play it safe manage security risks coursera weekly challenge 4 answers

Test your knowledge: Incident response

1. In the event of a security incident, when would it be appropriate to refer to an incident response playbook?

  • Only when the incident first occurs
  • Only prior to the incident occurring
  • Throughout the entire incident
  • At least one month after the incident is over

2. Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.

  • preparation
  • detection and analysis
  • containment
  • coordination

3. In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?

  • Eradication and recovery
  • Containment
  • Post-incident activity
  • Coordination

4. What is the relationship between SIEM tools and playbooks?

  • They work together to provide a structured and efficient way of responding to security incidents.
  • Playbooks collect and analyze data, then SIEM tools guide the response process.
  • They work together to predict future threats and eliminate the need for human intervention.
  • Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy.

Test your knowledge: Use a playbook to respond to an incident

5. Playbooks are permanent, best-practice documents, so a security team should not make changes to them.

  • True
  • False

6. A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?

  • Post-incident activity
  • Detection and analysis
  • Eradication and recovery
  • Containment

7. Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.

  • eradication
  • coordination
  • preparation
  • detection

8. Which action can a security analyst take when they are assessing a SIEM alert?

  • Analyze log data and related metrics
  • Isolate an infected network system
  • Restore the affected data with a clean backup
  • Create a final report

Shuffle Q/A 1

Weekly challenge 4

9. Which of the following statements accurately describe playbooks? Select three answers.

  • A playbook helps security teams respond to urgent situations quickly.
  • A playbook improves accuracy when identifying and mitigating an incident.
  • Organizations use different types of playbooks for different situations.
  • Organizations keep playbooks consistent by applying the same procedures to different business events.

10. A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security team’s goal in this scenario?

  • Assess employee performance
  • Educate clients
  • Update a playbook
  • Delete biometric data

Leave a Reply