Cyber Threat Intelligence Coursera Quiz Answers – Networking Funda

Cyber Threat Intelligence Week 01 Quiz Answers

Quiz 01 – Threat Intelligence and Cybersecurity

Q1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices
  • The number of breached records in 2019 more than 3 times that of 2018
  • Human error accounting for the majority of security breaches

Q2. What was the average cost of a data breach in 2019 in US dollars?

  • $3.92M

Q3. What was the average size of a data breach in 2019?

  • 25,575 records

Q4. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as gathering data from internal, external, technical and human sources?

  • Collect

Q5. Crowdstrike organizes threat intelligence into which three (3) areas? (Select 3)

  • Operational
  • Strategic
  • Tactical

Q6. According to the Crowdstrike model, Endpoints, SIEMs and Firewalls belong in which intelligence area?

  • Tactical

Q7. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • Trend Micro
  • BleepingComputer
  • DarkReading

Q8. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • Recorded Future
  • FireEye

Threat Intelligence Framework

Q1. True or False. The average enterprise has 85 different security tools from 45 vendors.

  • True

Q2. Which threat intelligence framework can be described as a system that is effective if there are only 2 players and the adversary is motivated by socioeconomic or sociopolitical payoffs?

  • Diamond Model of Intrusion Analysis

Q3. True or False. An organization’s security immune system should not be considered fully integrated until it is integrated with the extended partner ecosystem.

  • True

Q4. Which term can be defined as “The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise” ?

  • Security Intelligence

Q5. What are the three (3) pillars of effective threat detection? (Select 3)

  • Become proactive
  • See everything
  • Automate intelligence

Q6. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, organizations have an average of 50-70 security tools in their IT environments.

  • True

Quiz 02 – Threat Intelligence Graded Assessment

Q1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • A significant skills gap exists with more new cybersecurity professional needed the total number currently working in this field
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices
  • Factors such as cloud migration and IT complexity act as cost multipliers making new breaches increasingly expensive

Q2. What was the average time to identify and contain a breach in 2019?

  • 279 days

Q3. Which industry had the highest average cost per breach in 2019 at $6.45M

  • Healthcare

Q4. Breaches caused by which source resulted in the highest cost per incident in 2019?

  • Credentials theft

Q5. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as normalize, correlate, confirm and enrich the data?

  • Process

Q6. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as investigate, contain, remediate and prioritize?

  • Analyze

Q7. According to the Crowdstrike model, threat hunters, vulnerability management and incident response belong in which intelligence area?

  • Operational

Q8. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • X-Force Exchange
  • Krebs on Security
  • InfoSecurity Magazine

Q9. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • IBM X-Force Exchange
  • TruSTAR

Q10. Which threat intelligence framework is divided into 3 levels. Level one is getting to know your adversaries. Level 2 involves mapping intelligence yourself and level 3 where you map more information and used that to plan your defense?

  • Mitre Att&ck Knowledgebase

Q11. True or False. An organization’s security immune system should be isolated from outside organizations, including vendors and other third parties to keep it from being compromised. 

  • False

Q12. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are pre-exploit activities? (Select 2)

  • Detect deviations from the norm that indicate early warnings of APTs
  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures

Q13. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, more that 50% of successful attacks are able to infiltrate without detection.

  • True

Cyber Threat Intelligence Week 02 Quiz Answers

Quiz 01 – Data Security and Protection

Q1. A student’s grades should be visible to that student when she logs in to her university account. Her ability to see her grades is an example of which aspect of the CIA Triad?

  • Availability

Q2. A university has implemented practices that ensure all student data is encrypted while stored on university servers. Which aspect of the CIA Triad does this practice support?

  • Confidentiality

Q3. The Student Portal of a university issues a confirmation code with a hash value each time a student submits an assignment using the portal. This is an example of which aspect of the CIA Triad?

