Google Cybersecurity Professional Certificate Answers - Coursera

Google Cybersecurity Professional Certificate Answers - Coursera

Prepare for a career as a cybersecurity analyst with a professional certificate from Google. Learn job-ready skills that are in-demand, like how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them.

Cybersecurity analysts are responsible for monitoring and protecting networks, devices, people, and data. They use a collection of methods and technologies to safeguard against outside threats and unauthorized access — and to create and implement solutions should a threat get through.

This certification is part of Google Career Certificates .

Complete a Google Career Certificate to get exclusive access to CareerCircle, which offers free 1-on-1 coaching, interview and career support, and a job board to connect directly with employers, including over 150 companies in the Google Career Certificates Employer Consortium.

Language: English

Certification URLs:

grow.google/certificates/cybersecurity

coursera.org/google-certificates/cybersecurity-certificate

Questions:
 

Course 1 - Foundations of Cybersecurity

Week 1

Test your knowledge: Introduction to cybersecurity

What are the three key elements of the CIA triad?

• Customer trust, increased revenue, and advancement
• Compliance standards, instructions, and access
• Confidentiality, integrity, and availability of information
• Continuity, invulnerability, and attainment of business goals

What are the primary responsibilities of an entry-level security analyst? Select three answers.

• Create compliance laws
• Protect information
• Search for weaknesses
• Monitor systems

Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents.

• penetration tests
• software developments
• ethical hacking
• security audits

In what ways do security teams bring value to an organization? Select two answers.

• Protecting against external and internal threats
• Reducing business productivity
• Achieving regulatory compliance
• Increasing operational expenses

Test your knowledge: Core skills for cybersecurity professionals

Which of the following proficiencies are transferable skills, likely to be applicable in almost any field? Select all that apply.

• Written and verbal communication

• Problem-solving

• Analysis

• Programming

Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select all that apply.

• Regulation writing
• Software development
• Data analysis
• Programming

Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.

• Business intelligence professionals
• Digital forensic investigators
• Security operations center analysts
• Ethical hackers

What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers.

• Bank account numbers
• Email addresses
• Medical records
• Last names

Weekly challenge 1

Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or criminal exploitation.

• changing business priorities
• unauthorized access
• poor financial management
• market shifts

Which of the following tasks are typically responsibilities of entry-level security analysts? Select all that apply.

• changing business priorities
• unauthorized access
• poor financial management
• market shifts

or

• Installing prevention software
• Creating organizational policies
• Conducting periodic security audits
• Protecting computer and network systems

or

• Installing prevention software
• Creating organizational policies
• Examining in-house security issues
• Protecting computer and network systems

An employee receives an email that they believe to be legitimate. They click on a compromised link within the email. What type of internal threat does this scenario describe?

• Abusive
• Intentional
• Accidental
• Operational

Fill in the blank: Identity theft is the act of stealing _____ to commit fraud while impersonating a victim.

• trade secrets
• hardware
• personal information
• business records

What are some key benefits associated with an organization meeting regulatory compliance? Select two answers.

• Avoiding fines
• Recruiting employees
• Upholding ethical obligations
• Increasing productivity

An individual is in their first job as an entry-level security professional. They apply the problem-solving proficiencies that they learned in past roles to their current security career. What does this scenario describe?

• Having expertise with a specific procedure
• Understanding business standards
• Taking on-the-job training
• Using transferable skills

Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.

• employer
• event
• emergency
• enterprise

What do security professionals typically do with SIEM tools?

• Identify threat actors and their locations
• Locate and preserve criminal evidence
• Educate others about potential security threats, risks, and vulnerabilities
• Identify and analyze security threats, risks, and vulnerabilities

Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.

• An example of SPII is someone’s financial information.
• The theft of PII is often more damaging than the theft of SPII.
• Both PII and SPII are vulnerable to identity theft.
• An example of PII is someone’s date of birth.

or

• An example of PII is someone’s phone number.
• An example of SPII is someone’s biometric data.
• Only SPII is vulnerable to identity theft.
• PII is any information used to infer an individual’s identity.

or

• SPII is a type of PII that falls under stricter handling guidelines.
• The theft of SPII is often more damaging than the theft of PII.
• An example of SPII is someone’s last name.
• An example of PII is someone’s email address.

Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access.

• poor financial management
• market shifts
• criminal exploitation
• changing business priorities

Which of the following entities may be an internal threat to an organization? Select three answers.

• Trusted partners

• Vendors

• Employees

• Customers

An individual has their personal information stolen. They discover that someone is using that information to impersonate them and commit fraud. What does this scenario describe?

• Data breach
• Secured customer data
• Network infiltration
• Identity theft

Fill in the blank: An organization that is in regulatory compliance is likely to _____ fines.

• rectify
• avoid
• encounter
• incur

An individual is in their first job as an entry-level security professional. They take training to learn more about the specific tools, procedures, and policies that are involved in their career. What does this scenario describe?

• Gaining new technical skills
• Improving management capabilities
• Understanding different perspectives
• Transferring capabilities from one career to another

Fill in the blank: The purpose of _____ is to protect networks, devices, people, and data from unauthorized access or criminal exploitation.

• cybersecurity
• change-management
• planning
• business continuity

A security professional collaborates with information technology teams to deploy an application that helps identify risks and vulnerabilities. What does this scenario describe?

• Upgrading network capacity
• Installing detection software
• Conducting a security audit
• Ethical hacking

Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?

• Internal
• External
• Ethical
• Accidental

What is identity theft?

• Failing to maintain and secure user, customer, and vendor data
• Trying to gain access to an organization’s private networks
• Stealing personal information to commit fraud while impersonating a victim
• A data breach that affects an entire organization

A security professional receives an alert about an unknown user accessing a system within their organization. They attempt to identify, analyze, and preserve the associated criminal evidence. What security task does this scenario describe?

• Resolving error messages
• Programming with code
• Software upgrades
• Computer forensics

What is regulatory compliance?

• Sites and services that require complex passwords to access
• Laws and guidelines that require implementation of security standards
• Expenses and fines associated with vulnerabilities
• Threats and risks from employees and external vendors

Fill in the blank: Security information and event _____ (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.

• monitoring
• mitigation
• maturity
• management

Which of the following proficiencies are examples of technical skills? Select two answers.

• Prioritizing collaboration
• Communicating with employees
• Applying computer forensics
• Automating tasks with programming

Week 2

Test your knowledge: The history of cybersecurity

Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.

• code

• sequencing
• hardware
• formatting

What is one way that the Morris worm helped shape the security industry?

• It prevented the development of illegal copies of software.
  • It inspired threat actors to develop new types of social engineering attacks.

• It led to the development of computer emergency response teams.

• It made organizations more aware of the significant financial impact of security incidents.

What were the key impacts of the Equifax breach? Select two answers.

• Millions of customers’ PII was stolen.

• The significant financial consequences of a breach became more apparent.

• Developers were able to track illegal copies of software and prevent pirated licenses.
• Phishing became illegal due to significant public outcry.

Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.

• True

• False

Test your knowledge: The eight CISSP security domains

Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.

• domains

• data
• networks
• assets

A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain?

• Security architecture and engineering

• Asset security

• Security and risk management
• Communication and network security

Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to?

• Software development security

• Security assessment and testing

• Security operations
• Identity and access management

Why is it useful to understand the eight CISSP security domains? Select two answers.

• To develop programming skills

• To identify potential career opportunities

• To better understand your role within an organization

• To improve your communication skills

Weekly challenge 2

What is the term for software that is designed to harm devices or networks?

• Bug
  • Social application

• Malware

• Error message

What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers?

• LoveLetter attack

• Equifax breach

• Morris worm
• Brain virus

Fill in the blank: Social engineering is a manipulation technique that exploits _____ error to gain access to private information.

• network

• human

• computer
• coding

Fill in the blank: Social engineering is a _____ that exploits human error to gain private information, access, or valuables.

• type of malware
  • replicating virus

• manipulation technique

• business breach

A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?

• Training about network optimization
  • Training about business continuity
  • Training about security architecture

• Training about social engineering

Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?

• Security assessment and testing
  • Security architecture and engineering
  • Identity and access management

• Security and risk management

Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.

• Validating the identities of employees

• Configuring a firewall

• Securing hardware

• Ensuring that effective systems and processes are in place

Which of the following tasks may be part of the asset security domain? Select all that apply.

• Ensuring users follow established policies

• Securing digital and physical assets

• Data storage and maintenance

• Proper disposal of digital assets

A security professional is auditing user permissions at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?

• Security assessment and testing

• Security and risk management
• Asset security
• Communication and network security

Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?

• Identity and access management

• Communication and network security
• Security assessment and testing
• Security and risk management

Which domain involves conducting investigations and implementing preventive measures?

• Security operations

• Security and risk management
• Asset security
• Identity and access management

A security professional receives an alert that an unknown device has connected to their organization’s internal network. They follow policies and procedures to quickly stop the potential threat. Which domain does this scenario describe?

• Security operations

• Security and risk management
• Asset security
• Identity and access management

Shuffle Q/A

Which of the following threats are examples of malware? Select two answers.

• Viruses

• Bugs

• Worms

• Error messages

Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.

• network
  • communication

• social

• digital

Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.

• Securing hardware

• Ensuring that effective systems and processes are in place

• Configuring a firewall

• Validating the identities of employees

Which of the following tasks may be part of the security operations domain? Select all that apply.

• Implementing preventive measures

• Investigating an unknown device that has connected to an internal network

• Conducting investigations

• Using coding practices to create secure applications

A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.

• Employees inadvertently revealing sensitive data

• Overtaxing systems with too many internal emails

• Phishing attacks

• Malicious software being deployed

Which of the following tasks are part of the security and risk management domain? Select all that apply.

• Securing physical assets

• Defining security goals and objectives

• Compliance

• Business continuity

Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?

• Communication and network security
  • Security and risk management
  • Identity and access management

• Security architecture and engineering

Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?

• Asset security

• Communication and network security
• Security assessment and testing
•  Security operations

Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.

• Auditing user permissions

• Securing physical networks and wireless communications

• Conducting security audits

• Collecting and analyzing data

A security professional is setting up access keycards for new employees. Which domain does this scenario describe?

• Identity and access management

• Communication and network security
• Security and risk management
• Security assessment and testing

A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?

• Communication and network security

• Security architecture and engineering

• Security and risk management
• Identity and access management

Which of the following tasks may be part of the identity and access management domain? Select all that apply.

• Conducting security control testing

• Setting up an employee’s access keycard

• Ensuring users follow established policies

• Controlling physical assets

Week 3

Test your knowledge: Frameworks and controls

Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.

• control

• framework

• regulation
• lifecycle

An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?

• Security control

• Data confidentiality
• Cybersecurity Framework (CSF)
• Personally identifiable information (PII)

What is a foundational model that informs how organizations consider risk when setting up systems and security policies?

• Cybersecurity Framework (CSF)
  • Sensitive personally identifiable information (SPII)

• Confidentiality, integrity, and availability (CIA) triad

• General Data Protection Regulation law (GDPR)

Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.

• True

• False

Test your knowledge: Ethics in cybersecurity

An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.

• Confidentiality

• Laws

• Privacy protections

• Remaining unbiased

Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.

• business networks

• personal information

• documentation
• compliance processes

You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?

• Request identification from your manager to ensure the text message is authentic; then, provide the birth date.

• Respectfully decline, then remind your manager of the organization’s guidelines.

• Give your manager the employee’s birth date; a party is a friendly gesture.
• Ask your manager to provide proof of their inability to access the database.

You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?

• Escalate the situation by involving other organizations that have been targeted.

• Improve the company’s defenses to help prevent future attacks.

• Target a specific hacktivist group as a warning to the others.
• Conduct cyberattacks against each hacktivist group that claimed responsibility.

Weekly challenge 3

What are some of the primary purposes of security frameworks? Select three answers.

• Protecting PII data

• Managing organizational risks

• Safeguarding specific individuals

• Aligning security with business goals

What are some of the primary purposes of security frameworks? Select three answers.

• Protecting PII data

• Managing organizational risks

• Safeguarding specific individuals

• Identifying security weaknesses

Which of the following are core components of security frameworks? Select two answers.

• Managing data requests

• Identifying and documenting security goals

• Monitoring and communicating results

• Monitoring personally identifiable information

Fill in the blank: A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company's network. They use _____ to help them reduce this type of risk.

• security controls

• public websites
• security ethics
• private information

You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, availability, and what else?

• Integrity

• Information
• Inconsistencies
• Intelligence

You are helping your security team consider risk when setting up a new software system. Using  the CIA triad, you focus on confidentiality, availability, and what else?

• Integrity

• Information
• Inconsistencies
• Intelligence

Fill in the blank: _____ are items perceived as having value to an organization.

• Incidents
  • Lifecycles

• Assets

• Alerts

Which of the following statements accurately describe the NIST CSF? Select all that apply.

• It is only effective at managing long-term risk.

• Its purpose is to help manage cybersecurity risk.

• It is a voluntary framework.

• It consists of standards, guidelines, and best practices.

Fill in the blank: Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent.

• past vendors

• disgruntled employees

• senior partners
• dissatisfied customers

Fill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.

• past vendors

• disgruntled employees

• senior partners
• dissatisfied customers

A security professional is updating software on a coworker’s computer and happens to see a very interesting email about another employee. The security professional chooses to follow company guidelines with regards to privacy protections and does not share the information with coworkers. Which concept does this scenario describe?

• Preserving evidence
  • Security controls

• Security ethics

• Business email compromise

A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?

• Preserving evidence
  • Security controls

• Security ethics

• Business email compromise

Fill in the blank: The ethical principle of _____ involves safeguarding an organization’s human resources records that contain personal details about employees.

• honesty

• privacy protection

• unlimited access
• non-bias

You are a security professional working for a state motor vehicle agency that stores drivers' national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?

• Restrictions

• Laws

• Guidelines
• Investigations

Shuffle Q/A

Which of the following are core components of security frameworks? Select two answers.

• Establishing regulatory compliance measures

• Implementing security processes

• Setting guidelines to achieve security goals

• Monitoring personally identifiable information

Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.

• Conformity
  • Communication

• Confidentiality

• Consent

Fill in the blank: A key aspect of the CIA triad is ensuring that data is correct, _____, and reliable.

• authentic

• public
• centralized
• updated

For what reasons might disgruntled employees be some of the most dangerous threat actors? Select all that apply.

• They know where to find sensitive information.

• They are less productive than other employees.

• They have access to sensitive information.

• They may have malicious intent.

Fill in the blank: The ethical principle of _____ involves adhering to compliance regulations.

• protections
  • restrictions

• laws

• guidelines

Which of the following statements accurately describe the NIST CSF? Select all that apply.

• It is a voluntary framework.

• Security teams use it as a baseline to manage risk.

• It is only effective at managing short-term risk.

• Its purpose is to help manage cybersecurity risk.

Which ethical principle describes the rules that are recognized by a community and enforced by a governing entity?

• Restrictions
  • Guidelines
  • Protections

• Laws

You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?

• Activity
  • Applications
  • Accuracy

• Availability

Week 4

Test your knowledge: Important cybersecurity tools

What tool is designed to capture and analyze data traffic within a network?

• network protocol analyzer (packet sniffer)

• Structured Query Language (SQL)
• Google Chronicle
• Splunk Enterprise

Which of the following are examples of SIEM tools? Select two answers.

• Python

• Google Chronicle

• Linux

• Splunk Enterprise

How are logs primarily used by security professionals?

• Identify vulnerabilities and potential security breaches

• Collect and analyze data to monitor critical activities in an organization
• Select which security team members will respond to an incident
• Research and optimize processing capabilities within a network

Fill in the blank: A _____ is a manual that provides details about operational actions.

• case history
  • directory

• playbook

• checklist

Test your knowledge: Core cybersecurity knowledge and skills

What do security professionals use to interact with and request information from a database?

• Confidentiality, integrity, availability (CIA) triad

• Structured Query Language (SQL)

• Linux
• Python

What is programming typically used for? Select two answers.

• Enable open-source operations

• Create a specific set of instructions for a computer to execute tasks

• Complete repetitive tasks and processes

• Record events that occur within an organization’s systems

Fill in the blank: Linux is an open-source _____ that can be used to examine logs.

• operating system

• database
• algorithm
• programming language

A playbook is a manual that provides details about how to respond to an incident only after it has occurred.

• True

• False

Weekly challenge 4

Which of the following statements correctly describe logs? Select two answers.

• A business might log each time an employee signs into their computer.

• A log is used as a formal guide to incident response.
  • Security professionals use logs to visualize data.

• A log is a record of events that occur within an organization’s systems. 

Which of the following tasks can be performed using SIEM tools? Select three answers.

• Providing alerts for specific types of risks

• Performing incident analysis

• Proactively searching for threats

• Notifying authorities of illegal activity

What is a benefit of a tool, such as Google’s Chronicle, being cloud-native?

• It requires hardware to deploy.
  • It is a static resource.

• It allows for fast delivery of new features.

• It performs best when downloaded to a network.

Fill in the blank: A security professional uses a _____ as a manual to guide operational activities.

• spreadsheet
  • toolkit
  • review

• playbook

As a security analyst, you are monitoring network traffic to ensure that SPII data is not being accessed by unauthorized users. What does this scenario describe?

• Using a network protocol analyzer (packet sniffer)

• Programming with code
• Calculating with formulas
• Gathering data in a spreadsheet

Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur.

• very
  • more

• less

• equally

What are some key benefits of programming languages? Select all that apply.

• They install security hardware.

• They create a specific set of instructions for a computer to execute tasks.

• They execute repetitive processes accurately.

• They filter through data points faster than humans can working manually.

How is an open-source operating system, such as Linux, different from other operating systems?

• It relies on a command line.

• It is only a desktop tool.
• It is proprietary.
• It must be downloaded from the cloud.

Fill in the blank: A database is a _____ of organized data stored in a computer system.

• visualization

• collection

• model
• frame

What are some key benefits of using Python to perform security tasks? Select all that apply.

• It is designed for high levels of accuracy.

• It makes static data more dynamic.

• It simplifies repetitive tasks.

• It helps security professionals be more accurate.

Shuffle Q/A

Which of the following tasks can be performed using SIEM tools? Select three answers.

