foundations of cybersecurity coursera weekly challenge 3 answers
Test your knowledge: Frameworks and controls
1. Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.
- control
- framework
- regulation
- lifecycle
2. An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?
- Security control
- Data confidentiality
- Cybersecurity Framework (CSF)
- Personally identifiable information (PII)
3. What is a foundational model that informs how organizations consider risk when setting up systems and security policies?
- Cybersecurity Framework (CSF)
- Sensitive personally identifiable information (SPII)
- Confidentiality, integrity, and availability (CIA) triad
- General Data Protection Regulation law (GDPR)
4. Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.
- True
- False
Test your knowledge: Ethics in cybersecurity
5. An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.
- Confidentiality
- Laws
- Privacy protections
- Remaining unbiased
6. Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.
- business networks
- personal information
- documentation
- compliance processes
7. You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?
- Request identification from your manager to ensure the text message is authentic; then, provide the birth date.
- Respectfully decline, then remind your manager of the organization’s guidelines.
- Give your manager the employee’s birth date; a party is a friendly gesture.
- Ask your manager to provide proof of their inability to access the database.
8. You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?
- Escalate the situation by involving other organizations that have been targeted.
- Improve the company’s defenses to help prevent future attacks.
- Target a specific hacktivist group as a warning to the others.
- Conduct cyberattacks against each hacktivist group that claimed responsibility.
Shuffle Q/A 1
Weekly challenge 3
9. What are some of the primary purposes of security frameworks? Select three answers.
- Protecting PII data
- Managing organizational risks
- Safeguarding specific individuals
- Aligning security with business goals
10. Which of the following are core components of security frameworks? Select two answers.
- Managing data requests
- Identifying and documenting security goals
- Monitoring and communicating results
- Monitoring personally identifiable information
