put it to work prepare for cyber security jobs coursera weekly challenge 2 answers

Test your knowledge: To escalate or not to escalate

1. Fill in the blank: A malware infection is an incident type that occurs when _____.

  • a website experiences high traffic volumes
  • malicious software designed to disrupt a system infiltrates an organization’s computers or network
  • a computer’s speed and performance improves
  • an employee of an organization violates the organization’s acceptable use policies

2. Fill in the blank: Improper usage is an incident type that occurs when _____.

  • an individual gains digital or physical access to a system or application without permission
  • malicious software designed to disrupt a system infiltrates an organization’s computers or network.
  • an employee of an organization violates the organization’s acceptable use policies
  • an employee that runs an organization’s public relations posts incorrect data on the company’s social media page

3. When should you escalate improper usage to a supervisor?

  • Improper usage incidents should always be escalated out of caution.
  • Improper usage incidents should be escalated if there is a high level of improper usage.
  • Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.
  • Improper usage does not need to be escalated because these are in-house scenarios that can be handled without reporting them to the security team.

4. Fill in the blank: Unauthorized access is an incident type that occurs when _____.

  • an individual gains digital or physical access to a system, data, or an application without permission
  • an individual gains digital or physical access to a system, data, or an application without permission
  • malicious software designed to disrupt a system infiltrates an organization’s computers or network
  • an employee of an organization violates the organization’s acceptable use policies

Test your knowledge: Timing is everything

5. All security incidents should be escalated.

  • True
  • False

6. Which incident can have the most impact on an organization?

  • An employee forgets their login credentials
  • A user’s social media password is leaked
  • A manufacturing plant’s network is compromised
  • An organization’s guest Wi-Fi network is down

7. Fill in the blank: A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled.

  • playbook
  • event
  • security incident
  • escalation policy

8. Which incident classification type occurs when an employee violates an organization’s acceptable use policy?

  • Improper usage
  • Malware infection
  • Unauthorized access
  • Containment

Weekly challenge 2

9. What security term describes the identification of a potential security event, triaging it, and handing it off to a more experienced team member?

  • Incident escalation
  • SOC operations
  • Social engineering
  • Data security protection

10. Which skills will help you identify security incidents that need to be escalated? Select two answers.

  • Excellent communication skills
  • Ability to collaborate well with others
  • Attention to detail
  • Ability to follow an organization’s escalation guidelines or processes

11. Fill in the blank: Entry-level analysts might need to escalate various incident types, including _____.

  • noncompliance of tax laws
  • mismanagement of funds
  • improper usage
  • missing software

12. Improper usage can be intentional; other times it can be accidental. How should you decide which acts of improper usage should be escalated to a supervisor?

  • Improper usage incidents should always be escalated as a precaution.
  • Improper usage should never be escalated to a supervisor.
  • Only intentional acts of improper usage should be escalated.
  • Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.

13. You are alerted that a hacker has gained unauthorized access to one of your organization’s manufacturing applications. At the same time, an employee’s account has been flagged for multiple failed login attempts. Which incident should be escalated first?

  • Both security incidents should be escalated at the same time.
  • The incident involving the employee who is unable to log in to their account should be escalated first.
  • The incident involving the malicious actor who has gained unauthorized access to the manufacturing application should be escalated first.
  • The best thing to do is escalate the incident that your supervisor advised you to escalate first.

14. What is the best way to determine the urgency of a security incident?

  • Contact the risk assessment team to determine urgency.
  • Reach out to the organization’s Red Team supervisor to determine urgency.
  • Identify the importance of the assets affected by the security incident.
  • Email the Chief Information Security Officer (CISO) of the company for clarification.

15. Fill in the blank: An escalation policy is a set of actions that outlines _____.

  • how to manage the security stakeholders of an organization
  • how to escalate customer service complaints
  • how to defend an organization’s data and assets
  • how to handle a security incident alert

16. Fill in the blank: _____ is important when following a company’s escalation policy to ensure you follow the policy correctly.

  • Attention to detail
  • Delegating tasks
  • Reading quickly
  • Working remotely

17. Fill in the blank: An entry-level analyst helps the security team make sure the _____ person on the team is alerted when incidents occur.