• Helping security analysts identify potential breaches

• Collecting and analyzing data

• Providing alerts for specific types of risks and threats

• Requesting security data from government agencies

Why might a security professional choose Google Chronicle to store security data for later analysis?

• It is cloud-native, which means it delivers new features quickly.

• It requires hardware to deploy, so it is more secure.
• It is a static resource, so the user interface never changes.
• It performs best when downloaded to a network, which enables efficient processing.

A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers.

• It allows for text-based commands by users.

• It is an efficient programming language.
  • It is proprietary.

• It is open source.

Fill in the blank: Security professionals can use _____ to interact with and request information from a database.

• Chronicle
  • network protocol analyzers (packet sniffers)
  • Splunk Enterprise

• SQL

What are some key benefits of using Python to perform security tasks? Select all that apply.

• It saves time.

• It clearly maps data.

• It helps ensure accuracy.

• It uses a command-line interface.

What are some key benefits of using Python to perform security tasks? Select all that apply.

• It helps security professionals work with high levels of detail.

• It enables security professionals to be more accurate.

• It simplifies repetitive tasks.

• It automatically eliminates sensitive information.

As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.

• An intrusion detection system (IDS)

• A network protocol analyzer (packet sniffer)

• A cryptographic encoder
• A command-line interface

What are some key benefits of programming languages? Select all that apply.

• They create a specific set of instructions for a computer to execute tasks.

• They reduce the risk of human error.

• They describe how data is organized.

• They complete tasks faster than if working manually.

What are some key benefits of programming languages? Select all that apply.

• Execute repetitive processes very accurately

• Complete repetitive tasks with a high degree of efficiency

• Implement security protocols

• Create a specific set of instructions for a computer to execute tasks

Fill in the blank: To request information from a _____, security professionals can use SQL.

• spreadsheet

• database

• network
• dashboard

Which of the following tasks can be performed using SIEM tools? Select three answers.

• Implementing security software programs

• Saving time by reducing the amount of data to be reviewed

• Analyzing filtered events and patterns

• Monitoring critical activities

What term is used to describe publicly available systems, such as Linux?

• Open-source

• Unregulated
• Restricted
• Free-for-all

A cybersecurity analyst is tasked with proactively searching for threats and performing incident analysis. What type of tool should they use?

• Structured Query Language (SQL)
  • Chain of custody playbook
  • Linux operating system

• Security information and event management (SIEM)

Course 2 - Play It Safe: Manage Security Risks

Week 1

1. Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

• security operations
• identity and access management
• asset security
• communication and network security

2. What is the focus of the security and risk management domain?

• Manage and secure wireless communications
• Secure physical networks and wireless communications
• Optimize data security by ensuring effective processes are in place
• Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

3. In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

• Communication and network engineering
• Security architecture and engineering
• Identity and access management
• Security assessment and testing

4. Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.

• security operations
• communications and networking engineering
• asset security
• software development security

Test your knowledge: Navigate threats, risks, and vulnerabilities

5. What is a vulnerability?

• An organization’s ability to manage its defense of critical assets and data and react to change
• Anything that can impact the confidentiality, integrity, or availability of an asset
• Any circumstance or event that can negatively impact assets
• A weakness that can be exploited by a threat

6. Fill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

• low-risk asset
• new-risk asset
• medium-risk asset
• high-risk asset

7. What are the key impacts of threats, risks, and vulnerabilities? Select three answers.

• Damage to reputation
• Employee retention
• Identity theft
• Financial damage

8. Fill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.

• communicate
• categorize
• produce
• reflect

Weekly challenge 1

9. Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.

• posture
• architecture
• governance
• hardening

10. Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

• Mitigate risk
• Be in compliance
• Secure digital and physical assets
• Define security goals and objectives

Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

• Follow legal regulations

• Conduct control testing

• Define security goals

• Maintain business continuity

11. What term describes an organization's ability to maintain its everyday productivity by establishing risk disaster recovery plans?

• Mitigation
• Daily defense
• Recovery
• Business continuity

12. What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

• Shared responsibility
• Remote services
• Secure coding
• Employee retention

13. A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?

• Security assessment and testing
• Communication and network security
• Asset security
• Identity and access management

14. What are the key areas of focus in the security assessment and testing domain? Select three answers.

• Collect and analyze data
• Perform security audits
• Conduct security control testing
• Use secure coding practices

15. Fill in the blank: The software development _____ process may involve penetration testing during the deployment and implementation phase of developing software products.

• positioning
• access
• operational
• lifecycle

16. Which of the following statements accurately describe risk? Select all that apply.

• Another way to think of risk is the likelihood of a threat occurring.
• A high-risk asset is any information protected by regulations or laws.
• If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
• If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.

Which of the following statements accurately describe risk? Select all that apply.

• If compromised, a high-risk asset is unlikely to cause financial damage.
  • Website content or published research data are examples of low-risk assets.

• Organizations often rate risks at different levels: low, medium, and high.

• If compromised, a medium-risk asset may cause some damage to an organization's finances.

17. A business experiences an attack. As a result, sensitive personally identifiable information (SPII) is leaked through the dark web. What type of consequence does this scenario describe?

• Financial gain
  • Identity theft

• Reputation

• Customer

18. In the Risk Management Framework (RMF), which step involves knowing how current systems are operating and if they support security goals?

• Monitor
• Assess
• Authorize
• Categorize

Shuffle Q/A

19. Fill in the blank: Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.

• change
• tasks
• sustainability
• competition

20. How does business continuity enable an organization to maintain everyday productivity?

• By ensuring return on investment
• By exploiting vulnerabilities
• By outlining faults to business policies
• By establishing risk disaster recovery plans

21. Which of the following activities may be part of establishing security controls? Select three answers.

• Monitor and record user requests
• Collect and analyze security data regularly
• Evaluate whether current controls help achieve business goals
• Implement multi-factor authentication

22. A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

• Increase in profits
• Damage to reputation
• Loss of identity
• Lack of engagement

23. In the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risks?

• Authorize
• Prepare
• Categorize
• Implement

24. What is the goal of business continuity?

• Reduce personnel
• Remove access to assets
• Destroy publicly available data
• Maintain everyday productivity

25. Shared responsibility is a core concept of which domain?

• Security and risk management
• Security architecture and engineering
• Asset security
• Communication and network security

26. How does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers.

• By revising project milestones
• By evaluating whether the current controls help achieve goals
• By granting employee access to physical spaces
• By examining organizational goals and objectives

27. A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?

• Practical
• Reputation
• Financial
• Identity

28. In the Risk Management Framework (RMF), which step involves being aware of how systems are operating?

• Monitor
• Categorize
• Implement
• Authorize

A security analyst considers ways to enhance data security at their business. They decide to write a proposal to their supervisor that concerns employee authorization and asset management. Which security domain does this scenario describe?

• Software development security
  • Security assessment and testing
  • Communication and network security

• Identity and access management

Week 2

1. How do security frameworks enable security professionals to help mitigate risk?

• They are used to establish laws that reduce a specific security risk.
• They are used to create unique physical characteristics to verify a person’s identity.
• They are used to refine elements of a core security model known as the CIA triad.
• They are used to establish guidelines for building security plans.

2. Competitor organizations are the biggest threat to a company’s security.

• True
• False

3. Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.

• public
• broadscale
• specific
• general

4. A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?

• Authentication
• Encryption
• Authorization
• Ciphertext

Test your knowledge: The CIA triad

5. What is the CIA triad?

• Ongoing validation processes involving all employees in an organization
• A foundational security model used to set up security policies and systems
• A set of security controls used to update systems and networks
• A mandatory security framework involving the selection of appropriate controls

6. Which element of the CIA triad specifies that only authorized users can access specific information?

• Access
• Confirmation
• Integrity
• Confidentiality

7. A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?

• Applicability
• Capacity
• Integrity
• Availability

8. Fill in the blank: According to the CIA triad, _____ refers to ensuring that an organization's data is verifiably correct, authentic, and reliable.

• Availability
• Credibility
• Accuracy
• Integrity

Test your knowledge: NIST frameworks

9. What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?

• A collection of security principles focused on maintaining confidentiality, integrity, and availability
• A required business framework for ensuring security updates and repairs are successful
• A set of security controls that help analysts determine what to do if a data breach occurs
• Standards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk

10. Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.

• regulate
• respond
• reevaluate
• reflect

11. Fill in the blank: By enabling security professionals to determine which devices have been affected, the CSF _____ function helps organizations manage cybersecurity risks and their effects.

• protect
• identify
• detect
• recover

12. What does a security analyst’s work involve during the CSF recover function?

• Return affected systems back to normal operation
• Protect an organization through the implementation of employee training
• Contain, neutralize, and analyze security incidents
• Pinpoint threats and improve monitoring capabilities

Weekly challenge 2

13. What does a security professional use to create guidelines and plans that educate employees about how they can help protect the organization?

• Security posture
• Security audit
• Security framework
• Security hardening

14. Fill in the blank: A security professional uses _____ to convert data from a readable format to an encoded format.

• authorization
• authentication
• encryption
• confidentiality

15. Which of the following characteristics are examples of biometrics? Select all that apply.

• Voice
• Fingerprint
• Eye scan
• Password

16. You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?

• Confidentiality
• Availability
• Integrity
• Accuracy

17. Which of the following statements accurately describe the CSF? Select all that apply.

• The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
• Implementing improvements to a security process is part of the respond function of the CSF.
• The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.
• The protect function of the CSF involves returning affected systems back to normal operation.

18. A security team has just finished addressing a recent security incident. They now conduct tests to ensure that all of their repairs were successful. Which OWASP principle does this scenario describe?

• Minimize attack surface area
• Fix security issues correctly
• Principle of least privilege
• Separation of duties

19. What are some of the primary objectives of an internal security audit? Select all that apply.

• Determine what needs to be improved in order to achieve the desired security posture
• Help security teams identify organizational risk
• Avoid fines due to a lack of compliance
• Reduce the amount of data on a network

What are some of the primary objectives of an internal security audit? Select three answers.

• Help security teams identify organizational risk

• Improve security posture

• Avoid fines due to a lack of compliance

• Develop a guiding security statement for the business

20. Fill in the blank: In an internal security audit, _____ refers to identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.

• completing a controls assessment
• implementing administrative controls
• scope
• goals

21. A security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?

• Completing a controls assessment
• Assessing compliance
• Establishing the scope and goals
• Communicating results

22. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

• Strategies for improving security posture
• A summary of the goals
• Detailed data about past cybersecurity incidents
• Existing risks that need to be addressed now or in the future

Shuffle Q/A

23. How do organizations use security frameworks to develop an effective security posture?

• As a policy to protect against phishing campaigns
• As a policy to support employee training initiatives
• As a guide to identify threat actor strategies
• As a guide to reduce risk and protect data and privacy

24. Fill in the blank: An employee using multi-factor authentication to verify their identity is an example of the _____ process.

• confidentiality
• integrity
• authentication
• encryption

25. You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

• Confidentiality
• Availability
• Credibility
• Integrity

26. A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

• Fix security issues correctly
• Keep security simple
• Defense in depth
• Principle of least privilege

27. What are some of the primary objectives of an internal security audit? Select all that apply.

• Help security teams correct compliance issues
• Enable security teams to assess controls
• Limit traffic on an organization’s firewall
• Identify any security gaps or weaknesses within an organization

28. A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?

• Physical controls
• Technical controls
• Administrative controls
• Compliance controls

29. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

• A list of existing risks
• Results and recommendations
• Questions about specific controls
• A summary of the scope

30. What is the purpose of a security framework?

• Create security controls to protect marketing campaigns
• Develop procedures to help identify productivity goals
• Establish policies to expand business relationships
• Build plans to help mitigate risks and threats to data and privacy
  
  
  
  
   

31. Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.

• authorization
• encryption
• integrity
• admission

32. Which of the following statements accurately describe the CSF? Select all that apply.

• The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
• The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections.
• Restoring affected files or data is part of the recover function of the CSF.
• The identify function of the CSF involves returning affected systems back to normal operation.

Which of the following statements accurately describe the CSF? Select all that apply.

• The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.

• The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

• The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.

• Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.

33. A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

• Defense in depth
• Principle of least privilege
• Keep security simple
• Separation of duties

34. Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

• communicating to stakeholders
• conducting a risk assessment
• assessing compliance
• establishing the scope and goals

35. A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

• Communication controls
• Administrative controls
• Technical controls
• Physical controls

36. A person’s fingerprint, eye or palm scan are examples of what?

• Codes
• Biometrics
• Passwords
• Statistics

37. Which of the following statements accurately describe the CSF? Select all that apply.

• The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
• Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
• The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
• The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

38. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

• Results and recommendations
• Comprehensive details about each part of the process
• Compliance regulations to be adhered to
• Strategies for improving security posture

Week 3

1. Which log source records events related to websites, emails, and file shares, as well as password and username requests?

• Receiving
• Firewall
• Network
• Server

2. Fill in the blank: A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.

• employee
• efficiency
• emergency
• event

3. A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?

• Index standards
• Metrics
• Cloud tools
• Models

4. Fill in the blank: SIEM tools must be configured and _____ to meet each organization's unique security needs.

• customized
• centralized
• reviewed
• indexed

Test your knowledge: Identify threats and vulnerabilities with SIEM tools

5. A security team wants some of its services to be hosted on the internet instead of local devices. However, they also need to maintain physical control over certain confidential data. What type of SIEM solution should they select?

• Self-hosted
• Remote
• Cloud-hosted
• Hybrid

6. Splunk Cloud is a self-hosted tool that retains, analyzes, and searches log data in order to provide security information and alerts.

• True
• False

7. Fill in the blank: Chronicle is _____, which means it is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.

• cloud-infrastructure
• cloud-native
• cloud-local
• cloud-hardware

8. What are the different types of SIEM tools? Select three answers.

• Self-hosted
• Cloud-hosted
• Hybrid
• Physical

Weekly challenge 3

9. Which of the following statements correctly describe logs? Select three answers.

• SIEM tools rely on logs to monitor systems and detect security threats.
• A record of connections between devices and services on a network is part of a network log.
• A record of events related to employee logins and username requests is part of a server log.
• Actions such as username requests are recorded in a network log.

Which of the following statements correctly describe logs? Select three answers.

• SIEM tools rely on logs to monitor systems and detect security threats.

• Actions such as username requests are recorded in a network log.

• A record of events related to employee logins and username requests is part of a server log.

• A record of connections between devices and services on a network is part of a network log.

10. What are some of the key benefits of SIEM tools? Select three answers.

• Monitor critical activities in an organization
• Automatic updates customized to new threats and vulnerabilities
• Provide visibility
• Store all log data in a centralized location

11. Fill in the blank: To assess the performance of a software application, security professionals use _____, including response time, availability, and failure rate.

• dashboards
• SIEM tools
• logs
• metrics

12. A security team installs a SIEM tool within their company’s own infrastructure to keep private data on internal servers. What type of tool are they using?

• Hybrid
• Infrastructure-hosted
• Self-hosted
• Cloud-hosted

A security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using?

• Hybrid
• Infrastructure-hosted
• Self-hosted
• Cloud-hosted

Fill in the blank: SIEM tools are used to search, analyze, and _____ an organization's log data to provide security information and alerts in real-time.

• retain

• separate
• modify
• release

A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?

• A network protocol analyzer (packet sniffer)
  • An operating system

• A SIEM tool dashboard

• A playbook

13. You are a security analyst, and you want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose?

• Self-hosted
• Solution-hosted
• Cloud-hosted
• Hybrid

14. Fill in the blank: Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization's _____ to provide security information and alerts.

• database
• hardware
• cloud applications
• log data

15. Which of the following statements accurately describe Chronicle? Select three answers.

• Cloud-native tools such as Chronicle are designed to take advantage of cloud computing availability.
• Chronicle is designed to retain, analyze, and search data.
• Self-hosted tools such as Chronicle are designed to give organizations more control over their data.
• Chronicle performs data analysis.

16. Which type of tool typically requires users to pay for usage?

• Open-source
• Self-hosted
• Proprietary
• Cloud native

Shuffle Q/A

17. Which of the following statements correctly describe logs? Select three answers.

• Actions such as using a username or password are recorded in a firewall log.
• Events related to websites, emails, or file shares are recorded in a server log.
• A network log is a record of all computers and devices that enter and leave a network.
• A log is a record of events that occur within an organization’s systems and networks.

18. What are some of the key benefits of SIEM tools? Select three answers.

• Save time
• Provide event monitoring and analysis
• Eliminate the need for manual review of logs
• Collect log data from different sources

19. Fill in the blank: Software application _____ are technical attributes, such as response time, availability, and failure rate.

• metrics
• dashboards
• SIEM tools
• logs

20. You are a security professional, and you want a SIEM tool that will require both on-site infrastructure and internet-based solutions. What type of tool do you choose?

• Hybrid
• Self-hosted
• Cloud-hosted
• Component-hosted

21. Which of the following statements accurately describe Chronicle? Select three answers.

• Chronicle saves businesses time by eliminating the need for security teams to monitor threats and vulnerabilities.
• Cloud-native tools such as Chronicle are designed to take advantage of cloud computing scalability.
• Cloud-native tools such as Chronicle are maintained and managed by the vendor.
• Chronicle performs data collection.

22. What are some of the key benefits of SIEM tools? Select three answers.

• Minimize the number of logs to be manually reviewed
• Automatic customization to changing security needs
• Increase efficiency
• Deliver automated alerts

23. Fill in the blank: A security professional creates a dashboard that displays technical attributes about business operations called ______, such as incoming and outgoing network traffic.

• metrics
• averages
• logs
• SIEM tools

24. Fill in the blank: Splunk Enterprise is a self-hosted tool used to search, analyze, and _____ an organization's log data to provide security information and alerts in real-time.

• retain
• modify
• release
• separate

25. What are examples of open-source tools? Select two answers.

• Suricata
• Splunk Enterprise
• Linux
• Chronicle

26. Fill in the blank: Splunk Enterprise is a _____ tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time.

• cloud-native
• self-hosted
• open-source
• cloud-based

Week 4

1. In the event of a security incident, when would it be appropriate to refer to an incident response playbook?

• Only when the incident first occurs
• Only prior to the incident occurring
• Throughout the entire incident
• At least one month after the incident is over

2. Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.

