All Coursera Quiz Answers

Security Operations Coursera Final Assessment Quiz Answers

In this blog post, we provide the answers to the Module 1 to 7 quizzes from Coursera’s “Security Operations” course. Whether you need to check your responses or get guidance on key concepts, this guide will help you stay on track and improve your understanding of security operations. / Security Operations Coursera Final Assessment Quiz Answers

Security Operations Coursera Final Assessment Quiz Answers

 

Security Operations Quiz Answers

Question 1)
Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? (D5.1, L5.1.1)

  • Encryption
  • Hashing
  • Hard copy
  • Data life cycle

Question 2)
Why is an asset inventory so important? (D5.2, L5.2.1)

  • It tells you what to encrypt
  • You can’t protect what you don’t know you have
  • The law requires it
  • It contains a price list

Question 3)
Who is responsible for publishing and signing the organization’s policies? (D5.3, L5.3.1)

  • The security office
  • Human Resources
  • Senior management
  • The legal department

Question 4)
Which of the following is always true about logging? (D5.1, L5.1.3)

  • Logs should be very detailed
  • Logs should be in English
  • Logs should be concise
  • Logs should be stored separately from the systems they’re logging

Question 5)
A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead (D5.1, L5.1.3)

  • Asymmetric
  • Symmetric
  • Hashing
  • Covert

Question 6)
A ready visual cue to let anyone in contact with the data know what the classification is. (D5.1, L5.1.1)

  • Encryption
  • Label
  • Graphics
  • Photos

Question 7)
A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment. (D5.2, L5.2.1)

  • Patches
  • Inventory
  • Baseline
  • Policy

Question 8)
What is the most important aspect of security awareness/training? (D5.4, L5.4.1)

  • Protecting assets
  • Maximizing business capabilities
  • Ensuring the confidentiality of data
  • Protecting health and human safety

Question 9)
Which entity is most likely to be tasked with monitoring and enforcing security policy? (D5.3, L5.3.1)

  • The Human Resources office
  • The legal department
  • Regulators
  • The security office

Question 10)
Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment? (D5.3, L5.3.1)

  • The CM policy (change management)
  • The password policy
  • The AUP (acceptable use policy)
  • The BYOD policy (bring your own device)

 

Check out also this article: Security Principles All Modules Quiz Answers


 

Final Assessment Answers

Question 1)
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1)

  • administrative
  • technical
  • physical
  • nuanced

Question 2)
Chad is a security practitioner tasked with ensuring that the information on the organization’s public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1)

  • Confidentiality
  • Integrity
  • Availability
  • Confirmation

Question 3)
Which of the following is an example of a “something you know” authentication factor? (D1, L1.1.1)

  • user ID
  • password
  • fingerprint
  • iris scan

Question 4)
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1)

  • non-repudiation
  • multifactor authentication
  • biometrics
  • privacy

Question 5)
In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)

  • vulnerability
  • asset
  • threat
  • likelihood

Question 6)
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1)

  • fear
  • threat
  • control
  • asset

Question 7)
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2)

  • acceptance
  • avoidance
  • mitigation
  • transference

Question 8)
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2)

  • risk tolerance
  • risk inversion
  • threat
  • vulnerability

Question 9)
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)

  • physical
  • administrative
  • passive
  • technical

Question 10)
Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control. (D1, L1.3.1)

  • physical
  • administrative
  • critical
  • technical

Question 11)
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls. (D1, L1.3.1)

  • physical
  • administrative
  • drastic
  • technical

Question 12)
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this? (D1, L1.3.1)

  • administrative
  • entrenched
  • physical
  • technical

Question 13)
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)

  • policy
  • procedure
  • standard
  • law

Question 14)
The Triffid Corporation publishes a strategic overview of the company’s intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? (D1, L1.4.1)

  • policy
  • procedure
  • standard
  • law

Question 15)
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers’ personal data. This set of rules is a _____. (D1, L1.4.2)

  • law
  • policy
  • standard
  • procedure

Question 16)
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2)

  • law
  • procedure
  • standard
  • policy

Question 17)
Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1)

  • recommend a different vendor/product
  • recommend the cousin’s product
  • Hoshi should ask to be recused from the task
  • disclose the relationship, but recommend the vendor/product

Question 18)
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1)

  • inform (ISC)²
  • pay the parking ticket
  • inform supervisors at Triffid
  • resign employment from Triffid

Question 19)
Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do? (D1, L1.5.1)

  • tell the auditors the truth
  • ask supervisors for guidance
  • ask (ISC)² for guidance
  • lie to the auditors

Question 20)
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma’s colleagues is interested in getting an (ISC)² certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1)

  • inform (ISC)²
  • explain the style and format of the questions, but no detail
  • inform the colleague’s supervisor
  • nothing

Question 21)
An attacker outside the organization attempts to gain access to the organization’s internal files. This is an example of a(n) ______. (D2, L2.1.1)

