sound the alarm detection and response coursera weekly challenge 2 answers

Test your knowledge: The incident response lifecycle

1. How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?

  • They define the attacker’s intentions.
  • They provide a way to identify an attack.
  • They capture network activity.
  • They confirm that a security incident happened.

2. Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.

  • pivoting
  • exfiltration
  • infiltration
  • network traffic

3. An attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?

  • Large internal file transfer
  • Phishing
  • Lateral movement
  • Network data

4. What can security professionals use network traffic analysis for? Select three answers.

  • To understand network traffic patterns
  • To identify malicious activity
  • To secure critical assets
  • To monitor network activity

Test your knowledge: Capture and view network traffic

5. Which component of a packet contains the actual data that is intended to be sent to its destination?

  • Protocol
  • Header
  • Payload
  • Footer

6. Fill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.

  • packet capture
  • network protocol analyzer
  • network statistic
  • protocol

7. Which field of an IP header is used to identify whether IPv4 or IPv6 is used?

  • Type of Service
  • Options
  • Flags
  • Version

8. Which network protocol analyzer is accessed through a graphical user interface?

  • TShark
  • Wireshark
  • tcpdump
  • Libpcap

Test your knowledge: Packet inspection

9. Which tcpdump option is used to specify the network interface?

  • -n
  • -i
  • -v
  • -c

10. What is needed to access the tcpdump network protocol analyzer?

  • Command-line interface
  • Packet capture
  • Output
  • Graphical user interface

11. What is the first field found in the output of a tcpdump command?

  • Version
  • Timestamp
  • Protocol
  • Source IP

12. You are using tcpdump to capture network traffic on your local computer. You would like to save the network traffic to a packet capture file for later analysis. Which tcpdump option should you use?

  • -c
  • -r
  • -w
  • -v

Weekly challenge 2

13. Fill in the blank: _____ describes the amount of data that moves across a network.

  • Traffic flow
  • Data exfiltration
  • Network traffic
  • Network data

14. What tactic do malicious actors use to maintain and expand unauthorized access into a network?

  • Exfiltration
  • Phishing
  • Data size reduction
  • Lateral movement

15. Which packet component contains protocol information?

  • Payload
  • Footer
  • Route
  • Header

16. Do packet capture files provide detailed snapshots of network communications?

  • Yes. Packet capture files provide information about network data packets that were intercepted from a network interface.
  • No. Packet capture files do not contain detailed information about network data packets.
  • Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.

17. How do network protocol analyzers help security analysts analyze network communications? Select two answers.

  • They take action to improve network performance.
  • They provide the ability to filter and sort packet capture information to find relevant information.
  • They take action to block network intrusions.
  • They provide the ability to collect network communications.

18. Which protocol is considered the foundation for all internet communications?

  • UDP
  • IPv4
  • TCP
  • HTTP

19. What is used to determine whether errors have occurred in the IPv4 header?

  • Flags
  • Protocol
  • Checksum
  • Header

20. What is the process of breaking down packets known as?

  • Fragment Offset
  • Fragmentation
  • Flags
  • Checksum

21. Which tcpdump command outputs detailed packet information?

  • sudo tcpdump -v any -i 
  • sudo tcpdump -i any -v
  • sudo tcpdump -i any -c 100
  • sudo tcpdump -i any -n

22. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

What is the source IP address?

  • 22:00:19.538395
  • 198.111.123.1
  • 198.168.105.1
  • 41012

23. Why is network traffic monitoring important in cybersecurity? Select two answers.

  • It provides a method of classifying critical assets.
  • It helps detect network intrusions and attacks
  • It helps identify deviations from expected traffic flows.
  • It provides a method to encrypt communications.

24. What information do packet headers contain? Select three answers.

  • Protocols
  • Payload data
  • IP addresses
  • Ports

25. Fill in the blank: Network protocol analyzers can save network communications into files known as a _____.

  • protocol
  • packet capture
  • payload
  • network packet

26. Which layer of the TCP/IP model does the Internet Protocol (IP) operate on?

  • Internet
  • Application
  • Transport
  • Network Access

27. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

Which protocols are being used? Select two answers.

  • TOS
  • UDP
  • IP
  • TCP

28. What are some defensive measures that can be used to protect against data exfiltration? Select two answers.

  • Utilize lateral movement
  • Monitor network activity
  • Deploy multi-factor authentication
  • Reduce file sizes

29. Network protocol analyzer tools are available to be used with which of the following? Select two answers.

  • Network interface card
  • Internet protocol
  • Graphical user interface
  • Command-line interface

30. Which IPv4 header fields involve fragmentation? Select three answers.

  • Flags
  • Identification
  • Type of Service
  • Fragment Offset

31. Which tcpdump option is used to specify the capture of 5 packets?

  • -v 5
  • -i 5
  • -c 5
  • -n 5

32. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

What is the value of the Type of Service field?

  • 0x10
  • 6
  • 501
  • 0x50af

33. What type of attack involves the unauthorized transmission of data from a system?

  • Data leak
  • Data exfiltration
  • Packet classification
  • Packet crafting

34. Which of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.

  • Outbound network traffic to an unauthorized file hosting service
  • Unexpected modifications to files containing sensitive data
  • Multiple successful multi-factor authentication logins
  • Network performance issues

35. Fill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.

  • Linux
  • command-line
  • internet
  • graphical user 

36. Which layer of the TCP/IP model is responsible for accepting and delivering packets in a network?

  • Transport
  • Internet
  • Network Access
  • Application

37. Which IPv4 field determines how long a packet can travel before it gets dropped?

  • Options
  • Header Checksum
  • Time to Live
  • Type of Service

38. How are IP headers valuable for security analysts during investigations?

  • They provide the foundation for communications over the internet.
  • They provide the ability to modify network communications.
  • They provide insight into the details of network communications.
  • They provide the ability to visualize network communications.

Leave a Reply