• preparation
• detection and analysis
• containment
• coordination

3. In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?

• Eradication and recovery
• Containment
• Post-incident activity
• Coordination

4. What is the relationship between SIEM tools and playbooks?

• They work together to provide a structured and efficient way of responding to security incidents.
• Playbooks collect and analyze data, then SIEM tools guide the response process.
• They work together to predict future threats and eliminate the need for human intervention.
• Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy.

Test your knowledge: Use a playbook to respond to an incident

5. Playbooks are permanent, best-practice documents, so a security team should not make changes to them.

• True
• False

6. A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?

• Post-incident activity
• Detection and analysis
• Eradication and recovery
• Containment

7. Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.

• eradication
• coordination
• preparation
• detection

8. Which action can a security analyst take when they are assessing a SIEM alert?

• Analyze log data and related metrics
• Isolate an infected network system
• Restore the affected data with a clean backup
• Create a final report

Weekly challenge 4

9. Which of the following statements accurately describe playbooks? Select three answers.

• A playbook helps security teams respond to urgent situations quickly.
• A playbook improves accuracy when identifying and mitigating an incident.
• Organizations use different types of playbooks for different situations.
• Organizations keep playbooks consistent by applying the same procedures to different business events.

Which of the following statements accurately describe playbooks? Select three answers.

• Organizations use the same playbook for incident response, security alerts, and product-specific purposes.

• Organizations use playbooks to ensure employees follow a consistent list of actions.

• A playbook clarifies what tools to use in response to a security incident.

• A playbook is a manual that provides details about any operational action.

10. A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security team’s goal in this scenario?

• Assess employee performance
• Educate clients
• Update a playbook
• Delete biometric data

11. Fill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.

• guides
• exercises
• examinations
• inquiries

12. An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?

• Coordination
• Containment
• Detection and analysis
• Preparation

13. Why is the containment phase of an incident response playbook a high priority for organizations?

• It demonstrates how to communicate about the breach to leadership.
• It enables a business to determine whether a breach has occurred.
• It helps prevent ongoing risks to critical assets and data.
• It outlines roles and responsibilities of all stakeholders.

14. Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the company’s overall security posture.

• post-incident activity
• detection and analysis
• containment
• eradication and recovery

15. A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?

• Containment
• Preparation
• Eradication and recovery
• Detection and analysis

16. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

• SIEM tools and playbooks work together to provide a structured way of responding to incidents.
• Playbooks collect and analyze data.
• SIEM tools detect threats.
• SIEM tools alert the security team to potential problems.

Shuffle Q/A

17. Which of the following statements accurately describe playbooks? Select three answers.

• A playbook is used to develop compliance regulations.
• A playbook can be used to respond to an incident
• A playbook is an essential tool used in cybersecurity
• A playbook improves efficiency when identifying and mitigating an incident.

18. Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.

• summarizes
• outlines
• shortens
• updates

19. Fill in the blank: Incident response is an organization’s quick attempt to _____ an attack, contain the damage, and correct its effects.

• identify
• expand
• disclose
• ignore

A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?

• Preparation

• Coordination

• Detection and analysis
• Eradication and recovery

21. What are the primary goals of the containment phase of an incident response playbook? Select two answers.

• Reduce the immediate impact
• Assess the damage
• Analyze the magnitude of the breach
• Prevent further damage

22. Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company’s overall security posture.

• structure
• target
• root cause
• end point

23. Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?

• Post-incident activity
• Preparation
• Containment
• Detection and analysis

24. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

• SIEM tools analyze data.
• SIEM alerts inform security teams of potential threats.
• SIEM alerts provide security teams with specific steps to identify and respond to security incidents.
• SIEM tools and playbooks work together to provide an efficient way of handling security incidents.

25. What does a security team do when updating and improving a playbook? Select all that apply.

• Discuss ways to improve security posture
• Consider learnings from past security incidents
• Refine response strategies for future incidents
• Improve antivirus software performance

26. Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.

• implementation
• documentation
• concealment
• iteration

27. A security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?

• Coordination
• Containment
• Eradication and recovery
• Detection and analysis

28. Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.

• user experience
• employee engagement
• security audit
• security posture

29. A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?

• Coordination
• Eradication and recovery
• Detection and analysis
• Preparation

Course 3 - Connect and Protect: Networks and Network Security

Week 1

1. To connect an entire city, the most effective network type would be a local area network (LAN).

• True
• False

2. A security professional wants to ensure information is being broadcast properly to every computer on their organization’s network. What device should they investigate?

• Hub
• Modem
• Internet
• Router

3. What are some benefits of switches? Select all that apply.

• They automatically install device-protection software.
• They can improve network performance.
• They control the flow of traffic.
• They only pass data to the intended destination.

4. Fill in the blank: The practice of using servers, applications, and network services that are hosted on the internet is called _____ computing.

• website
• connected
• cloud
• uploadable

Test your knowledge: Network communication

5. What type of information is contained within the header of an IP packet?

• The message that needs to be transmitted to the receiving device
• An explanation of how the port number will be processed by the receiving device
• The sender’s IP address, the size of the packet, and the protocol to use
• A string of data indicating that the data transmission is complete

6. What characteristics do the TCP/IP and OSI models share? Select all that apply.

• Both models define standards for networking and divide the network communication process into different layers.
• Both models include an application and a transport layer.
• Both models illustrate network processes and protocols for data transmission between two or more systems.
• Both models have 7 layers.

7. What is the Transmission Control Protocol (TCP)?

• A software application that organizes data
• An internet communication convention
• Guidelines for proper network operations
• A unique address that every device on a network is assigned

8. Fill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.

• channel
• segment
• port
• packet

9. Which layer of the TCP/IP model has protocols that organize file transfers and email services?

• Internet layer
• Transport layer
• Network access layer
• Application layer

Test your knowledge: Local and wide network communication

10. Fill in the blank: An Internet Protocol (IP) address is a unique string of characters that identifies the _____ of a device on the internet.

• speed
• location
• operating system
• size

11. Which of the following is an example of an IPv4 address?

• 25, 443, 20
• 172.16.254.1
• 2001:0db8:85a3:0000:0000:8a2e:0370:7336
• 00-B1-D0-63-C2-26

12. What is the term for an address assigned by an internet service provider that is shared by all devices on a local area network?

• Private IP address
• MAC address
• WAN address
• Public IP address

13. Fill in the blank: A switch uses a MAC _____ to direct data packets to the correct device.

• address table
• geographic location
• home network
• public address

Weekly challenge 1

14. What is the term for a group of connected devices?

• Cloud
• Hub
• Protocol
• Network

15. A _____ broadcasts information to every device on the network.

• hub
• modem
• router
• switch

16. Which of the following statements accurately describe switches? Select all that apply.

• When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.
• Some benefits to switches are effective control of traffic flow and improved network performance.
• Switches are less secure than hubs.
• A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.

17. A security professional is investigating the benefits and drawbacks of using a cloud service provider (CSP). What are some reasons why the security professional might choose to use a CSP in their work? Select all that apply.

• A CSP provides business analytics to monitor web traffic and sales.
• CSP services may be accessed even when a business is not connected to the internet.
• CSP remote servers allow web applications to be accessed from any location.
• A CSP offers processing power that is only paid for as needed.

18. What is the purpose of the protocol number of a data packet?

• To identify the message to be transmitted to the receiving device
• To signal to the receiving device that the packet is finished
• To contain the IP and MAC addresses
• To tell the receiving device what to do with the information in the packet

19. What are the three main categories of services that CSPs provide? Select all that apply.

• Software as a service (SaaS)
• Platform as a service (PaaS)
• Desktop as a service (DaaS)
• Infrastructure as a service (IaaS)

20. A security analyst is accessing a webpage that uses HTTPS. The analyst scans the network to see what ports are active. Which port number is used for HTTPS webpages?

• 443
• 40
• 20
• 25

21. Which layer in the TCP/IP model is used to inspect the flow of traffic across a network?

• Layer 1, network access
• Layer 2, internet
• Layer 3, transport
• Layer 4, application

22. A security analyst runs a command to discover a local IP address. The analyst receives the following result: 169.254.255.249. What type of address is this?

• MAC
• IPv4
• IPv6
• Ethernet

23. A security analyst runs a command to discover a local IP address. The analyst receives the following result: fd45:3efd:3201:ff22:0000:0000:12ff:0000. What type of address is this?

• MAC
• Ethernet
• IPv4
• IPv6

Shuffle Q/A

24. What type of network spans an office building, a school, or a home?

• Modem
• Cloud
• WAN
• LAN

25. Which network device makes connections between specific devices on a network by sending and receiving data between them?

• A switch
• A router
• A hub
• A modem

26. Which of the following are benefits for businesses that are considering using a cloud service provider (CSP)? Select all that apply.

• CSP data and devices are more secure because they are stored locally.
• CSP remote servers allow online services to be accessed from any location.
• CSPs provide business analytics to monitor web traffic and sales.
• CSPs offer on-demand storage.

27. Fill in the blank: _____ refers to the practice of using remote servers, applications, and network services that are hosted on the internet, instead of in a physical location owned by a company.

• Cloud computing
• Software defined networks (SDNs)
• Hybrid cloud environment
• Local area network (LAN)

28. Which one of the following port numbers is used for large file transfers?

• 25
• 37
• 20
• 443

29. Fill in the blank: The ___ layer is used to determine how data packets will interact with receiving devices, including file transfers and email services.

• Layer 1, network access
• Layer 2, internet
• Layer 3, transport
• Layer 4, application

30. Which of the following addresses is an accurate IPv4 address?

• 129.168.10.256
• 1001.2345.3234.5678
• 192.168.0.2
• 100.234.56.1.3

31. Which of the following addresses is an accurate IPv6 address?

• fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578
• fda2::7361:135b::38f5:c8bd:1b3e:2578
• a360::abf7:h234:0011:g126:1130::ffj2
• a634:b123:cd34:3f56:0023:2345:7890:0000:ffff

32. Fill in the blank: A ___ is a network that spans a large geographic area, like a city, state, or country.

• Modem
• LAN
• WAN
• Cloud

33. Which network device connects multiple networks together?

• A hub
• A router
• A switch
• A modem

34. Fill in the blank: A ___ is a device that makes connections between specific devices on a network by sending and receiving data between them.

• switch
• hub
• modem
• router

35. What information is included in the body of a data packet?

• The protocol number
• The MAC address
• The message to be transmitted to the receiving device
• The signal that tells the receiving device that the packet is finished transferring

36. What are two benefits of cloud computing and software defined networks (SDNs)? Select two answers.

• Decreased cost
• Increased scalability
• Decreased use of physical network devices
• Increased attack surface

37. What is the purpose of the footer of a data packet?

• To identify the message to be transmitted to the receiving device
• To show the MAC address of the destination device
• To signal to the receiving device that the packet is finished
• To contain the source IP address

38. Fill in the blank: 127.0.0.1 is an example of an accurate ___ address.

• Ethernet
• IPv6
• MAC
• IPv4

Week 2

1. Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.

• access level
• optimum speed
• order of delivery
• maximum size

2. Which network protocol provides a secure method of communication between clients and web servers?

• TCP
• ARP
• HTTPS
• DNS

3. To keep information safe from malicious actors, what security protocol can be used?

• Secure sockets layer and transport layer security (SSL/TLS)
• Address resolution protocol (ARP)
• Domain name system (DNS)
• Transmission control protocol (TCP)

4. IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.

• True
• False

Test your knowledge: System identification

5. What monitors and filters traffic coming in and out of a network?

• Domain name system (DNS)
• Firewall
• Forward proxy server
• Uncontrolled zone

6. Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.

• True
• False

7. Fill in the blank: Encapsulation is a process performed by a _____ that protects information by wrapping sensitive data in other data packets.

• firewall
• VPN service
• proxy server
• security zone

8. Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?

• Management zone
• Uncontrolled zone
• Restricted zone
• Demilitarized zone (DMZ)

9. Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.

• reverse proxy server
• port filter
• controlled zone
• forward proxy server

Weekly challenge 2

10. What network protocol translates the domain name of a website’s server into an IP address?

• File transfer protocol (FTP)
• Domain name system (DNS)
• Transmission control protocol (TCP)
• Hypertext transfer protocol secure (HTTPS)

11. Which of the following statements accurately describe wireless protocols? Select three answers.

• Wi-Fi protocols provide security levels about equal to that of wired connections.
• IEEE is the Institute of Electrical and Electronics Engineers, which maintains WiFi standards.
• WPA is a wired security protocol pertaining to local devices on the same network.
• 802.11 is a suite of protocols used in wireless communication.

A firewall administrator installs a firewall function to either block or allow certain port numbers to limit unwanted communication. What function does this scenario describe?

• Port filtering

• Using cloud-based firewalls

• Masking a location

• Organizing data packets

12. Which type of firewall analyzes network traffic for characteristics and behaviors that appear suspicious and stops them from entering the network?

• Next-generation firewall (NGFW)

• Stateful
• Stateless
• Cloud-based

Which of the following types of firewalls can perform deep packet inspection and intrusion detection?

• Next generation firewall (NGFW)
• Documented
• Stateless
• Stateful

How do VPNs preserve confidentiality?

• Use temporary memory to store data requested by external servers
  • Monitor traffic to and from a network
  • Translate internet domain names to IP addresses

• Encrypt data in transit

Fill in the blank: A VPN uses _____ to transfer encrypted data between a device and the VPN server.

• network segmentation
  • transmission control
  • packet sniffing

• encapsulation

Fill in the blank. A controlled zone protects a company's internal network from a(n)___ security zone.

• Restricted
  • Demilitarized
  • Internal network

• Uncontrolled

14. What network security service masks a device’s virtual location to keep data private while using a public network?

• Network segmenter
• Cloud service provider (CSP)
• Virtual private network (VPN)
• Domain name system (DNS)

15. Fill in the blank: VPN services perform encapsulation to protect sensitive data by _____ it in other data packets.

• wrapping
• archiving
• classifying
• displaying

16. What network zone contains the internet and other services that are outside of an organization’s control?

• Restricted
• Uncontrolled
• Controlled
• Demilitarized

17. What is the function of the demilitarized zone (DMZ)?

• Isolate servers exposed to the internet from the rest of a network
• Organize data by forwarding it to other servers
• Protect highly confidential information accessible only to employees with certain privileges
• Encrypt data as it travels across the internet

18. Fill in the blank: A _____ fulfills the requests of its clients by forwarding them to other servers

• Virtual private network (VPN)
• Firewall
• Proxy server
• Router

What is one way forward proxies secure internal networks?

• Both forward and reverse proxy servers add a layer of protection from the internet.

• Forward proxy servers hide a user’s IP address and approve all outgoing requests.

• They are useful for protecting internal web servers that contain confidential data.
• They receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.

Shuffle Q/A

20. Which of the following statements accurately describe wireless protocols? Select three answers.

• WPA is a wireless security protocol pertaining to connecting to the internet.
• The set of standards IEEE 802.11 is also referred to as Wi-Fi.
• Wi-Fi protocols provide significantly lower security levels than wired connections.
• The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.

21. A firewall administrator sets up a firewall that operates based on predefined rules. It is not used to keep track of information from data packets. What class of firewall does this scenario describe?

Answers

• Cloud-based
• Next-generation firewall (NGFW)
• Stateful
• Stateless

22. A security professional sets up a security measure to allow employees to work from home securely while having access to internal network resources. What does this scenario describe?

• Firewall
• Address resolution protocol (ARP)
• Virtual private network (VPN)
• Cloud service provider (CSP)

23. Fill in the blank: VPN services perform _____ to protect sensitive data by wrapping it in other data packets.

• network segmentation
• transmission control
• encapsulation
• packet sniffing

24. What network is part of the uncontrolled zone?

• Internet
• Subnets
• Web servers
• Internal networks

25. Which of the following statements accurately describe forward and reverse proxy servers? Select three answers.

• Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.
• Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers.
• Reverse proxy servers work by hiding a user’s IP address and approving all outgoing requests.
• Forward proxy servers regulate and restrict a person’s access to the internet.

26. What network protocol helps data get to the right place by determining the MAC address of the next router or device on its path?

• Hypertext Transfer Protocol Secure (HTTPS)
• Address Resolution Protocol (ARP)
• Secure Sockets Layer/Transport Layer Security (SSL/TLS)
• Transmission Control Protocol (TCP)

27. What network zone includes web and proxy servers that host websites for the public, as well as email and file servers to handle external communications?

• Uncontrolled zone
• Demilitarized zone
• Restricted zone
• Virtual private network

A security analyst implements a system to service client requests by forwarding them to other servers. What do they use?

• Proxy server

• Virtual private network (VPN)
• Firewall
• Router

28. A security analyst implements a proxy server to secure internal networks. What are some of the proxy server’s primary functions? Select all that apply.

• Determine whether requests to connect to a website are allowed
• Use public IP addresses that are different from the rest on the private network
• Temporarily stores data that is frequently requested by external servers
• Divide the network into segments to maintain privacy within corporate groups

29. Fill in the blank: A ____ accepts traffic from external parties, approves it, then forwards it to internal servers.

• Reverse proxy
• Forward proxy
• Virtual private network (VPN)
• Next generation firewall (NGFW)

Week 3

1. What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?

• Phishing attack
• Tailgating attack
• Denial of Service (DoS) attack
• Distributed Denial of Service (DDoS) attack

2. What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?

• SYN flood attack
• ICMP flood
• On-path attack
• SYN-ACK flood attack

3. Fill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.

• On-path
• SYN flood
• Ping of Death
• ICMP flood

4. Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply.

• DDoS attack
• ICMP flood attack
• SYN flood attack
• TCP connection attack

Test your knowledge: Network interception attack tactics

5. Passive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.

• True
• False

6. Fill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network.

• using only websites with HTTP at the beginning of their domain addresses
• using a VPN
• using a network hub
• using free public Wi-Fi

7. Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?