  • intrusion
  • exploit
  • disclosure
  • publication

Question 22)
What is the goal of an incident response effort? (D2, L2.1.1)

  • ensure no incidents ever happen
  • reduce the impact of incidents on operations
  • punish wrongdoers
  • save money

Question 23)
What is the goal of Business Continuity efforts? (D2, L2.2.1)

  • save money
  • impress customers
  • ensure all IT systems continue to operate
  • keep critical business functions operational

Question 24)
Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1)

  • alternate work areas for personnel affected by a natural disaster
  • the organization’s strategic security approach
  • last year’s budget information
  • log data from all systems

Question 25)
What is the most important goal of a business continuity effort? (D2, L2.2.1)

  • ensure all IT systems function during a potential interruption
  • ensure all business activities are preserved during a potential disaster
  • ensure the organization survives a disaster
  • preserve health and human safety

Question 26)
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1)

  • save money
  • return to normal, full operations
  • preserve critical business functions during a disaster
  • enhance public perception of the organization

Question 27)
What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1)

  • the danger posed by the disaster might still be present
  • investors might be upset
  • regulators might disapprove
  • the organization could save money

Question 28)
At Parvi’s place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. This is an example of: (D3, L3.1.1)

  • two-person integrity
  • segregation of duties
  • defense in depth
  • penetration testing

Question 29)
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi’s account? (D3, L3.1.1)

  • privileged
  • internal
  • external
  • user

Question 30)
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina’s selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1)

  • two-person integrity
  • segregation of duties
  • software
  • defense in depth

Question 31)
Guillermo logs onto a system and open a document file. In this example, Guillermo is: (D3, L3.1.1)

  • the subject
  • the object
  • the process
  • the software

Question 32)
Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1)

  • increased logging
  • multifactor authentication
  • increased auditing
  • security deposit

Question 33)
Which of these is an example of a physical access control mechanism? (D3, L3.2.1)

  • software-based firewall at the perimeter of the network
  • a lock on a door
  • network switches that filter according to MAC addresses
  • a process that requires two people to act at the same time to perform a function

Question 34)
Which of the following is a biometric access control mechanism? (D3, L3.2.1)

  • a badge reader
  • a copper key
  • a fence with razor tape on it
  • a door locked by a voiceprint identifier

Question 35)
Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: (D3, L3.2.1)

  • sign-in sheet/tracking log
  • fence
  • badges that differ from employee badges
  • receptionist

Question 36)
A human guard monitoring a hidden camera could be considered a ______ control. (D3, L3.2.1)

  • detective
  • preventive
  • deterrent
  • logical

Question 37)
A _____ is a record of something that has occurred. (D3, L3.2.1)

  • biometric
  • law
  • log
  • firewall

Question 38)
Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1)

  • turnstile
  • fence
  • vacuum
  • firewall

Question 39)
Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? (D3, L3.3.1)

  • MAC (mandatory access control)
  • DAC (discretionary access control)
  • RBAC (role-based access control)
  • defense-in-depth

Question 40)
Which of the following would be considered a logical access control? (D3, L3.3.1)

  • an iris reader that allows an employee to enter a controlled area
  • a fingerprint reader that allows an employee to enter a controlled area
  • a fingerprint reader that allows an employee to access a laptop computer
  • a chain attached to a laptop computer that connects it to furniture so it cannot be taken

Question 41)
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina’s credentials, so that Doug can get some work done. What is the problem with this? (D3, L3.3.1)

  • Doug is a bad person
  • If Trina logs in for Doug, then Doug will never be encouraged to remember credentials without assistance
  • Anything either of them do will be attributed to Trina
  • It is against the law

Question 42)
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1)

  • Gary is being punished
  • The network is tired
  • Users remember their credentials if they are given time to think about it
  • Gary’s actions look like an attack

Question 43)
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this? (D3, L3.3.1)

  • Suvid broke the law
  • Suvid’s password has expired
  • Suvid made the manager angry
  • someone hacked Suvid’s machine

Question 44)
Prina is a database manager. Prina is allowed to add new users to the database, remove current users, and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: (D3, L3.3.1)

  • role-based access controls (RBAC)
  • mandatory access controls (MAC)
  • discretionary access controls (DAC)
  • alleviating threat access controls (ATAC)

Question 45)
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1)

  • router
  • switch
  • server
  • laptop

Question 46)
The logical address of a device connected to the network or Internet. (D4.1 L4.1.1)

  • media access control (MAC) address
  • Internet Protocol (IP) address
  • geophysical address
  • terminal address

Question 47)
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry’s preferred communication protocol if he wanted this activity to be efficient and secure? (D4.1 L4.1.2)

  • SMTP (Simple Mail Transfer Protocol)
  • FTP (File Transfer Protocol)
  • SFTP (Secure File Transfer Protocol)
  • SNMP (Simple Network Management Protocol)

Question 48)
Cheryl is browsing the Web. Which of the following protocols is she probably using? (D4.1 L4.1.2)

