assets threats and vulnerabilities coursera weekly challenge 3 answers
Test your knowledge: Flaws in the system
1. Which of the following are steps in the vulnerability management process. Select two answers.
- Identify vulnerabilities
- Catalog organizational assets
- Assign a CVE® ID
- Prepare defenses against threats
2. An organization is attacked by a vulnerability that was previously unknown. What is this exploit an example of?
- A cipher
- An asset
- A zero-day
- A perimeter layer
3. Which layer of the defense in depth strategy is a user authentication layer that mainly filters external access?
- Endpoint
- Data
- Network
- Perimeter
4. A security researcher reports a new vulnerability to the CVE® list. Which of the following criteria must the vulnerability meet before it receives a CVE® ID? Select two answers.
- It must affect multiple applications.
- The submission must have supporting evidence.
- The vulnerability must be unknown to the developer.
- It must be independently fixable.
Test your knowledge: Identify system vulnerabilities
5. Fill in the blank: A vulnerability ____ refers to the internal review process of an organization’s security systems.
- assessment
- scoring
- patch
- scanner
6. What are the goals of a vulnerability assessment? Select two answers.
- To reduce overall threat exposure
- To detect network traffic
- To audit regulatory compliance
- To identify existing weaknesses
7. Which of the following remediation examples might be implemented after a vulnerability scan? Select two answers.
- Training employees to follow new security procedures
- Identifying misconfigurations in an application
- Locating vulnerabilities in workstations
- Installing software updates and patches
8. What are two types of vulnerability scans? Select two answers.
- Patch or upgrade
- Authenticated or unauthenticated
- Limited or comprehensive
- Risk or threat
Shuffle Q/A 1
Test your knowledge: Cyber attacker mindset
9. What is the difference between an attack vector and an attack surface?
- An attack surface refers to all the weaknesses of an asset that can be attacked; an attack vector refers to an outdated and vulnerable network.
- An attack vector refers to the pathways attackers use to penetrate security defenses; an attack surface refers to all the vulnerabilities of an asset that can be exploited.
- An attack surface refers to the specific pathway of exploiting a weakness; an attack vector refers to all the weaknesses of an asset that can be exploited.
- An attack surface refers to the specific method of attack; an attack vector refers to an outdated and vulnerable network.
10. What are examples of security hardening? Select three answers.
- Restarting a crashed application
- Hashing all user passwords
- Keeping systems patched and updated
- Disabling inactive network ports