  • Integrity

Q4. True or False. An organization has “air-gapped” its small network of critical data servers so they are accessible internally but not to any external system. These systems are now safe from a deliberate attack.

  • False

Q5. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive, workable data security solution. The proliferation of smartphones used for work would impact which two (2) of these concerns the most? (Select 2)

  • Explosive data growth
  • New privacy regulations

Q6. True or False. An organization is subject to both GDPR and PCI-DSS data security regulations and has dedicated all of its efforts in remaining in compliance with these 2 sets of regulations. They are correct in believing that their data is safe.

  • False

Q7. True or False. A newly hired CISO made the right choice when he moved the Known Vulnerabilities list to a high priority for his team to resolve even though none of these had ever been exploited on the company’s network to date.

  • True

Q8. All industries have their own unique data security challenges. Which of these industries has a particular concern with HIPAA compliance and the highest cost per breached record?

  • Healthcare

Q9. All industries have their own unique data security challenges. Which of these industries has a particular concern with being targeted more than any other by cybercriminals “because that is where the money is”?

  • Financial

Q10. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

  • Data discovery
  • Data risk analysis
  • Blocking, masking and quarantining

Q11. Parsing discovered data against known patterns or keywords is a process known as what?

  • Data classification

Q12. Which data protection process takes data activity monitoring output and uses it to generate insights about threats?

  • Active analytics

Q13. True or False. The Guardium administrator needs to be someone with the highest level of access to the data being protected?

  • False

Mobile Endpoint Protection

Q1. Which mobile operating system runs the majority of smartphones today?

  • iOS
  • Android

Q2. Which mobile operating system runs approximately 60% of tablet computers worldwide?

  • iOS

Q3. True or False. Security is enhanced on iOS mobile devices because users typically cannot interact directly with the operating system.

  • True

Q4. Which statement best describes the use of anti-virus software on mobile devices?

  • Antivirus software can “see” the apps that are running on a mobile device but cannot see the data that is associated with each app.

Q5. Which type of threat is Jailbreaking?

  • System based

Quiz 02 – Data Loss Prevention and Mobile Endpoint Protection Graded Assessment

Q1. Which mobile operating system was originally based on the Linux kernel?

  • Android

Q2. Which two (2) is mobile operating combined dominate the vast majority of the smartphone market? (Select 2)

  • iOS
  • Android

Q3. True or False. Security is enhanced on Android mobile devices because users interact directly with the operating system.

  • False

Q4. What is one limitation to the operation of anti-virus software running on mobile devices?

  • Antivirus software can “see” the apps that are running on a mobile device but cannot see the data that is associated with each app.

Q5. On a mobile device, which type of threat is a phishing scam?

  • App based

Q6. A university uses clustered servers to make sure students will always be able to submit their assignments even if one server is down for maintenance. Server clustering enables which aspect of the CIA Triad?

  • Availability

Q7. A university has enabled WPA2 encryption on its WiFi systems throughout the campus. Which aspect of the CIA Triad is directly supported by this action?

  • Confidentiality

Q8. A student can see her grades via her school’s Student Portal but is unable to change them. This restriction is in support of which aspect of the CIA Triad?

  • Integrity

Q9. True or False. An operator who corrupts data by mistake is considered an “inadvertent attack” that should be considered when developing data protection plans.

  • True

Q10. C-level executives face 4 challenges when assuring their organizations maintain a comprehensive and workable data security solution. GDPR, CCPA, and PCC-DSS are concerned with which one of these challenges?

  • New privacy regulations

Q11. True of False. A biotech research company with a very profitable product line has grown so rapidly it has acquired a marketing company, a small IT services company and a company that specializes in pharmaceutical manufacturing and distribution.  The CEO of the parent company made a good decision when he decided not to consolidate all data security under a single CISO, believing that each of the new divisions understands its own data security needs better than the parent company possibly could.