• Replay attack
• IP spoofing
• On-path attack
• Ping of death

8. Which of the following statements accurately describes a smurf attack?

• A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum size
• A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets
• A network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another time
• A DoS attack performed by an attacker repeatedly sending ICMP packets to a network server

Weekly challenge 3

9. What happens during a Denial of Service (DoS) attack?

• The target crashes and normal business operations cannot continue.
• The data packets containing valuable information are stolen as they travel across the network.
• The attacker successfully impersonates an authorized user and gains access to the network.
• The network is infected with malware.

10. Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.

• In both DoS and DDoS attacks, every part of the network must be overloaded for the attacks to be successful.
• A DDoS attack involves multiple hosts carrying out the attack.
• A DoS attack involves one host conducting the attack.
• A network device experiencing a DoS attack is unable to respond to legitimate users.

Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.

• A DDoS attack may use multiple devices in different locations to flood the target network with unwanted traffic.

• In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.

• A DoS attack involves multiple hosts carrying out the attack.

• A DoS attack targets a network or server.

11. A security manager is training their team to identify when a server has experienced a SYN-flood attack. What might indicate to the team members that their organization is at risk?

• The port numbers in the data packets are incorrect.
• A large number of ICMP packets are delivered to the organization’s servers.
• An oversized ICMP packet is sent to the network server.
• The server has stopped responding after receiving an unusually high number of incoming SYN packets.

12. Fill in the blank: The DoS attack _____ occurs when a malicious actor sends an oversized ICMP packet to a server.

• smurf
• SYN flood
• Ping of Death
• on-path

13. Which of the following statements correctly describe passive and active packet sniffing? Select three answers.

• Using only websites with HTTPS at the beginning of their domain names provides protection from packet sniffing.

• Passive packet sniffing may enable attackers to change the information a packet contains.

• Active packet sniffing may enable attackers to redirect the packets to unintended ports.
• The purpose of passive packet sniffing is to read data packets while in transit.

14. As a security professional, you research on-path, replay, and smurf attacks in order to implement procedures that will protect your company from these incidents. What type of attack are you learning about?

• Ping of death
  • SYN flooding
  • Packet sniffing

• IP spoofing

15. Fill in the blank: _____ is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.

• A KRACK attack
• A DoS attack
• IP spoofing
• SYN flooding

16. In which attack do malicious actors impersonate a web browser or web server by placing themselves between the two devices, then sniffing the packet information to discover their IP and MAC addresses?

• Packet flooding attack
• On-path attack
• Malware attack
• Smurf attack

Fill in the blank: The _____ network attack occurs when an attacker delays a data packet after intercepting it in transit.

• on-path
  • SYN flood
  • smurf

• replay

Which attack is a combination of a DDoS and an IP spoofing attack, during which the malicious actor overwhelms a target computer?

• Smurf attack

• Ping of Death
• On-path attack
• Replay attack

17. Fill in the blank: The _____ network attack occurs when a malicious actor takes a network transmission that was sent by an authorized user and repeats it at a later time to impersonate that user.

• SYN flood
• smurf
• on-path
• replay

18. Which combination DoS and IP spoofing attack can bring down an entire network by flooding an authorized user’s IP address with packets?

• On-path attack
• Replay attack
• Ping of Death
• Smurf attack

Shuffle Q/A

19. What is the main objective of a Denial of Service (DoS) attack?

• Simulate a TCP connection and flood a server with SYN packets
• Send oversized ICMP packets
• Disrupt normal business operations
• Repeatedly send ICMP packets to a network server

20. A security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe?

• ICMP flood
• On-path attack
• SYN flood attack
• Ping of Death

21. Fill in the blank: The maximum size of a correctly formatted IPv4 ICMP packet is _____, as opposed to the oversized packet that is sent during a Ping of Death attack.

• 32KB
• 64TB
• 15Gb
• 64KB

22. Fill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization.

• VPN
• HTTPS domain address
• firewall
• demilitarized zone

23. Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.

• A DoS attack may use multiple servers in different locations to flood the target network with unwanted traffic.
• A DDoS attack is intended to overwhelm the target server.
• A DoS attack may involve flooding a network with traffic.
• In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.

24. Which of the following statements correctly describe passive and active packet sniffing? Select three answers.

• A company can avoid using unprotected Wi-Fi to help protect itself from packet sniffing.
• Passive packet sniffing allows malicious actors to view the information going in and out of the targeted device.
• Passive packet sniffing enables attackers to change the information a packet contains.
• Active packet sniffing may enable attackers to redirect the packets to unintended ports.

25. As a security professional, you implement safeguards against attackers changing the source IP of a data packet in order to communicate over your company’s network. What type of network attack are you trying to avoid?

• Passive packet sniffing
• Ping of Death
• Active packet sniffing
• IP spoofing

26. What do network-level Denial of Service (DoS) attacks target?

• Commonly used software applications
• All hardware within an organization
• Network bandwidth
• The personal information of employees

27. Fill in the blank: The DoS attack _____ occurs when an attacker repeatedly sends ICMP packets to a network server.

• on-path
• smurf
• SYN flood
• ICMP flood

28. As a security professional, you take steps to stop an attacker from changing the source IP of a data packet in order to impersonate your authorized system. What type of network attack are you working to prevent?

• Ping of Death
• IP spoofing
• Passive packet sniffing
• Active packet sniffing

29. What are some common IP spoofing attacks? Select all that apply.

• on-path attacks
• replay attacks
• smurf attacks
• KRACK attacks

30. In which attack would malicious actors gain access to a network, put themselves between a web browser and a web server, then sniff the packet to learn the devices’ IP and MAC addresses?

• Smurf attack
• On-path attack
• Packet flooding attack
• Malware attack

Week 4

1. Fill in the blank: The _____ acts as an intermediary between software applications and computer hardware.

• authorized user
• operating system
• access system
• baseline

2. Which of the following activities are security hardening tasks? Select all that apply.

• Making patch updates
• Disposing of hardware and software properly
• Enforcing password policies
• Exploiting an attack surface

3. Multifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.

• True
• False

4. What are examples of physical security hardening? Select all that apply.

• Installing security cameras
• Hiring security guards
• Removing or disabling unused applications
• Reducing access permissions across devices

Test your knowledge: Network hardening

5. Fill in the blank: Security teams can use _____ to examine network logs and identify events of interest.

• network segmentation
• port filtering
• security information and event management (SIEM) tools
• baseline configuration

6. What is a basic principle of port filtering?

• Block all ports in a network.
• Allow users access to only areas of the network that are required for their role.
• Disallow ports that are used by normal network operations.
• Allow ports that are used by normal network operations.

7. A security professional creates different subnets for the various departments in their business, ensuring users have access that is appropriate for their particular roles. What does this scenario describe?

• Network log analysis
• Network segmentation
• Patch updates
• Firewall maintenance

8. Data in restricted zones should have the same encryption standards as data in other zones.

• True
• False 

Test your knowledge: Cloud hardening

9. Fill in the blank: A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent _____ by comparing data in cloud servers to the baseline image.

• slow speeds
• damaged data
• improper resource storage
• unverified changes

10. Data and applications on cloud networks do not need to be separated based on their service category, such as their age or internal functionality.

• True
• False

11. Who is responsible for ensuring the safety of cloud networks? Select all that apply.

• Individual users
• Research department
• Cloud service provider
• Security team

12. Fill in the blank: _____ cloud services are a common source of cloud security issues.

• Misconfigured
• Unauthorized
• Shared
• Managed

Weekly challenge 4

13. Which of the following tasks are security hardening practices? Select all that apply.

• Keeping network devices functioning properly
• Updating software
• Loosening access permissions
• Performing port filtering

14. What is the relationship between security hardening and an attack surface?

• Security hardening permanently eliminates the attack surface.
• Security hardening diminishes the attack surface.
• Security hardening expands the attack surface.
• Security hardening increases the attack surface.

15. Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice.

• physical
• virtual
• software-based
• network-focused

16. An organization’s in-house security team has been authorized to simulate an attack on the organization’s website. The objective is to identify any vulnerabilities that are present. What does this scenario describe?

• Penetration testing
• The Ping of Death
• Packet sniffing
• A Distributed Denial of Service (DDoS) attack

17. What are some methods for hardening operating systems? Select three answers.

• Removing unused software to limit unnecessary vulnerabilities
• Implementing an intrusion detection system (IDS)
• Configuring a device setting to fit a secure encryption standard
• Keeping an up-to-date list of authorized users.

18. A security analyst notices something unusual affecting their company’s OS. To confirm that no changes have been made to the system, the analyst compares the current configuration to existing documentation about the OS. What does this scenario describe?

• Checking baseline configuration
• Upgrading the interface between computer hardware and the user
• Responsibly managing applications
• Verifying user identity when accessing an OS

19. Fill in the blank: The security measure multifactor authentication (MFA) requires a user to verify their _____ in two or more ways to access a system or network.

• password
• user permissions
• job title
• identity

20. In what way might port filtering be used to protect a network from an attack?

• By increasing the attack surface within a business network
• By creating isolated subnets for each of the various departments within an organization
• By helping analysts inspect, analyze, and react to security events based on their priority
• By blocking or allowing certain port numbers in order to limit unwanted communication

In what way might port filtering be used to protect a network from an attack?

• To increase the attack surface in a network

• To inspect, analyze, and react to security events based on their priority

• To disable unused ports in order to reduce the attack surface

• To create isolated subnets for different departments in an organization

21. A security team considers the best way to handle the different security zones within their network. They prioritize protecting the restricted zone by separating from the rest of the network and ensuring it has much higher encryption standards. What does this scenario describe?

• Cloud hardening
• Patch updating
• Penetration testing
• Network segmentation

22. What is one key similarity between regular web servers and cloud servers?

• In both, all data and application are stored together, regardless of their service category
• They both use baseline images stored in the cloud to compare data.
• They both require proper maintenance and security hardening.
• In both, all applications are stored together, regardless of their age.

Shuffle Q/A

23. To help improve the security of a business, its in-house security team is approved to simulate an attack that will identify vulnerabilities in business processes. What does this scenario describe?

• A Distributed Denial of Service (DDoS) attack
• Packet sniffing
• Penetration testing
• The Ping of Death

Which of the following are OS hardening tasks? Select three answers.

• Regularly installing updates

• Implementing multifactor authentication

• Using secure encryption standards

• Conducting a penetration test

24. What is one key similarity between regular web servers and cloud servers?

• In both, all data and application are stored together, regardless of their service category.
• They both require security measures taken by the organization to stay safe.
• In both, all applications are stored together, regardless of their age.
• They both use baseline images stored in the cloud to compare data.

25. Which of the following tasks are security hardening practices? Select all that apply.

• Reducing access permissions across devices and networks
• Installing patch updates
• Disabling unused ports
• Replacing the RAM on the computers

26. What is the term for all the potential system vulnerabilities that a threat actor could exploit?

• Security architecture
• Risk
• Security challenge
• Attack surface

27. Fill in the blank: Installing security cameras is an example of a _____ security hardening practice.

• physical
• software-based
• network-focused
• virtual

28. A company’s executive team approves a proposal by the security director. The proposal involves security professionals simulating an attack on the company’s systems in order to identify vulnerabilities. What does this scenario describe?

• Penetration testing
• The Ping of Death
• Packet sniffing
• A Distributed Denial of Service (DDoS) attack

29. Which of the following are OS hardening tasks? Select three answers.

• Using secure encryption standards
• Implementing multifactor authentication
• Configuring a firewall
• Running regularly scheduled backups

30. A security analyst reviews documentation about a firewall rule that includes a list of allowed and disallowed network ports. They compare it to the current firewall to ensure no changes have been made. What does this scenario describe?

• Verifying user identity when accessing an OS
• Upgrading the interface between computer hardware and the user
• Checking baseline configuration
• Responsibly managing applications

31. Fill in the blank: The security measure _____ requires a user to verify their identity in two or more ways to access a system or network.

• baseline configuration
• network log analysis
• multifactor authentication (MFA)
• password policy

32. Which of the following statements accurately describes port filtering?

• A process performed by a VPN service that protects data by wrapping it in other data packets
• A security technique that divides a network into segments
• A security protocol that provides an encrypted tunnel for issuing commands from a remote server
• A firewall function that blocks or allows certain port numbers in order to limit unwanted network traffic

33. A security team works to ensure that an issue in one area of the business does not spread to others and create more problems. They design subnets for each department, such as one for research and another for finance. What does this scenario describe?

• Patch updating
• Cloud hardening
• Penetration testing
• Network segmentation

34. How can a security professional confirm that no unverified changes have occurred within a cloud server?

• Use port filtering to block or allow certain updates
• Compare the server baseline image to the data in cloud servers
• Establish multifactor authentication (MFA)
• Perform a penetration test

35. What are the purposes of performing a patch update for security hardening? Select all that apply.

• Requiring a user to verify their identity to access a system or network.
• Fixing known security vulnerabilities in a network or services.
• Upgrading an operating system to the latest software version.
• Preventing malicious actors from flooding a network.

36. Fill in the blank: Requiring employees to turn off their personal devices while in secure areas is an example of a _____ security hardening practice.

• network-focused
• virtual
• cloud-based
• physical

37. Fill in the blank: The security measure multi-factor authentication (MFA) requires a user to verify their identity _____ before accessing a system or network.

• in two or more ways
• within 60 seconds
• at least once
• every day

Course 4 - Tools of the Trade: Linux and SQL

Week 1

1. What is an operating system?

• The physical components of a computer
• The interface between computer hardware and the user
• A program for sending email
• A computer, smartphone, or tablet

2. Which of the following are operating systems? Select all that apply.

• Linux
• Android
• Windows
• Smartphones

3. Which of the following statements correctly describe operating systems? Select all that apply.

• Computers run efficiently because of operating systems.
• Operating systems are the physical components of a computer.
• Operating systems are able to run many applications at once.
• Operating systems help people interact with computers in complex ways.

4. Computers communicate in a language called binary, which consists of 0s and 1s.

• True
• False

Test your knowledge: The operating system at work

5. What is the job of a computer's operating system?

• Allow users to specify tasks
• Help other computer programs run efficiently
• Load the bootloader
• Turn on the computer

6. Fill in the blank: In order to carry out tasks on a computer, users directly interact with _____.

• the BIOS
• task managers
• the CPU
• applications

7. The management of a computer’s resources and memory is handled by an application.

• True
• False

8. Which of the following processes are part of starting an operating system? Select all that apply.

• The BIOS or UEFI microchip loads the bootloader.
• The bootloader starts the operating system.
• Either the BIOS or UEFI microchip is activated when a user turns on a computer.
• The bootloader immediately launches when a user turns on a computer.

Test your knowledge: The user interface

9. What is a GUI?

• A user interface that enables people to manage tasks on a computer using icons
• A user interface that allows people to interact with a computer through commands
• A user interface that runs only on Linux operating systems
• A user interface that only runs on mobile devices

10. Which of the following can be components of a GUI? Select all that apply.

• Desktop icons and shortcuts
• Hardware
• Task bar
• Start menu

11. Fill in the blank: A security professional uses a(n) _____ to interact with a computer using text-based instructions.

• operating system
• GUI
• text system
• CLI

12. A useful feature of a CLI is that it records a history file of commands and actions.

• True
• False

Weekly challenge 1

13. Which of the following statements accurately describe operating systems? Select all that apply.

• Operating systems are responsible for making computers run efficiently.
• Operating systems are a type of computer hardware.
• Computers have operating systems, but smartphones and tablets do not have them.
• Operating systems help people and computers communicate.

14. Which of the following are common operating systems? Select three answers.

• macOS®
• Linux
• PC
• Windows

15. What is a bootloader?

• A program that checks for malware infections on a computer
• A program that starts an operating system
• A program that communicates instructions to the user
• A program that loads the BIOS or UEFI chip

16. Fill in the blank: When someone uses a computer application, the operating system interprets the user's requests and directs them to the appropriate _____.

• user on the system
• applications
• user interface
• components of the computers hardware

17. What happens when you use applications on your computer? Select three answers.

• The application receives information from the operating system and sends a confirmation message directly to the hardware.
• The operating system interprets a request from the application and directs it to the appropriate components of the computer’s hardware.
• The application sends your request to the operating system.
• The hardware sends information back to the operating system, which is sent back to the application.

18. Fill in the blank: The user communicates with the operating system via a(n) _____.

• user application
• specialized type of hardware
• another operating system
• user interface

19. Which of the following statements correctly describe GUIs and CLIs? Select three answers.

• A CLI performs multiple tasks less efficiently than a GUI.
• CLI commands execute tasks, such as moving a file to a new folder.
• GUI icons help users manage different tasks on a computer.
• A CLI is a text-based user interface.

20. A security team suspects that an attacker has compromised their system. They examine the commands entered by the attacker to determine whether they can trace the attacker’s actions to help them resolve the incident. What does this scenario describe?

• Reviewing a history file in a GUI
• Repeating a process using icons
• Reviewing a history file in a CLI
• Examining the usage of files and applications from a start menu

21. To ensure a computer's capacity is used where it is needed most, what does an operating system manage?

• BIOS and UEFI
• Viruses and malware
• Icons and graphics
• Resources and memory

Shuffle Q/A

22. Which of the following statements accurately describe operating systems? Select all that apply.

• Operating systems are the interfaces between computer hardware and user.
• Computers, smartphones, and tablets all have operating systems.
• Operating systems only permit one application to run at a time.
• Operating systems are responsible for making computers run efficiently.

23. Which of the following operating systems run on desktop and laptop computers? Select two answers.

• Android
• iOS
• macOS®
• Windows

24. Fill in the blank: When someone uses a computer application, the _____ interprets the user's requests and directs them to the appropriate components of the computer's hardware.

• CPU
• bootloader
• operating system
• BIOS

25. If you wanted to perform a calculation on your computer, which of these things would happen? Select three answers.

• The application would send this request to the operating system.
• The hardware would send the answer directly back to the application.
• You would type in the number you wanted to calculate into the application.
• The hardware would determine the answer and send it back to the operating system.

26. Fill in the blank: The _____ ensures the limited capacity of a computer system is used where it's needed most.

• bootloader
• task manager
• hardware
• operating system

27. Which of the following statements accurately describe operating systems? Select all that apply.

• Smartphones do not have operating systems.
• Operating systems help people and computers communicate.
• Operating systems are part of the physical components of a computer.
• Operating systems enable computers to run multiple applications at once.

