WEEK 2: Introduction to Cybersecurity Tools & Cyber Attacks Quiz Answers Coursera
Types of actors and their motives Quiz Answers Coursera
Question 1: What are the four (4) types of actors identified in the video A brief overview of types of actors and their motives?
- Internal
- Hackers
- White Hats
- Black Hats
- Security Analysts
- Hactivists
- Governments
Question 2: Which of these common motivations is often attributed to a hactivist?
- Political action and movements
- Hire me!
- Just playing around
- Money
Question 3: In the video Hacking organizations, which three (3) governments were called out as being active hackers?
- Canada
- Venezuela
- Israel
- United States
- China
Question 4: Which four (4) of the following are known hacking organizations?
- Syrian Electronic Army
- Fancy Bears
- The Ponemon Institute
- Guardians of Peace
- Anonymous
Question 5: Which of these hacks resulted in over 100 million credit card numbers being stolen?
- 2011 Sony Playstation hack
- 2013 Singapore Cyberattacks
- 2014 Ebay hack
- 2015 Target Stores hack
- 2016 US Election hack
An Architect’s perspective on attack classifications Quiz Answers Coursera
Question 1: Which of the following statements is True?
- Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.
- Passive attacks are hard to detect because the original message is never delivered so the receiving does not know they missed anything.
- Passive attacks are easy to detect because the original message wrapper must be modified by the attacker before it is forwarded on to the intended recipient.
- Passive attacks are easy to detect because of the latency created by the interception and second forwarding.
Question 2: The purpose of security services includes which three (3) of the following?
- Often replicate functions found in physical documents
- Enhance security of data processing systems and information transfer.
- Includes any component of your security infrastructure that has been outsourced to a third-party
- Are intended to counter security attacks.
Question 3: Which statement best describes access control?
- Prevention of unauthorized use of a resource
- Protection against the unauthorized disclosure of data
- Protection against denial by one of the parties in communication
- Assurance that the communicating entity is the one claimed
Question 4: The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?
- Data transmission speeds
- Access Control
- Authentication
- Data Confidentiality
- Transmission cost sharing between member countries
Question 5: Protocol suppression, ID and authentication are examples of which?
- Security Mechanism
- Business Policy
- Security Architecture
- Security Policy
Question 6: The motivation for more security in open systems is driven by which three (3) of the following factors?
- Society’s increasing dependance on computers.
- The desire by a number of organizations to use OSI recommendations.
- New requirements from the WTO, World Trade Organization
- The appearence of data protection legislation in several countries.
Question 7: True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.
- True
- False
Question 8: True or False: The accidental disclosure of confidential information by an employee is considered an attack.
- True
- False
Question 9: A replay attack and a denial of service attack are examples of which?
- Passive attack
- Security architecture attack
- Masquerade attack
- Origin attack
Malware and an introduction to threat protection Quiz Answers Coursera
Question 1: True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.
- True
- False
Question 2: How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?
- Virus
- Worms
- Trojan Horses
- Spyware
- Adware
- Ransomware
Question 3: How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?
- Virus
- Worms
- Spyware
- Adware
Question 4: A large scale Denial of Service attack usually relies upon which of the following?
- A botnet
- A keylogger
- Logic Bombs
- Trojan Horses
Question 5: Antivirus software can be classified as which form of threat control?
- Technical controls
- Administrative controls
- Active controls
- Passive controls
Additional Attack examples today Quiz Answers Coursera
Question 1: Which of the following measures can be used to counter a mapping attack?
- Record traffic entering the network
- Look for suspicious activity like IP addresses or ports being scanned sequentially.
- Use a host scanner and keep an inventory of hosts on your network.
- All of the above.
Question 2: In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?
- Promiscuous
- Sniffer
- Inspection
- Open
Question 3: Which countermeasure can be helpful in combating an IP Spoofing attack?
- Ingress filtering
- Enable IP Packet Authentication filtering
- Keep your certificates up-to-date
- Enable the IP Spoofing feature available in most commercial antivirus software.
- All of the above.
Question 4: Which two (2) measures can be used to counter a Denial of Service (DOS) attack?
- Use traceback to identify the source of the flooded packets.
- Enable packet filtering on your firewall.
- Implement a filter to remove flooded packets before they reach the host.
- Enable the DOS Filtering option now available on most routers and switches.
Question 5: Which countermeasure should be used agains a host insertion attack?
- Maintain an accurate inventory of of computer hosts by MAC address.
- Use a host scanning tool to match a list of discovered hosts against known hosts.
- Investigate newly discovered hosts.
- All of the above.