  • False

Q12. Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)

  • Failure to move beyond compliance
  • Failure to address known vulnerabilities
  • Failure to prioritize and leverage data activity monitoring

Q13. All industries have their own unique data security challenges. Which of these industries has a particular concern with a widely distributed IT infrastructure that must provide services across multiple government jurisdictions while not violating the privacy concerns of its users?

  • Transportation

Q14. Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should provide? (Select 3)

  • Data and file monitoring
  • Data classification
  • Encryption

Q15. Which is the data protection process that addresses inappropriate privileges, insecure authentication methods, account sharing, configuration files and missing security patches?

  • Vulnerability assessment

Q16. Which data protection process substitutes key data with a token that is issued by a trusted third-party where the token can be accessed but not redeemed by an untrusted party?

  • Tokenization

Q17. IBM Guardium provides heterogeneous data source support. This support results in which capability?

  • Similar security capabilities can be applied to different sort of data repositories

Cyber Threat Intelligence Week 03 Quiz Answers

Quiz 01 – Vulnerability Tools

Q1. Which component of a vulnerability scanner would perform security checks according to its installed plug-ins?

  • Engine Scanner

Q2. Which component of a vulnerability scanner stores vulnerability information and scan results?

  • Database

Q3. How does a vulnerability scanner detect internal threats?

  • By scanning hosts

Q4. In which component of a Common Vulnerability Score (CVSS) would the attack vector be reflected?

  • Base-Exploitability Subscore

Q5. In which component of a Common Vulnerability Score (CVSS) would confidentiality be reflected?

  • Base-Impact Subscore

Q6. In which component of a Common Vulnerability Score (CVSS) would exploit code maturity be reflected?

  • Temporal Score

Q7. In which component of a Common Vulnerability Score (CVSS) would security requirements subscore be reflected?

  • Environmental Score

Q8. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are available to the public and can be freely downloaded.

  • True

Q9). The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these has the least stringent security requirements?

  • CIS Sub-Controls for small, commercial off-the-shelf or home office software environments.

Port Scanning

Q1. Which three (3) of these is identified by a basic port scanner? (Select 3)

  • Available services provided by the target system
  • A list of Open ports on a target system
  • Active hosts using TCP

Q2. Port numbers 49151 through 65536 are known as what?

  • Dynamic and Private Ports

Q3. What are the three (3) responses a port scanner might receive when it is scanning a system for open ports? (Select 3)

  • Closed
  • Filtered (or blocked)
  • Open

Q4. Which type of scan is commonly used to check if a working system is at the address indicated and that it is responding?

  • Ping (ICMP Echo Request)

Q5. Which type of scan sends an empty packet or packet with a different payload for each port scanned. A response is received only for closed ports?

  • UDP port scan

Network Protocol Analyzers


Q1. Which two (2) of these are other names for a protocol analyzer? (Select 2)

  • Network analyzer
  • Packet analyzer

Q2. Which is the most popular packet sniffer used?

  • WireShark

Vulnerability Assessment Tools Graded Assessment 

Q1. Which of these is identified by a basic port scanner?

  • Open ports

Q2. Port numbers 0 through 1023 are known as what?

  • Well known ports

Q3. If a port is blocked, what response will be sent to the port scanner?

  • There will be no response

Q4. Which type of scan notes the connection but leaves the target hanging, i.e. does not reveal any information to the target about the host that initiated the scan?

  • TCP/Half Open Scan (aka a SYN scan)

Q5. Which two (2) of these are other names for a protocol analyzer? (Select 2)

  • Sniffer
  • Traffic analyzer

Q6. True or False. Packet sniffers are used by hackers but have no legitimate place in legitimate network management.

  • False

Q7. Which component of a vulnerability scanner provides high-level graphs and trend reports for executive leadership?

  • Report Module

Q8. How does a vulnerability scanner detect external threats?

