assets threats and vulnerabilities coursera weekly challenge 1 answers

Test your knowledge: Introduction to assets

1. What is a risk?

  • Any circumstance or event that can negatively impact assets
  • Anything that can impact the confidentiality, integrity, or availability of an asset
  • The practice of labeling assets based on sensitivity and importance to an organization
  • A weakness that can be exploited by a threat

2. A security professional discovers a rogue access point on their company WiFi that is not managed by the networking team. The rogue device is altering and deleting sensitive records without authorization. What does this scenario describe?

  • Threat
  • Vulnerability
  • Risk
  • Asset

3. A product team is storing customer survey data for a new project in a cloud drive. The data is only accessible to product team members while the project is in development. What is this data’s asset type?

  • Public
  • Customer data
  • Internal demo
  • Confidential

4. What is the practice of labeling assets based on sensitivity and importance to an organization?

  • Asset inventory
  • Asset classification
  • Asset management
  • Asset restriction

Test your knowledge: Digital and physical assets

5. What is the practice of keeping data in all states away from unauthorized users?

  • Network
  • Cybersecurity
  • Information security
  • Asset

6. An employee is promoted to a new role, so their workstation is transferred to a different office. As the employee’s workstation is being relocated, what data state are its files in?

  • At rest
  • In transit
  • In use
  • In storage

7. What is an example of data in transit?

  • A sent email is traveling over the network to reach its destination.
  • A spreadsheet file is saved on an employee’s hard drive.
  • A manager is editing a report on their computer.
  • A user logs in to their online account to review their messages.

8. Fill in the blank: Data is in use when it is being _____ by one or more users.

  • accessed
  • ignored
  • transported
  • classified

Test your knowledge: Risk and asset security

9. What types of risks do security plans address? Select three answers.

  • Disclosure of data
  • Shift of market conditions
  • Loss of information
  • Damage to assets

10. What are the basic elements of a security plan? Select three answers.

  • Standards
  • Policies
  • Procedures
  • Regulations

11. Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

  • voluntary
  • mandatory
  • limited
  • rigid

12. What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.

  • It helps organizations achieve regulatory standards.
  • It can be used to identify and assess risk.
  • It is required to do business online.
  • It’s adaptable to fit the needs of any business.

Weekly challenge 1

13. A malicious hacker gains access to a company system in order to access sensitive information. What does this scenario describe?

  • Vulnerability
  • Regulation
  • Procedure
  • Threat

14. Fill in the blank: A misconfigured firewall is an example of a security _____.

  • exploit
  • vulnerability
  • threat
  • asset

15. What is the first step of asset management?

  • To assign a risk score to assets
  • To address an asset’s vulnerabilities
  • To make an asset inventory
  • To classify assets based on value

16. A small group of software developers is working internally on a confidential project. They are developing a new web application for the employees at their organization. Who can the developers discuss this confidential project with? Select two answers.

  • External business partners
  • Close friends
  • Teammates
  • Project managers

17. A local chef owns a successful small business that sells cooking sauces and seasoning. Their best-selling product is a sauce that’s made with a top secret family recipe. To continue growing the company, the chef is about to start a partnership with a large retailer. In this scenario, what classification level should be assigned to the chef's proprietary recipe in this scenario?

  • Public
  • Internal
  • Confidential
  • Restricted

18. Fill in the blank: Information security (InfoSec) is the practice of keeping ____ in all states away from unauthorized users.

  • processes
  • documents
  • files
  • data

19. What is an example of data in transit? Select two answers.

  • A slideshow presentation on a thumb drive
  • A file being downloaded from a website
  • A website with multiple files available for download
  • An email being sent to a colleague

20. Who should an effective security plan focus on protecting? Select all that apply.

  • Customers
  • Competitors
  • Employees
  • Business partners

21. Which of the following are components of the NIST Cybersecurity Framework? Select three answers.

  • Profiles
  • Core
  • Controls
  • Tiers

22. Fill in the blank: To measure performance across the functions of the _____, security teams use NIST tiers.

  • profiles
  • core
  • framework
  • business

23. An employee who has access to company assets abuses their privileges by stealing information and selling it for personal gain. What does this scenario describe?

  • Vulnerability
  • Procedure
  • Threat
  • Regulation

24. Which of the following are examples of security vulnerabilities? Select three answers.

  • Unattended laptop
  • Suspended access card
  • Weak password
  • Unlocked doors at a business

25. Which of the following statements correctly describe security asset management? Select two answers.

  • It helps identify risks.
  • It decreases vulnerabilities.
  • It is a one-time process.
  • It uncovers gaps in security.

26. What is an example of restricted information? Select all that apply.

  • Cardholder data
  • Intellectual property
  • Employee email addresses
  • Health information

27. What are some key benefits of a security plan? Select three answers.

  • Define consistent policies that address what’s being protected and why.
  • Establish a shared set of standards for protecting assets.
  • Outline clear procedures that describe how to protect assets and react to threats.
  • Enhance business advantage by collaborating with key partners.

28. Fill in the blank: CSF profiles provide insights into the _____ state of a security plan.

  • historical
  • current
  • future
  • recent

29. An employee is asked to email customers and request that they complete a satisfaction survey. The employee must be given access to confidential information in the company database to conduct the survey. What types of confidential customer information should the employee be able to access from the company's database to do their job? Select two answers.

  • E-mail addresses
  • Credit card data
  • Customer names
  • Home addresses

30. A mobile game displays ads to users. The game is free to users so long as they occasionally view ads from other companies. Should these other companies be able contact the users of the gaming app?

  • Maybe, because users have control over sharing their information.
  • No, because this user information is restricted.
  • Yes, because user information is public.

31. Why is it so challenging to secure digital information? Select two answers.

  • Most information is in the form of data.
  • There are no regulations that protect information.
  • There are so many resources to dedicate to security.
  • Technologies are interconnected.

32. What is an example of confidential information? Select two answers.

  • Press release
  • Employee contacts
  • Project documents
  • Marketing strategy

33. What is an example of data in use? Select three answers.

  • Reading emails in your inbox.
  • Watching a movie on a laptop.
  • Playing music on your phone.
  • Downloading a file attachment.

34. Which of the following are functions of the NIST Cybersecurity Framework core? Select three answers.

  • Implement
  • Protect
  • Detect
  • Respond

Leave a Reply