  • SNMP (Simple Network Management Protocol)
  • FTP (File Transfer Protocol)
  • TFTP (Trivial File Transfer Protocol)
  • HTTP (Hypertext Transfer Protocol)

Question 49)
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? (D4.2 L4.2.1)

  • DDOS (distributed denial of service)
  • spoofing
  • exfiltrating stolen data
  • an insider sabotaging the power supply

Question 50)
Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be? (D4.2 L4.2.1)

  • spoofing
  • side channel
  • Trojan
  • worm

Question 51)
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid’s information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose? (D4.2 L4.2.2)

  • HIDS (host-based intrusion-detection systems)
  • NIDS (network-based intrusion-detection systems)
  • LIDS (logistical intrusion-detection systems)
  • firewalls

Question 52)
Which of the following is one of the common ways potential attacks are often identified? (D4.2 L4.2.2)

  • the attackers contact the target prior to the attack, in order to threaten and frighten the target
  • victims notice excessive heat coming from their systems
  • the power utility company warns customers that the grid will be down and the Internet won’t be accessible
  • users report unusual systems activity/response to Help Desk or the security office

Question 53)
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk? (D4.2 L4.2.2)

  • firewall
  • turnstile
  • anti-malware
  • badge system

Question 54)
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats. (D4.2 L4.2.2)

  • HIDS
  • anti-malware
  • router
  • SIEM

Question 55)
“Wiring _____” is a common term meaning “a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks.” (D4.3 L4.3.1)

  • shelf
  • closet
  • bracket
  • house

Question 56)
Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1)

  • water
  • dirt
  • oxygen-depletion
  • gaseous

Question 57)
To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. (D4.3 L4.3.1)

  • uniqueness
  • destruction
  • redundancy
  • hue

Question 58)
Which of the following is *not* a typical benefit of cloud computing services? (D4.3 L4.3.2)

  • reduced cost of ownership/investment
  • metered usage
  • scalability
  • freedom from legal constraints

Question 59)
Which common cloud service model only offers the customer access to a given application? (D4.3 L4.3.2)

  • Lunch as a service (LaaS)
  • Infrastructure as a service (IaaS)
  • Platform as a service (PaaS)
  • Software as a service (SaaS)

Question 60)
The concept that the deployment of multiple types of controls provides better security than using a single type of control. (D4.3 L4.3.3)

  • VPN
  • least privilege
  • Internet
  • defense in depth

Question 61)
A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3)

  • secret
  • physical
  • regulated
  • logical

Question 62)
An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment. (D4.3 L4.3.3)

  • philosophical
  • remote
  • internal
  • physical

Question 63)
Archiving is typically done when _________. (D5.1, L5.1.1)

  • data is ready to be destroyed
  • data has lost all value
  • data is not needed for regular work purposes
  • data has become illegal

Question 64)
Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: “Sensitive,” “Proprietary,” and “Public.” This is an example of _____. (D5.1, L5.1.1)

  • secrecy
  • privacy
  • inverting
  • labeling

Question 65)
Security needs to be provided to ____ data. (D5.1, L5.1.1)

  • restricted
  • illegal
  • private
  • all

Question 66)
Log data should be kept ______. (D5.1, L5.1.2)

  • on the device that the log data was captured from
  • in an underground bunker
  • in airtight containers
  • on a device other than where it was captured

Question 67)
Security controls on log data should reflect ________. (D5.1, L5.1.2)

  • the organization’s commitment to customer service
  • the local culture where the log data is stored.
  • the price of the storage device
  • the sensitivity of the source device

Question 68)
Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3)

  • symmetric encryption
  • asymmetric encryption
  • small-scale encryption
  • hashing

Question 69)
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3)

  • hashing
  • clockwise rotation
  • symmetric encryption
  • asymmetric encryption

Question 70)
An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1)

  • pay for the updated content
  • buy a new system
  • settle lawsuits
  • rollback

Question 71)
Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1)

  • security should always be as strict as possible
  • security policy that conflicts with business goals can inhibit productivity
  • bad security policy can be illegal
  • security is more important than business

Question 72)
Probably the most important reason to conduct security instruction for all employees. (D5.4, L5.4.1)

  • reduce liability
  • provide due diligence
  • it is a moral imperative
  • an informed user is a more secure user

Question 73)
By far, the most crucial element of any security instruction program. (D5.4, L5.4.1)

  • protect assets
  • preserve health and human safety
  • ensure availability of IT systems
  • preserve shareholder value

Question 74)
When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid’s IT equipment. What policy was this? (D5.3, L5.3.1)

  • the organizational security policy
  • the acceptable use policy (AUP)
  • the bring-your-own-device (BYOD) policy
  • the workplace attire policy

Question 75)
The output of any given hashing algorithm is always _____. (D5.1, L5.1.3)

  • the same length
  • the same characters
  • the same language
  • different for the same inputs