  • A software bug causes an application to crash.
  • An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
  • An unauthorized user successfully changes the password of an account that does not belong to them.
  • A user installs a device on their computer that is allowed by an organization’s policy.

Question 12)
What happens during the data collection and aggregation step of the SIEM process? Select two answers.

  • Data is analyzed according to rules.
  • Data is centralized in one place.
  • Data is cleaned and transformed.
  • Data is collected from different sources.

Question 13)
What are some common elements contained in incident response plans? Select two answers.

  • Financial information
  • System information
  • Incident response procedures
  • Simulations

Question 14)
Fill in the blank: An intrusion detection system (IDS) _____ system activity and alerts on possible intrusions.

  • analyzes
  • monitors
  • manages
  • protects

Question 15)
A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?

  • Collect data
  • Analyze data
  • Normalize data
  • Aggregate data

Question 16)
Which of the following statements describe security incidents and events?

  • All security incidents are events, but not all events are security incidents.
  • Security incidents and events are unrelated.
  • All events are security incidents, but not all security incidents are events.
  • Security incidents and events are the same.

Question 17)
What process is used to provide a blueprint for effective incident response?

  • The NIST Incident Response Lifecycle
  • The incident handlerโ€™s journal
  • The 5 Wโ€™s of an incident
  • The NIST Cybersecurity Framework

Question 18)
Which core functions of the NIST Cybersecurity Framework relate to the NIST Incident Response Lifecycle? Select two answers.

  • Respond
  • Discover
  • Investigate
  • Detect

Question 19)
Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.

  • computer security incident response team
  • forensic investigation team
  • threat hunter group
  • risk assessment group

Question 20)
What are investigative tools used for?

  • Managing alerts
  • Documenting incidents
  • Monitoring activity
  • Analyzing events

Question 21)
What are examples of tools used for documentation? Select two answers.

  • Playbooks
  • Audio recorders
  • Final reports
  • Cameras

Question 22)
Which process uses a variety of applications, tools, and workflows to respond to security events?

  • Security information and event management (SIEM)
  • Security orchestration, automation, and response (SOAR)
  • Intrusion prevention system (IPS)
  • Intrusion detection system (IDS)

Question 23)
What is the NIST Incident Response Lifecycle?

  • The method of closing an investigation
  • A system that only includes regulatory standards and guidelines
  • A framework that provides a blueprint for effective incident response
  • The process used to document events

Question 24)
Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.

  • Preparation
  • Containment, Eradication, and Recovery
  • Protection
  • Detection and Analysis

Question 25)
What is a computer security incident response team (CSIRT)?

  • A specialized group of security professionals who focus on incident prevention
  • A specialized group of security professionals who are solely dedicated to crisis management
  • A specialized group of security professionals who are trained in incident management and response
  • A specialized group of security professionals who work in isolation from other departments

Question 26)
A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert’s evidence in greater detail?

  • A documentation tool
  • A detection tool
  • A recovery tool
  • An investigative tool

Question 27)
Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.

  • pauses
  • reports
  • stops
  • detects

Question 28)
What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?

  • The analysis and response to a security incident
  • The analysis of a centralized platform
  • The creation of raw log data
  • The creation of potential threats

Question 29)
Which of the following methods can a security analyst use to create effective documentation? Select two answers.

  • Write documentation in a way that reduces confusion.
  • Provide clear and concise explanations of concepts and processes.
  • Provide documentation in a paper-based format.
  • Write documentation using technical language.