Module quiz: Advanced threats and mitigation Quiz Answers
In this article i am gone to share Advanced Cybersecurity Concepts and Capstone Project by Microsoft | Week 2 Quiz | Module quiz: Advanced threats and mitigation Quiz Answers with you..
Enrol Link: Advanced Cybersecurity Concepts and Capstone Project
Module quiz: Advanced threats and mitigation Quiz Answers
Question 1)
Fill in the blank: In the context of susceptible infrastructure, ___________ is a threat that occurs when an attacker is able to make requests to internal resources of the system.
- Server-side request forgery (SSRF)
- Cross-site scripting (XSS)
- Denial-of-service (DoS)
Question 2)
Fill in the blank: The MITRE ATT&CK Matrix is regularly updated to include new _____________ used by threat actors, ensuring its relevance in the evolving cyber threat landscape.
- Tactics and techniques
- Laws and regulations
- Software and hardware
Question 3)
Which of the following best describes the purpose of the MITRE ATT&CK Matrix?
- To serve as a cybersecurity compliance checklist
- To document adversary tactics and techniques used against operational networks
- To provide legal advice on cybersecurity issues
Question 4)
A company’s security team has discovered a program running on their network that replicates itself and spreads to other computers without user interaction. What type of malware is described in this scenario?
- Viruses
- Trojan horses
- Worms
Question 5)
Fill in the blank: When combating phishing attacks, using ____________ and training users to recognize suspicious emails are essential practices.
- Email filters
- Firewalls
- Ad blockers
Question 6)
True or False: Microcontrollers (MCUs) are an IoT device hardware type that is less expensive and simpler to operate, often using a real-time operating system (RTOS).
- True
- False
Question 7)
An office building’s smart thermostat system has been hacked, resulting in the heating being turned off during a cold winter day. The attack was possible due to the thermostat’s use of an unsecured communication protocol. What type of IoT attack does this scenario describe?
- Device impersonation
- Unsafe communication attack
- Botnets
Question 8)
Fill in the blank: In IoT security, _______________practices involve treating all attempts to access the system as untrusted until verified to prevent unauthorized access.
- No trust
- Least privilege trust
- Zero trust
Question 9)
A manufacturing company has IoT devices across its production floor. They recently updated their security policy to ensure that each device has access only to the necessary network resources for its function. What is this approach known as?
- Least-privileged access control
- Open network access control
- Universal access control
Question 10)
What feature of Microsoft Defender for IoT provides detailed information on each device, including IP addresses, vendors, protocols, firmware, and security alerts?
Agentless monitoring- Device inventory
- Automatic asset discovery
Question 11)
An ethical hacker is using the MITRE ATT&CK Matrix to simulate an attack where they maintain access to a system by adding a program to the registry run keys. Which tactic is the simulation based on?
- Exfiltration
- Persistence
- Credential access
Question 12)
Fill in the blank: ___________________ is a type of malware that encrypts a user’s files and demands payment for the decryption key.
- Ransomware
- Spyware
- Adware
Question 13)
What is an effective initial countermeasure when a computer worm is detected within a network?
- Pay any demanded ransom to stop the spread.
- Run a full system scan on all network devices.
- Isolate affected devices from the network.
Question 14)
Fill in the blank: IoT devices used to monitor and control operations in public spaces, such as smart city traffic and weather monitoring systems, are categorized as ________________ IoT devices.
- Commercial
- Infrastructure
- Industrial
Question 15)
Fill in the blank: ______________ attacks are when cybercriminals take control of a network of IoT devices to launch attacks or steal data.
- Spoofing
- Botnet
- Physical
Question 16)
What does the term “convergence” refer to in the context of IoT risks?
- The act of connecting IoT devices to insecure networks
- The combination of multiple application systems into one system
- The use of legacy and unsupported devices
Question 17)
Fill in the blank: Microsoft Defender for IoT uses _________________ to detect complex threats, including zero day malware and sophisticated attack tactics.
- Standard signature-based defenses
- OT- and IoT-aware behavioral analytics and advanced threat intelligence
- Manual user input and verification
Question 18)
Attackers registered domain names similar to a specific company’s. This has led to customers inadvertently downloading malware. Which type of threat does this scenario best illustrate?
- Phishing attack
- Typosquatting
- Man-in-the-middle attack
Question 19)
A company discovers unauthorized internet connections and devices with open ports not in use on their network. Which feature of Microsoft Defender for IoT should they use to identify and prioritize these risks?
- Risk and vulnerability tracking
- Device inventory
- Passive monitoring
Question 20)
Which primary cloud infrastructure vulnerability makes it susceptible to breaches?
- Its limited scalability options
- The potential for misconfiguration due to its shared resource model
- Its reliance on physical security measures
Question 21)
Which MITRE ATT&CK Matrix benefit enhances an organization’s ability to identify and respond to potential threats before they occur?
- The PRE-ATT&CK Matrix
Its real-time threat alert system for immediate incident response- Its tailored security solutions
Question 22)
Which type of malware acts as a “backdoor” for unauthorized users by disguising itself as legitimate software?
- Rootkits
- Worms
- Trojan horses
Question 23)
Which security measure is essential to prevent attackers from intercepting data transmitted between IoT devices and the cloud?
- Regular firmware updates
- Zero trust practices
- Secure connectivity for data transmission
Question 24)
Which component of the MITRE ATT&CK Matrix focuses on the preparatory activities and reconnaissance techniques that attackers use before launching an attack?
- Enterprise Matrix
- PRE-ATT&CK Matrix
- Mobile Matrices
Question 25)
A logistics company wants to track its fleet’s location in real-time, monitor vehicle health, and automate routing based on traffic conditions. Which type of IoT device would best suit their needs?
- Commercial IoT devices
- Infrastructure IoT devices
- Consumer IoT devices
Question 26)
What does the hardware root of trust provide in the context of IoT device security?
- Safe credential storage in tamper-resistant hardware
- Storage for credentials in software-based containers
- A flexible onboarding identity that can be easily altered
Question 27)
Which tactic in the MITRE ATT&CK framework involves adversaries using techniques like keyloggers, credential dumping, and brute force to gain elevated system permissions?
- Credential access
- Exfiltration
- Defense evasion
Question 28)
A user reports that their system is running slow, and they have noticed unfamiliar processes running in the background. They discover a hidden program using the system’s resources to mine cryptocurrency. What type of malware is most likely responsible for this activity?
- Bots
Ransomware- Adware
Question 29)
Which type of IoT attack involves overwhelming a service with internet traffic, often using a network of compromised devices?
- Spoofing
- Firmware hijacking
- Denial-of-service (DoS)
Question 30)
Fill in the blank: In network design, _________________ allows for segmenting IoT devices to minimize the risk exposure and contain threats within controlled boundaries.
- Network convergence
- Network separation
- Network micro-segmentation