sound the alarm detection and response coursera weekly challenge 2 answers
Test your knowledge: The incident response lifecycle
1. How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?
- They define the attacker’s intentions.
- They provide a way to identify an attack.
- They capture network activity.
- They confirm that a security incident happened.
2. Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.
- pivoting
- exfiltration
- infiltration
- network traffic
3. An attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?
- Large internal file transfer
- Phishing
- Lateral movement
- Network data
4. What can security professionals use network traffic analysis for? Select three answers.
- To understand network traffic patterns
- To identify malicious activity
- To secure critical assets
- To monitor network activity
Test your knowledge: Capture and view network traffic
5. Which component of a packet contains the actual data that is intended to be sent to its destination?
- Protocol
- Header
- Payload
- Footer
6. Fill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.
- packet capture
- network protocol analyzer
- network statistic
- protocol
7. Which field of an IP header is used to identify whether IPv4 or IPv6 is used?
- Type of Service
- Options
- Flags
- Version
8. Which network protocol analyzer is accessed through a graphical user interface?
- TShark
- Wireshark
- tcpdump
- Libpcap
Shuffle Q/A 1
Test your knowledge: Packet inspection
10. What is needed to access the tcpdump network protocol analyzer?
- Command-line interface
- Packet capture
- Output
- Graphical user interface