Attacks and Cyber resources Quiz Answers Coursera
Question 1: Which is not one of the phases of the intrusion kill chain?
- Command and Control
- Delivery
- Activation
- Installation
Question 2: Which social engineering attack involves a person instead of a system such as an email server?
- Spectra
- Vishing
- Phishing
- Cyberwarfare
Question 3: Which of the following is an example of a social engineering attack?
- Logging in to the Army’s missle command computer and launching a nuclear weapon.
- Setting up a web site offering free games, but infecting the downloads with malware.
- Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.
- Sending someone an email with a Trojan Horse attachment.
Question 4: True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.
- False
- True
A day in the life of a SOC analyst Quiz Answers Coursera
Question 1: Which tool did Javier say was crucial to his work as a SOC analyst?
- SIEM (Security Information and Event Management)
- Packet Sniffers
- Firewalls
- Intrusion detection software
A brief overview of types of actors and their motives Quiz Answers Coursera
Question 1: Which hacker organization hacked into the Democratic National Convension and released Hillery Clinton’s emails?
- Fancy Bears
- Anonymous
- Syrian Electronic Army
- Guardians of the Peace
- All of the above
Question 2: What challenges are expected in the future?
- Enhanced espionage from more countries
- Far more advanced malware
- New consumer technology to exploit
- All of the above
Question 3: Why are cyber attacks using SWIFT so dangerous?
- SWIFT is the protocol used by all banks to transfer money
- SWIFT is the protocol used by all US healthcare providers to encrypt medical records
- SWIFT is the protocol used to transmit all diplomatic telegrams between governments around the world
- SWIFT is the flight plan and routing system used by all cooperating nations for international commercial flights
Question 4: Which statement best describes Authentication?
- Assurance that the communicating entity is the one claimed
- Protection against denial by one of the parties in communication
- Assurance that a resource can be accessed and used
- Prevention of unauthorized use of a resource
Question 5: Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?
- Contingent security mechanism
- External security mechanism
- Active security mechanism
- Passive security mechanism
Question 6: If an organization responds to an intentional threat, that threat is now classified as what?
- A malicious threat
- An attack
- An active threat
- An open case
Question 7: An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?
- Advanced Persistent Threat
- Water Hole
- Spectra
- Denial of Service (DOS)
Question 8: Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?
- Request to make a payment
- Attorney impersonation
- CEO Fraud, where CEO sends email to an employee
- Account compromise
Question 9: Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?
- Hactivists
- Governments
- Hackers
- Internal
- Black Hats
Question 10: A political motivation is often attributed to which type of actor?
- Internal
- Hackers
- Hactivist
- Security Analysts
Question 11: The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?
- Canada
- Israel
- South Africa
- Egypt
Question 12: Which of these is not a known hacking organization?
- The Ponemon Institute
- Fancy Bears
- Syrian Electronic Army
- Anonymous
- Guardians of the Peace
Question 13: Which type of actor hacked the 2016 US Presidential Elections?
- Hackers
- Government
- Hactivists
- Internal
Question 14: True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered.
- False
- True
Question 15: True or False: Authentication, Access Control and Data Confidentiality are all addressed by the ITU X.800 standard.
- True
- False
or
Question 15: Trusted functionality, security labels, event detection and security audit trails are all considered which?
- Business Policy
- Specific security mechanisms
- Pervasive security mechanisms
- Security Policy
Question 16: Cryptography, digital signatures, access controls and routing controls considered which?
- Security Policy
- Specific security mechanisms
- Business Policy
- Pervasive security mechanisms
Question 17: True or False: Only acts performed with intention to do harm can be classified as Organizational Threats
- False
- True
Question 18: Traffic flow analysis is classified as which?
- An origin attack
- A passive attack
- A masquerade attack
- An active attack
Question 19: How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?
- Spyware
- Adware
- Worm
- Virus
- Trojan Horse
- Ransomware
Question 20: Botnets can be used to orchestrate which form of attack?
- Distribution of Spam
- DDoS attacks
- Phishing attacks
- Distribution of Spyware
- As a Malware launchpad
- All of the above
Question 21: Policies and training can be classified as which form of threat control?
- Active controls
- Technical controls
- Administrative controls
- Passive controls
Question 22: Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.
- Packet Sniffing
- Host Insertion
- Trojan Horse
- Ransomware
- All of the above
Question 23: A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?
- A Denial of Service (DOS) attack
- A Trojan Horse
- A Masquerade attack
- A Ransomware attack
Question 24: A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?
- A Social Engineering attack
- A Trojan Horse
- A Denial of Service attack
- A Worm attack
Question 25: True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.
- False
- True