  • By scanning internet facing hosts from the Internet

Q9. What are the three (3) components that make up the overall Common Vulnerability Score (CVSS)? (Select 3)

  • Base
  • Environmental
  • Temporal

Q10. In which component of a Common Vulnerability Score (CVSS) would attack complexity be reflected?

  • Base-Exploitability Subscore

Q11. In which component of a Common Vulnerability Score (CVSS) would integrity be reflected?

  • Base-Impact Subscore

Q12. In which component of a Common Vulnerability Score (CVSS) would remediation level be reflected?

  • Temporal Score

Q13. In which component of a Common Vulnerability Score (CVSS) would impact subscore be reflected?

  • Environmental Score

Q14. True or False. The US Dept of Defense has produced a number of Security Technical Implementation Guides to show the most secure ways to deploy common software packages such as operation systems, open source software, and network devices. These guides are restricted to use by US military agencies only.

  • False

Q15. The Center for Internet Security (CIS) has implementation groups that rank from the least secure to the most secure. Which of these are required to meet the middle level of security?

  • “a” and “b” only

Security Architecture Considerations

Q1. True or False. A security architect’s job is to make sure that security considerations dominate other design aspects such as usability, resilience and cost.

  • False

Q2. Which of these is an aspect of an Enterprise Architecture?

  • Considers the needs of the entire organization

Q3. Which of these is an aspect of Solution Architecture?

  • Describes how specific products or technologies are used

Q4. Which three (3) of these are general features of Building Blocks? (Select 3)

  • Could be an actor, business service, application or data
  • Package of function defined to meet a business need
  • Defined boundary, but can work with other building blocks

Q5. Which three (3) of these are Architecture Building Blocks (ABBs)? (Select 3)

  • Identity and Access Management
  • Application Security
  • Data Security

Q6. Which three (3) of these are Solution Building Blocks (SBBs)? (Select 3)

  • HSM
  • Certificate Authority
  • Key Security Manager

Q7. The diagram below shows which type of architecture?

  • Enterprise Security Architecture

Q8. Solution architectures often contain diagrams like the one below. What does this diagram show?

  • Architecture overview

Q9. Insecurity architecture, a reusable solution to a commonly recurring problem is known as what?

  • A pattern

Application Security Techniques and Risks


Q1. Which of these is an application security threat?

  • Malware

Q2. Failure to use input validation in your application introduces what?

  • A vulnerability

Q3. Which software development lifecycle is characterized as a top-down approach where one stage of the project is completed before the next stage begins?

  • Waterfall

Q4. Which form of penetration testing allows the testers complete knowledge of the systems they are trying to penetrate in advance of their attack to simulate an internal attack from a knowledgeable insider?

  • White Box testing

Q5. Which application testing method requires access to the original application source code?

  • SAST: Static Application Security Testing

Q6. Which three (3) steps are part of a Supplier Risk Assessment? (Select 3)

  • Determine the likelihood the risk would interrupt the business
  • Identify how any risks would impact your organization’s business
  • Identify how the risk would impact the business

Q7. What type of firewall should you install to protect applications used by your organization from hacking?

  • A web application firewall (WAF)

Q8. Which type of application attack would include Elevation of privilege, data tampering and luring attacks?

  • Authorization

Q9. Which type of application attack would include information disclosure and denial of service?

  • Exception management

Q10. Which one of the OWASP Top 10 Application Security Risks would be occur when untrusted data is sent to an interpreter as part of a command or query?

  • Injection

Q11. Which one of the OWASP Top 10 Application Security Risks would occur when a poorly configured XML processor evaluates an external entity reference within an XML document allowing the external entity to expose internal files?

  • XML external entities (XXE)

Q12. Which of these threat modeling methodologies was introduced in 1999 at Microsoft to provide their developer’s a mnemonic that would help them find security vulnerabilities in their products?

  • STRIDE

Q13. Security standards do not have the force of law but security regulations do. Which one of these is a security regulation?

