assets threats and vulnerabilities coursera weekly challenge 3 answers

Test your knowledge: Flaws in the system

1. Which of the following are steps in the vulnerability management process. Select two answers.

  • Identify vulnerabilities
  • Catalog organizational assets
  • Assign a CVE® ID
  • Prepare defenses against threats

2. An organization is attacked by a vulnerability that was previously unknown. What is this exploit an example of?

  • A cipher
  • An asset
  • A zero-day
  • A perimeter layer

3. Which layer of the defense in depth strategy is a user authentication layer that mainly filters external access?

  • Endpoint
  • Data
  • Network
  • Perimeter

4. A security researcher reports a new vulnerability to the CVE® list. Which of the following criteria must the vulnerability meet before it receives a CVE® ID? Select two answers.

  • It must affect multiple applications.
  • The submission must have supporting evidence.
  • The vulnerability must be unknown to the developer.
  • It must be independently fixable.

Test your knowledge: Identify system vulnerabilities

5. Fill in the blank: A vulnerability ____ refers to the internal review process of an organization’s security systems.

  • assessment
  • scoring
  • patch
  • scanner

6. What are the goals of a vulnerability assessment? Select two answers.

  • To reduce overall threat exposure
  • To detect network traffic
  • To audit regulatory compliance
  • To identify existing weaknesses

7. Which of the following remediation examples might be implemented after a vulnerability scan? Select two answers.

  • Training employees to follow new security procedures
  • Identifying misconfigurations in an application
  • Locating vulnerabilities in workstations
  • Installing software updates and patches

8. What are two types of vulnerability scans? Select two answers.

  • Patch or upgrade
  • Authenticated or unauthenticated
  • Limited or comprehensive
  • Risk or threat

Shuffle Q/A 1

Test your knowledge: Cyber attacker mindset

9. What is the difference between an attack vector and an attack surface?

  • An attack surface refers to all the weaknesses of an asset that can be attacked; an attack vector refers to an outdated and vulnerable network.
  • An attack vector refers to the pathways attackers use to penetrate security defenses; an attack surface refers to all the vulnerabilities of an asset that can be exploited.
  • An attack surface refers to the specific pathway of exploiting a weakness; an attack vector refers to all the weaknesses of an asset that can be exploited.
  • An attack surface refers to the specific method of attack; an attack vector refers to an outdated and vulnerable network.

10. What are examples of security hardening? Select three answers.

  • Restarting a crashed application
  • Hashing all user passwords
  • Keeping systems patched and updated
  • Disabling inactive network ports
Next

Leave a Reply