sound the alarm detection and response coursera weekly challenge 3 answers

Test your knowledge: Incident detection and verification

1. Do detection tools have limitations in their detection capabilities?

  • Yes
  • No

2. Why do security analysts refine alert rules? Select two answers.

  • To increase alert volumes
  • To reduce false positive alerts
  • To create threat intelligence
  • To improve the accuracy of detection technologies

3. Fill in the blank: _____ involves the investigation and validation of alerts.

  • Honeypot
  • Detection
  • Analysis
  • Threat hunting

4. What are some causes of high alert volumes? Select two answers.

  • Refined detection rules
  • Broad detection rules
  • Misconfigured alert settings
  • Sophisticated evasion techniques

Test your knowledge: Response and recovery

5. A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee's computer. Which step of the triage process does this scenario describe?

  • Receive and assess
  • Add context
  • Collect and analyze
  • Assign priority

6. What is triage?

  • The prioritizing of incidents according to their level of importance or urgency
  • A document that outlines the procedures to sustain business operations during and after a significant disruption
  • The ability to prepare for, respond to, and recover from disruptions
  • The process of returning affected systems back to normal operations

7. Fill in the blank: _____ is the act of limiting and preventing additional damage caused by an incident.

  • Eradication
  • Resilience
  • Containment
  • Recovery

8. Which examples describe actions related to the eradication of an incident? Select two answers.

  • Apply a patch
  • Complete a vulnerability scan
  • Investigate logs to verify the incident
  • Develop a business continuity plan

Shuffle Q/A 1

Activity: Review a final report

9. What type of security incident was the organization affected by?

  • Ransomware
  • Data theft
  • Phishing
  • Malware

10. Which section of the report includes an explanation of the root cause of the incident?

  • Investigation
  • Recommendations
  • Timeline
  • Executive summary

Leave a Reply