28. Which of the following operating systems were designed to run on mobile devices? Select two answers.

• Android
• macOS®
• Linux
• iOS

29. What components are involved in the booting process? Select two answers.

• The bootloader
• BIOS or UEFI
• A CLI
• A GUI

30. Fill in the blank: A _____ is a program that allows users to control functions of the operating system.

• UEFI chip
• user interface
• bootloader
• CPU

31. Which of the following statements correctly describe GUIs and CLIs? Select three answers.

• A CLI uses commands to communicate with an operating system.
• A CLI can complete multiple tasks efficiently.
• A GUI is a text-based user interface.
• GUI icons help users manage different tasks on a computer.

Which of the following statements correctly describe GUIs and CLIs? Select three answers.

• A GUI is a user interface that uses icons.

• CLI commands execute tasks, such as opening a program.

• A CLI can complete multiple tasks efficiently.

• A CLI includes a start menu and taskbar.

32. What does BIOS load in order to start an operating system?

• The bootloader
• The user interface
• UEFI
• An anti-virus application

33. A security team responds to a breach by following the instructions from their playbook. They later want to ensure all of the commands they entered were correct. So, they review the saved steps they performed in the command line. What does this scenario describe?

• Repeating a process using icons
• Saving files and applications from a start menu
• Reviewing a history file in a GUI
• Reviewing a history file in a CLI

34. Fill in the blank: On a computer, the _____ handles resource and memory management.

• task manager
• hardware
• browser
• operating system

Which layer is responsible for establishing a connection between a source and a destination device?

• Layer 1, network access
  • Layer 2, internet

• Layer 3, transport

• Layer 4, application

Week 2

1. As a security analyst, you might use Linux to review logs when investigating an issue.

• True
• False

2. Which of the following are components of the Linux architecture? Select all that apply.

• The shell
• Applications
• The kernel
• The operating system

3. Fill in the blank: The Filesystem Hierarchy Standard (FHS) is the component of Linux architecture that _____.

• organizes data
• consists of the physical components of a computer
• enables people to communicate with the system
• manages processes and memory

4. Which of the following hardware components are peripheral devices? Select all that apply.

• a printer
• a CPU
• RAM
• a monitor

Test your knowledge: Linux distributions

5. Fill in the blank: Because the _____ is open source, anyone can modify it to build new Linux distributions.

• hardware
• kernel
• application
• shell

6. What is KALI LINUX ™?

(KALI LINUX ™ is a trademark of OffSec.)

• A Debian-derived, open-source distribution of Linux designed for security tasks
• A tool with a graphical user interface that can be used to analyze live and captured network traffic
• A subscription-based Linux distribution built for enterprise use
• A tool used to guess passwords

7. What is an open-source, user-friendly distribution derived from Debian that is widely used in security and other industries?

• Ubuntu
• Autopsy
• Red Hat
• tcpdump

8. Which of the following are distributions of Linux? Select all that apply.

• Parrot
• CentOS
• Red Hat
• Pen Test

Test your knowledge: The shell

9. What is the shell?

• An instruction telling the computer to do something
• The command-line interpreter
• Data consisting of an ordered sequence of characters
• Information received by the operating system (OS) via the command line

10. After a user inputs a command into the shell, what can the shell return to the user? Select two answers.

• A request for more input from the user
• Output
• A request for user approval
• An error message

11. What is standard error in Linux?

• A Linux command that outputs a specified string of text
• Error messages returned by the operating system through the shell
• Information received by the operating system via the command line
• Information returned by the operating system through the shell

12. What is the difference between standard input and standard output?

• Standard input is sent from the Filesystem Hierarchy Standard (FHS). Standard output is sent to the FHS.
• Standard input is sent to the operating system. Standard output is sent from the operating system.
• Standard input is sent to the Filesystem Hierarchy Standard (FHS). Standard output is sent from the FHS.
• Standard input is sent from the operating system. Standard output is sent to the operation system.

Weekly challenge 2

13. Fill in the blank: Linux is a(n) _____ operating system.

• closed-source
• single-user
• open-source
• command line

14. Which of the following components are part of the Linux architecture? Select all that apply.

• Applications
• The kernel
• Standard input
• The shell

15. What is one reason why there are multiple distributions of Linux?

• Linux distributions are closed source, which means users must create a new distribution if they want to use Linux.
• Linux distributions expire after a period of time, which means new distributions must be created.
• The Linux kernel is updated yearly, which means community developers create new distributions to stay updated.
• The Linux kernel is open source, which means anyone can use the kernel and modify it.

16. Which of the following statements correctly describe KALI LINUX ™? Select three answers.

(KALI LINUX ™ is a trademark of OffSec.)

• KALI LINUX ™ was created specifically to be used with penetration testing and digital forensics.
• KALI LINUX ™ was created as an enterprise distribution of Linux.
• KALI LINUX ™ is an open-source Linux distribution that is widely used in security.
• KALI LINUX ™ should be used on a virtual machine.

17. Which of these are common Linux distributions? Select all that apply.

• Parrot
• Red Hat
• Bash
• CentOS

18. Fill in the blank: The _____ communicates with the kernel to execute commands.

• shell
• Filesystem Hierarchy Standard (FHS)
• interface
• hardware

19. Which of the following are communication methods with the shell? Select all that apply.

• Standard command
• Standard error
• Standard input
• Standard output

20. Which of the following is an example of hardware?

• Shell
• Kernel
• CPU
• Applications

21. When the system doesn't know how to respond to a command, what is the result?

• A request for additional resources
• Standard input
• Standard output
• An error message

Shuffle Q/A

22. What is an effect of Linux being open source?

• It allows for collaboration among a community of developers.
• It is the most simple OS in terms of architecture.
• It requires a yearly subscription.
• It is the easiest OS for beginners to use.

23. Which of the following components are part of the Linux architecture? Select all that apply.

• The kernel
• The Filesystem Hierarchy Standard (FHS)
• Standard output
• Hardware

24. What are distributions?

• Simulated attacks that help identify vulnerabilities
• The different versions of Linux
• Programs that perform specific tasks
• Data consisting of an ordered sequence of characters

25. What is an example of a Linux distribution that comes pre-installed with many security-related tools?

• Wireshark
• KALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)
• Kernel
• SUSE

26. What is the Linux shell used for?

• It organizes the data stored in the computer so it can be found easily.
• It manages processes and memory.
• It ensures the system allocates resources efficiently.
• It allows you to communicate with the operating system.

Fill in the blank: When you communicate with the shell, the commands in the shell can ___. Select all that apply.

• give error messages

• give output

• take output
• take input

Which of the following is a Linux distribution that is built for enterprise use and offers a dedicated support team for customers?

• nano
  • KALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)

• Red Hat

• Parrot

Fill in the blank: Package managers are used to distribute Linux _____.

• kernels
  • shells
  • commands

• applications

27. Which of the following is an example of an application?

• Parrot
• CentOS
• nano
• The kernel

28. What does standard error contain?

• Error messages sent as standard input to an application.
• Error messages sent to the OS from the shell.
• Error messages returned by the OS through the shell.
• Error messages sent to an application as string data.

29. Which aspect of Linux makes it available to everyone?

• Its kernel
• Its open-source design
• Its multiple distributions
• Its use in cybersecurity

30. Which of the following components are part of the Linux architecture? Select all that apply.

• The distribution
• The Filesystem Hierarchy Standard (FHS)
• Applications
• The shell

Which of the following components are part of the Linux architecture? Select all that apply.

• The kernel

• Standard output

• Hardware

• The Filesystem Hierarchy Standard (FHS)

31. Which of the following are examples of Linux distributions? Select all that apply.

• Debian
• Wireshark
• Ubuntu
• tcpdump

32. What is the shell in Linux?

• An instruction telling the computer to do something
• The command-line interpreter
• A Linux command that outputs a specified string of text
• The information received by the OS via the command line

Week 3

1. What is a command?

• A common shell in many Linux distributions
• An instruction that tells a computer to do something
• The highest-level directory in Linux
• A component of the Linux architecture

2. Which of the following commands prints the working directory to the screen?

• cat
• ls
• pwd
• head

3. What does the cd command do?

• Navigates between directories
• Outputs a specified string of text
• Displays the names of files in the current directory
• Prints the working directory to the screen

4. A security professional enters head access.txt into a shell. What are they telling the operating system to do?

• Remove the first 5 lines of access.txt
• Return the content of access.txt one page a time
• Display the first 10 lines of access.txt
• Add a header to the file named access.txt

5. What is the difference between an absolute file path and a relative file path?

• An absolute file path starts from the current directory, and a relative file path starts from the root.
• An absolute file path ends with a forward slash (/), and a relative file path ends with a backslash (\).
• An absolute file path starts from the root, and a relative file path starts from the current directory.
• An absolute file path ends with a backslash (\), and a relative file path ends with a forward slash (/).

Test your knowledge: Manage file content in Bash

6. What two arguments commonly follow the grep command?

• The file to move and the new file location
• The string to search for and the file to search through
• The file to write to and the string to add to it
• The file name to search for and the directory to search through

7. In Linux, what does the piping command (|) do?

• It searches a specified file and returns all lines in the file containing a specified string.
• It moves a file or directory to a new location.
• It sends the standard input of one command as standard output to another command for further processing.
• It sends the standard output of one command as standard input to another command for further processing.

8. A security professional enters cp vulnerabilities.txt /home/analyst/projects into the command line. What do they want the operating system to do?

• Create a new file named vulnerabilities.txt in the projects directory
• Remove the vulnerabilities.txt file from the projects directory
• Search for the string vulnerabilities.txt in the projects directory
• Copy the vulnerabilities.txt file into the projects directory

9. What command creates a new file called failed_logins.txt?

• find failed_logins.txt
• mkdir failed_logins.txt
• touch failed_logins.txt
• rm failed_logins.txt

Test your knowledge: Authenticate and authorize users

10. What is authorization?

• The concept of granting only the minimal access and authorization required to complete a task or function
• The concept of granting access to specific resources in a system
• The process of a user proving that they are who they say they are in the system
• The process of temporarily granting elevated permissions to specific users

11. Which of the following statements correctly describe the file permissions string -rw-rw-rw-? Select two answers.

• The user and group have execute permissions.
• The user has write permissions.
• The file type is a directory.
• The group has read permissions.

12. A security professional enters chmod g+w access.txt into the command line. What does this command tell the operating system to do?

• Add write permissions to the user for the access.txt file
• Remove write permissions from the group for the access.txt file
• Add write permissions to the group for the access.txt file
• Remove write permissions from the user for the access.txt file

13. Which of the following commands typically must be used with sudo? Select three answers.

• useradd
• chmod
• userdel
• chown

14. A security analyst is updating permissions on a directory named projects. The current permissions are drwxrw-r--. They want to add execute permissions for the group. What do they enter on the command line?

• chmod g+x projects
• chmod u-x projects
• chmod x+x projects
• chmod g-x projects

Test your knowledge: Get help in Linux

15. Which of the following statements accurately describe Linux’s online global community? Select three answers.

• Because Linux is open-source, the community can easily contribute.
• The community is focused on collecting feedback from advanced users of Linux.
• Linux users can find support from the community for everyday tasks.
• The community publishes online information to help users learn how to operate Linux.

16. What does the man command do?

• Display a description of a command on a single line
• Display information on other commands and how they work
• Search the manual page descriptions for a specified string
• Delete a user from the system

17. What does the whatis command do?

• Return the username of the current user
• Display information on other commands and how they work
• Search the manual page descriptions for a specified string
• Display a description of a command on a single line

18. What is an advantage of the apropos command?

• It incorporates mandatory options for customized searching
• It condenses the description of a specific command to one line.
• Users can search for a command even if they do not know the specific command name.
• It can be used to search for descriptions of commands when you know the specific command name.

Weekly challenge 3

19. What are the arguments in mv Q1users.txt /home/analyst/reports? Select two answers.

• Q1users.txt
• .txt
• mv
• /home/analyst/reports

20. Fill in the blank: The highest-level directory in Linux is called the _____.

• permissions
• root directory
• home directory
• sudo

Which command searches a specified file and returns all lines in the file containing a specified string?

• mkdir
  • sudo

• grep

• pwd

Which of these commands creates a new file?

• cd
  • chmod

• touch

• mkdir

21. What does the grep command do?

• Searches a specified file and returns all lines in the file containing a specified string
• Temporarily grants elevated permissions to specific users
• Prints the working directory to the screen
• Creates a new directory

22. What does the touch command do?

• Creates a new file
• Opens a file editor
• Moves a file or directory to a new location
• Changes permissions on files and directories

23. What are read, write, and execute?

• The three types of permissions for authorized users
• The three types of owners for files and directories
• Different methods for editing files
• Specific Linux commands used to change file permissions

A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group.  What do they enter on the command line?

• chmod u+w,g-r access.txt

• chmod access.txt u+w,g-r
• chmod u-w,g+r access.txt
• chmod u+rw,g-rw access.txt

24. A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group. What do they enter on the command line?

• chmod u-w,g+r access.txt
• chmod u+rw,g-rw access.txt
• chmod access.txt u+w,g-r
• chmod u+w,g-r access.txt

25. A user is not a root user, but needs elevated privileges to use certain commands. What should they do?

• Use the sudo command
• Assign themselves write permissions
• Assign themselves execute permissions
• Use the chmod command

26. Which command can you use to change your current directory?

• pwd
• cat
• ls
• cd

27. What does the apropos command do?

• Searches the manual page descriptions for a specified string
• Displays detailed information on commands and their options
• Prints the working directory to the screen
• Displays a description of a command on a single line

28. Given the following permissions drw-rw-r--, what permissions does the group have? Select all that apply.

• Read
• Use
• Write
• Execute

Given the following permissions drw-rw-r--, which character indicates if this is a file or directory?

• Fifth
  • Tenth

• First

• Second

Shuffle Q/A

29. A security analyst enters grep OS updates.txt into the command line. What does this tell the operating system to do?

• Create a new directory named OS and a new file named updates.txt
• Create a new file named updates.txt in the OS directory
• Search through the updates.txt file and return all lines containing the string OS
• Move the updates.txt file to the OS directory

30. What does sudo do?

• Temporarily grants elevated permissions to specific users
• Deletes users from the system
• Changes the owner associated with a particular file
• Adds users to the system

31. In which of these situations would you enter cd logs?

• You want to search for the string logs in the files of your current directory.
• You want to list all the files and directories in the logs directory.
• You want to change to a subdirectory of your current directory named logs.
• You want to print the first 10 lines of the logs file.

32. Given the following permissions drw-rw-r--, what does the fourth character represent?

• The group does not have execute permissions for this directory

• The user does not have execute permissions for this directory

• The user has execute permissions for this directory
• The group has execute permissions for this directory

33. What are the arguments in cp vulnerabilities.txt /home/analyst/projects? Select two answers.

• /home/analyst/projects
• vulnerabilities.txt
• cp
• /home

34. Which of the following items represents the root directory?

• /

• *home
• /home
• *

35. A security analyst enters touch updates.txt into the command line. What does this tell the operating system to do?

• Move the updates.txt file out of their current directory
• Create a new file named updates.txt in their current directory
• Open the updates.txt file
• Create a new file named updates.txt and move it to the root directory

36. Which of the following are types of permissions? Select all that apply.

• Read
• Write
• Authorize
• Execute

37. A security analyst enters chmod u+w,g-r access.txt into the command line. What does this command tell the operating system to do? Select all that apply.

• Remove read permissions from the user for the access.txt file
• Add write permissions to the user for the access.txt file
• Add write permissions to the group for the access.txt file
• Remove read permissions from the group for the access.txt file

38. Which of the following commands require the user to be a root user or have sudo privileges? Select two answers.

• cd
• useradd
• userdel
• grep

39. What should you specify in the argument following the cd command?

• Your current directory
• The string you want to search for
• The directory you want to navigate to
• The file you want to create

40. Which of the following commands searches the manual page descriptions for a specified string?

• cp
• pwd
• man
• apropos

Week 4

1. Which statement accurately describes the organization of a relational database?

• Relational databases consist of a single table with one primary key and one foreign key.
• Relational databases contain tables that are related to each other through primary and foreign keys.
• Relational databases consist of a single table containing related information.
• Relational databases contain primary keys with at least two duplicate values.

2. What is SQL used for? Select two answers.

• Finding data to support security-related decisions and analysis
• Allowing users to access a specific machine
• Securing an organization’s systems and networks
• Creating, interacting with, and requesting information from a database

3. A record of attempts to connect to an organization’s network is one example of a log.

• True
• False

4. Fill in the blank: A request for data from a database table or a combination of tables is called a _____.

• query
• log
• key
• row

Test your knowledge: SQL queries

5. What is filtering in SQL?

• Removing invalid records
• Removing unnecessary data from the database
• Selecting data that match a certain condition
• Changing a table to match a condition

6. You are working with the Chinook database and want to return the firstname, lastname, and phone of all employees. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

What is Andrew Adams' phone number?

Answers

• +1 (403) 262-3443
• +1 (780) 428-9482
• +1 (780) 836-9987
• +1 (403) 467-3351

7. A security analyst wants to filter the log_in_attempts table for records where the value in the country column is 'Canada'. What is a valid query for this?

• WHERE country = ‘Canada’
  
  SELECT *
  
  FROM log_in_attempts; 
• SELECT *
  
  FROM log_in_attempts
  
  WHERE country = ‘Canada’; 
• SELECT WHERE country = ‘Canada’
  
  FROM log_in_attempts; 
• SELECT *
  
  FROM log_in_attempts
  
  WHERE country = Canada; 

8. Which pattern matches with any string that starts with the character 'A'?

• ‘%A%’
• ‘%A’
• ‘A%’
• ‘A’

Test your knowledge: More SQL filters

9. Which filter outputs all records with values in the date column between '01-01-2015' (January 1, 2015) and '01-04-2015' (April 1, 2015)?

