assets threats and vulnerabilities coursera weekly challenge 4 answers

Test your knowledge: Social engineering

1. Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

  • Whaling
  • Baiting
  • Phishing
  • Quid pro quo

2. What type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?

  • Tailgating
  • Angler phishing
  • Smishing
  • Vishing

3. Fill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.

  • disconnect from the target
  • evaluate defenses
  • spread awareness with others
  • stay informed of security trends

4. Phishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.

  • Fraudulent web links
  • Malicious attachments
  • Email filters
  • Fake data-collection forms

Test your knowledge: Malware

5. Which of the following are types of malware? Select two answers.

  • Spyware
  • Dictionary attacks
  • Viruses
  • Credential stuffing

6. Fill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.

  • Botnets
  • Trojans
  • Rootkits
  • Worms

7. What is it called when someone's computing resources are illegally hijacked to mine cryptocurrencies?

  • Cryptojacking
  • Rootkit
  • Trojan horse
  • Spyware

8. Which of the following are common signs of a malware infection? Select three answers.

  • Files are suddenly encrypted
  • Increased CPU usage
  • Unusual system crashes
  • Slowdowns in performance

Test your knowledge: Web-based exploits

9. Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.

  • Spear phishing
  • Web-based exploits
  • Command-line interface
  • Social engineering

10. Cross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.

  • SQL
  • JavaScript
  • Python
  • HTML

11. What server-side code can be used to defend against SQL injection attacks?

  • Prepared statement
  • Injection attack
  • Input validation
  • Phishing kit

12. What are two examples of when SQL injections can take place?

  • When using the login form to access a site
  • When a malicious script exists in the webpage a browser loads
  • When a malicious script is injected directly on the server
  • When a user enters their credentials

13. In a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.

  • Exploiting languages
  • Gain administrative rights
  • Sensitive information
  • Categorize the environment

Weekly challenge 4

14. Which of the following could be examples of social engineering attacks? Select three answers.

  • An unfamiliar employee asking you to hold the door open to a restricted area
  • An email urgently asking you to send money to help a friend who is stuck in a foreign country
  • A lost record of important customer information
  • A pop-up advertisement promising a large cash reward in return for sensitive information

15. What is the main difference between a vishing attack and a smishing attack?

  • Vishing makes use of voice calls to trick targets.
  • Vishing involves a widespread email campaign to steal information.
  • Vishing is used to target executives at an organization.
  • Vishing exploits social media posts to identify targets.

16. A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.

The malware hidden in this editing software is an example of which type of malware?

  • scareware
  • spyware
  • trojan
  • adware

17. What are the characteristics of a ransomware attack? Select three answers.

  • Attackers demand payment to restore access to a device.
  • Attackers make themselves known to their targets.
  • Attackers encrypt data on the device without the user’s permission.
  • Attackers display unwanted advertisements on the device.

18. Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

  • mine
  • collect
  • invest
  • earn

19. Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.

What type of attack did the researchers perform?

  • Malware
  • Social engineering
  • Ransomware
  • Injection

20. An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site's server and activated during the server’s response.

This is an example of what type of injection attack?

  • DOM-based
  • SQL injection
  • Reflected
  • Stored

21. What is one way to prevent SQL injection?

  • Having well-written code
  • Excluding prepared statements
  • Including application design flaws
  • Downloading malicious apps

22. What should security teams do after identifying threats, according to the threat modeling process? Select two answers.

  • Identify who might perform an attack and how
  • Examine existing protections and identify gaps
  • Consider how users interact with an environment
  • Determine mitigation strategies

23. During which stage of the PASTA framework is an attack tree created?

  • Decomposing an application
  • Vulnerability analysis
  • Threat analysis
  • Attack modeling

24. Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

  • impersonate a relative
  • distribute malicious email
  • establish trust
  • obtain access credentials

25. Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

  • Smishing
  • Whaling
  • Vishing

  • Pretexting

26. Which of the following are not types of malware? Select two answers.

  • Worm
  • SQL injection
  • Cross-site scripting
  • Virus

27. A member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency's data to the public unless they pay $31,337.

What type of attack is this an example of?

  • Ransomware
  • Cross-site scripting
  • Cryptojacking
  • Scareware

28. What is malicious code that is inserted into a vulnerable application called?

  • Input validation
  • Cryptojacking
  • Social engineering
  • Injection attack

29. An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.

This is an example of what type of injection attack?

  • Brute force
  • DOM-based
  • Stored
  • Reflected

30. Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

  • Social media feeds
  • Pop-up advertisements
  • Credit card payment forms
  • User login pages

31. A security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.

Which key step of a threat model does this scenario represent?

  • Evaluate findings
  • Analyze threats
  • Define the scope
  • Mitigate risks

32. What discoveries are made while decomposing an application during a PASTA threat model? Select two answers.

  • The types of threats that can be used to compromise data
  • Which vulnerabilities can put data at risk
  • How data travels from users to an organization’s database
  • Which controls are in place to protect data along the way

33. What is the most common form of social engineering used by attackers?

  • Ransomware
  • Malware
  • Phishing
  • Adware

34. Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.

  • Increased CPU usage
  • Sudden system crashes
  • Unusually high electricity costs
  • Modified or deleted files

35. A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.

What type of attack did the hacktivist group perform?

  • Spyware
  • Watering hole
  • Quid pro quo
  • Injection

36. Which stage of the PASTA framework is related to identifying the application components that must be evaluated?

  • Perform a vulnerability analysis
  • Decompose the application
  • Define the technical scope
  • Conduct attack modeling

37. A threat actor tricked a new employee into sharing information about a senior executive over the phone.

This is an example of what kind of attack?

  • Malware
  • Social engineering
  • Pretexting
  • Phishing

Leave a Reply