  • Gramm-Leach-Bliley Act

DevSecOps & Security Automation

Q1. Which phase of DevSecOps would contain the activities Threat modeling & risk analysis, Security backlog and Architecture & design?

  • Plan

Q2. Which phase of DevSecOps would contain the activities Continuous component control, Application and infrastructure orchestration, and Data cleansing & retention?

  • Release, deploy & decommission

Q3. The Release step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • Versioning of infrastructure

Q4. The Detect & Visualize step in the DevSecOps Operate & Monitor phase contains which of these activities?

  • Inventory

Deep Dive into Cross-Scripting

Q1. True or False. Finding a bug in a software product from a major vendor can be very profitable for a security researcher.

  • True

Q2. Which is the top vulnerability found in common security products?

  • Cross-site scripting

Q3. True or False. Building software defenses into your software includes: input validation, output sensitization, strong encryption, strong authentication and authorization.

  • True

Q4. Complete the following statement. Cross-site scripting ____

  • allows attackers to inject client-side scripts into a web page.

Q5. True or False. A Stored XSS attack is potentially far more dangerous than a Reflected XSS attack.

  • True

Q6. Cross-site scripting attacks can be minimized by using HTML and URL Encoding. How would a browser display this string?: <b>Test</b>

  • <b>Test</b>

Q7. Which is the most effective means of validating user input?

  • Whitelisting

Quiz 02 – Application Testing Graded Assessment 

Q1. True or False. A security architect’s job is to make sure that security considerations are balanced against other design aspects such as usability, resilience, and cost.

  • True

Q2. Which of these is an aspect of an Enterprise Architecture?

  • Maps the main components of a problem space and solution at a very high level.

Q3. Which of these is an aspect of a Solution Architecture?

  • Shows the internal data and use of reusable or off-the-shelf components

Q4. Which three (3) of these are features of Architecture Building Blocks (ABBs) ? (Select 3)

  • Product and vendor neutral
  • Guides the development of a Solution Architecture
  • Captures and defines requirements such as function, data, and application

Q5. Which three (3) of these are Architecture Building Blocks (ABBs)? (Select 3)

  • Detect and Respond
  • Infrastructure and Endpoint Security
  • Identity and Access Management

Q6. Which three (3) of these are Solution Building Blocks (SBBs) ? (Select 3)

  • Hardware Token
  • Privilege Access Manager
  • Web Application Firewall (WAF)

Q7. The diagram below shows which level of architecture?

  • Enterprise Security Architecture

Q8. Solution architectures often contain diagrams like the one below. What does this diagram show?

  • Solution architecture overview

Q9. Solution architectures often contain diagrams like the one below. What does this diagram show?

  • External context and boundary diagram

Q10. What is lacking in a security architecture pattern that prevents it from being used as a finished design?

  • The context of the project at hand

Q11. What are the possible consequences if a bug in your application becomes known?

  • All of the above

Q12. What was the ultimate consequence to Target Stores in the United States from their 2013 data breach in which over 100M records were stolen?

  • Costs and fines estimated at $1B.

Q13. Select the two (2) top vulnerabilities found in common security products. (Select 2)

  • Cross-site scripting
  • Cross-site request forgery

Q14. True or False. If you can isolate your product from the Internet, it is safe from being hacked.

  • False

Q15. Which three (3) things can Cross-site scripting be used for? (Select 3)

  • Steal cookies
  • Harvest credentials
  • Take over sessions

Q16. True or False. Commonly a Reflect XSS attack is sent as part of an Email or a malicious link and affects only the the user who receives the email or link.

  • True

Q17. Cross-site scripting attacks can be minimized by using HTML and URL Encoding. How would a browser display this string?