  • technical
  • available
  • correct
  • most senior-level

18. Which of the following security incidents is likely to have the most negative impact on an organization?

  • An employee sends an email to the wrong colleague
  • Unauthorized access to a manufacturing application
  • An employee’s account flagged for multiple login attempts
  • An employee having a phone conversation about a work project in the breakroom

19. Fill in the blank: _____ is a skill that will help you identify security incidents that need to be escalated.

  • Graphics design
  • Attention to detail
  • Leadership
  • Linux operations

20. As a security analyst, you might be asked to escalate various incidents. Which of the following are common incident classification types? Select two answers.

  • Malware infection
  • SPAM
  • Gift card scam
  • Unauthorized access

21. An employee attempting to access software on their work device for personal use can be an example of what security incident type?

  • Unauthorized access
  • Improper usage
  • Malware infection
  • Social engineering

22. What is a potential negative consequence of not properly escalating a small security incident? Select two answers.

  • The company can suffer a loss in reputation.
  • The company’s antivirus software can be uninstalled.
  • The company’s employee retention percentage can decrease drastically.
  • The company can suffer a financial loss.

23. You have recently been hired as a security analyst for an organization. You previously worked at another company doing security, and you were very familiar with their escalation policy. Why would it be important for you to learn your new company’s escalation policy?

  • Every company has a different escalation policy, and it is an analyst’s job to ensure incidents are handled correctly.
  • The policy will help you analyze data logs.
  • The policy will advise you on who to report to each day.
  • The escalation policy will help you with vulnerability scanning.

24. Fill in the blank: An _____ will help an entry-level analyst to know when and how to escalate a security incident.

  • executive security dashboard
  • escalation policy
  • employee security handbook
  • blue team CIRT guideline

25. Fill in the blank: Incident escalation is the process of _____.

  • reporting a security incident to a human resource department for compliance purposes
  • properly assessing security events
  • creating a visual dashboard that shows security stakeholders the amount of security incidents taking place
  • identifying a potential security incident , triaging it, and handing it off to a more experienced team member

26. What does attention to detail and following an organization’s security event notification process help you with?

  • Vulnerability scanning
  • Incident escalation
  • Security data forensics
  • Log monitoring

27. What elements of security do terms like unauthorized access, malware infections, and improper usage describe?

  • Public press releases
  • Phishing attempts
  • Company job descriptions
  • Incident classification types

28. Which of the following security incidents can have the most damaging impact to an organization?

  • A system containing customer PII is compromised
  • A company’s social media account is compromised
  • The guest Wi-Fi network for a company is hacked
  • An employee forgets their password and logs too many failed login attempts

29. A security analyst for an organization notices unusual log activity in an app that was recently banned from the organization. However, the analyst forgets to escalate this activity to the proper personnel. What potential impact can this small incident have on the organization?

  • Small incidents rarely have any impact on an organization.
  • The organization might need to delete its social media profile.
  • It can become a bigger threat.
  • The third-party assessment team might be removed by the organization.

30. What security term is defined as a set of actions that outlines who should be notified when an incident alert occurs?

  • A security risk assessor
  • An escalation policy
  • A network architecture alert
  • A vulnerability scan system

31. Why is it important for analysts to follow a company’s escalation policy? Select two answers.

  • An escalation policy can help analysts determine the best way to cross-collaborate with other members of their organization.
  • An escalation policy instructs analysts on the right person to contact during an incident.
  • An escalation policy can help analysts determine which tools to use to solve an issue.
  • An escalation policy can help analysts prioritize which security events need to be escalated with more or less urgency.

32. A new security analyst has just been hired to an organization and is advised to read through the company’s escalation policy. What kind of information will the analyst be educated on when reading through this policy?

  • They will learn when and how to escalate security incidents.
  • They will learn the best way to communicate with stakeholders.
  • They will learn how to use the Linux operating system.
  • They will learn the best way to create visual dashboards to communicate with executives.

33. Unauthorized access to a system with PII is _____ critical than an employee’s account being flagged for multiple failed login attempts.

  • marginally
  • more
  • equally
  • less

34. How can an escalation policy help security analysts do their jobs?

  • An escalation policy outlines who should be notified when an incident occurs.
  • An escalation policy outlines when to alert the public of a data breach.
  • An escalation policy educates analysts on how to be aware of phishing attempts.
  • An escalation policy instructs the analysts on how to scan for vulnerabilities.

Leave a Reply