sound the alarm detection and response coursera weekly challenge 3 answers
Test your knowledge: Incident detection and verification
2. Why do security analysts refine alert rules? Select two answers.
- To increase alert volumes
- To reduce false positive alerts
- To create threat intelligence
- To improve the accuracy of detection technologies
3. Fill in the blank: _____ involves the investigation and validation of alerts.
- Honeypot
- Detection
- Analysis
- Threat hunting
4. What are some causes of high alert volumes? Select two answers.
- Refined detection rules
- Broad detection rules
- Misconfigured alert settings
- Sophisticated evasion techniques
Test your knowledge: Response and recovery
5. A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee's computer. Which step of the triage process does this scenario describe?
- Receive and assess
- Add context
- Collect and analyze
- Assign priority
6. What is triage?
- The prioritizing of incidents according to their level of importance or urgency
- A document that outlines the procedures to sustain business operations during and after a significant disruption
- The ability to prepare for, respond to, and recover from disruptions
- The process of returning affected systems back to normal operations
7. Fill in the blank: _____ is the act of limiting and preventing additional damage caused by an incident.
- Eradication
- Resilience
- Containment
- Recovery
8. Which examples describe actions related to the eradication of an incident? Select two answers.
- Apply a patch
- Complete a vulnerability scan
- Investigate logs to verify the incident
Develop a business continuity plan
Shuffle Q/A 1
Activity: Review a final report
9. What type of security incident was the organization affected by?
- Ransomware
- Data theft
- Phishing
- Malware
10. Which section of the report includes an explanation of the root cause of the incident?
- Investigation
- Recommendations
- Timeline
- Executive summary
