All Coursera Quiz Answers

Sound the Alarm: Detection and Response Weekly challenge 3 Quiz Answers

In this article i am gone to share Coursera Course: Sound the Alarm: Detection and Response Weekly challenge 3 Quiz Answers with you..

Also Visit: Sound the Alarm: Detection and Response Weekly challenge 2 Quiz Answers


Sound the Alarm: Detection and Response Weekly challenge 3 Quiz Answers

Question 1)
Which step of the NIST Incident Response Lifecycle involves the investigation and validation of alerts?

  • Analysis
  • Discovery
  • Detection
  • Recovery

Question 2)
What are the benefits of documentation during incident response? Select three answers.

  • Standardization
  • Transparency
  • Clarity
  • Quality

Question 3)
What are examples of how transparent documentation can be useful? Select all that apply.

  • Demonstrating compliance with regulatory requirements
  • Providing evidence for legal proceedings
  • Meeting cybersecurity insurance requirements
  • Defining an organization’s security posture

Question 4)
Chain of custody documents establish proof of which of the following? Select two answers.

  • Integrity
  • Quality
  • Reliability
  • Validation

Question 5)
Which statement best describes the functionality of automated playbooks?

  • They require the use of human intervention to execute tasks.
  • They require the combination of human intervention and automation to execute tasks.
  • They use automation to execute tasks and response actions.
  • They use a combination of flowcharts and manual input to execute tasks and response actions.

Question 6)
A security analyst gets an alert involving a phishing attempt. Which step of the triage process does this scenario outline?

  • Assign priority
  • Collect and analyze
  • Add context
  • Receive and assess

Question 7)
What are the steps of the third phase of the NIST Incident Response Lifecycle? Select three answers.

  • Recovery
  • Eradication
  • Containment
  • Response

Question 8)
Which of the following is an example of a recovery task?

  • Applying a patch to address a server vulnerability
  • Disconnecting an infected system from the network
  • Monitoring a network for intrusions
  • Reinstalling the operating system of a computer infected by malware

Question 9)
What questions can be asked during a lessons learned meeting? Select three answers.

  • What were the actions taken for recovery?
  • What time did the incident happen?
  • Which employee is to blame?
  • What could have been done differently?

Question 10)
Which documentation provides a comprehensive review of an incident?

  • Lessons learned meeting
  • New technology
  • Final report
  • Timeline


Question 11)
In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?

  • Validation
  • Detection
  • Preparation
  • Investigation

Question 12)
In incident response, documentation provides an established set of guidelines that members of an organization can follow to complete a task. What documentation benefit does this provide?

  • Reliability
  • Integrity
  • Standardization
  • Transparency

Question 13)
Fill in the blank: Inconsistencies in the collection and logging of evidence cause a _____ chain of custody.

  • secure
  • forensic
  • broken
  • missing


Question 14)
Using triage, which alert would be considered a higher priority and require immediate response?

  • Failed logins with disabled accounts
  • Ransomware detection
  • Multiple failed logins from multiple locations
  • A phishing email

Question 15)
Fill in the blank: Containment is the act of limiting and _____ additional damage caused by an incident.

  • detecting
  • preventing
  • eradicating
  • removing

Question 16)
Which step of the NIST Incident Response Lifecycle involves returning affected systems back to normal operations?

  • Recovery
  • Containment
  • Eradication
  • Response

Question 17)
Two weeks after an incident involving ransomware, the members of an organization want to review the incident in detail. Which of the following actions should be done during this review? Select all that apply.

  • Determine the person to blame for the incident.
  • Schedule a lessons learned meeting that includes all parties involved with the security incident.
  • Create a final report.
  • Determine how to improve future response processes and procedures.

Question 18)
What does a final report contain? Select three.

  • Timeline
  • Recommendations
  • Updates
  • Incident details

Question 19)
After a ransomware incident, an organization discovers their ransomware playbook needs improvements. A security analyst is tasked with changing the playbook documentation. Which documentation best practice does this scenario highlight?

  • Be concise
  • Know your audience
  • Update regularly
  • Be accurate

Question 20)
A member of the forensics department of an organization receives a computer that requires examination. On which part of the chain of custody form should they sign their name and write the date?

  • Custody log
  • Purpose of transfer
  • Description of the evidence
  • Evidence movement

Question 21)
Which of the following does a semi-automated playbook use? Select two.

  • Automation
  • Threat intelligence
  • Human intervention
  • Crowdsourcing

Question 22)
What are the steps of the triage process in the correct order?

  • Assign priority, receive and assess, collect and analyze
  • Collect and analyze, assign priority, receive and assess
  • Receive and assess, collect and analyze, assign priority
  • Receive and assess, assign priority, collect and analyze

Question 23)
After a security incident involving an exploited vulnerability due to outdated software, a security analyst applies patch updates. Which of the following steps does this task relate to?

  • Reimaging
  • Eradication
  • Response
  • Prevention

Question 24)
Fill in the blank: A lessons learned meeting should be held within ____ weeks of an incident.

  • two
  • three
  • four
  • five

Question 25)
Fill in the blank: Eradication is the complete _____ of all the incident elements from affected systems.

  • prevention
  • isolation
  • disconnection
  • removal

Question 26)
During a lessons learned meeting following an incident, a meeting participant wants to identify actions that the organization can take to prevent similar incidents from occurring in the future. Which section of the final report should they refer to for this information?

  • Detection
  • Timeline
  • Executive summary
  • Recommendations

Question 27)
A security analyst is investigating an alert involving a possible network intrusion. Which of the following tasks is the security analyst likely to perform as part of the Detection and Analysis phase of the incident response lifecycle? Select two answers.

  • Collect and analyze the network logs to verify the alert.
  • Isolate the affected machine from the network.
  • Implement a patch to fix the vulnerability.
  • Identify the affected devices or systems.

Question 28)
An organization is working on implementing a new security tool, and a security analyst has been tasked with developing workflow documentation that outlines the process for using the tool. Which documentation benefit does this scenario outline?

  • Transparency
  • Quality
  • Standardization
  • Clarity

An analyst is responding to a distributed denial of service attack (DDoS). They take several manual steps outlined in the organization’s DDoS playbook. Which type of playbook did they use to respond to the incident?

  • Semi-automated
  • Automated
  • SOAR
  • Non-automated

Question 30)
An organization is completing its annual compliance audit. The people performing the audit have access to any relevant information, including records and documents. Which documentation benefit does this scenario outline?

  • Organization
  • Transparency
  • Accuracy
  • Consistency