assets threats and vulnerabilities coursera weekly challenge 2 answers

Test your knowledge: Safeguard information

1. What are categories of security controls? Select all that apply.

  • Operational
  • Privacy
  • Technical
  • Managerial

2. Fill in the blank: A data _____ decides who can access, edit, use, or destroy their information.

  • handler
  • custodian
  • protector
  • owner

3. A writer for a technology company is drafting an article about new software features that are being released. According to the principle of least privilege, what should the writer have access to while drafting the article? Select all that apply.

  • Login credentials of the software users
  • Software developers who are knowledgeable about the product
  • Other new software that is in development
  • The software they are reviewing

4. Which privacy regulations influence how organizations approach data security? Select three answers.

  • Infrastructure as a Service (IaaS)
  • General Data Protection Regulation (GDPR)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)

Test your knowledge: Encryption methods

5. Which of the following elements are required when using encryption? Select all that apply.

  • Key
  • Certificate
  • Cipher
  • Token

6. Which technologies are used in public key infrastructure (PKI)? Select three answers.

  • Asymmetric encryption
  • Symmetric encryption
  • Digital certificates
  • Ciphertext

7. Fill in the blank: _____ encryption produces a public and private key pair.

  • Hashing
  • Symmetric
  • Salting
  • Asymmetric

8. An attacker gains access to a database where user passwords are secured with the SHA-256 hashing algorithm. Can the attacker decrypt the user passwords?

  • Yes. Hash algorithms produce a decryption key.
  • No. Hash algorithms do not produce decryption keys.

9. What term describes being unable to deny that information is authentic?

  • Confidentiality
  • Non-repudiation
  • Integrity
  • Availability

Test your knowledge: Authentication, authorization, and accounting

10. What factors do authentication systems use to verify a user's identity? Select three answers.

  • Ownership
  • Characteristic
  • Authorization
  • Knowledge

11. How do businesses benefit from implementing single sign-on (SSO) technology? Select two answers.

  • By simplifying their user management
  • By providing a better user experience
  • By requiring multiple forms of identification
  • By streamlining HTTP traffic between servers

12. A retail company has one employee that’s in charge of purchasing goods, another employee that's in charge of approving new purchases, and a third employee that’s in charge of paying invoices. What security principle is the retail company implementing?

  • Separation of duties
  • Least privilege
  • Authentication, authorization, and accounting (AAA)
  • Non-repudiation

13. What are the categories of access controls? Select three answers.

  • Authorization
  • Administration
  • Authentication
  • Accounting

14. What credential does OAuth use to authenticate users?

  • A one-time passcode (OTP)
  • A session cookie
  • An application programming interface (API) token
  • A digital certificate

Weekly challenge 2

15. Which of the following examples are categories of security controls? Select three answers.

  • Operational
  • Managerial
  • Technical
  • Compliance

16. A large hotel chain is conducting a national sweepstakes. To enter the sweepstakes, customers must consent to sharing their email address with the chain’s business partners for marketing purposes. What are the hotel chain's responsibilities as data custodians? Select three answers.

  • Back up customer information
  • Send information to business partners
  • Grant business partners consent to use customer data
  • Collect customer consent and emails

17. You send an email to a friend. The service provider of your inbox encrypts all messages that you send. What happens to the information in your email when it’s encrypted?

  • It’s converted from a hash value to ciphertext.
  • It’s converted from Caesar’s cipher to plaintext.
  • It’s converted from plaintext to ciphertext.
  • It’s converted from ciphertext to plaintext.

18. Why are hash algorithms that generate long hash values more secure than those that produce short hash values?

  • They are easier to decrypt
  • They are easier to exchange over a network
  • They are more difficult to remember
  • They are more difficult to brute force

19. Fill in the blank: A _____ is used to prove the identity of users, companies, and networks in public key infrastructure.

  • digital certificate
  • access token
  • access key
  • digital signature

20. Fill in the blank: Knowledge, ownership, and characteristic are three factors of _____ systems.

  • authorization
  • administrative
  • accounting
  • authentication

21. What is a key advantage of multi-factor authentication compared to single sign-on?

  • It can grant access to multiple company resources at once.
  • It streamlines the authentication process.
  • It requires more than one form of identification before granting access to a system.
  • It is faster when authenticating users.

22. A shipping company imports and exports materials around the world. Their business operations include purchasing goods from suppliers, receiving shipments, and distributing goods to retailers. How should the shipping company protect their assets under the principle of separation of duties? Select two answers.

  • Have one employee file purchase orders
  • Have one employee select goods and submit payments
  • Have one employee receive shipments and distribute goods
  • Have one employee approve purchase orders

23. Fill in the blank: ____ is the technology used to establish a user’s request to access a server.

  • Basic auth
  • API tokens
  • OAuth
  • Digital certificates

24. Which of the following are reasons why accounting in security is such an important function of effective access controls? Select two answers.

  • Identify ways to improve business operations.
  • Detect session hijacking incidents.
  • Uncover threat actors who have accessed a system.
  • Record user activity for marketing purposes.

25. What is the primary purpose of hash functions?

  • To store data in the cloud
  • To determine data integrity
  • To decrypt sensitive data
  • To make data quickly available

26. Which of the following steps are part of the public key infrastructure process? Select two answers.

  • Exchange of public and private keys
  • Transfer hash digests
  • Establish trust using digital certificates
  • Exchange of encrypted information

27. What factors do authentication systems use to verify a user's identity? Select three answers.

  • Accounting
  • Knowledge
  • Ownership
  • Characteristic

28. What are some disadvantages of using single sign-on (SSO) technology for user authentication? Select two.

  • Username and password management is more complicated for the end users.
  • Customers, vendors, and business partners are less vulnerable to attack.
  • Stolen credentials can give attackers access to multiple resources.
  • Access to all connected resources stops when SSO is down.

29. A business has one person who receives money from customers at the register. At the end of the day, another person counts that money that was received against the items sold and deposits it. Which security principles are being implemented into business operations? Select two answers.

  • Multi-factor authentication
  • Separation of duties
  • Single sign-on
  • Least privilege

30. What types of user information does an API token contain? Select two answers.

  • A user’s secret key
  • A user’s site permissions
  • A user’s password
  • A user’s identity

31. Which type of encryption is generally slower because the algorithms generate a pair of encryption keys?

  • Asymmetric
  • Rivest–Shamir–Adleman (RSA)
  • Data encryption standard (DES)
  • Symmetric

32. The main responsibility of a receptionist at a healthcare company is to check-in visitors upon arrival. When visitors check-in, which kinds of information should the receptionist be able to access to complete their task? Select two answers.

  • The patient being visited
  • Their billing information
  • Their medical history
  • A photo ID

33. A customer of an online retailer has complained that their account contains an unauthorized purchase. You investigate the incident by reviewing the retailer's access logs. What are some components of the user's session that you might review? Select two answers.

  • Session certificate
  • Session algorithm
  • Session cookie
  • Session ID

34. What is the purpose of security controls?

  • Create policies and procedures
  • Encrypt information for privacy
  • Establish incident response systems
  • Reduce specific security risks

35. A paid subscriber of a news website has access to exclusive content. As a data owner, what should the subscriber be authorized to do with their account? Select three answers.

  • Stop their subscription
  • Review their username and password
  • Edit articles on the website
  • Update their payment details

36. What are common authorization tools that are designed with the principle of least privilege and separation of duties in mind? Select three answers.

  • API Tokens
  • SHA256
  • Basic auth
  • OAuth

37. What is the practice of monitoring the access logs of a system?

  • Auditing
  • Authentication
  • Accounting
  • Authorization

Leave a Reply