All Coursera Quiz Answers

Test your knowledge: Use a playbook to respond to an incident Quiz Answers

In this article i am gone to share Coursera Course: Play It Safe: Manage Security Risks Week 4 Practice Quiz | Test your knowledge: Use a playbook to respond to an incident Quiz Answers with you..


Also visit:ย  Test your knowledge: Incident response Quiz Answers


 

Test your knowledge: Use a playbook to respond to an incident Quiz Answers

Question 1)
Playbooks are permanent, best-practice documents, so a security team should not make changes to them.

  • True
  • False

Playbooks are living documents, so a security team will make frequent changes, updates, and improvements to address new threats and vulnerabilities.

 

Question 2)
A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?

  • Containment
  • Eradication and recovery
  • Detection and analysis
  • Post-incident activity

This scenario describes eradication and recovery. This phase involves removing the incident’s artifacts and restoring the affected environment to a secure state.

 

Question 3)
Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.

  • coordination
  • eradication
  • detection
  • preparation

Once a security incident is resolved, security analysts perform various post-incident activities and coordination efforts with the security team. Coordination involves reporting incidents and sharing information based on established standards.

 

Question 4)
Which action can a security analyst take when they are assessing a SIEM alert?

  • Analyze log data and related metrics
  • Isolate an infected network system
  • Restore the affected data with a clean backup
  • Create a final report

An action that a security analyst can take when they are assessing a SIEM alert is to analyze log data and related metrics. This helps in identifying why the alert was generated by the SIEM tool and determining if the alert is valid.