• WHERE date BETWEEN ’01-01-2015′ AND ’01-04-2015′;
• WHERE date BETWEEN ’01-01-2015′, ’01-04-2015′;
• WHERE date < ’01-04-2015′;
• WHERE date > ’01-01-2015′;

10. Which operator is most efficient at returning all records with a status other than 'successful'?

• OR
• NOT
• BETWEEN
• AND

11. You are working with the Chinook database. You want to find the first and last names of customers who have a value in the country column of either 'Brazil' or 'Argentina'. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

How many customers are from Brazil or Argentina?

• 5
• 6
• 1
• 4

12. While working as an analyst, you encounter a query that includes the following filter:

SELECT *

FROM customers

WHERE country = 'USA' AND state = 'NV'

What will this query return?

• Information about customers who have a value of ‘USA’ in the country column and a value of ‘NV’ in the state column.
• Information about customers who do not have a value of ‘USA’ in the country column but do have a value of ‘NV’ in the state column.
• Information about customers who have a value of ‘USA’ in the country column or a value of ‘NV’ in the state column.
• Information about customers who do not have a value of ‘USA’ in the country column or do not have a value of ‘NV’ in the state column.

Test your knowledge: SQL joins

13. Which join types return all rows from only one of the tables being joined? Select all that apply.

• RIGHT JOIN
• INNER JOIN
• FULL OUTER JOIN
• LEFT JOIN

14. You are performing an INNER JOIN on two tables on the employee_id column. The left table is employees, and the right table is machines. Which of the following queries has the correct INNER JOIN syntax?

• SELECT *
  
  FROM employees
  
  INNER JOIN machines WHERE employees.employee_id = machines.employee_id; 
• SELECT *
  
  FROM employees
  
  INNER JOIN ON employees.employee_id = machines.employee_id; 
• INNER JOIN machines ON employees.employee_id = machines.employee_id
  
  SELECT *
  
  FROM employees; 
• SELECT *
  
  FROM employees
  
  INNER JOIN machines ON employees.employee_id = machines.employee_id; 

15. In the following query, which join returns all records from the employees table, but only records that match on employee_id from the machines table?

SELECT *

FROM employees

_____ machines ON employees.employee_id = machines.employee_id;

• FULL OUTER JOIN
• RIGHT JOIN
• INNER JOIN
• LEFT JOIN

16. As a security analyst, you are responsible for performing an INNER JOIN on the invoices and invoice_items tables of the Chinook database. These tables can be connected through the invoiceid column. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

What is the value in the trackid column of the first row that is returned from this query?

• 1
• 3
• 2
• 449

Weekly challenge 4

17. Why might a security analyst use SQL?

• To store data in a spreadsheet
• To create new files on their computer
• To efficiently find needed data in security logs
• To assign new passwords to users

18. Fill in the blank: A column in which every row has a unique entry and which is used to identify a table is called a _____.

• primary key
• database key
• foreign key
• relational key

19. Which of these SQL statements queries the log_in_attempts table? Select all that apply.

• SELECT *
  
  FROM log_in_attempts; 
• SELECT event_id, username
  
  FROM log_in_attempts
  
  WHERE event_id < 150; 
• SELECT log_in_attempts
  
  FROM *; 
• SELECT log_in_attempts
  
  FROM event_id; 

20. What does INNER JOIN do?

• Combine tables and save them as a new table
• Compare tables and return only the rows that have a matching value in a specified column
• Filter databases to return only columns that exist in every table
• Return every row in joined tables

21. Which SQL keyword indicates the condition for a filter?

• FROM
• SELECT
• INNER JOIN
• WHERE

22. You work with a table that has one column for name. Some of these names have prefixes. You want to identify all of the doctors. Which query will return every name that starts with the prefix 'Dr.'?

• WHERE name LIKE ‘Dr.%’;
• WHERE name = ‘Dr.%’;
• WHERE name = ‘Dr._’;
• WHERE name LIKE ‘Dr._’;

23. What does the following query return?

SELECT *

FROM employees

RIGHT JOIN machines ON employees.device_id = machines.device_id;

• All columns of the employees and machines table and the records from employees and machines that match on device_id
• All columns and records from the employees and machines tables
• All columns of the employees and machines table, all records from the employees table, and the records from machines that match on device_id
• All columns of the employees and machines table, all records from the machines table, and the records from employees that match on device_id

24. You are working with the Chinook database. You want to return the company and country columns from the customers table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

In what country is JetBrains s.r.o. located?

• Germany
• Czech Republic
• Brazil
• United States

25. You are working with the Chinook database and are responsible for filtering for invoices with a total that is more than 20. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

How many invoices have a total that is more than 20?

• 2
• 4
• 1
• 3

You are working with the Chinook database and are responsible for filtering for customers that live in the country of 'USA' and the state with an abbreviation of 'CA'. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

SELECT firstname,lastname, address, country

FROM customers

--???

What are the first names of the customers that live in the USA and the state with an abbreviation of CA?

• Frank, Tim, Dan

• Frank, Tim, Dan, Heather, Kathy
• Kathy, Michelle, Frank
• John, Michelle, Julia, Patrick

26. You are working with the Chinook database and are responsible for filtering for the customers that live in the city of 'Mountain View' and work for the company of 'Google Inc.' Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

How many customers live in Mountain View and work for Google Inc.?

• 3
• 2
• 4
• 1

Shuffle Q/A

27. A security analyst queries a table related to login attempts. How can SQL help this analyst with their work?

• The analyst will get a live update on new login attempts.
• The analyst can efficiently find the login data they need.
• SQL will change authentication permissions to prevent unauthorized logins.
• SQL will automatically distribute a report on suspicious login attempts.

28. Which of these SQL statements queries the machines table? Select all that apply.

• SELECT *
  
  FROM machines; 
• SELECT device_id, operating_system
  
  FROM machines
  
  WHERE operating_system = ‘OS 2’; 
• SELECT machines
  
  FROM *; 
• SELECT machines
  
  FROM operating_system; 

29. What does WHERE department = 'Sales' indicate in the following SQL query?

SELECT *

FROM employees

WHERE department = 'Sales';

• To highlight the department column in the results
• To only return rows that match the filter
• To only return the department column
• To change all the values in the department column to ‘Sales’

30. You need to perform a SQL join. You want to return all the columns with records matching on the employee_id column between the employees and machines tables. You also want to return all records from the machines table. Which of the following queries would you use?

• SELECT *
  
  FROM employees
  
  INNER JOIN machines ON employees.employee_id = machines.employee_id; 
• SELECT *
  
  FROM employees
  
  LEFT JOIN machines ON employees.employee_id = machines.employee_id; 
• SELECT *
  
  FROM employees
  
  FULL OUTER JOIN machines ON employees.employee_id = machines.employee_id; 
• SELECT *
  
  FROM employees
  
  RIGHT JOIN machines ON employees.employee_id = machines.employee_id; 

31. You are working with the Chinook database. You want to return the employeeid and email columns from the employees table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

What is the employee ID number of the employee with an email of laura@chinookcorp.com?

• 8
• 2
• 6
• 4

32. You are working with the Chinook database and are responsible for filtering for the customers that have a value of 'USA' in the country column and have a value of 'Frank' in the firstname column. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

How many customers live in the USA and have the name Frank?

• 4
• 1
• 3
• 2

33. You need to perform a SQL join. You want to return all the columns with records matching on the device_id column between the employees and machines tables. You also want to return all records from the employees table. Which of the following queries would you use?

• SELECT *
  
  FROM employees
  
  RIGHT JOIN machines ON employees.device_id = machines.device_id; 
• SELECT *
  
  FROM employees
  
  INNER JOIN machines ON employees.device_id = machines.device_id; 
• SELECT *
  
  FROM employees
  
  FULL OUTER JOIN machines ON employees.device_id = machines.device_id 
• SELECT *
  
  FROM employees
  
  LEFT JOIN machines ON employees.device_id = machines.device_id; 

34. You are working with the Chinook database. You want to return the lastname and title columns from the employees table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

What is the title of the employee with the last name of Callahan?

• IT Manager
• IT Staff
• Sales Manager
• General Manager

35. You are working with the Chinook database and want to filter on the hiredate column to find all employees hired on or after '2003-10-17' (October 17, 2003). Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)

How many employees were hired on or after October 17, 2003?

• 4
• 2
• 3
• 1

36. What is true about the values in the primary key column? Select all that apply.

• They cannot be null (or empty).
• They should never contain numeric data.
• They do not need to be unique.
• Each row must have a unique value.

Which of these SQL statements queries the employees table? Select all that apply.

• SELECT employees

FROM employee_id;

• SELECT employees

FROM *;

• SELECT *

FROM employees;

• SELECT employee_id, device_id

FROM employees

WHERE employee_id > 1100;

What type of join compares tables and returns only the rows that have a matching value in a specified column?

• FULL OUTER JOIN
  • LEFT JOIN

• INNER JOIN

• RIGHT JOIN

37. Both an employees table and a machines table contain an employee_id column, and you want to return only the records that share a value in this column. Which keyword should be part of your query?

• FULL OUTER JOIN
• INNER JOIN
• BETWEEN
• WHERE

38. Which query returns all records that start with the character 'a' from the name column in the employees table?

• SELECT name
  
  FROM employees
  
  WHERE name = ‘a%’; 
• SELECT name
  
  FROM employees
  
  WHERE name LIKE ‘%a’; 
• SELECT name
  
  FROM employees
  
  WHERE name LIKE ‘a%’; 
• SELECT name
  
  FROM employees
  
  WHERE name LIKE ‘a’; 

Course 5 - Assets, Threats, and Vulnerabilities

Week 1

1. What is a risk?

• Any circumstance or event that can negatively impact assets
• Anything that can impact the confidentiality, integrity, or availability of an asset
• The practice of labeling assets based on sensitivity and importance to an organization
• A weakness that can be exploited by a threat

2. A security professional discovers a rogue access point on their company WiFi that is not managed by the networking team. The rogue device is altering and deleting sensitive records without authorization. What does this scenario describe?

• Threat
• Vulnerability
• Risk
• Asset

3. A product team is storing customer survey data for a new project in a cloud drive. The data is only accessible to product team members while the project is in development. What is this data’s asset type?

• Public
• Customer data
• Internal demo
• Confidential

4. What is the practice of labeling assets based on sensitivity and importance to an organization?

• Asset inventory
• Asset classification
• Asset management
• Asset restriction

Test your knowledge: Digital and physical assets

5. What is the practice of keeping data in all states away from unauthorized users?

• Network
• Cybersecurity
• Information security
• Asset

6. An employee is promoted to a new role, so their workstation is transferred to a different office. As the employee’s workstation is being relocated, what data state are its files in?

• At rest
• In transit
• In use
• In storage

7. What is an example of data in transit?

• A sent email is traveling over the network to reach its destination.
• A spreadsheet file is saved on an employee’s hard drive.
• A manager is editing a report on their computer.
• A user logs in to their online account to review their messages.

8. Fill in the blank: Data is in use when it is being _____ by one or more users.

• accessed
• ignored
• transported
• classified

Test your knowledge: Risk and asset security

9. What types of risks do security plans address? Select three answers.

• Disclosure of data
• Shift of market conditions
• Loss of information
• Damage to assets

10. What are the basic elements of a security plan? Select three answers.

• Standards
• Policies
• Procedures
• Regulations

11. Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

• voluntary
• mandatory
• limited
• rigid

12. What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.

• It helps organizations achieve regulatory standards.
• It can be used to identify and assess risk.
• It is required to do business online.
• It’s adaptable to fit the needs of any business.

Weekly challenge 1

13. A malicious hacker gains access to a company system in order to access sensitive information. What does this scenario describe?

• Vulnerability
• Regulation
• Procedure
• Threat

Which of the following are examples of a vulnerability? Select two answers.

• Malicious hackers stealing access credentials

• An employee misconfiguring a firewall

• Attackers causing a power outage

• A malfunctioning door lock

14. Fill in the blank: A misconfigured firewall is an example of a security _____.

• exploit
• vulnerability
• threat
• asset

15. What is the first step of asset management?

• To assign a risk score to assets
• To address an asset’s vulnerabilities
• To make an asset inventory
• To classify assets based on value

16. A small group of software developers is working internally on a confidential project. They are developing a new web application for the employees at their organization. Who can the developers discuss this confidential project with? Select two answers.

• External business partners
• Close friends
• Teammates
• Project managers

17. A local chef owns a successful small business that sells cooking sauces and seasoning. Their best-selling product is a sauce that’s made with a top secret family recipe. To continue growing the company, the chef is about to start a partnership with a large retailer. In this scenario, what classification level should be assigned to the chef's proprietary recipe in this scenario?

• Public
  • Internal
  • Confidential

• Restricted

Which of the following can be prevented with effective information security? Select all that apply.

• Compliance with regulations

• Identity theft

• Financial loss

• Reputational damage

What is an example of digital data at rest? Select two answers.

• Files on a hard drive

• Email messages in an inbox

• Letters on a table

• Contracts in a file cabinet

18. Fill in the blank: Information security (InfoSec) is the practice of keeping ____ in all states away from unauthorized users.

• processes
• documents
• files
• data

19. What is an example of data in transit? Select two answers.

• A slideshow presentation on a thumb drive
• A file being downloaded from a website
• A website with multiple files available for download
• An email being sent to a colleague

20. Who should an effective security plan focus on protecting? Select all that apply.

• Customers
• Competitors
• Employees
• Business partners

What NIST Cybersecurity Framework (CSF) tier is an indication that compliance is being performed at an exemplary standard?

• Level-2

• Level-4

• Level-3

• Level-1

What are some benefits of the NIST Cybersecurity Framework? Select three answers.

• The CSF fosters trust between businesses.

• The CSF will protect an organization from cyber threats.

• The CSF is adaptable to meet a company’s needs.

• The CSF assists with regulatory compliance efforts.

21. Which of the following are components of the NIST Cybersecurity Framework? Select three answers.

• Profiles
• Core
• Controls
• Tiers

22. Fill in the blank: To measure performance across the functions of the _____, security teams use NIST tiers.

• profiles
  • core

• framework

• business

Shuffle Q/A

23. An employee who has access to company assets abuses their privileges by stealing information and selling it for personal gain. What does this scenario describe?

• Vulnerability
• Procedure
• Threat
• Regulation

Which of the following refers to the process of tracking assets and the risks that affect them?

• Asset management

• Asset administration
• Asset classification
• Asset inventory

24. Which of the following are examples of security vulnerabilities? Select three answers.

• Unattended laptop
• Suspended access card
• Weak password
• Unlocked doors at a business

25. Which of the following statements correctly describe security asset management? Select two answers.

• It helps identify risks.
• It decreases vulnerabilities.
• It is a one-time process.
• It uncovers gaps in security.

26. What is an example of restricted information? Select all that apply.

• Cardholder data
• Intellectual property
• Employee email addresses
• Health information

27. What are some key benefits of a security plan? Select three answers.

• Define consistent policies that address what’s being protected and why.
• Establish a shared set of standards for protecting assets.
• Outline clear procedures that describe how to protect assets and react to threats.
• Enhance business advantage by collaborating with key partners.

28. Fill in the blank: CSF profiles provide insights into the _____ state of a security plan.

• historical
• current
• future
• recent

29. An employee is asked to email customers and request that they complete a satisfaction survey. The employee must be given access to confidential information in the company database to conduct the survey. What types of confidential customer information should the employee be able to access from the company's database to do their job? Select two answers.

• E-mail addresses
• Credit card data
• Customer names
• Home addresses

30. A mobile game displays ads to users. The game is free to users so long as they occasionally view ads from other companies. Should these other companies be able contact the users of the gaming app?

• Maybe, because users have control over sharing their information.
• No, because this user information is restricted.
• Yes, because user information is public.

31. Why is it so challenging to secure digital information? Select two answers.

• Most information is in the form of data.
• There are no regulations that protect information.
• There are so many resources to dedicate to security.
• Technologies are interconnected.

32. What is an example of confidential information? Select two answers.

• Press release
• Employee contacts
• Project documents
• Marketing strategy

33. What is an example of data in use? Select three answers.

• Reading emails in your inbox.

• Watching a movie on a laptop.

• Playing music on your phone.
• Downloading a file attachment.

34. Which of the following are functions of the NIST Cybersecurity Framework core? Select three answers.

• Implement
• Protect
• Detect
• Respond

Week 2

1. What are categories of security controls? Select all that apply.

• Operational
• Privacy
• Technical
• Managerial

2. Fill in the blank: A data _____ decides who can access, edit, use, or destroy their information.

• handler
• custodian
• protector
• owner

3. A writer for a technology company is drafting an article about new software features that are being released. According to the principle of least privilege, what should the writer have access to while drafting the article? Select all that apply.

• Login credentials of the software users
• Software developers who are knowledgeable about the product
• Other new software that is in development
• The software they are reviewing

4. Which privacy regulations influence how organizations approach data security? Select three answers.

• Infrastructure as a Service (IaaS)
• General Data Protection Regulation (GDPR)
• Payment Card Industry Data Security Standard (PCI DSS)
• Health Insurance Portability and Accountability Act (HIPAA)

Test your knowledge: Encryption methods

5. Which of the following elements are required when using encryption? Select all that apply.

• Key
• Certificate
• Cipher
• Token

6. Which technologies are used in public key infrastructure (PKI)? Select three answers.

• Asymmetric encryption
• Symmetric encryption
• Digital certificates
• Ciphertext

7. Fill in the blank: _____ encryption produces a public and private key pair.

• Hashing
• Symmetric
• Salting
• Asymmetric

8. An attacker gains access to a database where user passwords are secured with the SHA-256 hashing algorithm. Can the attacker decrypt the user passwords?

• Yes. Hash algorithms produce a decryption key.
• No. Hash algorithms do not produce decryption keys.

9. What term describes being unable to deny that information is authentic?

• Confidentiality
• Non-repudiation
• Integrity
• Availability

Test your knowledge: Authentication, authorization, and accounting

10. What factors do authentication systems use to verify a user's identity? Select three answers.

• Ownership
• Characteristic
• Authorization
• Knowledge

11. How do businesses benefit from implementing single sign-on (SSO) technology? Select two answers.

• By simplifying their user management
• By providing a better user experience
• By requiring multiple forms of identification
• By streamlining HTTP traffic between servers

12. A retail company has one employee that’s in charge of purchasing goods, another employee that's in charge of approving new purchases, and a third employee that’s in charge of paying invoices. What security principle is the retail company implementing?