  • <b>Password</b>

Q18. Which three (3) statements about whitelisting user input are true? (Select 3)

  • Whenever possible, input should be whitelisted to alphanumeric values to prevent XSS
  • Whitelisting reduces the attack surface to a known quantity
  • Special characters should only be allowed on an exception basis

Q19. Which two (2) statements are considered good practice for avoiding XSS attacks (Select 2)

  • Encode all data output as part of HTML and JavaScript
  • Use strict whitelists on accepting input

Q20. How would you classify a hactivist group who thinks that your company’s stance on climate change threatens the survival of the planet?

  • A threat

Q21. Which software development lifecycle is characterized by short bursts of analysis, design, coding and testing during a series of 1 to 4 week sprints?

  • Agile and Scrum

Q22. Which software development lifecycle is characterized by a series of cycles and an emphasis on security?

  • Spiral

Q23. Which form of penetration testing allows the testers no knowledge of the systems they are trying to penetrate in advance of their attack to simulate an external attack by hackers with no knowledge of an organizations systems?

  • Black Box Testing

Q24. Which application testing method requires a URL to the application, is quick and cheap but also produces the most false-positive results?

  • DAST: Dynamic Security Application Testing

Q25. Which type of application attack would include buffer overflow, cross-site scripting, and SQL injection?

  • Input validation

Q26. Which type of application attack would include unauthorized access to configuration stores, unauthorized access to administration interfaces and over-privileged process and service accounts?

  • Configuration management

Q27. Which one of the OWASP Top 10 Application Security Risks would be occur when authentication and session management functions are implemented incorrectly allowing attackers to compromise passwords, keys or session tokens.

  • Broken authentication

Q28. Which one of the OWASP Top 10 Application Security Risks would be occur when restrictions on what a user is allowed to do is not properly enforced?

  • Broken access control

Q29. Which of these threat modeling methodologies is integrated seamlessly into an Agile development methodology?

  • VAST

Q30. Security standards do not have the force of law but security regulations do. Which one of these is a security regulation?

  • HIPAA

Q31. Which phase of DevSecOps would contain the activities Secure application code, Secure infrastructure configuration, and OSS/COTS validation?

  • Code & build

Q32. Which phase of DevSecOps would contain the activities Detect & Visualize, Respond, and Recover?

  • Operate & monitor

Q33. The Deploy step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

  • Creation of Immutable images

Q34. The Respond step in the DevSecOps Operate & Monitor phase contains which of these activities?

  • Virtual Patching

Cyber Threat Intelligence Week 04 Quiz Answers

Quiz 01 – SIEM Concepts

Q1. Which three (3) of the following are core functions of a SIEM? (Select 3)

  • Manages network security by monitoring flows and events
  • Consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network
  • Collects logs and other security documentation for analysis

Q2. True or False. SIEMs capture network flow data in near real time and apply advanced analytics to reveal security offenses.

  • True

Q3. Which of these describes the process of data normalization in a SIEM?

  • Turns raw data into a format that has fields that SIEM can use

Q4. True or False. A SIEM considers any event that is anomalous, or outside the norm, to be an offense.

  • True

Q5. True or False. A large company might have QRadar event collectors in each of their data centers that are configured to forward all collected events to a central event processor for analysis.

  • True

Q6. The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would vendor-specific training belong?

  • People

Artificial Intelligence in SIEMs

Q1. True or False. Information is often overlooked simply because the security analysts do not know how it is connected.

  • True

Q2. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics?

  • Morals
  • Generalization
  • Common sense

Q3. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for abstraction?

  • Human expertise

Quiz 02 – SIEM Platforms Graded Assessment 

Q1. True or False. SIEMs can be available on premises and in a cloud environment.

  • True

Q2. For a SIEM, what are logs of specific actions such as user logins referred to?

  • Events

Q3. Which of these describes the process of data normalization in a SIEM?

