sound the alarm detection and response coursera weekly challenge 1 answers

Test your knowledge: The incident response lifecycle

1. The first phase of the NIST Incident Response Lifecycle is Preparation. What are the other phases? Select three answers.

  • Identify
  • Post-Incident Activity
  • Detection and Analysis
  • Containment, Eradication, and Recovery

2. What type of process is the NIST Incident Response Lifecycle?

  • Linear
  • Phased
  • Observable
  • Cyclical

3. Fill in the blank: An _____ is an observable occurrence on a network, system, or device.

  • analysis
  • incident
  • event
  • investigation

4. A security professional investigates an incident. Their goal is to gain information about the 5 W's, which include what happened and why. What are the other W's? Select three answers.

  • Which type of incident it was
  • Who triggered the incident
  • Where the incident took place
  • When the incident took place

Test your knowledge: Incident response operations

5. What are the goals of a computer security incident response team (CSIRT)? Select three answers.

  • To provide services and resources for response and recovery
  • To manage incidents
  • To handle the public disclosure of an incident
  • To prevent future incidents from occurring

6. Which document outlines the procedures to follow after an organization experiences a ransomware attack?

  • A network diagram
  • A contact list
  • A security policy
  • An incident response plan

7. Fill in the blank: The job of _____ is to investigate alerts and determine whether an incident has occurred.

  • technical leads
  • security analysts
  • incident coordinators
  • public relations representative

8. Which member of a CSIRT is responsible for tracking and managing the activities of all teams involved in the response process?

  • Technical lead
  • Incident coordinator
  • Public relations representative
  • Security analyst

Test your knowledge: Detection and documentation tools

9. What are some examples of types of documentation? Select three answers.

  • Final reports
  • Word processors
  • Policies
  • Playbooks

10. Fill in the blank: Ticketing systems such as _____ can be used to document and track incidents.

  • Cameras
  • Evernote
  • Jira
  • Excel

11. What application monitors system activity, then produces alerts about possible intrusions?

  • Intrusion detection system
  • Playbook
  • Product manual
  • Word processor

12. What actions does an intrusion prevention system (IPS) perform? Select three answers.

  • Detect abnormal activity
  • Stop intrusive activity
  • Monitor activity
  • Manage security incidents

Weekly challenge 1

13. Which of the following is an example of a security incident?

  • Multiple unauthorized transfers of sensitive documents to an external system.
  • A company’s experiences increased traffic volumes on their website because of a new product release.
  • An extreme weather event causes a network outage.
  • An authorized user emails a file to a customer.

14. What is the NIST Incident Response Lifecycle?

  • The method of closing an investigation
  • A framework that provides a blueprint for effective incident response
  • A system that only includes regulatory standards and guidelines
  • The process used to document events

15. Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.

  • Containment, Eradication, and Recovery
  • Preparation
  • Detection and Analysis
  • Protection

16. What are some roles included in a computer security incident response team (CSIRT)? Select three answers.

  • Security analyst
  • Incident coordinator
  • Technical lead
  • Incident manager

17. What is an incident response plan?

  • A document that outlines the procedures to take in each step of incident response
  • A document that outlines a security team’s contact information
  • A document that details system information
  • A document that contains policies, standards, and procedures

18. A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert's evidence in greater detail?

  • A recovery tool
  • A documentation tool
  • An investigative tool
  • A detection tool

19. Which of the following methods can a security analyst use to create effective documentation? Select two answers.

  • Provide clear and concise explanations of concepts and processes.
  • Write documentation in a way that reduces confusion.
  • Provide documentation in a paper-based format.
  • Write documentation using technical language.

20. What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

  • An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
  • An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
  • An IDS automates response and an IPS generates alerts.
  • An IDS and an IPS both have the same capabilities.

21. What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?

  • The creation of raw log data
  • The analysis and response to a security incident
  • The creation of potential threats
  • The analysis of a centralized platform

22. Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.

  • data analysis
  • data collection
  • data aggregation
  • data normalization

23. Which step does the NIST Incident Response Lifecycle begin with?

  • Post-Incident Activity
  • Preparation
  • Detection and Analysis
  • Containment, Eradication and Recovery

24. What is a computer security incident response team (CSIRT)?

  • A specialized group of security professionals who focus on incident prevention
  • A specialized group of security professionals who are solely dedicated to crisis management
  • A specialized group of security professionals who are trained in incident management and response
  • A specialized group of security professionals who work in isolation from other departments

25. Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.

  • policies
  • exercises
  • instructions
  • procedures

26. Which of the following best describes how security analysts use security tools?

  • They only use detection and management tools during incident investigations.
  • They only use documentation tools for incident response tasks.
  • They use a combination of different tools for various tasks.
  • They only use a single tool to monitor, detect, and analyze events.

27. What are the qualities of effective documentation? Select three answers.

  • Consistent
  • Clear
  • Accurate
  • Brief

28. Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.

  • stops
  • reports
  • pauses
  • detects

29. What happens during the data collection and aggregation step of the SIEM process? Select two answers.

  • Data is analyzed according to rules.
  • Data is collected from different sources.
  • Data is centralized in one place.
  • Data is cleaned and transformed.

30. Which of the following statements describe security incidents and events?

  • All security incidents are events, but not all events are security incidents.
  • Security incidents and events are the same.
  • Security incidents and events are unrelated.
  • All events are security incidents, but not all security incidents are events.

31. A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?

  • Only use each step once.
  • Complete the steps in any order.
  • Skip irrelevant steps.
  • Overlap the steps as needed.

32. Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.

  • computer security incident response team
  • forensic investigation team
  • threat hunter group
  • risk assessment group

33. A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?

  • Aggregate data
  • Analyze data
  • Collect data
  • Normalize data

34. Which of the following is an example of a security incident?

  • An unauthorized user successfully changes the password of an account that does not belong to them.
  • An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
  • A user installs a device on their computer that is allowed by an organization’s policy.
  • A software bug causes an application to crash.

35. What are investigative tools used for?

  • Managing alerts
  • Documenting incidents
  • Monitoring activity
  • Analyzing events

Leave a Reply