• Separation of duties
• Least privilege
• Authentication, authorization, and accounting (AAA)
• Non-repudiation

13. What are the categories of access controls? Select three answers.

• Authorization
• Administration
• Authentication
• Accounting

14. What credential does OAuth use to authenticate users?

• A one-time passcode (OTP)
• A session cookie
• An application programming interface (API) token
• A digital certificate

Weekly challenge 2

15. Which of the following examples are categories of security controls? Select three answers.

• Operational
• Managerial
• Technical
• Compliance

16. A large hotel chain is conducting a national sweepstakes. To enter the sweepstakes, customers must consent to sharing their email address with the chain’s business partners for marketing purposes. What are the hotel chain's responsibilities as data custodians? Select three answers.

• Back up customer information
• Send information to business partners
• Grant business partners consent to use customer data
• Collect customer consent and emails

17. You send an email to a friend. The service provider of your inbox encrypts all messages that you send. What happens to the information in your email when it’s encrypted?

• It’s converted from a hash value to ciphertext.
• It’s converted from Caesar’s cipher to plaintext.
• It’s converted from plaintext to ciphertext.
• It’s converted from ciphertext to plaintext.

18. Why are hash algorithms that generate long hash values more secure than those that produce short hash values?

• They are easier to decrypt
• They are easier to exchange over a network
• They are more difficult to remember
• They are more difficult to brute force

19. Fill in the blank: A _____ is used to prove the identity of users, companies, and networks in public key infrastructure.

• digital certificate
• access token
• access key
• digital signature

20. Fill in the blank: Knowledge, ownership, and characteristic are three factors of _____ systems.

• authorization
• administrative
• accounting
• authentication

What are two advantages of using single sign-on (SSO) systems to authenticate users? Select two answers.

• It makes authentication safe.

• It makes the login process faster.

• Users can reuse the same password.

• Users can gain access to multiple platforms.

21. What is a key advantage of multi-factor authentication compared to single sign-on?

• It can grant access to multiple company resources at once.
• It streamlines the authentication process.
• It requires more than one form of identification before granting access to a system.
• It is faster when authenticating users.

22. A shipping company imports and exports materials around the world. Their business operations include purchasing goods from suppliers, receiving shipments, and distributing goods to retailers. How should the shipping company protect their assets under the principle of separation of duties? Select two answers.

• Have one employee file purchase orders
• Have one employee select goods and submit payments
• Have one employee receive shipments and distribute goods
• Have one employee approve purchase orders

23. Fill in the blank: ____ is the technology used to establish a user’s request to access a server.

• Basic auth
• API tokens
• OAuth
• Digital certificates

24. Which of the following are reasons why accounting in security is such an important function of effective access controls? Select two answers.

• Identify ways to improve business operations.
• Detect session hijacking incidents.
• Uncover threat actors who have accessed a system.
• Record user activity for marketing purposes.

Which security controls are used in public key infrastructure? Select three answers.

• Multi-factor authentication

• Digital certificates

• Symmetric encryption

• Asymmetric encryption

Shuffle Q/A

25. What is the primary purpose of hash functions?

• To store data in the cloud
• To determine data integrity
• To decrypt sensitive data
• To make data quickly available

26. Which of the following steps are part of the public key infrastructure process? Select two answers.

• Exchange of public and private keys
• Transfer hash digests
• Establish trust using digital certificates
• Exchange of encrypted information

27. What factors do authentication systems use to verify a user's identity? Select three answers.

• Accounting
• Knowledge
• Ownership
• Characteristic

28. What are some disadvantages of using single sign-on (SSO) technology for user authentication? Select two.

• Username and password management is more complicated for the end users.
• Customers, vendors, and business partners are less vulnerable to attack.
• Stolen credentials can give attackers access to multiple resources.
• Access to all connected resources stops when SSO is down.

29. A business has one person who receives money from customers at the register. At the end of the day, another person counts that money that was received against the items sold and deposits it. Which security principles are being implemented into business operations? Select two answers.

• Multi-factor authentication
• Separation of duties
• Single sign-on
• Least privilege

30. What types of user information does an API token contain? Select two answers.

• A user’s secret key
• A user’s site permissions
• A user’s password
• A user’s identity

31. Which type of encryption is generally slower because the algorithms generate a pair of encryption keys?

• Asymmetric
• Rivest–Shamir–Adleman (RSA)
• Data encryption standard (DES)
• Symmetric

32. The main responsibility of a receptionist at a healthcare company is to check-in visitors upon arrival. When visitors check-in, which kinds of information should the receptionist be able to access to complete their task? Select two answers.

• The patient being visited
• Their billing information
• Their medical history
• A photo ID

33. A customer of an online retailer has complained that their account contains an unauthorized purchase. You investigate the incident by reviewing the retailer's access logs. What are some components of the user's session that you might review? Select two answers.

• Session certificate
• Session algorithm
• Session cookie
• Session ID

34. What is the purpose of security controls?

• Create policies and procedures
• Encrypt information for privacy
• Establish incident response systems
• Reduce specific security risks

What do symmetric encryption algorithms use to encrypt and decrypt information?

• A digital certificate

• A public and private key pair

• A hash value

• A single secret key

35. A paid subscriber of a news website has access to exclusive content. As a data owner, what should the subscriber be authorized to do with their account? Select three answers.

• Stop their subscription
• Review their username and password
• Edit articles on the website
• Update their payment details

36. What are common authorization tools that are designed with the principle of least privilege and separation of duties in mind? Select three answers.

• API Tokens
• SHA256
• Basic auth
• OAuth

37. What is the practice of monitoring the access logs of a system?

• Auditing
• Authentication
• Accounting
• Authorization

Week 3

1. Which of the following are steps in the vulnerability management process. Select two answers.

• Identify vulnerabilities
• Catalog organizational assets
• Assign a CVE® ID
• Prepare defenses against threats

2. An organization is attacked by a vulnerability that was previously unknown. What is this exploit an example of?

• A cipher
• An asset
• A zero-day
• A perimeter layer

3. Which layer of the defense in depth strategy is a user authentication layer that mainly filters external access?

• Endpoint
• Data
• Network
• Perimeter

4. A security researcher reports a new vulnerability to the CVE® list. Which of the following criteria must the vulnerability meet before it receives a CVE® ID? Select two answers.

• It must affect multiple applications.
• The submission must have supporting evidence.
• The vulnerability must be unknown to the developer.
• It must be independently fixable.

Test your knowledge: Identify system vulnerabilities

5. Fill in the blank: A vulnerability ____ refers to the internal review process of an organization’s security systems.

• assessment
• scoring
• patch
• scanner

6. What are the goals of a vulnerability assessment? Select two answers.

• To reduce overall threat exposure
• To detect network traffic
• To audit regulatory compliance
• To identify existing weaknesses

7. Which of the following remediation examples might be implemented after a vulnerability scan? Select two answers.

• Training employees to follow new security procedures
• Identifying misconfigurations in an application
• Locating vulnerabilities in workstations
• Installing software updates and patches

8. What are two types of vulnerability scans? Select two answers.

• Patch or upgrade
• Authenticated or unauthenticated
• Limited or comprehensive
• Risk or threat

Test your knowledge: Cyber attacker mindset

9. What is the difference between an attack vector and an attack surface?

• An attack surface refers to all the weaknesses of an asset that can be attacked; an attack vector refers to an outdated and vulnerable network.
• An attack vector refers to the pathways attackers use to penetrate security defenses; an attack surface refers to all the vulnerabilities of an asset that can be exploited.
• An attack surface refers to the specific pathway of exploiting a weakness; an attack vector refers to all the weaknesses of an asset that can be exploited.
• An attack surface refers to the specific method of attack; an attack vector refers to an outdated and vulnerable network.

10. What are examples of security hardening? Select three answers.

• Restarting a crashed application
• Hashing all user passwords
• Keeping systems patched and updated
• Disabling inactive network ports

11. Which steps are applied when using an attacker mindset? Select three answers.

• Evaluate a target’s attack vectors
• Identify a target
• Stay in communication with a target
• Determine how a target can be accessed

12. How can businesses reduce the number of attack vectors they must defend? Select three answers.

• By educating users so they can participate in preventing attacks
• By totally restricting information from being shared
• By controlling access and authorization to assets
• By implementing security controls that protect information

Weekly challenge 3

13. Consider the following scenario:

A cloud service provider has misconfigured a cloud drive. They’ve forgotten to change the default sharing permissions. This allows all of their customers to access any data that is stored on the drive.

This misconfigured cloud drive is an example of what?

• A threat
• An exploit
• A security control
• A vulnerability

14. Fill in the blank: The five layers of the defense in depth model are: perimeter, network, endpoint, application, and _____.

• session
• transport
• physical
• data

15. What is the difference between the application and data layers of the defense in depth model?

• The application layer authorizes users who have access to perform a duty. The data layer maintains the integrity of information with controls like encryption and hashing.
• The data layer includes controls like encryption and hashing to secure data at rest. The application layer authorizes users who have access to perform a duty.
• The application layer secures information with controls that are programmed into the application itself. The data layer maintains the integrity of information with controls like encryption and hashing.
• The data layer authenticates users to only allow access to trusted parties. The application layer secures information with controls that are programmed into the application itself.

16. What is the main purpose of the CVE® list?

• To create a dictionary of threats to organizational assets that must be addressed
• To share a standard way of identifying and categorizing known vulnerabilities and exposures
• To keep a record of the coding mistakes of major software developers
• To collect information on vulnerabilities and exposures performed by independent researchers

17. A security team is preparing new workstations that will be installed in an office.

Which vulnerability management steps should they take to prepare these workstations? Select three answers.

• Download the latest patches and updates for each system.
• Install a suite of collaboration tools on each workstation.
• Consider who will be using each computer.
• Configure the company firewall to allow network access.

18. A security team is conducting a periodic vulnerability assessment on their security procedures. Their objective is to review gaps in their current procedures that could lead to a data breach. After identifying and analyzing current procedures, the team conducts a risk assessment.

What is the purpose of performing a risk assessment?

• To adjust current security procedures
• To score vulnerabilities based on their severity and impact
• To simulate attacks that could be performed against each vulnerability
• To fix vulnerabilities that have been identified

19. Fill in the blank: All the potential vulnerabilities that a threat actor could exploit is called an attack _____.

• database
• vector
• surface
• network

20. An online newspaper suffered a data breach. The attackers exploited a vulnerability in the login form of their website. The attackers were able to access the newspaper’s user database, which did not encrypt personally identifiable information (PII).

What attack vectors did the malicious hackers use to steal user information? Select two answers.

• The online login form
• The unencrypted PII
• The newspaper’s website
• The user database

21. A security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.

Which steps of an attacker mindset should the team perform to figure this out? Select three answers.

• Consider potential threat actors.
• Identify a target.
• Evaluate attack vectors that can be exploited.
• Determine how the target can be accessed.

22. Consider the following scenario:

You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.

Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.

• Integrate the app with existing educational resources.
• Identify the types of users who will interact with the app.
• Ensure the app’s login form works.
• Evaluate how the app handles user data.

Shuffle Q/A

23. An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges.

The application’s broken access controls are an example of what?

• A vulnerability
• An exploit
• A threat
• A security control

24. Which of the following layers do not provide protection for information that users provide? Select two answers.

• The perimeter layer
• The network layer
• The data layer
• The application layer

25. Which layer of the defense in depth model is a user authentication layer that can include usernames and passwords?

• Perimeter
• Network
• Endpoint
• Application

26. Which of the following are characteristics of the vulnerability management process? Select two answers.

• Vulnerability management is a way to discover new assets.
• Vulnerability management is a way to limit security risks.
• Vulnerability management should consider various perspectives.
• Vulnerability management should be a one-time process.

27. What are the two types of attack surfaces that security professionals defend? Select two answers.

• Digital
• Physical
• Intellectual property
• Brand reputation

28. A project manager at a utility company receives a suspicious email that contains a file attachment. They open the attachment and it installs malicious software on their laptop.

What are the attack vectors used in this situation? Select two answers.

• The suspicious email
• The infected workstation
• The malicious software
• The file attachment

29. What is not a step of practicing an attacker mindset?

• Evaluate attack vectors that can be exploited.
• Determine how a target can be accessed.
• Identify ways to fix existing vulnerabilities.
• Find the tools and methods of attack.

30. A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.

The outdated WiFi router is an example of what?

• An exploit
• A vulnerability
• A threat
• An access control

31. Which layer of the defense in depth model relates to user devices that have accessed a network?

• Endpoint
• Application
• Perimeter
• Data

32. Which of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.

• It can only affect one codebase.
• It must be submitted with supporting evidence.
• It must be independent of other issues.
• It must be recognized as a potential security risk.
• It must pose a financial risk.

33. Which of the following are reasons that security teams practice an attacker mindset? Select three answers.

• To identify attack vectors
• To exploit flaws in an application’s codebase
• To uncover vulnerabilities that should be monitored
• To find insights into the best security controls to use

34. Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.

• 11
• 1
• 9
• 4

35. You are tasked with performing a vulnerability assessment of an onsite server. After scanning the server, you discover that its operating system is missing several new updates.

What are two steps that you might take next to complete the vulnerability assessment? Select two answers.

• Investigate critical system updates that are available.
• Scan the millions of devices that connect to the server
• Perform a risk assessment of the old operating system.
• Deactivate the server because its operating system is outdated

Which of the following are types of attack surfaces? Select three answers.

• Cloud servers

• Network routers

• Computer workstations

• Malicious software

Fill in the blank: An attack _____ refers to the pathways attackers use to penetrate security defenses.

• surface

• vector

• landscape
• vulnerability

What are ways to protect an organization from common attack vectors? Select three answers.

• By not practicing an attacker mindset

• By keeping software and systems updated

• By implementing effective password policies

• By educating employees about security vulnerabilities

Week 4

1. Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

• Whaling
• Baiting
• Phishing
• Quid pro quo

2. What type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?

• Tailgating
• Angler phishing
• Smishing
• Vishing

3. Fill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.

• disconnect from the target
• evaluate defenses
• spread awareness with others
• stay informed of security trends

4. Phishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.

• Fraudulent web links
• Malicious attachments
• Email filters
• Fake data-collection forms

Test your knowledge: Malware

5. Which of the following are types of malware? Select two answers.

• Spyware
• Dictionary attacks
• Viruses
• Credential stuffing

6. Fill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.

• Botnets
• Trojans
• Rootkits
• Worms

6. What is it called when someone's computing resources are illegally hijacked to mine cryptocurrencies?

• Cryptojacking
• Rootkit
• Trojan horse
• Spyware

7. Which of the following are common signs of a malware infection? Select three answers.

• Files are suddenly encrypted
• Increased CPU usage
• Unusual system crashes
• Slowdowns in performance

Test your knowledge: Web-based exploits

8. Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.

• Spear phishing
• Web-based exploits
• Command-line interface
• Social engineering

9. Cross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.

• SQL
• JavaScript
• Python
• HTML

10. What server-side code can be used to defend against SQL injection attacks?

• Prepared statement
• Injection attack
• Input validation
• Phishing kit

11. What are two examples of when SQL injections can take place?

• When using the login form to access a site
• When a malicious script exists in the webpage a browser loads
• When a malicious script is injected directly on the server
• When a user enters their credentials

12. In a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.

• Exploiting languages
• Gain administrative rights
• Sensitive information
• Categorize the environment

Weekly challenge 4

13. Which of the following could be examples of social engineering attacks? Select three answers.

• An unfamiliar employee asking you to hold the door open to a restricted area
• An email urgently asking you to send money to help a friend who is stuck in a foreign country
• A lost record of important customer information
• A pop-up advertisement promising a large cash reward in return for sensitive information

14. What is the main difference between a vishing attack and a smishing attack?

• Vishing makes use of voice calls to trick targets.
• Vishing involves a widespread email campaign to steal information.
• Vishing is used to target executives at an organization.
• Vishing exploits social media posts to identify targets.

15. A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.

The malware hidden in this editing software is an example of which type of malware?

• scareware
• spyware
• trojan
• adware

16. What are the characteristics of a ransomware attack? Select three answers.

• Attackers demand payment to restore access to a device.
• Attackers make themselves known to their targets.
• Attackers encrypt data on the device without the user’s permission.
• Attackers display unwanted advertisements on the device.

17. Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

• mine
• collect
• invest
• earn

18. Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.

What type of attack did the researchers perform?

• Malware
• Social engineering
• Ransomware
• Injection

19. An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site's server and activated during the server’s response.

This is an example of what type of injection attack?

• DOM-based
• SQL injection
• Reflected
• Stored

20. What is one way to prevent SQL injection?

• Having well-written code
• Excluding prepared statements
• Including application design flaws
• Downloading malicious apps

21. What should security teams do after identifying threats, according to the threat modeling process? Select two answers.

• Identify who might perform an attack and how
• Examine existing protections and identify gaps
• Consider how users interact with an environment
• Determine mitigation strategies

22. During which stage of the PASTA framework is an attack tree created?

• Decomposing an application
• Vulnerability analysis
• Threat analysis
• Attack modeling

Shuffle Q/A

23. Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

• impersonate a relative
• distribute malicious email
• establish trust
• obtain access credentials

24. Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

• Smishing
• Whaling
• Vishing
• Pretexting

25. Which of the following are not types of malware? Select two answers.

• Worm
• SQL injection
• Cross-site scripting
• Virus

26. A member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency's data to the public unless they pay $31,337.

What type of attack is this an example of?

• Ransomware
• Cross-site scripting
• Cryptojacking
• Scareware

27. What is malicious code that is inserted into a vulnerable application called?

• Input validation
• Cryptojacking
• Social engineering
• Injection attack

28. An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.

This is an example of what type of injection attack?

• Brute force
• DOM-based
• Stored
• Reflected

29. Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

• Social media feeds
• Pop-up advertisements
• Credit card payment forms
• User login pages

30. A security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.

Which key step of a threat model does this scenario represent?

