Sound the Alarm: Detection and Response Weekly challenge 2 Quiz Answers
In this article i am gone to share Coursera Course: Sound the Alarm: Detection and Response Weekly challenge 2 Quiz Answers with you..
Also Visit: Sound the Alarm: Detection and Response Weekly challenge 1 Quiz Answers
Sound the Alarm: Detection and Response Weekly challenge 2 Quiz Answers
Question 1)
What type of attack involves the unauthorized transmission of data from a system?
- Data leak
- Packet classification
- Data exfiltration
- Packet crafting
Question 2)
What are some defensive measures that can be used to protect against data exfiltration? Select two answers.
- Monitor network activity
- Utilize lateral movement
- Deploy multi-factor authentication
- Reduce file sizes
Question 3)
What information do packet headers contain? Select three answers.
- Payload data
- Protocols
- Ports
- IP addresses
Question 4)
Fill in the blank: Network protocol analyzers can save network communications into files known as a _____.
- network packet
- protocol
- payload
- packet capture
Question 5)
Fill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.
- command-line
- internet
- graphical user
- Linux
Question 6)
Which layer of the TCP/IP model does the Internet Protocol (IP) operate on?
- Internet
- Transport
- Application
- Network Access
Question 7)
Which IPv4 header fields involve fragmentation? Select three answers.
- Fragment Offset
- Type of Service
- Identification
- Flags
Question 8)
How are IP headers valuable for security analysts during investigations?
- They provide insight into the details of network communications.
- They provide the foundation for communications over the internet.
- They provide the ability to visualize network communications.
- They provide the ability to modify network communications.
Question 9)
Which tcpdump option applies verbosity?
- -c
- -i
- -v
- -n
Question 10)
Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
What is the value of the Type of Service field?
- 0x10
- 6
- 0x50af
- 501
Question 11)
Fill in the blank: _____ describes the amount of data that moves across a network.
- Network traffic
- Network data
- Data exfiltration
- Traffic flow
Question 12)
What tactic do malicious actors use to maintain and expand unauthorized access into a network?
- Exfiltration
- Data size reduction
- Phishing
- Lateral movement
Question 13)
Do packet capture files provide detailed snapshots of network communications?
- Yes. Packet capture files provide information about network data packets that were intercepted from a network interface.
- No. Packet capture files do not contain detailed information about network data packets.
- Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.
Question 14)
Network protocol analyzer tools are available to be used with which of the following? Select two answers.
- Internet protocol
- Command-line interface
- Network interface card
- Graphical user interface
Question 15)
Which protocol version is considered the foundation for all internet communications?
- HTTP
- IPv4
- ICMP
- UDP
Question 16)
What is used to determine whether errors have occurred in the IPv4 header?
- Checksum
- Header
- Protocol
- Flags
Question 17)
What is the process of breaking down packets known as?
- Fragment Offset
- Checksum
- Fragmentation
- Flags
Question 18)
Which tcpdump option is used to specify the capture of 5 packets?
- -c 5
- -n 5
- -v 5
- -i 5
Question 19)
Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
Which protocols are being used? Select two answers.
- UDP
- IP
- TCP
- TOS
Question 20)
Why is network traffic monitoring important in cybersecurity? Select two answers.
- It provides a method to encrypt communications.
- It provides a method of classifying critical assets.
- It helps detect network intrusions and attacks.
- It helps identify deviations from expected traffic flows.
Question 21)
Which packet component contains protocol information?
- Payload
- Route
- Header
- Footer
Question 22)
How do network protocol analyzers help security analysts analyze network communications? Select two answers.
- They take action to improve network performance.
- They provide the ability to filter and sort packet capture information to find relevant information.
- They take action to block network intrusions.
- They provide the ability to collect network communications.
Question 23)
Which IPv4 field determines how long a packet can travel before it gets dropped?
- Time to Live
- Header Checksum
- Options
- Type of Service
Question 24)
Which IPv4 field uses a value to represent a standard, like TCP?
- Protocol
- Total Length
- Version
- Type of Service
Question 25)
Which tcpdump command outputs detailed packet information?
- sudo tcpdump -i any -c 100
- sudo tcpdump -i any -n
- sudo tcpdump -v any -i
- sudo tcpdump -i any -v
Question 26)
Fill in the blank: The transmission of data between devices on a network is governed by a set of standards known as _____.
- protocols
- headers
- payloads
- ports
Question 27)
The practice of capturing and inspecting network data packets that are transmitted across a network is known as _____.
- port sniffing
- packet capture
- packet sniffing
- protocol capture
Question 28)
Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
What is the source IP address?
- 41012
- 198.111.123.1
- 198.168.105.1
- 22:00:19.538395
Question 29)
Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
Which protocols are being used? Select two answers.
- TOS
- IP
- TCP
- UDP
Question 30)
Which of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.
- Network performance issues
- Multiple successful multi-factor authentication logins
- Unexpected modifications to files containing sensitive data
- Outbound network traffic to an unauthorized file hosting service
Question 31)
Which layer of the TCP/IP model is responsible for accepting and delivering packets in a network?
- Transport
- Network Access
- Application
- Internet