play it safe manage security risks coursera weekly challenge 4 answers

Test your knowledge: Incident response

1. In the event of a security incident, when would it be appropriate to refer to an incident response playbook?

  • Only when the incident first occurs
  • Only prior to the incident occurring
  • Throughout the entire incident
  • At least one month after the incident is over

2. Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.

  • preparation
  • detection and analysis
  • containment
  • coordination

3. In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?

  • Eradication and recovery
  • Containment
  • Post-incident activity
  • Coordination

4. What is the relationship between SIEM tools and playbooks?

  • They work together to provide a structured and efficient way of responding to security incidents.
  • Playbooks collect and analyze data, then SIEM tools guide the response process.
  • They work together to predict future threats and eliminate the need for human intervention.
  • Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy.

Test your knowledge: Use a playbook to respond to an incident

5. Playbooks are permanent, best-practice documents, so a security team should not make changes to them.

  • True
  • False

6. A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?

  • Post-incident activity
  • Detection and analysis
  • Eradication and recovery
  • Containment

7. Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.

  • eradication
  • coordination
  • preparation
  • detection

8. Which action can a security analyst take when they are assessing a SIEM alert?

  • Analyze log data and related metrics
  • Isolate an infected network system
  • Restore the affected data with a clean backup
  • Create a final report

Weekly challenge 4

9. Which of the following statements accurately describe playbooks? Select three answers.

  • A playbook helps security teams respond to urgent situations quickly.
  • A playbook improves accuracy when identifying and mitigating an incident.
  • Organizations use different types of playbooks for different situations.
  • Organizations keep playbooks consistent by applying the same procedures to different business events.

10. A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security teamโ€™s goal in this scenario?

  • Assess employee performance
  • Educate clients
  • Update a playbook
  • Delete biometric data

11. Fill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.

  • guides
  • exercises
  • examinations
  • inquiries

12. An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Containment
  • Detection and analysis
  • Preparation

13. Why is the containment phase of an incident response playbook a high priority for organizations?

  • It demonstrates how to communicate about the breach to leadership.
  • It enables a business to determine whether a breach has occurred.
  • It helps prevent ongoing risks to critical assets and data.
  • It outlines roles and responsibilities of all stakeholders.

14. Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the companyโ€™s overall security posture.

  • post-incident activity
  • detection and analysis
  • containment
  • eradication and recovery

15. A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?

  • Containment
  • Preparation
  • Eradication and recovery
  • Detection and analysis

16. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

  • SIEM tools and playbooks work together to provide a structured way of responding to incidents.
  • Playbooks collect and analyze data.
  • SIEM tools detect threats.
  • SIEM tools alert the security team to potential problems.

17. Which of the following statements accurately describe playbooks? Select three answers.

  • A playbook is used to develop compliance regulations.
  • A playbook can be used to respond to an incident
  • A playbook is an essential tool used in cybersecurity
  • A playbook improves efficiency when identifying and mitigating an incident.

18. Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.

  • summarizes
  • outlines
  • shortens
  • updates

19. Fill in the blank: Incident response is an organizationโ€™s quick attempt to _____ an attack, contain the damage, and correct its effects.

  • identify
  • expand
  • disclose
  • ignore

20. A security analyst reports to stakeholders about a security breach. They provide details based on the organizationโ€™s established standards. What phase of an incident response playbook does this scenario describe?

  • Preparation
  • Coordination
  • Detection and analysis
  • Eradication and recovery

21. What are the primary goals of the containment phase of an incident response playbook? Select two answers.

  • Reduce the immediate impact
  • Assess the damage
  • Analyze the magnitude of the breach
  • Prevent further damage

22. Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the companyโ€™s overall security posture.

  • structure
  • target
  • root cause
  • end point

23. Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?

  • Post-incident activity
  • Preparation
  • Containment
  • Detection and analysis

24. In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.

  • SIEM tools analyze data.
  • SIEM alerts inform security teams of potential threats.
  • SIEM alerts provide security teams with specific steps to identify and respond to security incidents.
  • SIEM tools and playbooks work together to provide an efficient way of handling security incidents.

25. What does a security team do when updating and improving a playbook? Select all that apply.

  • Discuss ways to improve security posture
  • Consider learnings from past security incidents
  • Refine response strategies for future incidents
  • Improve antivirus software performance

26. Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.

  • implementation
  • documentation
  • concealment
  • iteration

27. A security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organizationโ€™s established standards. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Containment
  • Eradication and recovery
  • Detection and analysis

28. Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incidentโ€™s root cause and implementing security improvements.

  • user experience
  • employee engagement
  • security audit
  • security posture

29. A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?

  • Coordination
  • Eradication and recovery
  • Detection and analysis
  • Preparation

Leave a Reply