• Evaluate findings
• Analyze threats
• Define the scope
• Mitigate risks

31. What discoveries are made while decomposing an application during a PASTA threat model? Select two answers.

• The types of threats that can be used to compromise data
• Which vulnerabilities can put data at risk
• How data travels from users to an organization’s database
• Which controls are in place to protect data along the way

32. What is the most common form of social engineering used by attackers?

• Ransomware
• Malware
• Phishing
• Adware

33. Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.

• Increased CPU usage
• Sudden system crashes
• Unusually high electricity costs
• Modified or deleted files

34. A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.

What type of attack did the hacktivist group perform?

• Spyware
• Watering hole
• Quid pro quo
• Injection

35. Which stage of the PASTA framework is related to identifying the application components that must be evaluated?

• Perform a vulnerability analysis
• Decompose the application
• Define the technical scope
• Conduct attack modeling

36. A threat actor tricked a new employee into sharing information about a senior executive over the phone.

This is an example of what kind of attack?

• Malware
• Social engineering
• Pretexting
• Phishing

Course 6 - Sound the Alarm: Detection and Response

Week 1

1. The first phase of the NIST Incident Response Lifecycle is Preparation. What are the other phases? Select three answers.

• Identify
• Post-Incident Activity
• Detection and Analysis
• Containment, Eradication, and Recovery

2. What type of process is the NIST Incident Response Lifecycle?

• Linear
• Phased
• Observable
• Cyclical

3. Fill in the blank: An _____ is an observable occurrence on a network, system, or device.

• analysis
• incident
• event
• investigation

4. A security professional investigates an incident. Their goal is to gain information about the 5 W's, which include what happened and why. What are the other W's? Select three answers.

• Which type of incident it was
• Who triggered the incident
• Where the incident took place
• When the incident took place

Test your knowledge: Incident response operations

5. What are the goals of a computer security incident response team (CSIRT)? Select three answers.

• To provide services and resources for response and recovery
• To manage incidents
• To handle the public disclosure of an incident
• To prevent future incidents from occurring

6. Which document outlines the procedures to follow after an organization experiences a ransomware attack?

• A network diagram
• A contact list
• A security policy
• An incident response plan

7. Fill in the blank: The job of _____ is to investigate alerts and determine whether an incident has occurred.

• technical leads
• security analysts
• incident coordinators
• public relations representative

8. Which member of a CSIRT is responsible for tracking and managing the activities of all teams involved in the response process?

• Technical lead
• Incident coordinator
• Public relations representative
• Security analyst

Test your knowledge: Detection and documentation tools

9. What are some examples of types of documentation? Select three answers.

• Final reports
• Word processors
• Policies
• Playbooks

10. Fill in the blank: Ticketing systems such as _____ can be used to document and track incidents.

• Cameras
• Evernote
• Jira
• Excel

11. What application monitors system activity, then produces alerts about possible intrusions?

• Intrusion detection system
• Playbook
• Product manual
• Word processor

12. What actions does an intrusion prevention system (IPS) perform? Select three answers.

• Detect abnormal activity
• Stop intrusive activity
• Monitor activity
• Manage security incidents

Weekly challenge 1

13. Which of the following is an example of a security incident?

• Multiple unauthorized transfers of sensitive documents to an external system.
• A company’s experiences increased traffic volumes on their website because of a new product release.
• An extreme weather event causes a network outage.
• An authorized user emails a file to a customer.

14. What is the NIST Incident Response Lifecycle?

• The method of closing an investigation
• A framework that provides a blueprint for effective incident response
• A system that only includes regulatory standards and guidelines
• The process used to document events

15. Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.

• Containment, Eradication, and Recovery
• Preparation
• Detection and Analysis
• Protection

16. What are some roles included in a computer security incident response team (CSIRT)? Select three answers.

• Security analyst
• Incident coordinator
• Technical lead
• Incident manager

17. What is an incident response plan?

• A document that outlines the procedures to take in each step of incident response
• A document that outlines a security team’s contact information
• A document that details system information
• A document that contains policies, standards, and procedures

18. A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert's evidence in greater detail?

• A recovery tool
• A documentation tool
• An investigative tool
• A detection tool

19. Which of the following methods can a security analyst use to create effective documentation? Select two answers.

• Provide clear and concise explanations of concepts and processes.
• Write documentation in a way that reduces confusion.
• Provide documentation in a paper-based format.
• Write documentation using technical language.

20. What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

• An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
• An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
• An IDS automates response and an IPS generates alerts.
• An IDS and an IPS both have the same capabilities.

21. What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?

• The creation of raw log data
• The analysis and response to a security incident
• The creation of potential threats
• The analysis of a centralized platform

22. Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.

• data analysis
• data collection
• data aggregation
• data normalization

Shuffle Q/A

23. Which step does the NIST Incident Response Lifecycle begin with?

• Post-Incident Activity
• Preparation
• Detection and Analysis
• Containment, Eradication and Recovery

24. What is a computer security incident response team (CSIRT)?

• A specialized group of security professionals who focus on incident prevention
• A specialized group of security professionals who are solely dedicated to crisis management
• A specialized group of security professionals who are trained in incident management and response
• A specialized group of security professionals who work in isolation from other departments

25. Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.

• policies
• exercises
• instructions
• procedures

26. Which of the following best describes how security analysts use security tools?

• They only use detection and management tools during incident investigations.
• They only use documentation tools for incident response tasks.
• They use a combination of different tools for various tasks.
• They only use a single tool to monitor, detect, and analyze events.

27. What are the qualities of effective documentation? Select three answers.

• Consistent
• Clear
• Accurate
• Brief

28. Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.

• stops
• reports
• pauses
• detects

29. What happens during the data collection and aggregation step of the SIEM process? Select two answers.

• Data is analyzed according to rules.
• Data is collected from different sources.
• Data is centralized in one place.
• Data is cleaned and transformed.

30. Which of the following statements describe security incidents and events?

• All security incidents are events, but not all events are security incidents.
• Security incidents and events are the same.
• Security incidents and events are unrelated.
• All events are security incidents, but not all security incidents are events.

31. A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?

• Only use each step once.
  • Complete the steps in any order.
  • Skip irrelevant steps.

• Overlap the steps as needed.

32. Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.

• computer security incident response team
• forensic investigation team
• threat hunter group
• risk assessment group

33. A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?

• Aggregate data
• Analyze data
• Collect data
• Normalize data

34. Which of the following is an example of a security incident?

• An unauthorized user successfully changes the password of an account that does not belong to them.
• An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
• A user installs a device on their computer that is allowed by an organization’s policy.
• A software bug causes an application to crash.

35. What are investigative tools used for?

• Managing alerts
• Documenting incidents
• Monitoring activity
• Analyzing events

What are examples of tools used for documentation? Select two answers.

• Cameras

• Final reports

• Playbooks

• Audio recorders

Fill in the blank: An intrusion detection system (IDS) _____ system activity and alerts on possible intrusions.

• monitors

• manages
• protects
• analyzes

Week 2

1. How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?

• They define the attacker’s intentions.
• They provide a way to identify an attack.
• They capture network activity.
• They confirm that a security incident happened.

2. Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.

• pivoting
• exfiltration
• infiltration
• network traffic

3. An attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?

• Large internal file transfer
• Phishing
• Lateral movement
• Network data

4. What can security professionals use network traffic analysis for? Select three answers.

• To understand network traffic patterns
• To identify malicious activity
• To secure critical assets
• To monitor network activity

Test your knowledge: Capture and view network traffic

5. Which component of a packet contains the actual data that is intended to be sent to its destination?

• Protocol
• Header
• Payload
• Footer

6. Fill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.

• packet capture
• network protocol analyzer
• network statistic
• protocol

7. Which field of an IP header is used to identify whether IPv4 or IPv6 is used?

• Type of Service
• Options
• Flags
• Version

8. Which network protocol analyzer is accessed through a graphical user interface?

• TShark
• Wireshark
• tcpdump
• Libpcap

Test your knowledge: Packet inspection

9. Which tcpdump option is used to specify the network interface?

• -n
• -i
• -v
• -c

10. What is needed to access the tcpdump network protocol analyzer?

• Command-line interface
• Packet capture
• Output
• Graphical user interface

11. What is the first field found in the output of a tcpdump command?

• Version
• Timestamp
• Protocol
• Source IP

12. You are using tcpdump to capture network traffic on your local computer. You would like to save the network traffic to a packet capture file for later analysis. Which tcpdump option should you use?

• -c
• -r
• -w
• -v

Weekly challenge 2

13. Fill in the blank: _____ describes the amount of data that moves across a network.

• Traffic flow
• Data exfiltration
• Network traffic
• Network data

14. What tactic do malicious actors use to maintain and expand unauthorized access into a network?

• Exfiltration
• Phishing
• Data size reduction
• Lateral movement

15. Which packet component contains protocol information?

• Payload
• Footer
• Route
• Header

16. Do packet capture files provide detailed snapshots of network communications?

• Yes. Packet capture files provide information about network data packets that were intercepted from a network interface.
• No. Packet capture files do not contain detailed information about network data packets.
• Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.

17. How do network protocol analyzers help security analysts analyze network communications? Select two answers.

• They take action to improve network performance.
• They provide the ability to filter and sort packet capture information to find relevant information.
• They take action to block network intrusions.
• They provide the ability to collect network communications.

18. Which protocol is considered the foundation for all internet communications?

• UDP
• IPv4
• TCP
• HTTP

19. What is used to determine whether errors have occurred in the IPv4 header?

• Flags
• Protocol
• Checksum
• Header

20. What is the process of breaking down packets known as?

• Fragment Offset
• Fragmentation
• Flags
• Checksum

21. Which tcpdump command outputs detailed packet information?

• sudo tcpdump -v any -i
• sudo tcpdump -i any -v
• sudo tcpdump -i any -c 100
• sudo tcpdump -i any -n

22. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

What is the source IP address?

• 22:00:19.538395
• 198.111.123.1
• 198.168.105.1
• 41012

Shuffle Q/A

23. Why is network traffic monitoring important in cybersecurity? Select two answers.

• It provides a method of classifying critical assets.
• It helps detect network intrusions and attacks
• It helps identify deviations from expected traffic flows.
• It provides a method to encrypt communications.

24. What information do packet headers contain? Select three answers.

• Protocols
• Payload data
• IP addresses
• Ports

25. Fill in the blank: Network protocol analyzers can save network communications into files known as a _____.

• protocol
• packet capture
• payload
• network packet

26. Which layer of the TCP/IP model does the Internet Protocol (IP) operate on?

• Internet
• Application
• Transport
• Network Access

27. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

Which protocols are being used? Select two answers.

• TOS
• UDP
• IP
• TCP

28. What are some defensive measures that can be used to protect against data exfiltration? Select two answers.

• Utilize lateral movement
• Monitor network activity
• Deploy multi-factor authentication
• Reduce file sizes

Fill in the blank: The transmission of data between devices on a network is governed by a set of standards known as _____.

• headers
  • ports
  • payloads

• protocols

29. Network protocol analyzer tools are available to be used with which of the following? Select two answers.

• Network interface card
• Internet protocol
• Graphical user interface
• Command-line interface

30. Which IPv4 header fields involve fragmentation? Select three answers.

• Flags
• Identification
• Type of Service
• Fragment Offset

31. Which tcpdump option is used to specify the capture of 5 packets?

• -v 5
• -i 5
• -c 5
• -n 5

32. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

What is the value of the Type of Service field?

• 0x10
• 6
• 501
• 0x50af

33. What type of attack involves the unauthorized transmission of data from a system?

• Data leak
• Data exfiltration
• Packet classification
• Packet crafting

34. Which of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.

• Outbound network traffic to an unauthorized file hosting service
• Unexpected modifications to files containing sensitive data
• Multiple successful multi-factor authentication logins
• Network performance issues

35. Fill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.

• Linux
• command-line
• internet
• graphical user

36. Which layer of the TCP/IP model is responsible for accepting and delivering packets in a network?

• Transport
• Internet
• Network Access
• Application

37. Which IPv4 field determines how long a packet can travel before it gets dropped?

• Options
• Header Checksum
• Time to Live
• Type of Service

38. How are IP headers valuable for security analysts during investigations?

• They provide the foundation for communications over the internet.
• They provide the ability to modify network communications.
• They provide insight into the details of network communications.
• They provide the ability to visualize network communications.

Week 3

1. Do detection tools have limitations in their detection capabilities?

• Yes
• No

2. Why do security analysts refine alert rules? Select two answers.

• To increase alert volumes
• To reduce false positive alerts
• To create threat intelligence
• To improve the accuracy of detection technologies

3. Fill in the blank: _____ involves the investigation and validation of alerts.

• Honeypot
• Detection
• Analysis
• Threat hunting

4. What are some causes of high alert volumes? Select two answers.

• Refined detection rules
• Broad detection rules
• Misconfigured alert settings
• Sophisticated evasion techniques

Test your knowledge: Response and recovery

5. A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee's computer. Which step of the triage process does this scenario describe?

• Receive and assess
• Add context
• Collect and analyze
• Assign priority

6. What is triage?

• The prioritizing of incidents according to their level of importance or urgency
• A document that outlines the procedures to sustain business operations during and after a significant disruption
• The ability to prepare for, respond to, and recover from disruptions
• The process of returning affected systems back to normal operations

7. Fill in the blank: _____ is the act of limiting and preventing additional damage caused by an incident.

• Eradication
• Resilience
• Containment
• Recovery

8. Which examples describe actions related to the eradication of an incident? Select two answers.

• Apply a patch
• Complete a vulnerability scan
• Investigate logs to verify the incident
• Develop a business continuity plan

Activity: Review a final report

9. What type of security incident was the organization affected by?

• Ransomware
• Data theft
• Phishing
• Malware

10. Which section of the report includes an explanation of the root cause of the incident?

• Investigation
• Recommendations
• Timeline
• Executive summary

11. What did the attacker use to exploit the e-commerce web application vulnerability?

• Data breach
• Web server logs
• Forced browsing
• User error

12. What recommendations did the organization implement to prevent future recurrences? Select two answers.

• Implemented access control mechanisms
• Paid the $50,000 payment request
• Provided identity protection services to the affected customers
• Implemented routine vulnerability scans

Weekly challenge 3

13. A security analyst is investigating an alert involving a possible network intrusion. Which of the following tasks is the security analyst likely to perform as part of the Detection and Analysis phase of the incident response lifecycle? Select two answers.

• Identify the affected devices or systems.
• Implement a patch to fix the vulnerability.
• Collect and analyze the network logs to verify the alert.
• Isolate the affected machine from the network.

14. What are the benefits of documentation during incident response? Select three answers.

• Quality
• Clarity
• Standardization
• Transparency

15. An organization is working on implementing a new security tool, and a security analyst has been tasked with developing workflow documentation that outlines the process for using the tool. Which documentation benefit does this scenario outline?

• Transparency

• Clarity

• Quality
• Standardization

16. Chain of custody documents establish proof of which of the following? Select two answers.

• Integrity
• Validation
• Quality
• Reliability

17. Which of the following does a semi-automated playbook use? Select two.

• Threat intelligence
• Crowdsourcing
• Human intervention
• Automation

Which statement best describes the functionality of automated playbooks?

• They use a combination of flowcharts and manual input to execute tasks and response actions.

• They use automation to execute tasks and response actions.

• They require the use of human intervention to execute tasks.

• They require the combination of human intervention and automation to execute tasks.

18. What are the steps of the triage process in the correct order?

• Receive and assess, assign priority, collect and analyze
• Assign priority, receive and assess, collect and analyze
• Collect and analyze, assign priority, receive and assess
• Receive and assess, collect and analyze, assign priority

19. Fill in the blank: Containment is the act of limiting and _____ additional damage caused by an incident.

• eradicating
• removing
• preventing
• detecting

20. Fill in the blank: Eradication is the complete _____ of all the incident elements from affected systems.

• removal
• prevention
• isolation
• disconnection

21. Two weeks after an incident involving ransomware, the members of an organization want to review the incident in detail. Which of the following actions should be done during this review? Select all that apply.

• Determine how to improve future response processes and procedures.
• Determine the person to blame for the incident.
• Create a final report.
• Schedule a lessons learned meeting that includes all parties involved with the security incident.

22. During a lessons learned meeting following an incident, a meeting participant wants to identify actions that the organization can take to prevent similar incidents from occurring in the future. Which section of the final report should they refer to for this information?

• Timeline
• Executive summary
• Detection
• Recommendations

Shuffle Q/A

23. After a ransomware incident, an organization discovers their ransomware playbook needs improvements. A security analyst is tasked with changing the playbook documentation. Which documentation best practice does this scenario highlight?

• Be accurate
• Be concise
• Know your audience
• Update regularly

24. A member of the forensics department of an organization receives a computer that requires examination. On which part of the chain of custody form should they sign their name and write the date?

• Description of the evidence
• Custody log
• Purpose of transfer
• Evidence movement

25. A security analyst gets an alert involving a phishing attempt. Which step of the triage process does this scenario outline?

• Add context
• Receive and assess
• Assign priority
• Collect and analyze

26. After a security incident involving an exploited vulnerability due to outdated software, a security analyst applies patch updates. Which of the following steps does this task relate to?

• Response
• Reimaging
• Prevention
• Eradication

27. Which step of the NIST Incident Response Lifecycle involves returning affected systems back to normal operations?

• Recovery
• Containment
• Response
• Eradication

28. What questions can be asked during a lessons learned meeting? Select three answers.

• What time did the incident happen?
• Which employee is to blame?
• What could have been done differently?
• What were the actions taken for recovery?

29. In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?

• Preparation
• Detection
• Validation
• Investigation

30. In incident response, documentation provides an established set of guidelines that members of an organization can follow to complete a task. What documentation benefit does this provide?

• Reliability
• Integrity
• Standardization
• Transparency

31. What are the steps of the third phase of the NIST Incident Response Lifecycle? Select three answers.

• Eradication
• Recovery
• Containment
• Response

Which of the following is an example of a recovery task?

• Applying a patch to address a server vulnerability
  • Monitoring a network for intrusions
  • Disconnecting an infected system from the network

• Reinstalling the operating system of a computer infected by malware

Fill in the blank: A lessons learned meeting should be held within ____ weeks of an incident.

• two

• three
• four
• five

Which documentation provides a comprehensive review of an incident?

• Timeline

• Final report

• Lessons learned meeting
• New technology