assets threats and vulnerabilities coursera weekly challenge 4 answers
Test your knowledge: Social engineering
1. Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
- Whaling
- Baiting
- Phishing
- Quid pro quo
2. What type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?
- Tailgating
- Angler phishing
- Smishing
- Vishing
3. Fill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.
- disconnect from the target
- evaluate defenses
- spread awareness with others
- stay informed of security trends
4. Phishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.
- Fraudulent web links
- Malicious attachments
- Email filters
- Fake data-collection forms
Test your knowledge: Malware
5. Which of the following are types of malware? Select two answers.
- Spyware
- Dictionary attacks
- Viruses
- Credential stuffing
6. Fill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.
- Botnets
- Trojans
- Rootkits
- Worms
6. What is it called when someone's computing resources are illegally hijacked to mine cryptocurrencies?
- Cryptojacking
- Rootkit
- Trojan horse
- Spyware
7. Which of the following are common signs of a malware infection? Select three answers.
- Files are suddenly encrypted
- Increased CPU usage
- Unusual system crashes
- Slowdowns in performance
Test your knowledge: Web-based exploits
8. Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.
- Spear phishing
- Web-based exploits
- Command-line interface
- Social engineering
Shuffle Q/A 1
9. Cross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.
- SQL
- JavaScript
- Python
- HTML
10. What server-side code can be used to defend against SQL injection attacks?
- Prepared statement
- Injection attack
- Input validation
- Phishing kit