  • Indexes data records for fast searching and sorting

Q4. When a data stream entering a SIEM exceeds the volume it is licensed to handle, what are three (3) ways the excess data is commonly handled, depending upon the terms of the license agreement? (Select 3)

  • The excess data is stored in a queue until it can be processed
  • The excess data is dropped
  • The data stream is throttled to accept only the amount allowed by the license

Q5. Which five (5) event properties must match before the event will be coalesced with other events? (Select 5)

  • Username
  • QID
  • Source IP
  • Destination Port
  • Destination IP

Q6. What is the goal of SIEM tuning?

  • To get the SIEM to sort out all false-positive offenses so only those that need to be investigated are presented to the investigators

Q7. True or False. QRadar event collectors send all raw event data to the central event processor for all data handling such as data normalization and event coalescence.

  • False

Q8. The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would containment belong to?

  • Process

Q9. True or False. There is a natural tendency for security analysts to choose to work on cases that they are familiar with and to ignore those that may be important but for which they have no experience.

  • True

Q10. The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The security analytics domain contains which three (3) of these topics ?

  • Anomaly detection
  • Pattern identification
  • Data correlation

Q11. A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for data visualization?

  • Security analytics

Cyber Threat Intelligence Week 05 Quiz Answers

Quiz 01 – Threat Hunting Overview

Q1. Cyber threats pose many challenges to organizations today. Which three (3) of these are among those cited? (Select 3)

  • It takes an average of 191 days to even detect an attack has occurred
  • Almost half of the breaches are caused by malicious or criminal acts
  • There is a cybersecurity skills shortage

Q2. What percent of security leaders reported that threat hunting increased the speed and accuracy of response in detection of advanced threats?

  • 91%

Q3. While 80% of the threats are known and detected, the 20% that remains unknown account for what percent of the damage?

  • 80%

Q4. True or False. The skill set of a cyber threat hunter is very different from that of a cybersecurity analyst and many threat hunters a have backrounds doing intelligence work.

  • True

Q5. Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain? (Select 3)

  • Weaponization
  • Delivery
  • Reconnaissance

Q6. True or False. A cyber threat hunting team generally sits at the center of the SOC Command Center.

  • False

Q7. There is value brought by each of the IBM i2 EIA use cases. Which one of these delivers net new discovery of correlating low level alerts and offenses?

  • Cyber Threat Hunting

Quiz 02 – Threat Hunting Graded Assignment 

Q1. What is one thing that makes cybersecurity threats so challenging to deal with?

  • There is a big shortage in cyber security skills and many job openings unfilled

Q2. The level 3 and 4 cybersecurity analysts working in a Security Operations Center (SOC) combat cyber crime by performing which type of activity?

  • Cyber forensic investigations

Q3. True or False. If you have no better place to start hunting threats, start with a view of your own organization then work your way up to an industry view and then a regional view, a national view and finally a global view of the threat landscape.

  • False

Q4. Your enemy uses a cyber kill chain to plan and execute his attack against your organization. Which three (3) of these are steps in a cyber kill chain?

  • Installation
  • Delivery
  • Exploitation

Q5. True or False. A cyber threat hunting team generally sits outside the SOC command center.

  • True

Q6. There is value brought by each of the IBM i2 EIA use cases. Which one of these identifies net new money chain transfers?

  • Fraud Investigations

Next Course Quiz Answers >>

Cybersecurity Capstone: Breach Response Case Studies

<< Previous Course Quiz Answers

Penetration Testing, Incident Response, and Forensics

All Course Quiz Answers of IBM Cybersecurity Analyst Professional Certificate

Course 01: Introduction to Cybersecurity Tools & Cyber Attacks

Course 02: Cybersecurity Roles, Processes & Operating System Security

Course 03: Cybersecurity Compliance Framework & System Administration

Course 04: Network Security & Database Vulnerabilities

Course 05: Penetration Testing, Incident Response, and Forensics

Course 06: Cyber Threat Intelligence

Course 07: Cybersecurity Capstone: Breach Response Case Studies

Course 08: IBM Cybersecurity Analyst Assessment

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *