play it safe manage security risks coursera weekly challenge 2 answers

Test your knowledge: More about frameworks and controls

1. How do security frameworks enable security professionals to help mitigate risk?

  • They are used to establish laws that reduce a specific security risk.
  • They are used to create unique physical characteristics to verify a person’s identity.
  • They are used to refine elements of a core security model known as the CIA triad.
  • They are used to establish guidelines for building security plans.

2. Competitor organizations are the biggest threat to a company’s security.

  • True
  • False

3. Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.

  • public
  • broadscale
  • specific
  • general

4. A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?

  • Authentication
  • Encryption
  • Authorization
  • Ciphertext

Test your knowledge: The CIA triad

5. What is the CIA triad?

  • Ongoing validation processes involving all employees in an organization
  • A foundational security model used to set up security policies and systems
  • A set of security controls used to update systems and networks
  • A mandatory security framework involving the selection of appropriate controls

6. Which element of the CIA triad specifies that only authorized users can access specific information?

  • Access
  • Confirmation
  • Integrity
  • Confidentiality

7. A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?

  • Applicability
  • Capacity
  • Integrity
  • Availability

8. Fill in the blank: According to the CIA triad, _____ refers to ensuring that an organization's data is verifiably correct, authentic, and reliable.

  • Availability
  • Credibility
  • Accuracy
  • Integrity

Test your knowledge: NIST frameworks

9. What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?

  • A collection of security principles focused on maintaining confidentiality, integrity, and availability
  • A required business framework for ensuring security updates and repairs are successful
  • A set of security controls that help analysts determine what to do if a data breach occurs
  • Standards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk

10. Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.

  • regulate
  • respond
  • reevaluate
  • reflect

11. Fill in the blank: By enabling security professionals to determine which devices have been affected, the CSF _____ function helps organizations manage cybersecurity risks and their effects.

  • protect
  • identify
  • detect
  • recover

12. What does a security analyst’s work involve during the CSF recover function?

  • Return affected systems back to normal operation
  • Protect an organization through the implementation of employee training
  • Contain, neutralize, and analyze security incidents
  • Pinpoint threats and improve monitoring capabilities

Weekly challenge 2

13. What does a security professional use to create guidelines and plans that educate employees about how they can help protect the organization?

  • Security posture
  • Security audit
  • Security framework
  • Security hardening

14. Fill in the blank: A security professional uses _____ to convert data from a readable format to an encoded format.

  • authorization
  • authentication
  • encryption
  • confidentiality

15. Which of the following characteristics are examples of biometrics? Select all that apply.

  • Voice
  • Fingerprint
  • Eye scan
  • Password

16. You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?

  • Confidentiality
  • Availability
  • Integrity
  • Accuracy

17. Which of the following statements accurately describe the CSF? Select all that apply.

  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
  • Implementing improvements to a security process is part of the respond function of the CSF.
  • The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.
  • The protect function of the CSF involves returning affected systems back to normal operation.

18. A security team has just finished addressing a recent security incident. They now conduct tests to ensure that all of their repairs were successful. Which OWASP principle does this scenario describe?

  • Minimize attack surface area
  • Fix security issues correctly
  • Principle of least privilege
  • Separation of duties

19. What are some of the primary objectives of an internal security audit? Select all that apply.

  • Determine what needs to be improved in order to achieve the desired security posture
  • Help security teams identify organizational risk
  • Avoid fines due to a lack of compliance
  • Reduce the amount of data on a network

20. Fill in the blank: In an internal security audit, _____ refers to identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.

  • completing a controls assessment
  • implementing administrative controls
  • scope
  • goals

21. A security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?

  • Completing a controls assessment
  • Assessing compliance
  • Establishing the scope and goals
  • Communicating results

22. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • Strategies for improving security posture
  • A summary of the goals
  • Detailed data about past cybersecurity incidents
  • Existing risks that need to be addressed now or in the future

23. How do organizations use security frameworks to develop an effective security posture?

  • As a policy to protect against phishing campaigns
  • As a policy to support employee training initiatives
  • As a guide to identify threat actor strategies
  • As a guide to reduce risk and protect data and privacy

24. Fill in the blank: An employee using multi-factor authentication to verify their identity is an example of the _____ process.

  • confidentiality
  • integrity
  • authentication
  • encryption

25. You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

  • Confidentiality
  • Availability
  • Credibility
  • Integrity

26. A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

  • Fix security issues correctly
  • Keep security simple
  • Defense in depth
  • Principle of least privilege

27. What are some of the primary objectives of an internal security audit? Select all that apply.

  • Help security teams correct compliance issues
  • Enable security teams to assess controls
  • Limit traffic on an organization’s firewall
  • Identify any security gaps or weaknesses within an organization

28. A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?

  • Physical controls
  • Technical controls
  • Administrative controls
  • Compliance controls

29. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • A list of existing risks
  • Results and recommendations
  • Questions about specific controls
  • A summary of the scope

30. What is the purpose of a security framework?

  • Create security controls to protect marketing campaigns
  • Develop procedures to help identify productivity goals
  • Establish policies to expand business relationships

  • Build plans to help mitigate risks and threats to data and privacy

31. Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.

  • authorization
  • encryption
  • integrity
  • admission

32. Which of the following statements accurately describe the CSF? Select all that apply.

  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
  • The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections.
  • Restoring affected files or data is part of the recover function of the CSF.
  • The identify function of the CSF involves returning affected systems back to normal operation.

33. A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

  • Defense in depth
  • Principle of least privilege
  • Keep security simple
  • Separation of duties

34. Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

  • communicating to stakeholders
  • conducting a risk assessment
  • assessing compliance
  • establishing the scope and goals

35. A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

  • Communication controls
  • Administrative controls
  • Technical controls
  • Physical controls

36. A person’s fingerprint, eye or palm scan are examples of what?

  • Codes
  • Biometrics
  • Passwords
  • Statistics

37. Which of the following statements accurately describe the CSF? Select all that apply.

  • The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
  • Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
  • The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

38. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • Results and recommendations
  • Comprehensive details about each part of the process
  • Compliance regulations to be adhered to
  • Strategies for improving security posture

Leave a Reply